Kiedy gram w Warcrafta zawsze wyskakuje mi niebieski ekran z tekstem (Warcrafta przeinstalowalem kilka razy). Wiem, że wazna jest tylko jedna linijka, ale za każdym razem pisze cos innego. Niestety usunely mi sie wpisy i mam tylko jeden przyklad:
0x0000008e (0xc0000005,0xb563a03e,0xb4ecc71c,0x00000000)
Proszę o wytłumaczenie jaki to jest błąd i jak mu zaradzic.
Proszę o pomoc i z góry dziękuję.
Niebieski Ekran
Rozpoczęty przez
pablo12321
, 23 07 2008 20:35
6 odpowiedzi w tym temacie
#2
Mironov
-
-
- 256 postów
Stały użytkownik
Napisano 23 07 2008 - 20:47
http://support.microsoft.com/kb/903251/pl - ze strony microsoftu
Od początku zainstalowania tej gry wyskakuje Blue screen? Przy normalnej pracy jest ok?
Od początku zainstalowania tej gry wyskakuje Blue screen? Przy normalnej pracy jest ok?
#3
pablo12321
-
-
- 4 postów
Nowy
Napisano 23 07 2008 - 22:44
Przez cały czas od początku. Lecz czasami gra dziala jakiś czas, albo wogule się nie zawiesza.
#4
Mironov
-
-
- 256 postów
Stały użytkownik
Napisano 23 07 2008 - 23:02
a w innych grach też się zawiesza? Sprawdź pamięci programem Mem test - http://www.programosy.pl/program,memtest.html
#5
pablo12321
-
-
- 4 postów
Nowy
Napisano 23 07 2008 - 23:04
Nie, tylko w Warcrafcie, inne gry dzialają dobrze
#6
sniper45
-
-
- 55 postów
Początkujący
Napisano 24 07 2008 - 00:05
Patrząc na support Microsofta polecam wrzucenie logów z HJT, SR i CFX na forum.
#7
pablo12321
-
-
- 4 postów
Nowy
Napisano 25 07 2008 - 11:52
z HJT bylo:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:43:24, on 2008-07-25
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
F:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
F:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\vsnpstd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\kktools\userdump.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
F:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wscntfy.exe
F:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Opera\opera.exe
F:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "F:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Steam] "e:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - F:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - F:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - F:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - F:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - F:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
--
End of file - 6043 bytes
to log z CF
ComboFix 08-07-24.3 - uzytpablo 2008-07-25 11:50:11.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1469 [GMT 2:00]
Running from: C:\Documents and Settings\uzytpablo\Pulpit\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\MSINET.oca
.
((((((((((((((((((((((((( Files Created from 2008-06-25 to 2008-07-25 )))))))))))))))))))))))))))))))
.
2008-07-24 21:24 . 2008-07-24 21:24 <DIR> d-------- C:\Program Files\Ahead
2008-07-24 21:03 . 2008-07-24 21:28 115,224 --a------ C:\img1-001.raw
2008-07-24 20:58 . 2008-07-24 20:58 <DIR> d-------- C:\Program Files\Common Files\snpstd
2008-07-24 20:58 . 2004-11-19 18:46 367,488 --a------ C:\WINDOWS\system32\drivers\snpstd.sys
2008-07-24 20:53 . 2008-07-25 11:06 <DIR> d-------- C:\Documents and Settings\uzytpablo\Dane aplikacji\skypePM
2008-07-24 20:53 . 2008-07-24 20:53 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-07-24 20:51 . 2008-07-24 20:51 <DIR> d-------- C:\Program Files\Skype
2008-07-24 20:51 . 2008-07-24 20:51 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-07-24 20:51 . 2008-07-24 20:51 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-07-24 20:51 . 2008-07-25 11:06 <DIR> d-------- C:\Documents and Settings\uzytpablo\Dane aplikacji\Skype
2008-07-24 20:51 . 2008-07-24 20:51 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Skype
2008-07-22 16:44 . 1998-07-30 12:51 305,152 --a------ C:\WINDOWS\IsUninst.exe
2008-07-22 16:43 . 2008-07-22 16:43 <DIR> d-------- C:\Documents and Settings\uzytpablo\WINDOWS
2008-07-22 16:43 . 1998-07-30 17:43 305,664 --a------ C:\WINDOWS\IsUn0415.exe
2008-07-19 00:53 . 2008-07-19 00:54 <DIR> d-------- C:\Program Files\Winamp
2008-07-19 00:53 . 2008-07-19 00:54 <DIR> d-------- C:\Documents and Settings\uzytpablo\Dane aplikacji\Winamp
2008-07-14 23:54 . 2008-07-15 00:06 <DIR> d-------- C:\Documents and Settings\uzytpablo\FileDownloader
2008-07-14 18:45 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-07-14 18:45 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-07-14 18:45 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-07-13 17:54 . 2008-07-13 18:01 <DIR> d-------- C:\Documents and Settings\uzytpablo\Dane aplikacji\mIRC
2008-07-13 17:53 . 2008-07-13 17:53 <DIR> d-------- C:\Documents and Settings\uzytpablo\Dane aplikacji\teamspeak2
2008-07-13 17:52 . 2008-07-13 17:52 <DIR> d-------- C:\Documents and Settings\uzytpablo\Dane aplikacji\Ventrilo
2008-07-11 16:03 . 2001-10-26 16:57 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-07-11 16:03 . 2001-10-26 16:57 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-07-11 16:03 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-07-11 16:03 . 2001-08-17 22:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2008-07-05 22:55 . 2008-07-05 22:55 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR
2008-07-04 20:40 . 2008-07-04 20:40 <DIR> d-------- C:\Documents and Settings\uzytpablo\Dane aplikacji\Media Player Classic
2008-07-04 20:38 . 2008-07-04 20:38 <DIR> d-------- C:\Documents and Settings\uzytpablo\Dane aplikacji\Apple Computer
2008-07-04 20:37 . 2008-07-04 20:37 <DIR> d-------- C:\Program Files\Apple Software Update
2008-07-04 20:37 . 2008-07-04 20:37 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer
2008-07-04 20:37 . 2008-07-04 20:37 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Apple
2008-07-04 20:30 . 2007-06-28 18:55 77,824 --a------ C:\WINDOWS\system32\xvid.ax
2008-07-02 22:31 . 2008-07-02 22:31 <DIR> d-------- C:\Documents and Settings\uzytpablo\Dane aplikacji\InstallShield Installation Information
2008-07-02 22:22 . 2008-07-02 22:22 <DIR> d-------- C:\WINDOWS\system32\AGEIA
2008-07-02 22:22 . 2008-07-02 22:22 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-02 22:22 . 2008-07-02 22:22 <DIR> d-------- C:\Program Files\AGEIA Technologies
2008-07-02 15:10 . 2008-07-19 21:05 <DIR> d-------- C:\Program Files\sXe Injected
2008-07-02 10:31 . 2008-07-02 10:31 <DIR> d-------- C:\Documents and Settings\uzytpablo\Dane aplikacji\Ubisoft
2008-07-02 10:31 . 2008-07-02 10:31 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Ubisoft
2008-07-02 10:26 . 2007-10-12 15:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll
2008-07-02 10:26 . 2007-10-12 15:14 1,374,232 --a------ C:\WINDOWS\system32\D3DCompiler_36.dll
2008-07-02 10:26 . 2007-10-02 09:56 444,776 --a------ C:\WINDOWS\system32\d3dx10_36.dll
2008-07-02 10:26 . 2007-10-22 03:39 267,272 --a------ C:\WINDOWS\system32\xactengine2_10.dll
2008-07-02 10:26 . 2007-07-20 00:57 267,112 --a------ C:\WINDOWS\system32\xactengine2_9.dll
2008-07-02 10:19 . 2008-07-24 21:28 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-07-02 00:25 . 2008-07-02 00:25 <DIR> d-------- C:\Documents and Settings\uzytpablo\Dane aplikacji\Nero
2008-07-02 00:24 . 2008-07-02 00:24 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-07-02 00:24 . 2008-07-02 00:24 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Nero
2008-07-01 19:38 . 2008-07-01 19:38 <DIR> d-------- C:\Program Files\Sun
2008-07-01 19:38 . 2008-07-01 19:38 <DIR> d-------- C:\Program Files\Java
2008-07-01 19:38 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-07-01 19:37 . 2008-07-01 19:37 <DIR> d-------- C:\Program Files\Common Files\Java
2008-06-29 19:22 . 2008-06-29 19:22 <DIR> d-------- C:\WINDOWS\AM
2008-06-28 12:37 . 2008-06-28 12:37 <DIR> d-------- C:\WINDOWS\system32\kktools
2008-06-28 12:37 . 2007-03-05 17:31 64,384 --a------ C:\WINDOWS\system32\drivers\userdump.sys
2008-06-27 22:24 . 2008-06-27 22:24 <DIR> d-------- C:\WINDOWS\speech
2008-06-27 16:08 . 2008-06-27 16:08 <DIR> d-------- C:\Documents and Settings\uzytpablo\Dane aplikacji\Thinstall
2008-06-27 10:38 . 2008-06-27 10:41 139,264 --a------ C:\WINDOWS\War3Unin.exe
2008-06-27 10:38 . 2008-06-27 10:42 77,666 --a------ C:\WINDOWS\War3Unin.dat
2008-06-27 10:38 . 2008-06-27 10:41 2,829 --a------ C:\WINDOWS\War3Unin.pif
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-25 00:38 --------- d-----w C:\Documents and Settings\uzytpablo\Dane aplikacji\uTorrent
2008-07-24 18:58 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-28 19:44 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-06-28 19:44 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-06-25 15:48 98,304 ----a-w C:\WINDOWS\DUMP55c1.tmp
2008-06-24 18:51 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-06-24 18:47 22,328 ----a-w C:\Documents and Settings\uzytpablo\Dane aplikacji\PnkBstrK.sys
2008-06-24 06:39 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
2008-06-24 06:38 --------- d-----w C:\Program Files\MSBuild
2008-06-24 06:38 --------- d-----w C:\Program Files\Microsoft Works
2008-06-23 21:46 --------- d-----w C:\Documents and Settings\uzytpablo\Dane aplikacji\Gadu-Gadu
2008-06-23 21:11 --------- d-----w C:\Documents and Settings\uzytpablo\Dane aplikacji\vlc
2008-06-23 20:45 12,528 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2008-06-23 20:44 --------- d-----w C:\Program Files\Ubisoft
2008-06-23 18:15 669,184 ----a-w C:\WINDOWS\system32\pbsvc.exe
2008-06-23 18:07 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-06-23 18:07 --------- d-----w C:\Documents and Settings\uzytpablo\Dane aplikacji\DAEMON Tools
2008-06-23 17:15 --------- d-----w C:\Program Files\uTorrent
2008-06-23 16:39 --------- d-----w C:\Program Files\Opera
2008-06-23 16:13 15,600 ----a-w C:\WINDOWS\gdrv.sys
2008-06-23 16:13 --------- d-----w C:\Program Files\Realtek
2008-06-23 16:13 --------- d-----w C:\Documents and Settings\uzytpablo\Dane aplikacji\InstallShield
2008-06-23 16:10 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-06-23 16:10 --------- d-----w C:\Program Files\Yahoo!
2008-06-23 16:10 --------- d-----w C:\Program Files\DIFX
2008-06-23 16:10 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-06-23 15:09 --------- d-----w C:\Program Files\microsoft frontpage
2008-06-23 15:08 --------- d-----w C:\Program Files\Usługi online
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360]
"Gadu-Gadu"="F:\Program Files\Gadu-Gadu\gg.exe" [2008-03-20 12:04 2127296]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-10-23 14:18 202024]
"Steam"="e:\program files\steam\steam.exe" [2008-07-13 18:06 1271032]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-05-30 15:54 21718312]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-01-03 16:26 13508608]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-01-03 16:26 86016]
"avast!"="F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"QuickTime Task"="F:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-07-09 23:33 36352]
"snpstd"="C:\WINDOWS\vsnpstd.exe" [2004-06-10 13:48 286720]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-10 11:08 16342528 C:\WINDOWS\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2008-01-03 16:26 1626112 C:\WINDOWS\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
"msacm.ac3filter"= ac3filter.acm
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"F:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Opera\\opera.exe"=
"F:\\Program Files\\DC++\\DCPlusPlus.exe"=
"E:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"E:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"E:\\Program Files\\Valve\\hl.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"F:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"E:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"E:\\Program Files\\Metin2_PL\\metin2.bin"=
"C:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"=
"E:\\Program Files\\UBISOFT\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"E:\\Program Files\\UBISOFT\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"E:\\Program Files\\UBISOFT\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"E:\\Program Files\\Pro Evolution Soccer 2008\\PES2008.exe"=
"E:\\Program Files\\Unreal Tournament 3\\Binaries\\UT3.exe"=
"E:\\Program Files\\Warcraft III\\Frozen Throne.exe"=
"E:\\mIRCpl\\mirc.exe"=
"E:\\Program Files\\Steam\\steamapps\\levsky10\\counter-strike\\hl.exe"=
"E:\\Program Files\\Microsoft Games\\Age of Mythology\\aom.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"D:\\SIPPS\\SIPPS.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8461:TCP"= 8461:TCP:GoD High Port
"8462:TCP"= 8462:TCP:GoD Low Port
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R3 udmpdrvr;User Mode Process Dumper Driver;C:\WINDOWS\system32\drivers\userdump.sys [2007-03-05 17:31]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{68d94e62-551c-11dd-bf1b-001d7dd82978}]
\Shell\AutoRun\command - H:\
\Shell\open\Command - rundll32.exe .\desktop.dll,InstallM
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.pl/
R0 -: HKLM-Main,Start Page = hxxp://www.yahoo.com
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
O8 -: E&ksportuj do programu Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-25 11:50:54
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-07-25 11:51:19
ComboFix-quarantined-files.txt 2008-07-25 09:51:10
Pre-Run: 31,745,400,832 bajtów wolnych
Post-Run: 32,484,106,240 bajtów wolnych
196
a to chyba z SR
"Silent Runners.vbs", revision RED (R28) (Echo output), launched at: 11:53
Operating System: Windows XP SP2
Startup items buried in registry:
---------------------------------
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"Gadu-Gadu" = ""F:\Program Files\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu S.A."]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = ""C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"" ["Nero AG"]
"Steam" = ""e:\program files\steam\steam.exe" -silent" ["Valve Corporation"]
"Skype" = ""C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
"RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]
"avast!" = "F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" ["ALWIL Software"]
"GrooveMonitor" = ""C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"" [MS]
"SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"" ["Sun Microsystems, Inc."]
"QuickTime Task" = ""F:\Program Files\QuickTime\QTTask.exe" -atboottime" ["Apple Inc."]
"WinampAgent" = ""C:\Program Files\Winamp\winampa.exe"" [null data]
"snpstd" = "C:\WINDOWS\vsnpstd.exe" [empty string]
HKLM\Software\Microsoft\Active Setup\Installed Components\
">{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\(Default)" = "Microsoft Windows Media Player"
\StubPath = "C:\WINDOWS\inf\unregmp2.exe /ShowWMP" [MS]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{02478D38-C3F9-4efb-9B51-7695ECA05670}\(Default) = "Yahoo! Companion BHO"
-> resolves to: {CLSID}\InprocServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll" ["Yahoo! Inc."]
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\(Default) = "Groove GFS Browser Helper"
-> resolves to: {CLSID}\InprocServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = "SSVHelper Class"
-> resolves to: {CLSID}\InprocServer32\(Default) = "C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]
HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
"PostBootReminder" = "{7849596a-48ea-486e-8937-a2a3009f31a9}"
-> resolves to: {CLSID}\InprocServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS]
"CDBurn" = "{fbeb8a05-beee-4442-804e-409d6c4515e9}"
-> resolves to: {CLSID}\InprocServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS]
"WebCheck" = "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
-> resolves to: {CLSID}\InprocServer32\(Default) = "C:\WINDOWS\system32\webcheck.dll" [MS]
"SysTray" = "{35CEC8A3-2BE6-11D2-8773-92E220524153}"
-> resolves to: {CLSID}\InprocServer32\(Default) = "C:\WINDOWS\system32\stobject.dll" [MS]
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\
INFECTION WARNING! "AppInit_DLLs" = "?g" [file not found]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
Aktualizacje automatyczne, wuauserv, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\system32\wuauserv.dll" [MS]}
avast! Antivirus, avast! Antivirus, ""F:\Program Files\Alwil Software\Avast4\ashServ.exe"" ["ALWIL Software"]
avast! iAVS4 Control Service, aswUpdSv, ""F:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" ["ALWIL Software"]
avast! Mail Scanner, avast! Mail Scanner, ""F:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"]
avast! Web Scanner, avast! Web Scanner, ""F:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]
Bufor wydruku, Spooler, "C:\WINDOWS\system32\spoolsv.exe" [MS]
Centrum zabezpieczeä, wscsvc, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\system32\wscsvc.dll" [MS]}
Dziennik zdarzeä, Eventlog, "C:\WINDOWS\system32\services.exe" [MS]
Error Reporting Service, ERSvc, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\ersvc.dll" [MS]}
Harmonogram zadaä, Schedule, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\system32\schedsvc.dll" [MS]}
Host uniwersalnego urzĄdzenia Plug and Play, upnphost, "C:\WINDOWS\system32\svchost.exe -k LocalService" {"C:\WINDOWS\System32\upnphost.dll" [MS]}
HTTP SSL, HTTPFilter, "C:\WINDOWS\System32\svchost.exe -k HTTPFilter" {"C:\WINDOWS\System32\w3ssl.dll" [MS]}
Instrumentacja zarzĄdzania Windows, winmgmt, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\system32\wbem\WMIsvc.dll" [MS]}
Klient DHCP, Dhcp, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\dhcpcsvc.dll" [MS]}
Klient DNS, Dnscache, "C:\WINDOWS\system32\svchost.exe -k NetworkService" {"C:\WINDOWS\System32\dnsrslvr.dll" [MS]}
Klient ledzenia Ączy rozproszonych, TrkWks, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\system32\trkwks.dll" [MS]}
Kompozycje, Themes, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\shsvcs.dll" [MS]}
Konfiguracja zerowej sieci bezprzewodowej, WZCSVC, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\wzcsvc.dll" [MS]}
Logowanie pomocnicze, seclogon, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\seclogon.dll" [MS]}
Magazyn chroniony, ProtectedStorage, "C:\WINDOWS\system32\lsass.exe" [MS]
Menedľer autopoĄczenia dost?pu zdalnego, RasAuto, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\rasauto.dll" [MS]}
Menedľer dysk˘w logicznych, dmserver, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\dmserver.dll" ["Microsoft Corp."]}
Menedľer kont zabezpieczeä, SamSs, "C:\WINDOWS\system32\lsass.exe" [MS]
Menedľer poĄczeä usugi Dost?p zdalny, RasMan, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\rasmans.dll" [MS]}
Nero BackItUp Scheduler 3, Nero BackItUp Scheduler 3, "F:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe" ["Nero AG"]
NMIndexingService, NMIndexingService, ""C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe"" ["Nero AG"]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
Plug and Play, PlugPlay, "C:\WINDOWS\system32\services.exe" [MS]
PnkBstrA, PnkBstrA, "C:\WINDOWS\system32\PnkBstrA.exe" [null data]
Pomoc i obsuga techniczna, helpsvc, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll" [MS]}
Pomoc TCP/IP NetBIOS, LmHosts, "C:\WINDOWS\system32\svchost.exe -k LocalService" {"C:\WINDOWS\System32\lmhsvc.dll" [MS]}
PoĄczenia sieciowe, Netman, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\netman.dll" [MS]}
Program uruchamiajĄcy proces serwera DCOM, DcomLaunch, "C:\WINDOWS\system32\svchost -k DcomLaunch" {"C:\WINDOWS\system32\rpcss.dll" [MS]}
PrzeglĄdarka komputera, Browser, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\browser.dll" [MS]}
Rejestr zdalny, RemoteRegistry, "C:\WINDOWS\system32\svchost.exe -k LocalService" {"C:\WINDOWS\system32\regsvc.dll" [MS]}
Rozpoznawanie lokalizacji w sieci (NLA), Nla, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\mswsock.dll" [MS]}
Serwer, lanmanserver, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\srvsvc.dll" [MS]}
Stacja robocza, lanmanworkstation, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\wkssvc.dll" [MS]}
System zdarzeä COM+, EventSystem, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\system32\es.dll" [MS]}
Telefonia, TapiSrv, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\tapisrv.dll" [MS]}
UrzĄdzenie alarmowe, Alerter, "C:\WINDOWS\system32\svchost.exe -k LocalService" {"C:\WINDOWS\system32\alrsvc.dll" [MS]}
User Mode Process Dumper, udmpsvc, "system32\kktools\userdump.exe -Service" [MS]
Usuga bramy warstwy aplikacji, ALG, "C:\WINDOWS\System32\alg.exe" [MS]
Usuga Czas systemu Windows, W32Time, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\system32\w32time.dll" [MS]}
Usuga odnajdywania SSDP, SSDPSRV, "C:\WINDOWS\system32\svchost.exe -k LocalService" {"C:\WINDOWS\System32\ssdpsrv.dll" [MS]}
Usuga przywracania systemu, srservice, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\system32\srsvc.dll" [MS]}
Usugi IPSEC, PolicyAgent, "C:\WINDOWS\system32\lsass.exe" [MS]
Usugi kryptograficzne, CryptSvc, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\cryptsvc.dll" [MS]}
Usugi terminalowe, TermService, "C:\WINDOWS\System32\svchost -k DComLaunch" {"C:\WINDOWS\System32\termsrv.dll" [MS]}
WebClient, WebClient, "C:\WINDOWS\system32\svchost.exe -k LocalService" {"C:\WINDOWS\System32\webclnt.dll" [MS]}
Windows Audio, AudioSrv, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\audiosrv.dll" [MS]}
Windows Image Acquisition (WIA), stisvc, "C:\WINDOWS\system32\svchost.exe -k imgsvc" {"C:\WINDOWS\system32\wiaservc.dll" [MS]}
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]
Wykrywanie sprz?tu powoki, ShellHWDetection, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\shsvcs.dll" [MS]}
Zapora systemu Windows/Udost?pnianie poĄczenia internetowego, SharedAccess, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\ipnathlp.dll" [MS]}
Zawiadomienie o zdarzeniu systemowym, SENS, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\system32\sens.dll" [MS]}
Zdalne wywoywanie procedur (RPC), RpcSs, "C:\WINDOWS\system32\svchost -k rpcss" {"C:\WINDOWS\System32\rpcss.dll" [MS]}
Zgodno? szybkiego przeĄczania uľytkownik˘w, FastUserSwitchingCompatibility, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\shsvcs.dll" [MS]}
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:43:24, on 2008-07-25
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
F:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
F:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\vsnpstd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\kktools\userdump.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
F:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wscntfy.exe
F:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Opera\opera.exe
F:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "F:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Steam] "e:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - F:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - F:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - F:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - F:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - F:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
--
End of file - 6043 bytes
to log z CF
ComboFix 08-07-24.3 - uzytpablo 2008-07-25 11:50:11.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1469 [GMT 2:00]
Running from: C:\Documents and Settings\uzytpablo\Pulpit\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\MSINET.oca
.
((((((((((((((((((((((((( Files Created from 2008-06-25 to 2008-07-25 )))))))))))))))))))))))))))))))
.
2008-07-24 21:24 . 2008-07-24 21:24 <DIR> d-------- C:\Program Files\Ahead
2008-07-24 21:03 . 2008-07-24 21:28 115,224 --a------ C:\img1-001.raw
2008-07-24 20:58 . 2008-07-24 20:58 <DIR> d-------- C:\Program Files\Common Files\snpstd
2008-07-24 20:58 . 2004-11-19 18:46 367,488 --a------ C:\WINDOWS\system32\drivers\snpstd.sys
2008-07-24 20:53 . 2008-07-25 11:06 <DIR> d-------- C:\Documents and Settings\uzytpablo\Dane aplikacji\skypePM
2008-07-24 20:53 . 2008-07-24 20:53 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-07-24 20:51 . 2008-07-24 20:51 <DIR> d-------- C:\Program Files\Skype
2008-07-24 20:51 . 2008-07-24 20:51 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-07-24 20:51 . 2008-07-24 20:51 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-07-24 20:51 . 2008-07-25 11:06 <DIR> d-------- C:\Documents and Settings\uzytpablo\Dane aplikacji\Skype
2008-07-24 20:51 . 2008-07-24 20:51 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Skype
2008-07-22 16:44 . 1998-07-30 12:51 305,152 --a------ C:\WINDOWS\IsUninst.exe
2008-07-22 16:43 . 2008-07-22 16:43 <DIR> d-------- C:\Documents and Settings\uzytpablo\WINDOWS
2008-07-22 16:43 . 1998-07-30 17:43 305,664 --a------ C:\WINDOWS\IsUn0415.exe
2008-07-19 00:53 . 2008-07-19 00:54 <DIR> d-------- C:\Program Files\Winamp
2008-07-19 00:53 . 2008-07-19 00:54 <DIR> d-------- C:\Documents and Settings\uzytpablo\Dane aplikacji\Winamp
2008-07-14 23:54 . 2008-07-15 00:06 <DIR> d-------- C:\Documents and Settings\uzytpablo\FileDownloader
2008-07-14 18:45 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-07-14 18:45 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-07-14 18:45 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-07-13 17:54 . 2008-07-13 18:01 <DIR> d-------- C:\Documents and Settings\uzytpablo\Dane aplikacji\mIRC
2008-07-13 17:53 . 2008-07-13 17:53 <DIR> d-------- C:\Documents and Settings\uzytpablo\Dane aplikacji\teamspeak2
2008-07-13 17:52 . 2008-07-13 17:52 <DIR> d-------- C:\Documents and Settings\uzytpablo\Dane aplikacji\Ventrilo
2008-07-11 16:03 . 2001-10-26 16:57 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-07-11 16:03 . 2001-10-26 16:57 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-07-11 16:03 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-07-11 16:03 . 2001-08-17 22:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2008-07-05 22:55 . 2008-07-05 22:55 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR
2008-07-04 20:40 . 2008-07-04 20:40 <DIR> d-------- C:\Documents and Settings\uzytpablo\Dane aplikacji\Media Player Classic
2008-07-04 20:38 . 2008-07-04 20:38 <DIR> d-------- C:\Documents and Settings\uzytpablo\Dane aplikacji\Apple Computer
2008-07-04 20:37 . 2008-07-04 20:37 <DIR> d-------- C:\Program Files\Apple Software Update
2008-07-04 20:37 . 2008-07-04 20:37 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer
2008-07-04 20:37 . 2008-07-04 20:37 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Apple
2008-07-04 20:30 . 2007-06-28 18:55 77,824 --a------ C:\WINDOWS\system32\xvid.ax
2008-07-02 22:31 . 2008-07-02 22:31 <DIR> d-------- C:\Documents and Settings\uzytpablo\Dane aplikacji\InstallShield Installation Information
2008-07-02 22:22 . 2008-07-02 22:22 <DIR> d-------- C:\WINDOWS\system32\AGEIA
2008-07-02 22:22 . 2008-07-02 22:22 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-02 22:22 . 2008-07-02 22:22 <DIR> d-------- C:\Program Files\AGEIA Technologies
2008-07-02 15:10 . 2008-07-19 21:05 <DIR> d-------- C:\Program Files\sXe Injected
2008-07-02 10:31 . 2008-07-02 10:31 <DIR> d-------- C:\Documents and Settings\uzytpablo\Dane aplikacji\Ubisoft
2008-07-02 10:31 . 2008-07-02 10:31 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Ubisoft
2008-07-02 10:26 . 2007-10-12 15:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll
2008-07-02 10:26 . 2007-10-12 15:14 1,374,232 --a------ C:\WINDOWS\system32\D3DCompiler_36.dll
2008-07-02 10:26 . 2007-10-02 09:56 444,776 --a------ C:\WINDOWS\system32\d3dx10_36.dll
2008-07-02 10:26 . 2007-10-22 03:39 267,272 --a------ C:\WINDOWS\system32\xactengine2_10.dll
2008-07-02 10:26 . 2007-07-20 00:57 267,112 --a------ C:\WINDOWS\system32\xactengine2_9.dll
2008-07-02 10:19 . 2008-07-24 21:28 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-07-02 00:25 . 2008-07-02 00:25 <DIR> d-------- C:\Documents and Settings\uzytpablo\Dane aplikacji\Nero
2008-07-02 00:24 . 2008-07-02 00:24 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-07-02 00:24 . 2008-07-02 00:24 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Nero
2008-07-01 19:38 . 2008-07-01 19:38 <DIR> d-------- C:\Program Files\Sun
2008-07-01 19:38 . 2008-07-01 19:38 <DIR> d-------- C:\Program Files\Java
2008-07-01 19:38 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-07-01 19:37 . 2008-07-01 19:37 <DIR> d-------- C:\Program Files\Common Files\Java
2008-06-29 19:22 . 2008-06-29 19:22 <DIR> d-------- C:\WINDOWS\AM
2008-06-28 12:37 . 2008-06-28 12:37 <DIR> d-------- C:\WINDOWS\system32\kktools
2008-06-28 12:37 . 2007-03-05 17:31 64,384 --a------ C:\WINDOWS\system32\drivers\userdump.sys
2008-06-27 22:24 . 2008-06-27 22:24 <DIR> d-------- C:\WINDOWS\speech
2008-06-27 16:08 . 2008-06-27 16:08 <DIR> d-------- C:\Documents and Settings\uzytpablo\Dane aplikacji\Thinstall
2008-06-27 10:38 . 2008-06-27 10:41 139,264 --a------ C:\WINDOWS\War3Unin.exe
2008-06-27 10:38 . 2008-06-27 10:42 77,666 --a------ C:\WINDOWS\War3Unin.dat
2008-06-27 10:38 . 2008-06-27 10:41 2,829 --a------ C:\WINDOWS\War3Unin.pif
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-25 00:38 --------- d-----w C:\Documents and Settings\uzytpablo\Dane aplikacji\uTorrent
2008-07-24 18:58 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-28 19:44 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-06-28 19:44 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-06-25 15:48 98,304 ----a-w C:\WINDOWS\DUMP55c1.tmp
2008-06-24 18:51 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-06-24 18:47 22,328 ----a-w C:\Documents and Settings\uzytpablo\Dane aplikacji\PnkBstrK.sys
2008-06-24 06:39 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
2008-06-24 06:38 --------- d-----w C:\Program Files\MSBuild
2008-06-24 06:38 --------- d-----w C:\Program Files\Microsoft Works
2008-06-23 21:46 --------- d-----w C:\Documents and Settings\uzytpablo\Dane aplikacji\Gadu-Gadu
2008-06-23 21:11 --------- d-----w C:\Documents and Settings\uzytpablo\Dane aplikacji\vlc
2008-06-23 20:45 12,528 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2008-06-23 20:44 --------- d-----w C:\Program Files\Ubisoft
2008-06-23 18:15 669,184 ----a-w C:\WINDOWS\system32\pbsvc.exe
2008-06-23 18:07 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-06-23 18:07 --------- d-----w C:\Documents and Settings\uzytpablo\Dane aplikacji\DAEMON Tools
2008-06-23 17:15 --------- d-----w C:\Program Files\uTorrent
2008-06-23 16:39 --------- d-----w C:\Program Files\Opera
2008-06-23 16:13 15,600 ----a-w C:\WINDOWS\gdrv.sys
2008-06-23 16:13 --------- d-----w C:\Program Files\Realtek
2008-06-23 16:13 --------- d-----w C:\Documents and Settings\uzytpablo\Dane aplikacji\InstallShield
2008-06-23 16:10 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-06-23 16:10 --------- d-----w C:\Program Files\Yahoo!
2008-06-23 16:10 --------- d-----w C:\Program Files\DIFX
2008-06-23 16:10 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-06-23 15:09 --------- d-----w C:\Program Files\microsoft frontpage
2008-06-23 15:08 --------- d-----w C:\Program Files\Usługi online
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360]
"Gadu-Gadu"="F:\Program Files\Gadu-Gadu\gg.exe" [2008-03-20 12:04 2127296]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-10-23 14:18 202024]
"Steam"="e:\program files\steam\steam.exe" [2008-07-13 18:06 1271032]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-05-30 15:54 21718312]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-01-03 16:26 13508608]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-01-03 16:26 86016]
"avast!"="F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"QuickTime Task"="F:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-07-09 23:33 36352]
"snpstd"="C:\WINDOWS\vsnpstd.exe" [2004-06-10 13:48 286720]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-10 11:08 16342528 C:\WINDOWS\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2008-01-03 16:26 1626112 C:\WINDOWS\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
"msacm.ac3filter"= ac3filter.acm
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"F:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Opera\\opera.exe"=
"F:\\Program Files\\DC++\\DCPlusPlus.exe"=
"E:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"E:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"E:\\Program Files\\Valve\\hl.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"F:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"E:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"E:\\Program Files\\Metin2_PL\\metin2.bin"=
"C:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"=
"E:\\Program Files\\UBISOFT\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"E:\\Program Files\\UBISOFT\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"E:\\Program Files\\UBISOFT\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"E:\\Program Files\\Pro Evolution Soccer 2008\\PES2008.exe"=
"E:\\Program Files\\Unreal Tournament 3\\Binaries\\UT3.exe"=
"E:\\Program Files\\Warcraft III\\Frozen Throne.exe"=
"E:\\mIRCpl\\mirc.exe"=
"E:\\Program Files\\Steam\\steamapps\\levsky10\\counter-strike\\hl.exe"=
"E:\\Program Files\\Microsoft Games\\Age of Mythology\\aom.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"D:\\SIPPS\\SIPPS.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8461:TCP"= 8461:TCP:GoD High Port
"8462:TCP"= 8462:TCP:GoD Low Port
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R3 udmpdrvr;User Mode Process Dumper Driver;C:\WINDOWS\system32\drivers\userdump.sys [2007-03-05 17:31]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{68d94e62-551c-11dd-bf1b-001d7dd82978}]
\Shell\AutoRun\command - H:\
\Shell\open\Command - rundll32.exe .\desktop.dll,InstallM
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.pl/
R0 -: HKLM-Main,Start Page = hxxp://www.yahoo.com
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
O8 -: E&ksportuj do programu Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-25 11:50:54
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-07-25 11:51:19
ComboFix-quarantined-files.txt 2008-07-25 09:51:10
Pre-Run: 31,745,400,832 bajtów wolnych
Post-Run: 32,484,106,240 bajtów wolnych
196
a to chyba z SR
"Silent Runners.vbs", revision RED (R28) (Echo output), launched at: 11:53
Operating System: Windows XP SP2
Startup items buried in registry:
---------------------------------
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"Gadu-Gadu" = ""F:\Program Files\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu S.A."]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = ""C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"" ["Nero AG"]
"Steam" = ""e:\program files\steam\steam.exe" -silent" ["Valve Corporation"]
"Skype" = ""C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
"RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]
"avast!" = "F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" ["ALWIL Software"]
"GrooveMonitor" = ""C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"" [MS]
"SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"" ["Sun Microsystems, Inc."]
"QuickTime Task" = ""F:\Program Files\QuickTime\QTTask.exe" -atboottime" ["Apple Inc."]
"WinampAgent" = ""C:\Program Files\Winamp\winampa.exe"" [null data]
"snpstd" = "C:\WINDOWS\vsnpstd.exe" [empty string]
HKLM\Software\Microsoft\Active Setup\Installed Components\
">{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\(Default)" = "Microsoft Windows Media Player"
\StubPath = "C:\WINDOWS\inf\unregmp2.exe /ShowWMP" [MS]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{02478D38-C3F9-4efb-9B51-7695ECA05670}\(Default) = "Yahoo! Companion BHO"
-> resolves to: {CLSID}\InprocServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll" ["Yahoo! Inc."]
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\(Default) = "Groove GFS Browser Helper"
-> resolves to: {CLSID}\InprocServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = "SSVHelper Class"
-> resolves to: {CLSID}\InprocServer32\(Default) = "C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]
HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
"PostBootReminder" = "{7849596a-48ea-486e-8937-a2a3009f31a9}"
-> resolves to: {CLSID}\InprocServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS]
"CDBurn" = "{fbeb8a05-beee-4442-804e-409d6c4515e9}"
-> resolves to: {CLSID}\InprocServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS]
"WebCheck" = "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
-> resolves to: {CLSID}\InprocServer32\(Default) = "C:\WINDOWS\system32\webcheck.dll" [MS]
"SysTray" = "{35CEC8A3-2BE6-11D2-8773-92E220524153}"
-> resolves to: {CLSID}\InprocServer32\(Default) = "C:\WINDOWS\system32\stobject.dll" [MS]
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\
INFECTION WARNING! "AppInit_DLLs" = "?g" [file not found]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
Aktualizacje automatyczne, wuauserv, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\system32\wuauserv.dll" [MS]}
avast! Antivirus, avast! Antivirus, ""F:\Program Files\Alwil Software\Avast4\ashServ.exe"" ["ALWIL Software"]
avast! iAVS4 Control Service, aswUpdSv, ""F:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" ["ALWIL Software"]
avast! Mail Scanner, avast! Mail Scanner, ""F:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"]
avast! Web Scanner, avast! Web Scanner, ""F:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]
Bufor wydruku, Spooler, "C:\WINDOWS\system32\spoolsv.exe" [MS]
Centrum zabezpieczeä, wscsvc, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\system32\wscsvc.dll" [MS]}
Dziennik zdarzeä, Eventlog, "C:\WINDOWS\system32\services.exe" [MS]
Error Reporting Service, ERSvc, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\ersvc.dll" [MS]}
Harmonogram zadaä, Schedule, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\system32\schedsvc.dll" [MS]}
Host uniwersalnego urzĄdzenia Plug and Play, upnphost, "C:\WINDOWS\system32\svchost.exe -k LocalService" {"C:\WINDOWS\System32\upnphost.dll" [MS]}
HTTP SSL, HTTPFilter, "C:\WINDOWS\System32\svchost.exe -k HTTPFilter" {"C:\WINDOWS\System32\w3ssl.dll" [MS]}
Instrumentacja zarzĄdzania Windows, winmgmt, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\system32\wbem\WMIsvc.dll" [MS]}
Klient DHCP, Dhcp, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\dhcpcsvc.dll" [MS]}
Klient DNS, Dnscache, "C:\WINDOWS\system32\svchost.exe -k NetworkService" {"C:\WINDOWS\System32\dnsrslvr.dll" [MS]}
Klient ledzenia Ączy rozproszonych, TrkWks, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\system32\trkwks.dll" [MS]}
Kompozycje, Themes, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\shsvcs.dll" [MS]}
Konfiguracja zerowej sieci bezprzewodowej, WZCSVC, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\wzcsvc.dll" [MS]}
Logowanie pomocnicze, seclogon, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\seclogon.dll" [MS]}
Magazyn chroniony, ProtectedStorage, "C:\WINDOWS\system32\lsass.exe" [MS]
Menedľer autopoĄczenia dost?pu zdalnego, RasAuto, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\rasauto.dll" [MS]}
Menedľer dysk˘w logicznych, dmserver, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\dmserver.dll" ["Microsoft Corp."]}
Menedľer kont zabezpieczeä, SamSs, "C:\WINDOWS\system32\lsass.exe" [MS]
Menedľer poĄczeä usugi Dost?p zdalny, RasMan, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\rasmans.dll" [MS]}
Nero BackItUp Scheduler 3, Nero BackItUp Scheduler 3, "F:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe" ["Nero AG"]
NMIndexingService, NMIndexingService, ""C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe"" ["Nero AG"]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
Plug and Play, PlugPlay, "C:\WINDOWS\system32\services.exe" [MS]
PnkBstrA, PnkBstrA, "C:\WINDOWS\system32\PnkBstrA.exe" [null data]
Pomoc i obsuga techniczna, helpsvc, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll" [MS]}
Pomoc TCP/IP NetBIOS, LmHosts, "C:\WINDOWS\system32\svchost.exe -k LocalService" {"C:\WINDOWS\System32\lmhsvc.dll" [MS]}
PoĄczenia sieciowe, Netman, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\netman.dll" [MS]}
Program uruchamiajĄcy proces serwera DCOM, DcomLaunch, "C:\WINDOWS\system32\svchost -k DcomLaunch" {"C:\WINDOWS\system32\rpcss.dll" [MS]}
PrzeglĄdarka komputera, Browser, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\browser.dll" [MS]}
Rejestr zdalny, RemoteRegistry, "C:\WINDOWS\system32\svchost.exe -k LocalService" {"C:\WINDOWS\system32\regsvc.dll" [MS]}
Rozpoznawanie lokalizacji w sieci (NLA), Nla, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\mswsock.dll" [MS]}
Serwer, lanmanserver, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\srvsvc.dll" [MS]}
Stacja robocza, lanmanworkstation, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\wkssvc.dll" [MS]}
System zdarzeä COM+, EventSystem, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\system32\es.dll" [MS]}
Telefonia, TapiSrv, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\tapisrv.dll" [MS]}
UrzĄdzenie alarmowe, Alerter, "C:\WINDOWS\system32\svchost.exe -k LocalService" {"C:\WINDOWS\system32\alrsvc.dll" [MS]}
User Mode Process Dumper, udmpsvc, "system32\kktools\userdump.exe -Service" [MS]
Usuga bramy warstwy aplikacji, ALG, "C:\WINDOWS\System32\alg.exe" [MS]
Usuga Czas systemu Windows, W32Time, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\system32\w32time.dll" [MS]}
Usuga odnajdywania SSDP, SSDPSRV, "C:\WINDOWS\system32\svchost.exe -k LocalService" {"C:\WINDOWS\System32\ssdpsrv.dll" [MS]}
Usuga przywracania systemu, srservice, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\system32\srsvc.dll" [MS]}
Usugi IPSEC, PolicyAgent, "C:\WINDOWS\system32\lsass.exe" [MS]
Usugi kryptograficzne, CryptSvc, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\cryptsvc.dll" [MS]}
Usugi terminalowe, TermService, "C:\WINDOWS\System32\svchost -k DComLaunch" {"C:\WINDOWS\System32\termsrv.dll" [MS]}
WebClient, WebClient, "C:\WINDOWS\system32\svchost.exe -k LocalService" {"C:\WINDOWS\System32\webclnt.dll" [MS]}
Windows Audio, AudioSrv, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\audiosrv.dll" [MS]}
Windows Image Acquisition (WIA), stisvc, "C:\WINDOWS\system32\svchost.exe -k imgsvc" {"C:\WINDOWS\system32\wiaservc.dll" [MS]}
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]
Wykrywanie sprz?tu powoki, ShellHWDetection, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\shsvcs.dll" [MS]}
Zapora systemu Windows/Udost?pnianie poĄczenia internetowego, SharedAccess, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\ipnathlp.dll" [MS]}
Zawiadomienie o zdarzeniu systemowym, SENS, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\system32\sens.dll" [MS]}
Zdalne wywoywanie procedur (RPC), RpcSs, "C:\WINDOWS\system32\svchost -k rpcss" {"C:\WINDOWS\System32\rpcss.dll" [MS]}
Zgodno? szybkiego przeĄczania uľytkownik˘w, FastUserSwitchingCompatibility, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\shsvcs.dll" [MS]}
Użytkownicy przeglądający ten temat: 0
0 użytkowników, 0 gości, 0 anonimowych
