HJ
- Kod: Zaznacz wszystko
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:40:40 , on 2008-10-26
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O8 - Extra context menu item: Dodaj do listy blokowanych banerów - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mks.com.pl
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8C6C8487-C48C-4905-BA31-9070839E39C7}: NameServer = 213.241.79.37 83.238.255.76
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Usługa bramy warstwy aplikacji (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
--
End of file - 5239 bytes
Combo
- Kod: Zaznacz wszystko
ComboFix 08-10-24.02 - PooH 2008-10-26 9:42:38.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1045.18.2522 [GMT 1:00]
Uruchomiony z: C:\Documents and Settings\PooH\Pulpit\ComboFix.exe
* Utworzono nowy punkt przywracania
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\nvsvc32.exe
.
((((((((((((((((((((((((( Pliki utworzone od 2008-09-26 do 2008-10-26 )))))))))))))))))))))))))))))))
.
2008-10-25 13:54 . 2008-10-25 13:54 <DIR> dr------- C:\Documents and Settings\PooH\Dane aplikacji\Brother
2008-10-25 11:48 . 2007-02-01 12:19 1,520,640 --a------ C:\WINDOWS\system32\BrWia07a.dll
2008-10-25 11:48 . 2006-12-28 12:39 176,128 --------- C:\WINDOWS\system32\BroSNMP.dll
2008-10-25 11:48 . 2007-01-25 16:16 94,208 -r------- C:\WINDOWS\system32\BrDctF2.dll
2008-10-25 11:48 . 2007-01-26 13:06 45,568 --a------ C:\WINDOWS\system32\BrUsi07a.dll
2008-10-25 11:48 . 2004-10-15 11:50 15,295 --a------ C:\WINDOWS\system32\drivers\BrScnUsb.sys
2008-10-25 11:48 . 2007-01-15 20:54 12,288 -r------- C:\WINDOWS\system32\BrDctF2S.dll
2008-10-25 11:48 . 2007-01-15 17:56 12,288 -r------- C:\WINDOWS\system32\BrDctF2L.dll
2008-10-25 11:48 . 2004-10-21 00:00 6,222 --------- C:\WINDOWS\CVRPAGE.BMP
2008-10-24 17:55 . 2008-10-24 17:57 819 --a------ C:\WINDOWS\WINCMD.INI
2008-10-23 18:28 . 2008-10-25 11:49 404 --a------ C:\WINDOWS\BRWMARK.INI
2008-10-23 18:28 . 2008-10-25 11:49 27 --a------ C:\WINDOWS\BRPP2KA.INI
2008-10-23 18:26 . 2008-10-25 11:48 50 --a------ C:\WINDOWS\system32\bridf07a.dat
2008-10-23 18:25 . 2007-02-02 13:22 55,808 --a------ C:\WINDOWS\system32\brinsstr.dll
2008-10-23 18:23 . 2008-10-25 11:48 <DIR> d-------- C:\Program Files\Brother
2008-10-23 18:23 . 2008-10-23 18:23 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Brother
2008-10-23 18:23 . 2007-01-18 12:51 163,840 --------- C:\WINDOWS\system32\NSSearch.dll
2008-10-23 18:23 . 2007-02-15 12:54 131,072 --------- C:\WINDOWS\brunin03.dll
2008-10-23 18:23 . 2002-11-26 12:43 106,496 --------- C:\WINDOWS\system32\BrMuSNMP.dll
2008-10-23 18:23 . 2007-02-06 18:50 61,952 --------- C:\WINDOWS\system32\BrNetSti.dll
2008-10-23 18:23 . 2006-12-26 18:39 37,376 --------- C:\WINDOWS\system32\Brnsplg.dll
2008-10-23 18:23 . 2007-01-26 14:06 34,816 --------- C:\WINDOWS\system32\BrWiaNCp.dll
2008-10-23 18:23 . 2007-01-26 14:05 18,944 --------- C:\WINDOWS\system32\BrnStiCp.cpl
2008-10-23 18:23 . 2006-11-20 19:48 9,728 --------- C:\WINDOWS\system32\BrSti07a.dll
2008-10-23 17:57 . 2008-04-13 19:47 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-10-23 17:57 . 2008-04-13 19:47 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-10-21 17:16 . 2008-10-21 17:16 <DIR> d-------- C:\WINDOWS\Logs
2008-10-21 17:14 . 2008-10-21 17:14 <DIR> d-------- C:\Program Files\VID_0E8F&PID_0003
2008-10-15 12:18 . 2008-10-15 12:18 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-10-15 12:17 . 2008-03-05 14:56 3,786,760 --a------ C:\WINDOWS\system32\D3DX9_37.dll
2008-10-15 12:17 . 2008-03-05 14:56 1,420,824 --a------ C:\WINDOWS\system32\D3DCompiler_37.dll
2008-10-15 12:17 . 2008-03-05 15:03 479,752 --a------ C:\WINDOWS\system32\XAudio2_0.dll
2008-10-15 12:17 . 2008-02-05 22:07 462,864 --a------ C:\WINDOWS\system32\d3dx10_37.dll
2008-10-15 12:17 . 2008-03-05 15:03 238,088 --a------ C:\WINDOWS\system32\xactengine3_0.dll
2008-10-15 12:17 . 2008-03-05 15:00 25,608 --a------ C:\WINDOWS\system32\X3DAudio1_3.dll
2008-10-14 15:42 . 2008-10-14 15:42 <DIR> d-------- C:\Documents and Settings\PooH\Dane aplikacji\Sony
2008-10-14 15:42 . 2008-10-14 15:42 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Sony
2008-10-14 15:39 . 2008-10-14 15:39 <DIR> d-------- C:\Program Files\Sony
2008-10-14 15:24 . 2008-10-14 15:24 <DIR> d-------- C:\Program Files\Avanquest update
2008-10-14 15:24 . 2008-10-14 15:24 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\BVRP Software
2008-10-14 15:23 . 2007-12-10 14:22 110,632 --a------ C:\WINDOWS\system32\drivers\s3017mdm.sys
2008-10-14 15:23 . 2007-12-10 14:22 110,120 --a------ C:\WINDOWS\system32\drivers\s3017unic.sys
2008-10-14 15:23 . 2007-12-10 14:22 104,616 --a------ C:\WINDOWS\system32\drivers\s3017mgmt.sys
2008-10-14 15:23 . 2007-12-10 14:22 100,648 --a------ C:\WINDOWS\system32\drivers\s3017obex.sys
2008-10-14 15:23 . 2007-12-10 14:22 83,880 --a------ C:\WINDOWS\system32\drivers\s3017bus.sys
2008-10-14 15:23 . 2007-12-10 14:22 25,512 --a------ C:\WINDOWS\system32\drivers\s3017nd5.sys
2008-10-14 15:23 . 2007-12-10 14:22 15,016 --a------ C:\WINDOWS\system32\drivers\s3017mdfl.sys
2008-10-14 15:23 . 2007-12-10 14:22 12,200 --a------ C:\WINDOWS\system32\drivers\s3017whnt.sys
2008-10-14 15:23 . 2007-12-10 14:22 12,200 --a------ C:\WINDOWS\system32\drivers\s3017wh.sys
2008-10-14 15:23 . 2007-12-10 14:22 12,200 --a------ C:\WINDOWS\system32\drivers\s3017cmnt.sys
2008-10-14 15:23 . 2007-12-10 14:22 12,200 --a------ C:\WINDOWS\system32\drivers\s3017cm.sys
2008-10-14 15:23 . 2007-12-10 14:22 10,792 --a------ C:\WINDOWS\system32\drivers\s3017cr.sys
2008-10-09 16:16 . 2008-10-09 16:16 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-10-09 16:16 . 2008-10-26 08:57 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2008-10-09 16:16 . 2008-10-24 18:12 4,351,008 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-10-09 16:16 . 2008-10-25 13:49 598,048 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-10-09 16:16 . 2008-10-09 16:27 96,976 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-10-09 16:16 . 2008-10-09 16:27 87,855 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-10-09 16:16 . 2008-10-24 18:12 37,168 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-10-09 16:16 . 2008-10-25 13:49 5,220 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-10-09 14:58 . 2008-10-09 14:58 <DIR> d-------- C:\Program Files\Gigabyte
2008-10-09 14:58 . 1998-10-03 02:00 327,168 --a------ C:\WINDOWS\IsUninst.exe
2008-10-07 11:31 . 2008-09-17 08:55 201,050 --a------ C:\WINDOWS\system32\nvapps.nvb
2008-10-06 18:24 . 2008-10-07 11:42 <DIR> d-------- C:\WINDOWS\nview
2008-10-06 18:24 . 2008-09-16 20:27 453,152 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2008-10-06 18:24 . 2008-09-17 08:55 453,152 --a------ C:\WINDOWS\system32\nvudisp.exe
2008-10-06 18:24 . 2008-10-24 17:48 195,261 --a------ C:\WINDOWS\system32\nvapps.xml
2008-10-06 18:24 . 2008-09-17 08:55 18,394 --a------ C:\WINDOWS\system32\nvdisp.nvu
2008-10-06 17:55 . 2008-10-06 17:55 <DIR> d-------- C:\Program Files\SystemRequirementsLab
2008-10-06 17:55 . 2008-10-06 17:55 <DIR> d-------- C:\Documents and Settings\PooH\SystemRequirementsLab
2008-10-05 15:53 . 2008-10-05 15:53 <DIR> d-------- C:\!KillBox
2008-10-05 09:10 . 2008-10-05 09:10 361,728 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-10-05 09:10 . 2008-07-18 14:05 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-10-05 09:09 . 2008-10-05 09:11 <DIR> d-------- C:\Program Files\TuneUp Utilities 2008
2008-10-04 21:26 . 2008-10-04 21:26 862 --a------ C:\WINDOWS\wininit.ini
2008-10-04 15:50 . 2008-10-04 15:50 <DIR> d-------- C:\Program Files\Lavalys
2008-10-04 13:41 . 2008-10-09 16:01 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-25 13:00 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Sony Ericsson
2008-10-25 10:48 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-25 10:23 --------- d-----w C:\Documents and Settings\PooH\Dane aplikacji\uTorrent
2008-10-22 16:24 --------- d-----w C:\Program Files\Sony Ericsson
2008-10-15 12:56 --------- d-----w C:\Documents and Settings\PooH\Dane aplikacji\Skype
2008-10-13 18:46 --------- d-----w C:\Program Files\NAPI-PROJEKT
2008-10-12 22:39 --------- d-----w C:\Documents and Settings\PooH\Dane aplikacji\Corel
2008-10-11 14:03 --------- d-----w C:\Program Files\Winamp
2008-10-09 15:15 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2008-10-09 15:01 --------- d-----w C:\Program Files\SkanerOnline
2008-10-09 14:59 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\F-Secure
2008-10-06 17:25 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-10-06 17:25 --------- d-----w C:\Program Files\AGEIA Technologies
2008-10-04 20:26 --------- d-----w C:\Program Files\BearShare
2008-10-04 12:29 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft
2008-10-04 11:56 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-10-04 11:26 --------- d-----w C:\Documents and Settings\PooH\Dane aplikacji\Apple Computer
2008-09-17 21:27 --------- d-----w C:\Program Files\uTorrent
2008-09-09 20:26 --------- d-----w C:\Documents and Settings\PooH\Dane aplikacji\skypePM
2008-09-04 07:31 288,024 ----a-w C:\WINDOWS\system32\PhysXCplUI.exe
2008-08-31 13:53 --------- d-----w C:\Program Files\Panda Security
2008-08-29 06:57 70,936 ----a-w C:\WINDOWS\system32\PhysXLoader.dll
2008-08-26 15:02 --------- d-----w C:\Documents and Settings\PooH\Dane aplikacji\THQ
2008-07-31 08:41 68,616 ----a-w C:\WINDOWS\system32\XAPOFX1_1.dll
2008-07-31 08:41 238,088 ----a-w C:\WINDOWS\system32\xactengine3_2.dll
2008-07-31 08:40 509,448 ----a-w C:\WINDOWS\system32\XAudio2_2.dll
2008-01-05 19:37 32 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
2007-11-05 16:27 1 ----a-w C:\Documents and Settings\PooH\SI.bin
2007-09-17 18:06 476,752 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\pswi_preloaded.exe
2007-10-27 18:29 88 --sh--r C:\WINDOWS\system32\5662E81A33.sys
2007-11-27 18:53 88 --sh--r C:\WINDOWS\system32\DD0710FBDB.sys
2007-12-14 20:27 3,454 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
------- Sigcheck -------
2008-04-14 18:21 112128 9a19ba6d99b8ec3db5b3eff71b0a0bb5 C:\WINDOWS\ServicePackFiles\i386\wuauclt.exe
2008-10-04 12:56 53448 c6de6191dc719d185fea9d1960f6a0c6 C:\WINDOWS\system32\wuauclt.exe
2008-07-18 21:10 53448 d316e28958873859b88d72cf47ad1ea5 C:\WINDOWS\system32\dllcache\wuauclt.exe
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-08-06 877568]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-04-25 201992]
"BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-12 663552]
"ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.iac2"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\iac25_32.ax
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
"msacm.avis"= ff_acm.acm
"msacm.sl_anet"= C:\PROGRA~1\ACEMEG~1\SystemS\sl_anet.acm
"vidc.yv12"= C:\PROGRA~1\ACEMEG~1\SystemS\ATI\atiyuv12.DLL
"vidc.divx"= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivX520.dll
"vidc.iyuv"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\iyuv_32.dll
"vidc.yvu9"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\Iyvu9_32.dll
"vidc.uyvy"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll
"vidc.yuy2"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll
"vidc.yvyu"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WebClient"=2 (0x2)
"LmHosts"=2 (0x2)
"NVSvc"=2 (0x2)
"seclogon"=2 (0x2)
"FSAUA"=3 (0x3)
"ERSvc"=2 (0x2)
"wscsvc"=2 (0x2)
"SharedAccess"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"TuneUp.Defrag"=3 (0x3)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" /tray
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"E:\\GRY\\PES 2009\\pes2009.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 32784]
R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 28544]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-03-25 24592]
S3 s3017bus;Sony Ericsson Device 3017 driver (WDM);C:\WINDOWS\system32\DRIVERS\s3017bus.sys [2007-12-10 83880]
S3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s3017mdfl.sys [2007-12-10 15016]
S3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s3017mdm.sys [2007-12-10 110632]
S3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s3017mgmt.sys [2007-12-10 104616]
S3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS);C:\WINDOWS\system32\DRIVERS\s3017nd5.sys [2007-12-10 25512]
S3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s3017obex.sys [2007-12-10 100648]
S3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM);C:\WINDOWS\system32\DRIVERS\s3017unic.sys [2007-12-10 110120]
S4 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-10-05 361728]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{40c98f7b-f50f-11dc-998d-000e50b4ebe2}]
\Shell\AutoRun\command - vva0hc0p.cmd
\Shell\explore\Command - vva0hc0p.cmd
\Shell\open\Command - vva0hc0p.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7a65d99c-9521-11dd-b451-000e50b4ebe2}]
\Shell\AutoRun\command - vva0hc0p.cmd
\Shell\explore\Command - vva0hc0p.cmd
\Shell\open\Command - vva0hc0p.cmd
.
Zawartość folderu 'Zaplanowane zadania'
2008-10-26 C:\WINDOWS\Tasks\Konserwacja jednym kliknięciem.job
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe [2008-08-27 11:09]
.
.
------- Skan uzupełniający -------
.
FireFox -: Profile - C:\Documents and Settings\PooH\Dane aplikacji\Mozilla\Firefox\Profiles\1jx97o8u.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://google.pl
FF -: plugin - C:\Documents and Settings\PooH\Dane aplikacji\Mozilla\Firefox\Profiles\1jx97o8u.default\extensions\SignPlugin@bph.pl\plugins\NPSignPlugin.dll
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npganymedenet.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npoctoshape.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPSignPlugin.dll
FF -: plugin - C:\Program Files\QuickTime\Plugins\npqtplugin8.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-26 09:45:47
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
Czas ukończenia: 2008-10-26 9:49:06
ComboFix-quarantined-files.txt 2008-10-26 08:46:44
ComboFix2.txt 2008-10-17 12:07:50
Przed: 8 391 376 896 bajtów wolnych
Po: 8,378,568,704 bajtów wolnych
240 --- E O F --- 2008-09-09 20:45:09
