Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:33:09, on 2009-08-09
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\autoclk.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\RedCloud\Ustawienia lokalne\Dane aplikacji\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\3B Software\Registry Repair Pro\RegistryRepairPro.exe
C:\Program Files\3B Software\Common\Scheduler\wcomschd.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\RedCloud\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\RedCloud\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe
D:\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Pomocnik rejestracji usługi Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Solid State Networks IE Browser Plugin - {BD08A9D5-0E5C-4f42-99A3-C0CB5E860557} - C:\WINDOWS\system32\SolidStateNetworks\SolidStateION\solidax.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\RedCloud\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [autoclk] autoclk.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\RedCloud\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Registry Repair Pro.lnk = C:\Program Files\3B Software\Registry Repair Pro\RegistryRepairPro.exe
O4 - Startup: Scheduler.lnk = C:\Program Files\3B Software\Common\Scheduler\wcomschd.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/Driver...aSmartScan.cab
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://www.playwhat.com/solidPlugin/solidstateion.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AE728A47-FAAC-4FC9-8C70-C05DBB07F867}: NameServer = 213.241.79.37 83.238.255.76
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Eset Trial Reset .EsetTrialResetAlerter (.esettrialresetalerter) - Unknown owner - C:\WINDOWS\TEMP\ylqppofahn.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Usługa Google Update (gupdate1c98fc14bc8e74c) (gupdate1c98fc14bc8e74c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Usługa iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 9745 bytes
ComboFix 09-08-08.04 - RedCloud 2009-08-09 16:16.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.1023.692 [GMT 2:00]
Uruchomiony z: c:\documents and settings\RedCloud\Pulpit\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
ADS - WINDOWS: deleted 48 bytes in 1 streams.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-1601991441-287435753-2479082871-1000
c:\windows\Installer\34b2e.msp
c:\windows\system32\AVSredirect.dll
c:\windows\system32\config\systemprofile\Menu Start\Programy\System Security
c:\windows\system32\config\systemprofile\Menu Start\Programy\System Security\System Security
c:\windows\system32\drivers\kungsfxugkinet.sys
c:\windows\system32\drivers\SKYNETibapipyl.sys
c:\windows\system32\drivers\vsfocerdwxsnqm.sys
c:\windows\system32\kungsfewmexptj.dll
c:\windows\system32\kungsfkvscpxyx.dat
c:\windows\system32\kungsfmyliqukl.dat
c:\windows\system32\kungsfudjbpfmy.dll
c:\windows\system32\SKYNETqecxncbd.dll
c:\windows\system32\vsfocellptbqlf.dll
c:\windows\system32\vsfoceotpeuops.dat
c:\windows\system32\vsfoceptusaejk.dat
c:\windows\system32\vsfocepvarpodv.dll
c:\windows\TEMP\cvieeruruy.exe
.
((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_kungsfigswkwnv
-------\Legacy_kungsfigswkwnv
-------\Service_SKYNETdmduyxcd
-------\Legacy_SKYNETdmduyxcd
-------\Service_vsfocerdodjitu
-------\Legacy_vsfocerdodjitu
-------\Legacy_sfx
-------\Legacy_sfxdrv
-------\Legacy_.esettrialresetalerterAlerter
-------\Service_.esettrialresetalerterAlerter
((((((((((((((((((((((((( Pliki utworzone od 2009-07-09 do 2009-08-09 )))))))))))))))))))))))))))))))
.
2009-08-09 12:18 . 2009-08-09 12:18 -------- d-----w- c:\program files\ERUNT
2009-08-09 10:05 . 2009-08-09 10:05 -------- d-----r- c:\documents and settings\LocalService\Ulubione
2009-08-09 09:53 . 2009-07-28 14:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-09 09:53 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-08-09 09:53 . 2009-02-13 10:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-08-09 09:53 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-08-09 09:53 . 2009-08-09 09:53 -------- d-----w- c:\program files\Avira
2009-08-09 09:53 . 2009-08-09 09:53 -------- d-----w- c:\docume~1\ALLUSE~1\DANEAP~1\Avira
2009-08-09 08:09 . 2009-08-09 12:27 4992 ----a-w- c:\documents and settings\RedCloud\sterownik.sys
2009-08-08 18:55 . 2009-08-08 18:55 -------- d-----w- c:\documents and settings\RedCloud\Ustawienia lokalne\Dane aplikacji\id Software
2009-08-07 14:35 . 2009-08-07 14:35 -------- d-----w- c:\program files\CyberLink
2009-08-07 12:10 . 2009-08-07 12:40 -------- d-----w- c:\docume~1\ALLUSE~1\DANEAP~1\13351564
2009-08-07 10:27 . 2009-08-07 10:32 -------- d-----w- c:\documents and settings\RedCloud\Dane aplikacji\Nero
2009-08-07 10:09 . 2009-08-07 10:09 -------- d-----w- c:\program files\Windows Sidebar
2009-08-07 09:56 . 2009-08-07 10:05 -------- d-----w- c:\docume~1\ALLUSE~1\DANEAP~1\Nero
2009-08-07 09:56 . 2009-08-07 10:20 -------- d-----w- c:\program files\Common Files\Nero
2009-08-05 09:54 . 2009-08-05 09:54 -------- d-----w- c:\documents and settings\RedCloud\Ustawienia lokalne\Dane aplikacji\Aspyr
2009-08-05 09:35 . 2009-08-05 09:35 -------- d-----w- c:\program files\MSXML 6.0
2009-08-04 12:43 . 2006-07-21 23:40 143360 ------r- c:\windows\system32\RtlCPAPI.dll
2009-08-04 12:42 . 2005-05-03 10:43 69632 ------r- c:\windows\Alcmtr.exe
2009-08-04 12:32 . 2009-08-04 12:32 -------- d-----w- c:\program files\Java
2009-08-04 12:10 . 2009-08-04 12:32 152576 ----a-w- c:\documents and settings\RedCloud\Dane aplikacji\Sun\Java\jre1.6.0_14\lzma.dll
2009-08-03 19:13 . 2009-08-03 19:32 -------- d-----w- c:\docume~1\ALLUSE~1\DANEAP~1\14524684
2009-08-01 17:31 . 2009-08-01 17:35 -------- d-----w- c:\program files\BitComet
2009-08-01 17:23 . 2009-08-01 17:23 -------- d-----w- c:\documents and settings\RedCloud\Ustawienia lokalne\Dane aplikacji\Ares
2009-08-01 17:04 . 2009-08-01 17:04 -------- d-----w- c:\docume~1\ALLUSE~1\DANEAP~1\3B4E
2009-07-29 17:40 . 2009-07-29 17:40 -------- d-----w- c:\program files\Argente Software
2009-07-27 07:03 . 2009-07-27 07:03 22328 ----a-w- c:\documents and settings\RedCloud\Dane aplikacji\PnkBstrK.sys
2009-07-27 07:03 . 2009-07-27 07:03 107832 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-07-27 07:03 . 2009-07-27 07:03 -------- d-----w- c:\windows\system32\LogFiles
2009-07-25 07:02 . 2009-07-25 07:02 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-07-24 15:37 . 2009-07-24 15:37 -------- d-----w- c:\docume~1\ALLUSE~1\DANEAP~1\Simply Super Software
2009-07-24 15:13 . 2004-01-28 14:42 1531904 ----a-w- c:\windows\adiras.exe
2009-07-24 15:13 . 2003-06-24 11:55 127497 ----a-w- c:\windows\system32\drivers\adiusbaw.sys
2009-07-24 15:13 . 2002-05-09 13:12 155648 ----a-w- c:\windows\system32\adadix32.dll
2009-07-24 15:13 . 2001-07-27 11:25 127456 ----a-w- c:\windows\system32\ipdetect.exe
2009-07-24 15:13 . 2002-11-15 12:33 126976 ----a-w- c:\windows\system32\coclassfast.dll
2009-07-24 15:13 . 2003-07-17 14:48 46167 ----a-w- c:\windows\system32\drivers\adildr.sys
2009-07-24 15:13 . 2001-05-24 14:24 22395 ----a-w- c:\windows\system32\drivers\fpga.bin
2009-07-24 15:13 . 2001-02-08 09:05 46892 ----a-w- c:\windows\system32\adadix16.dll
2009-07-24 15:13 . 2003-01-30 06:48 143360 ----a-w- c:\windows\autoclk.exe
2009-07-24 12:58 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-24 12:58 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-24 11:19 . 2009-07-24 11:19 -------- d-----w- c:\documents and settings\Administrator\Dane aplikacji\DivX
2009-07-24 11:06 . 2009-07-24 11:06 -------- d-----w- c:\documents and settings\RedCloud\Dane aplikacji\Malwarebytes
2009-07-24 11:06 . 2009-07-27 06:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-24 11:06 . 2009-07-24 11:06 -------- d-----w- c:\docume~1\ALLUSE~1\DANEAP~1\Malwarebytes
2009-07-24 10:26 . 2009-07-24 10:26 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-07-24 09:43 . 2009-07-24 09:43 199 ----a-w- c:\windows\prxid93ps.dat
2009-07-24 09:43 . 2009-07-24 12:45 0 ----a-w- c:\windows\system32\drivers\58ee5dc9.sys
2009-07-18 20:40 . 2009-07-18 20:42 -------- d-----w- c:\documents and settings\RedCloud\Dane aplikacji\Ventrilo
2009-07-18 20:39 . 2009-07-18 20:39 -------- d-----w- c:\program files\Ventrilo
2009-07-17 21:14 . 2009-08-07 22:47 -------- d-----w- c:\documents and settings\RedCloud\Ustawienia lokalne\Dane aplikacji\Temp
2009-07-16 18:09 . 2009-07-16 18:10 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2009-07-13 10:12 . 2009-08-03 16:19 -------- d-----w- c:\documents and settings\RedCloud\Dane aplikacji\Tibia
2009-07-13 10:09 . 2009-08-03 16:21 -------- d-----w- c:\program files\Tibia
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-07 17:25 . 2009-06-17 22:02 -------- d-----w- c:\program files\TibiaCam TV Lite
2009-08-07 14:49 . 2008-09-11 16:26 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-07 14:36 . 2008-09-11 16:40 -------- d-----w- c:\program files\CyberLink DVD Solution
2009-08-04 19:35 . 2009-04-24 14:42 -------- d-----w- c:\program files\Nowe Gadu-Gadu
2009-08-04 12:42 . 2008-09-11 16:33 -------- d-----w- c:\program files\Realtek
2009-08-04 12:32 . 2008-10-22 18:45 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-24 15:14 . 2009-07-24 15:13 23 ----a-w- c:\windows\system32\drivers\adidsl.cfg
2009-07-24 10:32 . 2001-10-26 16:15 87056 ----a-w- c:\windows\system32\perfc015.dat
2009-07-24 10:32 . 2001-10-26 16:15 498526 ----a-w- c:\windows\system32\perfh015.dat
2009-07-24 09:48 . 2008-09-11 16:40 -------- d-----w- c:\program files\Ahead
2009-07-24 09:48 . 2008-09-11 16:40 -------- d-----w- c:\program files\Common Files\Ahead
2009-07-18 20:39 . 2009-01-29 13:34 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-11 15:00 . 2008-09-11 18:29 -------- d-----w- c:\program files\Asprate
2009-07-08 14:56 . 2009-07-08 14:53 -------- d-----w- c:\program files\Online TV Player 3
2009-07-06 13:17 . 2009-05-30 12:24 -------- d-----w- c:\docume~1\ALLUSE~1\DANEAP~1\OpenFM
2009-07-05 22:12 . 2009-07-05 22:12 -------- d-----w- c:\program files\AviSynth 2.5
2009-07-01 22:58 . 2009-07-01 22:58 -------- d-----w- c:\program files\Common Files\DirectX
2009-07-01 22:38 . 2009-01-29 13:34 -------- d-----w- c:\program files\AGEIA Technologies
2009-06-21 06:46 . 2009-05-20 15:17 485920 ----a-w- c:\windows\system32\nvuninst.exe
2009-06-19 01:03 . 2008-11-06 07:31 -------- d-----w- c:\docume~1\ALLUSE~1\DANEAP~1\Microsoft Help
2009-06-17 22:03 . 2009-06-15 09:18 -------- d-----w- c:\program files\Sword of the New World
2009-06-17 22:02 . 2009-06-17 22:02 -------- d-----w- c:\program files\Tibia2
2009-06-17 22:02 . 2009-06-17 22:02 -------- d-----w- c:\program files\Windows Live
2009-06-17 21:59 . 2008-10-17 21:11 -------- d-----w- c:\documents and settings\RedCloud\Dane aplikacji\Skype
2009-06-17 21:45 . 2008-10-17 21:14 -------- d-----w- c:\documents and settings\RedCloud\Dane aplikacji\skypePM
2009-06-15 13:24 . 2009-06-15 13:23 403456 ----a-w- c:\windows\system32\kdfinj.tmp
2009-06-10 06:28 . 2009-06-10 06:28 3510272 ----a-w- c:\windows\system32\nvgames.dll
2009-06-10 06:28 . 2009-06-10 06:28 5890048 ----a-w- c:\windows\system32\nvdispsr.dll
2009-06-10 06:28 . 2009-06-10 06:28 4022272 ----a-w- c:\windows\system32\nvdisps.dll
2009-06-10 06:28 . 2009-06-10 06:28 86016 ----a-w- c:\windows\system32\nvmctray.dll
2009-06-10 06:28 . 2009-06-10 06:28 168004 ----a-w- c:\windows\system32\nvsvc32.exe
2009-06-10 06:28 . 2009-06-10 06:28 143360 ----a-w- c:\windows\system32\nvcolor.exe
2009-06-10 06:28 . 2009-06-10 06:28 13758464 ----a-w- c:\windows\system32\nvcpl.dll
2009-06-10 06:28 . 2009-06-10 06:28 229376 ----a-w- c:\windows\system32\nvmccs.dll
2009-06-10 04:03 . 2009-06-10 04:03 671744 ----a-w- c:\windows\system32\nvcuvid.dll
2009-06-10 04:03 . 2009-06-10 04:03 1580550 ----a-w- c:\windows\system32\nvdata.bin
2009-06-10 04:03 . 2009-06-10 04:03 1310720 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-06-10 04:03 . 2009-05-20 15:17 457248 ----a-w- c:\windows\system32\nvudisp.exe
2009-06-10 04:03 . 2008-09-17 21:55 9998336 ----a-w- c:\windows\system32\nvoglnt.dll
2009-06-10 04:03 . 2008-09-17 21:55 815104 ----a-w- c:\windows\system32\nvapi.dll
2009-06-10 04:03 . 2008-09-17 21:55 1720320 ----a-w- c:\windows\system32\nvcuda.dll
2009-06-10 04:03 . 2008-09-17 21:55 151552 ----a-w- c:\windows\system32\nvcodins.dll
2009-06-10 04:03 . 2008-09-17 21:55 151552 ----a-w- c:\windows\system32\nvcod.dll
2009-06-10 04:03 . 2006-08-11 13:42 5908608 ----a-w- c:\windows\system32\nv4_disp.dll
2009-06-10 04:03 . 2006-08-11 13:42 8087712 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-06-04 22:17 . 2009-06-04 22:17 66560 ----a-w- c:\windows\system32\drivers\epuqfvnlqenvnnos.sys
2009-05-26 16:01 . 2009-05-26 16:01 42088 ----a-w- c:\documents and settings\RedCloud\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll
2004-10-01 13:00 . 2008-09-11 16:40 40960 ----a-w- c:\program files\Uninstall_CDS.exe
.
------- Sigcheck -------
[-] 2008-05-08 18:02 1571840 9F02C1CF7C3100E4AEA7DD8B6A86A01B c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"Google Update"="c:\documents and settings\RedCloud\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe" [2009-04-20 133104]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-03-28 622592]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-04-10 61440]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-10 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-04 148888]
"RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2005-07-08 1397760]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-06-10 1657376]
"autoclk"="autoclk.exe" - c:\windows\autoclk.exe [2003-01-30 143360]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-08-01 16049664]
c:\documents and settings\RedCloud\Menu Start\Programy\Autostart\
Registry Repair Pro.lnk - c:\program files\3B Software\Registry Repair Pro\RegistryRepairPro.exe [2008-10-15 2168152]
Scheduler.lnk - c:\program files\3B Software\Common\Scheduler\wcomschd.exe [2008-10-15 464240]
c:\docume~1\ALLUSE~1\MENUST~1\Programy\AUTOST~1\
DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2009-7-24 962661]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 1 (0x1)
[HKLM\~\startupfolder\C:^Documents and Settings^RedCloud^Menu Start^Programy^Autostart^Ad-aware Updater.exe]
backup=c:\windows\pss\Ad-aware Updater.exeStartup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\CallOfDuty\\CoDWaWmp.exe"=
"d:\\CallOfDuty\\CoDWaW.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"19921:TCP"= 19921:TCP:*:Disabled:SolidNetworkManager
"19921:UDP"= 19921:UDP:*:Disabled:SolidNetworkManager
"24013:TCP"= 24013:TCP:*:Disabled:SolidNetworkManager
"24013:UDP"= 24013:UDP:*:Disabled:SolidNetworkManager
"8085:TCP"= 8085:TCP:sfx
"14076:TCP"= 14076:TCP:BitComet 14076 TCP
"14076:UDP"= 14076:UDP:BitComet 14076 UDP
"53:UDP"= 53:UDP:Promo
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-08-09 108289]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter;c:\windows\system32\drivers\atl01_xp.sys [2008-09-11 34944]
S1 58ee5dc9;58ee5dc9;c:\windows\system32\drivers\58ee5dc9.sys [2009-07-24 0]
S2 .esettrialresetalerter;Eset Trial Reset .EsetTrialResetAlerter;c:\windows\TEMP\ylqppofahn.exe service --> c:\windows\TEMP\ylqppofahn.exe service [?]
S2 gupdate1c98fc14bc8e74c;Usługa Google Update (gupdate1c98fc14bc8e74c);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-16 133104]
S3 sterownik;sterownik;c:\documents and settings\RedCloud\sterownik.sys [2009-08-09 4992]
S3 XDva279;XDva279;\??\c:\windows\system32\XDva279.sys --> c:\windows\system32\XDva279.sys [?]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
- - - - USUNIĘTO PUSTE WPISY - - - -
WebBrowser-{A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file)
HKLM-Run-MSxmlHpr - c:\windows\system32\msxm192z.dll
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-09 16:24
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
[HKEY_USERS\S-1-5-21-1078081533-1229272821-1177238915-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:d4,75,b1,52,ab,e7,98,b4,0e,ba,bb,4f,2f,37,56,db,6b,57,1b,8f,b2,fc,51,
92,ad,c3,8d,53,d4,a4,e2,08,fe,6d,18,99,e6,9f,a6,ee,ba,6d,28,72,b0,65,df,46,\
"??"=hex:9a,2e,68,87,b6,af,a5,d0,15,24,ce,fd,db,33,c2,fe
[HKEY_USERS\S-1-5-21-1078081533-1229272821-1177238915-1003\Software\SecuROM\License information*]
"datasecu"=hex:13,a7,f2,9a,e3,68,91,94,b5,90,76,03,93,7b,f9,d6,91,16,c2,61,8b,
2b,83,34,ca,e0,35,3e,4f,23,0b,51,86,09,7a,9d,62,f5,47,3e,a7,14,2f,7c,60,20,\
"rkeysecu"=hex:22,d4,1e,54,e3,4e,b8,ac,ab,c8,12,7e,ce,d5,c6,13
[HKEY_LOCAL_MACHINE\software\ESET\ESET Security\CurrentVersion\Info]
@Denied: (2) (LocalSystem)
"AppDataDir"="c:\\Documents and Settings\\All Users\\Dane aplikacji\\ESET\\ESET Smart Security\\"
"DataDir"="ESET\\ESET Smart Security\\"
"EditionName"=""
"InstallDir"="c:\\Program Files\\ESET\\ESET Smart Security\\"
"LanguageId"=dword:00000409
"PackageTag"=dword:00000000
"ProductBase"=dword:00000001
"ProductCode"="{C21C71CB-3E5C-401C-91D2-DEDACDB26BAF}"
"ProductName"="ESET Smart Security"
"ProductType"="ess"
"ProductVersion"="4.0.417.0"
"UniqueId"="0016B36649D70533"
"ScannerBuild"=dword:0000121d
"ScannerVersionId"=dword:00000f6c
"ScannerVersion"="Locked/open ESET for status."
"FixId"=dword:00000003
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="3A00143BA9CB85FA63743093AFAB9E4B47DC901763CB31D2AE894DD879390DBEACF454F2E5D6C70645D82762C227752FA0971AB14CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B98089DB7CE019D40AA5CC038D530D6EB345290AF1E024A3D4A5DF10381E293FDA230DC3D7BB5B79F51A6B997FCBAB10F7A12D3F78EC845AFEE1496A98B7E64A156142531BD8C6E9A2CD231A43EFDB04A8BFBB4A2A9A145CFCDD56A48A87DB745F47926443F4980CEE99F6DF6740A4A498677EE1C46AE8D78F415BD8A6C467454DAE8E588703E9B5B54CCC89F0E3A117BC31ED116EC7132876A6374669CA555BD5A0FFCCFF3213EDE2B4331F32C4DE7D18DAF41085B521FE0A57A8691B44C69F6373D19B2210A3CFD9E8AA88CA1640943A30FB22C821C906913360207E24E12F5AA67FB8E05783EE2D4D146C7F7877F47B8C2B37F89FD998D9114050809A4873761277A025D4C3EB9E7E834C46C9F2EDDF2F562C4C80C9E3AF53B4514BDAA54BA7EB97D729EC98E3267C830EAEC7C48866EF771024EBD59E309F18AF54C22578394FE0308701DD002D3898DE2A0CFD8C83ABAA9025A6D59808524AFB5332F4319ADFC1CADAD52FD612469B098DEAFB9AD585565D2E35B7F0A9BE127A5A3D89D8747DC6E94E5DA610DC1C9163EB4171C42C084934515AB0000EE5F75D6868C425ED169B130DC8B1B468AB14A4862640797DEA4B8F0C8E3E66419743120741B60313396B4B90B9E1E5050CA70705C5952C4903A6A2F13F011BE251C869D3CB8FA9742F5582D9A3133F35AE13E33CA9C29E329EA559DB821309813F6B72F61FCE72E4E4392C96CC4757FE169FE530BB80E90700337213229C9815749187619E4511318596B13923E55C2147810532D9C556E21EFE5DC2E9FB70B59FA0F5BCE51B8E9D2BA0054556716911547E3FEF699A6A2694646BB0E7FA94D7596998821056DDB298B0495AFEE50C5F83501E2DDE781566D3CD4ECE7299E62FBCDC7EDE1AA9814B714B9A9D1E3EDBBCAC181CE129FB336C32C2062045FEC68B0F2BDBD184DB34290C2FBA41FBC3053881694597140E375F695CCD0604A40034B7F35707D5D0F983727375EAED3AA71A3F87A5A122D0A4A069911332EF314D7F88EF74002AFCBD0A4F66E724DE4C57F825B0B703BAB736C650337C8544DBC12586068AC477C61A5460BB4C0F8923CE97F4D307BE965411BFAB92091EAA95DE07DD7F978A4DF9AD57E5FB46EE5629DA0688468214EEA6617A2CCBE5640BE70F5F1FCB5AAA35B1727A017ABE3FBBB4E997EDBC5CB4EAC2D26AAEF1A9FD5A8C487AFFCB68F035148DE76F3EA4C566E06CB78D0ED268282321355794EBAE067FAD12927ADB4B48B754B3CE05718C32BD03580051DA335"
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
- - - - - - - > 'explorer.exe'(2928)
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Ahead\InCD\InCDsrv.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\ATKKBService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\rundll32.exe
c:\documents and settings\RedCloud\Ustawienia lokalne\Dane aplikacji\Google\Update\1.2.183.7\GoogleCrashHandler.exe
.
**************************************************************************
.
Czas ukończenia: 2009-08-09 16:31 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2009-08-09 14:31
ComboFix2.txt 2008-10-15 17:29
Przed: 2*556*166*144 bajtów wolnych
Po: 14*741*114*880 bajtów wolnych
WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
;
;Warning: Boot.ini is used on Windows XP and earlier operating systems.
;Warning: Use BCDEDIT.exe to modify Windows Vista boot options.
;
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /NOEXECUTE=OPTIN /FASTDETECT
311 --- E O F --- 2009-06-21 07:45