x-kom hosting

Trojan.win32.vb.agt ? Proszę O Sprawdzenie Logów

lukasz sz
utworzono
utworzono

trojan pochodzący najprawdopodobniej z pendrive`a

Hijack:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:06:30, on 2007-12-04

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Sygate\SPF\smc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\VDOTool\TBPanel.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files\PowerISO\PWRISOVM.EXE

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Documents and Settings\Administrator\Menu Start\Programy\Autostart\ctfmon.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.i.com.ua/~video/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll

O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe

O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidSetup.exe boot

O4 - HKLM\..\Run: [Gainward] C:\Program Files\VDOTool\TBPanel.exe /A

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [smcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"

O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\RunOnce: [sfMsiSetup] E:\PROGRAM\ACIDPR~1.EXE --run C:\PROGRA~1\SONICF~1\ACID4~1.0\ --nosetup

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: ctfmon.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe

O23 - Service: Urządzenie mobilne Apple (Apple Mobile Device) - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe

O23 - Service: Usługa iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

--

End of file - 7128 bytes

Silent Runners:

"Silent Runners.vbs", revision 53, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:

---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"Gadu-Gadu" = ""C:\Program Files\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu S.A."]

"SpybotSD TeaTimer" = "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" ["Safer Networking Limited"]

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\ {++}

"SfMsiSetup" = "E:\PROGRAM\ACIDPR~1.EXE --run C:\PROGRA~1\SONICF~1\ACID4~1.0\ --nosetup" ["Sonic Foundry, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"JMB36X IDE Setup" = "C:\WINDOWS\JM\JMInsIDE.exe" [null data]

"JMB36X Configure" = "C:\WINDOWS\system32\JMRaidSetup.exe boot" ["JMicron Technology Corp."]

"Gainward" = "C:\Program Files\VDOTool\TBPanel.exe /A" ["Palit Microsystems, Inc."]

"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]

"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]

"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]

"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]

"SmcService" = "C:\PROGRA~1\Sygate\SPF\smc.exe -startgui" ["Sygate Technologies, Inc."]

"WinampAgent" = ""C:\Program Files\Winamp\winampa.exe"" [null data]

"GhostStartTrayApp" = "C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe" ["Symantec Corporation"]

"SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"" ["Sun Microsystems, Inc."]

"PWRISOVM.EXE" = "C:\Program Files\PowerISO\PWRISOVM.EXE" ["PowerISO Computing, Inc."]

"QuickTime Task" = ""C:\Program Files\QuickTime\QTTask.exe" -atboottime" ["Apple Inc."]

"iTunesHelper" = ""C:\Program Files\iTunes\iTunesHelper.exe"" ["Apple Inc."]

"Adobe_ID0EYTHM" = "C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" ["Adobe Systems Incorporated"]

"HP Software Update" = "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" ["Hewlett-Packard Co."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{074C1DC5-9320-4A9A-947D-C042949C6216}\(Default) = (no title provided)

-> {HKLM...CLSID} = "ContributeBHO Class"

\InProcServer32\(Default) = "C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll" ["Adobe Systems Incorporated."]

{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}\(Default) = "BitComet ClickCapture"

-> {HKLM...CLSID} = "BitComet Helper"

\InProcServer32\(Default) = "C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll" ["BitComet"]

{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)

-> {HKLM...CLSID} = "Spybot-S&D IE Protection"

\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]

{740FE5FB-65F1-46C5-9E54-A19C8A8D7AC2}\(Default) = (no title provided)

-> {HKLM...CLSID} = "SACert Class"

\InProcServer32\(Default) = "C:\WINDOWS\system32\SoftAheadCert.dll" ["SoftAhead Inc."]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)

-> {HKLM...CLSID} = "SSVHelper Class"

\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."]

{EB76AA45-D0CA-46B8-922A-9DBD34148310}\(Default) = (no title provided)

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\WINDOWS\system32\mllml.dll" [null data]

{FED51DF2-9644-4C58-9104-90244EDD6EEC}\(Default) = (no title provided)

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\WINDOWS\system32\hggghgd.dll" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"

-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"

\InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"

-> {HKLM...CLSID} = "HyperTerminal Icon Ext"

\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]

"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"

-> {HKLM...CLSID} = "DesktopContext Class"

\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]

"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"

-> {HKLM...CLSID} = "NVIDIA CPL Extension"

\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]

"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"

-> {HKLM...CLSID} = "Desktop Explorer"

\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"

-> {HKLM...CLSID} = "nView Desktop Context Menu"

\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"

-> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook"

\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

"{57C51AF9-DEF7-11D3-A801-00C04F163490}" = "Ghost Shell Extension"

-> {HKLM...CLSID} = "PropPage Class"

\InProcServer32\(Default) = "C:\Program Files\Symantec\Norton Ghost 2003\GhoShExt.dll" ["Symantec Corporation"]

"{A68865DD-EE3C-4442-9BE9-1BAB2576E3FA}" = "NOMAD Explorer"

-> {HKLM...CLSID} = "NOMAD Explorer"

\InProcServer32\(Default) = "C:\Program Files\Creative\Creative Zen Touch\NOMAD Explorer\CTJBNS.DLL" ["Creative Technology Ltd"]

"{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}" = "PowerISO"

-> {HKLM...CLSID} = "PowerISO"

\InProcServer32\(Default) = "C:\Program Files\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."]

"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"

-> {HKLM...CLSID} = "iTunes"

\InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\

<<!>> "{FED51DF2-9644-4C58-9104-90244EDD6EEC}" = "*_" (unwritable string)

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\WINDOWS\system32\hggghgd.dll" [null data]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\

<<!>> hggghgd\DLLName = "hggghgd.dll" [null data]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

MagicISO\(Default) = "{DB85C504-C730-49DD-BEC1-7B39C6103B7A}"

-> {HKLM...CLSID} = "MShellExtMenu Class"

\InProcServer32\(Default) = "C:\Program Files\MagicISO\misosh.dll" ["MagicISO, Inc."]

PowerISO\(Default) = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}"

-> {HKLM...CLSID} = "PowerISO"

\InProcServer32\(Default) = "C:\Program Files\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

MagicISO\(Default) = "{DB85C504-C730-49DD-BEC1-7B39C6103B7A}"

-> {HKLM...CLSID} = "MShellExtMenu Class"

\InProcServer32\(Default) = "C:\Program Files\MagicISO\misosh.dll" ["MagicISO, Inc."]

PowerISO\(Default) = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}"

-> {HKLM...CLSID} = "PowerISO"

\InProcServer32\(Default) = "C:\Program Files\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

MagicISO\(Default) = "{DB85C504-C730-49DD-BEC1-7B39C6103B7A}"

-> {HKLM...CLSID} = "MShellExtMenu Class"

\InProcServer32\(Default) = "C:\Program Files\MagicISO\misosh.dll" ["MagicISO, Inc."]

PowerISO\(Default) = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}"

-> {HKLM...CLSID} = "PowerISO"

\InProcServer32\(Default) = "C:\Program Files\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

Group Policies {GPedit.msc branch and setting}:

-----------------------------------------------

Note: detected settings may not have any effect.

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) dword:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Devices: Allow undock without having to log on}

Active Desktop and Wallpaper:

-----------------------------

Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"

Enabled Screen Saver:

---------------------

HKCU\Control Panel\Desktop\

"SCRNSAVE.EXE" = "C:\WINDOWS\Install.scr" ["MacSourcery"]

Startup items in "Administrator" & "All Users" startup folders:

---------------------------------------------------------------

C:\Documents and Settings\Administrator\Menu Start\Programy\Autostart

<<!>> "ctfmon.exe" [null data]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart

"Adobe Gamma Loader" -> shortcut to: "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]

"Device Detector 3" -> shortcut to: "C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe" ["OLYMPUS IMAGING CORP."]

"HP Digital Imaging Monitor" -> shortcut to: "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" ["Hewlett-Packard Co."]

"Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l" [MS]

Enabled Scheduled Tasks:

------------------------

"AppleSoftwareUpdate" -> launches: "C:\Program Files\Apple Software Update\SoftwareUpdate.exe -task" ["Apple Inc."]

Winsock2 Service Provider DLLs:

-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000004\LibraryPath = "C:\Program Files\Bonjour\mdnsNSP.dll" ["Apple Computer, Inc."]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

Toolbars, Explorer Bars, Extensions:

------------------------------------

Toolbars

HKLM\Software\Microsoft\Internet Explorer\Toolbar\

"{517BDDE4-E3A7-4570-B21E-2B52B6139FC7}" = (no title provided)

-> {HKLM...CLSID} = "Contribute Toolbar"

\InProcServer32\(Default) = "C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll" ["Adobe Systems Incorporated."]

Explorer Bars

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\

HKLM\Software\Classes\CLSID\{E7A829CC-671F-4C3D-B590-8C0AEA72E6B2}\(Default) = "BitComet Button"

Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]

InProcServer32\(Default) = "C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll" ["BitComet"]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\

"MenuText" = "Sun Java Console"

"CLSIDExtension" = "{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}"

-> {HKCU...CLSID} = "Java Plug-in 1.6.0_03"

\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."]

-> {HKLM...CLSID} = "Java Plug-in 1.6.0_03"

\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll" ["Sun Microsystems, Inc."]

{461CC20B-FB6E-4F16-8FE8-C29359DB100E}\

"ButtonText" = "BitComet Search"

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\

"MenuText" = "Spybot - Search & Destroy Configuration"

"CLSIDExtension" = "{53707962-6F74-2D53-2644-206D7942484F}"

-> {HKLM...CLSID} = "Spybot-S&D IE Protection"

\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\

"ButtonText" = "Messenger"

"MenuText" = "Windows Messenger"

"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]

Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------

##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##, Bonjour Service, ""C:\Program Files\Bonjour\mDNSResponder.exe"" ["Apple Computer, Inc."]

GhostStartService, GhostStartService, "C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe" ["Symantec Corporation"]

NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]

Sygate Personal Firewall, SmcService, "C:\Program Files\Sygate\SPF\smc.exe" ["Sygate Technologies, Inc."]

Urządzenie mobilne Apple, Apple Mobile Device, ""C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"" ["Apple, Inc."]

Usługa iPod, iPod Service, ""C:\Program Files\iPod\bin\iPodService.exe"" ["Apple Inc."]

Print Monitors:

---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\

HP Standard TCP/IP Port\Driver = "HpTcpMon.dll" ["Hewlett Packard"]

hpzlnt12\Driver = "hpzlnt12.dll" ["HP"]

---------- (launch time: 2007-12-04 17:10:26)

<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

launch it from a command prompt or a shortcut with the -all parameter.

+ To search all directories of local fixed drives for DESKTOP.INI

DLL launch points, use the -supp parameter or answer "No" at the

first message box and "Yes" at the second message box.

---------- (total run time: 31 seconds, including 18 seconds for message boxes

combofix:

ComboFix 07-12-02.6 - Administrator 2007-12-04 17:14:30.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1152 [GMT 1:00]

Running from: C:\Documents and Settings\Administrator\Pulpit\ComboFix.exe

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Autorun.inf

C:\WINDOWS\install.exe

C:\WINDOWS\system32\lmllm.ini

C:\WINDOWS\system32\lmllm.ini2

C:\WINDOWS\system32\mllml.dll

D:\Autorun.inf

E:\Autorun.inf

.

((((((((((((((((((((((((( Files Created from 2007-11-04 to 2007-12-04 )))))))))))))))))))))))))))))))

.

2007-12-04 17:02 . 2007-12-04 17:02 <DIR> d-------- C:\Program Files\Trend Micro

2007-12-04 16:34 . 2007-12-04 16:34 37,888 --a------ C:\WINDOWS\system32\hggghgd.dll

2007-12-04 16:34 . 2007-12-04 16:34 22,528 --a------ C:\WINDOWS\system32\wineij32.dll

2007-12-04 16:29 . 2007-12-04 16:29 <DIR> d-------- C:\Program Files\Sonic Foundry

2007-12-04 16:29 . 2001-10-19 15:40 1,683,792 --a------ C:\WINDOWS\system32\wmvcore2.dll

2007-12-04 16:29 . 2001-10-19 15:40 665,424 --a------ C:\WINDOWS\system32\wmv8dmoe.dll

2007-12-04 16:29 . 2002-10-09 13:21 566,272 --a------ C:\WINDOWS\system32\wmvdmoe.dll

2007-12-04 16:29 . 2001-10-19 15:40 438,608 --a------ C:\WINDOWS\system32\wmv8dmod.dll

2007-12-04 16:29 . 2001-10-19 03:05 285,184 --a------ C:\WINDOWS\system32\wmidx2.ocx

2007-12-04 16:29 . 2007-12-04 16:29 156,910 --a------ C:\WINDOWS\WMSysPr8.prx

2007-12-04 16:28 . 2007-12-04 16:28 <DIR> d-------- C:\Program Files\Sonic Foundry Setup

2007-11-30 19:31 . 2007-11-30 19:46 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy

2007-11-27 17:56 . 2007-11-27 17:56 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Image Zone Express

2007-11-27 17:55 . 2007-11-27 17:55 <DIR> d---s---- C:\Documents and Settings\Administrator\UserData

2007-11-27 17:52 . 2007-11-27 17:52 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\HP

2007-11-27 17:51 . 2007-11-27 17:51 <DIR> d-------- C:\Program Files\Common Files\HP

2007-11-27 17:50 . 2007-11-27 17:50 <DIR> d-------- C:\Program Files\Hewlett-Packard

2007-11-27 17:49 . 2007-11-27 17:49 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard

2007-11-27 17:48 . 2005-03-08 05:43 51,120 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys

2007-11-27 17:48 . 2005-03-08 05:43 21,744 -ra------ C:\WINDOWS\system32\drivers\HPZius12.sys

2007-11-27 17:48 . 2005-03-08 05:43 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys

2007-11-27 17:47 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys

2007-11-27 17:47 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys

2007-11-27 17:44 . 2004-09-29 12:12 278,584 --a------ C:\WINDOWS\system32\HPZidr12.dll

2007-11-27 17:44 . 2004-09-29 12:15 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll

2007-11-27 17:44 . 2004-09-29 12:09 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll

2007-11-27 17:44 . 2004-09-29 12:14 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe

2007-11-27 17:44 . 2004-09-29 12:08 61,440 --a------ C:\WINDOWS\system32\HPZinw12.exe

2007-11-27 17:44 . 2004-09-29 12:09 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll

2007-11-27 17:42 . 2007-11-27 17:51 <DIR> d-------- C:\Program Files\HP

2007-11-27 17:42 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys

2007-11-27 17:42 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys

2007-11-27 17:42 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys

2007-11-27 17:42 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys

2007-11-27 17:41 . 2007-11-27 17:52 113,547 --a------ C:\WINDOWS\hpoins07.dat

2007-11-27 17:41 . 2005-05-24 09:22 21,124 --------- C:\WINDOWS\hpomdl07.dat

2007-11-27 17:37 . 2007-11-27 17:54 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\HP

2007-11-27 16:25 . 2007-11-27 16:25 <DIR> d-------- C:\Program Files\TVAnts

2007-11-26 00:17 . 2007-11-26 00:17 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\FLEXnet

2007-11-26 00:10 . 2007-11-26 00:10 <DIR> d-------- C:\Program Files\Common Files\Control Panels

2007-11-25 23:21 . 2007-02-20 16:04 2,463,976 --a------ C:\WINDOWS\system32\NPSWF32.dll

2007-11-25 23:21 . 2007-02-20 16:04 190,696 --a------ C:\WINDOWS\system32\NPSWF32_FlashUtil.exe

2007-11-25 23:03 . 2007-11-25 23:03 <DIR> d-------- C:\Program Files\Bonjour

2007-11-25 22:54 . 2007-11-25 22:54 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared

2007-11-22 13:09 . 2007-11-22 13:09 <DIR> d-------- C:\Documents and Settings\Administrator\imapa

2007-11-21 22:10 . 2007-11-21 22:10 <DIR> d-------- C:\Program Files\SopCast

2007-11-17 09:52 . 2007-11-17 09:53 <DIR> d-------- C:\Program Files\iTunes

2007-11-17 09:52 . 2007-11-17 09:52 <DIR> d-------- C:\Program Files\iPod

2007-11-17 09:51 . 2007-11-17 09:52 <DIR> d-------- C:\Program Files\QuickTime

2007-11-17 09:50 . 2007-11-17 09:50 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE

2007-11-17 09:49 . 2007-11-17 09:49 <DIR> d-------- C:\Program Files\Common Files\Apple

2007-11-14 23:43 . 2007-11-14 23:43 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx

2007-11-14 23:43 . 2007-11-14 23:43 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts

2007-11-14 20:48 . 2007-11-14 20:48 <DIR> d-------- C:\Program Files\PowerISO

2007-11-12 17:04 . 2007-11-12 17:04 <DIR> d-------- C:\WINDOWS\Sun

2007-11-12 17:04 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl

2007-11-12 17:03 . 2007-11-12 17:04 <DIR> d-------- C:\Program Files\Java

2007-11-12 17:01 . 2007-11-12 17:01 <DIR> d-------- C:\Program Files\Common Files\Java

2007-11-11 00:44 . 2007-11-14 22:00 <DIR> d-------- C:\Program Files\MagicISO

2007-11-11 00:39 . 2007-11-11 00:41 98,304 --a------ C:\WINDOWS\system32\SoftAheadCert.dll

2007-11-10 13:30 . 2007-11-10 13:30 325,308 --a------ C:\WINDOWS\Install.scr

2007-11-10 13:30 . 2007-11-10 13:30 29,696 --a------ C:\WINDOWS\mickey32.dll

2007-11-09 11:05 . 2007-11-17 09:53 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Apple Computer

2007-11-09 10:56 . 2007-11-09 10:56 <DIR> d-------- C:\Program Files\Apple Software Update

2007-11-09 10:56 . 2007-11-09 10:56 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Apple

2007-11-08 20:08 . 2007-12-04 17:20 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2007-11-08 20:08 . 2007-11-08 20:08 1,409 --a------ C:\WINDOWS\QTFont.for

2007-11-08 09:44 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys

2007-11-07 20:42 . 2007-12-02 20:42 1,833 --a------ C:\WINDOWS\bestplayer.ini

2007-11-07 20:42 . 2007-12-02 20:42 1,129 --a------ C:\WINDOWS\bestplayer.bbt

2007-11-07 20:42 . 2007-12-02 20:42 83 --a------ C:\WINDOWS\bestplayer.bpp

2007-11-07 20:38 . 2007-11-28 18:14 69 --a------ C:\WINDOWS\NeroDigital.ini

2007-11-07 16:14 . 2005-07-30 21:00 114,688 --a------ C:\WINDOWS\system32\OdiOlDVR.dll

2007-11-07 16:14 . 2005-07-30 21:14 86,016 --a------ C:\WINDOWS\system32\STRDEVAPI.dll

2007-11-07 16:14 . 2006-04-07 17:05 73,728 --a------ C:\WINDOWS\system32\VNUSB.dll

2007-11-07 16:14 . 2003-06-13 17:49 73,728 --a------ C:\WINDOWS\system32\DW90USB.DLL

2007-11-07 16:14 . 2004-06-21 10:14 53,248 --a------ C:\WINDOWS\system32\OdiAPI.dll

2007-11-07 16:14 . 2001-04-09 19:17 39,096 --a------ C:\WINDOWS\system32\drivers\DW90USB.SYS

2007-11-07 16:14 . 2006-04-07 17:06 38,496 --a------ C:\WINDOWS\system32\drivers\VNUSB.sys

2007-11-07 16:13 . 2007-11-07 16:14 <DIR> d-------- C:\Program Files\Olympus

2007-11-07 16:09 . 2007-11-07 16:11 <DIR> d-------- C:\Program Files\Creative

2007-11-07 15:56 . 2007-11-07 15:56 <DIR> d-------- C:\Program Files\Symantec

2007-11-07 15:56 . 2007-11-07 15:56 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared

2007-11-07 15:56 . 2007-11-07 15:57 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Symantec

2007-11-07 15:56 . 2007-11-07 15:56 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Symantec

2007-11-07 15:56 . 2002-08-14 15:03 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL

2007-11-07 15:56 . 2002-08-14 15:03 17,005 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS

2007-11-07 15:56 . 2002-08-14 15:03 5,600 --a------ C:\WINDOWS\system\WINASPI.DLL

2007-11-07 15:56 . 2002-08-14 15:03 4,672 --a------ C:\WINDOWS\system\WOWPOST.EXE

2007-11-07 15:48 . 2007-11-07 15:48 <DIR> d-------- C:\Program Files\SoundFonts.it

2007-11-07 15:48 . 2007-11-07 15:48 796,672 --a------ C:\WINDOWS\GPInstall.exe

2007-11-07 15:45 . 2007-11-07 15:45 <DIR> d-------- C:\Program Files\V-Station

2007-11-07 15:45 . 2007-11-07 15:45 <DIR> d-------- C:\Program Files\Cubase VST32

2007-11-07 15:43 . 2007-11-07 15:43 <DIR> d-------- C:\Program Files\Pro-53

2007-11-07 15:42 . 1996-08-19 05:01 229,376 --a------ C:\WINDOWS\system32\CW3220.DLL

2007-11-07 15:42 . 1998-04-21 01:49 20,992 --a------ C:\WINDOWS\system32\UNDERFLW.DLL

2007-11-07 15:42 . 1997-02-01 18:10 11,910 --a------ C:\WINDOWS\system32\GENMIDI.DLL

2007-11-07 15:40 . 2007-11-07 15:42 <DIR> d-------- C:\Program Files\Native Instruments

2007-11-07 15:35 . 2007-11-07 15:35 <DIR> d-------- C:\Program Files\iZotope

2007-11-07 15:35 . 2003-09-04 10:02 311,295 --a------ C:\WINDOWS\LOOP.exe

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-11-25 23:12 --------- d-----w C:\Program Files\Common Files\Adobe

2007-11-07 15:14 --------- d--h--w C:\Program Files\InstallShield Installation Information

2007-11-07 14:45 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard

2007-11-07 12:46 --------- d-----w C:\Program Files\Gadu-Gadu

2007-11-07 12:45 --------- d-----w C:\Program Files\Sygate

2007-11-07 12:45 --------- d-----w C:\Program Files\Foxit Software

2007-11-07 12:22 --------- d-----w C:\Program Files\Common Files\Nero

2007-11-07 12:21 --------- d-----w C:\Program Files\Common Files\Ahead

2007-11-07 12:21 --------- d-----w C:\Program Files\Ahead

2007-11-07 12:02 --------- d-----w C:\Program Files\Common Files\InstallShield

2007-11-07 11:59 --------- d-----w C:\Program Files\VDOTool

2007-11-07 11:58 --------- d-----w C:\Program Files\Intel

2007-11-07 11:56 --------- d-----w C:\Program Files\Realtek

2007-11-07 11:49 --------- d-----w C:\Program Files\microsoft frontpage

2007-11-07 11:46 --------- d-----w C:\Program Files\Usługi online

2006-06-23 06:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FED51DF2-9644-4C58-9104-90244EDD6EEC}]

2007-12-04 16:34 37888 --a------ C:\WINDOWS\system32\hggghgd.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-07-09 08:39]

"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"JMB36X IDE Setup"="C:\WINDOWS\JM\JMInsIDE.exe" [2006-10-30 13:44]

"JMB36X Configure"="C:\WINDOWS\system32\JMRaidSetup.exe" [2006-10-30 13:44]

"Gainward"="C:\Program Files\VDOTool\TBPanel.exe" [2007-06-26 14:58]

"NvCplDaemon"="RUNDLL32.exe" [2004-08-03 23:44 C:\WINDOWS\system32\rundll32.exe]

"nwiz"="nwiz.exe" [2007-07-23 03:34 C:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="RUNDLL32.exe" [2004-08-03 23:44 C:\WINDOWS\system32\rundll32.exe]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]

"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40]

"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-10-04 04:59]

"GhostStartTrayApp"="C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe" [2002-08-14 15:21]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]

"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-08-07 01:05]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-11-14 23:43]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11]

"Adobe_ID0EYTHM"="C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 16:40]

"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:44]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\

Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-11-07 13:58:00]

Device Detector 3.lnk - C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe [2007-11-07 16:14:48]

HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26]

Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{FED51DF2-9644-4C58-9104-90244EDD6EEC}"= C:\WINDOWS\system32\hggghgd.dll [2007-12-04 16:34 37888]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hggghgd]

hggghgd.dll 2007-12-04 16:34 37888 C:\WINDOWS\system32\hggghgd.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\mllml.dll

R1 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys

R1 GhPciScan;GhostPciScanner;\??\C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys

S3 VNUSB;VN Series Device;C:\WINDOWS\system32\DRIVERS\VNUSB.sys

.

Contents of the 'Scheduled Tasks' folder

"2007-11-17 06:53:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

.

**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-12-04 17:20:16

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************

.

Completion time: 2007-12-04 17:21:52 - machine was rebooted

.

--- E O F ---

z góry wielkie dzięki

Kamix
komentarz
komentarz

Ja proponuje zmienić przeglądarkę na Firefoxa albo Operę.

lukasz sz
komentarz
komentarz
Ja proponuje zmienić przeglądarkę na Firefoxa albo Operę.

używam firefoxa. dzięki za odp

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.