Na swoim komputerze mam zainstalowany system Vista.
Po przeskanowaniu przy pomocy AVG Antywirus okazalo sie ze mam dwa trojany roejsogp.dll oraz khfETkLf.dll
Usunąłem te trojany, ale przy uruchamianiu systemu pokazuje mi brak tych plikow.
Prosze o dobrą radę.
Pozdrawiam
Logfile of HijackThis v1.99.1
Scan saved at 09:36:46, on 2008-05-24
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\tb_eula\EULALauncher.exe
C:\Program Files\Toshiba\Toshiba Online Product Information\TOPI.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Users\INTERL~1\AppData\Local\Temp\Rar$EX28.519\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.pl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM…\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe”
O4 - HKLM…\Run: [igfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM…\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM…\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM…\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM…\Run: [iTSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM…\Run: [Desktop SMS] C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe /auto
O4 - HKLM…\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM…\Run: [Google Desktop Search] “C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe” /startup
O4 - HKLM…\Run: [toolbar_eula_launcher] c:\tb_eula\EULALauncher.exe
O4 - HKLM…\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
O4 - HKLM…\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM…\Run: [Camera Assistant Software] “C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe” /start
O4 - HKLM…\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM…\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM…\Run: [smoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM…\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM…\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
O4 - HKLM…\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU…\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU…\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU…\Run: [MSServer] rundll32.exe C:\Users\INTERL~1\AppData\Local\Temp\khfETkLf.dll,#1
O4 - HKCU…\Run: [cmds] rundll32.exe C:\Users\INTERL~1\AppData\Local\Temp\rqRhIARk.dll,c
O4 - HKCU…\Run: [94fe5a50] rundll32.exe “C:\Users\INTERL~1\AppData\Local\Temp\roejsogp.dll”,b
O4 - Startup: TRDCReminder.lnk = C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: eBay - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/4908-44618-9400-3/4 (file missing)
O9 - Extra button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/red … &site=home (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [iNTERNATIONAL] International*
O13 - Gopher Prefix:
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL,avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\Windows\system32\rpcnet.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
ComboFix 08-05-21.3 - interlinia 2008-05-24 10:36:37.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1250.1.1045.18.1104 [GMT 2:00]
Running from: C:\Users\interlinia\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\Google\googletoolbar1.dll
.
((((((((((((((((((((((((( Files Created from 2008-04-24 to 2008-05-24 )))))))))))))))))))))))))))))))
.
2008-05-24 08:44 . 2008-05-24 10:19 47,104 --a------ C:\Windows\System32\rpcnet.dll
2008-05-24 01:48 . 2008-05-24 01:49
2008-05-24 01:48 . 2008-05-24 01:48
2008-05-24 01:48 . 2008-05-24 01:48 96,520 --a------ C:\Windows\System32\drivers\avgldx86.sys
2008-05-24 01:48 . 2008-05-24 01:48 67,080 --a------ C:\Windows\System32\drivers\avgwfpx.sys
2008-05-24 01:48 . 2008-05-24 01:48 12,424 --a------ C:\Windows\System32\drivers\avgrkx86.sys
2008-05-24 01:48 . 2008-05-24 01:48 10,520 --a------ C:\Windows\System32\avgrsstx.dll
2008-05-24 00:47 . 2008-05-24 08:43 47,104 --a------ C:\Windows\System32\rpcnet.exe
2008-05-24 00:22 . 2008-05-24 08:28
2008-05-24 00:20 . 2008-05-24 01:48
2008-05-24 00:20 . 2008-05-24 01:48
2008-05-23 23:58 . 2008-05-23 23:58 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
2008-05-23 23:58 . 2008-05-23 23:58 194,560 --a------ C:\Windows\System32\WebClnt.dll
2008-05-23 23:58 . 2008-05-23 23:58 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys
2008-05-23 23:58 . 2008-05-23 23:58 41,984 --a------ C:\Windows\System32\drivers\monitor.sys
2008-05-23 23:56 . 2008-05-23 23:56 1,585,664 --a------ C:\Windows\System32\setupapi.dll
2008-05-23 23:55 . 2008-05-23 23:55 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-05-23 23:55 . 2008-05-23 23:55 2,027,008 --a------ C:\Windows\System32\win32k.sys
2008-05-23 23:55 . 2008-05-23 23:55 1,686,528 --a------ C:\Windows\System32\gameux.dll
2008-05-23 23:55 . 2008-05-23 23:55 296,448 --a------ C:\Windows\System32\gdi32.dll
2008-05-23 23:54 . 2008-05-23 23:54 148,992 --a------ C:\Windows\System32\drivers\ks.sys
2008-05-23 23:54 . 2008-05-23 23:54 83,968 --a------ C:\Windows\System32\dnsrslvr.dll
2008-05-23 23:54 . 2008-05-23 23:54 24,576 --a------ C:\Windows\System32\dnscacheugc.exe
2008-05-23 23:54 . 2008-05-23 23:54 11,776 --a------ C:\Windows\System32\sbunattend.exe
2008-05-23 23:50 . 2008-05-23 23:50 99,840 --a------ C:\Windows\System32\poqexec.exe
2008-05-23 23:49 . 2008-05-23 23:49 1,244,672 --a------ C:\Windows\System32\mcmde.dll
2008-05-23 23:48 . 2008-05-23 23:48
2008-05-23 23:24 . 2008-05-23 23:24 1,712,984 --a------ C:\Windows\System32\wuaueng.dll
2008-05-23 23:24 . 2008-05-23 23:24 1,524,224 --a------ C:\Windows\System32\wucltux.dll
2008-05-23 23:24 . 2008-05-23 23:24 549,720 --a------ C:\Windows\System32\wuapi.dll
2008-05-23 23:24 . 2008-05-23 23:24 163,000 --a------ C:\Windows\System32\wuwebv.dll
2008-05-23 23:24 . 2008-05-23 23:24 80,896 --a------ C:\Windows\System32\wudriver.dll
2008-05-23 23:24 . 2008-05-23 23:24 53,080 --a------ C:\Windows\System32\wuauclt.exe
2008-05-23 23:24 . 2008-05-23 23:24 43,352 --a------ C:\Windows\System32\wups2.dll
2008-05-23 23:24 . 2008-05-23 23:24 33,624 --a------ C:\Windows\System32\wups.dll
2008-05-23 23:24 . 2008-05-23 23:24 31,232 --a------ C:\Windows\System32\wuapp.exe
2008-05-23 22:57 . 2008-05-23 22:57 499,712 --a------ C:\Windows\System32\msvcp71.dll
2008-05-23 22:57 . 2008-05-23 22:57 348,160 --a------ C:\Windows\System32\msvcr71.dll
2008-05-23 22:53 . 2008-05-23 22:53
2008-05-23 22:53 . 2008-05-23 22:54
2008-05-23 22:53 . 2008-04-22 07:03 545 --a------ C:\Windows\UC.PIF
2008-05-23 22:53 . 2008-04-22 07:03 545 --a------ C:\Windows\RAR.PIF
2008-05-23 22:53 . 2008-04-22 07:03 545 --a------ C:\Windows\PKZIP.PIF
2008-05-23 22:53 . 2008-04-22 07:03 545 --a------ C:\Windows\PKUNZIP.PIF
2008-05-23 22:53 . 2008-04-22 07:03 545 --a------ C:\Windows\NOCLOSE.PIF
2008-05-23 22:53 . 2008-04-22 07:03 545 --a------ C:\Windows\LHA.PIF
2008-05-23 22:53 . 2008-04-22 07:03 545 --a------ C:\Windows\ARJ.PIF
2008-05-23 21:21 . 2008-05-23 21:21
2008-05-23 21:21 . 2008-05-23 21:21
2008-05-23 21:20 . 2008-05-23 21:20
2008-05-23 21:18 . 2008-05-23 21:21
2008-05-23 21:18 . 2008-05-23 21:21
2008-05-23 21:18 . 2008-05-23 21:21
2008-05-23 21:18 . 2008-05-23 21:21
2008-05-23 21:18 . 2008-05-23 21:21
2008-05-23 21:18 . 2008-05-23 21:21
2008-05-23 21:18 . 2008-05-23 23:50
2008-05-23 21:18 . 2006-11-02 14:37
2008-05-23 21:18 . 2008-05-23 21:18
2008-05-23 21:18 . 2008-05-23 21:21
2008-05-23 21:18 . 2008-05-23 21:18
2008-05-23 21:18 . 2008-05-23 21:18
2008-05-23 21:14 . 2008-05-23 21:14
2008-05-23 21:12 . 2008-05-23 21:12
2008-05-23 21:11 . 2008-05-23 21:21
2008-05-23 21:11 . 2008-05-23 21:21
2008-05-23 21:11 . 2008-05-23 21:12
2008-05-23 21:11 . 2006-11-29 13:06 3,426,072 --a------ C:\Windows\System32\d3dx9_32.dll
2008-05-23 21:11 . 2006-11-29 13:06 440,080 --a------ C:\Windows\System32\d3dx10.dll
2008-05-23 21:11 . 2008-01-21 15:42 285,184 --a------ C:\Windows\System32\drivers\tos_sps32.sys
2008-05-23 21:08 . 2008-05-23 21:08
2008-05-23 21:08 . 2007-12-17 11:45 18,432 --a------ C:\Windows\System32\drivers\UVCFTR_S.SYS
2008-05-23 21:08 . 2008-05-23 21:08 0 -rahs---- C:\Windows\System32\drivers\TOSHIBA_Satellite A300_06345-PL_PSAJ0E-00V00.MRK
2008-05-23 21:04 . 2008-05-23 21:04
2008-05-23 21:04 . 2008-05-23 21:04
2008-05-23 21:04 . 2007-10-24 11:02 936,472 --a------ C:\Windows\System32\imsmudlg.exe
2008-05-23 21:04 . 2008-05-23 21:04 0 --ah----- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01000.Wdf
2008-05-23 21:02 . 2008-05-24 08:40 17,408 --a------ C:\Windows\System32\rpcnetp.dll
2008-05-23 21:00 . 2008-05-24 10:19 17,408 --a------ C:\Windows\System32\rpcnetp.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-24 08:36 --------- d-----w C:\Program Files\Google
2008-05-23 22:10 --------- d-----w C:\Program Files\Java
2008-05-23 22:00 --------- d-----w C:\Program Files\Windows Sidebar
2008-05-23 22:00 --------- d-----w C:\Program Files\Windows Mail
2008-05-23 21:56 944,184 ----a-w C:\Windows\System32\winload.exe
2008-05-23 21:55 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-05-23 21:55 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-05-23 21:55 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-05-23 21:55 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-05-23 21:55 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-05-23 21:52 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-05-23 21:52 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-05-23 21:52 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-05-23 21:52 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-05-23 20:42 --------- d-----w C:\ProgramData\McAfee
2008-05-23 19:14 --------- d-sh–w C:\ProgramData\Ulubione
2008-05-23 19:14 --------- d-sh–w C:\ProgramData\Szablony
2008-05-23 19:14 --------- d-sh–w C:\ProgramData\Pulpit
2008-05-23 19:14 --------- d-sh–w C:\ProgramData\Menu Start
2008-05-23 19:14 --------- d-sh–w C:\ProgramData\Dokumenty
2008-05-23 19:14 --------- d-sh–w C:\ProgramData\Dane aplikacji
2008-05-23 19:12 --------- d–h--w C:\Program Files\InstallShield Installation Information
2008-05-23 19:12 --------- d-----w C:\Program Files\Toshiba
2008-05-23 19:04 --------- d-----w C:\Program Files\Intel
2008-03-05 10:16 174 --sha-w C:\Program Files\desktop.ini
2008-03-05 10:01 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-03-05 09:50 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2008-03-05 09:50 7,680 ----a-w C:\Windows\System32\spwmp.dll
2008-03-05 09:50 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2008-03-05 09:50 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2008-03-05 09:47 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2008-03-05 09:47 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2008-03-05 09:47 542,720 ----a-w C:\Windows\System32\sysmain.dll
2008-03-05 09:47 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2008-03-05 09:47 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2008-03-05 09:47 299,008 ----a-w C:\Windows\System32\wlansec.dll
2008-03-05 09:47 289,280 ----a-w C:\Windows\System32\wlanmsm.dll
2008-03-05 09:47 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2008-03-05 09:47 2,923,520 ----a-w C:\Windows\explorer.exe
2008-03-05 09:45 8,704 ----a-w C:\Windows\System32\hcrstco.dll
2008-03-05 09:45 8,704 ----a-w C:\Windows\System32\hccoin.dll
2008-03-05 09:43 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2008-03-05 09:43 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2008-03-05 09:43 2,048 ----a-w C:\Windows\System32\asferror.dll
2008-03-05 09:41 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-03-05 09:34 84,480 ----a-w C:\Windows\System32\INETRES.dll
2008-03-05 09:34 737,792 ----a-w C:\Windows\System32\inetcomm.dll
2008-03-05 09:32 563,200 ----a-w C:\Windows\System32\emdmgmt.dll
2008-03-05 09:22 750,080 ----a-w C:\Windows\System32\qmgr.dll
2008-03-05 09:17 8,192 ----a-w C:\Windows\System32\riched32.dll
2008-03-05 09:04 374,456 ----a-w C:\Windows\System32\mcupdate_GenuineIntel.dll
2008-03-05 09:03 2,048 ----a-w C:\Windows\System32\msxml3r.dll
2008-03-05 09:03 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
2008-03-05 09:02 86,016 ----a-w C:\Windows\System32\icfupgd.dll
2008-03-05 09:02 61,952 ----a-w C:\Windows\System32\cmifw.dll
2008-03-05 09:02 396,800 ----a-w C:\Windows\System32\MPSSVC.dll
2008-03-05 09:02 392,192 ----a-w C:\Windows\System32\FirewallAPI.dll
2008-03-05 09:02 178,688 ----a-w C:\Windows\System32\iphlpsvc.dll
2008-03-05 09:02 16,896 ----a-w C:\Windows\System32\wfapigp.dll
2008-03-05 08:57 57,856 ----a-w C:\Windows\System32\SLUINotify.dll
2008-03-05 08:57 566,784 ----a-w C:\Windows\System32\SLCommDlg.dll
2008-03-05 08:57 39,936 ----a-w C:\Windows\System32\slcinst.dll
2008-03-05 08:57 351,232 ----a-w C:\Windows\System32\SLUI.exe
2008-03-05 08:57 33,280 ----a-w C:\Windows\System32\slwmi.dll
2008-03-05 08:57 268,288 ----a-w C:\Windows\System32\mcbuilder.exe
2008-03-05 08:57 223,232 ----a-w C:\Windows\System32\SLC.dll
2008-03-05 08:57 2,605,568 ----a-w C:\Windows\System32\SLsvc.exe
2008-03-05 08:57 186,368 ----a-w C:\Windows\System32\SLLUA.exe
2008-03-05 08:55 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
2008-03-05 08:54 2,048 ----a-w C:\Windows\System32\msxml6r.dll
2008-03-05 08:54 1,335,296 ----a-w C:\Windows\System32\msxml6.dll
2008-03-05 08:49 146,944 ----a-w C:\Windows\System32\MMDevAPI.dll
2008-03-05 08:47 474,624 ----a-w C:\Windows\System32\evr.dll
2008-03-05 08:47 39,936 ----a-w C:\Windows\System32\dwmapi.dll
2008-03-05 08:47 2,014,720 ----a-w C:\Windows\System32\milcore.dll
2008-03-05 08:39 36,864 ----a-w C:\Windows\System32\wmdmps.dll
2008-03-05 08:39 311,296 ----a-w C:\Windows\System32\mswmdm.dll
2008-03-05 08:39 31,744 ----a-w C:\Windows\System32\wmdmlog.dll
2008-03-05 08:38 974,336 ----a-w C:\Windows\System32\crypt32.dll
2008-03-05 08:37 5,120 ----a-w C:\Windows\System32\wmi.dll
2008-03-05 08:37 152,576 ----a-w C:\Windows\System32\imagehlp.dll
2008-03-05 08:35 104,448 ----a-w C:\Windows\System32\DWWIN.EXE
2008-03-05 08:34 49,664 ----a-w C:\Windows\System32\csrsrv.dll
2008-03-05 08:34 376,320 ----a-w C:\Windows\System32\winsrv.dll
2008-03-05 08:32 160,872 ----a-w C:\Windows\System32\halmacpi.dll
2008-03-05 08:32 134,760 ----a-w C:\Windows\System32\halacpi.dll
2008-03-05 08:30 229,888 ----a-w C:\Windows\System32\msshsq.dll
2008-03-05 08:29 292,352 ----a-w C:\Windows\System32\psisdecd.dll
2008-03-05 08:27 414,208 ----a-w C:\Windows\System32\msscp.dll
2008-03-05 08:26 87,040 ----a-w C:\Windows\System32\msoert2.dll
2008-03-05 08:26 39,424 ----a-w C:\Windows\System32\ACCTRES.dll
2008-03-05 08:26 205,824 ----a-w C:\Windows\System32\msoeacct.dll
2008-03-05 08:24 633,856 ----a-w C:\Windows\System32\user32.dll
.
------- Sigcheck -------
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE~\Browser Helper Objects{A057A204-BACC-4D26-9990-79A187E2698E}]
2008-05-24 01:48 2051328 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
“{A057A204-BACC-4D26-9990-79A187E2698E}”= “C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL” [2008-05-24 01:48 2051328]
[HKEY_CLASSES_ROOT\clsid{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
“{A057A204-BACC-4D26-9990-79A187E2698E}”= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-05-24 01:48 2051328]
[HKEY_CLASSES_ROOT\clsid{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“Sidebar”=“C:\Program Files\Windows Sidebar\sidebar.exe” [2008-05-23 23:54 1232896]
“TOSCDSPD”=“C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe” [2007-12-29 10:06 430080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe” [2008-02-22 04:25 144784]
“IgfxTray”=“C:\Windows\system32\igfxtray.exe” [2008-01-25 10:00 141848]
“HotKeysCmds”=“C:\Windows\system32\hkcmd.exe” [2008-01-25 10:00 154136]
“Persistence”=“C:\Windows\system32\igfxpers.exe” [2008-01-25 10:00 129560]
“NDSTray.exe”=“NDSTray.exe” []
“ITSecMng”=“C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe” [2007-09-28 17:03 75136]
“Desktop SMS”=“C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe” [2007-06-18 11:51 1507328]
“Picasa Media Detector”=“C:\Program Files\Picasa2\PicasaMediaDetector.exe” [2006-12-06 03:44 366400]
“Google Desktop Search”=“C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe” [2008-03-05 13:54 1836544]
“toolbar_eula_launcher”=“c:\tb_eula\EULALauncher.exe” [2008-02-20 18:55 21504]
“topi”=“C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe” [2007-07-10 10:24 581632]
“SynTPEnh”=“C:\Program Files\Synaptics\SynTP\SynTPEnh.exe” [2007-11-29 18:58 1029416]
“Camera Assistant Software”=“C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe” [2007-10-25 17:41 413696]
“TPwrMain”=“C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE” [2008-01-17 16:27 431456]
“HSON”=“C:\Program Files\TOSHIBA\TBS\HSON.exe” [2007-10-31 23:01 54608]
“SmoothView”=“C:\Program Files\Toshiba\SmoothView\SmoothView.exe” [2008-01-25 11:22 509816]
“00TCrdMain”=“C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe” [2008-01-22 14:25 712704]
“Toshiba Registration”=“C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe” [2007-05-04 12:05 571024]
“AVG8_TRAY”=“C:\PROGRA~1\AVG\AVG8\avgtray.exe” [2008-05-24 01:48 1177368]
C:\Users\interlinia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe [2007-07-27 11:30:22 389120]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 03:48:00 40048]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 02:01:00 734872]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
“msacm.dvacm”= C:\PROGRA~1\COMMON~1\ULEADS~1\vio\dvacm.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
“DisableMonitoring”=dword:00000001
[HKLM~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
“TCP Query User{129D9CC3-73FF-4010-A3DB-8CA5A6DCDFF0}C:\program files\internet explorer\iexplore.exe”= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
“UDP Query User{F934BF14-9F9F-4499-B06F-B4931E00EB79}C:\program files\internet explorer\iexplore.exe”= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
“{D0841483-C7B6-4DA0-BEBF-6917151A1E58}”= C:\Program Files\AVG\AVG8\avgupd.exe:avgupd.exe
“{FC9C45E2-2704-49B5-9E85-7115F969DF87}”= C:\Program Files\AVG\AVG8\avgemc.exe:avgemc.exe
“{D985F92D-E2E0-49F6-9774-7C710F3E2796}”= C:\Program Files\AVG\AVG8\avgnsx.exe:avgnsx.exe
[HKLM~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
“DFSR-1”= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R0 AvgRkx86;avgrkx86.sys;C:\Windows\system32\Drivers\avgrkx86.sys [2008-05-24 01:48]
R0 tos_sps32;TOSHIBA tos_sps32 Service;C:\Windows\system32\DRIVERS\tos_sps32.sys [2008-01-21 15:42]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\Windows\system32\Drivers\avgldx86.sys [2008-05-24 01:48]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-05-24 01:48]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-05-24 01:48]
R2 ConfigFree Service;ConfigFree Service;“C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe” [2007-12-25 14:07]
R2 TNaviSrv;TOSHIBA Navi Support Service;C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe [2008-01-21 16:54]
R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service;c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2007-09-28 17:05]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;“C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe” [2007-12-03 17:03]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-10-17 23:36]
R3 AvgWfpX;AVG8 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfpx.sys [2008-05-24 01:48]
R3 CnxtHdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service;C:\Windows\system32\drivers\CHDART.sys [2008-02-01 12:46]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-09-13 15:23]
R3 O2MDRDR;O2MDRDR;C:\Windows\system32\DRIVERS\o2media.sys [2008-01-15 11:34]
R3 QIOMem;Generic IO & Memory Access;C:\Windows\system32\DRIVERS\QIOMem.sys [2007-04-09 17:13]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver;C:\Windows\system32\DRIVERS\tdcmdpst.sys [2006-10-18 12:50]
R3 tosrfec;Bluetooth ACPI;C:\Windows\system32\DRIVERS\tosrfec.sys [2006-10-23 17:32]
R3 UVCFTR;UVCFTR;C:\Windows\system32\Drivers\UVCFTR_S.SYS [2007-12-17 11:45]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-06 11:51]
S3 athr;Sterownik urządzenia rozszerzalnej bezprzewodowej sieci LAN Atheros;C:\Windows\system32\DRIVERS\athr.sys [2006-11-02 09:30]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;C:\Windows\system32\drivers\IntcHdmi.sys [2007-06-06 16:21]
*Newly Created Service* - CATCHME
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-24 10:38:29
Windows 6.0.6000 NTFS
scanning hidden processes …
scanning hidden autostart entries …
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i???`?1h?$???(???h???
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-05-24 10:39:05
ComboFix-quarantined-files.txt 2008-05-24 08:39:02
Pre-Run: 102,624,231,424 bajtów wolnych
Post-Run: 102,415,675,392 bajtów wolnych
284 — E O F — 2008-05-23 21:59:01