Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:04:53, on 2008-10-12
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\AutoConnect\AutoConnect.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\BearShare\BearShare.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Alwil Software\Avast4\ashSimp2.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = neostrada tp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\2.bin\MGSBAR.DLL
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\2.bin\MGSBAR.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM…\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM…\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM…\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\GestMaj.exe TaskBarIcon.exe
O4 - HKLM…\Run: [bearShare] “C:\Program Files\BearShare\BearShare.exe” /pause
O4 - HKLM…\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM…\Run: [ASUSGamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
O4 - HKLM…\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM…\Run: [securDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM…\Run: [inCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM…\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM…\Run: [Onet.pl AutoUpdate] “C:\Program Files\Common Files\Onet.pl\NewAutoUpdate.exe” /updateexetsr
O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe”
O4 - HKLM…\Run: [WinampAgent] “C:\Program Files\Winamp\winampa.exe”
O4 - HKLM…\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM…\Run: [iSUSScheduler] “C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe” -start
O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
O4 - HKLM…\Run: [systemProtect2] “C:\Program Files\Nowe Media\Strażnik Ucznia\syslock.exe”
O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU…\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe
O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray
O4 - HKCU…\Run: [iDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU…\Run: [DAEMON Tools Lite] “C:\Program Files\DAEMON Tools Lite\daemon.exe” -autorun
O4 - HKCU…\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA LOKALNA’)
O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’)
O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Ściągnij przez IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Ściągnij wszystkie linki przez IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Ściągnij zawartość wideo FLV przez IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra ‘Tools’ menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows … 2426340139
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso … 2426483701
O17 - HKLM\System\CCS\Services\Tcpip…{96AA23F2-6883-4F44-8AC7-C1F75D05C1D2}: NameServer = 194.204.159.1 217.98.63.164
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
–
End of file - 10759 bytes
ComboFix 08-10-11.04 - Dom 2008-10-12 17:10:50.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1045.18.1473 [GMT 2:00]
Uruchomiony z: C:\Documents and Settings\Dom\Moje dokumenty\Downloads\Programs\ComboFix.exe
* Utworzono nowy punkt przywracania
UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\FBrowserAdvisor
C:\Program Files\FBrowsingAdvisor
C:\Program Files\FBrowsingAdvisor\IXPCOMEvents.xpt
C:\Program Files\FBrowsingAdvisor\Logo.png
C:\Program Files\FBrowsingAdvisor\main.db
C:\Program Files\FBrowsingAdvisor\unins000.dat
C:\Program Files\FBrowsingAdvisor\unins000.exe
C:\Program Files\Mozilla Firefox\plugins\NPMyGlSh.dll
C:\Program Files\myglobalsearch
C:\Program Files\myglobalsearch\bar\2.bin\M9FFXTBR.JAR
C:\Program Files\myglobalsearch\bar\2.bin\M9FFXTBR.MANIFEST
C:\Program Files\myglobalsearch\bar\2.bin\M9NTSTBR.JAR
C:\Program Files\myglobalsearch\bar\2.bin\M9NTSTBR.MANIFEST
C:\Program Files\myglobalsearch\bar\2.bin\M9PLUGIN.DLL
C:\Program Files\myglobalsearch\bar\2.bin\MGSBAR.DLL
C:\Program Files\myglobalsearch\bar\2.bin\NPMYGLSH.DLL
C:\Program Files\myglobalsearch\bar\Cache\00B9C242.Bg
C:\Program Files\myglobalsearch\bar\Cache\00B9C782
C:\Program Files\myglobalsearch\bar\Cache\00B9CBE7.bin
C:\Program Files\myglobalsearch\bar\Cache\00B9D4D0.bin
C:\Program Files\myglobalsearch\bar\Cache\00B9D935.bin
C:\Program Files\myglobalsearch\bar\Cache\files.ini
C:\Program Files\myglobalsearch\bar\History\search
C:\Program Files\myglobalsearch\bar\Settings\prevcfg.htm
C:\Program Files\PlayMP3z
C:\Program Files\PlayMP3z\uninstall.exe
C:\WINDOWS\OPTIONS\CABS_desktop.ini
C:\WINDOWS\system32\setup.ini
.
((((((((((((((((((((((((( Pliki utworzone od 2008-09-12 do 2008-10-12 )))))))))))))))))))))))))))))))
.
2008-10-12 17:04 . 2008-10-12 17:04
2008-10-12 13:16 . 2008-10-12 13:18
2008-10-11 15:38 . 2008-10-11 15:38
2008-10-09 21:44 . 2008-10-12 14:19
2008-10-09 21:40 . 2008-10-09 21:40
2008-10-08 16:18 . 2008-10-08 16:18
2008-10-07 16:21 . 2008-10-07 16:21 30,527 —h----- C:\WINDOWS\system32\midwrap3402.deu
2008-09-30 15:36 . 2008-10-11 12:02
2008-09-30 15:36 . 2008-10-01 15:17
2008-09-30 15:36 . 2008-10-12 17:12
2008-09-29 15:46 . 2008-10-12 17:09 35 --a------ C:\WINDOWS\vidplaylist.ini
2008-09-28 20:31 . 2008-09-28 20:31
2008-09-27 18:54 . 2008-09-27 18:58
2008-09-27 18:36 . 2008-09-27 19:13
2008-09-27 10:35 . 2008-09-27 10:35
2008-09-27 10:03 . 2008-09-27 18:43
2008-09-13 21:22 . 2008-10-12 13:33
2008-09-13 20:15 . 2008-09-13 21:06
2008-09-13 14:56 . 2008-09-13 14:56 515 --a------ C:\WINDOWS\eReg.dat
2008-09-13 10:45 . 2008-09-13 10:46
2008-09-12 18:43 . 2008-09-12 18:43 171,520 --a------ C:\WINDOWS\system32\cncs32.dll
2008-09-12 18:43 . 2008-09-12 18:43 18 --a------ C:\WINDOWS\gfact.ini
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-12 12:43 --------- d-----w C:\Program Files\BearShare
2008-10-12 12:13 --------- d-----w C:\Program Files\AutoConnect
2008-10-12 11:33 --------- d-----w C:\Program Files\neostrada tp
2008-10-11 21:44 196,608 ----a-w C:\WINDOWS\system32\drivers\nStandard.bin
2008-10-11 14:12 --------- d-----w C:\Program Files\Java
2008-10-11 14:03 --------- d–h--w C:\Program Files\InstallShield Installation Information
2008-10-11 09:04 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Microsoft Help
2008-10-07 12:57 560 —ha-w C:\WINDOWS\Fonts\SWFont9.fnt
2008-10-07 12:57 560 ----a-w C:\Program Files\Global.sw
2008-10-01 15:12 --------- d-----w C:\Program Files\Gadu-Gadu
2008-09-29 14:05 --------- d-----w C:\Program Files\Winamp
2008-09-27 20:28 --------- d-----w C:\Program Files\Sjboy Emulator
2008-09-27 08:04 --------- d-----w C:\Program Files\KaraFun
2008-09-27 08:00 --------- d-----w C:\Program Files\Passware
2008-09-27 07:59 --------- d-----w C:\Program Files\Lavasoft
2008-09-24 15:46 --------- d-----w C:\Program Files\Opera
2008-09-13 19:37 --------- d-----w C:\Program Files\VVSN
2008-09-13 19:06 --------- d-----w C:\Program Files\Sunbelt Software
2008-09-13 18:25 10,035 ----a-w C:\WINDOWS\system32\drivers\kwflower.log
2008-09-13 18:24 5,709 ----a-w C:\WINDOWS\system32\drivers\kwfupper.log
2008-09-13 12:03 --------- d-----w C:\Documents and Settings\Dom\Dane aplikacji\Desktop Sidebar
2008-09-12 10:44 206,256 ----a-w C:\WINDOWS\system32\idmmbc.dll
2008-09-11 19:54 --------- d-----w C:\Program Files\Ontrack
2008-09-11 18:23 --------- d-----w C:\Program Files\Jufsoft
2008-09-04 19:56 --------- d-----w C:\Program Files\Deluxe Ski Jump 3
2008-08-30 13:09 --------- d-----w C:\Program Files\GameTop.com
2008-08-30 06:39 --------- d-----w C:\Program Files\Cyanide
2008-08-30 06:38 --------- d-----w C:\Program Files\Desktop Sidebar
2008-08-29 10:50 --------- d-----w C:\Program Files\SopCast
2008-08-29 10:49 --------- d-----w C:\Program Files\Common Files\Onet.pl
2008-08-28 07:18 --------- d-----w C:\Program Files\Real Alternative
2008-08-28 07:18 --------- d-----w C:\Program Files\Media Player Classic
2008-08-27 20:09 --------- d-----w C:\Program Files\ALLPlayer
2008-08-26 15:07 --------- d-----w C:\Program Files\Iometer.org
2008-08-25 18:57 --------- d-----w C:\Documents and Settings\Dom\Dane aplikacji\TrueCrypt
2008-08-17 16:14 278,984 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys
2008-08-17 16:01 --------- d—a-w C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\TEMP
2008-08-17 14:00 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Codemasters
2008-07-24 19:38 444,952 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2008-07-24 19:38 109,080 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-07-24 19:38 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-18 12:08 737,280 ----a-w C:\WINDOWS\iun6002.exe
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2008-04-14 15360]
“AutoConnect”=“C:\Program Files\AutoConnect\AutoConnect.exe” [2004-08-28 295424]
“Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2008-09-17 2127296]
“IDMan”=“C:\Program Files\Internet Download Manager\IDMan.exe” [2008-09-12 2606512]
“DAEMON Tools Lite”=“C:\Program Files\DAEMON Tools Lite\daemon.exe” [2008-02-14 486856]
“SpybotSD TeaTimer”=“C:\Program Files\Spybot - Search Destroy\TeaTimer.exe” [2008-09-16 1833296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2008-07-19 78008]
“WOOWATCH”=“C:\PROGRA~1\NEOSTR~1\Watch.exe” [2004-08-23 20480]
“WOOTASKBARICON”=“C:\PROGRA~1\NEOSTR~1\GestMaj.exe” [2004-10-14 32768]
“BearShare”=“C:\Program Files\BearShare\BearShare.exe” [2006-08-01 3313664]
“StartCCC”=“C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe” [2006-11-10 90112]
“ASUSGamerOSD”=“C:\Program Files\ASUS\GamerOSD\GamerOSD.exe” [2007-08-28 380928]
“NeroFilterCheck”=“C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe” [2007-03-01 153136]
“SecurDisc”=“C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe” [2007-05-15 1628208]
“InCD”=“C:\Program Files\Nero\Nero 7\InCD\InCD.exe” [2007-05-15 1057328]
“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe” [2008-06-10 144784]
“WinampAgent”=“C:\Program Files\Winamp\winampa.exe” [2008-08-04 36352]
“ISUSPM Startup”=“C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe” [2004-04-17 196608]
“ISUSScheduler”=“C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe” [2004-04-13 69632]
“Adobe Reader Speed Launcher”=“C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe” [2008-01-11 39792]
“AdslTaskBar”=“stmctrl.dll” [2006-06-02 C:\WINDOWS\system32\stmctrl.dll]
“RTHDCPL”=“RTHDCPL.EXE” [2008-05-16 C:\WINDOWS\RTHDCPL.exe]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
“VIDC.YV12”= yv12vfw.dll
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=
“D:\Program Files\BearShare\BearShare.exe”=
“%windir%\Network Diagnostic\xpnetdiag.exe”=
“C:\Program Files\wLite\wLite.exe”=
“C:\Program Files\BitComet\BitComet.exe”=
“C:\WINDOWS\system32\dplaysvr.exe”=
“D:\games\RedFaction\RedFaction.exe”=
“D:\games\RedFaction\rf.exe”=
“D:\Program Files\GSC Game World\Kozacy II\Data\engine.exe”=
“D:\Program Files\THQ\MX vs ATV Unleashed\MXvsATV.exe”=
“D:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe”=
“C:\Program Files\Gadu-Gadu\gg.exe”=
“C:\Program Files\Java\jre1.6.0_06\bin\javaw.exe”=
“C:\WINDOWS\system32\dpnsvr.exe”=
“C:\Program Files\Gadu-Gadu\ggphone\ggphone.exe”=
“C:\Documents and Settings\Dom\Pulpit\Programy-GRY\MySpaceMp3Gopher.exe”=
“C:\Program Files\BearShare\BearShare.exe”=
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
“24354:TCP”= 24354:TCP:BitComet 24354 TCP
“24354:UDP”= 24354:UDP:BitComet 24354 UDP
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 HWiNFO32;HWiNFO32 Kernel Driver;D:\Program Files\HWiNFO32\HWiNFO32.SYS [2006-06-07 7296]
R3 asusgsb;ASUS Virtual Video Capture Device Driver;C:\WINDOWS\system32\drivers\asusgsb.sys [2007-08-28 12416]
R3 Stmatm;ATM/ADSL miniport;C:\WINDOWS\system32\DRIVERS\stmatm.sys [2003-08-12 60255]
R3 TaurusUsb;ADSL Modem USB Service;C:\WINDOWS\system32\DRIVERS\torususb.sys [2006-05-25 684265]
R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys [2007-08-28 10752]
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
-
-
-
- USUNIĘTO PUSTE WPISY - - - -
HKLM-Run-Onet.pl AutoUpdate - C:\Program Files\Common Files\Onet.pl\NewAutoUpdate.exe
HKLM-Run-SystemProtect2 - C:\Program Files\Nowe Media\Strażnik Ucznia\syslock.exe
.
------- Skan uzupełniający -------
.
FireFox -: Profile - C:\Documents and Settings\Dom\Dane aplikacji\Mozilla\Firefox\Profiles\7mlbh9al.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.wp.pl
FF -: plugin - C:\Program Files\Microsoft Silverlight\2.0.30523.8\npctrl.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPCARDS.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPDOMINO.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npganymedenet.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPMyGlSh.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPNAVY.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPPIRATE.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPSLOTS70.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPSOCCER.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPSUDOKU.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPWORDS.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPWORDSSINGLE.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPZoneSB.dll
FF -: plugin - C:\Program Files\Opera\program\plugins\npdivx32.dll
FF -: plugin - C:\Program Files\Opera\program\plugins\npganymedenet.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-12 17:12:21
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
skanowanie ukrytych procesów …
skanowanie ukrytych wpisów autostartu …
skanowanie ukrytych plików …
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
Czas ukończenia: 2008-10-12 17:13:18
ComboFix-quarantined-files.txt 2008-10-12 15:13:11
Przed: 2 245 013 504 bajtów wolnych
Po: 2,248,400,896 bajtów wolnych
220 — E O F — 2008-09-13 13:19:59
O to chodzi?