Oto moje logi - proszę o sprawdzenie bo jestem zielony w tych sprawach, a i mam pytanie: koledzy/koleżanki na jakiej podstawie odczytujecie co jest nie pożądane w danym logu?
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 21:00:02, on 2007-11-11
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Kalendarz XP\Kalendarz.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Daniel\Pulpit\HiJackThis_v2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7F4923DC-1E8D-42E0-8645-AE3023910442} - (no file)
O3 - Toolbar: Copernic Desktop Search 2 - {968631B6-4729-440D-9BF4-251F5593EC9A} - C:\Program Files\Copernic Desktop Search 2\DesktopSearchBand201013011.dll
O4 - HKLM…\Run: [s3TRAY2] S3Tray2.exe
O4 - HKLM…\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,BluetoothAuthenticationAgent
O4 - HKLM…\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM…\Run: [TpShocks] TpShocks.exe
O4 - HKLM…\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM…\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM…\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM…\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe”
O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\QTTask.exe” -atboottime
O4 - HKLM…\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM…\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU…\Run: [Copernic Desktop Search 2] “C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe” /tray
O4 - HKCU…\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe”
O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘USŁUGA LOKALNA’)
O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’)
O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’)
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kalendarz XP.lnk = C:\Program Files\Kalendarz XP\Kalendarz.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virus … nicode.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar … vSniff.cab
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - http://www-307.ibm.com/pc/support/acpir.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows … 0300118009
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar … /cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso … 0301053237
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s … wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip…{AA508C7F-8739-4882-932E-CBD63A054301}: NameServer = 10.0.4.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Moduł wstępnego ładowania interfejsu Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Demon buforu kategorii składników - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
–
End of file - 8584 bytes
ComboFix 07-11-08.1 - Daniel 2007-11-11 20:43:20.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.541 [GMT 1:00]
Running from: C:\Documents and Settings\Daniel\Pulpit\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\ffeeg.ini
C:\WINDOWS\system32\ffeeg.ini2
C:\WINDOWS\system32\ffeeg.tmp
C:\WINDOWS\system32\geeff.dll
C:\WINDOWS\system32\rttss.bak1
C:\WINDOWS\system32\rttss.bak2
C:\WINDOWS\system32\rttss.ini
.
((((((((((((((((((((((((( Files Created from 2007-10-11 to 2007-11-11 )))))))))))))))))))))))))))))))
.
2007-11-11 20:41 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-11 16:07 206 --a------ C:\WINDOWS\system32\eeecaf5_r.dll
2007-11-08 21:44
2007-11-08 00:06
2007-11-06 19:24
2007-11-06 19:11
2007-11-06 19:11
2007-11-06 19:11
2007-11-06 19:11
2007-11-06 18:02
2007-11-06 17:48
2007-11-06 17:43
2007-11-06 17:43
2007-11-06 17:42
2007-11-06 17:42
2007-11-06 08:37 227,592 --a------ C:\WINDOWS\system32\PDBoot.exe
2007-11-06 08:16 7,012 --a------ C:\WINDOWS\system32\drivers\pmemnt.sys
2007-11-06 08:15
2007-11-06 08:15 32,256 --a------ C:\WINDOWS\system32\drivers\psasrv.exe
2007-11-06 08:13
2007-11-02 16:12
2007-11-01 21:21
2007-11-01 11:08
2007-10-28 20:27
2007-10-28 20:27 815,480 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-10-28 20:27 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-10-28 20:27 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-10-28 20:27 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-10-28 20:27 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-10-28 20:27 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-10-28 20:27 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-10-28 11:31 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2007-10-25 19:47
2007-10-25 19:46 28,672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys
2007-10-25 17:31
2007-10-25 17:31
2007-10-24 08:33
2007-10-24 08:08
2007-10-24 08:08
2007-10-24 08:07
2007-10-22 12:09
2007-10-22 10:42 51,552 --a------ C:\Documents and Settings\Daniel\Dane aplikacji\GDIPFONTCACHEV1.DAT
2007-10-22 09:16
2007-10-22 09:16
2007-10-22 09:10
2007-10-22 09:09
2007-10-22 09:09
2007-10-22 09:09 34,304 --a------ C:\WINDOWS\system32\khfccdd.dll.vir
2007-10-22 05:33 68,624 --a------ C:\WINDOWS\system32\drivers\DefragFs.sys
2007-10-15 14:53
2007-10-15 14:52
2007-10-15 14:52
2007-10-15 14:03
2007-10-15 14:03
2007-10-15 14:02
2007-10-15 14:00
2007-10-15 12:26
2007-10-15 11:11
2007-10-15 11:05
2007-10-15 11:05 124,928 --a------ C:\WINDOWS\system32\hlvdd.dll
2007-10-15 11:05 17,408 --a------ C:\WINDOWS\system32\drivers\aksusb.sys
2007-10-15 11:04
2007-10-15 11:04 284,160 --a------ C:\WINDOWS\unin0415.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-11 15:24 --------- d-----w C:\Program Files\jv16 PowerTools 2007
2007-11-11 15:19 --------- d-----w C:\Documents and Settings\Daniel\Dane aplikacji\uTorrent
2007-11-11 12:09 --------- d-----w C:\Program Files\Kalendarz XP
2007-11-06 18:25 47 ----a-w C:\WINDOWS\system32\drivers\IBM_2373_SA1.MRK
2007-11-06 18:24 --------- d-----w C:\Program Files\Lenovo
2007-11-06 07:15 36,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-11-06 07:15 17,536 ----a-w C:\WINDOWS\system32\drivers\psadd.sys
2007-10-07 12:22 --------- d-----w C:\Program Files\activePDF
2007-10-05 19:46 --------- d-----w C:\Program Files\Google
2007-10-03 18:30 --------- d-----w C:\Program Files\Java
2007-10-03 18:30 --------- d-----w C:\Program Files\Common Files\Java
2007-10-02 09:17 --------- d-----w C:\Documents and Settings\Daniel\Dane aplikacji\Ahead
2007-10-02 09:14 --------- d-----w C:\Program Files\Nero
2007-10-02 09:14 --------- d-----w C:\Program Files\Common Files\Ahead
2007-10-02 09:02 --------- d-----w C:\Documents and Settings\Daniel\Dane aplikacji\Mathsoft
2007-10-02 08:58 --------- d-----w C:\Program Files\Mathsoft
2007-10-02 08:56 --------- d-----w C:\Program Files\MSXML 4.0
2007-10-02 08:54 --------- d-----w C:\Program Files\DAEMON Tools
2007-10-02 08:41 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-10-02 08:38 --------- d-----w C:\Program Files\RAMA WIN
2007-10-02 08:24 47,616 ----a-w C:\WINDOWS\system32\drivers\Haspnt.sys
2007-10-02 08:24 461,824 ----a-w C:\WINDOWS\system32\drivers\hardlock.sys
2007-10-02 08:22 --------- d-----w C:\Program Files\ROBOT Structural Office
2007-10-02 08:22 --------- d-----w C:\Program Files\Common Files\RoboBAT
2007-10-02 08:04 --------- d-----w C:\Program Files\Autodesk
2007-10-02 08:04 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Macrovision
2007-10-02 08:03 54,784 ----a-w C:\WINDOWS\system32\drivers\CDAC11BA.EXE
2007-10-02 08:03 12,464 ----a-w C:\WINDOWS\system32\drivers\CDAC15BA.SYS
2007-10-02 08:03 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2007-10-02 08:03 --------- d-----w C:\Program Files\AnswerWorks 4.0
2007-10-02 08:02 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2007-10-02 08:02 --------- d-----w C:\Program Files\AutoCAD 2004
2007-10-02 08:02 --------- d-----w C:\Documents and Settings\Daniel\Dane aplikacji\Autodesk
2007-10-02 08:02 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Autodesk
2007-10-02 07:56 --------- d-----w C:\Program Files\xp-AntiSpy_polish
2007-10-01 13:10 --------- d-----w C:\Documents and Settings\Daniel\Dane aplikacji\VoipDiscount
2007-10-01 13:09 --------- d-----w C:\Program Files\VoipDiscount.com
2007-09-28 15:29 103,472 ----a-w C:\WINDOWS\system32\drivers\ApsX86.sys
2007-09-28 15:28 19,504 ----a-w C:\WINDOWS\system32\drivers\ApsHM86.sys
2007-09-25 21:06 --------- d-----w C:\Program Files\CCleaner
2007-09-22 20:34 --------- d-----w C:\Documents and Settings\Daniel\Dane aplikacji\Gadu-Gadu
2007-09-22 20:32 --------- d-----w C:\Program Files\Gadu-Gadu
2007-09-22 20:04 --------- d-----w C:\Program Files\WapSter
2007-09-22 20:00 --------- d-----w C:\Program Files\Common Files\Raxco
2007-09-22 20:00 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Raxco
2007-09-22 19:59 --------- d-----w C:\Program Files\RAXCO
2007-09-22 19:58 --------- d-----w C:\Program Files\uTorrent
2007-09-22 19:53 --------- d-----w C:\Program Files\Copernic Desktop Search 2
2007-09-22 19:47 --------- d-----w C:\Program Files\CD Catalog Expert
2007-09-22 19:32 --------- d-----w C:\Program Files\Mozilla Thunderbird
2007-09-22 19:32 --------- d-----w C:\Documents and Settings\Daniel\Dane aplikacji\Thunderbird
2007-09-22 19:32 --------- d-----w C:\Documents and Settings\Daniel\Dane aplikacji\Talkback
2007-09-22 18:19 --------- d-----w C:\Program Files\MozBackup
2007-09-22 18:04 --------- d-----w C:\Program Files\Common Files\Adobe
2007-09-21 10:34 --------- d-----w C:\Program Files\MSXML 6.0
2007-09-20 22:29 --------- d-----w C:\Program Files\MSBuild
2007-09-20 22:26 --------- d-----w C:\Program Files\Reference Assemblies
2007-09-20 22:25 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-09-20 21:42 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-09-20 20:52 --------- d-----w C:\Program Files\Synaptics
2007-09-20 20:52 --------- d-----w C:\Program Files\ltmoh
2007-09-20 20:34 --------- d-----w C:\Program Files\PCDR5
2007-09-20 20:34 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\PC-Doctor
2007-09-20 20:22 --------- d-----w C:\Program Files\ThinkPad
2007-09-20 20:21 --------- d-----w C:\Program Files\ATI Technologies
2007-09-19 21:20 21,275 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2007-09-19 21:20 --------- d–h--w C:\Program Files\InstallShield Installation Information
2007-09-19 21:20 --------- d-----w C:\Program Files\Common Files\InstallShield
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE~\Browser Helper Objects{7F4923DC-1E8D-42E0-8645-AE3023910442}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“S3TRAY2”=“S3Tray2.exe” [2001-10-11 22:32 C:\WINDOWS\system32\S3Tray2.exe]
“BluetoothAuthenticationAgent”=“bthprops.cpl” [2004-08-04 00:44 C:\WINDOWS\system32\bthprops.cpl]
“ATIPTA”=“C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe” [2007-02-06 21:00]
“TpShocks”=“TpShocks.exe” [2007-09-28 13:28 C:\WINDOWS\system32\TpShocks.exe]
“TPHOTKEY”=“C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe” [2007-03-09 14:49]
“AGRSMMSG”=“AGRSMMSG.exe” [2003-06-27 08:53 C:\WINDOWS\AGRSMMSG.exe]
“SynTPLpr”=“C:\Program Files\Synaptics\SynTP\SynTPLpr.exe” [2007-08-10 18:30]
“SynTPEnh”=“C:\Program Files\Synaptics\SynTP\SynTPEnh.exe” [2007-08-10 18:30]
“NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2005-09-25 19:11]
“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe” [2007-09-25 01:11]
“QuickTime Task”=“C:\Program Files\QuickTime\QTTask.exe” [2007-06-29 06:24]
“EZEJMNAP”=“C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe” [2007-04-27 02:33]
“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-10-25 17:20]
“TVT Scheduler Proxy”=“C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe” [2007-08-01 11:07]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 00:44]
“Copernic Desktop Search 2”=“C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe” [2007-08-01 20:26]
“BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}”=“C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe” [2005-09-25 19:11]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
Kalendarz XP.lnk - C:\Program Files\Kalendarz XP\Kalendarz.exe [2007-09-28 08:53:34]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 11:01:04]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
C:\Program Files\Lenovo\HOTKEY\notifyf2.dll 2006-09-06 16:37 34344 C:\Program Files\Lenovo\HOTKEY\notifyf2.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
C:\Program Files\Lenovo\HOTKEY\tphklock.dll 2006-12-14 11:06 28672 C:\Program Files\Lenovo\HOTKEY\tphklock.dll
R0 Shockprf;Shockprf;C:\WINDOWS\system32\DRIVERS\Apsx86.sys
R0 TPDIGIMN;TPDIGIMN;C:\WINDOWS\system32\DRIVERS\ApsHM86.sys
S3 atmeltpm;atmeltpm;C:\WINDOWS\system32\DRIVERS\atmeltpm.sys
.
Contents of the ‘Scheduled Tasks’ folder
“2007-11-02 20:28:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job”
.
**************************************************************************
catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-11 20:49:12
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
**************************************************************************
.
Completion time: 2007-11-11 20:51:42 - machine was rebooted
.
— E O F —
Z góry dziękuję i pozdrawiam