Witam.
Wczoraj zauważyłem dość intensywne mielenie dysku. Dziwne w momencie gdy wiem iż nie uruchamiałem żadnych defragmentatorów, nie ściągam nic z neta ani nie robię na tę chwilę żadnych operacji dyskowych. W Monitorze zasobów (Vista Ultimate) zobaczyłem dziwne operacje dyskowe na plikach takich jak filmy, grafika z udziałem pliku svchost. TUTAJ przykład.
Zamieszczam też loga z Hijackthis
» Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - "SPOILER"
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:21:31, on 2008-07-16
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\System32\oodtray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Collins\Watch.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\Taskmgr.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [uVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [OODefragTray] C:\Windows\system32\oodtray.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Launch Ai Booster] "C:\Program Files\ASUS\Ai Booster\OverClk.exe"
O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA SIECIOWA')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Aktualizator Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Aktywacja Testera.lnk = C:\Program Files\Collins\Watch.exe
O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Konwertuj do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Konwertuj miejsce docelowe łącza do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Konwertuj miejsce docelowe łącza do istniejącego pliku PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Konwertuj wybrane łącza do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Konwertuj zaznaczenie do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Konwertuj zaznaczenie do istniejącego pliku PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Subskrybuj w Cafe News - C:\Program Files\CafeNews\addFeed.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe
O13 - Gopher Prefix:
O16 - DPF: {4D21BDFC-A621-4DE6-87DA-7C952D0ADF7E} (P00RecImageCtrl Class) - http://www.dzikipotok.karpacz.pl/www/kam/push04.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O22 - SharedTaskScheduler: Deskscapes - {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - C:\PROGRA~1\DESKSC~1\deskscapes.dll
O22 - SharedTaskScheduler: Stardock Vista ControlPanel Extension - {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - C:\PROGRA~1\DESKSC~1\DesktopControlPanel.dll
O22 - SharedTaskScheduler: StardockDreamController - {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - C:\PROGRA~1\DESKSC~1\DreamControl.dll
O23 - Service: Urządzenie mobilne Apple (Apple Mobile Device) - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Usługa iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
--
End of file - 9767 bytes
...oraz Combifix
» Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - "Combofix"
ComboFix 08-07-14.2 - tbadoo 2008-07-16 11:48:18.1 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1250.1.1045.18.2086 [GMT 1:00]
Running from: F:\Zasysanie\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2008-06-16 to 2008-07-16 )))))))))))))))))))))))))))))))
.
2008-07-16 10:21 . 2008-07-16 10:21 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-13 00:41 . 2008-07-13 00:41 <DIR> d-------- C:\Program Files\mkv2vob
2008-07-13 00:08 . 2008-07-13 12:44 <DIR> d-------- C:\Program Files\Red Kawa
2008-07-05 05:42 . 2008-07-05 05:42 <DIR> d-------- C:\Program Files\ASUS
2008-07-05 05:42 . 2006-01-10 17:50 24,576 -ra------ C:\Windows\System32\AsIO.dll
2008-07-05 05:42 . 2005-12-22 11:22 5,685 -ra------ C:\Windows\System32\drivers\AsIO.sys
2008-07-05 05:42 . 2004-09-07 11:41 5,120 --a------ C:\Windows\System32\drivers\AsInsHelp64.sys
2008-07-05 05:42 . 2004-03-10 14:31 3,328 --a------ C:\Windows\System32\drivers\AsInsHelp32.sys
2008-06-28 19:54 . 2008-06-28 19:54 <DIR> dr------- C:\Users\tbadoo\Documents
2008-06-25 15:39 . 2008-06-25 15:39 <DIR> d-------- C:\Program Files\Common Files\Steam
2008-06-25 05:51 . 2008-06-25 05:51 <DIR> d-------- C:\Program Files\Common Files\Microsoft Games
2008-06-21 17:42 . 2008-06-21 17:42 <DIR> d-------- C:\Program Files\xp-AntiSpy
2008-06-17 22:18 . 2008-06-17 22:18 <DIR> d-------- C:\Program Files\GhostScript
2008-06-17 22:16 . 2008-06-17 22:16 <DIR> d-------- C:\Users\All Users\PlotSoft
2008-06-17 22:16 . 2008-06-17 22:16 <DIR> d-------- C:\ProgramData\PlotSoft
2008-06-17 22:16 . 2008-06-17 22:16 <DIR> d-------- C:\Program Files\PlotSoft
2008-06-16 02:09 . 2008-06-16 02:09 <DIR> d-------- C:\Users\tbadoo\AppData\Roaming\Media Player Classic
2008-06-16 01:24 . 2008-06-16 01:24 <DIR> d-------- C:\Users\All Users\Real
2008-06-16 01:24 . 2008-06-16 01:24 <DIR> d-------- C:\Program Files\Real Alternative
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-16 00:57 --------- d-----w C:\Users\tbadoo\AppData\Roaming\Skype
2008-07-15 23:47 --------- d-----w C:\Users\tbadoo\AppData\Roaming\skypePM
2008-07-15 23:29 --------- d-----w C:\ProgramData\Google Updater
2008-07-12 23:41 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-07-12 23:07 --------- d-----w C:\Program Files\Java
2008-07-05 04:42 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-26 22:28 33,080 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys
2008-06-26 22:27 107,832 ----a-w C:\Windows\System32\PnkBstrB.exe
2008-06-24 17:42 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-20 04:05 --------- d-----w C:\Program Files\Google
2008-06-12 20:44 --------- d-----w C:\ProgramData\FLEXnet
2008-06-01 23:54 --------- d-----w C:\Users\tbadoo\AppData\Roaming\uTorrent
2008-06-01 18:39 --------- d-----w C:\Users\tbadoo\AppData\Roaming\GHISLER
2008-05-31 21:23 --------- d-----w C:\ProgramData\Codemasters
2008-05-27 22:33 --------- d-----w C:\ProgramData\Ubisoft
2008-05-26 16:29 --------- d-----w C:\ProgramData\PrettyMay
2008-05-24 16:27 --------- d-----w C:\Users\tbadoo\AppData\Roaming\InstallShield
2008-05-24 15:10 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-05-16 17:38 --------- d-----w C:\Users\tbadoo\AppData\Roaming\Apple Computer
2008-05-16 17:38 --------- d-----w C:\ProgramData\Apple Computer
2008-05-16 17:38 --------- d-----w C:\Program Files\iTunes
2008-05-16 17:38 --------- d-----w C:\Program Files\iPod
2008-05-16 17:37 --------- d-----w C:\Program Files\Bonjour
2008-05-16 17:36 --------- d-----w C:\Program Files\Common Files\Apple
2008-05-10 03:35 564,736 ----a-w C:\Windows\System32\emdmgmt.dll
2008-05-10 03:18 174 --sha-w C:\Program Files\desktop.ini
2008-05-10 03:06 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-05-10 03:06 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-05-10 02:46 47,560 ----a-w C:\Windows\System32\SPReview.exe
2008-05-10 02:46 152,576 ----a-w C:\Windows\System32\SPWizUI.dll
2008-05-08 21:59 90,112 ----a-w C:\Windows\System32\wshext.dll
2008-05-08 21:59 430,080 ----a-w C:\Windows\System32\vbscript.dll
2008-05-08 21:59 180,224 ----a-w C:\Windows\System32\scrobj.dll
2008-05-08 21:59 172,032 ----a-w C:\Windows\System32\scrrun.dll
2008-05-08 21:59 155,648 ----a-w C:\Windows\System32\wscript.exe
2008-05-08 21:58 135,168 ----a-w C:\Windows\System32\cscript.exe
2008-04-26 08:25 3,600,952 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-04-26 08:25 3,549,240 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-04-26 08:08 1,314,816 ----a-w C:\Windows\System32\quartz.dll
2008-04-25 04:35 826,880 ----a-w C:\Windows\System32\wininet.dll
2008-04-23 04:42 428,544 ----a-w C:\Windows\System32\EncDec.dll
2008-04-23 04:42 293,376 ----a-w C:\Windows\System32\psisdecd.dll
2008-03-27 00:56 32 ----a-w C:\Users\All Users\ezsid.dat
2008-03-27 00:56 32 ----a-w C:\ProgramData\ezsid.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-18 23:33 1233920]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 11:29 220544]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 18:07 1828136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 17:29 2221352]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"UVS11 Preload"="C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-09-12 12:17 340136]
"OODefragTray"="C:\Windows\system32\oodtray.exe" [2007-05-11 02:08 2512392]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-10-04 18:14 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-10-04 18:14 8497696]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-10-04 18:14 81920]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"Launch Ai Booster"="C:\Program Files\ASUS\Ai Booster\OverClk.exe" [2006-05-05 15:28 3680256]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-06-24 18:42:02 113664]
Aktualizator Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-04-25 01:53:37 124400]
Aktywacja Testera.lnk - C:\Program Files\Collins\Watch.exe [2008-04-07 02:25:23 354816]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-440180117-4219228251-844210704-1000]
"EnableNotificationsRef"=dword:00000004
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{C29A7793-A29B-4064-B33F-C5F8F777F3ED}"= UDP:E:\Gry\Vista Gry\Crysis\Bin32\Crysis.exe:Crysis_32
"{8212497F-CDD8-4D84-9268-243094DF77E2}"= TCP:E:\Gry\Vista Gry\Crysis\Bin32\Crysis.exe:Crysis_32
"{03D2145B-619D-4E35-929D-23B28FEADA0E}"= UDP:E:\Gry\Vista Gry\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{F7E276F1-14E4-4CA8-BA99-AF0B8408B5E5}"= TCP:E:\Gry\Vista Gry\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"TCP Query User{72D30287-60F0-493C-9D46-7C366FCB9352}E:\\programy bez instalacji\\konnekt\\konnekt.exe"= UDP:E:\programy bez instalacji\konnekt\konnekt.exe:Konnekt - Core
"UDP Query User{B3230B08-690D-45EE-B582-DC6724D43852}E:\\programy bez instalacji\\konnekt\\konnekt.exe"= TCP:E:\programy bez instalacji\konnekt\konnekt.exe:Konnekt - Core
"TCP Query User{1C902D09-5573-4606-9F67-D71C13FFA235}E:\\gry\\world of warcraft\\backgrounddownloader.exe"= UDP:E:\gry\world of warcraft\backgrounddownloader.exe:Blizzard Downloader
"UDP Query User{77512D6C-B494-4AB0-97E9-22FDE7BDB2F3}E:\\gry\\world of warcraft\\backgrounddownloader.exe"= TCP:E:\gry\world of warcraft\backgrounddownloader.exe:Blizzard Downloader
"TCP Query User{A7FB1E45-9223-44AA-82D7-59BC6F81DAFB}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{4B229AA2-BB93-4D8C-AD48-4AE5D4F29BEB}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"TCP Query User{F752C8B5-7FBC-4CA3-86A6-33BBDC5F926F}E:\\programy bez instalacji\\konnekt\\konnekt.exe"= UDP:E:\programy bez instalacji\konnekt\konnekt.exe:Konnekt - Core
"UDP Query User{236FE829-55FA-4558-A163-2967514B8DD1}E:\\programy bez instalacji\\konnekt\\konnekt.exe"= TCP:E:\programy bez instalacji\konnekt\konnekt.exe:Konnekt - Core
"TCP Query User{D7DB66EA-9FAD-4C0B-B88F-286D77757B77}C:\\program files\\flashget\\flashget.exe"= UDP:C:\program files\flashget\flashget.exe:FlashGet
"UDP Query User{30942120-57AD-4ECD-9BC0-FF961F4D3570}C:\\program files\\flashget\\flashget.exe"= TCP:C:\program files\flashget\flashget.exe:FlashGet
"{CE109847-A431-4545-820E-53D8F256F4CE}"= UDP:C:\Program Files\CafeNews\CN.exe:Cafe News
"{EA0EA72B-88F5-4651-97D6-B4A111BECC5C}"= TCP:C:\Program Files\CafeNews\CN.exe:Cafe News
"{443780C1-9597-4FA4-BA51-C99417F237A4}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{FA5B3AC7-09BE-427F-8F96-5CE444B02FE6}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"TCP Query User{B6A05ED8-6BB7-4B50-83BD-3B1D46077C12}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{F3F88D39-F4EA-435D-BB5E-A54262D30FAA}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{5B8EF5D9-C285-454B-B72E-5CC6C52853C9}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{78781D2E-4E72-4DFE-81DA-7CC08CE03284}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"TCP Query User{2280A00E-416F-4F8C-89E8-7F3097356AB5}C:\\program files\\nero\\nero8\\nero home\\nerohome.exe"= UDP:C:\program files\nero\nero8\nero home\nerohome.exe:Nero Home
"UDP Query User{1F377CD3-731A-42F2-B204-7AAD6EA824CA}C:\\program files\\nero\\nero8\\nero home\\nerohome.exe"= TCP:C:\program files\nero\nero8\nero home\nerohome.exe:Nero Home
"{D834397C-2840-43CE-8D4F-6AD9BA9B15EF}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{270CACAA-2F25-4A2D-B3DD-F5F723A4B6DA}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{BD045C17-75F5-419E-9D3E-C9BAF9E466F0}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{BB1041FD-A736-44E7-89FE-DBF665B09E64}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{BED94825-769D-4FF2-9F8C-A1A0C832A5EC}"= UDP:E:\Gry\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{5A9C56F1-CFBA-4CAE-9CAB-EF9076B270CE}"= TCP:E:\Gry\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{C6878DFC-B753-41D5-BE53-2B3083CF904F}"= UDP:E:\Gry\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{550FA97E-8E2A-4BCE-A027-89D25C937E6A}"= TCP:E:\Gry\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{9FAD179B-89C0-4F67-947B-E22286AA20BE}"= UDP:E:\Gry\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{3EAB1BE6-636E-4ACE-A07A-82EC11CEA19C}"= TCP:E:\Gry\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"TCP Query User{89106006-6582-460C-9FE1-76B8C930462E}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{FD10715A-56BF-4F75-B460-DB1C899F874E}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{10C962A2-5879-4C14-AE00-2E32F78881BB}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{13AB4084-CEAD-42F3-9A55-5A9CF3DAE67F}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"{C530D1D0-87AB-4CAD-A7BF-F955F774D275}"= UDP:E:\Gry\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare
"{4CEFBDA2-3E8D-413C-898F-21608D4AE83E}"= TCP:E:\Gry\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare
"TCP Query User{36F469CF-E632-4C3A-9393-2B91EF9915C0}C:\\program files\\nero\\nero8\\nero mediahome\\nmmediaserver.exe"= UDP:C:\program files\nero\nero8\nero mediahome\nmmediaserver.exe:Nero MediaHome
"UDP Query User{59A1D2CF-B52F-4176-9A58-C0141A3D4D1B}C:\\program files\\nero\\nero8\\nero mediahome\\nmmediaserver.exe"= TCP:C:\program files\nero\nero8\nero mediahome\nmmediaserver.exe:Nero MediaHome
"TCP Query User{6A822A3C-0702-4B91-B53D-AC323780D082}C:\\program files\\java\\jre1.6.0_05\\bin\\javaw.exe"= UDP:C:\program files\java\jre1.6.0_05\bin\javaw.exe:Java Platform SE binary
"UDP Query User{161FF591-EBC6-4F92-B552-D16327BB6390}C:\\program files\\java\\jre1.6.0_05\\bin\\javaw.exe"= TCP:C:\program files\java\jre1.6.0_05\bin\javaw.exe:Java Platform SE binary
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-06 10:51]
S0 OemBiosDevice;Royalty OEM Bios Extension;C:\Windows\system32\drivers\royal.sys [2007-11-13 19:35]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-06-25 15:39]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\shell\AutoRun\command - H:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{996500f4-9201-11dc-99cb-000ea6f1d4dd}]
\shell\AutoRun\command - J:\autorun.exe
\shell\setup\command - J:\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c865eb2d-0bb9-11dd-9a70-000ea6f1d4dd}]
\shell\AutoRun\command - I:\InstallTomTomHOME.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da67033b-9ea0-11dc-93b1-806e6f6e6963}]
\shell\AutoRun\command - H:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da670409-9ea0-11dc-93b1-000ea6f1d4dd}]
\shell\AutoRun\command - H:\VMC_PBStarter.exe
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-07-16 09:03:15 C:\Windows\Tasks\User_Feed_Synchronization-{407E79F3-734B-410F-A699-074082EF5F27}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-16 11:50:07
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-07-16 11:51:07
ComboFix-quarantined-files.txt 2008-07-16 10:51:04
Pre-Run: 5,361,139,712 bajtów wolnych
Post-Run: 7,006,216,192 bajtów wolnych
188 --- E O F --- 2008-07-16 01:35:06
