przez tomek954 25 Paź 2008, 14:33
przez Magik 25 Paź 2008, 14:38
tomek954 napisał(a):http://wklejto.pl/13104
przez tomek954 25 Paź 2008, 17:27
[b]SDFix: Version 1.237 [/b]
Run by Administrator on 2008-10-25 at 16:48
Microsoft Windows XP [Wersja 5.1.2600]
Running From: C:\SDFix
[b]Checking Services [/b]:
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
[b]Checking Files [/b]:
Trojan Files Found:
C:\autorun.inf - Deleted
Removing Temp Files
[b]ADS Check [/b]:
[b]Final Check [/b]:
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-25 17:00:14
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:e7052c96
"s2"=dword:0e61857b
"h0"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000001
"ujdew"=hex:05,48,9f,9a,ce,52,5e,cf,f8,bf,38,cc,b7,35,4a,14,b4,2d,38,36,8a,..
"p0"="E:\Programy\Alcohol 120\"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:3f,ee,44,ad,c2,ae,41,61,12,9a,ad,1b,61,d7,e6,28,5d,1f,10,81,e7,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,58,aa,96,88,d9,1b,e2,2a,10,49,d6,1c,dc,af,22,28,7e,..
"khjeh"=hex:2a,e6,a1,e8,7a,0b,cd,c1,3c,1b,d1,57,c8,a7,79,f9,0b,55,86,c9,f0,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:13,c7,88,85,c8,72,70,ad,69,85,f2,d7,5f,df,db,d7,c5,94,aa,8d,86,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:0e,cd,08,3a,1a,c8,87,df,e9,4d,60,82,d3,60,b4,09,8d,f3,21,5f,e9,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:1f,ae,f1,e5,f8,d6,37,7d,c8,65,03,40,8f,dc,36,3b,91,db,5c,61,78,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
"khjeh"=hex:92,a2,9c,17,6c,f4,ed,ca,1d,41,df,17,19,60,e3,4f,43,db,46,cb,67,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000001
"ujdew"=hex:05,48,9f,9a,ce,52,5e,cf,f8,bf,38,cc,b7,35,4a,14,b4,2d,38,36,8a,..
"p0"="E:\Programy\Alcohol 120\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:3f,ee,44,ad,c2,ae,41,61,12,9a,ad,1b,61,d7,e6,28,5d,1f,10,81,e7,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,58,aa,96,88,d9,1b,e2,2a,10,49,d6,1c,dc,af,22,28,7e,..
"khjeh"=hex:2a,e6,a1,e8,7a,0b,cd,c1,3c,1b,d1,57,c8,a7,79,f9,0b,55,86,c9,f0,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:13,c7,88,85,c8,72,70,ad,69,85,f2,d7,5f,df,db,d7,c5,94,aa,8d,86,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:0e,cd,08,3a,1a,c8,87,df,e9,4d,60,82,d3,60,b4,09,8d,f3,21,5f,e9,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:1f,ae,f1,e5,f8,d6,37,7d,c8,65,03,40,8f,dc,36,3b,91,db,5c,61,78,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
"khjeh"=hex:c4,18,eb,d5,7c,67,e1,20,58,0b,e7,32,ef,96,6a,e6,14,95,7e,f5,29,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000001
"ujdew"=hex:05,48,9f,9a,ce,52,5e,cf,f8,bf,38,cc,b7,35,4a,14,b4,2d,38,36,8a,..
"p0"="E:\Programy\Alcohol 120\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:3f,ee,44,ad,c2,ae,41,61,12,9a,ad,1b,61,d7,e6,28,5d,1f,10,81,e7,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,58,aa,96,88,d9,1b,e2,2a,10,49,d6,1c,dc,af,22,28,7e,..
"khjeh"=hex:2a,e6,a1,e8,7a,0b,cd,c1,3c,1b,d1,57,c8,a7,79,f9,0b,55,86,c9,f0,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:13,c7,88,85,c8,72,70,ad,69,85,f2,d7,5f,df,db,d7,c5,94,aa,8d,86,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:0e,cd,08,3a,1a,c8,87,df,e9,4d,60,82,d3,60,b4,09,8d,f3,21,5f,e9,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:1f,ae,f1,e5,f8,d6,37,7d,c8,65,03,40,8f,dc,36,3b,91,db,5c,61,78,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
"khjeh"=hex:92,a2,9c,17,6c,f4,ed,ca,1d,41,df,17,19,60,e3,4f,43,db,46,cb,67,..
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
[b]Remaining Services [/b]:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Documents and Settings\\Tomek\\Pulpit\\utorrent.exe"="C:\\Documents and Settings\\Tomek\\Pulpit\\utorrent.exe:*:Enabled:uTorrent"
"E:\\Programy\\Gadu-Gadu\\gg.exe"="E:\\Programy\\Gadu-Gadu\\gg.exe:*:Enabled:Gadu-Gadu - program g˘wny"
"C:\\Program Files\\NAPI-PROJEKT\\napisy.exe"="C:\\Program Files\\NAPI-PROJEKT\\napisy.exe:*:Enabled:www.napiprojekt.pl"
"C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB"
"E:\\Programy\\Azureus\\Azureus.exe"="E:\\Programy\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"E:\\gry - instalacje\\fear\\fpupdate.exe"="E:\\gry - instalacje\\fear\\fpupdate.exe:*:Enabled:fpupdate"
"E:\\gry - instalacje\\fear\\FEARMP.exe"="E:\\gry - instalacje\\fear\\FEARMP.exe:*:Enabled:FEAR Combat"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:uTorrent"
"C:\\Program Files\\Xfire\\xfire.exe"="C:\\Program Files\\Xfire\\xfire.exe:*:Enabled:Xfire"
"E:\\gry - instalacje\\Assassins.Creed\\AssassinsCreed_Dx9.exe"="E:\\gry - instalacje\\Assassins.Creed\\AssassinsCreed_Dx9.exe:*:Enabled:Assassin's Creed Dx9"
"E:\\gry - instalacje\\Assassins.Creed\\AssassinsCreed_Dx10.exe"="E:\\gry - instalacje\\Assassins.Creed\\AssassinsCreed_Dx10.exe:*:Enabled:Assassin's Creed Dx10"
"E:\\gry - instalacje\\Assassins.Creed\\AssassinsCreed_Launcher.exe"="E:\\gry - instalacje\\Assassins.Creed\\AssassinsCreed_Launcher.exe:*:Enabled:Assassin's Creed Update"
"E:\\gry - instalacje\\xplane\\X-Plane 9\\X-Plane.exe"="E:\\gry - instalacje\\xplane\\X-Plane 9\\X-Plane.exe:*:Enabled:X-Plane"
"E:\\Programy\\Ares\\Ares.exe"="E:\\Programy\\Ares\\Ares.exe:*:Enabled:Ares p2p for windows"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"E:\\gry - instalacje\\karty\\Hoyle Card Games.exe"="E:\\gry - instalacje\\karty\\Hoyle Card Games.exe:*:Enabled:Hoyle Card Games"
"E:\\gry - instalacje\\Stalker\\S.T.A.L.K.E.R. - Clear Sky\\bin\\xrEngine.exe"="E:\\gry - instalacje\\Stalker\\S.T.A.L.K.E.R. - Clear Sky\\bin\\xrEngine.exe:*:Enabled:S.T.A.L.K.E.R. - Clear Sky (CLI)"
"E:\\gry - instalacje\\Stalker\\S.T.A.L.K.E.R. - Clear Sky\\bin\\dedicated\\xrEngine.exe"="E:\\gry - instalacje\\Stalker\\S.T.A.L.K.E.R. - Clear Sky\\bin\\dedicated\\xrEngine.exe:*:Enabled:S.T.A.L.K.E.R. - Clear Sky (SRV)"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[b]Remaining Files [/b]:
File Backups: - C:\SDFix\backups\backups.zip
[b]Files with Hidden Attributes [/b]:
Tue 21 Oct 2008 105,553 ..SHR --- "C:\2fiji.com"
Wed 22 Oct 2008 104,123 ..SHR --- "C:\xlk9.com"
Fri 17 Aug 2007 56 ..SHR --- "C:\WINDOWS\system32\40F428C7C9.sys"
Sat 25 Oct 2008 105,130 ..SHR --- "C:\WINDOWS\system32\ckvo.exe"
Sat 25 Oct 2008 85,504 ..SHR --- "C:\WINDOWS\system32\ckvo0.dll"
Sat 25 Oct 2008 85,504 ..SHR --- "C:\WINDOWS\system32\ckvo1.dll"
Fri 12 Oct 2007 1,890 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Fri 23 Mar 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sun 9 Mar 2008 6,185 ...HR --- "C:\Documents and Settings\Tomek\Dane aplikacji\SecuROM\UserData\securom_v7_01.bak"
[b]Finished![/b]
ComboFix 08-10-24.02 - Tomek 2008-10-25 17:07:14.7 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.1515 [GMT 2:00]
Uruchomiony z: C:\Documents and Settings\Tomek\Pulpit\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\autorun.inf
C:\WINDOWS\system32\ckvo.exe
C:\WINDOWS\system32\ckvo0.dll
C:\WINDOWS\system32\ckvo1.dll
C:\xih9.cmd
E:\Autorun.inf
E:\xih9.cmd
F:\Autorun.inf
F:\xih9.cmd
.
((((((((((((((((((((((((( Pliki utworzone od 2008-09-25 do 2008-10-25 )))))))))))))))))))))))))))))))
.
2008-10-25 16:47 . 2008-10-25 16:47 <DIR> d-------- C:\WINDOWS\ERUNT
2008-10-25 16:47 . 2008-10-25 16:47 580,096 --a--c--- C:\WINDOWS\system32\dllcache\user32.dll
2008-10-25 16:46 . 2007-10-13 16:17 <DIR> d--h----- C:\Documents and Settings\Administrator\Ustawienia lokalne
2008-10-25 16:46 . 2007-02-08 01:49 <DIR> d-------- C:\Documents and Settings\Administrator\Ulubione
2008-10-25 16:46 . 2007-02-07 17:54 <DIR> d--h----- C:\Documents and Settings\Administrator\Szablony
2008-10-25 16:46 . 2008-10-25 16:47 <DIR> d-------- C:\Documents and Settings\Administrator\Pulpit
2008-10-25 16:46 . 2007-02-08 01:49 <DIR> d-------- C:\Documents and Settings\Administrator\Moje dokumenty
2008-10-25 16:46 . 2007-02-08 01:49 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Start
2008-10-25 16:46 . 2007-02-08 01:49 <DIR> dr-h----- C:\Documents and Settings\Administrator\Dane aplikacji
2008-10-25 16:46 . 2008-10-25 16:46 <DIR> d-------- C:\Documents and Settings\Administrator
2008-10-25 16:40 . 2008-10-25 17:03 <DIR> d-------- C:\SDFix
2008-10-24 15:02 . 2008-10-15 18:36 337,408 --------- C:\WINDOWS\system32\SET73.tmp
2008-10-24 15:02 . 2008-10-15 18:36 337,408 --------- C:\WINDOWS\system32\SET7.tmp
2008-10-24 15:02 . 2008-10-15 18:36 337,408 --a------ C:\WINDOWS\system32\SET6.tmp
2008-10-24 15:02 . 2008-10-15 18:36 337,408 -----c--- C:\WINDOWS\system32\dllcache\netapi32.dll
2008-10-22 19:15 . 2008-10-22 19:15 104,123 -r-hs---- C:\xlk9.com
2008-10-17 21:25 . 2008-10-21 15:09 105,553 -r-hs---- C:\2fiji.com
2008-10-15 14:53 . 2008-08-14 15:26 2,190,464 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-15 14:53 . 2008-08-14 15:26 2,146,816 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-15 14:53 . 2008-08-14 15:26 2,067,328 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-15 14:53 . 2008-08-14 15:26 2,025,472 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-15 14:53 . 2008-09-15 17:27 1,846,656 -----c--- C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-15 14:53 . 2008-09-08 12:41 333,824 -----c--- C:\WINDOWS\system32\dllcache\srv.sys
2008-10-11 19:41 . 2008-10-11 19:41 <DIR> d-------- C:\Documents and Settings\Tomek\Dane aplikacji\XRay Engine
2008-10-11 14:03 . 2008-05-30 14:11 3,850,760 --a------ C:\WINDOWS\system32\D3DX9_38.dll
2008-10-11 14:03 . 2008-05-30 14:11 1,491,992 --a------ C:\WINDOWS\system32\D3DCompiler_38.dll
2008-10-11 14:03 . 2008-03-05 15:56 1,420,824 --a------ C:\WINDOWS\system32\D3DCompiler_37.dll
2008-10-11 14:03 . 2008-05-30 14:19 507,400 --a------ C:\WINDOWS\system32\XAudio2_1.dll
2008-10-11 14:03 . 2008-03-05 16:03 479,752 --a------ C:\WINDOWS\system32\XAudio2_0.dll
2008-10-11 14:03 . 2008-05-30 14:11 467,984 --a------ C:\WINDOWS\system32\d3dx10_38.dll
2008-10-11 14:03 . 2008-02-05 23:07 462,864 --a------ C:\WINDOWS\system32\d3dx10_37.dll
2008-10-11 14:03 . 2008-05-30 14:18 238,088 --a------ C:\WINDOWS\system32\xactengine3_1.dll
2008-10-11 14:03 . 2008-03-05 16:03 238,088 --a------ C:\WINDOWS\system32\xactengine3_0.dll
2008-10-11 14:03 . 2008-05-30 14:17 65,032 --a------ C:\WINDOWS\system32\XAPOFX1_0.dll
2008-10-11 14:03 . 2008-05-30 14:17 25,608 --a------ C:\WINDOWS\system32\X3DAudio1_4.dll
2008-10-11 14:03 . 2008-03-05 16:00 25,608 --a------ C:\WINDOWS\system32\X3DAudio1_3.dll
2008-10-11 14:01 . 2008-10-11 14:01 <DIR> d-------- C:\WINDOWS\Logs
2008-10-08 12:00 . 2008-10-23 18:22 <DIR> d-------- C:\Documents and Settings\Tomek\Dane aplikacji\Hoyle
2008-10-08 11:57 . 2008-03-05 15:56 3,786,760 --a------ C:\WINDOWS\system32\D3DX9_37.dll
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-25 15:12 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-10-25 15:12 --------- d-----w C:\Program Files\Microsoft AntiSpyware
2008-10-25 14:35 --------- d-----w C:\Documents and Settings\Tomek\Dane aplikacji\uTorrent
2008-10-23 16:22 --------- d-----w C:\Documents and Settings\Tomek\Dane aplikacji\Hoyle FaceCreator
2008-10-11 12:20 279,712 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys
2008-10-11 12:20 25,888 ----a-w C:\WINDOWS\system32\drivers\lirsgt.sys
2008-10-03 18:41 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-09-21 20:58 --------- d-----w C:\Documents and Settings\Tomek\Dane aplikacji\Skype
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2007-11-12 00:43 22,328 ----a-w C:\Documents and Settings\Tomek\Dane aplikacji\PnkBstrK.sys
2007-08-17 21:09 56 --sh--r C:\WINDOWS\system32\40F428C7C9.sys
2007-10-12 14:00 1,890 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((( snapshot_2008-10-25_ 1.46.23.35 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-07 14:27:04 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-10-25 14:47:17 409,600 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2008-10-25 14:47:17 8,192 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat
+ 2008-08-07 14:27:04 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-10-25 14:47:17 409,600 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2008-10-25 14:47:17 8,192 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000002\UsrClass.dat
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"kamsoft"="C:\WINDOWS\system32\ckvo.exe" [BU]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"gcasServ"="C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" [2004-12-31 469824]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 157592]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 282624]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-01 257088]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-17 8491008]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-09-17 81920]
"LanguageShortcut"="E:\Programy\Language\Language.exe" [2006-05-18 49152]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-12-10 67184]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2004-12-30 120640]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-27 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 C:\WINDOWS\SkyTel.exe]
"nwiz"="nwiz.exe" [2007-09-17 C:\WINDOWS\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-02-14 113664]
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2005-10-09 610365]
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\DSLMON.exe [2007-02-08 946247]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
Nike+ Utility.lnk - C:\Program Files\Nike+ Utility\Nike+ Utility.exe [2008-04-09 1208320]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{C5F43BEF-CE2F-46D8-AFE6-A647BACD1F09}"= "C:\WINDOWS\system32\Bitkv0.dll" [2008-04-14 69632]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll
"VIDC.FFDS"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
"VIDC.XFR1"= xfcodec.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Documents and Settings\\Tomek\\Pulpit\\utorrent.exe"=
"E:\\Programy\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\NAPI-PROJEKT\\napisy.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"E:\\Programy\\Azureus\\Azureus.exe"=
"E:\\gry - instalacje\\fear\\fpupdate.exe"=
"E:\\gry - instalacje\\fear\\FEARMP.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"E:\\gry - instalacje\\Assassins.Creed\\AssassinsCreed_Dx9.exe"=
"E:\\gry - instalacje\\Assassins.Creed\\AssassinsCreed_Dx10.exe"=
"E:\\gry - instalacje\\Assassins.Creed\\AssassinsCreed_Launcher.exe"=
"E:\\gry - instalacje\\xplane\\X-Plane 9\\X-Plane.exe"=
"E:\\Programy\\Ares\\Ares.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"E:\\gry - instalacje\\karty\\Hoyle Card Games.exe"=
"E:\\gry - instalacje\\Stalker\\S.T.A.L.K.E.R. - Clear Sky\\bin\\xrEngine.exe"=
"E:\\gry - instalacje\\Stalker\\S.T.A.L.K.E.R. - Clear Sky\\bin\\dedicated\\xrEngine.exe"=
R2 ACEDRV09;ACEDRV09;C:\WINDOWS\system32\drivers\ACEDRV09.sys [2008-03-09 110304]
R2 acedrv11;acedrv11;C:\WINDOWS\system32\drivers\acedrv11.sys [2008-01-23 501560]
S3 UPnPService;UPnPService;C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 544768]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3269b216-2962-11dc-b8d3-4d6564696130}]
\Shell\AutoRun\command - I:\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{35020bc4-b77a-11db-b7aa-4d6564696130}]
\Shell\AutoRun\command - H:\Install.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{75bdd62c-a126-11dd-a9ab-806d6172696f}]
\Shell\AutoRun\command - K:\xlk9.com
\Shell\explore\Command - K:\xlk9.com
\Shell\open\Command - K:\xlk9.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{75bdd62e-a126-11dd-a9ab-806d6172696f}]
\Shell\AutoRun\command - M:\xlk9.com
\Shell\explore\Command - M:\xlk9.com
\Shell\open\Command - M:\xlk9.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{75bdd62f-a126-11dd-a9ab-806d6172696f}]
\Shell\AutoRun\command - N:\xlk9.com
\Shell\explore\Command - N:\xlk9.com
\Shell\open\Command - N:\xlk9.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b408c969-b709-11db-b7a8-4d6564696130}]
\Shell\AutoRun\command - G:\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d5f9a13e-ca3f-11db-b7fc-4d6564696130}]
\Shell\AutoRun\command - J:\autorun.exe
.
.
------- Skan uzupełniający -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.wp.pl/
O8 -: C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 -: E&ksport do programu Microsoft Excel - C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O16 -: {18506D80-9B80-11D4-82C2-0080C8D7ED4A} - hxxp://67.15.101.3/g_bin/pl/roulette_2_0_0_26.cab
C:\WINDOWS\Downloaded Program Files\Roulette.inf
C:\WINDOWS\Downloaded Program Files\Roulette.dll
O16 -: {2A781DED-C22D-4153-9812-CEA98A32981C} - hxxp://67.15.101.33/g_bin/pl/cardsmakao_2_0_0_28.cab
C:\WINDOWS\Downloaded Program Files\MakaoV2.inf
C:\WINDOWS\Downloaded Program Files\MakaoV2.dll
O16 -: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cab
C:\WINDOWS\Downloaded Program Files\SkanerOnline.inf
C:\WINDOWS\system32\SkanerOnlineUninstall.exe
C:\WINDOWS\system32\SkanerOnline.dll
O16 -: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} - hxxps://www.bph.pl/sezam/components/SignActivX.cab
C:\WINDOWS\Downloaded Program Files\SignActivX.ocx
O16 -: {BFA1F11D-3121-AFE1-4112-894323212DAC} - hxxp://67.15.101.33/g_bin/pl/words_2_0_0_51.cab
C:\WINDOWS\Downloaded Program Files\words.inf
C:\WINDOWS\Downloaded Program Files\words.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-25 17:10:46
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Cyberlink\Shared Files\RichVideo.exe
E:\Programy\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\dwwin.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
.
**************************************************************************
.
Czas ukończenia: 2008-10-25 17:20:45 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2008-10-25 15:19:58
ComboFix2.txt 2008-10-24 23:47:44
ComboFix3.txt 2007-10-13 14:17:08
Przed: 11 494 363 136 bajtów wolnych
Po: 11,565,592,576 bajtów wolnych
232 --- E O F --- 2008-10-24 23:10:45
Logfile of HijackThis v1.99.1
Scan saved at 17:26:21, on 2008-10-25
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Cyberlink\Shared Files\RichVideo.exe
E:\Programy\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\DSLMON.exe
C:\Program Files\Nike+ Utility\Nike+ Utility.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\DOCUME~1\Tomek\USTAWI~1\Temp\Katalog tymczasowy 1 dla hijackthis_199.zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LanguageShortcut] E:\Programy\Language\Language.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\ckvo.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\DSLMON.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Nike+ Utility.lnk = C:\Program Files\Nike+ Utility\Nike+ Utility.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {18506D80-9B80-11D4-82C2-0080C8D7ED4A} (GameDesire Roulette) - http://67.15.101.3/g_bin/pl/roulette_2_0_0_26.cab
O16 - DPF: {2A781DED-C22D-4153-9812-CEA98A32981C} (GameDesire Makao) - http://67.15.101.33/g_bin/pl/cardsmakao_2_0_0_28.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.co.uk/s/v/22.32/uploader2.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://67.15.101.33/g_bin/pl/poker_2_0_0_49.cab
O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) - https://www.bph.pl/sezam/components/SignActivX.cab
O16 - DPF: {BFA1F11D-3121-AFE1-4112-894323212DAC} (GameDesire Word Games) - http://67.15.101.33/g_bin/pl/words_2_0_0_51.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/pl/billard8_2_0_0_28.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1BB04E01-8E7D-4420-BFF7-F1479FD71841}: NameServer = 194.204.152.34 217.98.63.164
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - E:\Programy\Ares\chatServer.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\system32\nvsvc32.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared Files\RichVideo.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007\Win32\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007\RpcSandraSrv.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - E:\Programy\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
przez Magik 25 Paź 2008, 17:44
C:\Program Files\Nike+ Utility\Nike+ Utility.exeO2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\ckvo.exe
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)File::
C:\xlk9.com
E:\xlk9.com
F:\xlk9.com
C:\2fiji.com
E:\2fiji.com
F:\2fiji.com
C:\WINDOWS\system32\Bitkv0.dll
C:\WINDOWS\system32\SET73.tmp
C:\WINDOWS\system32\SET7.tmp
C:\WINDOWS\system32\SET6.tmp
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"kamsoft"=-
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{C5F43BEF-CE2F-46D8-AFE6-A647BACD1F09}"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{75bdd62c-a126-11dd-a9ab-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{75bdd62e-a126-11dd-a9ab-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{75bdd62f-a126-11dd-a9ab-806d6172696f}]
Windows Registry Editor 5.00
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3269b216-2962-11dc-b8d3-4d6564696130}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{35020bc4-b77a-11db-b7aa-4d6564696130}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{75bdd62c-a126-11dd-a9ab-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{75bdd62e-a126-11dd-a9ab-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{75bdd62f-a126-11dd-a9ab-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b408c969-b709-11db-b7a8-4d6564696130}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d5f9a13e-ca3f-11db-b7fc-4d6564696130}]
przez tomek954 26 Paź 2008, 11:59
przez Magik 26 Paź 2008, 13:56
Windows Registry Editor Version 5.00
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3269b216-2962-11dc-b8d3-4d6564696130}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{35020bc4-b77a-11db-b7aa-4d6564696130}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{75bdd62c-a126-11dd-a9ab-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{75bdd62e-a126-11dd-a9ab-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{75bdd62f-a126-11dd-a9ab-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b408c969-b709-11db-b7a8-4d6564696130}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d5f9a13e-ca3f-11db-b7fc-4d6564696130}]
przez tomek954 26 Paź 2008, 23:16
teraz poszlo...przez Magik 26 Paź 2008, 23:53
tomek954 napisał(a):czy moze nie zamienic go na np kasperskiego?
przez tomek954 27 Paź 2008, 00:03
przez Magik 27 Paź 2008, 00:40
tomek954 napisał(a):Kaspersky Internet Security 2009 ?
tomek954 napisał(a):czt wersja 7.0.1.325 jest wystarczajaca?
Użytkownicy przeglądający to forum: Brak zarejestrowanych użytkowników oraz 8 gości