Dzisiejsze logi. Dodam tylko że jak nie potraficie mi pomóc to w święta przeinstaluję vistę.
Combofix
CYTAT
ComboFix 09-04-04.01 - Laptop 2009-04-10 21:18:49.6 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.1.1045.18.2046.1306 [GMT 2:00]
Uruchomiony z: D:\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated)
FW: Kaspersky Internet Security *disabled*
* Utworzono nowy punkt przywracania
.
((((((((((((((((((((((((( Pliki utworzone od 2009-03-10 do 2009-04-10 )))))))))))))))))))))))))))))))
.
2009-04-09 10:19 . 2009-04-09 10:19
2009-04-09 10:13 . 2009-04-09 10:13
2009-04-09 09:39 . 2009-04-09 09:39
2009-04-07 17:56 . 2009-04-07 17:56
2009-04-07 13:23 . 2009-04-07 13:23
2009-04-07 13:13 . 2009-04-07 13:14
2009-04-06 11:36 . 2009-04-06 11:01 15,688 --a------ c:\windows\System32\lsdelete.exe
2009-04-06 11:01 . 2009-04-06 11:01 64,160 --a------ c:\windows\System32\drivers\Lbd.sys
2009-04-06 10:55 . 2009-04-06 10:55
2009-04-06 10:55 . 2009-04-06 10:55
2009-04-06 08:18 . 2009-04-06 10:55
2009-04-06 08:18 . 2009-04-06 10:55
2009-04-06 08:18 . 2009-04-06 10:55
2009-03-31 20:15 . 2009-04-01 09:53
2009-03-31 10:41 . 2009-03-31 10:41
2009-03-31 10:41 . 2009-02-06 18:08 55,280 --a------ c:\windows\System32\drivers\fssfltr.sys
2009-03-31 10:40 . 2009-03-31 10:40
2009-03-31 10:40 . 2006-11-29 13:06 3,426,072 --a------ c:\windows\System32\d3dx9_32.dll
2009-03-31 10:39 . 2009-03-31 10:39
2009-03-31 10:39 . 2009-03-31 10:41
2009-03-31 10:08 . 2009-03-31 10:08
2009-03-29 19:14 . 2009-03-29 19:14
2009-03-29 19:14 . 2009-03-29 19:14
2009-03-24 23:16 . 2009-03-24 23:16
2009-03-24 23:16 . 2009-03-24 23:16
2009-03-23 21:48 . 2009-03-23 21:48
2009-03-23 21:48 . 2009-03-23 21:48
2009-03-18 11:59 . 2009-03-23 12:02
2009-03-18 11:58 . 2009-03-18 11:58
2009-03-11 16:00 . 2009-03-11 16:00
2009-03-11 15:13 . 2009-03-11 15:13
2009-03-11 15:13 . 2009-03-11 15:13
2009-03-11 15:13 . 2009-03-11 15:13
2009-03-10 22:24 . 2009-02-09 05:10 2,033,152 --a------ c:\windows\System32\win32k.sys
2009-03-10 22:24 . 2008-11-27 06:43 268,288 --a------ c:\windows\System32\schannel.dll
2009-03-10 18:11 . 2009-03-10 18:11
2009-03-10 18:11 . 2009-03-10 18:11
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-10 19:07 --------- d-----w c:\programdata\Kaspersky Lab
2009-04-10 19:05 622,624 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-04-10 19:05 5,304 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-04-10 19:05 3,225,632 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-10 19:05 28,376 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-04-09 08:28 --------- d-----w c:\users\Laptop\AppData\Roaming\Skype
2009-04-09 08:27 --------- d-----w c:\program files\ALLPlayer
2009-04-07 18:51 --------- d-----w c:\users\Laptop\AppData\Roaming\Winamp
2009-04-06 17:00 91,614 ----a-w c:\users\Laptop\AppData\Roaming\nvModes.dat
2009-04-06 08:39 --------- d-----w c:\programdata\Spybot - Search & Destroy
2009-03-31 18:32 --------- d-----w c:\programdata\HP Product Assistant
2009-03-31 18:32 --------- d-----w c:\program files\Unlocker
2009-03-31 18:32 --------- d-----w c:\program files\Malwarebytes’ Anti-Malware
2009-03-31 18:32 --------- d-----w c:\program files\CCleaner
2009-03-31 08:39 --------- d-----w c:\program files\Microsoft
2009-03-26 14:49 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-26 14:49 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-03-22 20:01 --------- d-----w c:\program files\Winamp
2009-03-18 15:30 --------- d-----w c:\users\Laptop\AppData\Roaming\skypePM
2009-03-17 20:26 --------- d-----w c:\program files\Common Files\Adobe
2009-03-16 21:10 --------- d-----w c:\program files\Nokia
2009-03-16 21:10 --------- d-----w c:\program files\Common Files\Nokia
2009-03-16 21:09 --------- d-----w c:\programdata\Installations
2009-03-10 20:28 --------- d-----w c:\program files\Windows Mail
2009-03-08 11:34 914,944 ----a-w c:\windows\System32\wininet.dll
2009-03-08 11:34 43,008 ----a-w c:\windows\System32\licmgr10.dll
2009-03-08 11:33 420,352 ----a-w c:\windows\System32\vbscript.dll
2009-03-08 11:33 18,944 ----a-w c:\windows\System32\corpol.dll
2009-03-08 11:33 132,608 ----a-w c:\windows\System32\ieUnatt.exe
2009-03-08 11:33 109,568 ----a-w c:\windows\System32\PDMSetup.exe
2009-03-08 11:33 109,056 ----a-w c:\windows\System32\iesysprep.dll
2009-03-08 11:33 107,520 ----a-w c:\windows\System32\RegisterIEPKEYs.exe
2009-03-08 11:33 107,008 ----a-w c:\windows\System32\SetIEInstalledDate.exe
2009-03-08 11:33 103,936 ----a-w c:\windows\System32\SetDepNx.exe
2009-03-08 11:32 72,704 ----a-w c:\windows\System32\admparse.dll
2009-03-08 11:32 71,680 ----a-w c:\windows\System32\iesetup.dll
2009-03-08 11:32 66,560 ----a-w c:\windows\System32\wextract.exe
2009-03-08 11:32 169,472 ----a-w c:\windows\System32\iexpress.exe
2009-03-08 11:31 48,128 ----a-w c:\windows\System32\mshtmler.dll
2009-03-08 11:31 45,568 ----a-w c:\windows\System32\mshta.exe
2009-03-08 11:31 34,816 ----a-w c:\windows\System32\imgutil.dll
2009-03-08 11:22 156,160 ----a-w c:\windows\System32\msls31.dll
2009-03-05 19:51 --------- d-----w c:\program files\Opera
2009-03-02 22:12 --------- d-----w c:\program files\Google
2009-03-02 15:02 615,424 ----a-w c:\windows\System32\themeui.dll
2009-03-02 15:02 240,128 ----a-w c:\windows\System32\uxtheme.dll
2009-03-02 13:36 --------- d-----w c:\program files\PITy
2009-02-26 19:12 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-24 11:53 --------- d-----w c:\programdata\Skype
2009-02-24 11:53 --------- d-----w c:\program files\Common Files\Skype
2009-02-24 11:53 --------- d-----r c:\program files\Skype
2009-02-24 11:38 --------- d-----w c:\program files\MSECache
2009-02-24 11:38 --------- d-----w c:\program files\Microsoft Works
2009-02-17 21:00 --------- d-----w c:\programdata\Nokia
2009-02-17 20:47 --------- d-----w c:\users\Laptop\AppData\Roaming\Nokia
2009-02-17 20:40 --------- d-----w c:\program files\Common Files\PCSuite
2009-02-17 20:38 --------- d-----w c:\program files\PC Connectivity Solution
2009-02-16 18:58 --------- d-----w c:\users\Laptop\AppData\Roaming\BESTplayer
2009-02-15 21:08 89,601 ----a-w c:\windows\system32\drivers\klick.dat
2009-02-15 21:08 33,808 ----a-w c:\windows\system32\drivers\klbg.sys
2009-02-15 21:08 101,287 ----a-w c:\windows\system32\drivers\klin.dat
2009-02-15 20:51 --------- d-----w c:\program files\Kaspersky Lab
2009-02-15 20:44 --------- d-----w c:\programdata\Kaspersky Lab Setup Files
2009-02-15 14:09 22,328 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-02-15 14:09 103,736 ----a-w c:\windows\System32\PnkBstrB.exe
2009-02-06 17:57 308,104 ----a-w c:\windows\WLXPGSS.SCR
2009-02-06 16:52 49,504 ----a-w c:\windows\System32\sirenacm.dll
2009-02-05 18:38 119,848 ----a-w c:\windows\System32\SilSupp.dll
2009-01-26 20:03 66,872 ----a-w c:\windows\System32\PnkBstrA.exe
2008-07-09 21:35 56 —ha-w c:\users\All Users\ezsidmv.dat
2008-07-09 21:35 56 —ha-w c:\programdata\ezsidmv.dat
2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini
2007-08-12 11:07 557,056 ----a-w c:\program files\lame.exe
2007-08-12 09:26 88,727 ----a-w c:\program files\history.html
2007-06-28 14:41 4,071 ----a-w c:\program files\contributors.html
2007-05-25 13:04 8,074 ----a-w c:\program files\id3.html
2007-05-25 13:04 2,218 ----a-w c:\program files\index.html
2006-04-29 18:46 179 ----a-w c:\program files\Free-Codecs.txt
2005-08-22 10:29 49,511 ----a-w c:\program files\switchs.html
2005-08-09 06:25 4,922 ----a-w c:\program files\basic.html
2005-08-09 06:25 1,705 ----a-w c:\program files\examples.html
2005-07-28 05:11 3,102 ----a-w c:\program files\presets.html
2004-08-27 05:03 2,288 ----a-w c:\program files\modes.html
2001-10-24 11:44 6,967 ----a-w c:\program files\node6.html
2000-12-03 22:00 732 ----a-w c:\program files\lame.css
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“Nowe Gadu-Gadu”=“c:\program files\Nowe Gadu-Gadu\gg.exe” [2009-02-27 9339496]
“eMuleAutoStart”=“f:\emule\emule.exe” [2009-02-22 5668864]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“OSD”=“c:\program files\C&E\OSD\osd.exe” [2007-07-10 557056]
“IAAnotif”=“c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe” [2007-02-12 174872]
“NvSvc”=“c:\windows\system32\nvsvc.dll” [2007-05-22 86016]
“NvCplDaemon”=“c:\windows\system32\NvCpl.dll” [2007-05-22 8433664]
“NvMediaCenter”=“c:\windows\system32\NvMcTray.dll” [2007-05-22 81920]
“LXCCCATS”=“c:\windows\system32\spool\DRIVERS\W32X86\3\LXCCtime.dll” [2007-02-22 73728]
“SunJavaUpdateSched”=“c:\program files\Java\jre6\bin\jusched.exe” [2009-01-04 136600]
“AVP”=“c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe” [2009-02-15 206088]
“Ad-Watch”=“c:\program files\Lavasoft\Ad-Aware\AAWTray.exe” [2009-04-06 515416]
“WheelMouse”=“c:\program files\A4Tech\Mouse\Amoumain.exe” [2008-03-06 241664]
“WinampAgent”=“c:\program files\Winamp\winampa.exe” [2009-03-09 37888]
“RtHDVCpl”=“RtHDVCpl.exe” [2007-05-10 c:\windows\RtHDVCpl.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
“AppInit_DLLs”=c:\progra~1\KASPER~1\KASPER~1\mzvkbd.dll c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll c:\progra~1\KASPER~1\KASPER~1\adialhk.dll c:\progra~1\KASPER~1\KASPER~1\kloehk.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
“vidc.i420”= i420vfw.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@=“Service”
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
–a------ 2009-02-27 18:10 35696 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
–a------ 2006-12-23 19:05 143360 c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
–a------ 2007-05-11 08:58 103344 c:\program files\Lexmark 3300 Series\ezprint.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
–a----t- 2008-12-30 21:11 133104 c:\users\Laptop\AppData\Local\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
–a------ 2007-10-14 22:17 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxccmon.exe]
–a------ 2007-05-11 08:58 205744 c:\program files\Lexmark 3300 Series\lxccmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
–a------ 2006-01-12 16:40 155648 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
–a------ 2009-01-05 17:18 413696 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
–a------ 2006-11-22 11:31 630784 c:\program files\Motorola\SMSERIAL\sm56hlpr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
“DisableMonitoring”=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2086174230-4289690797-2513951421-1000]
“EnableNotificationsRef”=dword:00000001
[HKLM~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
“TCP Query User{386E2864-7A76-493A-881E-6737B38614CA}c:\program files\skype\phone\skype.exe”= UDP:c:\program files\skype\phone\skype.exe:Onet.pl - Skype
“UDP Query User{00C8230F-1770-40C9-8A41-602FF7907947}c:\program files\skype\phone\skype.exe”= TCP:c:\program files\skype\phone\skype.exe:Onet.pl - Skype
“TCP Query User{52C7F2BB-2BD0-4907-9A40-82E301803BB0}f:\emule\emule.exe”= UDP:f:\emule\emule.exe:eMule
“UDP Query User{CA5074AB-68C8-4AF7-8D20-9DE78E7DABFC}f:\emule\emule.exe”= TCP:f:\emule\emule.exe:eMule
“{8E2215DF-3929-438D-BFF9-BECD09ACB510}”= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxccpswx.exe:Printer Status Window
“{5D0C88CC-5BF2-40B5-BDEF-A08F27BA68AC}”= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxccpswx.exe:Printer Status Window
“{3239DDAF-8E60-4875-83DC-EFF6583CCF42}”= UDP:c:\program files\Winamp Remote\bin\Orb.exe:Orb
“{3F0806F9-78B3-42E7-B8FC-B10BB94E6795}”= TCP:c:\program files\Winamp Remote\bin\Orb.exe:Orb
“{0AA606EF-4E84-4626-A83D-DBBAAA74BE9E}”= UDP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray
“{9EEE64DB-2140-4B6F-9ED1-C8C0AB997CA6}”= TCP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray
“{9C1B5F97-A64B-42BB-B7F8-3AD571C9217C}”= UDP:c:\program files\Winamp Remote\bin\OrbIR.exe:OrbIR
“{C8548B7C-2FC7-49FF-9244-025E307E9340}”= TCP:c:\program files\Winamp Remote\bin\OrbIR.exe:OrbIR
“{69ED2C58-2C25-488D-82D9-DC0D8C71A230}”= UDP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
“{190BACC0-C531-44FD-AA94-6BF5D2ED26BC}”= TCP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
“TCP Query User{286B635F-8FD2-4E73-B23D-49C259755927}c:\program files\nowe gadu-gadu\gg.exe”= UDP:c:\program files\nowe gadu-gadu\gg.exe:Nowe Gadu-Gadu beta
“UDP Query User{FD867EBD-3298-4C57-B575-B4E37B088E63}c:\program files\nowe gadu-gadu\gg.exe”= TCP:c:\program files\nowe gadu-gadu\gg.exe:Nowe Gadu-Gadu beta
“TCP Query User{69111F47-66E1-492B-83A5-1A53F7881DE6}c:\program files\internet explorer\iexplore.exe”= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
“UDP Query User{615EF356-1308-4137-AB6A-C79D284B24FC}c:\program files\internet explorer\iexplore.exe”= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
“{260A6843-7E36-483B-BE92-BEC06DE8F7CE}”= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
“{9890E7EA-2BFF-420A-9E27-9E735220F8DE}”= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
“{3C98D4D6-2A27-4D74-B81B-A3344C4747F8}”= c:\program files\Skype\Phone\Skype.exe:Skype
“{491E7840-6121-4AED-8717-26EC169FFEA6}”= UDP:c:\windows\System32\lxcccoms.exe:Lexmark Communications System
“{9F6D51A8-4E7A-4D87-AA41-3C21BDE12BBF}”= TCP:c:\windows\System32\lxcccoms.exe:Lexmark Communications System
“{56A4266E-9D94-45C6-84A9-63A2FE79CE59}”= Disabled:UDP:e:\setup\HPZNUI01.EXE:hpznui01.exe
“{187F11DE-7D1B-4C3C-9ACC-9C4D26D53484}”= Disabled:TCP:e:\setup\HPZNUI01.EXE:hpznui01.exe
“{AD37D949-D65E-4638-A34B-3A87B5E05E93}”= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
“{DA778BCD-FA86-401D-B0F6-7704F020174A}”= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
“{FD7D6657-BBF2-4DEC-9CA2-E06B4C6DB2A9}”= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
“{5F46B7DE-9D18-4CE9-9C64-F26409AFC333}”= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
“{BB6E38CE-8B14-4841-85E1-1CBABD86B25E}”= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe
“{964C0714-A8A2-409E-A9EB-13BDB592C6A7}”= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe
“{BFF30B9C-3D09-47C1-B0C4-07CF4D3D1EE4}”= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hposfx08.exe:hposfx08.exe
“{6C89C5DB-712A-4CBC-B9BE-EFA6186D0B61}”= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hposfx08.exe:hposfx08.exe
“{48138B62-DD57-4434-AC33-7EFFA35A5783}”= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe
“{3A69EA76-C469-4A25-80AE-96A95C6D7F20}”= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe
“{46C63F37-FFD6-40BE-99BF-3ABF220F45CE}”= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
“{F1035169-11AA-4A41-AC6B-F1F48740C16C}”= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
“{8FE3FC4B-71F6-463F-9D1F-763C0844EAD9}”= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe
“{00B5B898-0615-4073-B554-94F817D71682}”= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe
“TCP Query User{2767DDDA-C606-4070-A04B-423FF65A3029}c:\program files\common files\ahead\nero web\setupx.exe”= UDP:c:\program files\common files\ahead\nero web\setupx.exe:MSI starter
“UDP Query User{45F7C29F-7D48-4F45-A26C-B66A32480A54}c:\program files\common files\ahead\nero web\setupx.exe”= TCP:c:\program files\common files\ahead\nero web\setupx.exe:MSI starter
“TCP Query User{A7A25341-866A-4BBB-B709-006B1EB44AC7}c:\users\laptop\appdata\local\temp\nero web\setupxu.exe”= UDP:c:\users\laptop\appdata\local\temp\nero web\setupxu.exe:setupxu.exe
“UDP Query User{32844D74-0933-4372-AC4E-0245A2DD39C3}c:\users\laptop\appdata\local\temp\nero web\setupxu.exe”= TCP:c:\users\laptop\appdata\local\temp\nero web\setupxu.exe:setupxu.exe
“{EDB24A59-2CBE-453F-8CD8-F001A349D390}”= UDP:c:\program files\ALLPlayer\ALLPlayer.exe:ALLPlayer V3.6
“{71C8888F-189E-4EEF-9440-DC47CD058005}”= TCP:c:\program files\ALLPlayer\ALLPlayer.exe:ALLPlayer V3.6
“TCP Query User{5009CEDA-38E4-4810-B9B8-B8FED604F0A3}c:\program files\ipla\ipla.exe”= Disabled:UDP:c:\program files\ipla\ipla.exe:ipla
“UDP Query User{0679F1E3-FF97-43EC-921D-DBEF310C3739}c:\program files\ipla\ipla.exe”= Disabled:TCP:c:\program files\ipla\ipla.exe:ipla
“{92A77583-BDB9-4466-959B-D67F93C5D280}”= UDP:d:\dokumenty\SKRÓTY\BESTplayer.exe:BESTplayer
“{5DCAC31D-1200-4BE2-B267-832D7FB916D5}”= TCP:d:\dokumenty\SKRÓTY\BESTplayer.exe:BESTplayer
“TCP Query User{A8DCA954-131D-4318-84A7-4BA5F836C548}c:\program files\common files\nokia\service layer\a\nsl_host_process.exe”= UDP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
“UDP Query User{FDFF216A-C11F-4A44-A740-82C337A8FE39}c:\program files\common files\nokia\service layer\a\nsl_host_process.exe”= TCP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
“TCP Query User{7CC2DE6C-CB2F-4042-B1DC-5108C4FD5468}c:\program files\nokia\nokia software updater\nsu_ui_client.exe”= UDP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
“UDP Query User{F8263D1F-9B0D-424F-BD17-2F198A665650}c:\program files\nokia\nokia software updater\nsu_ui_client.exe”= TCP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
“{95CEDC89-82F3-424C-BE48-B3453D508566}”= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
[HKLM~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
“DoNotAllowExceptions”= 0 (0x0)
[HKLM~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
“c:\Program Files\IEPro\MiniDM.exe”= c:\program files\IEPro\MiniDM.exe:*:Enabled:MiniDM
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\System32\drivers\klbg.sys [2008-01-29 33808]
R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [2009-04-06 64160]
R0 Si3531;SiI-3531 SATA Controller;c:\windows\System32\drivers\Si3531.sys [2009-02-05 212520]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\System32\drivers\klim6.sys [2008-07-09 20496]
R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
R3 itecir;ITECIR Infrared Receiver;c:\windows\System32\drivers\itecir.sys [2008-07-03 46592]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\System32\drivers\klfltdev.sys [2008-03-13 26640]
S2 ELOADER;General Purpose USB Driver (adildr.sys);c:\windows\System32\drivers\adildr.sys [2008-07-04 56088]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 951632]
S3 BthAvrcp;Profil AVRCP Bluetooth;c:\windows\System32\drivers\BthAvrcp.sys [2008-07-10 15872]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [2009-03-31 55280]
S3 fsssvc;Bezpieczeństwo rodzinne usługi Windows Live;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\System32\drivers\nmwcdnsu.sys [2008-02-01 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\System32\drivers\nmwcdnsuc.sys [2008-02-01 8320]
S3 WSDPrintDevice;Obsługa drukowania WSD za pośrednictwem bloku pamięci górnej;c:\windows\System32\drivers\WSDPrint.sys [2008-01-21 16896]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
.
Zawartość folderu ‘Zaplanowane zadania’
2009-04-06 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-04-06 11:00]
2009-04-10 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-03-23 09:49]
2009-04-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2086174230-4289690797-2513951421-1000.job
- c:\users\Laptop\AppData\Local\Google\Update\GoogleUpdate.exe [2008-12-30 21:11]
2009-04-10 c:\windows\Tasks\User_Feed_Synchronization-{468D4863-301B-45D7-B757-1A9A8FC3EEAD}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 13:31]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.onet.pl/
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{000002a3-84fe-43f1-b958-f2c3ca804f1a} - {CD275D4E-791A-4993-9D4D-6A071EDD2709} - c:\program files\IEPro\iepro.dll
TCP: {17FE983C-3C50-4B2E-8E09-EAFD8B44B768} = 194.204.159.1 217.98.63.164
DPF: {1E53EA77-34F2-474E-9046-B2B0C86F1821} - hxxp://www.eska.pl/streamplayers/OggX.ocx
FF - ProfilePath - c:\users\Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\kf671xau.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.onet.pl/
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Media Player Classic\Netscape6\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Media Player Classic\Netscape6\nprjplug.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Media Player Classic\Netscape6\nprpjplug.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Laptop\AppData\Local\Google\Update\1.2.141.5\npGoogleOneClick7.dll
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-10 21:20:44
Windows 6.0.6001 Service Pack 1 NTFS
skanowanie ukrytych procesów …
skanowanie ukrytych wpisów autostartu …
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCCCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16???
skanowanie ukrytych plików …
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
Czas ukończenia: 2009-04-10 21:23:09
ComboFix-quarantined-files.txt 2009-04-10 19:23:06
Przed: 16 620 965 888 bajtów wolnych
Po: 16,360,943,616 bajtów wolnych
311 — E O F — 2009-04-05 20:19:52
hijackthis
CYTAT
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:01:50, on 2009-03-31
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\spool\DRIVERS\W32X86\3\lxccjswx.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Pomocnik rejestracji usługi Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM…\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM…\Run: [OSD] C:\Program Files\C&E\OSD\osd.exe
O4 - HKLM…\Run: [iAAnotif] “C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe”
O4 - HKLM…\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM…\Run: [LXCCCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16
O4 - HKLM…\Run: [lxccmon.exe] “C:\Program Files\Lexmark 3300 Series\lxccmon.exe”
O4 - HKLM…\Run: [EzPrint] “C:\Program Files\Lexmark 3300 Series\ezprint.exe”
O4 - HKLM…\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM…\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre6\bin\jusched.exe”
O4 - HKLM…\Run: [AVP] “C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe”
O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\QTTask.exe” -atboottime
O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
O4 - HKLM…\Run: [WinampAgent] “C:\Program Files\Winamp\winampa.exe”
O4 - HKCU…\Run: [Nowe Gadu-Gadu] “C:\Program Files\Nowe Gadu-Gadu\gg.exe”
O4 - HKCU…\Run: [Google Update] “C:\Users\Laptop\AppData\Local\Google\Update\GoogleUpdate.exe” /c
O4 - HKCU…\Run: [eMuleAutoStart] F:\eMule\emule.exe -AutoStart
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra ‘Tools’ menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra ‘Tools’ menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra ‘Tools’ menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Wpis w blogu - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra ‘Tools’ menuitem: &Wpis w blogu w Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Zaznaczanie HP Smart - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net … plugin.cab
O16 - DPF: {1E53EA77-34F2-474E-9046-B2B0C86F1821} (OggX Control) - http://www.eska.pl/streamplayers/OggX.ocx
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda … 3054121928
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup … 3054797661
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/i … ection.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s … wflash.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://bok.plusgsm.pl/rnt/rnl/java/RntX.cab
O17 - HKLM\System\CCS\Services\Tcpip…{17FE983C-3C50-4B2E-8E09-EAFD8B44B768}: NameServer = 194.204.159.1 217.98.63.164
O17 - HKLM\System\CS1\Services\Tcpip…{17FE983C-3C50-4B2E-8E09-EAFD8B44B768}: NameServer = 194.204.159.1 217.98.63.164
O17 - HKLM\System\CS3\Services\Tcpip…{17FE983C-3C50-4B2E-8E09-EAFD8B44B768}: NameServer = 194.204.159.1 217.98.63.164
O17 - HKLM\System\CS5\Services\Tcpip…{17FE983C-3C50-4B2E-8E09-EAFD8B44B768}: NameServer = 194.204.159.1 217.98.63.164
O17 - HKLM\System\CS6\Services\Tcpip…{17FE983C-3C50-4B2E-8E09-EAFD8B44B768}: NameServer = 194.204.159.1 217.98.63.164
O17 - HKLM\System\CS8\Services\Tcpip…{17FE983C-3C50-4B2E-8E09-EAFD8B44B768}: NameServer = 194.204.159.1 217.98.63.164
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxcc_device - - C:\Windows\system32\lxcccoms.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
–
End of file - 9816 bytes