Wykryto wyłączony javascript

Aktualnie masz wyłączony javascript. Kilka funkcji może nie działać. Włącz ponownie javascript, aby korzystać z pełnej funkcjonalności.

Logi - Profilaktyczna kontrola

Rozpoczęty przez Dodo_14 , 29 08 2008 20:11

Temat jest zamknięty

1 odpowiedź w tym temacie

#1 Dodo_14

Początkujący

146 postów

Napisano 29 08 2008 - 20:11

ComboFix 08-08-28.06 - A 2008-08-29 19:54:08.2 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.3.1250.1.1045.18.346 [GMT 2:00]
Running from: C:\Documents and Settings\A\Pulpit\ComboFix.exe

[color="red"][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED [img]http://www.forum.tweaks.pl/public/style_emoticons/default/excl.gif[/img][/b][/color]
.

(((((((((((((((((((((((((   Files Created from 2008-07-28 to 2008-08-29  )))))))))))))))))))))))))))))))
.

2008-08-28 16:04 . 2008-08-28 16:04	<DIR>	d--------	C:\Documents and Settings\A\Dane aplikacji\Windows Search
2008-08-26 17:33 . 2008-08-26 17:33	<DIR>	d--h-----	C:\WINDOWS\PIF
2008-08-26 17:29 . 2008-08-26 17:29	<DIR>	d--------	C:\Program Files\Windows Desktop Search
2008-08-26 17:29 . 2008-08-26 17:29	<DIR>	d--------	C:\Documents and Settings\A\Dane aplikacji\Windows Desktop Search
2008-08-26 17:28 . 2008-08-26 17:28	<DIR>	d--------	C:\WINDOWS\system32\GroupPolicy
2008-08-26 17:28 . 2008-03-07 19:02	192,000	-----c---	C:\WINDOWS\system32\dllcache\offfilt.dll
2008-08-26 17:28 . 2008-03-07 19:02	98,304	-----c---	C:\WINDOWS\system32\dllcache\nlhtml.dll
2008-08-26 17:28 . 2008-03-07 19:02	29,696	-----c---	C:\WINDOWS\system32\dllcache\mimefilt.dll
2008-08-26 17:26 . 2008-08-26 17:26	<DIR>	d--------	C:\Program Files\Windows Media Connect 2
2008-08-26 17:25 . 2008-08-26 17:25	<DIR>	d--------	C:\WINDOWS\system32\LogFiles
2008-08-26 17:25 . 2008-08-26 17:25	<DIR>	d--------	C:\WINDOWS\system32\drivers\UMDF
2008-08-26 17:16 . 2008-08-26 17:16	<DIR>	d--------	C:\WINDOWS\system32\URTTemp
2008-08-26 17:15 . 2008-07-22 17:00	1,214,526	-----c---	C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-08-26 17:15 . 2008-07-22 17:00	790,846	-----c---	C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-08-26 17:15 . 2008-07-22 17:00	9,696	-----c---	C:\WINDOWS\system32\dllcache\drvmain.sdb
2008-08-26 16:26 . 2008-08-26 17:29	<DIR>	d--------	C:\WINDOWS\system32\pl-pl
2008-08-26 16:26 . 2008-08-26 16:26	<DIR>	d--------	C:\WINDOWS\system32\pl
2008-08-26 16:26 . 2008-08-26 16:26	<DIR>	d--------	C:\WINDOWS\system32\bits
2008-08-26 16:26 . 2008-08-26 16:26	<DIR>	d--------	C:\WINDOWS\l2schemas
2008-08-26 16:25 . 2008-08-26 16:25	<DIR>	d--------	C:\WINDOWS\ServicePackFiles
2008-08-26 16:18 . 2008-08-26 16:18	<DIR>	d--------	C:\WINDOWS\EHome
2008-08-26 16:15 . 2004-08-03 22:41	1,041,536	---------	C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2008-08-26 15:38 . 2008-07-18 22:09	29,896	--a------	C:\WINDOWS\system32\wuapi.dll.mui
2008-08-25 12:21 . 2008-08-25 12:21	<DIR>	d--------	C:\Documents and Settings\A\Dane aplikacji\Nokia Multimedia Player
2008-08-25 11:47 . 2008-08-25 11:48	<DIR>	d--------	C:\Documents and Settings\A\Phone Browser
2008-08-25 11:45 . 2008-08-25 11:45	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\PC Suite
2008-08-25 11:45 . 2008-08-25 11:45	<DIR>	d--------	C:\Documents and Settings\A\Dane aplikacji\Nokia
2008-08-25 11:44 . 2008-08-25 11:45	<DIR>	d----c---	C:\WINDOWS\system32\DRVSTORE
2008-08-25 11:44 . 2008-08-25 11:44	<DIR>	d--------	C:\Program Files\PC Connectivity Solution
2008-08-25 11:44 . 2008-08-25 11:45	<DIR>	d--------	C:\Program Files\DIFX
2008-08-25 11:44 . 2008-08-25 11:44	<DIR>	d--------	C:\Program Files\Common Files\PCSuite
2008-08-25 11:44 . 2008-08-25 11:44	<DIR>	d--------	C:\Program Files\Common Files\Nokia
2008-08-25 11:44 . 2008-08-25 11:44	<DIR>	d--------	C:\Documents and Settings\A\Dane aplikacji\PC Suite
2008-08-25 11:44 . 2007-02-22 10:15	137,216	--a------	C:\WINDOWS\system32\drivers\nmwcd.sys
2008-08-25 11:44 . 2007-02-22 10:15	90,624	--a------	C:\WINDOWS\system32\nmwcdcls.dll
2008-08-25 11:44 . 2007-02-22 10:15	65,536	--a------	C:\WINDOWS\system32\nmwcdcocls.dll
2008-08-25 11:44 . 2007-02-22 10:15	12,288	--a------	C:\WINDOWS\system32\drivers\nmwcdcm.sys
2008-08-25 11:44 . 2007-02-22 10:15	12,288	--a------	C:\WINDOWS\system32\drivers\nmwcdcj.sys
2008-08-25 11:44 . 2007-02-22 10:15	8,320	--a------	C:\WINDOWS\system32\drivers\nmwcdc.sys
2008-08-25 11:43 . 2008-08-25 11:44	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Installations
2008-08-22 16:26 . 1999-04-23 22:22	151,552	--a------	C:\WINDOWS\system32\MSOSS.DLL
2008-08-21 16:24 . 2008-08-21 16:24	<DIR>	d--hs----	C:\Documents and Settings\A\UserData
2008-08-21 16:14 . 2008-08-21 16:18	100	--a------	C:\index.ini
2008-08-21 15:59 . 2008-08-21 16:17	<DIR>	d--------	C:\Program Files\a-squared HiJackFree
2008-08-19 16:28 . 2008-04-11 21:06	691,712	-----c---	C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-19 16:28 . 2008-05-01 16:37	331,776	-----c---	C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-18 18:48 . 2008-08-29 18:12	<DIR>	d--------	C:\Documents and Settings\A\Dane aplikacji\Any Video Converter
2008-08-08 19:07 . 2008-08-08 19:08	<DIR>	d--------	C:\Documents and Settings\A\Gadu-Gadu
2008-08-08 19:06 . 2008-08-08 19:06	<DIR>	d--------	C:\Documents and Settings\A\Dane aplikacji\Thinstall
2008-08-08 18:58 . 2008-08-08 18:58	<DIR>	d--------	C:\Documents and Settings\A\Dane aplikacji\vlc
2008-08-08 16:15 . 2008-08-08 16:15	<DIR>	d--------	C:\Documents and Settings\A\Dane aplikacji\Nero
2008-08-08 15:58 . 2008-08-29 10:26	69	--a------	C:\WINDOWS\NeroDigital.ini
2008-08-08 15:40 . 2008-08-08 15:42	<DIR>	d--------	C:\Program Files\Winamp
2008-08-08 15:35 . 2008-08-08 15:35	<DIR>	d--------	C:\Documents and Settings\A\Dane aplikacji\AdobeUM
2008-08-08 15:23 . 2008-08-08 15:23	100	--a------	C:\WINDOWS\Tb98.ini
2008-08-08 15:22 . 2008-08-08 15:22	<DIR>	d--------	C:\Program Files\TextBridge Classic 2.0
2008-08-08 15:22 . 2008-08-08 15:22	<DIR>	d--------	C:\Program Files\Common Files\Xerox Shared
2008-08-08 15:21 . 2008-08-08 15:21	<DIR>	d--------	C:\Program Files\MGI
2008-08-08 15:21 . 1997-01-03 15:00	15,664	--a------	C:\WINDOWS\system32\PSUITE.SCR
2008-08-08 15:21 . 1997-12-03 13:04	78	--a------	C:\WINDOWS\psuite.ini
2008-08-08 15:20 . 2008-08-08 15:20	<DIR>	d--------	C:\Documents and Settings\A\WINDOWS
2008-08-08 15:19 . 1998-10-29 16:45	306,688	--a------	C:\WINDOWS\IsUninst.exe
2008-08-08 15:18 . 1998-07-30 07:44	14,336	-ra------	C:\WINDOWS\system32\pmxusb.cpl
2008-08-08 15:18 . 1999-10-13 09:19	12,400	-ra------	C:\WINDOWS\system32\drivers\usbscan.sys
2008-08-08 15:18 . 1998-08-20 02:46	4,608	-ra------	C:\WINDOWS\system32\W95Inf32.DLL
2008-08-08 15:18 . 1998-08-20 02:46	2,272	-ra------	C:\WINDOWS\system32\W95Inf16.DLL
2008-08-08 15:15 . 2008-08-08 15:15	0	--a------	C:\WINDOWS\nsreg.dat
2008-08-08 14:59 . 2003-10-16 18:07	32,768	--a------	C:\WINDOWS\system32\WooDial2000.dll
2008-08-08 14:57 . 2008-08-08 14:57	<DIR>	d--------	C:\Program Files\Thomson
2008-08-08 14:57 . 2003-12-08 11:53	70,688	--a------	C:\WINDOWS\system32\drivers\alcaudsl.sys
2008-08-08 14:57 . 2003-12-08 11:53	53,600	--a------	C:\WINDOWS\system32\drivers\alcan5wn.sys
2008-08-08 14:57 . 2003-12-08 11:53	5,606	--a------	C:\WINDOWS\system32\stci.dll
2008-08-08 14:57 . 2003-12-08 11:53	5,280	--a------	C:\WINDOWS\system32\drivers\alcawh.sys
2008-08-08 14:57 . 2003-12-08 11:53	3,968	--a------	C:\WINDOWS\system32\drivers\alcacr.sys
2008-08-08 14:43 . 2008-08-08 14:43	<DIR>	d--hs----	C:\WINDOWS\ftpcache
2008-08-08 14:43 . 2008-08-29 19:50	<DIR>	d--------	C:\Program Files\Neostrada TP
2008-08-07 18:59 . 2008-08-07 18:59	427	--a------	C:\WINDOWS\ODBC.INI
2008-08-07 18:55 . 2008-08-07 18:55	<DIR>	d--------	C:\WINDOWS\ShellNew
2008-08-07 18:53 . 2008-08-07 18:53	<DIR>	d--------	C:\Documents and Settings\A\Dane aplikacji\Microsoft Web Folders
2008-08-07 18:47 . 2008-08-07 18:47	<DIR>	d--------	C:\Program Files\Common Files\Adobe
2008-08-07 18:37 . 2008-08-07 18:42	<DIR>	d--------	C:\Program Files\Nero
2008-08-07 18:37 . 2008-08-07 18:38	<DIR>	d--------	C:\Program Files\Common Files\Nero
2008-08-07 18:37 . 2008-08-07 18:37	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Nero
2008-08-07 18:37 . 2006-03-17 11:45	1,757,184	--a------	C:\WINDOWS\system32\imagX7.dll
2008-08-07 18:37 . 2006-03-17 11:45	802,816	--a------	C:\WINDOWS\system32\imagXRA7.dll
2008-08-07 18:37 . 2006-03-17 11:45	497,296	--a------	C:\WINDOWS\system32\imagXpr7.dll
2008-08-07 18:37 . 2006-03-17 14:49	368,640	--a------	C:\WINDOWS\system32\TwnLib4.dll
2008-08-07 18:37 . 2006-03-17 11:45	258,048	--a------	C:\WINDOWS\system32\imagXR7.dll
2008-08-06 19:41 . 2008-06-14 19:36	273,024	---------	C:\WINDOWS\system32\drivers\bthport.sys
2008-08-06 19:41 . 2008-06-14 19:36	273,024	-----c---	C:\WINDOWS\system32\dllcache\bthport.sys
2008-08-06 19:37 . 2008-05-08 16:02	203,136	-----c---	C:\WINDOWS\system32\dllcache\rmcast.sys
2008-08-06 19:31 . 2008-08-06 19:31	13,646	--a------	C:\WINDOWS\system32\wpa.bak
2008-08-06 19:22 . 2008-08-06 19:22	<DIR>	d--------	C:\Program Files\Kaspersky Lab
2008-08-06 19:22 . 2008-08-29 17:14	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2008-08-06 19:22 . 2008-08-29 19:58	3,748,896	--ahs----	C:\WINDOWS\system32\drivers\fidbox.dat
2008-08-06 19:22 . 2008-08-29 19:56	166,432	--ahs----	C:\WINDOWS\system32\drivers\fidbox2.dat
2008-08-06 19:22 . 2008-08-06 19:36	96,976	--a------	C:\WINDOWS\system32\drivers\klin.dat
2008-08-06 19:22 . 2008-08-06 19:36	87,855	--a------	C:\WINDOWS\system32\drivers\klick.dat
2008-08-06 19:22 . 2008-08-29 19:56	55,340	--ahs----	C:\WINDOWS\system32\drivers\fidbox.idx
2008-08-06 19:22 . 2008-08-29 19:56	19,472	--ahs----	C:\WINDOWS\system32\drivers\fidbox2.idx
2008-08-06 19:19 . 2008-08-29 19:57	558	--a------	C:\WINDOWS\DFC.INI
2008-08-06 19:17 . 2008-08-06 19:17	<DIR>	d--------	C:\WINDOWS\nview
2008-08-06 19:17 . 2007-10-05 07:37	356,352	--a------	C:\WINDOWS\system32\nvudisp.exe
2008-08-06 19:17 . 2008-08-06 19:19	138,893	--a------	C:\WINDOWS\system32\nvapps.xml
2008-08-06 19:17 . 2007-10-05 07:37	17,525	--a------	C:\WINDOWS\system32\nvdisp.nvu
2008-08-06 19:14 . 2007-09-17 02:10	356,352	--a------	C:\WINDOWS\system32\NVUNINST.EXE
2008-08-06 19:12 . 2008-08-06 19:12	<DIR>	d--------	C:\Program Files\VDOTool
2008-08-06 19:12 . 2007-03-16 10:11	12,256	--a------	C:\WINDOWS\system32\drivers\TBPanel.sys
2008-08-06 19:07 . 2008-08-06 19:07	<DIR>	d--------	C:\WINDOWS\system32\Lang
2008-08-06 19:07 . 2008-08-06 19:07	940,794	--a------	C:\WINDOWS\system32\LoopyMusic.wav
2008-08-06 19:07 . 2008-08-06 19:07	146,650	--a------	C:\WINDOWS\system32\BuzzingBee.wav
2008-08-06 19:04 . 2008-08-06 19:04	<DIR>	d--------	C:\WINDOWS\OPTIONS
2008-08-06 19:04 . 2008-08-06 19:04	<DIR>	d--------	C:\Program Files\Realtek
2008-08-06 19:04 . 2008-08-26 18:41	<DIR>	d--h-----	C:\Program Files\InstallShield Installation Information
2008-08-06 19:04 . 2008-08-08 14:57	<DIR>	d--------	C:\Program Files\Common Files\InstallShield
2008-08-06 19:04 . 2008-08-06 19:04	<DIR>	d--------	C:\Documents and Settings\A\Dane aplikacji\InstallShield
2008-08-06 19:04 . 2006-11-14 11:21	16,270,848	-r-------	C:\WINDOWS\RTHDCPL.exe
2008-08-06 19:04 . 2006-05-04 10:35	9,709,568	-r-------	C:\WINDOWS\RTLCPL.exe
2008-08-06 19:04 . 2006-11-15 08:34	4,225,920	-r-------	C:\WINDOWS\system32\drivers\RtkHDAud.Sys
2008-08-06 19:04 . 2006-05-04 10:26	2,808,832	-r-------	C:\WINDOWS\alcwzrd.exe
2008-08-06 19:04 . 2006-10-11 11:42	2,157,568	-r-------	C:\WINDOWS\MicCal.exe
2008-08-06 19:04 . 2006-11-13 07:07	1,183,744	-r-------	C:\WINDOWS\RtlUpd.exe
2008-08-06 19:04 . 2006-09-12 08:34	499,712	-r-------	C:\WINDOWS\RtlExUpd.dll
2008-08-06 19:04 . 2005-09-21 04:25	299,008	-r-------	C:\WINDOWS\system32\ALSndMgr.Cpl
2008-08-06 19:04 . 2006-08-18 00:58	282,624	-r-------	C:\WINDOWS\system32\RTSndMgr.Cpl

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-07 16:52	---------	d-----w	C:\Program Files\microsoft frontpage
2008-08-06 17:36	112,144	----a-w	C:\WINDOWS\system32\drivers\kl1.sys
2008-08-06 16:45	---------	d-----w	C:\Program Files\Usługi online
2008-07-18 20:10	94,920	----a-w	C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10	53,448	----a-w	C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10	45,768	----a-w	C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10	36,552	----a-w	C:\WINDOWS\system32\wups.dll
2008-07-18 20:09	563,912	----a-w	C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09	325,832	----a-w	C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09	1,811,656	----a-w	C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:08	205,000	----a-w	C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:07	210,976	----a-w	C:\WINDOWS\system32\muweb.dll
2008-07-07 20:29	253,952	----a-w	C:\WINDOWS\system32\es.dll
2008-06-24 16:46	74,240	----a-w	C:\WINDOWS\system32\mscms.dll
2008-06-23 16:42	826,368	----a-w	C:\WINDOWS\system32\wininet.dll
2008-06-20 17:48	246,784	----a-w	C:\WINDOWS\system32\mswsock.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 19:21 15360]
"Gadu-Gadu"="D:\Program Files\Gadu-Gadu\gg.exe" [2003-10-02 15:43 729088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gainward"="C:\Program Files\VDOTool\TBPanel.exe" [2007-10-02 12:19 2165272]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-05 07:37 8491008]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-05 07:37 81920]
"WooCnxMon"="C:\PROGRA~1\NEOSTR~1\CnxMon.exe" [2003-10-16 18:07 24576]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 11:38 866816]
"WOOWATCH"="C:\PROGRA~1\NEOSTR~1\Watch.exe" [2003-10-16 18:07 20480]
"WOOTASKBARICON"="C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe" [2003-10-16 18:07 53248]
"Detector"="C:\WINDOWS\twain_32\FlatBed\Detector.exe" [2000-04-27 04:13 38912]
"InstantAccess"="C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE" [1998-07-07 16:04 37376]
"RegisterDropHandler"="C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE" [1998-07-07 16:20 22528]
"PCSuiteTrayApplication"="D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 13:20 227328]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 11:21 16270848 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe]
"nwiz"="nwiz.exe" [2007-10-05 07:37 1626112 C:\WINDOWS\system32\nwiz.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"RegisterDropHandler"="C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE" [1998-07-07 16:20 22528]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 19:21 15360]
"Nokia.PCSync"="D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 15:58 1744896]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 21:05:56 65588]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 22:19 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]
S3 pmxscan;USB Flatbed Scanner Driver;C:\WINDOWS\system32\DRIVERS\usbscan.sys [1999-10-13 09:19]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\A\Dane aplikacji\Mozilla\Firefox\Profiles\1g550l9f.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.pl
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url]
Rootkit scan 2008-08-29 19:58:03
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\searchindexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
.
**************************************************************************
.
Completion time: 2008-08-29 20:03:05 - machine was rebooted [A]
ComboFix-quarantined-files.txt  2008-08-29 18:03:00

Pre-Run: 60,583,170,048 bajtów wolnych
Post-Run: 61,257,969,664 bajt˘w wolnych

227	--- E O F ---	2008-08-27 19:46:43

HIJACK

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:09:29, on 2008-08-29
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\VDOTool\TBPanel.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
C:\WINDOWS\twain_32\FlatBed\Detector.exe
C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Neostrada TP\NeostradaTP.exe
C:\Program Files\Neostrada TP\ComComp.exe
C:\Program Files\Neostrada TP\Watch.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.wp.pl/"]http://www.wp.pl/[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [url="http://www.viruslist.com/pl/search?VN=Integrity%20violation&referer=kis"]http://www.viruslist.com/pl/search?VN=Inte...amp;referer=kis[/url]
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Gainward] C:\Program Files\VDOTool\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
O4 - HKLM\..\Run: [Detector] C:\WINDOWS\twain_32\FlatBed\Detector.exe
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "D:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Dodaj do blokowanych banerów - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Statystyki dla ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [url="http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1219758133218"]http://update.microsoft.com/windowsupdate/...b?1219758133218[/url]
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [url="http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1219758230453"]http://update.microsoft.com/microsoftupdat...b?1219758230453[/url]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [url="http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab"]http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab[/url]
O17 - HKLM\System\CCS\Services\Tcpip\..\{8BDD0556-57C2-45CA-89BA-A901C325BB1B}: NameServer = 194.204.159.1 217.98.63.164
O17 - HKLM\System\CCS\Services\Tcpip\..\{DCCB6216-1537-483B-AF6F-84EFADD80B4D}: NameServer = 192.168.2.1
O23 - Service: Kaspersky Internet Security Home Edition 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 6194 bytes