skanowalem avastem, Ad-Aware i Spy Bot
zaraz dolacze loga
Złączono Posta : 05.04.2007 (Czw) 15:28
ComboScan
ComboScan v20070306.20 run by AmarU on 2007-04-05 at 15:24:56
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created ComboScan Restore Point.
-- Last 1 Restore Point(s) --
1: 2007-04-05 13:25:08 UTC - RP29 - ComboScan Restore Point
Performed disk cleanup.
-- HijackThis (run as AmarU.exe) -----------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 15:25:37, on 2007-04-05
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\GEARSec.exe
D:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\vssvc.exe
D:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\algose32.exe
C:\WINDOWS\System32\svcchosst.exe
C:\WINDOWS\System32\sxes.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe
C:\PROGRA~1\NEOSTR~1\ComComp.exe
C:\PROGRA~1\NEOSTR~1\Watch.exe
C:\WINDOWS\System32\dllhost.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Documents and Settings\AmarU\Pulpit\Combo scan\comboscan.exe
D:\AmarU.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotinfolink.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O1 - Hosts: 85.221.229.44 l2authd.lineage2.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\PROGRA~1\FLASHGET\jccatch.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\fgiebar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [Resume copy] copyfstq.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Program Files\D-Tools\daemon.exe" -lang 1033 -noicon
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Offices Monitorse] C:\WINDOWS\System32\algose32.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunServices: [msvccc66] svcchosst.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "D:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Offices Monitorse] C:\WINDOWS\System32\algose32.exe
O8 - Extra context menu item: Download All by FlashGet - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - D:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\flashget.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{9BE0A58B-D1AB-441E-9E56-45C2B87E6E08}: NameServer = 194.204.159.1 217.98.63.164
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: NVDESK32.DLL,
O20 - Winlogon Notify: mszsrn32 - C:\WINDOWS\system32\mszsrn32.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Norton Ghost - Symantec Corporation - D:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
-- File Associations -----------------------------------------------------------
.bat - batfile - "%1" %*
.chm - chm.file - "C:\WINDOWS\hh.exe" %1
.cmd - cmdfile - "%1" %*
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1"
.scr - scrfile - "%1" /S
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
1R Aavmker4 (avast! Asynchronous Virus Monitor) - C:\WINDOWS\system32\drivers\aavmker4.sys
3R alcan5wn (SpeedTouch USB ADSL PPP Networking Driver (NDISWAN)) - C:\WINDOWS\system32\drivers\alcan5wn.sys
3R alcaudsl (SpeedTouch ADSL Modem ATM Transport) - C:\WINDOWS\system32\drivers\alcaudsl.sys
3R ALCXSENS (Service for WDM 3D Audio Driver) - C:\WINDOWS\system32\drivers\ALCXSENS.SYS
3R ALCXWDM (Service for Realtek AC97 Audio (WDM)) - C:\WINDOWS\system32\drivers\ALCXWDM.SYS
1R AmdK7 (Sterownik procesora AMD K7) - C:\WINDOWS\system32\drivers\amdk7.sys
3R Arp1394 (Protokół klienta 1394 ARP) - C:\WINDOWS\system32\drivers\arp1394.sys
2R aswMon2 (avast! Standard Shield Support) - C:\WINDOWS\system32\drivers\aswmon2.sys
3R aswRdr - C:\WINDOWS\system32\drivers\aswRdr.sys
1R aswTdi (avast! Network Shield Support) - C:\WINDOWS\system32\drivers\aswTdi.sys
1R GearAspiWDM - C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
3S hamachi (Hamachi Network Interface) - C:\WINDOWS\system32\drivers\hamachi.sys
3S hidusb (Sterownik Microsoft klasy HID) - C:\WINDOWS\system32\drivers\hidusb.sys
2R irda (Protokół IrDA) - C:\WINDOWS\system32\drivers\irda.sys
3S MSIRCOMM (Microsoft IR Communications Driver) - C:\WINDOWS\system32\drivers\MSIRCOMM.sys
3R ms_mpu401 (Sterownik portu MIDI UART Microsoft MPU-401) - C:\WINDOWS\system32\drivers\msmpu401.sys
3R NIC1394 (Sterownik sieci 1394) - C:\WINDOWS\system32\drivers\nic1394.sys
3S npkcrypt - D:\Gry\Lineage II C5\system\npkcrypt.sys (not found)
3R nv - C:\WINDOWS\system32\drivers\nv4_mini.sys
0R nvatabus - C:\WINDOWS\system32\drivers\nvatabus.sys
0R nv_agp (NVIDIA nForce AGP Bus Filter) - C:\WINDOWS\system32\drivers\nv_agp.SYS
0R ohci1394 (Kontroler hosta IEEE 1394 VIA zgodny z OHCI) - C:\WINDOWS\system32\drivers\ohci1394.sys
0R PxHelp20 - C:\WINDOWS\system32\drivers\PxHelp20.sys
3R Rasirda (WAN Miniport (IrDA)) - C:\WINDOWS\system32\drivers\rasirda.sys
3R st3wolf - C:\WINDOWS\system32\drivers\st3wolf.sys
3R STIrUsb (STIrUsb.sys USB-IrDA Adapter) - C:\WINDOWS\system32\drivers\irstusb.sys
0R stwlfbus - C:\WINDOWS\system32\drivers\stwlfbus.sys
2R symlcbrd - C:\WINDOWS\system32\drivers\symlcbrd.sys
0R SymSnap - C:\WINDOWS\system32\drivers\SymSnap.sys
3R usbehci (Sterownik Miniport rozszerzonego kontrolera hosta USB 2.0 Microsoft) - C:\WINDOWS\system32\drivers\usbehci.sys
3R usbohci (Sterownik Miniport otwartego kontrolera hosta USB Microsoft) - C:\WINDOWS\system32\drivers\usbohci.sys
3S usbprint (Klasa PRINTER USB Microsoft) - C:\WINDOWS\system32\drivers\usbprint.sys
3S usbscan (Sterownik skanera USB) - C:\WINDOWS\system32\drivers\usbscan.sys
3S USBSTOR (Sterownik magazynu masowego USB) - C:\WINDOWS\system32\drivers\USBSTOR.SYS
1R V2IMount - C:\WINDOWS\system32\drivers\V2iMount.sys
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
3S aspnet_state (ASP.NET State Service) - C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
2R aswUpdSv (avast! iAVS4 Control Service) - "D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"
2R avast! Antivirus - "D:\Program Files\Alwil Software\Avast4\ashServ.exe"
3R avast! Mail Scanner - "D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service
3R avast! Web Scanner - "D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service
2R ccEvtMgr (Symantec Event Manager) - "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
3S ccPwdSvc (Symantec Password Validation) - "C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe"
2R ccSetMgr (Symantec Settings Manager) - "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
2R GEARSecurity - C:\WINDOWS\System32\GEARSec.exe
2R Irmon (Monitor podczerwieni) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R Norton Ghost - D:\Program Files\Norton Ghost\Agent\VProSvc.exe
2R NVSvc (NVIDIA Driver Helper Service) - C:\WINDOWS\System32\nvsvc32.exe
3S ose (Office Source Engine) - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
2R RichVideo (Cyberlink RichVideo Service(CRVS)) - "C:\Program Files\Cyberlink\Shared files\RichVideo.exe"
3S SCardDrv (Pomocnik karty inteligentnej) - C:\WINDOWS\System32\SCardSvr.exe
3S Symantec Core LC - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
2R UMWdf (Windows User Mode Driver Framework) - C:\WINDOWS\System32\wdfmgr.exe
2R uploadmgr (Menedżer przekazywania) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S usprserv (User Privilege Service) - C:\WINDOWS\System32\svchost.exe -k netsvcs
-- Scheduled Tasks -------------------------------------------------------------
2007-03-14 15:29:20 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
-- Files created between 2007-03-05 and 2007-04-05 -----------------------------
2007-04-05 14:37:34 0 d--hs---- C:\FOUND.010
2007-04-05 08:51:19 0 d-------- C:\WINDOWS\System32\AdCache
2007-04-04 22:32:16 115200 --a------ C:\WINDOWS\System32\jrhsat.exe
2007-04-04 22:05:55 115200 --a------ C:\WINDOWS\saktasjah.exe
2007-04-04 21:13:49 115200 --a------ C:\xsecurityjx.exe
2007-04-04 20:56:42 115712 --a------ C:\WINDOWS\bmgjh.exe
2007-04-04 20:26:51 115200 --a------ C:\WINDOWS\tlkajsj.exe
2007-04-04 19:59:33 115200 --a------ C:\WINDOWS\System32\sxes.exe
2007-04-04 19:58:59 23040 --a------ C:\WINDOWS\System32\mszsrn32.dll
2007-04-03 19:14:18 0 d--hs---- C:\FOUND.009
2007-04-03 10:47:59 63529 --a------ C:\WINDOWS\System32\dload.exe
2007-04-02 21:29:18 0 d--hs---- C:\FOUND.008
2007-04-01 14:34:35 153925 --a------ C:\WINDOWS\System32\drivers\dump_wmimmc.sys
2007-04-01 14:34:19 4682 --a------ C:\WINDOWS\System32\npptNT2.sys
2007-03-31 12:27:12 0 d-------- C:\Program Files\Common Files\SWF Studio
2007-03-29 16:58:03 79872 --a------ C:\WINDOWS\System32\algose32.exe
2007-03-27 19:46:53 0 d-------- C:\Program Files\Common Files\DirectX
2007-03-23 16:48:31 90112 --a------ C:\WINDOWS\System32\AVASTSS.scr
2007-03-23 16:15:56 23352 --a------ C:\WINDOWS\System32\drivers\aswRdr.sys
2007-03-23 16:15:55 43176 --a------ C:\WINDOWS\System32\drivers\aswTdi.sys
2007-03-23 16:15:52 94424 --a------ C:\WINDOWS\System32\drivers\aswmon2.sys
2007-03-23 16:15:52 85952 --a------ C:\WINDOWS\System32\drivers\aswmon.sys
2007-03-23 16:15:51 31560 --a------ C:\WINDOWS\System32\drivers\aavmker4.sys
2007-03-23 16:15:26 689280 --a------ C:\WINDOWS\System32\aswBoot.exe
2007-03-20 12:45:38 626688 --a------ C:\WINDOWS\System32\msvcr80.dll
2007-03-20 12:45:37 548864 --a------ C:\WINDOWS\System32\msvcp80.dll
2007-03-20 12:45:37 479232 --a------ C:\WINDOWS\System32\msvcm80.dll
2007-03-20 12:14:54 0 d--hs---- C:\FOUND.007
2007-03-16 14:49:52 0 --a------ C:\WINDOWS\System32\regfix.exe
2007-03-14 15:29:11 0 d-------- C:\Program Files\Apple Software Update
2007-03-13 13:20:09 0 d-------- C:\Program Files\Common Files\NSV
2007-03-10 14:27:20 2432 -----n--- C:\WINDOWS\System32\drivers\cdr4_xp.sys
2007-03-10 14:27:19 115880 -----n--- C:\WINDOWS\System32\pxinsi64.exe
2007-03-10 14:27:19 36528 -----n--- C:\WINDOWS\System32\drivers\PxHelp20.sys
2007-03-10 14:27:19 2560 -----n--- C:\WINDOWS\System32\drivers\cdralw2k.sys
2007-03-10 14:27:17 129784 -----n--- C:\WINDOWS\System32\pxafs.dll
2007-03-10 14:20:47 0 d-------- C:\Program Files\Winamp
2007-03-10 13:16:35 10345 --a------ C:\WINDOWS\System32\drivers\hamachi.sys
2007-03-07 20:26:31 5632 --a------ C:\WINDOWS\System32\ptpusb.dll
2007-03-07 20:26:15 150528 --a------ C:\WINDOWS\System32\ptpusd.dll
2007-03-07 20:26:11 14208 --a------ C:\WINDOWS\System32\drivers\usbscan.sys
2007-03-06 18:30:23 0 d-------- C:\Program Files\BitTorrent
2007-03-06 15:50:00 0 d-------- C:\Program Files\AC3Filter
2007-03-06 15:49:36 0 d-------- C:\Program Files\Codec Pack - All In 1
2007-03-05 16:48:40 0 d--hs---- C:\FOUND.006
-- Find3M Report ---------------------------------------------------------------
2007-03-31 12:27:10 1385744 --a------ C:\WINDOWS\System32\msvbvm60.dll
2007-03-28 19:28:48 498652 --a------ C:\WINDOWS\System32\perfh015.dat
2007-03-28 19:28:48 74788 --a------ C:\WINDOWS\System32\perfc015.dat
2007-03-15 16:55:44 0 d-------- C:\Documents and Settings\AmarU\Dane aplikacji\Groove Games
2007-03-06 18:30:34 0 d-------- C:\Documents and Settings\AmarU\Dane aplikacji\BitTorrent
2007-03-06 15:48:52 737280 --a------ C:\WINDOWS\iun6002.exe
2007-03-02 19:04:14 0 d-------- C:\Documents and Settings\AmarU\Dane aplikacji\AdobeUM
2007-03-02 19:01:58 0 d-------- C:\Documents and Settings\AmarU\Dane aplikacji\Adobe
2007-03-02 15:21:48 5335 --a------ C:\WINDOWS\mozver.dat
2007-03-02 15:21:46 0 d-------- C:\Program Files\Temp
2007-03-02 15:21:46 0 d-------- C:\Program Files\GinCards
2007-03-02 15:21:46 0 d-------- C:\Program Files\GanymedeNet
2007-03-02 15:21:46 0 d-------- C:\Program Files\Common
2007-03-02 15:21:46 0 d-------- C:\Program Files\Adv
2007-03-02 13:06:10 0 d-------- C:\Documents and Settings\AmarU\Dane aplikacji\Skype
2007-03-02 13:05:52 0 d-------- C:\Program Files\Common Files\Skype
2007-03-01 13:11:18 0 d-------- C:\Program Files\Skype
2007-02-27 16:47:48 0 d-------- C:\Documents and Settings\AmarU\Dane aplikacji\Lavasoft
2007-02-21 17:39:12 0 d-------- C:\Program Files\Microsoft.NET
2007-02-21 16:28:34 0 d-------- C:\Program Files\Symantec
2007-02-21 14:55:32 0 d-------- C:\Documents and Settings\AmarU\Dane aplikacji\Sun
2007-02-20 22:52:16 0 d-------- C:\Documents and Settings\AmarU\Dane aplikacji\Symantec
2007-02-20 22:51:52 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-02-20 22:24:48 0 d-------- C:\Documents and Settings\AmarU\Dane aplikacji\Macromedia
2007-02-20 21:42:10 0 --a------ C:\WINDOWS\nsreg.dat
2007-02-20 21:42:10 0 d-------- C:\Documents and Settings\AmarU\Dane aplikacji\Talkback
2007-02-20 21:36:44 0 d-------- C:\Program Files\Thomson
2007-02-20 21:35:28 0 d-------- C:\Program Files\Neostrada TP
2007-02-20 21:22:32 0 d-------- C:\Program Files\Realtek Sound Manager
2007-02-20 21:22:28 0 d-------- C:\Program Files\AvRack
2007-02-20 21:16:50 0 d-------- C:\Program Files\Cyberlink
2007-02-20 21:16:10 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-02-20 21:15:54 0 d-------- C:\Program Files\Common Files\InstallShield
2007-02-20 21:14:34 9694 --a------ C:\WINDOWS\irunin.dat
2007-02-20 21:13:12 0 d-------- C:\Program Files\Common Files\Java
2007-02-20 21:11:30 0 d-------- C:\Program Files\Common Files\Adobe
2007-02-20 21:07:24 0 d-------- C:\Program Files\Common Files\Ahead
2007-02-20 21:06:34 100482 --a------ C:\WINDOWS\UninstallFirefox.exe
2007-02-20 21:06:12 0 d-------- C:\Documents and Settings\AmarU\Dane aplikacji\Mozilla
2007-02-20 21:00:34 0 d-------- C:\Program Files\ACD Systems
2007-02-20 20:58:36 0 d-------- C:\Documents and Settings\AmarU\Dane aplikacji\Identities
2007-02-20 20:53:24 0 d-------- C:\Program Files\microsoft frontpage
2007-02-20 20:53:00 0 -rahs---- C:\MSDOS.SYS
2007-02-20 20:53:00 0 -rahs---- C:\IO.SYS
2007-02-20 20:53:00 0 --a------ C:\CONFIG.SYS
2007-02-20 20:53:00 0 --a------ C:\AUTOEXEC.BAT
2007-02-20 20:49:02 0 d-------- C:\Program Files\Common Files\MSSoap
2007-02-20 20:48:48 0 d-------- C:\Program Files\Movie Maker
2007-02-20 20:47:32 21856 --a------ C:\WINDOWS\System32\emptyregdb.dat
2007-02-20 20:47:10 0 d--h----- C:\Program Files\WindowsUpdate
2007-02-20 20:47:10 0 d-------- C:\Program Files\Usługi online
2007-02-20 20:47:00 0 d-------- C:\Program Files\Messenger
2007-02-20 20:46:50 0 d-------- C:\Program Files\MSN Gaming Zone
2007-02-20 20:45:38 0 d-------- C:\Program Files\Windows NT
2007-02-20 20:39:50 0 d-------- C:\Program Files\Common Files\ODBC
2007-02-20 20:39:44 0 d-------- C:\Program Files\Common Files\SpeechEngines
2007-02-20 20:38:58 62 --ahs---- C:\Documents and Settings\AmarU\Dane aplikacji\desktop.ini
2007-02-20 20:38:38 0 d---s---- C:\Documents and Settings\AmarU\Dane aplikacji\Microsoft
-- Registry Dump ---------------------------------------------------------------
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\ctfmon.exe"
"Gadu-Gadu"="\"D:\\Program Files\\Gadu-Gadu\\gg.exe\" /tray"
"Offices Monitorse"="C:\\WINDOWS\\System32\\algose32.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SunJavaUpdateSched"="D:\\Program Files\\Java\\jre1.5.0_02\\bin\\jusched.exe"
"Resume copy"="copyfstq.exe /startup"
"NvCplDaemon"="RUNDLL32.EXE NvQTwk,NvCplDaemon initialize"
"WooCnxMon"="C:\\PROGRA~1\\NEOSTR~1\\CnxMon.exe"
"WOOWATCH"="C:\\PROGRA~1\\NEOSTR~1\\Watch.exe"
"WOOTASKBARICON"="C:\\PROGRA~1\\NEOSTR~1\\TaskbarIcon.exe"
"QuickTime Task"="\"D:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"DAEMON Tools-1033"="\"D:\\Program Files\\D-Tools\\daemon.exe\" -lang 1033 -noicon"
"avast!"="D:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"Offices Monitorse"="C:\\WINDOWS\\System32\\algose32.exe"
"MSConfig"="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\MSConfig.exe /auto"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"msvccc66"="svcchosst.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^ImageFox.lnk]
"path"="C:\\Documents and Settings\\All Users\\Menu Start\\Programy\\Autostart\\ImageFox.lnk"
"backup"="C:\\WINDOWS\\pss\\ImageFox.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\WINDOWS\\Installer\\{92E64C51-5096-442F-9A44-61CB2941391D}\\NewShortcut1.exe "
"item"="ImageFox"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^WinZip Quick Pick.lnk]
"path"="C:\\Documents and Settings\\All Users\\Menu Start\\Programy\\Autostart\\WinZip Quick Pick.lnk"
"backup"="C:\\WINDOWS\\pss\\WinZip Quick Pick.lnkCommon Startup"
"location"="Common Startup"
"command"="D:\\PROGRA~1\\WinZip\\WZQKPICK.EXE "
"item"="WinZip Quick Pick"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="bittorrent"
"hkey"="HKCU"
"command"="\"D:\\Program Files\\BitTorrent\\bittorrent.exe\" --force_start_minimized"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ccApp"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Language"
"hkey"="HKLM"
"command"="\"D:\\Program Files\\CyberLink\\PowerDVD\\Language\\Language.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msvccc66]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="svcchosst"
"hkey"="HKLM"
"command"="svcchosst.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 10.0]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GhostTray"
"hkey"="HKLM"
"command"="\"D:\\Program Files\\Norton Ghost\\Agent\\GhostTray.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PDVDServ"
"hkey"="HKLM"
"command"="\"D:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SOUNDMAN"
"hkey"="HKLM"
"command"="SOUNDMAN.EXE"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Dragdiag"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Thomson\\SpeedTouch USB\\Dragdiag.exe\" /icon"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Security Center Notification Applse]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="sxes"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\sxes.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="NVDESK32.DLL,"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"Offices Monitorse"="C:\\WINDOWS\\System32\\algose32.exe"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"Offices Monitorse"="C:\\WINDOWS\\System32\\algose32.exe"
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mszsrn32
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
-- Hosts -----------------------------------------------------------------------
85.221.229.44 l2authd.lineage2.com
-- End of ComboScan: finished at 2007-04-05 at 15:26:18 ------------------------
ComboScan v20070306.20 run by AmarU on 2007-04-05 at 15:24:56
Supplementary logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Professional (build 2600) SP 1.0
Architecture: X86; Language: Polish
CPU 0: AMD Duron(tm) processor
Percentage of Memory in Use: 88%
Physical Memory (total/avail): 126.42 MiB / 14.45 MiB
Pagefile Memory (total/avail): 684.41 MiB / 442.24 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1995.46 MiB
A: is Removable (No Media)
C: is Fixed (FAT32) - 5.85 GiB total, 3.34 GiB free.
D: is Fixed (FAT32) - 34.17 GiB total, 27.7 GiB free.
E: is Fixed (FAT32) - 34.48 GiB total, 0.71 GiB free.
F: is CDROM (No Media)
G: is CDROM (No Media)
H: is CDROM (CDFS)
-- Security Center -------------------------------------------------------------
AUOptions is disabled.
AUState says computer has updates disabled.
Windows Internal Firewall is enabled.
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\AmarU\Dane aplikacji
CLASSPATH=.;D:\Program Files\Java\jre1.5.0_02\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=AS-CDP4Y4MNGLXG
ComSpec=C:\WINDOWS\system32\cmd.exe
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\AmarU
LOGONSERVER=\\AS-CDP4Y4MNGLXG
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;D:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 7 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0700
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=D:\Program Files\Java\jre1.5.0_02\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\AmarU\USTAWI~1\Temp
TMP=C:\DOCUME~1\AmarU\USTAWI~1\Temp
USERDOMAIN=AS-CDP4Y4MNGLXG
USERNAME=AmarU
USERPROFILE=C:\Documents and Settings\AmarU
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
AmarU [I](admin)[/I]
Mama i Tata [I](admin)[/I]
Administrator [I](new local, admin)[/I]
-- Add/Remove Programs ---------------------------------------------------------
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
AC3Filter (remove only) --> C:\Program Files\AC3Filter\uninstall.exe
ACDSee 4.0 PowerPack Suite --> MsiExec.exe /I{92E64C51-5096-442F-9A44-61CB2941391D}
Ad-Aware SE Personal --> D:\PROGRA~1\LAVASOFT\AD-AWA~1\UNWISE.EXE D:\PROGRA~1\LAVASOFT\AD-AWA~1\INSTALL.LOG
Adobe Reader 6.0 CE --> MsiExec.exe /I{AC76BA86-7AD7-1038-7646-CE0000000001}
Apple Software Update --> MsiExec.exe /I{A260B422-70E1-41E2-957D-F76FA21266D5}
Archiwizator WinRAR --> D:\Program Files\WinRAR\uninstall.exe
avast! Antivirus --> rundll32 D:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
Canon i320 --> C:\WINDOWS\System32\CNMCP47.exe "-PRINTERNAMECanon i320" "-HELPERDLLC:\BJPrinter\CNMWINDOWS\Canon i320 Installer\Inst2\cnmis.dll" "-RCDLLC:\BJPrinter\CNMWINDOWS\Canon i320 Installer\Inst2\cnmi0415.dll"
CDex extraction audio --> "D:\Program Files\CDex_150\uninstall.exe"
Codec Pack - All In 1 6.0.3.0 --> C:\WINDOWS\iun6002.exe "C:\Program Files\Codec Pack - All In 1\irunin.ini"
DAEMON Tools --> MsiExec.exe /I{7A27AE24-F5B8-4ABC-B3DA-AB57BC7309FB}
DC++ 0.670 --> "D:\Program Files\DC++\uninstall.exe"
EVEREST Home Edition v2.20 --> "D:\Program Files\Lavalys\EVEREST Home Edition\unins000.exe"
FlashGet(JetCar) --> D:\PROGRA~1\FLASHGET\UNWISE.EXE D:\PROGRA~1\FLASHGET\INSTALL.LOG
Gadu-Gadu 7.6 --> D:\Program Files\Gadu-Gadu\Setup.exe
GTA VC - NFS Undeground --> "D:\Program Files\GTA VC - NFS Undeground\unins000.exe"
Hamachi 0.9.9.9 --> D:\Program Files\Hamachi\uninstall.exe
HijackThis 1.99.1 --> D:\HijackThis.exe /uninstall
J2SE Runtime Environment 5.0 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020}
LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 2.6 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Microsoft Office FrontPage 2003 --> MsiExec.exe /I{90170415-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110415-6000-11D3-8CFE-0150048383C9}
mIRC --> "D:\Program Files\mIRC\mirc.exe" -uninstall
Mozilla Firefox (1.0.4) --> C:\WINDOWS\UninstallFirefox.exe /ua "1.0.4 (pl-PL)"
Need For Speed Underground --> D:\Program Files\EA GAMES\Need For Speed Underground\EAUninstall.exe
Neostrada TP --> C:\PROGRA~1\NEOSTR~1\SondageDesinstallation.exe
Nero 6 --> D:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Norton Ghost 10.0 --> MsiExec.exe /X{32F720F5-2D0D-4245-A2B0-9EB3CECF8101}
NVIDIA Drivers --> C:\WINDOWS\System32\NVUNINST.EXE UninstallGUI
NVIDIA Windows 2000/XP Display Drivers --> rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nv4_disp.inf
Onet.pl - Skype 3.0 --> "C:\Program Files\Skype\Phone\unins000.exe"
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
QuickTime --> MsiExec.exe /I{5E863175-E85D-44A6-8968-82507D34AE7F}
Real-Draw PRO 4.0 --> "D:\Program Files\RealDrawPRO4\unins000.exe"
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Skype Plugin Manager --> MsiExec.exe /I{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}
SpeedTouch USB Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D41FAAA9-8048-4906-86B2-9AADEA1FA0B7}\setup.exe" /l0009 -Control_Panel
Spybot - Search & Destroy 1.4 --> "D:\Program Files\Spybot - Search & Destroy\unins000.exe"
Total Commander (Remove or Repair) --> D:\Program Files\totalcmd\tcuninst.exe
TotalCopy 1.2 (Luki Edition) --> C:\WINDOWS\iun6002.exe "C:\WINDOWS\irunin.ini"
USB-IrDA Adapter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{10F5D9BB-E2F2-4B18-A65D-928B73D22E6F}\Setup.exe" -l0x9
Winamp (remove only) --> "D:\Program Files\Winamp\UninstWA.exe"
WinZip --> "D:\Program Files\WinZip\WINZIP32.EXE" /uninstall
-- End of ComboScan: finished at 2007-04-05 at 15:26:18 ------------------------
ComboFix
"AmarU" - 07-04-05 15:23:04 Dodatek Service Pack. 1
ComboFix 07-04-05 - Running from: "C:\Documents and Settings\AmarU\Pulpit\ComboFIX"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\a.exe
((((((((((((((((((((((((((((((( Files Created from 2007-03-05 to 2007-04-05 ))))))))))))))))))))))))))))))))))
2007-04-05 14:37
[code] 07-04-05 15:22 115200 --a------ C:\Qoobox\Quarantine\WINDOWS\system32\a.exe.vir Zmienna PATH folderu dla woluminu SYSTEM Numer seryjny woluminu: 71F5E346 E0C1:8FD2 C:\QOOBOX —Quarantine ±–Registry_backups —WINDOWS —system32 a.exe.vir