przez pablos150 28 Lip 2007, 15:50
, a pytam o to dlatego, że w neci widze dużo problemów z tym programem/procesem.
przez wojtas 28 Lip 2007, 20:39
przez pablos150 28 Lip 2007, 22:14
Logfile of HijackThis v1.99.1
Scan saved at 22:08:17, on 2007-07-28
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Program Files\cFosSpeed\spd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\cFosSpeed\cFosSpeed.exe
C:\Program Files\Tlen.pl\tlen.exe
C:\Program Files\AutoConnect\AutoConnect.exe
C:\Program Files\Azureus\Azureus.exe
C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Opera\Opera.exe
E:\instalki\hijackthis_199\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [cFosSpeed] C:\Program Files\cFosSpeed\cFosSpeed.exe
O4 - HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe
O4 - HKCU\..\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe
O4 - Global Startup: Azureus Vuze.lnk = C:\Program Files\Azureus\Azureus.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Subscribe in Desktop Sidebar - res:/C:\Program Files\Desktop Sidebar\sbhelp.dll/menuhandler.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra button: Zaprenumeruj w Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra 'Tools' menuitem: Zaprenumeruj w Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{1B297E59-CAC6-4F0B-9509-C35922A441BC}: NameServer = 194.204.159.1 217.98.63.164
O17 - HKLM\System\CS1\Services\Tcpip\..\{1B297E59-CAC6-4F0B-9509-C35922A441BC}: NameServer = 194.204.159.1 217.98.63.164
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: cFosSpeed System Service (cFosSpeedS) - Unknown owner - C:\Program Files\cFosSpeed\spd.exe" -service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: lxbs_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbscoms.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
"Silent Runners.vbs", revision R51, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"Komunikator" = "C:\Program Files\Tlen.pl\tlen.exe" ["o2.pl Sp. z o.o."]
"AutoConnect" = "C:\Program Files\AutoConnect\AutoConnect.exe" ["http://autoconnect.prv.pl"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"ehTray" = "C:\WINDOWS\ehome\ehtray.exe" [MS]
"nod32kui" = ""C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE" ["Eset "]
"ZoneAlarm Client" = ""C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"" ["Zone Labs, LLC"]
"RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."]
"SkyTel" = "SkyTel.EXE" ["Realtek Semiconductor Corp."]
"Alcmtr" = "ALCMTR.EXE" ["Realtek Semiconductor Corp."]
"NWEReboot" = "(empty string)" [file not found]
"SpeedTouch USB Diagnostics" = ""C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon" ["THOMSON Telecom Belgium"]
"SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"" ["Sun Microsystems, Inc."]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]
"MULTIMEDIA KEYBOARD" = "C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe" ["Netropa Corp."]
"WinampAgent" = "C:\Program Files\Winamp\winampa.exe" [null data]
"cFosSpeed" = "C:\Program Files\cFosSpeed\cFosSpeed.exe" ["cFos Software GmbH"]
HKLM\Software\Microsoft\Active Setup\Installed Components\
>{26923b43-4d38-484f-9b9e-de460746276c}\(Default) = "Internet Explorer"
\StubPath = "C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigIE" [MS]
>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}\(Default) = "Outlook Express"
\StubPath = "C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE" [MS]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{22BF413B-C6D2-4d91-82A9-A0F997BA588C}\(Default) = "Skype add-on (mastermind)"
-> {HKLM...CLSID} = "Skype add-on (mastermind)"
\InProcServer32\(Default) = "C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL" ["Skype Technologies S.A."]
{45AD732C-2CE2-4666-B366-B2214AD57A49}\(Default) = "Idea2 SidebarBrowserMonitor Class"
-> {HKLM...CLSID} = "Idea2 SidebarBrowserMonitor Class"
\InProcServer32\(Default) = "C:\Program Files\Desktop Sidebar\sbhelp.dll" ["Idea2"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll" ["Sun Microsystems, Inc."]
{CC59E0F9-7E43-44FA-9FAA-8377850BF205}\(Default) = (no title provided)
-> {HKLM...CLSID} = "FDMIECookiesBHO Class"
\InProcServer32\(Default) = "C:\Program Files\Free Download Manager\iefdmcks.dll" [null data]
{E5A1691B-D188-4419-AD02-90002030B8EE}\(Default) = (no title provided)
-> {HKLM...CLSID} = "FlashFXP Helper for Internet Explorer"
\InProcServer32\(Default) = "C:\PROGRA~1\FlashFXP\IEFlash.dll" ["IniCom Networks, Inc."]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {HKLM...CLSID} = "Display Panning CPL Extension"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\audiodev.dll" [MS]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{B089FE88-FB52-11D3-BDF1-0050DA34150D}" = "NOD32 Context Menu Shell Extension"
-> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]
"{D9872D13-7651-4471-9EEE-F0A00218BEBB}" = "Multiscan"
-> {HKLM...CLSID} = "ZLAVShExt Class"
\InProcServer32\(Default) = "C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll" ["Zone Labs, LLC"]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{F2185E5D-720E-4956-90D9-75F6AC141575}" = "Idea2 SidebarIconHandler Class"
-> {HKLM...CLSID} = "SidebarIconHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Desktop Sidebar\sbhelp.dll" ["Idea2"]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "C:\Program Files\ACE Mega CoDecS Pack\SystemS\RealMedia\rpshell.dll" [file not found]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"
-> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
ZLAVShExt\(Default) = "{D9872D13-7651-4471-9EEE-F0A00218BEBB}"
-> {HKLM...CLSID} = "ZLAVShExt Class"
\InProcServer32\(Default) = "C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll" ["Zone Labs, LLC"]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"
-> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
ZLAVShExt\(Default) = "{D9872D13-7651-4471-9EEE-F0A00218BEBB}"
-> {HKLM...CLSID} = "ZLAVShExt Class"
\InProcServer32\(Default) = "C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll" ["Zone Labs, LLC"]
Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------
Note: detected settings may not have any effect.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\
"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}
"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}
"InstallVisualStyle" = (REG_EXPAND_SZ) C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
{unrecognized setting}
"InstallTheme" = (REG_EXPAND_SZ) C:\WINDOWS\Resources\Themes\Royale.theme
{unrecognized setting}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Administrator\Application Data\Opera\Opera\profile\skin\adc6849e06c0cf95.bmp"
Startup items in "Administrator" & "All Users" startup folders:
---------------------------------------------------------------
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"Azureus Vuze" -> shortcut to: "C:\Program Files\Azureus\Azureus.exe" ["Azureus, Inc"]
"Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l" [MS]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
C:\WINDOWS\system32\imon.dll ["Eset "], 01 - 05, 11
%SystemRoot%\system32\mswsock.dll [MS], 06 - 08, 12 - 21
%SystemRoot%\system32\rsvpsp.dll [MS], 09 - 10
Toolbars, Explorer Bars, Extensions:
------------------------------------
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}"
-> {HKLM...CLSID} = "Java Plug-in 1.6.0_02"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll" ["Sun Microsystems, Inc."]
{09FE188B-6E85-479E-9411-51FB2220DF80}\
"ButtonText" = "Zaprenumeruj w Desktop Sidebar"
"MenuText" = "Zaprenumeruj w Desktop Sidebar"
"CLSIDExtension" = "{45AD732C-2CE2-4666-B366-B2214AD57A49}"
-> {HKLM...CLSID} = "Idea2 SidebarBrowserMonitor Class"
\InProcServer32\(Default) = "C:\Program Files\Desktop Sidebar\sbhelp.dll" ["Idea2"]
{77BF5300-1474-4EC7-9980-D32B190E9B07}\
"ButtonText" = "Skype"
"CLSIDExtension" = "{77BF5300-1474-4EC7-9980-D32B190E9B07}"
-> {HKLM...CLSID} = "Skype add-on (button)"
\InProcServer32\(Default) = "C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL" ["Skype Technologies S.A."]
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
cFosSpeed System Service, cFosSpeedS, ""C:\Program Files\cFosSpeed\spd.exe" -service" ["cFos Software GmbH"]
Media Center Extender Service, McrdSvc, "C:\WINDOWS\ehome\mcrdsvc.exe" [MS]
Netropa NHK Server, nhksrv, "C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe" [null data]
NOD32 Kernel Service, NOD32krn, ""C:\Program Files\Eset\nod32krn.exe"" ["Eset "]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
STI Simulator, STI Simulator, "C:\WINDOWS\System32\PAStiSvc.exe" [null data]
TrueVector Internet Monitor, vsmon, "C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service" ["Zone Labs, LLC"]
Usługa Odbiornik Media Center, ehRecvr, "C:\WINDOWS\eHome\ehRecvr.exe" [MS]
Usługa Planowanie nagrywania, ehSched, "C:\WINDOWS\eHome\ehSched.exe" [MS]
Keyboard Driver Filters:
------------------------
HKLM\System\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}\
"UpperFilters" = <<!>> "msikbd2k" ["Netropa Corporation"]
Print Monitors:
---------------
HKLM\System\CurrentControlSet\Control\Print\Monitors\
810 Series Port\Driver = "lxbslmpm.DLL" ["Lexmark International, Inc."]
---------- (launch time: 2007-07-28 22:10:39)
<<!>>: Suspicious data at a malware launch point.
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 39 seconds.
---------- (total run time: 77 seconds)
przez wojtas 28 Lip 2007, 22:16
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
przez pablos150 28 Lip 2007, 22:37
"Administrator" - 2007-07-28 22:20:06 - ComboFix 07-07-23.6 - Service Pack 2 NTFS
((((((((((((((((((((((((( Files Created from 2007-06-28 to 2007-07-28 )))))))))))))))))))))))))))))))
2007-07-28 22:19 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-28 20:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Test Drive Unlimited
2007-07-28 20:12 108,144 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-07-28 20:12 <DIR> dr-h----- C:\DOCUME~1\ADMINI~1\APPLIC~1\SecuROM
2007-07-28 16:41 <DIR> d-------- C:\Program Files\eMule
2007-07-28 16:39 <DIR> d-------- C:\Program Files\xp-AntiSpy
2007-07-27 20:59 <DIR> d-------- C:\Program Files\Lavalys
2007-07-24 16:36 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\GanymedeNet
2007-07-24 16:34 <DIR> d-------- C:\Program Files\Ganymede
2007-07-23 20:37 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\U3
2007-07-22 22:21 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Media Player Classic
2007-07-22 22:20 73,728 --a------ C:\WINDOWS\system32\dpl100.dll
2007-07-22 22:20 635,486 --a------ C:\WINDOWS\system32\divx.dll
2007-07-22 22:20 630,784 --a------ C:\WINDOWS\system32\vp7vfw.dll
2007-07-22 22:20 558,592 --a------ C:\WINDOWS\system32\x264vfw.dll
2007-07-22 22:20 438,272 --a------ C:\WINDOWS\system32\vp6vfw.dll
2007-07-22 22:20 39,936 --a------ C:\WINDOWS\system32\huffyuv.dll
2007-07-22 22:20 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-07-22 22:20 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll
2007-07-22 22:20 217,088 --a------ C:\WINDOWS\system32\i420vfw.dll
2007-07-22 22:20 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-07-22 22:20 196,608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-07-22 22:20 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-07-22 22:20 144,384 --a------ C:\WINDOWS\system32\Iacenc.dll
2007-07-22 22:20 10,752 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-07-22 22:20 1,565,480 --a------ C:\WINDOWS\system32\wmv9vcm.dll
2007-07-22 22:20 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-07-22 22:20 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2007-07-22 16:21 <DIR> d-------- C:\Program Files\NAPI-PROJEKT
2007-07-20 18:09 <DIR> d-------- C:\Program Files\JlgSolera
2007-07-20 17:43 <DIR> d-------- C:\Program Files\ICeQ
2007-07-20 08:56 77,824 --a------ C:\WINDOWS\system32\mplaw7.dll
2007-07-20 08:56 77,824 --a------ C:\WINDOWS\system32\mplaa6.dll
2007-07-20 08:56 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-07-20 08:56 65,536 --a------ C:\WINDOWS\system32\mplapx.dll
2007-07-20 08:56 65,536 --a------ C:\WINDOWS\system32\mplam6.dll
2007-07-20 08:56 19,968 --a------ C:\WINDOWS\system32\cpuinf32.dll
2007-07-20 08:56 152,064 --a------ C:\WINDOWS\system32\unrar.dll
2007-07-20 08:56 1,650,688 --a------ C:\WINDOWS\system32\mplva6.dll
2007-07-20 08:56 1,581,056 --a------ C:\WINDOWS\system32\mplvw7.dll
2007-07-20 08:56 1,552,384 --a------ C:\WINDOWS\system32\mplvm6.dll
2007-07-20 08:56 1,122,304 --a------ C:\WINDOWS\system32\mplvpx.dll
2007-07-20 08:55 <DIR> d-------- C:\Program Files\ACE Mega CoDecS Pack
2007-07-19 12:02 656,600 -ra------ C:\WINDOWS\system32\drivers\cfosspeed.sys
2007-07-19 11:59 281,816 --a------ C:\WINDOWS\system32\cfosspeed.dll
2007-07-19 11:57 <DIR> d-------- C:\Program Files\cFosSpeed
2007-07-18 23:36 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Talkback
2007-07-18 23:30 <DIR> d-------- C:\Program Files\IrfanView
2007-07-18 16:07 19,648 --a------ C:\DOCUME~1\ADMINI~1\APPLIC~1\GDIPFONTCACHEV1.DAT
2007-07-13 14:16 <DIR> d-------- C:\Program Files\ASIO4ALL v2
2007-07-13 12:18 225,280 --a------ C:\WINDOWS\system32\rewire.dll
2007-07-13 12:18 <DIR> d-------- C:\Program Files\VstPlugins
2007-07-13 12:16 <DIR> d-------- C:\Program Files\Image-Line
2007-07-13 12:07 <DIR> d-------- C:\Program Files\DAEMON Tools
2007-07-13 11:44 <DIR> d-------- C:\Program Files\FlashFXP
2007-07-13 11:44 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\FlashFXP
2007-07-12 23:54 <DIR> d-------- C:\Program Files\Damian Pasternak
2007-07-12 19:09 682,232 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-07-12 19:06 <DIR> d-------- C:\Program Files\Crystal Player
2007-07-12 19:06 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Crystal Player
2007-07-12 18:59 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2007-07-12 18:59 249,856 --------- C:\WINDOWS\Setup1.exe
2007-07-12 18:59 <DIR> d-------- C:\Program Files\MaXimus DVD v1.2
2007-07-12 18:41 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-07-12 18:40 <DIR> d-------- C:\Program Files\MarBit
2007-07-09 17:12 <DIR> d-------- C:\Program Files\TibiaBot NG
2007-07-09 17:12 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-07-08 11:43 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-07-08 11:43 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-07-08 11:43 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2007-07-07 16:10 23,040 --------- C:\WINDOWS\kb913800.exe
2007-07-06 23:16 <DIR> d-------- C:\Program Files\Desktop Sidebar
2007-07-06 23:16 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Desktop Sidebar
2007-07-06 22:45 <DIR> d-------- C:\Program Files\Azureus
2007-07-06 22:45 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
2007-07-06 22:45 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Azureus
2007-07-06 20:52 <DIR> d-a------ C:\WINDOWS\Shell
2007-07-06 20:29 <DIR> d-------- C:\Python25
2007-07-06 20:07 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-07-06 20:07 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2007-07-06 19:46 1,867,776 --a------ C:\WINDOWS\system32\python24.dll
2007-07-06 19:46 1,867,776 --a------ C:\WINDOWS\system\python24.dll
2007-07-06 19:45 1,867,776 --a------ C:\WINDOWS\python24.dll
2007-07-06 19:45 <DIR> d-------- C:\Program Files\Tibia Auto
2007-07-06 19:43 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2007-07-06 19:42 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2007-07-06 19:42 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2007-07-06 19:42 53,248 --a------ C:\WINDOWS\system32\PAStiSvc.exe
2007-07-06 19:42 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2007-07-06 19:42 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2007-07-06 19:42 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2007-07-06 19:42 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2007-07-06 19:42 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2007-07-06 19:41 <DIR> d-------- C:\WINDOWS\PixArt
2007-07-06 19:41 <DIR> d-------- C:\Program Files\PC Camera
2007-07-06 19:41 <DIR> d-------- C:\Program Files\Common Files\PCCamera
2007-07-06 19:34 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2007-07-06 19:26 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Ashampoo
2007-07-06 19:25 <DIR> d-------- C:\Program Files\Ashampoo
2007-07-06 19:25 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\ashampoo
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-07-28 14:39:57 359,808 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2007-07-06 10:03:58 502,272 ----a-w C:\WINDOWS\system32\winlogon.exe
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-07-06 12:27]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 01:02]
"RTHDCPL"="RTHDCPL.EXE" [2007-01-30 12:54 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 12:04 C:\WINDOWS\SkyTel.exe]
"Alcmtr"="ALCMTR.EXE" [2005-05-03 12:43 C:\WINDOWS\Alcmtr.exe]
"NWEReboot"="" []
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 11:38]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"nwiz"="nwiz.exe" [2007-04-19 13:26 C:\WINDOWS\system32\nwiz.exe]
"MULTIMEDIA KEYBOARD"="C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe" [2002-07-12 00:22]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-15 00:22]
"cFosSpeed"="C:\Program Files\cFosSpeed\cFosSpeed.exe" [2007-03-15 18:59]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Komunikator"="C:\Program Files\Tlen.pl\tlen.exe" [2007-01-18 11:09]
"AutoConnect"="C:\Program Files\AutoConnect\AutoConnect.exe" [2004-08-28 20:27]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Azureus Vuze.lnk - C:\Program Files\Azureus\Azureus.exe [2007-07-06 22:45:01]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
R0 speedfan;speedfan;C:\WINDOWS\system32\speedfan.sys
R0 srescan;srescan;C:\WINDOWS\system32\ZoneLabs\srescan.sys
R1 AmdK8;Sterownik procesora AMD;C:\WINDOWS\system32\DRIVERS\AmdK8.sys
R1 msikbd2k;Multimedia Keyboard Filter Driver;C:\WINDOWS\system32\DRIVERS\msikbd2k.sys
R1 nod32drv;nod32drv;C:\WINDOWS\system32\drivers\nod32drv.sys
R2 cFosSpeedS;cFosSpeed System Service;"C:\Program Files\cFosSpeed\spd.exe" -service
R2 ehRecvr;Usuga Odbiornik Media Center;C:\WINDOWS\eHome\ehRecvr.exe
R2 ehSched;Usuga Planowanie nagrywania;C:\WINDOWS\eHome\ehSched.exe
R2 McrdSvc;Media Center Extender Service;C:\WINDOWS\ehome\mcrdsvc.exe
R2 nhksrv;Netropa NHK Server;C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
R3 alcan5wn;SpeedTouch USB ADSL PPP Networking Driver (NDISWAN);C:\WINDOWS\system32\DRIVERS\alcan5wn.sys
R3 alcaudsl;SpeedTouch ADSL Modem ATM Transport;C:\WINDOWS\system32\DRIVERS\alcaudsl.sys
R3 cFosSpeed;cFosSpeed Miniport;C:\WINDOWS\system32\DRIVERS\cfosspeed.sys
S3 gdrv;gdrv;\??\C:\WINDOWS\gdrv.sys
S3 MHN;MHN;C:\WINDOWS\System32\svchost.exe -k netsvcs
S3 MHNDRV;MHN driver;C:\WINDOWS\system32\DRIVERS\mhndrv.sys
S3 PAC207;SoC PC-Camera;C:\WINDOWS\system32\DRIVERS\pfc027.sys
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
AutoRun\command- I:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ff1f121-3abd-11dc-b664-000e50d680eb}]
AutoRun\command- I:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ff1f123-3abd-11dc-b664-000e50d680eb}]
AutoRun\command- I:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d88d45f3-3944-11dc-b65d-000e50d680eb}]
AutoRun\command- I:\LaunchU3.exe -a
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-28 22:21:14
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-07-28 22:21:55
--- E O F -
"Administrator" - 2007-07-28 22:29:05 - ComboFix 07-07-23.6 - Service Pack 2 NTFS [SAFE MODE]
((((((((((((((((((((((((( Files Created from 2007-06-28 to 2007-07-28 )))))))))))))))))))))))))))))))
2007-07-28 22:21 <DIR> d-------- C:\WINDOWS\pss
2007-07-28 22:19 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-28 20:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Test Drive Unlimited
2007-07-28 20:12 108,144 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-07-28 20:12 <DIR> dr-h----- C:\DOCUME~1\ADMINI~1\APPLIC~1\SecuROM
2007-07-28 16:41 <DIR> d-------- C:\Program Files\eMule
2007-07-28 16:39 <DIR> d-------- C:\Program Files\xp-AntiSpy
2007-07-27 20:59 <DIR> d-------- C:\Program Files\Lavalys
2007-07-24 16:36 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\GanymedeNet
2007-07-24 16:34 <DIR> d-------- C:\Program Files\Ganymede
2007-07-23 20:37 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\U3
2007-07-22 22:21 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Media Player Classic
2007-07-22 22:20 73,728 --a------ C:\WINDOWS\system32\dpl100.dll
2007-07-22 22:20 635,486 --a------ C:\WINDOWS\system32\divx.dll
2007-07-22 22:20 630,784 --a------ C:\WINDOWS\system32\vp7vfw.dll
2007-07-22 22:20 558,592 --a------ C:\WINDOWS\system32\x264vfw.dll
2007-07-22 22:20 438,272 --a------ C:\WINDOWS\system32\vp6vfw.dll
2007-07-22 22:20 39,936 --a------ C:\WINDOWS\system32\huffyuv.dll
2007-07-22 22:20 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-07-22 22:20 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll
2007-07-22 22:20 217,088 --a------ C:\WINDOWS\system32\i420vfw.dll
2007-07-22 22:20 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-07-22 22:20 196,608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-07-22 22:20 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-07-22 22:20 144,384 --a------ C:\WINDOWS\system32\Iacenc.dll
2007-07-22 22:20 10,752 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-07-22 22:20 1,565,480 --a------ C:\WINDOWS\system32\wmv9vcm.dll
2007-07-22 22:20 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-07-22 22:20 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2007-07-22 16:21 <DIR> d-------- C:\Program Files\NAPI-PROJEKT
2007-07-20 18:09 <DIR> d-------- C:\Program Files\JlgSolera
2007-07-20 17:43 <DIR> d-------- C:\Program Files\ICeQ
2007-07-20 08:56 77,824 --a------ C:\WINDOWS\system32\mplaw7.dll
2007-07-20 08:56 77,824 --a------ C:\WINDOWS\system32\mplaa6.dll
2007-07-20 08:56 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-07-20 08:56 65,536 --a------ C:\WINDOWS\system32\mplapx.dll
2007-07-20 08:56 65,536 --a------ C:\WINDOWS\system32\mplam6.dll
2007-07-20 08:56 19,968 --a------ C:\WINDOWS\system32\cpuinf32.dll
2007-07-20 08:56 152,064 --a------ C:\WINDOWS\system32\unrar.dll
2007-07-20 08:56 1,650,688 --a------ C:\WINDOWS\system32\mplva6.dll
2007-07-20 08:56 1,581,056 --a------ C:\WINDOWS\system32\mplvw7.dll
2007-07-20 08:56 1,552,384 --a------ C:\WINDOWS\system32\mplvm6.dll
2007-07-20 08:56 1,122,304 --a------ C:\WINDOWS\system32\mplvpx.dll
2007-07-20 08:55 <DIR> d-------- C:\Program Files\ACE Mega CoDecS Pack
2007-07-19 12:02 656,600 -ra------ C:\WINDOWS\system32\drivers\cfosspeed.sys
2007-07-19 11:59 281,816 --a------ C:\WINDOWS\system32\cfosspeed.dll
2007-07-19 11:57 <DIR> d-------- C:\Program Files\cFosSpeed
2007-07-18 23:36 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Talkback
2007-07-18 23:30 <DIR> d-------- C:\Program Files\IrfanView
2007-07-18 16:07 19,648 --a------ C:\DOCUME~1\ADMINI~1\APPLIC~1\GDIPFONTCACHEV1.DAT
2007-07-13 14:16 <DIR> d-------- C:\Program Files\ASIO4ALL v2
2007-07-13 12:18 225,280 --a------ C:\WINDOWS\system32\rewire.dll
2007-07-13 12:18 <DIR> d-------- C:\Program Files\VstPlugins
2007-07-13 12:16 <DIR> d-------- C:\Program Files\Image-Line
2007-07-13 12:07 <DIR> d-------- C:\Program Files\DAEMON Tools
2007-07-13 11:44 <DIR> d-------- C:\Program Files\FlashFXP
2007-07-13 11:44 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\FlashFXP
2007-07-12 23:54 <DIR> d-------- C:\Program Files\Damian Pasternak
2007-07-12 19:09 682,232 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-07-12 19:06 <DIR> d-------- C:\Program Files\Crystal Player
2007-07-12 19:06 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Crystal Player
2007-07-12 18:59 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2007-07-12 18:59 249,856 --------- C:\WINDOWS\Setup1.exe
2007-07-12 18:59 <DIR> d-------- C:\Program Files\MaXimus DVD v1.2
2007-07-12 18:41 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-07-12 18:40 <DIR> d-------- C:\Program Files\MarBit
2007-07-09 17:12 <DIR> d-------- C:\Program Files\TibiaBot NG
2007-07-09 17:12 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-07-08 11:43 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-07-08 11:43 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-07-08 11:43 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2007-07-07 16:10 23,040 --------- C:\WINDOWS\kb913800.exe
2007-07-06 23:16 <DIR> d-------- C:\Program Files\Desktop Sidebar
2007-07-06 23:16 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Desktop Sidebar
2007-07-06 22:45 <DIR> d-------- C:\Program Files\Azureus
2007-07-06 22:45 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
2007-07-06 22:45 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Azureus
2007-07-06 20:52 <DIR> d-a------ C:\WINDOWS\Shell
2007-07-06 20:29 <DIR> d-------- C:\Python25
2007-07-06 20:07 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-07-06 20:07 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2007-07-06 19:46 1,867,776 --a------ C:\WINDOWS\system32\python24.dll
2007-07-06 19:46 1,867,776 --a------ C:\WINDOWS\system\python24.dll
2007-07-06 19:45 1,867,776 --a------ C:\WINDOWS\python24.dll
2007-07-06 19:45 <DIR> d-------- C:\Program Files\Tibia Auto
2007-07-06 19:43 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2007-07-06 19:42 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2007-07-06 19:42 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2007-07-06 19:42 53,248 --a------ C:\WINDOWS\system32\PAStiSvc.exe
2007-07-06 19:42 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2007-07-06 19:42 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2007-07-06 19:42 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2007-07-06 19:42 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2007-07-06 19:42 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2007-07-06 19:41 <DIR> d-------- C:\WINDOWS\PixArt
2007-07-06 19:41 <DIR> d-------- C:\Program Files\PC Camera
2007-07-06 19:41 <DIR> d-------- C:\Program Files\Common Files\PCCamera
2007-07-06 19:34 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2007-07-06 19:26 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Ashampoo
2007-07-06 19:25 <DIR> d-------- C:\Program Files\Ashampoo
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-07-28 14:39:57 359,808 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2007-07-06 10:03:58 502,272 ----a-w C:\WINDOWS\system32\winlogon.exe
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-07-06 12:27]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 01:02]
"RTHDCPL"="RTHDCPL.EXE" [2007-01-30 12:54 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 12:04 C:\WINDOWS\SkyTel.exe]
"NWEReboot"="" []
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 11:38]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"nwiz"="nwiz.exe" [2007-04-19 13:26 C:\WINDOWS\system32\nwiz.exe]
"MULTIMEDIA KEYBOARD"="C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe" [2002-07-12 00:22]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-15 00:22]
"cFosSpeed"="C:\Program Files\cFosSpeed\cFosSpeed.exe" [2007-03-15 18:59]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Komunikator"="C:\Program Files\Tlen.pl\tlen.exe" [2007-01-18 11:09]
"AutoConnect"="C:\Program Files\AutoConnect\AutoConnect.exe" [2004-08-28 20:27]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Azureus Vuze.lnk - C:\Program Files\Azureus\Azureus.exe [2007-07-06 22:45:01]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
R0 speedfan;speedfan;C:\WINDOWS\system32\speedfan.sys
R1 msikbd2k;Multimedia Keyboard Filter Driver;C:\WINDOWS\system32\DRIVERS\msikbd2k.sys
S0 srescan;srescan;C:\WINDOWS\system32\ZoneLabs\srescan.sys
S1 AmdK8;Sterownik procesora AMD;C:\WINDOWS\system32\DRIVERS\AmdK8.sys
S1 nod32drv;nod32drv;C:\WINDOWS\system32\drivers\nod32drv.sys
S2 cFosSpeedS;cFosSpeed System Service;"C:\Program Files\cFosSpeed\spd.exe" -service
S2 ehRecvr;Usuga Odbiornik Media Center;C:\WINDOWS\eHome\ehRecvr.exe
S2 ehSched;Usuga Planowanie nagrywania;C:\WINDOWS\eHome\ehSched.exe
S2 McrdSvc;Media Center Extender Service;C:\WINDOWS\ehome\mcrdsvc.exe
S2 nhksrv;Netropa NHK Server;C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
S3 alcan5wn;SpeedTouch USB ADSL PPP Networking Driver (NDISWAN);C:\WINDOWS\system32\DRIVERS\alcan5wn.sys
S3 alcaudsl;SpeedTouch ADSL Modem ATM Transport;C:\WINDOWS\system32\DRIVERS\alcaudsl.sys
S3 cFosSpeed;cFosSpeed Miniport;C:\WINDOWS\system32\DRIVERS\cfosspeed.sys
S3 gdrv;gdrv;\??\C:\WINDOWS\gdrv.sys
S3 MHN;MHN;C:\WINDOWS\System32\svchost.exe -k netsvcs
S3 MHNDRV;MHN driver;C:\WINDOWS\system32\DRIVERS\mhndrv.sys
S3 PAC207;SoC PC-Camera;C:\WINDOWS\system32\DRIVERS\pfc027.sys
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
AutoRun\command- I:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ff1f121-3abd-11dc-b664-000e50d680eb}]
AutoRun\command- I:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ff1f123-3abd-11dc-b664-000e50d680eb}]
AutoRun\command- I:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d88d45f3-3944-11dc-b65d-000e50d680eb}]
AutoRun\command- I:\LaunchU3.exe -a
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-28 22:30:02
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-07-28 22:30:32
C:\ComboFix2.txt ... 2007-07-28 22:21
--- E O F ---
Użytkownicy przeglądający to forum: Brak zarejestrowanych użytkowników oraz 40 gości