Prawdopodobnie trojan z plikiem mp3 lub coś innego

Dla specjalistów Bezpieczeństwo
#1

miałem kilka ataków wirusów Kaspersky Internet Security 2009 sobie z nimi nie poradził i jednak któryś z nich przedarł się.

po uruchomieniu komputera wyskakuje komunikat że pulpit jest niedostępny, pulpit wygląda wtedy jak ten z windowsa 98

http://www.hot.jpg.pl/87458

log z KIS2009 http://www.wklejto.pl/30355

log pierwszy z Malwarebytes http://www.wklejto.pl/30356

log drugi z Malwarebytes http://www.wklejto.pl/30357

log pierwszy Combofix http://wklejto.pl/30358

log drugi Combofix http://wklejto.pl/30359

log hijachthis http://wklejto.pl/30360

log silent runners http://wklejto.pl/30361

po skanowaniu DR WEB http://www.hot.jpg.pl/87459

Usunąłem C:\Qoobox

gdy uruchomi się dobrze to ogólnie nie wygląda źle, ale np. czasami jak coś robię w folderach (kopiuję, zaznaczam i skanuję antywirusem) to wyskakuje komunikat że Eksplorator Windows przestał działać i uruchamia się ponownie ten Eksplorator(folder) wcześniej takie coś się raczej nie zdarzało.

ale średnio tylko co drugie lub co trzecie uruchomienie systemu jest dobre, problem wraca jak jak bumerang, przy okazji zauważyłem że jak jest źle to nie działa firefox który jest moja domyślna przeglądarką, word też nie chce się uruchomić i wyskakuje taki komunikat:

http://www.hot.jpg.pl/87460

proszę o pomoc, nie - ja błagam o pomoc

#2

Pokaż log z Combofix

Logi dajesz na http://wklej.org a w poście dajesz tylko link

#3

W logach nie ma ukosnikow \

#4

logi, także z Combofixa wklejone na http://www.wklejto.pl są powyżej, nawet dwa: pierwszy zaraz po wystąpieniu problemów, natomiast drugi po przeskanowaniu i działaniu Malwarebytes oraz Dr Web.

Dodane 02.04.2009 (Cz) 10:11

a możesz wyjaśnić co to znaczy, bo nie jestem zbyt zaawansowany w tych sprawach

#5

Tzn., ze zamiast np.: C:\WINDOWS Ty masz w logach C:WINDOWS.

Brak znakow “”.

#6

Aby poprawić wklej je na www.wklej.org lub www.wklej.eu.

#7

http://www.wklej.org/id/73159/

http://wklej.org/id/73162/

Dodane 05.04.2009 (N) 22:30

niestety problem nadal istnieje, wszedłem tutaj po trzech dniach z nadzieją na złoty sposób, ale chyba o mnie zapomnieliście. bardzo proszę o porady.

#8

chyba czeka Ciebie reinstalacja systemu #-o

#9

Czy w trybie awaryjnym też tak masz?

#10

w trybie awaryjnym programy działają normalnie, tyle że vista wygląda jak stary windows bez aero i rozdzielczość jest zmieniona jak to w trybie awaryjnym, no i nie mogę netu sprawdzić, ale programy odpalają.

Gdy wczoraj skanowałem kompa ponownie Malwarebytes wyskoczyło mi takie coś:

Zainfekowane klucze rejestru:

HKEY_CURRENT_USER\SOFTWARE\BestPlayer (Trojan.DNSChanger) -> No action taken.

oto co ujawnił mi AD-Aware

http://www.hot.jpg.pl/87791

i chyba to usunął ponieważ przy kolejnym skanowaniu już nic nie poszukał.

Dodane 07.04.2009 (Wt) 21:50

dzisiejszy wynik skanowania kaspersky’m

Pełne skanowanie: zakończono 2009-04-07 15:46:50 (zdarzeń: 13, obiektów: 369167, czas: 00:29:49)

2009-04-07 15:17:01 Zadanie zostało uruchomione

2009-04-07 15:17:05 Zagrożenie Luka http://www.viruslist.com/pl/advisories/34012 Niski poziom bezpieczeństwa Dokładne C:\Windows\system32\Macromed\Flash\NPSWF32.dll

2009-04-07 15:17:27 Zagrożenie Luka http://www.viruslist.com/pl/advisories/27620 Niski poziom bezpieczeństwa Dokładne C:\program files\k-lite codec pack\media player classic\realplay.exe

2009-04-07 15:20:17 Zagrożenie Luka http://www.viruslist.com/pl/advisories/34451 Niski poziom bezpieczeństwa Dokładne C:\program files\Java\jre6\bin\java.exe

2009-04-07 15:20:26 Zagrożenie Luka http://www.viruslist.com/pl/advisories/27620 Niski poziom bezpieczeństwa Dokładne C:\program files\k-lite codec pack\media player classic\realplay.exe

2009-04-07 15:23:42 Zagrożenie Luka http://www.viruslist.com/pl/advisories/34012 Niski poziom bezpieczeństwa Dokładne C:\program files\Opera\program\plugins\NPSWF32.dll

2009-04-07 15:26:44 Zagrożenie Luka http://www.viruslist.com/pl/advisories/29434 Niski poziom bezpieczeństwa Dokładne C:\ProgramData{83C91755-2546-441D-AC40-9A6B4B860800}\mia.lib

2009-04-07 15:26:53 Zagrożenie Luka http://www.viruslist.com/pl/advisories/29434 Niski poziom bezpieczeństwa Dokładne C:\Users\All Users{83C91755-2546-441D-AC40-9A6B4B860800}\mia.lib

2009-04-07 15:31:39 Zagrożenie Luka http://www.viruslist.com/pl/advisories/34451 Niski poziom bezpieczeństwa Dokładne C:\Windows\system32\java.exe

2009-04-07 15:35:40 Zagrożenie Luka http://www.viruslist.com/pl/advisories/34012 Niski poziom bezpieczeństwa Dokładne C:\Windows\system32\Macromed\Flash\Flash9b.ocx

2009-04-07 15:35:40 Zagrożenie Luka http://www.viruslist.com/pl/advisories/34012 Niski poziom bezpieczeństwa Dokładne C:\Windows\system32\Macromed\Flash\NPSWF32.dll

2009-04-07 15:35:40 Zagrożenie Luka http://www.viruslist.com/pl/advisories/34012 Niski poziom bezpieczeństwa Dokładne C:\Windows\system32\Macromed\Flash\Flash10a.ocx

2009-04-07 15:46:50 Zadanie zostało zakończone

#11

a spróbuj może przywracania systemy sprzed infekcji…

#12

Dzisiejsze logi. Dodam tylko że jak nie potraficie mi pomóc to w święta przeinstaluję vistę.

Combofix

CYTAT

ComboFix 09-04-04.01 - Laptop 2009-04-10 21:18:49.6 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.1.1045.18.2046.1306 [GMT 2:00]

Uruchomiony z: D:\ComboFix.exe

AV: Kaspersky Internet Security *On-access scanning disabled* (Updated)

FW: Kaspersky Internet Security *disabled*

* Utworzono nowy punkt przywracania

.

((((((((((((((((((((((((( Pliki utworzone od 2009-03-10 do 2009-04-10 )))))))))))))))))))))))))))))))

.

2009-04-09 10:19 . 2009-04-09 10:19

2009-04-09 10:13 . 2009-04-09 10:13

2009-04-09 09:39 . 2009-04-09 09:39

2009-04-07 17:56 . 2009-04-07 17:56

2009-04-07 13:23 . 2009-04-07 13:23

2009-04-07 13:13 . 2009-04-07 13:14

2009-04-06 11:36 . 2009-04-06 11:01 15,688 --a------ c:\windows\System32\lsdelete.exe

2009-04-06 11:01 . 2009-04-06 11:01 64,160 --a------ c:\windows\System32\drivers\Lbd.sys

2009-04-06 10:55 . 2009-04-06 10:55

2009-04-06 10:55 . 2009-04-06 10:55

2009-04-06 08:18 . 2009-04-06 10:55

2009-04-06 08:18 . 2009-04-06 10:55

2009-04-06 08:18 . 2009-04-06 10:55

2009-03-31 20:15 . 2009-04-01 09:53

2009-03-31 10:41 . 2009-03-31 10:41

2009-03-31 10:41 . 2009-02-06 18:08 55,280 --a------ c:\windows\System32\drivers\fssfltr.sys

2009-03-31 10:40 . 2009-03-31 10:40

2009-03-31 10:40 . 2006-11-29 13:06 3,426,072 --a------ c:\windows\System32\d3dx9_32.dll

2009-03-31 10:39 . 2009-03-31 10:39

2009-03-31 10:39 . 2009-03-31 10:41

2009-03-31 10:08 . 2009-03-31 10:08

2009-03-29 19:14 . 2009-03-29 19:14

2009-03-29 19:14 . 2009-03-29 19:14

2009-03-24 23:16 . 2009-03-24 23:16

2009-03-24 23:16 . 2009-03-24 23:16

2009-03-23 21:48 . 2009-03-23 21:48

2009-03-23 21:48 . 2009-03-23 21:48

2009-03-18 11:59 . 2009-03-23 12:02

2009-03-18 11:58 . 2009-03-18 11:58

2009-03-11 16:00 . 2009-03-11 16:00

2009-03-11 15:13 . 2009-03-11 15:13

2009-03-11 15:13 . 2009-03-11 15:13

2009-03-11 15:13 . 2009-03-11 15:13

2009-03-10 22:24 . 2009-02-09 05:10 2,033,152 --a------ c:\windows\System32\win32k.sys

2009-03-10 22:24 . 2008-11-27 06:43 268,288 --a------ c:\windows\System32\schannel.dll

2009-03-10 18:11 . 2009-03-10 18:11

2009-03-10 18:11 . 2009-03-10 18:11

.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-04-10 19:07 --------- d-----w c:\programdata\Kaspersky Lab

2009-04-10 19:05 622,624 --sha-w c:\windows\system32\drivers\fidbox2.dat

2009-04-10 19:05 5,304 --sha-w c:\windows\system32\drivers\fidbox2.idx

2009-04-10 19:05 3,225,632 --sha-w c:\windows\system32\drivers\fidbox.dat

2009-04-10 19:05 28,376 --sha-w c:\windows\system32\drivers\fidbox.idx

2009-04-09 08:28 --------- d-----w c:\users\Laptop\AppData\Roaming\Skype

2009-04-09 08:27 --------- d-----w c:\program files\ALLPlayer

2009-04-07 18:51 --------- d-----w c:\users\Laptop\AppData\Roaming\Winamp

2009-04-06 17:00 91,614 ----a-w c:\users\Laptop\AppData\Roaming\nvModes.dat

2009-04-06 08:39 --------- d-----w c:\programdata\Spybot - Search & Destroy

2009-03-31 18:32 --------- d-----w c:\programdata\HP Product Assistant

2009-03-31 18:32 --------- d-----w c:\program files\Unlocker

2009-03-31 18:32 --------- d-----w c:\program files\Malwarebytes’ Anti-Malware

2009-03-31 18:32 --------- d-----w c:\program files\CCleaner

2009-03-31 08:39 --------- d-----w c:\program files\Microsoft

2009-03-26 14:49 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys

2009-03-26 14:49 15,504 ----a-w c:\windows\system32\drivers\mbam.sys

2009-03-22 20:01 --------- d-----w c:\program files\Winamp

2009-03-18 15:30 --------- d-----w c:\users\Laptop\AppData\Roaming\skypePM

2009-03-17 20:26 --------- d-----w c:\program files\Common Files\Adobe

2009-03-16 21:10 --------- d-----w c:\program files\Nokia

2009-03-16 21:10 --------- d-----w c:\program files\Common Files\Nokia

2009-03-16 21:09 --------- d-----w c:\programdata\Installations

2009-03-10 20:28 --------- d-----w c:\program files\Windows Mail

2009-03-08 11:34 914,944 ----a-w c:\windows\System32\wininet.dll

2009-03-08 11:34 43,008 ----a-w c:\windows\System32\licmgr10.dll

2009-03-08 11:33 420,352 ----a-w c:\windows\System32\vbscript.dll

2009-03-08 11:33 18,944 ----a-w c:\windows\System32\corpol.dll

2009-03-08 11:33 132,608 ----a-w c:\windows\System32\ieUnatt.exe

2009-03-08 11:33 109,568 ----a-w c:\windows\System32\PDMSetup.exe

2009-03-08 11:33 109,056 ----a-w c:\windows\System32\iesysprep.dll

2009-03-08 11:33 107,520 ----a-w c:\windows\System32\RegisterIEPKEYs.exe

2009-03-08 11:33 107,008 ----a-w c:\windows\System32\SetIEInstalledDate.exe

2009-03-08 11:33 103,936 ----a-w c:\windows\System32\SetDepNx.exe

2009-03-08 11:32 72,704 ----a-w c:\windows\System32\admparse.dll

2009-03-08 11:32 71,680 ----a-w c:\windows\System32\iesetup.dll

2009-03-08 11:32 66,560 ----a-w c:\windows\System32\wextract.exe

2009-03-08 11:32 169,472 ----a-w c:\windows\System32\iexpress.exe

2009-03-08 11:31 48,128 ----a-w c:\windows\System32\mshtmler.dll

2009-03-08 11:31 45,568 ----a-w c:\windows\System32\mshta.exe

2009-03-08 11:31 34,816 ----a-w c:\windows\System32\imgutil.dll

2009-03-08 11:22 156,160 ----a-w c:\windows\System32\msls31.dll

2009-03-05 19:51 --------- d-----w c:\program files\Opera

2009-03-02 22:12 --------- d-----w c:\program files\Google

2009-03-02 15:02 615,424 ----a-w c:\windows\System32\themeui.dll

2009-03-02 15:02 240,128 ----a-w c:\windows\System32\uxtheme.dll

2009-03-02 13:36 --------- d-----w c:\program files\PITy

2009-02-26 19:12 --------- d-----w c:\program files\Microsoft Silverlight

2009-02-24 11:53 --------- d-----w c:\programdata\Skype

2009-02-24 11:53 --------- d-----w c:\program files\Common Files\Skype

2009-02-24 11:53 --------- d-----r c:\program files\Skype

2009-02-24 11:38 --------- d-----w c:\program files\MSECache

2009-02-24 11:38 --------- d-----w c:\program files\Microsoft Works

2009-02-17 21:00 --------- d-----w c:\programdata\Nokia

2009-02-17 20:47 --------- d-----w c:\users\Laptop\AppData\Roaming\Nokia

2009-02-17 20:40 --------- d-----w c:\program files\Common Files\PCSuite

2009-02-17 20:38 --------- d-----w c:\program files\PC Connectivity Solution

2009-02-16 18:58 --------- d-----w c:\users\Laptop\AppData\Roaming\BESTplayer

2009-02-15 21:08 89,601 ----a-w c:\windows\system32\drivers\klick.dat

2009-02-15 21:08 33,808 ----a-w c:\windows\system32\drivers\klbg.sys

2009-02-15 21:08 101,287 ----a-w c:\windows\system32\drivers\klin.dat

2009-02-15 20:51 --------- d-----w c:\program files\Kaspersky Lab

2009-02-15 20:44 --------- d-----w c:\programdata\Kaspersky Lab Setup Files

2009-02-15 14:09 22,328 ----a-w c:\windows\system32\drivers\PnkBstrK.sys

2009-02-15 14:09 103,736 ----a-w c:\windows\System32\PnkBstrB.exe

2009-02-06 17:57 308,104 ----a-w c:\windows\WLXPGSS.SCR

2009-02-06 16:52 49,504 ----a-w c:\windows\System32\sirenacm.dll

2009-02-05 18:38 119,848 ----a-w c:\windows\System32\SilSupp.dll

2009-01-26 20:03 66,872 ----a-w c:\windows\System32\PnkBstrA.exe

2008-07-09 21:35 56 —ha-w c:\users\All Users\ezsidmv.dat

2008-07-09 21:35 56 —ha-w c:\programdata\ezsidmv.dat

2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini

2007-08-12 11:07 557,056 ----a-w c:\program files\lame.exe

2007-08-12 09:26 88,727 ----a-w c:\program files\history.html

2007-06-28 14:41 4,071 ----a-w c:\program files\contributors.html

2007-05-25 13:04 8,074 ----a-w c:\program files\id3.html

2007-05-25 13:04 2,218 ----a-w c:\program files\index.html

2006-04-29 18:46 179 ----a-w c:\program files\Free-Codecs.txt

2005-08-22 10:29 49,511 ----a-w c:\program files\switchs.html

2005-08-09 06:25 4,922 ----a-w c:\program files\basic.html

2005-08-09 06:25 1,705 ----a-w c:\program files\examples.html

2005-07-28 05:11 3,102 ----a-w c:\program files\presets.html

2004-08-27 05:03 2,288 ----a-w c:\program files\modes.html

2001-10-24 11:44 6,967 ----a-w c:\program files\node6.html

2000-12-03 22:00 732 ----a-w c:\program files\lame.css

.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“Nowe Gadu-Gadu”=“c:\program files\Nowe Gadu-Gadu\gg.exe” [2009-02-27 9339496]

“eMuleAutoStart”=“f:\emule\emule.exe” [2009-02-22 5668864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“OSD”=“c:\program files\C&E\OSD\osd.exe” [2007-07-10 557056]

“IAAnotif”=“c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe” [2007-02-12 174872]

“NvSvc”=“c:\windows\system32\nvsvc.dll” [2007-05-22 86016]

“NvCplDaemon”=“c:\windows\system32\NvCpl.dll” [2007-05-22 8433664]

“NvMediaCenter”=“c:\windows\system32\NvMcTray.dll” [2007-05-22 81920]

“LXCCCATS”=“c:\windows\system32\spool\DRIVERS\W32X86\3\LXCCtime.dll” [2007-02-22 73728]

“SunJavaUpdateSched”=“c:\program files\Java\jre6\bin\jusched.exe” [2009-01-04 136600]

“AVP”=“c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe” [2009-02-15 206088]

“Ad-Watch”=“c:\program files\Lavasoft\Ad-Aware\AAWTray.exe” [2009-04-06 515416]

“WheelMouse”=“c:\program files\A4Tech\Mouse\Amoumain.exe” [2008-03-06 241664]

“WinampAgent”=“c:\program files\Winamp\winampa.exe” [2009-03-09 37888]

“RtHDVCpl”=“RtHDVCpl.exe” [2007-05-10 c:\windows\RtHDVCpl.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

“AppInit_DLLs”=c:\progra~1\KASPER~1\KASPER~1\mzvkbd.dll c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll c:\progra~1\KASPER~1\KASPER~1\adialhk.dll c:\progra~1\KASPER~1\KASPER~1\kloehk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

“vidc.i420”= i420vfw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@=“Service”

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

–a------ 2009-02-27 18:10 35696 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

–a------ 2006-12-23 19:05 143360 c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]

–a------ 2007-05-11 08:58 103344 c:\program files\Lexmark 3300 Series\ezprint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

–a----t- 2008-12-30 21:11 133104 c:\users\Laptop\AppData\Local\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

–a------ 2007-10-14 22:17 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxccmon.exe]

–a------ 2007-05-11 08:58 205744 c:\program files\Lexmark 3300 Series\lxccmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

–a------ 2006-01-12 16:40 155648 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

–a------ 2009-01-05 17:18 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]

–a------ 2006-11-22 11:31 630784 c:\program files\Motorola\SMSERIAL\sm56hlpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

“DisableMonitoring”=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2086174230-4289690797-2513951421-1000]

“EnableNotificationsRef”=dword:00000001

[HKLM~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

“TCP Query User{386E2864-7A76-493A-881E-6737B38614CA}c:\program files\skype\phone\skype.exe”= UDP:c:\program files\skype\phone\skype.exe:Onet.pl - Skype

“UDP Query User{00C8230F-1770-40C9-8A41-602FF7907947}c:\program files\skype\phone\skype.exe”= TCP:c:\program files\skype\phone\skype.exe:Onet.pl - Skype

“TCP Query User{52C7F2BB-2BD0-4907-9A40-82E301803BB0}f:\emule\emule.exe”= UDP:f:\emule\emule.exe:eMule

“UDP Query User{CA5074AB-68C8-4AF7-8D20-9DE78E7DABFC}f:\emule\emule.exe”= TCP:f:\emule\emule.exe:eMule

“{8E2215DF-3929-438D-BFF9-BECD09ACB510}”= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxccpswx.exe:Printer Status Window

“{5D0C88CC-5BF2-40B5-BDEF-A08F27BA68AC}”= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxccpswx.exe:Printer Status Window

“{3239DDAF-8E60-4875-83DC-EFF6583CCF42}”= UDP:c:\program files\Winamp Remote\bin\Orb.exe:Orb

“{3F0806F9-78B3-42E7-B8FC-B10BB94E6795}”= TCP:c:\program files\Winamp Remote\bin\Orb.exe:Orb

“{0AA606EF-4E84-4626-A83D-DBBAAA74BE9E}”= UDP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray

“{9EEE64DB-2140-4B6F-9ED1-C8C0AB997CA6}”= TCP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray

“{9C1B5F97-A64B-42BB-B7F8-3AD571C9217C}”= UDP:c:\program files\Winamp Remote\bin\OrbIR.exe:OrbIR

“{C8548B7C-2FC7-49FF-9244-025E307E9340}”= TCP:c:\program files\Winamp Remote\bin\OrbIR.exe:OrbIR

“{69ED2C58-2C25-488D-82D9-DC0D8C71A230}”= UDP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client

“{190BACC0-C531-44FD-AA94-6BF5D2ED26BC}”= TCP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client

“TCP Query User{286B635F-8FD2-4E73-B23D-49C259755927}c:\program files\nowe gadu-gadu\gg.exe”= UDP:c:\program files\nowe gadu-gadu\gg.exe:Nowe Gadu-Gadu beta

“UDP Query User{FD867EBD-3298-4C57-B575-B4E37B088E63}c:\program files\nowe gadu-gadu\gg.exe”= TCP:c:\program files\nowe gadu-gadu\gg.exe:Nowe Gadu-Gadu beta

“TCP Query User{69111F47-66E1-492B-83A5-1A53F7881DE6}c:\program files\internet explorer\iexplore.exe”= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer

“UDP Query User{615EF356-1308-4137-AB6A-C79D284B24FC}c:\program files\internet explorer\iexplore.exe”= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer

“{260A6843-7E36-483B-BE92-BEC06DE8F7CE}”= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

“{9890E7EA-2BFF-420A-9E27-9E735220F8DE}”= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

“{3C98D4D6-2A27-4D74-B81B-A3344C4747F8}”= c:\program files\Skype\Phone\Skype.exe:Skype

“{491E7840-6121-4AED-8717-26EC169FFEA6}”= UDP:c:\windows\System32\lxcccoms.exe:Lexmark Communications System

“{9F6D51A8-4E7A-4D87-AA41-3C21BDE12BBF}”= TCP:c:\windows\System32\lxcccoms.exe:Lexmark Communications System

“{56A4266E-9D94-45C6-84A9-63A2FE79CE59}”= Disabled:UDP:e:\setup\HPZNUI01.EXE:hpznui01.exe

“{187F11DE-7D1B-4C3C-9ACC-9C4D26D53484}”= Disabled:TCP:e:\setup\HPZNUI01.EXE:hpznui01.exe

“{AD37D949-D65E-4638-A34B-3A87B5E05E93}”= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe

“{DA778BCD-FA86-401D-B0F6-7704F020174A}”= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe

“{FD7D6657-BBF2-4DEC-9CA2-E06B4C6DB2A9}”= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe

“{5F46B7DE-9D18-4CE9-9C64-F26409AFC333}”= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe

“{BB6E38CE-8B14-4841-85E1-1CBABD86B25E}”= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe

“{964C0714-A8A2-409E-A9EB-13BDB592C6A7}”= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe

“{BFF30B9C-3D09-47C1-B0C4-07CF4D3D1EE4}”= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hposfx08.exe:hposfx08.exe

“{6C89C5DB-712A-4CBC-B9BE-EFA6186D0B61}”= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hposfx08.exe:hposfx08.exe

“{48138B62-DD57-4434-AC33-7EFFA35A5783}”= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe

“{3A69EA76-C469-4A25-80AE-96A95C6D7F20}”= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe

“{46C63F37-FFD6-40BE-99BF-3ABF220F45CE}”= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe

“{F1035169-11AA-4A41-AC6B-F1F48740C16C}”= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe

“{8FE3FC4B-71F6-463F-9D1F-763C0844EAD9}”= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe

“{00B5B898-0615-4073-B554-94F817D71682}”= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe

“TCP Query User{2767DDDA-C606-4070-A04B-423FF65A3029}c:\program files\common files\ahead\nero web\setupx.exe”= UDP:c:\program files\common files\ahead\nero web\setupx.exe:MSI starter

“UDP Query User{45F7C29F-7D48-4F45-A26C-B66A32480A54}c:\program files\common files\ahead\nero web\setupx.exe”= TCP:c:\program files\common files\ahead\nero web\setupx.exe:MSI starter

“TCP Query User{A7A25341-866A-4BBB-B709-006B1EB44AC7}c:\users\laptop\appdata\local\temp\nero web\setupxu.exe”= UDP:c:\users\laptop\appdata\local\temp\nero web\setupxu.exe:setupxu.exe

“UDP Query User{32844D74-0933-4372-AC4E-0245A2DD39C3}c:\users\laptop\appdata\local\temp\nero web\setupxu.exe”= TCP:c:\users\laptop\appdata\local\temp\nero web\setupxu.exe:setupxu.exe

“{EDB24A59-2CBE-453F-8CD8-F001A349D390}”= UDP:c:\program files\ALLPlayer\ALLPlayer.exe:ALLPlayer V3.6

“{71C8888F-189E-4EEF-9440-DC47CD058005}”= TCP:c:\program files\ALLPlayer\ALLPlayer.exe:ALLPlayer V3.6

“TCP Query User{5009CEDA-38E4-4810-B9B8-B8FED604F0A3}c:\program files\ipla\ipla.exe”= Disabled:UDP:c:\program files\ipla\ipla.exe:ipla

“UDP Query User{0679F1E3-FF97-43EC-921D-DBEF310C3739}c:\program files\ipla\ipla.exe”= Disabled:TCP:c:\program files\ipla\ipla.exe:ipla

“{92A77583-BDB9-4466-959B-D67F93C5D280}”= UDP:d:\dokumenty\SKRÓTY\BESTplayer.exe:BESTplayer

“{5DCAC31D-1200-4BE2-B267-832D7FB916D5}”= TCP:d:\dokumenty\SKRÓTY\BESTplayer.exe:BESTplayer

“TCP Query User{A8DCA954-131D-4318-84A7-4BA5F836C548}c:\program files\common files\nokia\service layer\a\nsl_host_process.exe”= UDP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process

“UDP Query User{FDFF216A-C11F-4A44-A740-82C337A8FE39}c:\program files\common files\nokia\service layer\a\nsl_host_process.exe”= TCP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process

“TCP Query User{7CC2DE6C-CB2F-4042-B1DC-5108C4FD5468}c:\program files\nokia\nokia software updater\nsu_ui_client.exe”= UDP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater

“UDP Query User{F8263D1F-9B0D-424F-BD17-2F198A665650}c:\program files\nokia\nokia software updater\nsu_ui_client.exe”= TCP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater

“{95CEDC89-82F3-424C-BE48-B3453D508566}”= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync

[HKLM~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

“DoNotAllowExceptions”= 0 (0x0)

[HKLM~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]

“c:\Program Files\IEPro\MiniDM.exe”= c:\program files\IEPro\MiniDM.exe:*:Enabled:MiniDM

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\System32\drivers\klbg.sys [2008-01-29 33808]

R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [2009-04-06 64160]

R0 Si3531;SiI-3531 SATA Controller;c:\windows\System32\drivers\Si3531.sys [2009-02-05 212520]

R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\System32\drivers\klim6.sys [2008-07-09 20496]

R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]

R3 itecir;ITECIR Infrared Receiver;c:\windows\System32\drivers\itecir.sys [2008-07-03 46592]

R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\System32\drivers\klfltdev.sys [2008-03-13 26640]

S2 ELOADER;General Purpose USB Driver (adildr.sys);c:\windows\System32\drivers\adildr.sys [2008-07-04 56088]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 951632]

S3 BthAvrcp;Profil AVRCP Bluetooth;c:\windows\System32\drivers\BthAvrcp.sys [2008-07-10 15872]

S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [2009-03-31 55280]

S3 fsssvc;Bezpieczeństwo rodzinne usługi Windows Live;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]

S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\System32\drivers\nmwcdnsu.sys [2008-02-01 138112]

S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\System32\drivers\nmwcdnsuc.sys [2008-02-01 8320]

S3 WSDPrintDevice;Obsługa drukowania WSD za pośrednictwem bloku pamięci górnej;c:\windows\System32\drivers\WSDPrint.sys [2008-01-21 16896]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

HPService REG_MULTI_SZ HPSLPSVC

.

Zawartość folderu ‘Zaplanowane zadania’

2009-04-06 c:\windows\Tasks\Ad-Aware Update (Weekly).job

  • c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-04-06 11:00]

2009-04-10 c:\windows\Tasks\GlaryInitialize.job

  • c:\program files\Glary Utilities\initialize.exe [2009-03-23 09:49]

2009-04-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2086174230-4289690797-2513951421-1000.job

  • c:\users\Laptop\AppData\Local\Google\Update\GoogleUpdate.exe [2008-12-30 21:11]

2009-04-10 c:\windows\Tasks\User_Feed_Synchronization-{468D4863-301B-45D7-B757-1A9A8FC3EEAD}.job

  • c:\windows\system32\msfeedssync.exe [2009-03-08 13:31]

.

.

------- Skan uzupełniający -------

.

uStart Page = hxxp://www.onet.pl/

IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: {{000002a3-84fe-43f1-b958-f2c3ca804f1a} - {CD275D4E-791A-4993-9D4D-6A071EDD2709} - c:\program files\IEPro\iepro.dll

TCP: {17FE983C-3C50-4B2E-8E09-EAFD8B44B768} = 194.204.159.1 217.98.63.164

DPF: {1E53EA77-34F2-474E-9046-B2B0C86F1821} - hxxp://www.eska.pl/streamplayers/OggX.ocx

FF - ProfilePath - c:\users\Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\kf671xau.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.onet.pl/

FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll

FF - plugin: c:\program files\K-Lite Codec Pack\Media Player Classic\Netscape6\nppl3260.dll

FF - plugin: c:\program files\K-Lite Codec Pack\Media Player Classic\Netscape6\nprjplug.dll

FF - plugin: c:\program files\K-Lite Codec Pack\Media Player Classic\Netscape6\nprpjplug.dll

FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll

FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll

FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll

FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: c:\users\Laptop\AppData\Local\Google\Update\1.2.141.5\npGoogleOneClick7.dll

.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-04-10 21:20:44

Windows 6.0.6001 Service Pack 1 NTFS

skanowanie ukrytych procesów …

skanowanie ukrytych wpisów autostartu …

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

LXCCCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16???

skanowanie ukrytych plików …

skanowanie pomyślnie ukończone

ukryte pliki: 0

**************************************************************************

.

Czas ukończenia: 2009-04-10 21:23:09

ComboFix-quarantined-files.txt 2009-04-10 19:23:06

Przed: 16 620 965 888 bajtów wolnych

Po: 16,360,943,616 bajtów wolnych

311 — E O F — 2009-04-05 20:19:52

hijackthis

CYTAT

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:01:50, on 2009-03-31

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Windows\system32\spool\DRIVERS\W32X86\3\lxccjswx.exe

C:\Windows\system32\conime.exe

C:\Windows\Explorer.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll

O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Pomocnik rejestracji usługi Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O4 - HKLM…\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM…\Run: [OSD] C:\Program Files\C&E\OSD\osd.exe

O4 - HKLM…\Run: [iAAnotif] “C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe”

O4 - HKLM…\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM…\Run: [LXCCCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16

O4 - HKLM…\Run: [lxccmon.exe] “C:\Program Files\Lexmark 3300 Series\lxccmon.exe”

O4 - HKLM…\Run: [EzPrint] “C:\Program Files\Lexmark 3300 Series\ezprint.exe”

O4 - HKLM…\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM…\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre6\bin\jusched.exe”

O4 - HKLM…\Run: [AVP] “C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe”

O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\QTTask.exe” -atboottime

O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”

O4 - HKLM…\Run: [WinampAgent] “C:\Program Files\Winamp\winampa.exe”

O4 - HKCU…\Run: [Nowe Gadu-Gadu] “C:\Program Files\Nowe Gadu-Gadu\gg.exe”

O4 - HKCU…\Run: [Google Update] “C:\Users\Laptop\AppData\Local\Google\Update\GoogleUpdate.exe” /c

O4 - HKCU…\Run: [eMuleAutoStart] F:\eMule\emule.exe -AutoStart

O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll

O9 - Extra ‘Tools’ menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll

O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll

O9 - Extra ‘Tools’ menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll

O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll

O9 - Extra ‘Tools’ menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll

O9 - Extra button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll

O9 - Extra button: Wpis w blogu - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra ‘Tools’ menuitem: &Wpis w blogu w Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra ‘Tools’ menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: Zaznaczanie HP Smart - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O13 - Gopher Prefix:

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net … plugin.cab

O16 - DPF: {1E53EA77-34F2-474E-9046-B2B0C86F1821} (OggX Control) - http://www.eska.pl/streamplayers/OggX.ocx

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda … 3054121928

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup … 3054797661

O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/i … ection.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s … wflash.cab

O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://bok.plusgsm.pl/rnt/rnl/java/RntX.cab

O17 - HKLM\System\CCS\Services\Tcpip…{17FE983C-3C50-4B2E-8E09-EAFD8B44B768}: NameServer = 194.204.159.1 217.98.63.164

O17 - HKLM\System\CS1\Services\Tcpip…{17FE983C-3C50-4B2E-8E09-EAFD8B44B768}: NameServer = 194.204.159.1 217.98.63.164

O17 - HKLM\System\CS3\Services\Tcpip…{17FE983C-3C50-4B2E-8E09-EAFD8B44B768}: NameServer = 194.204.159.1 217.98.63.164

O17 - HKLM\System\CS5\Services\Tcpip…{17FE983C-3C50-4B2E-8E09-EAFD8B44B768}: NameServer = 194.204.159.1 217.98.63.164

O17 - HKLM\System\CS6\Services\Tcpip…{17FE983C-3C50-4B2E-8E09-EAFD8B44B768}: NameServer = 194.204.159.1 217.98.63.164

O17 - HKLM\System\CS8\Services\Tcpip…{17FE983C-3C50-4B2E-8E09-EAFD8B44B768}: NameServer = 194.204.159.1 217.98.63.164

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll

O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: lxcc_device - - C:\Windows\system32\lxcccoms.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

End of file - 9816 bytes