Combofix:
ComboFix 08-08-21.02 - USER 2008-08-22 11:27:27.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.618 [GMT 2:00] Running from: C:\Documents and Settings\USER\Pulpit\ComboFix.exe * Created a new restore point [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED [img]http://www.forum.tweaks.pl/public/style_emoticons/default/excl.gif[/img][/b][/color] . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\actskn43.ocx C:\WINDOWS\system32\dao350.dll . ((((((((((((((((((((((((( Files Created from 2008-07-22 to 2008-08-22 ))))))))))))))))))))))))))))))) . 2008-08-20 16:15 . 2008-08-21 15:27 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-08-20 16:15 . 2008-08-20 16:15 1,409 --a------ C:\WINDOWS\QTFont.for 2008-08-20 15:04 . 1999-09-28 16:42 1,050,896 --a------ C:\WINDOWS\system32\msjet35.dll 2008-08-20 15:04 . 2000-05-21 22:00 244,416 --a------ C:\WINDOWS\system32\msflxgrd.ocx 2008-08-20 15:04 . 1998-06-23 21:00 164,144 --a------ C:\WINDOWS\system32\COMCT232.OCX 2008-08-20 15:04 . 1998-04-23 22:00 123,664 --a------ C:\WINDOWS\system32\msjint35.dll 2008-08-20 15:04 . 2004-04-18 10:41 98,304 --a------ C:\WINDOWS\system32\KewlButtonz.ocx 2008-08-20 15:04 . 1998-04-23 22:00 24,848 --a------ C:\WINDOWS\system32\msjter35.dll 2008-08-18 15:05 . 2008-08-20 16:01 <DIR> d-------- C:\Program Files\eMule 2008-07-31 22:34 . 2008-07-31 22:34 <DIR> d-------- C:\Program Files\Ulead Systems 2008-07-31 22:34 . 2008-07-31 22:34 <DIR> d-------- C:\Program Files\Common Files\Ulead Systems 2008-07-28 20:02 . 2008-07-28 20:02 <DIR> d-------- C:\Documents and Settings\USER\Dane aplikacji\Media Player Classic 2008-07-24 12:43 . 2008-07-24 12:43 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-07-24 12:43 . 2008-07-24 12:43 <DIR> d-------- C:\Documents and Settings\USER\Dane aplikacji\Malwarebytes 2008-07-24 12:43 . 2008-07-24 12:43 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes 2008-07-24 12:43 . 2008-07-23 20:09 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-07-24 12:43 . 2008-07-23 20:09 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-07-23 19:09 . 2008-07-23 19:09 <DIR> d-------- C:\Program Files\Trend Micro 2008-07-23 18:52 . 2008-07-31 22:23 <DIR> d-------- C:\Program Files\Registry Clean Expert 2008-07-23 14:25 . 2008-07-23 14:25 <DIR> d-------- C:\Documents and Settings\USER\Dane aplikacji\Uniblue 2008-07-23 00:22 . 2008-07-23 00:22 <DIR> d-------- C:\Program Files\tibia2 2008-07-23 00:22 . 2008-07-23 00:22 <DIR> d-------- C:\Documents and Settings\USER\Dane aplikacji\Tibia . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-22 09:26 --------- d-----w C:\Documents and Settings\USER\Dane aplikacji\DNA 2008-08-21 19:54 24 ----a-w C:\Documents and Settings\USER\jagex_runescape_preferences.dat 2008-08-21 15:10 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP 2008-08-20 13:45 --------- d-----w C:\Program Files\GTASA-Ultimate Editor 2008-08-20 13:44 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE 2008-08-20 13:44 249,856 ------w C:\WINDOWS\Setup1.exe 2008-08-03 18:49 136,888 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-08-03 18:49 111,928 ----a-w C:\WINDOWS\system32\PnkBstrB.exe 2008-08-01 18:48 --------- d-----w C:\Program Files\MTA San Andreas 2008-08-01 10:19 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-07-31 20:34 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Ulead Systems 2008-07-31 20:13 --------- d-----w C:\Program Files\Valve 2008-07-31 20:12 --------- d-----w C:\Program Files\sXe Injected 2008-07-31 20:11 --------- d-----w C:\Program Files\Quake III Arena 2008-07-31 20:08 --------- d-----w C:\Program Files\Hooligans 2008-07-31 20:07 --------- d-----w C:\Program Files\Winamp 2008-07-31 19:13 --------- d-----w C:\Program Files\Command & Conquer Collection 2008-07-31 17:07 --------- d-----w C:\Documents and Settings\USER\Dane aplikacji\Azureus 2008-07-22 18:12 --------- d-----w C:\Documents and Settings\USER\Dane aplikacji\Xfire 2008-07-22 18:05 --------- d-----w C:\Documents and Settings\USER\Dane aplikacji\OpenOffice.org2 2008-07-18 15:41 --------- d-----w C:\Program Files\Bethesda Softworks 2008-07-18 15:40 --------- d-----w C:\Program Files\RegCleaner 2008-07-18 15:32 --------- d-----w C:\Documents and Settings\USER\Dane aplikacji\RegClean 2008-07-18 15:24 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2008-07-18 15:19 --------- d-----w C:\Documents and Settings\USER\Dane aplikacji\URSoft 2008-07-10 08:15 --------- d-----w C:\Documents and Settings\USER\Dane aplikacji\SecondLife 2008-07-07 20:33 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-07-07 12:39 --------- d-----w C:\Program Files\Azureus 2008-07-07 10:56 --------- d-----w C:\Documents and Settings\USER\Dane aplikacji\com.syncrosvnclient 2008-07-03 11:44 --------- d-----w C:\Program Files\Syncro SVN Client 3.2 2008-07-03 10:00 --------- d-----w C:\Documents and Settings\USER\Dane aplikacji\Subversion 2008-07-03 09:48 --------- d-----w C:\Program Files\Sun 2008-07-03 09:48 --------- d-----w C:\Program Files\Java 2008-07-03 09:47 --------- d-----w C:\Program Files\Common Files\Java 2008-07-02 09:39 --------- d-----w C:\Program Files\Xfire 2008-06-29 17:48 --------- d-----w C:\Documents and Settings\USER\Dane aplikacji\Nokia Multimedia Player 2008-06-26 20:10 42,320 ----a-w C:\WINDOWS\system32\xfcodec.dll 2008-06-25 17:43 --------- d-----w C:\Program Files\EA Games 2008-06-24 16:24 74,240 ----a-w C:\WINDOWS\system32\mscms.dll 2008-06-23 15:41 662,016 ----a-w C:\WINDOWS\system32\wininet.dll 2008-06-20 17:42 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-10 11:22 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe 2008-06-08 18:08 22,328 ----a-w C:\Documents and Settings\USER\Dane aplikacji\PnkBstrK.sys 2008-06-05 20:36 4,358,144 ----a-w C:\WINDOWS\uncsetup.exe 2008-06-05 19:09 163,328 ------w C:\WINDOWS\UNINEPSE.EXE . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-07-09 09:39 2119104] "PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 17:21 1449984] "AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 09:20 222080] "BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-06-03 20:23 289088] "Google Update"="C:\Documents and Settings\USER\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe" [2008-07-16 15:56 119280] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 03:01 32768] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-15 00:22 35328] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224] "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 16:17 159744] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-25 15:49 155648] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 03:41 49152] "PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" [2006-06-15 13:36 229376] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784] "UVS11 Preload"="C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-09-12 12:17 340136] "nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44 15360] C:\Documents and Settings\USER\Menu Start\Programy\Autostart\ YouTube Uploader.lnk - C:\Documents and Settings\USER\Ustawienia lokalne\Dane aplikacji\YouTube\Uploader\youtubeuploader.exe [2007-11-09 13:33:08 71152] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-09-16 10:42:48 113664] Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 14:44:06 29696] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 05:21:22 288472] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.YV12"= yv12vfw.dll "VIDC.XFR1"= xfcodec.dll "msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm "msacm.MPEGacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm "msacm.ulmp3acm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Pwd42.sys] @="Driver" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Gadu-Gadu\\gg.exe"= "C:\\Program Files\\GameSpy Arcade\\Aphex.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "C:\\Program Files\\Azureus\\Azureus.exe"= "C:\\Program Files\\Codemasters\\Worms 4 Mayhem\\WORMS 4 MAYHEM.EXE"= "C:\\Program Files\\MTA San Andreas\\server\\MTA Server.exe"= "C:\\Program Files\\Xfire\\xfire.exe"= "C:\\Program Files\\DNA\\btdna.exe"= "C:\\WINDOWS\\system32\\PnkBstrA.exe"= "C:\\WINDOWS\\system32\\PnkBstrB.exe"= "C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"= "C:\\Soldat\\Soldat.exe"= "C:\\Program Files\\EA Games\\Command and Conquer Generals\\patchget.dat"= "C:\\Program Files\\EA Games\\Command and Conquer Generals\\game.dat"= R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35] S3 k510bus;Sony Ericsson K510 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\k510bus.sys [2007-10-04 07:39] S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k510mdfl.sys [2007-10-04 07:39] S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\k510mdm.sys [2007-10-04 07:39] S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\k510mgmt.sys [2007-10-04 07:39] S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\k510obex.sys [2007-10-04 07:39] S3 Pwd42;Pwd42;C:\WINDOWS\System32\drivers\Pwd42.sys [2008-01-11 13:29] . Contents of the 'Scheduled Tasks' folder 2008-07-18 C:\WINDOWS\Tasks\RegClean Scheduled Scan.job - C:\Program Files\RegClean\RegClean.exe [] 2008-07-18 C:\WINDOWS\Tasks\RegClean Scheduled Scan.job - C:\Program Files\RegClean [] . . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\USER\Dane aplikacji\Mozilla\Firefox\Profiles\mjn2kfzf.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.daemon-search.com/default . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-22 11:30:13 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-08-22 11:31:04 ComboFix-quarantined-files.txt 2008-08-22 09:30:53 ComboFix2.txt 2008-07-25 09:01:39 Pre-Run: 26,165,104,640 bajtów wolnych Post-Run: 26,546,651,136 bajtów wolnych 189 --- E O F --- 2008-08-13 18:06:51
HIJACK
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:32:14, on 2008-08-22 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Winamp\winampa.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe C:\Program Files\DNA\btdna.exe C:\Documents and Settings\USER\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Documents and Settings\USER\Ustawienia lokalne\Dane aplikacji\YouTube\Uploader\youtubeuploader.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Java\jre1.6.0_06\bin\jucheck.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\USER\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe" /c O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: YouTube Uploader.lnk = C:\Documents and Settings\USER\Ustawienia lokalne\Dane aplikacji\YouTube\Uploader\youtubeuploader.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://slimak.onet.pl/_m/wirusy/ArcaOnline.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{5D928F50-FA17-49A2-9EAA-47449A3C14DA}: NameServer = 172.17.33.254 81.219.145.137 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 7641 bytes
Dodatkowo, gdy np chce się zalogować na pocztę wyskakuje mi wiadomość najpierw, że moje dane są przesyłane do bezpiecznej witryny blah blah blah blah. A zaraz potem, że informacje którę chce wysłać ( czyli login i hasło email) mogą zostać przesłąne do innych osób czy coś w tym rodzaju...
To jest jakiś keylogger? Virus?