Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:49:41, on 2008-12-06 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Windows\System32\rundll32.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\DigitalPersona\Bin\DpAgent.exe C:\Windows\System32\mobsync.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Windows\autoclk.exe C:\Program Files\IDT\WDM\sttray.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Gadu-Gadu\gg.exe c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Windows\ehome\ehtray.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Windows\system32\SearchFilterHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=pl_pl&c=83&bd=Pavilion&pf=cnnb R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=pl_pl&c=83&bd=Pavilion&pf=cnnb R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=pl_pl&c=83&bd=Pavilion&pf=cnnb R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\Pasek narzędzi AOL 5.0\aoltb.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\Pasek narzędzi AOL 5.0\aoltb.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [autoclk] autoclk.exe O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA SIECIOWA') O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: DSLMON.lnk = ? O8 - Extra context menu item: &Wyszukiwarka na pasku narzędzi AOL - C:\ProgramData\AOL\ieToolbar\resources\pl-PL\local\search.html O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Wyślij obraz do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Wyślij stronę do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O13 - Gopher Prefix: O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\aestsrv.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Harmonogram automatycznej usługi LiveUpdate (Automatic LiveUpdate Scheduler) - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Usługa iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: LiveUpdate Notice - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vfsFPService.exe -- End of file - 10358 bytes
combofix
ComboFix 08-12-05.06 - żyłka 2008-12-06 14:00:16.1 - NTFSx86 Microsoft? Windows Vista? Home Premium 6.0.6001.1.1250.1.1045.18.1925 [GMT 1:00] Uruchomiony z: c:\users\żyłka\Downloads\ComboFix.exe . ((((((((((((((((((((((((( Pliki utworzone od 2008-11-06 do 2008-12-06 ))))))))))))))))))))))))))))))) . 2008-12-06 13:51 . 2008-12-06 13:51 6,736 --a------ c:\windows\System32\drivers\PROCEXP90.SYS 2008-12-06 13:48 . 2008-12-06 13:48 <DIR> d-------- c:\program files\Trend Micro 2008-12-05 18:04 . 2008-12-05 20:13 <DIR> d-------- c:\users\żyłka\.housecall6.6 2008-12-05 18:04 . 2008-12-05 20:13 <DIR> d-------- c:\users\żyłka\.housecall6.6 2008-12-02 17:16 . 2008-12-02 18:01 <DIR> d-------- c:\users\All Users\Spybot - Search & Destroy 2008-12-02 17:16 . 2008-12-02 18:01 <DIR> d-------- c:\programdata\Spybot - Search & Destroy 2008-12-02 17:16 . 2008-12-02 17:17 <DIR> d-------- c:\program files\Spybot - Search & Destroy 2008-11-30 10:03 . 2008-11-30 10:03 <DIR> d-------- c:\users\żyłka\AppData\Roaming\PeerNetworking 2008-11-29 19:06 . 2008-11-29 19:06 <DIR> d-------- c:\users\żyłka\AppData\Roaming\skypePM 2008-11-29 19:06 . 2008-11-29 19:06 56 --ah----- c:\users\All Users\ezsidmv.dat 2008-11-29 19:06 . 2008-11-29 19:06 56 --ah----- c:\programdata\ezsidmv.dat 2008-11-29 19:04 . 2008-11-29 20:11 <DIR> d-------- c:\users\żyłka\AppData\Roaming\Skype 2008-11-29 19:03 . 2008-11-29 19:03 <DIR> d-------- c:\users\All Users\Skype 2008-11-29 19:03 . 2008-11-29 19:03 <DIR> d-------- c:\programdata\Skype 2008-11-29 19:03 . 2008-11-29 19:03 <DIR> d-------- c:\program files\Skype 2008-11-29 19:03 . 2008-11-29 19:03 <DIR> d-------- c:\program files\Common Files\Skype 2008-11-26 11:37 . 2008-10-22 04:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll 2008-11-26 11:36 . 2008-10-21 06:25 1,645,568 --a------ c:\windows\System32\connect.dll 2008-11-26 11:36 . 2008-08-28 04:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll 2008-11-26 11:36 . 2008-08-28 04:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll 2008-11-26 11:36 . 2008-08-28 04:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll 2008-11-24 18:02 . 2008-11-24 18:02 <DIR> d-------- c:\program files\Bethesda Softworks 2008-11-24 17:59 . 2008-11-24 17:59 <DIR> d-------- c:\windows\System32\xlive 2008-11-24 17:59 . 2007-03-12 16:42 3,495,784 --a------ c:\windows\System32\d3dx9_33.dll 2008-11-24 17:59 . 2007-03-12 16:42 1,123,696 --a------ c:\windows\System32\D3DCompiler_33.dll 2008-11-24 17:59 . 2007-03-15 16:57 443,752 --a------ c:\windows\System32\d3dx10_33.dll 2008-11-24 17:59 . 2007-04-04 18:53 81,768 --a------ c:\windows\System32\xinput1_3.dll 2008-11-21 10:14 . 2008-10-16 22:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll 2008-11-21 10:14 . 2008-10-16 21:56 1,524,736 --a------ c:\windows\System32\wucltux.dll 2008-11-21 10:14 . 2008-10-16 22:12 561,688 --a------ c:\windows\System32\wuapi.dll 2008-11-21 10:14 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll 2008-11-21 10:14 . 2008-10-16 21:55 83,456 --a------ c:\windows\System32\wudriver.dll 2008-11-21 10:14 . 2008-10-16 22:09 51,224 --a------ c:\windows\System32\wuauclt.exe 2008-11-21 10:14 . 2008-10-16 22:09 43,544 --a------ c:\windows\System32\wups2.dll 2008-11-21 10:14 . 2008-10-16 22:08 34,328 --a------ c:\windows\System32\wups.dll 2008-11-21 10:14 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe 2008-11-14 20:21 . 2008-11-14 20:24 <DIR> d-------- c:\program files\bwin 2008-11-12 17:14 . 2008-09-10 04:40 1,334,272 --a------ c:\windows\System32\msxml6.dll 2008-11-12 17:14 . 2008-09-05 06:14 1,191,936 --a------ c:\windows\System32\msxml3.dll 2008-11-12 17:14 . 2008-08-27 02:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys 2008-11-11 11:02 . 2008-11-11 11:02 <DIR> d----c--- c:\windows\System32\DRVSTORE 2008-11-11 11:02 . 2008-11-11 11:02 <DIR> d-------- c:\users\żyłka\AppData\Roaming\Apple Computer 2008-11-11 11:02 . 2008-04-17 13:12 107,368 --a------ c:\windows\System32\GEARAspi.dll 2008-11-11 11:02 . 2008-04-17 13:12 15,464 --a------ c:\windows\System32\drivers\GEARAspiWDM.sys 2008-11-11 11:01 . 2008-11-11 11:02 <DIR> d-------- c:\users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-11-11 11:01 . 2008-11-11 11:02 <DIR> d-------- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-11-11 11:01 . 2008-11-11 11:02 <DIR> d-------- c:\program files\iTunes 2008-11-11 11:01 . 2008-11-11 11:01 <DIR> d-------- c:\program files\iPod 2008-11-11 11:01 . 2008-11-11 11:01 <DIR> d-------- c:\program files\Bonjour 2008-11-11 10:57 . 2008-11-11 11:01 <DIR> d-------- c:\users\All Users\Apple Computer 2008-11-11 10:57 . 2008-11-11 11:01 <DIR> d-------- c:\programdata\Apple Computer 2008-11-11 10:57 . 2008-11-11 10:58 <DIR> d-------- c:\program files\QuickTime 2008-11-11 10:57 . 2008-11-11 11:00 <DIR> d-------- c:\program files\Common Files\Apple 2008-11-08 19:13 . 2008-11-08 19:13 <DIR> d-------- c:\users\żyłka\AppData\Roaming\Leadertech . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-06 13:10 1,835,008 --sha-w c:\users\żyłka\ntuser.dat 2008-12-06 13:10 1,835,008 --sha-w c:\users\żyłka\ntuser.dat 2008-12-06 13:07 69,837 ----a-w c:\users\All Users\nvModes.dat 2008-12-06 13:07 69,837 ----a-w c:\programdata\nvModes.dat 2008-12-04 17:01 --------- d-----w c:\users\żyłka\AppData\Roaming\uTorrent 2008-11-30 09:05 --------- d-s---w c:\users\żyłka\AppData\Roaming\Microsoft 2008-11-30 09:03 --------- d-----w c:\users\żyłka\AppData\Roaming\PeerNetworking 2008-11-29 19:11 --------- d-----w c:\users\żyłka\AppData\Roaming\Skype 2008-11-29 18:06 --------- d-----w c:\users\żyłka\AppData\Roaming\skypePM 2008-11-27 19:42 --------- d-----w c:\users\żyłka\AppData\Roaming\GanymedeNet 2008-11-27 19:42 --------- d-----w c:\program files\Ganymede 2008-11-24 17:02 --------- d--h--w c:\program files\InstallShield Installation Information 2008-11-22 13:38 --------- d-----w c:\users\żyłka\AppData\Roaming\Hewlett-Packard 2008-11-15 13:16 --------- d-----w c:\programdata\Hewlett-Packard 2008-11-11 10:02 --------- d-----w c:\users\żyłka\AppData\Roaming\Apple Computer 2008-11-08 18:13 --------- d-----w c:\users\żyłka\AppData\Roaming\Leadertech 2008-11-02 09:12 --------- d-----w c:\program files\Common Files\Symantec Shared 2008-10-28 20:03 --------- d-----w c:\program files\SopCast 2008-10-22 14:21 21,248 ----a-w c:\windows\Help\OEM\scripts\HPScript.exe 2008-10-20 14:08 --------- d-----w c:\users\żyłka\AppData\Roaming\HP 2008-10-20 14:08 --------- d-----w c:\users\żyłka\AppData\Roaming\CyberLink 2008-10-20 14:08 --------- d-----w c:\programdata\HP 2008-10-20 14:08 --------- d-----w c:\programdata\CyberLink 2008-10-19 21:18 --------- d-----w c:\programdata\Microsoft Help 2008-10-18 17:11 --------- d-----w c:\users\żyłka\AppData\Roaming\Sony 2008-10-18 17:11 --------- d-----w c:\programdata\Sony 2008-10-18 09:33 --------- d-----w c:\program files\Wanadoo 2008-10-17 14:05 --------- d-----w c:\program files\Windows Mail 2008-10-07 12:35 --------- d-----w c:\program files\DAEMON Tools Lite 2008-10-07 12:29 717,296 ----a-w c:\windows\system32\drivers\sptd.sys 2008-10-07 12:28 --------- d-----w c:\users\żyłka\AppData\Roaming\DAEMON Tools 2008-10-06 09:51 20,224 ----a-w c:\windows\Help\OEM\scripts\HC_checkMUI.dll 2008-10-02 03:49 827,392 ----a-w c:\windows\System32\wininet.dll 2008-09-30 15:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll 2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe 2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe 2008-09-18 04:56 147,456 ----a-w c:\windows\System32\Faultrep.dll 2008-09-18 04:56 125,952 ----a-w c:\windows\System32\wersvc.dll 2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys 2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920] "Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2008-03-20 2127296] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-23 13539872] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-23 92704] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-15 178712] "DpAgent"="c:\program files\DigitalPersona\Bin\dpagent.exe" [2008-03-12 699456] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048] "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-04-15 70912] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-11-20 488752] "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-06-27 442467] "autoclk"="autoclk.exe" [2006-02-15 c:\windows\autoclk.exe] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-01-16 727592] DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-09-04 839680] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.l3codecp"= l3codecp.acm [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli DPPWDFLT [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\startupfolder\C:^Users^żyłka^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^FIFA 09 Registration.lnk] path=c:\users\żyłka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FIFA 09 Registration.lnk backup=c:\windows\pss\FIFA 09 Registration.lnk.Startup backupExtension=.Startup [HKLM\~\startupfolder\C:^Users^żyłka^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Need for Speed? Undercover Registration.lnk] path=c:\users\żyłka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Need for Speed? Undercover Registration.lnk backup=c:\windows\pss\Need for Speed? Undercover Registration.lnk.Startup backupExtension=.Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] --a------ 2007-03-09 10:09 63712 c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2007-05-11 12:06 40048 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] --a------ 2008-07-24 16:02 490952 c:\program files\DAEMON Tools Lite\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-10-01 18:57 289576 c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2007-01-19 11:54 5674352 c:\program files\MSN Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OnScreenDisplay] --a------ 2007-11-01 17:42 554288 c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe] --a------ 2008-03-14 07:45 202032 c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService] --a------ 2008-04-23 22:51 468264 c:\program files\HP\QuickPlay\QPService.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-09-06 15:09 413696 c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite] --------- 2008-02-20 16:20 360448 c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2008-06-10 03:27 144784 c:\program files\Java\jre1.6.0_07\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu] --------- 2007-12-24 14:55 222504 c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\<a href="http://www.download.net.pl/1/Winamp/">Winamp</a>Agent] --a------ 2008-08-04 00:02 36352 c:\program files\<a href="http://www.download.net.pl/1/Winamp/">Winamp</a>\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] --a------ 2008-01-21 03:25 202240 c:\program files\Windows Media Player\wmpnscfg.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UacDisableNotify"=dword:00000001 "InternetSettingsDisableNotify"=dword:00000001 "AutoUpdateDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{B00963C1-F048-44E8-ACB7-591E236A93E9}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play "{D70C15CA-F10F-440B-ACAC-2712E92C30EF}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program "{23F0B9C6-1CD8-41B5-98B8-91AE124A1294}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector "{84637E1B-79AA-4715-BD9D-3B49CF38BE60}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone) "{F49311FD-8D06-4918-BA7C-ECE422DD0E56}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{44192C5B-6B10-40DB-8FF9-9FED8BDF083B}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{B53C828A-4A29-4736-B2B9-D42123EE2BAA}"= UDP:c:\program files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:Sony Ericsson Media Manager 1.1 "{3679E99B-79C2-4DBE-B615-34BC590FD45E}"= TCP:c:\program files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:Sony Ericsson Media Manager 1.1 "{F3230630-2E9C-494E-B443-782C7DA3E04C}"= UDP:c:\program files\uTorrent\uTorrent.exe:?Torrent (TCP-In) "{DA9517DF-01B2-4F70-99A2-B60F5AE08EC3}"= TCP:c:\program files\uTorrent\uTorrent.exe:?Torrent (UDP-In) "{5415A989-4805-4EC2-BA39-8BC023CE8658}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{1A5DA3AA-813B-48B6-957E-4CAE428BC48D}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{FB965F56-37BE-489F-BAB7-EA377F928074}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes "{6178B050-E8F5-49EA-A4B2-A69B6166F9AB}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes "{AE49037D-0C4D-477F-A64F-93BC470D3BC1}"= c:\program files\Skype\Phone\Skype.exe:Skype [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) R1 IDSvix86;Symantec Intrusion Prevention Driver;\??\c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20081029.003\IDSvix86.sys [2008-10-30 270384] R2 {22D78859-9CE9-4B77-BF18-AC83E81A9263};{22D78859-9CE9-4B77-BF18-AC83E81A9263};\??\c:\program files\HP\QuickPlay\[u]0[/u]00.fcl [2008-07-02 23:07:45 39408] R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\aestsrv.exe [2008-08-12 73728] R2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-03-18 19456] R2 LiveUpdate Notice;LiveUpdate Notice;"c:\program files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [2008-02-07 149352] R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-07-02 341328] R2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [2008-03-26 595248] R3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-01-24 52736] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-09-04 99376] R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-04-01 81296] R3 NETw5v32;Sterownik karty Intel? Wireless WiFi Link dla systemu Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-08-12 3658752] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-05-23 43552] R3 SYMNDISV;SYMNDISV;c:\windows\system32\Drivers\SYMNDISV.SYS [2008-06-13 41008] R3 vfs101x;vfs101x;c:\windows\system32\drivers\vfs101x.sys [2008-03-26 40752] S3 COH_Mon;COH_Mon;\??\c:\windows\system32\Drivers\COH_Mon.sys [2008-01-13 23888] S3 Com4QLBEx;Com4QLBEx;"c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe" [2008-07-02 193840] S3 s3017bus;Sony Ericsson Device 3017 driver (WDM);c:\windows\system32\DRIVERS\s3017bus.sys [2008-09-08 83880] S3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s3017mdfl.sys [2008-09-08 15016] S3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s3017mdm.sys [2008-09-08 110632] S3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s3017mgmt.sys [2008-09-08 104616] S3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS);c:\windows\system32\DRIVERS\s3017nd5.sys [2008-09-08 25512] S3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s3017obex.sys [2008-09-08 100648] S3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM);c:\windows\system32\DRIVERS\s3017unic.sys [2008-09-08 110120] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d59a9680-946b-11dd-a767-00218674df9b}] \shell\AutoRun\command - F:\Autorun.exe *Newly Created Service* - COMHOST . Zawartość folderu 'Zaplanowane zadania' 2008-11-29 c:\windows\Tasks\HPCeeScheduleForżyłka.job - c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-04-15 14:14] 2008-12-01 c:\windows\Tasks\Norton Internet Security - Uruchom pełne skanowanie systemu - żyłka.job - c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2008-02-07 13:05] 2008-12-05 c:\windows\Tasks\User_Feed_Synchronization-{27E148ED-BBC9-4113-A407-67A246E5A258}.job - c:\windows\system32\msfeedssync.exe [2008-01-21 03:24] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/ mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=pl_pl&c=83&bd=Pavilion&pf=cnnb uInternet Settings,ProxyOverride = *.local IE: &Wyszukiwarka na pasku narzędzi AOL - c:\programdata\AOL\ieToolbar\resources\pl-PL\local\search.html IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: Wyślij obraz do urządzenia &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Wyślij stronę do urządzenia &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm FireFox -: Profile - c:\users\żyłka\AppData\Roaming\Mozilla\Firefox\Profiles\okghs44q.default\ FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll FF -: plugin - c:\program files\Mozilla Firefox\plugins\npganymedenet.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url] Rootkit scan 2008-12-06 14:09:22 Windows 6.0.6001 Service Pack 1 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... c:\windows\TEMP\TMP0000004517E1239091C0E038 524288 bytes skanowanie pomyślnie ukończone ukryte pliki: 1 ************************************************************************** . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'lsass.exe'(660) c:\windows\system32\DPPWDFLT.dll - - - - - - - > 'Explorer.exe'(5696) c:\windows\system32\btmmhook.dll c:\windows\system32\btncopy.dll c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll c:\program files\DigitalPersona\Bin\DpoFeedb.dll . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\windows\System32\nvvsvc.exe c:\windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\stacsv.exe c:\windows\System32\audiodg.exe c:\windows\System32\rundll32.exe c:\program files\DigitalPersona\Bin\DpHostW.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe c:\program files\CyberLink\Shared Files\RichVideo.exe c:\windows\servicing\TrustedInstaller.exe c:\windows\System32\conime.exe c:\windows\System32\rundll32.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\ehome\ehmsas.exe c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe c:\program files\WIDCOMM\Bluetooth Software\BTStackServer.exe c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe c:\program files\Hewlett-Packard\Shared\HpqToaster.exe c:\program files\Synaptics\SynTP\SynTPHelper.exe c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe c:\windows\System32\wbem\WMIADAP.exe . ************************************************************************** . Czas ukończenia: 2008-12-06 14:14:43 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2008-12-06 13:14:13 Przed: 106 890 739 712 bajtów wolnych Po: 107,446,226,944 bajtów wolnych 309 --- E O F --- 2008-12-05 10:02:05
dziekuje