- Kod: Zaznacz wszystko
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:12:42, on 2008-10-07
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) - https://www.bph.pl/sezam/components/SignActivX.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 7456 bytes
i ComboFix.
- Kod: Zaznacz wszystko
ComboFix 08-10-07.01 - Meśte 2008-10-07 20:25:13.7 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1045.18.269 [GMT 2:00]
Uruchomiony z: C:\Documents and Settings\Meśte\Pulpit\ComboFix.exe
* Utworzono nowy punkt przywracania
* Resident AV is active
[COLOR=RED][B]UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !![/B][/COLOR]
.
((((((((((((((((((((((((( Pliki utworzone od 2008-09-07 do 2008-10-07 )))))))))))))))))))))))))))))))
.
2008-10-07 20:12 . 2008-10-07 20:12 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-06 21:57 . 2008-10-06 21:57 <DIR> d-------- C:\Program Files\Edgard Multimedia
2008-10-05 17:14 . 2008-10-05 17:14 <DIR> dr-h----- C:\Documents and Settings\Meśte\Dane aplikacji\SecuROM
2008-10-05 17:14 . 2008-10-05 17:14 <DIR> dr-h----- C:\Documents and Settings\Meśte\Dane aplikacji\SecuROM
2008-10-05 17:14 . 2008-10-05 17:14 <DIR> dr-h----- C:\Documents and Settings\Meśte\Dane aplikacji\SecuROM
2008-10-02 19:10 . 2008-10-02 19:10 <DIR> d-------- C:\Program Files\VirtualDJ
2008-09-23 22:37 . 2008-10-02 07:00 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Symantec
2008-09-23 22:36 . 2008-10-02 07:00 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-09-20 19:57 . 2008-09-20 19:57 <DIR> d-------- C:\Documents and Settings\Meśte\Phone Browser
2008-09-20 19:57 . 2008-09-20 19:57 <DIR> d-------- C:\Documents and Settings\Meśte\Phone Browser
2008-09-20 19:32 . 2008-09-20 20:01 <DIR> d-------- C:\Documents and Settings\Meśte\Dane aplikacji\Nokia
2008-09-20 19:32 . 2008-09-20 20:01 <DIR> d-------- C:\Documents and Settings\Meśte\Dane aplikacji\Nokia
2008-09-20 19:32 . 2008-09-20 20:01 <DIR> d-------- C:\Documents and Settings\Meśte\Dane aplikacji\Nokia
2008-09-20 19:32 . 2008-09-20 19:33 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\PC Suite
2008-09-20 19:31 . 2008-09-20 19:31 <DIR> d-------- C:\Program Files\DIFX
2008-09-20 19:31 . 2008-09-20 19:31 <DIR> d-------- C:\Documents and Settings\Meśte\Dane aplikacji\PC Suite
2008-09-20 19:31 . 2008-09-20 19:31 <DIR> d-------- C:\Documents and Settings\Meśte\Dane aplikacji\PC Suite
2008-09-20 19:31 . 2008-09-20 19:31 <DIR> d-------- C:\Documents and Settings\Meśte\Dane aplikacji\PC Suite
2008-09-20 19:31 . 2007-03-20 11:37 831,048 --a------ C:\WINDOWS\system32\WudfUpdate_01005.dll
2008-09-20 19:30 . 2008-09-20 19:30 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2008-09-20 19:30 . 2008-10-05 17:02 <DIR> d-------- C:\Program Files\Nokia
2008-09-20 19:30 . 2007-02-22 10:15 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2008-09-20 19:30 . 2007-02-22 10:15 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2008-09-20 19:30 . 2007-02-22 10:15 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2008-09-20 19:30 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2008-09-20 19:30 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys
2008-09-20 19:30 . 2007-02-22 10:15 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2008-09-20 19:29 . 2008-09-20 19:29 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Installations
2008-09-18 13:09 . 2008-10-01 19:40 <DIR> d-------- C:\Program Files\AruaROSE
2008-09-14 21:52 . 2008-09-14 22:03 <DIR> d-------- C:\Documents and Settings\Meśte\Dane aplikacji\Image Zone Express
2008-09-14 21:52 . 2008-09-14 22:03 <DIR> d-------- C:\Documents and Settings\Meśte\Dane aplikacji\Image Zone Express
2008-09-14 21:52 . 2008-09-14 22:03 <DIR> d-------- C:\Documents and Settings\Meśte\Dane aplikacji\Image Zone Express
2008-09-11 22:38 . 2008-09-23 21:14 <DIR> d-------- C:\Documents and Settings\Meśte\Dane aplikacji\Hamachi
2008-09-11 22:38 . 2008-09-23 21:14 <DIR> d-------- C:\Documents and Settings\Meśte\Dane aplikacji\Hamachi
2008-09-11 22:38 . 2008-09-23 21:14 <DIR> d-------- C:\Documents and Settings\Meśte\Dane aplikacji\Hamachi
2008-09-11 22:37 . 2008-09-11 22:38 <DIR> d-------- C:\Program Files\Hamachi
2008-09-11 22:37 . 2008-09-11 22:37 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-06 19:55 --------- d-----w C:\Program Files\DC++
2008-10-05 11:06 --------- d-----w C:\Documents and Settings\Meśte\Dane aplikacji\DNA
2008-10-05 11:06 --------- d-----w C:\Documents and Settings\Meśte\Dane aplikacji\DNA
2008-10-05 11:06 --------- d-----w C:\Documents and Settings\Meśte\Dane aplikacji\DNA
2008-10-05 11:06 --------- d-----w C:\Documents and Settings\Meśte\Dane aplikacji\BitTorrent
2008-10-05 11:06 --------- d-----w C:\Documents and Settings\Meśte\Dane aplikacji\BitTorrent
2008-10-05 11:06 --------- d-----w C:\Documents and Settings\Meśte\Dane aplikacji\BitTorrent
2008-10-05 11:00 --------- d-----w C:\Program Files\Ashampoo
2008-10-05 10:55 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-03 12:42 --------- d-----w C:\Documents and Settings\Meśte\Dane aplikacji\Skype
2008-10-03 12:42 --------- d-----w C:\Documents and Settings\Meśte\Dane aplikacji\Skype
2008-10-03 12:42 --------- d-----w C:\Documents and Settings\Meśte\Dane aplikacji\Skype
2008-10-03 11:07 --------- d-----w C:\Documents and Settings\Meśte\Dane aplikacji\skypePM
2008-10-03 11:07 --------- d-----w C:\Documents and Settings\Meśte\Dane aplikacji\skypePM
2008-10-03 11:07 --------- d-----w C:\Documents and Settings\Meśte\Dane aplikacji\skypePM
2008-08-30 14:18 --------- d-----w C:\Program Files\DNA
2008-08-25 16:11 --------- d-----w C:\Program Files\Google
2008-08-25 13:55 --------- d-----w C:\Program Files\Warcraft III
2008-08-22 19:47 --------- d-----w C:\Documents and Settings\Meśte\Dane aplikacji\BSplayer
2008-08-22 19:47 --------- d-----w C:\Documents and Settings\Meśte\Dane aplikacji\BSplayer
2008-08-22 19:47 --------- d-----w C:\Documents and Settings\Meśte\Dane aplikacji\BSplayer
2008-08-15 15:13 --------- d-----w C:\Program Files\Gadu-Gadu
2008-08-09 15:56 --------- d-----w C:\Program Files\Ganymede
2008-08-09 15:56 --------- d-----w C:\Documents and Settings\Meśte\Dane aplikacji\GanymedeNet
2008-08-09 15:56 --------- d-----w C:\Documents and Settings\Meśte\Dane aplikacji\GanymedeNet
2008-08-09 15:56 --------- d-----w C:\Documents and Settings\Meśte\Dane aplikacji\GanymedeNet
2008-08-09 14:07 --------- d-----w C:\Documents and Settings\Meśte\Dane aplikacji\Summer Athletics 2008
2008-08-09 14:07 --------- d-----w C:\Documents and Settings\Meśte\Dane aplikacji\Summer Athletics 2008
2008-08-09 14:07 --------- d-----w C:\Documents and Settings\Meśte\Dane aplikacji\Summer Athletics 2008
2008-07-19 11:18 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-08 21:16 223,720 ----a-w C:\WINDOWS\RTL Racing Team Manager Uninstaller.exe
2008-07-07 20:29 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-04 19:19 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\MSHist012008070420080705\index.dat
.
((((((((((((((((((((((((((((( snapshot_2008-09-19_13.47.38.17 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-05 15:12:51 53,248 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2008-10-05 15:12:51 12,800 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2008-10-05 15:12:52 473,600 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2008-10-05 15:12:35 2,676,224 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-10-05 15:12:38 2,846,720 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-10-05 15:12:42 563,712 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-10-05 15:12:43 567,296 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-10-05 15:12:44 576,000 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-10-05 15:12:46 577,024 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-10-05 15:12:47 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-10-05 15:12:48 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-10-05 15:12:49 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-10-05 15:12:52 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-10-05 15:12:53 145,920 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2008-10-05 15:12:53 159,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2008-10-05 15:12:53 364,544 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2008-10-05 15:12:54 178,176 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2008-10-05 15:12:51 223,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2008-09-20 17:31:09 10,134 ----a-r C:\WINDOWS\Installer\{066D65EA-ED53-44E4-A96A-F81B6E409D2E}\ARPPRODUCTICON.exe
+ 2008-09-20 17:30:45 3,262 ----a-r C:\WINDOWS\Installer\{972B1D9B-0EAD-49E8-B7D6-3B83FD5665B1}\ARPPRODUCTICON.exe
+ 2008-10-03 17:43:01 10,134 ----a-r C:\WINDOWS\Installer\{EC9E8EAA-2F25-4265-A77B-DA3AE3FF8EC3}\callmsi.exe
+ 2008-10-03 17:43:01 136,448 ----a-r C:\WINDOWS\Installer\{EC9E8EAA-2F25-4265-A77B-DA3AE3FF8EC3}\egui.exe
+ 2005-03-18 14:23:10 53,248 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2005-03-18 14:23:10 12,800 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Diagnostics.dll
+ 2005-03-18 14:23:14 473,600 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3D.dll
+ 2004-09-29 10:38:58 2,676,224 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-03-18 14:23:10 145,920 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectDraw.dll
+ 2005-03-18 14:23:10 159,232 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectInput.dll
+ 2005-03-18 14:23:14 364,544 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectPlay.dll
+ 2005-03-18 14:23:12 178,176 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectSound.dll
+ 2005-03-18 14:23:14 223,232 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.dll
+ 2004-12-01 13:53:06 2,846,720 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2903.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-02-05 17:32:54 563,712 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2904.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-03-18 15:23:14 567,296 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2905.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-05-26 13:15:56 576,000 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2906.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-07-22 15:21:34 577,024 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2907.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-09-28 12:11:52 577,536 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2908.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-12-05 15:20:50 577,536 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2909.0\Microsoft.DirectX.Direct3DX.dll
+ 2006-02-03 05:40:48 578,560 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2910.0\Microsoft.DirectX.Direct3DX.dll
+ 2006-03-31 09:27:50 578,560 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2911.0\Microsoft.DirectX.Direct3DX.dll
+ 2007-09-26 14:23:26 511,328 ----a-w C:\WINDOWS\system32\capicom.dll
+ 2008-05-03 03:46:00 6,108,160 -c--a-w C:\WINDOWS\system32\dllcache\nv4_disp.dll
+ 2008-06-10 16:47:42 39,944 ----a-w C:\WINDOWS\system32\drivers\eamon.sys
+ 2008-06-10 16:48:38 53,256 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys
+ 2008-06-10 16:56:10 34,312 ----a-w C:\WINDOWS\system32\drivers\epfwtdir.sys
+ 2007-03-20 09:45:50 479,232 ----a-w C:\WINDOWS\system32\drivers\UMDF\PCCSWpdDriver.dll
- 2006-09-28 16:55:50 77,568 ------w C:\WINDOWS\system32\drivers\WudfPf.sys
+ 2006-09-15 20:29:52 76,544 ------w C:\WINDOWS\system32\drivers\WudfPf.sys
- 2006-09-28 17:00:34 82,944 ------w C:\WINDOWS\system32\drivers\WudfRd.sys
+ 2006-09-15 20:30:10 82,688 ------w C:\WINDOWS\system32\drivers\WudfRd.sys
+ 2007-02-22 08:15:56 137,216 -c--a-w C:\WINDOWS\system32\DRVSTORE\nmwcd_8735AFAC6D10C03890303338B0B2B9E78C6E934A\nmwcd.sys
+ 2007-02-22 08:15:12 90,624 -c--a-w C:\WINDOWS\system32\DRVSTORE\nmwcd_8735AFAC6D10C03890303338B0B2B9E78C6E934A\nmwcdcls.dll
+ 2007-02-22 08:15:12 65,536 -c--a-w C:\WINDOWS\system32\DRVSTORE\nmwcd_8735AFAC6D10C03890303338B0B2B9E78C6E934A\nmwcdcocls.dll
+ 2007-02-22 08:15:14 8,320 -c--a-w C:\WINDOWS\system32\DRVSTORE\nmwcdc_8735AFAC6D10C03890303338B0B2B9E78C6E934A\nmwcdc.sys
+ 2007-02-22 08:15:14 12,288 -c--a-w C:\WINDOWS\system32\DRVSTORE\nmwcdcj_8735AFAC6D10C03890303338B0B2B9E78C6E934A\nmwcdcj.sys
+ 2007-02-22 08:15:14 12,288 -c--a-w C:\WINDOWS\system32\DRVSTORE\nmwcdm2k_8735AFAC6D10C03890303338B0B2B9E78C6E934A\nmwcdcm.sys
+ 2007-03-20 09:45:50 479,232 -c--a-w C:\WINDOWS\system32\DRVSTORE\pccswpddri_039E7E24575DBAE6A389611AF28F4EB97729D33E\PCCSWpdDriver.dll
+ 2007-03-20 09:37:46 831,048 -c--a-w C:\WINDOWS\system32\DRVSTORE\pccswpddri_039E7E24575DBAE6A389611AF28F4EB97729D33E\WudfUpdate_01005.dll
- 2008-07-04 19:19:36 267,800 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-10-02 18:33:18 270,192 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2003-03-18 19:20:00 1,060,864 ----a-w C:\WINDOWS\system32\mfc71.dll
+ 2007-03-21 18:39:00 1,060,864 ----a-w C:\WINDOWS\system32\MFC71.DLL
- 2003-03-18 18:14:52 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
+ 2007-03-21 18:33:00 503,808 ----a-w C:\WINDOWS\system32\MSVCP71.DLL
- 2003-02-21 02:42:22 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
+ 2007-03-21 18:33:00 348,160 ----a-w C:\WINDOWS\system32\MSVCR71.DLL
- 2008-08-23 18:06:41 59,440 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-10-01 05:20:56 59,440 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-08-23 18:06:41 75,074 ----a-w C:\WINDOWS\system32\perfc015.dat
+ 2008-10-01 05:20:56 75,074 ----a-w C:\WINDOWS\system32\perfc015.dat
- 2008-08-23 18:06:41 395,200 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-10-01 05:20:56 395,200 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-08-23 18:06:41 450,908 ----a-w C:\WINDOWS\system32\perfh015.dat
+ 2008-10-01 05:20:56 450,908 ----a-w C:\WINDOWS\system32\perfh015.dat
- 2006-09-28 18:13:26 95,344 ------w C:\WINDOWS\system32\WUDFCoinstaller.dll
+ 2006-09-15 21:30:16 87,040 ------w C:\WINDOWS\system32\WUDFCoinstaller.dll
- 2006-09-28 16:56:38 146,432 ------w C:\WINDOWS\system32\WudfHost.exe
+ 2006-09-15 21:30:06 142,848 ------w C:\WINDOWS\system32\WudfHost.exe
- 2006-09-28 16:56:16 165,376 ------w C:\WINDOWS\system32\WudfPlatform.dll
+ 2006-09-15 20:29:54 163,840 ------w C:\WINDOWS\system32\WudfPlatform.dll
- 2006-09-28 16:56:14 55,808 ------w C:\WINDOWS\system32\WudfSvc.dll
+ 2006-09-15 21:30:16 55,296 ------w C:\WINDOWS\system32\WudfSvc.dll
- 2006-09-28 16:56:38 316,416 ------w C:\WINDOWS\system32\WUDFx.dll
+ 2006-09-15 21:30:16 308,224 ------w C:\WINDOWS\system32\WUDFx.dll
.
-- Migawka wyzerowana --
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-05 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-03 13529088]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-11-09 128920]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-07-22 413696]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-03 86016]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-06-10 1447168]
"nwiz"="nwiz.exe" [2008-05-03 C:\WINDOWS\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-08-30 C:\WINDOWS\SOUNDMAN.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Meśte^Menu Start^Programy^Autostart^DesktopEarth AutoStart.lnk]
path=C:\Documents and Settings\Meśte\Menu Start\Programy\Autostart\DesktopEarth AutoStart.lnk
backup=C:\WINDOWS\pss\DesktopEarth AutoStart.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Meśte^Menu Start^Programy^Autostart^OneNote 2007 Screen Clipper and Launcher.lnk]
path=C:\Documents and Settings\Meśte\Menu Start\Programy\Autostart\OneNote 2007 Screen Clipper and Launcher.lnk
backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-05-30 15:54 21718312 C:\Program Files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\w3dr.exe]
--a------ 2008-08-03 16:38 61440 D:\gry\Nowy folder\W3DR.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\DC++\\DCPlusPlus.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"D:\\gry\\Valve\\hl.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-06-10 34312]
R2 acedrv11;acedrv11;C:\WINDOWS\system32\drivers\acedrv11.sys [2008-01-23 501560]
.
- - - - USUNIĘTO PUSTE WPISY - - - -
MSConfigStartUp-swg - C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
.
------- Skan uzupełniający -------
.
FireFox -: Profile - C:\Documents and Settings\Meśte\Dane aplikacji\Mozilla\Firefox\Profiles\bnbeu5fu.default\
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-07 20:26:54
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
Czas ukończenia: 2008-10-07 20:28:08
ComboFix-quarantined-files.txt 2008-10-07 18:28:05
ComboFix2.txt 2008-09-19 11:48:01
ComboFix3.txt 2008-07-16 13:01:58
ComboFix4.txt 2008-07-14 15:02:12
Przed: 13 463 216 128 bajtów wolnych
Po: 13,489,020,928 bajtów wolnych
277 --- E O F --- 2008-09-10 20:51:46
