lukasz sz utworzono 4 grudnia 2007 utworzono 4 grudnia 2007 trojan pochodzący najprawdopodobniej z pendrive`a Hijack: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:06:30, on 2007-12-04 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Sygate\SPF\smc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\VDOTool\TBPanel.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Winamp\winampa.exe C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\PowerISO\PWRISOVM.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Documents and Settings\Administrator\Menu Start\Programy\Autostart\ctfmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.i.com.ua/~video/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidSetup.exe boot O4 - HKLM\..\Run: [Gainward] C:\Program Files\VDOTool\TBPanel.exe /A O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [smcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\RunOnce: [sfMsiSetup] E:\PROGRAM\ACIDPR~1.EXE --run C:\PROGRA~1\SONICF~1\ACID4~1.0\ --nosetup O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: ctfmon.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe O23 - Service: Urządzenie mobilne Apple (Apple Mobile Device) - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe O23 - Service: Usługa iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe -- End of file - 7128 bytes Silent Runners: "Silent Runners.vbs", revision 53, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "Gadu-Gadu" = ""C:\Program Files\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu S.A."] "SpybotSD TeaTimer" = "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" ["Safer Networking Limited"] HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\ {++} "SfMsiSetup" = "E:\PROGRAM\ACIDPR~1.EXE --run C:\PROGRA~1\SONICF~1\ACID4~1.0\ --nosetup" ["Sonic Foundry, Inc."] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "JMB36X IDE Setup" = "C:\WINDOWS\JM\JMInsIDE.exe" [null data] "JMB36X Configure" = "C:\WINDOWS\system32\JMRaidSetup.exe boot" ["JMicron Technology Corp."] "Gainward" = "C:\Program Files\VDOTool\TBPanel.exe /A" ["Palit Microsystems, Inc."] "NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS] "nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"] "NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS] "NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"] "SmcService" = "C:\PROGRA~1\Sygate\SPF\smc.exe -startgui" ["Sygate Technologies, Inc."] "WinampAgent" = ""C:\Program Files\Winamp\winampa.exe"" [null data] "GhostStartTrayApp" = "C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe" ["Symantec Corporation"] "SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"" ["Sun Microsystems, Inc."] "PWRISOVM.EXE" = "C:\Program Files\PowerISO\PWRISOVM.EXE" ["PowerISO Computing, Inc."] "QuickTime Task" = ""C:\Program Files\QuickTime\QTTask.exe" -atboottime" ["Apple Inc."] "iTunesHelper" = ""C:\Program Files\iTunes\iTunesHelper.exe"" ["Apple Inc."] "Adobe_ID0EYTHM" = "C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" ["Adobe Systems Incorporated"] "HP Software Update" = "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" ["Hewlett-Packard Co."] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {074C1DC5-9320-4A9A-947D-C042949C6216}\(Default) = (no title provided) -> {HKLM...CLSID} = "ContributeBHO Class" \InProcServer32\(Default) = "C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll" ["Adobe Systems Incorporated."] {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}\(Default) = "BitComet ClickCapture" -> {HKLM...CLSID} = "BitComet Helper" \InProcServer32\(Default) = "C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll" ["BitComet"] {53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided) -> {HKLM...CLSID} = "Spybot-S&D IE Protection" \InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"] {740FE5FB-65F1-46C5-9E54-A19C8A8D7AC2}\(Default) = (no title provided) -> {HKLM...CLSID} = "SACert Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\SoftAheadCert.dll" ["SoftAhead Inc."] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = "SSVHelper Class" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."] {EB76AA45-D0CA-46B8-922A-9DBD34148310}\(Default) = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\mllml.dll" [null data] {FED51DF2-9644-4C58-9104-90244EDD6EEC}\(Default) = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\hggghgd.dll" [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania" -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."] "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class" -> {HKLM...CLSID} = "DesktopContext Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper" -> {HKLM...CLSID} = "NVIDIA CPL Extension" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer" -> {HKLM...CLSID} = "Desktop Explorer" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu" -> {HKLM...CLSID} = "nView Desktop Context Menu" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook" \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL" [MS] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] "{57C51AF9-DEF7-11D3-A801-00C04F163490}" = "Ghost Shell Extension" -> {HKLM...CLSID} = "PropPage Class" \InProcServer32\(Default) = "C:\Program Files\Symantec\Norton Ghost 2003\GhoShExt.dll" ["Symantec Corporation"] "{A68865DD-EE3C-4442-9BE9-1BAB2576E3FA}" = "NOMAD Explorer" -> {HKLM...CLSID} = "NOMAD Explorer" \InProcServer32\(Default) = "C:\Program Files\Creative\Creative Zen Touch\NOMAD Explorer\CTJBNS.DLL" ["Creative Technology Ltd"] "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}" = "PowerISO" -> {HKLM...CLSID} = "PowerISO" \InProcServer32\(Default) = "C:\Program Files\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."] "{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes" -> {HKLM...CLSID} = "iTunes" \InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Inc."] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ <<!>> "{FED51DF2-9644-4C58-9104-90244EDD6EEC}" = "*_" (unwritable string) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\hggghgd.dll" [null data] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <<!>> hggghgd\DLLName = "hggghgd.dll" [null data] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ MagicISO\(Default) = "{DB85C504-C730-49DD-BEC1-7B39C6103B7A}" -> {HKLM...CLSID} = "MShellExtMenu Class" \InProcServer32\(Default) = "C:\Program Files\MagicISO\misosh.dll" ["MagicISO, Inc."] PowerISO\(Default) = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}" -> {HKLM...CLSID} = "PowerISO" \InProcServer32\(Default) = "C:\Program Files\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ MagicISO\(Default) = "{DB85C504-C730-49DD-BEC1-7B39C6103B7A}" -> {HKLM...CLSID} = "MShellExtMenu Class" \InProcServer32\(Default) = "C:\Program Files\MagicISO\misosh.dll" ["MagicISO, Inc."] PowerISO\(Default) = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}" -> {HKLM...CLSID} = "PowerISO" \InProcServer32\(Default) = "C:\Program Files\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ MagicISO\(Default) = "{DB85C504-C730-49DD-BEC1-7B39C6103B7A}" -> {HKLM...CLSID} = "MShellExtMenu Class" \InProcServer32\(Default) = "C:\Program Files\MagicISO\misosh.dll" ["MagicISO, Inc."] PowerISO\(Default) = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}" -> {HKLM...CLSID} = "PowerISO" \InProcServer32\(Default) = "C:\Program Files\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ "shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp" Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp" Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ "SCRNSAVE.EXE" = "C:\WINDOWS\Install.scr" ["MacSourcery"] Startup items in "Administrator" & "All Users" startup folders: --------------------------------------------------------------- C:\Documents and Settings\Administrator\Menu Start\Programy\Autostart <<!>> "ctfmon.exe" [null data] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart "Adobe Gamma Loader" -> shortcut to: "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."] "Device Detector 3" -> shortcut to: "C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe" ["OLYMPUS IMAGING CORP."] "HP Digital Imaging Monitor" -> shortcut to: "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" ["Hewlett-Packard Co."] "Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l" [MS] Enabled Scheduled Tasks: ------------------------ "AppleSoftwareUpdate" -> launches: "C:\Program Files\Apple Software Update\SoftwareUpdate.exe -task" ["Apple Inc."] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000004\LibraryPath = "C:\Program Files\Bonjour\mdnsNSP.dll" ["Apple Computer, Inc."] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKLM\Software\Microsoft\Internet Explorer\Toolbar\ "{517BDDE4-E3A7-4570-B21E-2B52B6139FC7}" = (no title provided) -> {HKLM...CLSID} = "Contribute Toolbar" \InProcServer32\(Default) = "C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll" ["Adobe Systems Incorporated."] Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ HKLM\Software\Classes\CLSID\{E7A829CC-671F-4C3D-B590-8C0AEA72E6B2}\(Default) = "BitComet Button" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll" ["BitComet"] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ "MenuText" = "Sun Java Console" "CLSIDExtension" = "{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}" -> {HKCU...CLSID} = "Java Plug-in 1.6.0_03" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."] -> {HKLM...CLSID} = "Java Plug-in 1.6.0_03" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll" ["Sun Microsystems, Inc."] {461CC20B-FB6E-4F16-8FE8-C29359DB100E}\ "ButtonText" = "BitComet Search" {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\ "MenuText" = "Spybot - Search & Destroy Configuration" "CLSIDExtension" = "{53707962-6F74-2D53-2644-206D7942484F}" -> {HKLM...CLSID} = "Spybot-S&D IE Protection" \InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"] {FB5F1910-F110-11D2-BB9E-00C04F795683}\ "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##, Bonjour Service, ""C:\Program Files\Bonjour\mDNSResponder.exe"" ["Apple Computer, Inc."] GhostStartService, GhostStartService, "C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe" ["Symantec Corporation"] NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"] Sygate Personal Firewall, SmcService, "C:\Program Files\Sygate\SPF\smc.exe" ["Sygate Technologies, Inc."] Urządzenie mobilne Apple, Apple Mobile Device, ""C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"" ["Apple, Inc."] Usługa iPod, iPod Service, ""C:\Program Files\iPod\bin\iPodService.exe"" ["Apple Inc."] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ HP Standard TCP/IP Port\Driver = "HpTcpMon.dll" ["Hewlett Packard"] hpzlnt12\Driver = "hpzlnt12.dll" ["HP"] ---------- (launch time: 2007-12-04 17:10:26) <<!>>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer "No" at the first message box and "Yes" at the second message box. ---------- (total run time: 31 seconds, including 18 seconds for message boxes combofix: ComboFix 07-12-02.6 - Administrator 2007-12-04 17:14:30.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1152 [GMT 1:00] Running from: C:\Documents and Settings\Administrator\Pulpit\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Autorun.inf C:\WINDOWS\install.exe C:\WINDOWS\system32\lmllm.ini C:\WINDOWS\system32\lmllm.ini2 C:\WINDOWS\system32\mllml.dll D:\Autorun.inf E:\Autorun.inf . ((((((((((((((((((((((((( Files Created from 2007-11-04 to 2007-12-04 ))))))))))))))))))))))))))))))) . 2007-12-04 17:02 . 2007-12-04 17:02 <DIR> d-------- C:\Program Files\Trend Micro 2007-12-04 16:34 . 2007-12-04 16:34 37,888 --a------ C:\WINDOWS\system32\hggghgd.dll 2007-12-04 16:34 . 2007-12-04 16:34 22,528 --a------ C:\WINDOWS\system32\wineij32.dll 2007-12-04 16:29 . 2007-12-04 16:29 <DIR> d-------- C:\Program Files\Sonic Foundry 2007-12-04 16:29 . 2001-10-19 15:40 1,683,792 --a------ C:\WINDOWS\system32\wmvcore2.dll 2007-12-04 16:29 . 2001-10-19 15:40 665,424 --a------ C:\WINDOWS\system32\wmv8dmoe.dll 2007-12-04 16:29 . 2002-10-09 13:21 566,272 --a------ C:\WINDOWS\system32\wmvdmoe.dll 2007-12-04 16:29 . 2001-10-19 15:40 438,608 --a------ C:\WINDOWS\system32\wmv8dmod.dll 2007-12-04 16:29 . 2001-10-19 03:05 285,184 --a------ C:\WINDOWS\system32\wmidx2.ocx 2007-12-04 16:29 . 2007-12-04 16:29 156,910 --a------ C:\WINDOWS\WMSysPr8.prx 2007-12-04 16:28 . 2007-12-04 16:28 <DIR> d-------- C:\Program Files\Sonic Foundry Setup 2007-11-30 19:31 . 2007-11-30 19:46 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy 2007-11-27 17:56 . 2007-11-27 17:56 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Image Zone Express 2007-11-27 17:55 . 2007-11-27 17:55 <DIR> d---s---- C:\Documents and Settings\Administrator\UserData 2007-11-27 17:52 . 2007-11-27 17:52 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\HP 2007-11-27 17:51 . 2007-11-27 17:51 <DIR> d-------- C:\Program Files\Common Files\HP 2007-11-27 17:50 . 2007-11-27 17:50 <DIR> d-------- C:\Program Files\Hewlett-Packard 2007-11-27 17:49 . 2007-11-27 17:49 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard 2007-11-27 17:48 . 2005-03-08 05:43 51,120 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys 2007-11-27 17:48 . 2005-03-08 05:43 21,744 -ra------ C:\WINDOWS\system32\drivers\HPZius12.sys 2007-11-27 17:48 . 2005-03-08 05:43 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys 2007-11-27 17:47 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys 2007-11-27 17:47 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys 2007-11-27 17:44 . 2004-09-29 12:12 278,584 --a------ C:\WINDOWS\system32\HPZidr12.dll 2007-11-27 17:44 . 2004-09-29 12:15 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll 2007-11-27 17:44 . 2004-09-29 12:09 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll 2007-11-27 17:44 . 2004-09-29 12:14 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe 2007-11-27 17:44 . 2004-09-29 12:08 61,440 --a------ C:\WINDOWS\system32\HPZinw12.exe 2007-11-27 17:44 . 2004-09-29 12:09 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll 2007-11-27 17:42 . 2007-11-27 17:51 <DIR> d-------- C:\Program Files\HP 2007-11-27 17:42 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys 2007-11-27 17:42 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys 2007-11-27 17:42 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys 2007-11-27 17:42 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys 2007-11-27 17:41 . 2007-11-27 17:52 113,547 --a------ C:\WINDOWS\hpoins07.dat 2007-11-27 17:41 . 2005-05-24 09:22 21,124 --------- C:\WINDOWS\hpomdl07.dat 2007-11-27 17:37 . 2007-11-27 17:54 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\HP 2007-11-27 16:25 . 2007-11-27 16:25 <DIR> d-------- C:\Program Files\TVAnts 2007-11-26 00:17 . 2007-11-26 00:17 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\FLEXnet 2007-11-26 00:10 . 2007-11-26 00:10 <DIR> d-------- C:\Program Files\Common Files\Control Panels 2007-11-25 23:21 . 2007-02-20 16:04 2,463,976 --a------ C:\WINDOWS\system32\NPSWF32.dll 2007-11-25 23:21 . 2007-02-20 16:04 190,696 --a------ C:\WINDOWS\system32\NPSWF32_FlashUtil.exe 2007-11-25 23:03 . 2007-11-25 23:03 <DIR> d-------- C:\Program Files\Bonjour 2007-11-25 22:54 . 2007-11-25 22:54 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared 2007-11-22 13:09 . 2007-11-22 13:09 <DIR> d-------- C:\Documents and Settings\Administrator\imapa 2007-11-21 22:10 . 2007-11-21 22:10 <DIR> d-------- C:\Program Files\SopCast 2007-11-17 09:52 . 2007-11-17 09:53 <DIR> d-------- C:\Program Files\iTunes 2007-11-17 09:52 . 2007-11-17 09:52 <DIR> d-------- C:\Program Files\iPod 2007-11-17 09:51 . 2007-11-17 09:52 <DIR> d-------- C:\Program Files\QuickTime 2007-11-17 09:50 . 2007-11-17 09:50 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE 2007-11-17 09:49 . 2007-11-17 09:49 <DIR> d-------- C:\Program Files\Common Files\Apple 2007-11-14 23:43 . 2007-11-14 23:43 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx 2007-11-14 23:43 . 2007-11-14 23:43 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts 2007-11-14 20:48 . 2007-11-14 20:48 <DIR> d-------- C:\Program Files\PowerISO 2007-11-12 17:04 . 2007-11-12 17:04 <DIR> d-------- C:\WINDOWS\Sun 2007-11-12 17:04 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2007-11-12 17:03 . 2007-11-12 17:04 <DIR> d-------- C:\Program Files\Java 2007-11-12 17:01 . 2007-11-12 17:01 <DIR> d-------- C:\Program Files\Common Files\Java 2007-11-11 00:44 . 2007-11-14 22:00 <DIR> d-------- C:\Program Files\MagicISO 2007-11-11 00:39 . 2007-11-11 00:41 98,304 --a------ C:\WINDOWS\system32\SoftAheadCert.dll 2007-11-10 13:30 . 2007-11-10 13:30 325,308 --a------ C:\WINDOWS\Install.scr 2007-11-10 13:30 . 2007-11-10 13:30 29,696 --a------ C:\WINDOWS\mickey32.dll 2007-11-09 11:05 . 2007-11-17 09:53 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Apple Computer 2007-11-09 10:56 . 2007-11-09 10:56 <DIR> d-------- C:\Program Files\Apple Software Update 2007-11-09 10:56 . 2007-11-09 10:56 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Apple 2007-11-08 20:08 . 2007-12-04 17:20 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2007-11-08 20:08 . 2007-11-08 20:08 1,409 --a------ C:\WINDOWS\QTFont.for 2007-11-08 09:44 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys 2007-11-07 20:42 . 2007-12-02 20:42 1,833 --a------ C:\WINDOWS\bestplayer.ini 2007-11-07 20:42 . 2007-12-02 20:42 1,129 --a------ C:\WINDOWS\bestplayer.bbt 2007-11-07 20:42 . 2007-12-02 20:42 83 --a------ C:\WINDOWS\bestplayer.bpp 2007-11-07 20:38 . 2007-11-28 18:14 69 --a------ C:\WINDOWS\NeroDigital.ini 2007-11-07 16:14 . 2005-07-30 21:00 114,688 --a------ C:\WINDOWS\system32\OdiOlDVR.dll 2007-11-07 16:14 . 2005-07-30 21:14 86,016 --a------ C:\WINDOWS\system32\STRDEVAPI.dll 2007-11-07 16:14 . 2006-04-07 17:05 73,728 --a------ C:\WINDOWS\system32\VNUSB.dll 2007-11-07 16:14 . 2003-06-13 17:49 73,728 --a------ C:\WINDOWS\system32\DW90USB.DLL 2007-11-07 16:14 . 2004-06-21 10:14 53,248 --a------ C:\WINDOWS\system32\OdiAPI.dll 2007-11-07 16:14 . 2001-04-09 19:17 39,096 --a------ C:\WINDOWS\system32\drivers\DW90USB.SYS 2007-11-07 16:14 . 2006-04-07 17:06 38,496 --a------ C:\WINDOWS\system32\drivers\VNUSB.sys 2007-11-07 16:13 . 2007-11-07 16:14 <DIR> d-------- C:\Program Files\Olympus 2007-11-07 16:09 . 2007-11-07 16:11 <DIR> d-------- C:\Program Files\Creative 2007-11-07 15:56 . 2007-11-07 15:56 <DIR> d-------- C:\Program Files\Symantec 2007-11-07 15:56 . 2007-11-07 15:56 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared 2007-11-07 15:56 . 2007-11-07 15:57 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Symantec 2007-11-07 15:56 . 2007-11-07 15:56 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Symantec 2007-11-07 15:56 . 2002-08-14 15:03 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL 2007-11-07 15:56 . 2002-08-14 15:03 17,005 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS 2007-11-07 15:56 . 2002-08-14 15:03 5,600 --a------ C:\WINDOWS\system\WINASPI.DLL 2007-11-07 15:56 . 2002-08-14 15:03 4,672 --a------ C:\WINDOWS\system\WOWPOST.EXE 2007-11-07 15:48 . 2007-11-07 15:48 <DIR> d-------- C:\Program Files\SoundFonts.it 2007-11-07 15:48 . 2007-11-07 15:48 796,672 --a------ C:\WINDOWS\GPInstall.exe 2007-11-07 15:45 . 2007-11-07 15:45 <DIR> d-------- C:\Program Files\V-Station 2007-11-07 15:45 . 2007-11-07 15:45 <DIR> d-------- C:\Program Files\Cubase VST32 2007-11-07 15:43 . 2007-11-07 15:43 <DIR> d-------- C:\Program Files\Pro-53 2007-11-07 15:42 . 1996-08-19 05:01 229,376 --a------ C:\WINDOWS\system32\CW3220.DLL 2007-11-07 15:42 . 1998-04-21 01:49 20,992 --a------ C:\WINDOWS\system32\UNDERFLW.DLL 2007-11-07 15:42 . 1997-02-01 18:10 11,910 --a------ C:\WINDOWS\system32\GENMIDI.DLL 2007-11-07 15:40 . 2007-11-07 15:42 <DIR> d-------- C:\Program Files\Native Instruments 2007-11-07 15:35 . 2007-11-07 15:35 <DIR> d-------- C:\Program Files\iZotope 2007-11-07 15:35 . 2003-09-04 10:02 311,295 --a------ C:\WINDOWS\LOOP.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-25 23:12 --------- d-----w C:\Program Files\Common Files\Adobe 2007-11-07 15:14 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-11-07 14:45 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2007-11-07 12:46 --------- d-----w C:\Program Files\Gadu-Gadu 2007-11-07 12:45 --------- d-----w C:\Program Files\Sygate 2007-11-07 12:45 --------- d-----w C:\Program Files\Foxit Software 2007-11-07 12:22 --------- d-----w C:\Program Files\Common Files\Nero 2007-11-07 12:21 --------- d-----w C:\Program Files\Common Files\Ahead 2007-11-07 12:21 --------- d-----w C:\Program Files\Ahead 2007-11-07 12:02 --------- d-----w C:\Program Files\Common Files\InstallShield 2007-11-07 11:59 --------- d-----w C:\Program Files\VDOTool 2007-11-07 11:58 --------- d-----w C:\Program Files\Intel 2007-11-07 11:56 --------- d-----w C:\Program Files\Realtek 2007-11-07 11:49 --------- d-----w C:\Program Files\microsoft frontpage 2007-11-07 11:46 --------- d-----w C:\Program Files\Usługi online 2006-06-23 06:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FED51DF2-9644-4C58-9104-90244EDD6EEC}] 2007-12-04 16:34 37888 --a------ C:\WINDOWS\system32\hggghgd.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-07-09 08:39] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "JMB36X IDE Setup"="C:\WINDOWS\JM\JMInsIDE.exe" [2006-10-30 13:44] "JMB36X Configure"="C:\WINDOWS\system32\JMRaidSetup.exe" [2006-10-30 13:44] "Gainward"="C:\Program Files\VDOTool\TBPanel.exe" [2007-06-26 14:58] "NvCplDaemon"="RUNDLL32.exe" [2004-08-03 23:44 C:\WINDOWS\system32\rundll32.exe] "nwiz"="nwiz.exe" [2007-07-23 03:34 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="RUNDLL32.exe" [2004-08-03 23:44 C:\WINDOWS\system32\rundll32.exe] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50] "SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-10-04 04:59] "GhostStartTrayApp"="C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe" [2002-08-14 15:21] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11] "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-08-07 01:05] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-11-14 23:43] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11] "Adobe_ID0EYTHM"="C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 16:40] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:44] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-11-07 13:58:00] Device Detector 3.lnk - C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe [2007-11-07 16:14:48] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{FED51DF2-9644-4C58-9104-90244EDD6EEC}"= C:\WINDOWS\system32\hggghgd.dll [2007-12-04 16:34 37888] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hggghgd] hggghgd.dll 2007-12-04 16:34 37888 C:\WINDOWS\system32\hggghgd.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\mllml.dll R1 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys R1 GhPciScan;GhostPciScanner;\??\C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys S3 VNUSB;VN Series Device;C:\WINDOWS\system32\DRIVERS\VNUSB.sys . Contents of the 'Scheduled Tasks' folder "2007-11-17 06:53:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-04 17:20:16 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************** . Completion time: 2007-12-04 17:21:52 - machine was rebooted . --- E O F --- z góry wielkie dzięki
Kamix komentarz 4 grudnia 2007 komentarz 4 grudnia 2007 Ja proponuje zmienić przeglądarkę na Firefoxa albo Operę.
lukasz sz komentarz 4 grudnia 2007 Autor komentarz 4 grudnia 2007 Ja proponuje zmienić przeglądarkę na Firefoxa albo Operę. używam firefoxa. dzięki za odp
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.