Otóż od pewnego czasu mam problemy z Internetem i są raczej spowodowane jakimś robakiem bądź czymś podobnym, po formacie wszystko było super, 2 skany systemu wszystkim co mam do antispywarea i antywirusem, niby czysto, a teraz znów każda strona odpala się 10 razy dłużej i często wyskakuje błąd, że negocjacja połączenia jest zbyt długa. Ogólnie nie wiem gdzie szukać tego czegoś skoro moje programy nic nie znajdują, więc wrzucam to co wszyscy i proszę o jakieś rady.
» Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - "Log Hijack this"
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:02:46, on 2008-07-21
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\PROGRA~1\Microsoft ActiveSync\rapimgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\TXP\Pulpit\HiJackThis.exe
O2 - BHO: IE7pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IE7pro\IE7pro.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [skyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Vistadrv] C:\Program Files\VistaDrives\vsdrv.exe
O4 - HKLM\..\Run: [Licence] Licence.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office12\EXCEL.EXE/3000
O9 - Extra button: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7pro\IE7pro.dll
O9 - Extra 'Tools' menuitem: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7pro\IE7pro.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Utwórz Ulubione dla urządzenia przenośnego... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} -
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
--
End of file - 5392 bytes
» Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - "Log Silent Runner"
"Silent Runners.vbs", revision 58, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"DAEMON Tools" = ""C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033" ["DT Soft Ltd."]
"Skype" = ""C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."]
"Gadu-Gadu" = ""C:\Program Files\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu S.A."]
"H/PC Connection Agent" = ""C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"" [MS]
"SpybotSD TeaTimer" = "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" ["Safer Networking Limited"]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."]
"SkyTel" = "SkyTel.EXE" ["Realtek Semiconductor Corp."]
"Alcmtr" = "ALCMTR.EXE" ["Realtek Semiconductor Corp."]
"Vistadrv" = "C:\Program Files\VistaDrives\vsdrv.exe" [null data]
"Licence" = "Licence.exe" [null data]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]
"AVG8_TRAY" = "C:\PROGRA~1\AVG\AVG8\avgtray.exe" ["AVG Technologies CZ, s.r.o."]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{00011268-E188-40DF-A514-835FCD78B1BF}\(Default) = "IE7pro"
-> {HKLM...CLSID} = "IE7pro BHO"
\InProcServer32\(Default) = "C:\Program Files\IE7pro\IE7pro.dll" ["IE7pro.com"]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\(Default) = "WormRadar.com IESiteBlocker.NavFilter"
-> {HKLM...CLSID} = "AVG Safe Search"
\InProcServer32\(Default) = "C:\Program Files\AVG\AVG8\avgssie.dll" ["AVG Technologies CZ, s.r.o."]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Spybot-S&D IE Protection"
\InProcServer32\(Default) = "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0\bin\ssv.dll" ["Sun Microsystems, Inc."]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{EFA24E62-B078-11d0-89E4-00C04FC9E26E}" = "History Band"
-> {HKLM...CLSID} = "History Band"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
"{19F500E0-9964-11cf-B63D-08002B317C03}" = "Desktop Icon Layout"
-> {HKLM...CLSID} = "Desktop Icon Layout"
\InProcServer32\(Default) = "Layout.dll" ["Microsoft"]
"{48EAD1E1-ECF2-4a85-AA09-1C44FBEED451}" = "OODefrag"
-> {HKLM...CLSID} = "OODShellExtObj Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\oodsh.dll" ["O&O Software GmbH"]
"{ABC70703-32AF-11d4-90C4-D483A70F4825}" = "CMenuExtender"
-> {HKLM...CLSID} = "CMenuExtender"
\InProcServer32\(Default) = "C:\Program Files\iColorFolder\CMExt.dll" ["Revenger inc."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG8 Shell Extension"
-> {HKLM...CLSID} = "AVG8 Shell Extension Class"
\InProcServer32\(Default) = "C:\Program Files\AVG\AVG8\avgse.dll" ["AVG Technologies CZ, s.r.o."]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\msohevi.dll" [MS]
"{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler"
-> {HKLM...CLSID} = "Microsoft Office Metadata Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]
"{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler"
-> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]
"{49BF5420-FA7F-11cf-8011-00A0C90A8F78}" = "Mobile Device"
-> {HKLM...CLSID} = "Urządzenie przenośne"
\InProcServer32\(Default) = "C:\PROGRA~1\Microsoft ActiveSync\Wcesview.dll" [MS]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
-> {HKLM...CLSID} = "WPDShServiceObj Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\
<> "BootExecute" = "autocheck autochk *"|"OODBS" ["O&O Software GmbH"]| [file not found]| [file not found]
HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\
<> text/xml\CLSID = "{807563E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = "Microsoft Office InfoPath XML Mime Filter"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL" [MS]
HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
AVG8 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {HKLM...CLSID} = "AVG8 Shell Extension Class"
\InProcServer32\(Default) = "C:\Program Files\AVG\AVG8\avgse.dll" ["AVG Technologies CZ, s.r.o."]
OODefrag\(Default) = "{48EAD1E1-ECF2-4a85-AA09-1C44FBEED451}"
-> {HKLM...CLSID} = "OODShellExtObj Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\oodsh.dll" ["O&O Software GmbH"]
UltraEdit-32\(Default) = "{b5eedee0-c06e-11cf-8c56-444553540000}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "ue32ctmn.dll" [empty string]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
CMenuExtender\(Default) = "{ABC70703-32AF-11d4-90C4-D483A70F4825}"
-> {HKLM...CLSID} = "CMenuExtender"
\InProcServer32\(Default) = "C:\Program Files\iColorFolder\CMExt.dll" ["Revenger inc."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
AVG8 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {HKLM...CLSID} = "AVG8 Shell Extension Class"
\InProcServer32\(Default) = "C:\Program Files\AVG\AVG8\avgse.dll" ["AVG Technologies CZ, s.r.o."]
IconLayout\(Default) = "{19F500E0-9964-11cf-B63D-08002B317C03}"
-> {HKLM...CLSID} = "Desktop Icon Layout"
\InProcServer32\(Default) = "Layout.dll" ["Microsoft"]
OODefrag\(Default) = "{48EAD1E1-ECF2-4a85-AA09-1C44FBEED451}"
-> {HKLM...CLSID} = "OODShellExtObj Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\oodsh.dll" ["O&O Software GmbH"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------
Note: detected settings may not have any effect.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
"NoSMHelp" = (REG_DWORD) dword:0x00000001
{User Configuration|Administrative Templates|Start Menu and Taskbar|
Remove Help menu from Start Menu}
"NoSMBalloonTip" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
"NoUserNameInStartMenu" = (REG_DWORD) dword:0x00000001
{unrecognized setting}
"NoSMConfigurePrograms" = (REG_DWORD) dword:0x00000001
{unrecognized setting}
"NoExpandedNewMenu" = (REG_DWORD) dword:0x00000001
{unrecognized setting}
"NoResolveTrack" = (REG_DWORD) dword:0x00000001
{unrecognized setting}
"NoResolveSearch" = (REG_DWORD) dword:0x00000001
{unrecognized setting}
"NoLowDiskSpaceChecks" = (REG_DWORD) dword:0x00000001
{unrecognized setting}
"NoSharedDocuments" = (REG_DWORD) dword:0x00000001
{User Configuration|Administrative Templates|Windows Components|Windows Explorer|
Remove Shared Documents from My Computer}
"NoThumbnailCache" = (REG_DWORD) dword:0x00000001
{unrecognized setting}
"NoTaskGrouping" = (REG_DWORD) dword:0x00000001
{unrecognized setting}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\
"NoDesktopCleanupWizard" = (REG_DWORD) dword:0x00000001
{unrecognized setting}
"NoSMHelp" = (REG_DWORD) dword:0x00000001
{unrecognized setting}
"NoRemoteRecursiveEvents" = (REG_DWORD) dword:0x00000001
{unrecognized setting}
"NoWelcomeScreen" = (REG_DWORD) dword:0x00000001
{unrecognized setting}
"ForceClassicControlPanel" = (REG_DWORD) dword:0x00000001
{unrecognized setting}
"NoSharedDocuments" = (REG_DWORD) dword:0x00000001
{unrecognized setting}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\
"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}
"undockwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}
"NoInternetOpenWith" = (REG_DWORD) dword:0x00000001
{unrecognized setting}
"DisableStatusMessages" = (REG_DWORD) dword:0x00000001
{unrecognized setting}
"SynchronousMachineGroupPolicy" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
"SynchronousUserGroupPolicy" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\TXP\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"
Windows Portable Device AutoPlay Handlers
-----------------------------------------
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\
MSWPDShellNamespaceHandler\
"Provider" = "@%SystemRoot%\System32\WPDShextRes.dll,-501"
"CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}"
"InitCmdLine" = " "
-> {HKLM...CLSID} = "WPDShextAutoplay"
\LocalServer32\(Default) = "C:\WINDOWS\system32\WPDShextAutoplay.exe" [MS]
VLCPlayCDAudioOnArrival\
"Provider" = "VideoLAN VLC media player"
"InvokeProgID" = "VLC.CDAudio"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\VLC.CDAudio\shell\play\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file cdda:%1" ["VideoLAN Team"]
VLCPlayDVDMovieOnArrival\
"Provider" = "VideoLAN VLC media player"
"InvokeProgID" = "VLC.DVDMovie"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\VLC.DVDMovie\shell\play\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file dvd:%1" ["VideoLAN Team"]
Startup items in "TXP" & "All Users" startup folders:
-----------------------------------------------------
C:\Documents and Settings\TXP\Menu Start\Programy\Autostart
"MagicDisc" -> shortcut to: "C:\Program Files\MagicDisc\MagicDisc.exe" ["MagicISO, Inc."]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Explorer Bars
HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Poszukaj"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\Microsoft Office\Office12\REFIEBAR.DLL" [MS]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{0026439F-A980-4F18-8C95-4F1CBBF9C1D8}\
"ButtonText" = "IE7pro Preferences"
"MenuText" = "IE7pro Preferences"
"CLSIDExtension" = "{B119EB0C-C021-46CF-85B0-34A760E0D5FE}"
-> {HKLM...CLSID} = "IE7pro ToolsExt"
\InProcServer32\(Default) = "C:\Program Files\IE7pro\IE7pro.dll" ["IE7pro.com"]
{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}\
"ButtonText" = "Create Mobile Favorite"
"CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}"
-> {HKLM...CLSID} = "Create Mobile Favorite"
\InProcServer32\(Default) = "C:\PROGRA~1\Microsoft ActiveSync\INetRepl.dll" [MS]
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}\
"MenuText" = "Utwórz Ulubione dla urządzenia przenośnego..."
"CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}"
-> {HKLM...CLSID} = "Create Mobile Favorite"
\InProcServer32\(Default) = "C:\PROGRA~1\Microsoft ActiveSync\INetRepl.dll" [MS]
{49783ED4-258D-4F9F-BE11-137C18D3E543}\
"ButtonText" = "Titan Poker"
"MenuText" = "Titan Poker"
"Exec" = "C:\Poker\Titan Poker\casino.exe" [null data]
{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Research"
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\
"MenuText" = "Spybot - Search && Destroy Configuration"
"CLSIDExtension" = "{53707962-6F74-2D53-2644-206D7942484F}"
-> {HKLM...CLSID} = "Spybot-S&D IE Protection"
\InProcServer32\(Default) = "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
AVG8 Firewall, avgfws8, "C:\PROGRA~1\AVG\AVG8\avgfws8.exe" ["AVG Technologies CZ, s.r.o."]
AVG8 WatchDog, avg8wd, "C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe" ["AVG Technologies CZ, s.r.o."]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
O&O Defrag, O&O Defrag, "C:\WINDOWS\system32\oodag.exe" ["O&O Software GmbH"]
---------- (launch time: 2008-07-21 17:04:54)
<>: Suspicious data at a malware launch point.
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 25 seconds.
---------- (total run time: 42 seconds)
» Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - "Log z SDFix tryb awaryjny"
SDFix: Version 1.208
Run by Administrator on 2008-07-26 at 10:07
Microsoft Windows XP [Wersja 5.1.2600]
Running From: C:\DOCUME~1\Administrator\Pulpit\SDFix
Checking Services :
Infected ip6fw.sys Found!
ip6fw.sys File Locations:
"C:\WINDOWS\system32\drivers\ip6fw.sys" 29056 2004-08-04 00:00
Infected File Listed Below:
Nie moľna wykona† C:\DOCUME~1\ADMINISTRATOR\PULPIT\SDFIX\APPS\LOCATE.COM
File copied to Backups Folder
Attempting to replace ip6fw.sys with original version
Unable To Replace Infected File!
Deleting Patched File!
Infected taskmgr.exe Found!
taskmgr.exe File Locations:
"C:\WINDOWS\system32\taskmgr.exe" 3623736 2006-11-09 16:30
Infected File Listed Below:
Nie moľna wykona† C:\DOCUME~1\ADMINISTRATOR\PULPIT\SDFIX\APPS\LOCATE.COM
File copied to Backups Folder
Attempting to replace taskmgr.exe with original version
Unable To Replace Infected File!
"C:\WINDOWS\system32\taskmgr.exe" 3623736 2006-11-09 16:30
Restoring Default Security Values
Restoring Default Hosts File
Restoring Missing Security Center Service
Rebooting
Checking Files :
Trojan Files Found:
C:\WINDOWS\system32\drivers\ip6fw.sys - Deleted
Nie moľna wykona† C:\DOCUME~1\ADMINISTRATOR\PULPIT\SDFIX\APPS\LOCATE.COM - Deleted
Nie moľna wykona† C:\DOCUME~1\ADMINISTRATOR\PULPIT\SDFIX\APPS\LOCATE.COM - Deleted
Nie moľna wykona† C:\DOCUME~1\ADMINISTRATOR\PULPIT\SDFIX\APPS\LOCATE.COM - Deleted
Nie moľna wykona† C:\DOCUME~1\ADMINISTRATOR\PULPIT\SDFIX\APPS\LOCATE.COM - Deleted
Nie moľna wykona† C:\DOCUME~1\ADMINISTRATOR\PULPIT\SDFIX\APPS\LOCATE.COM - Deleted
Nie moľna wykona† C:\DOCUME~1\ADMINISTRATOR\PULPIT\SDFIX\APPS\LOCATE.COM - Deleted
Nie moľna wykona† C:\DOCUME~1\ADMINISTRATOR\PULPIT\SDFIX\APPS\LOCATE.COM - Deleted
Nie moľna wykona† C:\DOCUME~1\ADMINISTRATOR\PULPIT\SDFIX\APPS\LOCATE.COM - Deleted
Nie moľna wykona† C:\DOCUME~1\ADMINISTRATOR\PULPIT\SDFIX\APPS\LOCATE.COM - Deleted
Nie moľna wykona† C:\DOCUME~1\ADMINISTRATOR\PULPIT\SDFIX\APPS\LOCATE.COM - Deleted
Nie moľna wykona† C:\DOCUME~1\ADMINISTRATOR\PULPIT\SDFIX\APPS\LOCATE.COM - Deleted
Nie moľna wykona† C:\DOCUME~1\ADMINISTRATOR\PULPIT\SDFIX\APPS\LOCATE.COM - Deleted
Nie moľna wykona† C:\DOCUME~1\ADMINISTRATOR\PULPIT\SDFIX\APPS\LOCATE.COM - Deleted
Nie moľna wykona† C:\DOCUME~1\ADMINISTRATOR\PULPIT\SDFIX\APPS\LOCATE.COM - Deleted
Nie moľna wykona† C:\DOCUME~1\ADMINISTRATOR\PULPIT\SDFIX\APPS\LOCATE.COM - Deleted
Nie moľna wykona† C:\DOCUME~1\ADMINISTRATOR\PULPIT\SDFIX\APPS\LOCATE.COM - Deleted
Nie moľna wykona† C:\DOCUME~1\ADMINISTRATOR\PULPIT\SDFIX\APPS\LOCATE.COM - Deleted
Nie moľna wykona† C:\DOCUME~1\ADMINISTRATOR\PULPIT\SDFIX\APPS\LOCATE.COM - Deleted
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-26 10:09:34
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2b1c3573
"s2"=dword:15c1ffe8
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:5b,4a,64,c0,49,10,18,30,be,2c,51,d0,8b,8c,75,78,79,71,9e,7d,a2,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,43,ae,9a,10,c8,d2,d0,b3,bf,e8,7b,44,35,e5,d8,45,e5,..
"khjeh"=hex:24,40,67,71,94,c3,8f,58,8e,40,2d,d3,7d,0b,a5,0e,75,e5,09,33,98,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:f0,7e,1f,4a,4d,ba,d5,ea,1c,89,6a,66,16,0b,f9,c8,2f,51,1c,c8,b6,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:5b,4a,64,c0,49,10,18,30,be,2c,51,d0,8b,8c,75,78,79,71,9e,7d,a2,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,43,ae,9a,10,c8,d2,d0,b3,bf,e8,7b,44,35,e5,d8,45,e5,..
"khjeh"=hex:24,40,67,71,94,c3,8f,58,8e,40,2d,d3,7d,0b,a5,0e,75,e5,09,33,98,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:f0,7e,1f,4a,4d,ba,d5,ea,1c,89,6a,66,16,0b,f9,c8,2f,51,1c,c8,b6,..
scanning hidden registry entries ...
source file error: C:\Documents and Settings\TXP\ntuser.dat
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
Remaining Files :
File Backups: - C:\DOCUME~1\Administrator\Pulpit\SDFix\backups\backups.zip
Files with Hidden Attributes :
Nie moľna wykona† C:\DOCUME~1\ADMINISTRATOR\PULPIT\SDFIX\APPS\LOCATE.COM
Finished!
» Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - "ComboFix log"
ComboFix 08-07-25.4 - TXP 2008-07-26 10:18:10.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1606 [GMT 2:00]
Running from: C:\Documents and Settings\TXP\Pulpit\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-06-26 to 2008-07-26 )))))))))))))))))))))))))))))))
.
2008-07-26 10:09 . 2008-07-26 10:18 d--h----- C:\Documents and Settings\LocalService\Ustawienia lokalne
2008-07-26 10:09 . 2008-07-26 10:09 d-------- C:\Documents and Settings\LocalService\Dane aplikacji
2008-07-26 10:09 . 2008-07-26 10:09 d--hs---- C:\Documents and Settings\LocalService
2008-07-26 10:06 . 2008-07-26 10:06 d-------- C:\WINDOWS\ERUNT
2008-07-26 10:03 . 2008-07-26 10:18 d--h----- C:\Documents and Settings\Administrator\Ustawienia lokalne
2008-07-26 10:03 . 2008-07-15 15:41 d-------- C:\Documents and Settings\Administrator\Ulubione
2008-07-26 10:03 . 2008-07-15 15:41 d--h----- C:\Documents and Settings\Administrator\Szablony
2008-07-26 10:03 . 2008-07-26 10:04 d-------- C:\Documents and Settings\Administrator\Pulpit
2008-07-26 10:03 . 2008-07-15 15:41 d-------- C:\Documents and Settings\Administrator\Moje dokumenty
2008-07-26 10:03 . 2007-01-18 14:01 d-------- C:\Documents and Settings\Administrator\Menu Start
2008-07-26 10:03 . 2008-07-26 10:05 d-------- C:\Documents and Settings\Administrator\Dane aplikacji
2008-07-26 10:03 . 2008-07-15 13:51 d-------- C:\Documents and Settings\Administrator\AI4B3.tmp
2008-07-26 10:03 . 2008-07-26 10:03 d-------- C:\Documents and Settings\Administrator
2008-07-25 23:19 . 2008-07-25 23:19 d-------- C:\Program Files\PokerEV
2008-07-25 20:44 . 2008-07-25 20:44 d-------- C:\Documents and Settings\TXP\DoctorWeb
2008-07-25 19:36 . 2008-07-26 02:00 47,136 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-07-25 19:36 . 2008-07-26 02:00 1,628 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-07-23 14:43 . 2008-07-23 14:43 d-------- C:\Program Files\14 Degrees East
2008-07-23 14:42 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-07-22 08:34 . 2008-07-22 08:34 d-------- C:\Program Files\Common Files\DirectX
2008-07-22 07:59 . 2008-07-22 07:59 d-------- C:\Program Files\Codemasters
2008-07-22 07:57 . 2008-07-22 07:57 d-------- C:\Documents and Settings\TXP\Dane aplikacji\InstallShield
2008-07-21 20:38 . 2008-07-21 20:38 d-------- C:\Program Files\Ubisoft
2008-07-21 17:23 . 2008-07-21 17:24 d-------- C:\Program Files\Trojan Remover
2008-07-21 17:23 . 2008-07-21 17:23 d-------- C:\Documents and Settings\TXP\Dane aplikacji\Simply Super Software
2008-07-21 17:23 . 2008-07-21 17:23 d-------- C:\Documents and Settings\All Users\Dane aplikacji\Simply Super Software
2008-07-21 17:23 . 2006-05-25 15:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-07-21 17:23 . 2003-02-02 20:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2008-07-21 17:23 . 2005-08-26 01:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-07-21 17:23 . 2006-06-19 13:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2008-07-21 17:21 . 2008-07-25 13:15 250 --a------ C:\WINDOWS\gmer.ini
2008-07-20 21:20 . 2008-07-20 21:22 d-------- C:\Program Files\Safer Networking
2008-07-20 19:50 . 2008-07-20 19:50 d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-20 19:50 . 2008-07-20 19:50 d-------- C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2008-07-20 19:23 . 2008-07-20 19:42 988 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-20 00:21 . 2008-07-21 20:27 d-------- C:\Downloads
2008-07-18 22:49 . 2008-07-18 22:49 d-------- C:\Program Files\PokerStrategy
2008-07-18 16:42 . 2008-07-18 16:49 d-------- C:\Program Files\Manta GPS-410 Unlock v1.04
2008-07-18 16:31 . 2008-07-18 17:33 d-------- C:\Program Files\CeRegEditor
2008-07-18 13:00 . 2008-07-25 20:03 d--h----- C:\$AVG8.VAULT$
2008-07-18 12:57 . 2008-07-18 12:57 d-------- C:\Program Files\Microsoft.NET
2008-07-18 12:57 . 2008-07-18 12:57 d-------- C:\Program Files\Microsoft Works
2008-07-18 12:55 . 2008-07-18 12:55 d-------- C:\WINDOWS\SHELLNEW
2008-07-18 12:54 . 2008-07-18 12:54 dr-h----- C:\MSOCache
2008-07-17 17:46 . 2008-07-17 19:01 d-------- C:\Program Files\Common Files\Adobe
2008-07-17 17:45 . 2008-07-17 17:45 d-------- C:\WINDOWS\system32\DllCache
2008-07-17 17:45 . 2008-07-17 17:45 d-------- C:\WINDOWS\Cache
2008-07-17 17:45 . 2006-10-04 16:06 1,197,294 --------- C:\WINDOWS\system32\DllCache\sysmain.sdb
2008-07-17 17:45 . 2006-10-04 16:06 764,868 --------- C:\WINDOWS\system32\DllCache\apph_sp.sdb
2008-07-17 17:45 . 2006-10-04 16:06 217,118 --------- C:\WINDOWS\system32\DllCache\apphelp.sdb
2008-07-17 17:44 . 2008-07-17 17:44 d-------- C:\Program Files\Windows Media Connect 2
2008-07-17 17:43 . 2008-07-17 17:43 d-------- C:\WINDOWS\system32\LogFiles
2008-07-17 17:43 . 2008-07-17 17:44 d-------- C:\WINDOWS\system32\drivers\UMDF
2008-07-17 17:40 . 2008-07-17 17:40 d-------- C:\Documents and Settings\All Users\Dane aplikacji\Symantec
2008-07-17 00:04 . 2008-07-17 00:04 d-------- C:\Documents and Settings\TXP\Dane aplikacji\vlc
2008-07-16 23:45 . 2008-07-16 23:48 d-------- C:\Program Files\Poker Grapher
2008-07-16 22:55 . 2008-07-16 22:55 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-07-16 22:30 . 2008-07-16 22:30 d-------- C:\Program Files\Hamachi
2008-07-16 22:30 . 2008-07-23 15:39 d-------- C:\Documents and Settings\TXP\Dane aplikacji\Hamachi
2008-07-16 22:30 . 2008-07-16 22:44 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2008-07-16 21:57 . 2008-07-22 07:59 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-16 20:08 . 2008-07-25 22:09 d-------- C:\WINDOWS\system32\drivers\Avg
2008-07-16 20:08 . 2008-07-26 10:01 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-07-16 20:08 . 2008-07-16 20:22 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-07-16 20:08 . 2008-07-16 20:22 45,568 --a------ C:\WINDOWS\system32\avgfwdx.dll
2008-07-16 20:08 . 2008-07-16 20:22 23,296 --a------ C:\WINDOWS\system32\drivers\avgfwdx.sys
2008-07-16 20:08 . 2008-07-16 20:22 12,936 --a------ C:\WINDOWS\system32\drivers\avgrkx86.sys
2008-07-16 20:08 . 2008-07-16 20:22 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-07-16 19:14 . 2008-07-16 19:14 d-------- C:\Program Files\PokerAce Hud
2008-07-16 19:03 . 2008-07-25 23:22 d-------- C:\Program Files\Poker Tracker V2
2008-07-16 19:03 . 2008-07-25 23:21 d-a------ C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-07-16 19:03 . 2003-06-26 14:52 464,128 --a------ C:\WINDOWS\system32\csimxctl.ocx
2008-07-16 19:03 . 2003-06-17 14:54 87,280 --a------ C:\WINDOWS\system32\wsatrace.dll
2008-07-15 23:14 . 2008-07-15 23:14 d-------- C:\Documents and Settings\TXP\Dane aplikacji\Gadu-Gadu
2008-07-15 14:52 . 2008-07-15 14:53 d-------- C:\Program Files\MagicDisc
2008-07-15 14:52 . 2008-05-27 12:11 96,896 --a------ C:\WINDOWS\system32\drivers\mcdbus.sys
2008-07-15 14:40 . 2008-07-15 14:40 d-------- C:\Program Files\Gadu-Gadu
2008-07-15 14:40 . 2008-07-15 14:49 d-------- C:\Documents and Settings\TXP\Gadu-Gadu
2008-07-15 14:36 . 2008-07-15 14:36 0 --a------ C:\WINDOWS\nsreg.dat
2008-07-15 14:30 . 2008-07-15 14:30 d-------- C:\Program Files\MSECache
2008-07-15 14:24 . 2008-07-15 14:24 d-------- C:\Program Files\AVG
2008-07-15 14:24 . 2008-07-16 20:08 d-------- C:\Documents and Settings\All Users\Dane aplikacji\avg8
2008-07-15 14:20 . 2008-07-15 14:20 d---s---- C:\Documents and Settings\TXP\Ulubione
2008-07-15 14:20 . 2008-07-26 10:11 d-------- C:\Documents and Settings\TXP\Dane aplikacji\Skype
2008-07-15 14:20 . 2007-01-03 17:29 1,179 --a------ C:\Documents and Settings\TXP\Licence.reg
2008-07-15 14:19 . 2008-07-26 10:08 9,603 --a------ C:\WINDOWS\system32\OODBS.lor
2008-07-15 14:13 . 2008-07-15 14:13 d-------- C:\WINDOWS\system32\backups
2008-07-15 14:13 . 2006-11-08 10:51 62,336 --------- C:\WINDOWS\system32\drivers\rspndr.sys
2008-07-15 14:13 . 2008-07-15 14:13 25,992 --a------ C:\WINDOWS\system32\pgdfgsvc.exe
2008-07-15 14:13 . 2006-11-08 10:51 10,752 --------- C:\WINDOWS\system32\rspndr.exe
2008-07-15 14:12 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-07-15 14:10 . 2008-07-18 12:58 d-------- C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
2008-07-15 14:06 . 2008-07-15 14:06 d-------- C:\WINDOWS\Driver Cache
2008-07-15 14:06 . 2008-07-17 00:01 d-------- C:\Program Files\NAPI-PROJEKT
2008-07-15 14:06 . 2008-07-18 13:33 d-------- C:\Program Files\Microsoft ActiveSync
2008-07-15 14:06 . 2008-07-15 14:06 d-------- C:\Program Files\Java
2008-07-15 14:06 . 2008-07-15 14:06 d-------- C:\Program Files\Common Files\Java
2008-07-15 14:06 . 2008-07-15 14:06 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-07-15 14:06 . 2005-10-21 03:47 30,592 --------- C:\WINDOWS\system32\drivers\rndismpx.sys
2008-07-15 14:06 . 2005-10-21 03:47 12,800 --------- C:\WINDOWS\system32\drivers\usb8023x.sys
2008-07-15 14:05 . 2008-07-15 14:05 d-------- C:\Program Files\VideoLAN
2008-07-15 14:05 . 2008-07-17 17:57 d-------- C:\Program Files\uTorrent
2008-07-15 14:05 . 2008-07-15 14:05 d-------- C:\Program Files\SubEdit-Player
2008-07-15 14:05 . 2008-07-15 14:05 d-------- C:\Program Files\Skype
2008-07-15 14:05 . 2008-07-15 14:05 d-------- C:\Program Files\Nero
2008-07-15 14:05 . 2008-07-17 20:56 d-------- C:\Program Files\Google
2008-07-15 14:05 . 2008-07-15 14:05 d-------- C:\Program Files\foobar2000
2008-07-15 14:05 . 2008-07-15 14:14 d-------- C:\Program Files\DAEMON Tools
2008-07-15 14:05 . 2008-07-15 14:05 d-------- C:\Program Files\Common Files\Skype
2008-07-15 14:05 . 2008-07-15 14:05 d-------- C:\Program Files\Common Files\Ahead
2008-07-15 14:05 . 2008-07-23 15:39 d-------- C:\Documents and Settings\TXP\Dane aplikacji\uTorrent
2008-07-15 14:05 . 2008-07-24 00:17 d-------- C:\Documents and Settings\TXP\Dane aplikacji\foobar2000
2008-07-15 14:05 . 2008-07-15 14:05 d-------- C:\Documents and Settings\All Users\Dane aplikacji\Skype
2008-07-15 14:05 . 2008-07-15 14:05 d-------- C:\Documents and Settings\All Users\Dane aplikacji\Nero
2008-07-15 14:05 . 2004-07-26 16:16 1,568,768 --a------ C:\WINDOWS\system32\imagX7.dll
2008-07-15 14:05 . 2003-03-19 06:20 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll
2008-07-15 14:05 . 2003-03-18 20:12 1,047,552 --a------ C:\WINDOWS\system32\mfc71u.dll
2008-07-15 14:05 . 2003-03-18 22:14 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-07-15 14:05 . 2004-07-26 16:16 476,320 --a------ C:\WINDOWS\system32\imagXpr7.dll
2008-07-15 14:05 . 2004-07-26 16:16 471,040 --a------ C:\WINDOWS\system32\imagXRA7.dll
2008-07-15 14:05 . 2004-07-09 08:43 364,544 --a------ C:\WINDOWS\system32\TwnLib4.dll
2008-07-15 14:05 . 2003-02-21 04:42 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-07-15 14:05 . 2004-07-26 16:16 262,144 --a------ C:\WINDOWS\system32\imagXR7.dll
2008-07-15 14:03 . 2008-07-15 14:18 d-------- C:\WINDOWS\system32\oodag
2008-07-15 14:00 . 2008-07-15 14:00 646,392 --a------ C:\WINDOWS\system32\drivers\sptd.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-25 18:03 --------- d-----w C:\Program Files\VistaDrives
2008-07-21 18:37 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-07-15 13:20 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\nView_Profiles
2008-07-15 12:22 --------- d-----w C:\Documents and Settings\TXP\Dane aplikacji\IE7pro
2008-07-15 11:54 --------- d-----w C:\Program Files\Paint.NET
2008-07-15 11:53 --------- d-----w C:\Program Files\Real Alternative
2008-07-15 11:53 --------- d-----w C:\Program Files\iColorFolder
2008-07-15 11:53 --------- d-----w C:\Program Files\Combined Community Codec Pack
2008-07-15 11:52 --------- d-----w C:\Documents and Settings\TXP\Dane aplikacji\IDMComp
2008-07-15 11:51 --------- d-----w C:\Program Files\IE7pro
2008-07-15 11:49 --------- d-----w C:\Program Files\UPHClean
2008-07-15 11:49 --------- d-----w C:\Program Files\HighMAT CD Writing Wizard
2008-05-16 09:48 446,464 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
.
------- Sigcheck -------
2007-02-17 12:03 578560 6a93565be9b8422eb7538c66ac732d76 C:\WINDOWS\system32\user32.dll
2007-02-17 12:03 667648 b9cd00815effa790279a1d2f0d07323f C:\WINDOWS\ie7\wininet.dll
2007-01-12 10:27 822784 be43d00d802c92f01c8cc952c6f483f8 C:\WINDOWS\system32\wininet.dll
2007-02-17 12:33 360576 bd8686216e34e22c4ed45a2320b2bea1 C:\WINDOWS\system32\drivers\tcpip.sys
2007-02-17 12:02 2018816 54df9001110934c98ecff5691b332f5f C:\WINDOWS\system32\ntkrnlpa.exe
2007-02-17 12:02 2139136 22b96841df0b4186fce1498d8f695bdf C:\WINDOWS\system32\ntoskrnl.exe
2007-01-15 16:12 1549312 e5241037518f63e806dcf75f78dc84a8 C:\WINDOWS\explorer.exe
2007-02-17 12:03 57856 ad3d9d191aea7b5445fe1d82ffbb4788 C:\WINDOWS\system32\spoolsv.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 12:48 157592]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-02-09 16:00 25388584]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2008-03-20 12:04 2127296]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 15:57 1289000]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 09:42 2156368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Vistadrv"="C:\Program Files\VistaDrives\vsdrv.exe" [2006-07-30 03:37 121089]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-16 14:01 13529088]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-16 14:01 86016]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-26 10:01 1235736]
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2008-06-03 20:33 878672]
"RTHDCPL"="RTHDCPL.EXE" [2006-12-19 12:12 16062464 C:\WINDOWS\RTHDCPL.EXE]
"SkyTel"="SkyTel.EXE" [2006-05-16 19:04 2879488 C:\WINDOWS\SkyTel.exe]
"Licence"="Licence.exe" [2007-01-08 20:49 101651 C:\WINDOWS\system32\Licence.exe]
"nwiz"="nwiz.exe" [2008-05-16 14:01 1630208 C:\WINDOWS\system32\nwiz.exe]
C:\Documents and Settings\TXP\Menu Start\Programy\Autostart\
MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe [2008-07-15 14:52:53 547840]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"= 1 (0x1)
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDesktopCleanupWizard"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMBalloonTip"= 0 (0x0)
"NoUserNameInStartMenu"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoExpandedNewMenu"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)
"NoThumbnailCache"= 1 (0x1)
"NoTaskGrouping"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMBalloonTip"= 0 (0x0)
"StartMenuLogoff"= 0 (0x0)
"NoUserNameInStartMenu"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoExpandedNewMenu"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)
"NoThumbnailCache"= 1 (0x1)
"NoTaskGrouping"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
"VIDC.WMV3"= C:\PROGRA~1\COMBIN~1\Filters\wmv9vcm.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3478:UDP"= 3478:UDP:stun
"3479:UDP"= 3479:UDP:stun 2
"6112:UDP"= 6112:UDP:stun 3
"5730:UDP"= 5730:UDP:game
"5739:UDP"= 5739:UDP:game 1
"9001:TCP"= 9001:TCP:game 2
"11881:TCP"= 11881:TCP:game 3
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-07-16 20:22]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-26 10:01]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-26 10:01]
R2 avgfws8;AVG8 Firewall;C:\PROGRA~1\AVG\AVG8\avgfws8.exe [2008-07-26 10:01]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-16 20:22]
R3 Avgfwdx;Avgfwdx;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-07-16 20:22]
S3 Avgfwfd;AVG network filter service;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-07-16 20:22]
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]
*Newly Created Service* - PROCEXP90
*Newly Created Service* - SPEEDFAN
*Newly Created Service* - WUAUSERV
.
.
------- Supplementary Scan -------
.
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/keyword/%s
O8 -: E&ksportuj do programu Microsoft Excel - C:\PROGRA~1\Microsoft Office\Office12\EXCEL.EXE/3000
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-26 10:18:51
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-07-26 10:19:21
ComboFix-quarantined-files.txt 2008-07-26 08:19:19
Pre-Run: 7,061,118,976 bajtów wolnych
Post-Run: 7,277,047,808 bajtów wolnych
266