Dziwne zachowanie instalatora sterowników grafiki i Spika

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:35, on 2008-05-02 Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\Ati2evxx.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\spoolsv.exe D:\WINDOWS\system32\Ati2evxx.exe D:\Program Files\Eset\nod32krn.exe D:\WINDOWS\system32\PnkBstrA.exe D:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe D:\WINDOWS\Explorer.EXE D:\Program Files\Eset\nod32kui.exe D:\WINDOWS\SOUNDMAN.EXE D:\Program Files\Skype\Phone\Skype.exe D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe D:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe D:\Program Files\DAEMON Tools Lite\daemon.exe D:\Program Files\Skype\Plugin Manager\skypePM.exe D:\Program Files\Spik\Spik.exe D:\Program Files\Mozilla Firefox\firefox.exe D:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.interia.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O4 - HKLM\..\Run: [nod32kui] "D:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe O4 - HKLM\..\Run: [Spik] D:\Program Files\Spik\Spik.exe -autostart O4 - HKLM\..\RunOnce: [spik.regtool] "D:\Program Files\Spik\regtool.exe" shellext_wpmsg.dll O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [AtiTrayTools] "D:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe" O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &Clean Traces - D:\Program Files\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - D:\Program Files\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - D:\Program Files\DAP\dapextie2.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wpmsg - {2E0AC5A0-3597-11D6-B3ED-0001021DC1C3} - D:\Program Files\Spik\url_wpmsg.dll O23 - Service: Adobe LM Service - Unknown owner - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (file missing) O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: IviRegMgr - InterVideo - D:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: NMIndexingService - Unknown owner - D:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe (file missing) O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:\Program Files\Eset\nod32krn.exe O23 - Service: PnkBstrA - Unknown owner - D:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - D:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- End of file - 6167 bytes Dziwne zachowanie polega na wyświetlaniu dziwnego komunikatu o błędzie(czerwone przekreślone kółko).Antywirus wykrył trojana w pliku svchost.exe w C:\WINDOWS\inf.

http://www.fotosik.pl/pokaz_obrazek/7cfe078b66494f87.html http://www.fotosik.pl/pokaz_obrazek/865178be9e80a2dd.html Zrobiłem dodatkowo próbę z innymi komunikatorami.GG działa poprawnie a WP Kontakt pokazuje dokładnie taki sam błąd. Dodatkowo lista błędów generowanych przez system: Błąd 2008-05-08 10:32:38 Service Control Manager Brak 7000 Brak DOM Nie można uruchomić usługi{95808DC4-FA4A-4c74-92FE-5B863F82066B} Z powodu nast.błędu.Nie można odnaleźć pliku. Błąd 2008-05-08 10:32:38 Service Control Manager Brak 7000 Brak DOM Nie można uruchomić usługi MainSrv.System nie może odnaleźć ścieżki. Błąd 2008-05-08 10:32:38 Service Control Manager Brak 7000 Brak DOM Nie można uruchomić usługi IviRegMgr.Nie można odnaleźć pliku. Błąd 2008-05-08 10:32:19 ati2mtag CRT 45062 Brak DOM CRT invalid display type. 7026 Nie można załadować sterowników startu rozruchowego lub systemowego Imapi 7000 Nie można uruchomić menadżera przekazywania.Konto podane dla tej usługi różni się od konta podanego dla innych usług działających w tym procesie. Nie można załadować usługi regi Nie można odnaleźć pliku.

mikus39

Dodano: 06.05.2008 14:55:07

Albo slepne na starość albo nie widze nic konkretnego .... Tu -> http://forum.centrumxp.pl/default.aspx?g=posts&t=156273 masz o tym jak screena wstawić - pokaz jak to wygląda.

Żółty

Dodano: 06.05.2008 13:17:10

A tak w szczegółach Spik uruchamia sie normalnie.Pobiera pocztę z kont itp.Problem pojawia sie w momencie otrzymania wiadomości.Po kliknięciu na dymek pojawia sie okienko z ikonka ComboFix.Po anulowaniu okienka pojawia sie okno rozmowy,ale nie ma treści wiadomości.To samo jest przy próbie wysłania.Wiadomość sie co prawda wysyła ale w oknie rozmowy jej nie widać.Nie widac też historii(archiwum)wiadomości.Przy intalatorze w momencie uruchomienia(dwuklik)pojawia sie ta sama ikona ComboFix tyle tylko że nad nią jest napis irsetup. ComboFix 08-05-01.1 - Jakub 2008-05-06 7:24:05.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.129 [GMT 2:00] Running from: D:\Documents and Settings\Jakub\Pulpit\Combo-Fix.exe * Resident AV is active [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . ((((((((((((((((((((((((( Files Created from 2008-04-06 to 2008-05-06 ))))))))))))))))))))))))))))))) . 2008-05-04 19:09 . 2008-05-04 19:09 d-------- D:\Program Files\Gadu-Gadu 2008-05-04 19:09 . 2008-05-04 19:09 d-------- D:\Documents and Settings\Jakub\Gadu-Gadu 2008-05-02 22:32 . 2008-05-02 22:32 128 --a------ D:\Documents and Settings\Jakub\CFScript.txt 2008-05-02 18:50 . 2004-08-04 01:27 1,896,400 --a------ D:\WINDOWS\system32\dllcache\nt5.cat 2008-05-02 18:49 . 2004-08-04 00:43 686,080 --a------ D:\WINDOWS\system32\advapi32.dll 2008-05-02 18:49 . 2004-08-04 00:44 624,128 --a------ D:\WINDOWS\system32\autoconv.exe 2008-05-02 18:49 . 2004-08-04 00:44 610,304 --a------ D:\WINDOWS\system32\autochk.exe 2008-05-02 17:51 . 2006-02-22 03:05 139,264 --a------ D:\WINDOWS\system32\atiprbxx.exe 2008-05-02 17:51 . 2004-09-30 17:17 135,168 --a------ D:\WINDOWS\system32\DIRECTX.CPL 2008-05-02 17:48 . 2004-02-23 20:42 1,386,496 --a------ D:\WINDOWS\system32\msvbvm60.dll 2008-05-01 13:25 . 2008-02-25 20:54 105,088 --a------ D:\WINDOWS\system32\drivers\Rtnicxp.sys 2008-05-01 13:06 . 2008-05-01 13:06 0 --a------ D:\WINDOWS\control.ini 2008-05-01 13:05 . 2008-05-01 13:05 749 -rah----- D:\WINDOWS\WindowsShell.Manifest 2008-05-01 13:05 . 2008-05-01 13:05 749 -rah----- D:\WINDOWS\system32\wuaucpl.cpl.manifest 2008-05-01 13:05 . 2008-05-01 13:05 749 -rah----- D:\WINDOWS\system32\sapi.cpl.manifest 2008-05-01 13:05 . 2008-05-01 13:05 749 -rah----- D:\WINDOWS\system32\nwc.cpl.manifest 2008-05-01 13:05 . 2008-05-01 13:05 749 -rah----- D:\WINDOWS\system32\ncpa.cpl.manifest 2008-05-01 13:05 . 2008-05-01 13:05 488 -rah----- D:\WINDOWS\system32\logonui.exe.manifest 2008-05-01 13:02 . 2001-07-22 02:36 65,832 --a------ D:\WINDOWS\Stiuk z Santa Fe.bmp 2008-05-01 13:02 . 2001-07-22 02:36 9,522 --a------ D:\WINDOWS\Indiaäski pled.bmp 2008-05-01 13:02 . 2001-07-22 02:36 1,272 --a------ D:\WINDOWS\Niebieska koronka 16.bmp 2008-05-01 10:48 . 2001-10-26 21:29 24,661 --a------ D:\WINDOWS\system32\spxcoins.dll 2008-05-01 10:48 . 2001-10-26 21:29 13,312 --a------ D:\WINDOWS\system32\irclass.dll 2008-05-01 10:47 . 2004-08-04 01:27 1,086,058 -ra------ D:\WINDOWS\SET9D.tmp 2008-05-01 10:47 . 2004-08-04 01:32 1,014,483 -ra------ D:\WINDOWS\SET9A.tmp 2008-05-01 10:47 . 2001-10-27 15:34 808,524 --a--c--- D:\WINDOWS\system32\dllcache\NT5IIS.CAT 2008-05-01 10:47 . 2001-10-27 15:34 399,670 --a--c--- D:\WINDOWS\system32\dllcache\MAPIMIG.CAT 2008-05-01 10:47 . 2001-10-27 15:34 37,509 --a--c--- D:\WINDOWS\system32\dllcache\MW770.CAT 2008-05-01 10:47 . 2004-08-04 01:26 14,043 -ra------ D:\WINDOWS\SETA9.tmp 2008-05-01 10:47 . 2001-10-27 15:34 13,497 --a--c--- D:\WINDOWS\system32\dllcache\HPCRDP.CAT 2008-05-01 10:47 . 2001-10-27 15:34 8,599 --a--c--- D:\WINDOWS\system32\dllcache\IASNT4.CAT 2008-05-01 10:47 . 2001-08-23 17:00 7,382 --a--c--- D:\WINDOWS\system32\dllcache\OEMBIOS.CAT 2008-05-01 10:01 . 2008-04-13 22:04 1,897,408 --------- D:\WINDOWS\system32\drivers\nv4_mini.sys 2008-05-01 08:49 . 2008-04-14 22:50 1,306,624 --a------ D:\WINDOWS\system32\msxml6.dll 2008-05-01 08:48 . 2004-08-04 00:43 1,251,840 --a------ D:\WINDOWS\system32\comsvcs.dll 2008-05-01 08:47 . 2004-08-04 00:44 539,136 --a------ D:\WINDOWS\system32\spider.exe 2008-04-28 14:42 . 2008-05-01 09:52 d-------- D:\Documents and Settings\Jakub\Dane aplikacji\Samsung 2008-04-28 14:40 . 2006-05-03 22:53 174,592 --a------ D:\WINDOWS\system32\framedyn.dll 2008-04-28 14:38 . 2008-04-28 14:40 d-------- D:\WINDOWS\system32\Samsung_USB_Drivers 2008-04-28 14:38 . 2006-07-24 16:05 5,632 --a------ D:\WINDOWS\system32\drivers\StarOpen.sys 2008-04-28 14:38 . 2005-08-28 20:51 766 --a------ D:\WINDOWS\system32\Uninstall.ico 2008-04-24 11:12 . 2008-04-24 11:12 40 --ah----- D:\WINDOWS\system32\ivireg.ivr 2008-04-24 09:19 . 2008-04-24 09:24 d-------- D:\Documents and Settings\Jakub\Dane aplikacji\Corel 2008-04-24 09:19 . 2008-04-24 09:34 3,350 --ahs---- D:\Documents and Settings\All Users\Dane aplikacji\KGyGaAvL.sys 2008-04-24 09:19 . 2008-04-24 09:24 88 -r-hs---- D:\Documents and Settings\All Users\Dane aplikacji\153235FFBD.sys 2008-04-24 09:13 . 2005-09-20 17:27 10,368 --a------ D:\WINDOWS\system32\drivers\iviaspi.sys 2008-04-24 09:12 . 2008-04-24 09:12 d-------- D:\Documents and Settings\All Users\Dane aplikacji\Corel 2008-04-24 09:11 . 2008-04-24 09:11 d-------- D:\Program Files\Common Files\Protexis 2008-04-24 09:10 . 2008-04-24 09:10 d-------- D:\Program Files\Corel 2008-04-21 23:15 . 2008-04-21 23:43 d-------- D:\Program Files\SIW 2008-04-21 19:47 . 2008-05-01 09:43 d-------- D:\Program Files\QuickTime 2008-04-20 11:27 . 2008-04-20 11:27 d-------- D:\Program Files\DAEMON Tools Lite 2008-04-20 09:44 . 2008-03-05 15:56 3,786,760 --a------ D:\WINDOWS\system32\d3dx9_37.dll 2008-04-20 09:44 . 2006-11-02 11:46 1,029,120 --a------ D:\WINDOWS\system32\d3d10.dll 2008-04-20 09:44 . 2008-02-05 23:07 462,864 --a------ D:\WINDOWS\system32\d3dx10_37.dll 2008-04-20 09:44 . 2006-11-29 13:06 440,080 --a------ D:\WINDOWS\system32\d3dx10.dll 2008-04-20 09:44 . 2006-11-02 11:46 187,392 --a------ D:\WINDOWS\system32\d3d10core.dll 2008-04-20 09:44 . 2006-11-02 11:46 167,936 --a------ D:\WINDOWS\system32\dxgi.dll 2008-04-20 09:44 . 2006-11-02 11:46 39,936 --a------ D:\WINDOWS\system32\dwmapi.dll 2008-04-20 09:44 . 2008-03-09 06:25 236 --ah----- D:\Program Files\Common Files\dx.reg 2008-04-17 18:46 . 2008-04-17 18:52 d-------- D:\Program Files\Bolek I Lolek 2008-04-17 18:39 . 2008-04-17 18:39 d-------- D:\Program Files\KeyTweak 2008-04-16 19:33 . 2008-04-16 19:33 4,096 --a------ D:\WINDOWS\d3dx.dat 2008-04-16 19:32 . 2008-04-16 19:38 d-------- D:\Program Files\AxySnake 2008-04-16 19:17 . 2008-04-16 19:17 d-------- D:\WINDOWS\system32\Adobe 2008-04-16 08:24 . 2008-04-16 08:33 d-------- D:\Program Files\avisplit 2008-04-16 07:37 . 2008-04-16 07:37 d-------- D:\Documents and Settings\Jakub\WINDOWS 2008-04-14 23:08 . 2008-04-14 23:08 512,096 --a------ D:\WINDOWS\system32\drivers\amon.sys 2008-04-14 23:08 . 2008-04-14 23:08 298,104 --a------ D:\WINDOWS\system32\imon.dll 2008-04-14 23:08 . 2008-04-14 23:08 15,424 --a------ D:\WINDOWS\system32\drivers\nod32drv.sys 2008-04-14 23:03 . 2008-05-02 21:21 d-------- D:\Program Files\ESET 2008-04-14 22:52 . 2008-04-18 16:10 d-------- D:\Program Files\MSECACHE 2008-04-14 22:51 . 2008-04-14 22:51 20,992 --------- D:\WINDOWS\system32\spupdwxp.exe 2008-04-14 22:51 . 2008-04-14 22:51 20,992 --------- D:\WINDOWS\system32\faxpatch.exe 2008-04-14 22:51 . 2008-04-14 22:51 7,680 --a------ D:\WINDOWS\system32\spdwnwxp.exe 2008-04-14 22:05 . 2008-04-14 22:05 1,950 --------- D:\WINDOWS\system32\pid.inf 2008-04-13 23:01 . 2008-05-01 09:43 d-------- D:\Program Files\MozBackup 2008-04-13 22:52 . 2008-04-13 22:52 0 --a------ D:\WINDOWS\nsreg.dat 2008-04-13 21:58 . 2008-04-13 22:23 d-------- D:\Program Files\DAP 2008-04-13 19:21 . 2008-04-13 22:14 d-------- D:\Program Files\DAP Premium 2008-04-12 09:13 . 2008-04-12 13:23 d-------- D:\Program Files\Winamp Remote 2008-04-11 15:19 . 2008-04-11 15:19 d-------- D:\Documents and Settings\Jakub\Dane aplikacji\Ashampoo 2008-04-09 20:32 . 2008-04-09 20:32 d-------- D:\Documents and Settings\Jakub\Dane aplikacji\InstallShield 2008-04-09 20:17 . 2008-04-09 20:17 d-------- D:\Program Files\Realtek AC97 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-06 05:29 --------- d-----w D:\Documents and Settings\Jakub\Dane aplikacji\Skype 2008-05-06 05:20 --------- d-----w D:\Program Files\Mozilla Thunderbird 2008-05-06 05:16 --------- d-----w D:\Documents and Settings\Jakub\Dane aplikacji\skypePM 2008-05-04 18:36 --------- d-----w D:\Program Files\Spik 2008-05-04 18:36 --------- d-----w D:\Documents and Settings\Jakub\Dane aplikacji\Spik 2008-05-04 18:32 --------- d---a-w D:\Documents and Settings\All Users\Dane aplikacji\TEMP 2008-05-04 16:58 --------- d-----w D:\Documents and Settings\Jakub\Dane aplikacji\uTorrent 2008-05-03 08:40 --------- d-----w D:\Program Files\Winamp 2008-05-03 07:59 --------- d-----w D:\Program Files\Torrent Master 2008-05-02 17:58 --------- d-----w D:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy 2008-05-01 12:33 717,296 ----a-w D:\WINDOWS\system32\drivers\sptd.sys 2008-05-01 08:45 --------- d--h--w D:\Program Files\InstallShield Installation Information 2008-05-01 07:43 --------- d-----w D:\Program Files\Autoplay Repair 2008-04-24 10:08 --------- d-----w D:\Program Files\SST-GSM 2008-04-20 08:02 --------- d-----w D:\Program Files\Direx9 2008-04-16 15:56 --------- d-----w D:\Program Files\SiMoCo 2008-04-16 15:01 --------- d-----w D:\Program Files\DivX 2008-04-14 20:51 33,792 ------w D:\WINDOWS\system32\mmcperf.exe 2008-04-14 20:51 32,866 ------w D:\WINDOWS\system32\slrundll.exe 2008-04-14 20:51 32,768 ------w D:\WINDOWS\system32\setupn.exe 2008-04-14 20:51 28,672 ----a-w D:\WINDOWS\system32\verclsid.exe 2008-04-14 20:51 276,992 ----a-w D:\WINDOWS\system32\wmphoto.dll 2008-04-14 20:51 221,184 -c--a-w D:\WINDOWS\system32\wmpns.dll 2008-04-14 20:51 176,640 ------w D:\WINDOWS\system32\napstat.exe 2008-04-14 20:49 39,424 ----a-w D:\WINDOWS\AppPatch\acadproc.dll 2008-04-14 20:49 136,192 ----a-w D:\WINDOWS\system32\aaclient.dll 2008-04-14 20:39 6,144 ------w D:\WINDOWS\system32\kbdpash.dll 2008-04-14 20:39 6,144 ------w D:\WINDOWS\system32\kbdnepr.dll 2008-04-14 20:39 6,144 ------w D:\WINDOWS\system32\kbdiultn.dll 2008-04-14 20:39 6,144 ------w D:\WINDOWS\system32\kbdbhc.dll 2008-04-14 19:52 89,600 ----a-w D:\WINDOWS\system32\msxml6r.dll 2008-04-14 19:50 80,896 ------w D:\WINDOWS\system32\msshavmsg.dll 2008-04-14 19:30 327,040 ------w D:\WINDOWS\system32\drivers\ati2mtaa.sys 2008-04-13 22:13 9,728 ------w D:\WINDOWS\system32\comsdupd.exe 2008-04-13 22:10 10,240 ------w D:\WINDOWS\system32\drivers\sffp_mmc.sys 2008-04-13 21:53 95,424 ------w D:\WINDOWS\system32\drivers\slnthal.sys 2008-04-13 21:53 685,056 ------w D:\WINDOWS\system32\drivers\hsfcxts2.sys 2008-04-13 21:53 404,990 ------w D:\WINDOWS\system32\drivers\slntamr.sys 2008-04-13 21:53 220,032 ------w D:\WINDOWS\system32\drivers\hsfbs2s2.sys 2008-04-13 21:53 180,360 ------w D:\WINDOWS\system32\drivers\ntmtlfax.sys 2008-04-13 21:53 13,776 ------w D:\WINDOWS\system32\drivers\recagent.sys 2008-04-13 21:53 13,240 ------w D:\WINDOWS\system32\drivers\slwdmsup.sys 2008-04-13 21:53 129,535 ------w D:\WINDOWS\system32\drivers\slnt7554.sys 2008-04-13 21:53 126,686 ------w D:\WINDOWS\system32\drivers\mtlmnt5.sys 2008-04-13 21:53 11,868 ------w D:\WINDOWS\system32\drivers\mdmxsdk.sys 2008-04-13 21:53 1,309,184 ------w D:\WINDOWS\system32\drivers\mtlstrm.sys 2008-04-13 21:53 1,041,536 ------w D:\WINDOWS\system32\drivers\hsfdpsp2.sys 2008-04-13 20:06 144,384 ------w D:\WINDOWS\system32\drivers\hdaudbus.sys 2008-04-09 16:49 --------- d-----w D:\Program Files\Ashampoo 2008-04-09 16:37 --------- d-----w D:\Documents and Settings\All Users\Dane aplikacji\ashampoo 2008-04-08 20:06 --------- d-----w D:\Documents and Settings\Jakub\Dane aplikacji\Expressivo 2008-04-05 22:29 --------- d-----w D:\Program Files\Smarty Uninstaller Pro 2008-04-04 11:29 --------- d-----w D:\Program Files\MIKSOFT 2008-04-04 08:27 --------- d-----w D:\Program Files\Dzielenie i laczenie plikow 2008-04-04 08:04 --------- d-----w D:\Program Files\Illustrate 2008-04-04 07:52 --------- d-----w D:\Documents and Settings\Jakub\Dane aplikacji\AccurateRip 2008-04-02 18:55 --------- d-----w D:\Documents and Settings\Jakub\Dane aplikacji\Apple Computer 2008-03-31 21:25 831,488 ----a-w D:\WINDOWS\system32\divx_xx0a.dll 2008-03-31 21:25 823,296 ----a-w D:\WINDOWS\system32\divx_xx0c.dll 2008-03-31 21:25 823,296 ----a-w D:\WINDOWS\system32\divx_xx07.dll 2008-03-31 21:25 802,816 ----a-w D:\WINDOWS\system32\divx_xx11.dll 2008-03-31 21:25 682,496 ----a-w D:\WINDOWS\system32\DivX.dll 2008-03-31 21:25 161,096 ----a-w D:\WINDOWS\system32\DivXCodecVersionChecker.exe 2008-03-31 02:55 --------- d-----w D:\Documents and Settings\Jakub\Dane aplikacji\atitray 2008-03-30 19:53 --------- d-----w D:\Documents and Settings\Jakub\Dane aplikacji\DivX 2008-03-30 19:43 --------- d-----w D:\Program Files\ivo 2008-03-30 18:27 --------- d-----w D:\Program Files\Odkurzacz 2008-03-30 18:26 --------- d-----w D:\Program Files\FireTune 2008-03-30 08:47 --------- d-----w D:\Program Files\YDP 2008-03-30 08:47 --------- d-----w D:\Program Files\Common Files\GraphBoard 1.00 2008-03-28 12:42 --------- d-----w D:\Program Files\Ubisoft 2008-03-22 21:21 --------- d-----w D:\Program Files\OrtografiaDlaDzieci 2008-03-22 19:07 --------- d-----w D:\Program Files\CDex_150 2008-03-21 20:30 524,288 ----a-w D:\WINDOWS\system32\DivXsm.exe 2008-03-21 20:30 3,596,288 ----a-w D:\WINDOWS\system32\qt-dx331.dll 2008-03-21 20:30 200,704 ----a-w D:\WINDOWS\system32\ssldivx.dll 2008-03-21 20:30 1,044,480 ----a-w D:\WINDOWS\system32\libdivx.dll 2008-03-21 20:28 81,920 ----a-w D:\WINDOWS\system32\dpl100.dll 2008-03-21 20:28 593,920 ----a-w D:\WINDOWS\system32\dpuGUI11.dll 2008-03-21 20:28 57,344 ----a-w D:\WINDOWS\system32\dpv11.dll 2008-03-21 20:28 53,248 -c--a-w D:\WINDOWS\system32\dpuGUI10.dll 2008-03-21 20:28 344,064 -c--a-w D:\WINDOWS\system32\dpus11.dll 2008-03-21 20:28 294,912 -c--a-w D:\WINDOWS\system32\dpu10.dll 2008-03-21 20:28 294,912 ----a-w D:\WINDOWS\system32\dpu11.dll 2008-03-21 20:28 196,608 -c--a-w D:\WINDOWS\system32\dtu100.dll 2008-03-21 20:28 12,288 ----a-w D:\WINDOWS\system32\DivXWMPExtType.dll 2008-03-18 13:14 --------- d-----w D:\Program Files\MP3 Player Utilities 4.00 2008-03-18 06:43 --------- d-----w D:\Program Files\Picasa2 2008-03-16 11:21 --------- d-----w D:\Program Files\Unlocker 2008-03-15 14:35 47,360 ----a-w D:\Documents and Settings\Jakub\Dane aplikacji\pcouffin.sys 2008-03-15 14:35 --------- d-----w D:\Documents and Settings\Jakub\Dane aplikacji\Vso 2008-03-15 14:29 47,360 ----a-w D:\WINDOWS\system32\drivers\pcouffin.sys 2008-03-11 19:31 --------- d-----w D:\Program Files\KartingRace 2008-03-11 19:20 --------- d-----w D:\Program Files\Radeon Omega Drivers 2008-03-11 19:09 472,576 ----a-w D:\WINDOWS\Radeon Omega Drivers v4.8.442 Uninstall.exe 2008-03-10 13:04 --------- d-----w D:\Program Files\Common Files\ACD Systems 2008-03-10 07:57 --------- d-----w D:\Documents and Settings\Jakub\Dane aplikacji\WebCompiler3 2008-03-10 07:24 --------- d-----w D:\Documents and Settings\All Users\Dane aplikacji\Kazaa Lite 2008-03-08 16:57 --------- d-----w D:\Program Files\AidemMedia 2008-03-07 18:17 --------- d-----w D:\Documents and Settings\Jakub\Dane aplikacji\AD ON Multimedia 2004-05-01 20:11 54,272 --sh--w D:\WINDOWS\old_mod_lib.dll 2007-02-16 18:36 88 -csha-r D:\WINDOWS\system32\153235FFBD.sys 2007-02-23 09:30 56 -csha-r D:\WINDOWS\system32\BDFF353215.sys 2007-02-23 09:30 5,852 -csha-w D:\WINDOWS\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="D:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 18:22 21898024] "SpybotSD TeaTimer"="D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488] "AtiTrayTools"="D:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe" [2007-11-05 09:55 570528] "DAEMON Tools Lite"="D:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856] "Gadu-Gadu"="D:\Program Files\Gadu-Gadu\gg.exe" [2008-03-20 12:04 2127296] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "nod32kui"="D:\Program Files\Eset\nod32kui.exe" [2008-04-14 23:08 949376] "SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 577536 D:\WINDOWS\soundman.exe] "ATIPTA"="atiptaxx.exe" [2006-02-22 03:05 344064 D:\WINDOWS\system32\atiptaxx.exe] "Spik"="D:\Program Files\Spik\Spik.exe" [2008-04-08 12:04 103912] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="D:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "SynchronousUserGroupPolicy"= 0 (0x0) "SynchronousMachineGroupPolicy"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) "NoFileAssociate"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoWelcomeScreen"= 0 (0x0) "NoBandCustomize"= 0 (0x0) "NoMovingBands"= 0 (0x0) "NoCloseDragDropBands"= 0 (0x0) "NoTaskGrouping"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.ACDV"= ACDV.dll "vidc.DIV3"= DIVXc32.dll "vidc.DIV4"= DIVXc32f.dll "msacm.avis"= ff_acm.acm "VIDC.MJPG"= Pvmjpg30.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli scecli [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "D:\\Program Files\\Spik\\Spik.exe"= "D:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"= "D:\\Program Files\\DAP\\DAP.exe"= "%windir%\\system32\\sessmgr.exe"= "D:\\Program Files\\CCleaner\\ccleaner.exe"= "D:\\Program Files\\THQ\\MotoGP URT 3\\motogp.exe"= "D:\\Program Files\\Java\\jre1.6.0_03\\bin\\java.exe"= "D:\\WINDOWS\\system32\\dpvsetup.exe"= "D:\\WINDOWS\\system32\\rundll32.exe"= "E:\\Programy\\p2p\\DC ++\\StrongDC.exe"= "D:\\Program Files\\uTorrent\\utorrent.exe"= "D:\\Program Files\\Corel\\DVD9\\WinDVD.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "D:\\Program Files\\Skype\\Phone\\Skype.exe"= R0 FO_PAnt;FO_PAnt;D:\WINDOWS\system32\Drivers\FO_PAnt.sys [2003-07-17 12:56] R0 videX32;videX32;D:\WINDOWS\system32\DRIVERS\videX32.sys [2007-03-29 11:36] R1 atitray;atitray;D:\Program Files\Ray Adams\ATI Tray Tools\atitray.sys [2007-11-05 09:55] R1 epfwtdir;epfwtdir;D:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-08-23 12:10] R2 PSI_SVC_2;Protexis Licensing V2;"D:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe" [2007-07-24 11:15] R2 regi;regi;D:\WINDOWS\system32\drivers\regi.sys [2007-04-17 20:09] S3 ASPI;Advanced SCSI Programming Interface Driver;D:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 09:05] S3 NtApm;Sterownik interfejsu NT Apm/Legacy;D:\WINDOWS\system32\DRIVERS\NtApm.sys [2001-10-26 22:03] S3 USBSTOR;Sterownik magazynu masowego USB;D:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6ed33f05-b563-11dc-a985-001109dda0e0}] \Shell\AutoRun\command - G:\_AUTORUN\AUTORUN.EXE [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{95321edd-df9f-11dc-81c5-001109dda0e0}] \Shell\AutoRun\command - H:\autorun.exe . Contents of the 'Scheduled Tasks' folder "2008-05-02 15:15:00 D:\WINDOWS\Tasks\1-Click Maintenance.job" - D:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe "2008-04-21 17:42:06 D:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - D:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-06 07:29:19 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... folder error: D:\DOCUME~1\Jakub\USTAWI~1\Temp scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: D:\WINDOWS\system32\lsass.exe -> D:\Program Files\Eset\pr_imon.dll . ------------------------ Other Running Processes ------------------------ . D:\WINDOWS\system32\ati2evxx.exe D:\WINDOWS\system32\ati2evxx.exe D:\Program Files\ESET\nod32krn.exe D:\WINDOWS\system32\PnkBstrA.exe D:\Program Files\Skype\Plugin Manager\skypePM.exe . ************************************************************************** . Completion time: 2008-05-06 7:33:01 - machine was rebooted ComboFix-quarantined-files.txt 2008-05-06 05:32:56 Pre-Run: 2,889,256,960 bajtów wolnych Post-Run: 2,777,759,744 bajt˘w wolnych 305 --- E O F --- 2007-10-05 22:12:55 Deckard's System Scanner v20071014.68 Run by Jakub on 2008-05-06 07:50:48 Computer is in Normal Mode. -------------------------------------------------------------------------------- [color=red]Percentage of Memory in Use: 82% (more than 75%).[/color] [color=red]System Drive D: has 2.65 GiB (less than 15%) free.[/color] -- HijackThis (run as Jakub.exe) ----------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 07:50:57, on 2008-05-06 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\Ati2evxx.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\Ati2evxx.exe D:\WINDOWS\system32\spoolsv.exe D:\Program Files\Eset\nod32kui.exe D:\WINDOWS\SOUNDMAN.EXE D:\Program Files\Spik\Spik.exe D:\Program Files\Skype\Phone\Skype.exe D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe D:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe D:\Program Files\DAEMON Tools Lite\daemon.exe D:\Program Files\Gadu-Gadu\gg.exe D:\Program Files\Eset\nod32krn.exe D:\WINDOWS\system32\PnkBstrA.exe D:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe D:\Program Files\Skype\Plugin Manager\skypePM.exe D:\WINDOWS\explorer.exe D:\Program Files\Mozilla Firefox\firefox.exe D:\Documents and Settings\Jakub\Pulpit\dss.exe D:\PROGRA~1\TRENDM~1\HIJACK~1\Jakub.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.interia.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O4 - HKLM\..\Run: [nod32kui] "D:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe O4 - HKLM\..\Run: [Spik] D:\Program Files\Spik\Spik.exe -autostart O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [AtiTrayTools] "D:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe" O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [Gadu-Gadu] "D:\Program Files\Gadu-Gadu\gg.exe" /tray O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &Clean Traces - D:\Program Files\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - D:\Program Files\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - D:\Program Files\DAP\dapextie2.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wpmsg - {2E0AC5A0-3597-11D6-B3ED-0001021DC1C3} - D:\Program Files\Spik\url_wpmsg.dll O23 - Service: Adobe LM Service - Unknown owner - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (file missing) O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: IviRegMgr - InterVideo - D:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: NMIndexingService - Unknown owner - D:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe (file missing) O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:\Program Files\Eset\nod32krn.exe O23 - Service: PnkBstrA - Unknown owner - D:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - D:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- End of file - 6218 bytes -- Files created between 2008-04-06 and 2008-05-06 ----------------------------- 2008-05-06 07:27:30 0 d--hs---- D:\Documents and Settings\Jakub\Recent 2008-05-06 07:23:47 68096 --a------ D:\WINDOWS\zip.exe 2008-05-06 07:23:47 49152 --a------ D:\WINDOWS\VFind.exe 2008-05-06 07:23:47 161792 --a------ D:\WINDOWS\swreg.exe 2008-05-06 07:23:47 98816 --a------ D:\WINDOWS\sed.exe 2008-05-06 07:23:47 80412 --a------ D:\WINDOWS\grep.exe 2008-05-06 07:23:47 73728 --a------ D:\WINDOWS\fdsv.exe 2008-05-06 07:23:46 212480 --a------ D:\WINDOWS\swxcacls.exe 2008-05-06 07:23:46 136704 --a------ D:\WINDOWS\swsc.exe 2008-05-04 19:09:32 0 d-------- D:\Documents and Settings\Jakub\Gadu-Gadu 2008-05-04 19:09:22 0 d-------- D:\Program Files\Gadu-Gadu 2008-05-04 18:45:16 0 d-------- D:\WINDOWS\Prefetch 2008-05-02 17:51:24 139264 --a------ D:\WINDOWS\system32\atiprbxx.exe 2008-05-01 13:05:03 0 d--h----- D:\Program Files\WindowsUpdate 2008-05-01 10:09:01 0 d-------- D:\Program Files\Messenger 2008-05-01 10:08:59 9728 -----n--- D:\WINDOWS\system32\comsdupd.exe 2008-05-01 10:08:56 233472 -----n--- D:\WINDOWS\system32\azroles.dll 2008-05-01 10:08:55 651264 -----n--- D:\WINDOWS\system32\dot3ui.dll 2008-05-01 10:08:55 133632 -----n--- D:\WINDOWS\system32\dot3svc.dll 2008-05-01 10:08:55 56832 -----n--- D:\WINDOWS\system32\dot3msm.dll 2008-05-01 10:08:55 39936 -----n--- D:\WINDOWS\system32\dot3gpclnt.dll 2008-05-01 10:08:55 9216 -----n--- D:\WINDOWS\system32\dot3dlg.dll 2008-05-01 10:08:55 59904 -----n--- D:\WINDOWS\system32\dot3cfg.dll 2008-05-01 10:08:55 26112 -----n--- D:\WINDOWS\system32\dot3api.dll 2008-05-01 10:08:55 39936 -----n--- D:\WINDOWS\system32\dimsroam.dll 2008-05-01 10:08:55 19456 -----n--- D:\WINDOWS\system32\dimsntfy.dll 2008-05-01 10:08:55 48640 -----n--- D:\WINDOWS\system32\dhcpqec.dll 2008-05-01 10:08:55 12800 -----n--- D:\WINDOWS\system32\credssp.dll 2008-05-01 10:08:55 7168 -----n--- D:\WINDOWS\system32\bitsprx4.dll 2008-05-01 10:08:54 33792 -----n--- D:\WINDOWS\system32\eapsvc.dll 2008-05-01 10:08:54 59392 -----n--- D:\WINDOWS\system32\eapqec.dll 2008-05-01 10:08:54 40960 -----n--- D:\WINDOWS\system32\eappprxy.dll 2008-05-01 10:08:54 181248 -----n--- D:\WINDOWS\system32\eapphost.dll 2008-05-01 10:08:54 94720 -----n--- D:\WINDOWS\system32\eappgnui.dll 2008-05-01 10:08:54 126976 -----n--- D:\WINDOWS\system32\eappcfg.dll 2008-05-01 10:08:54 184832 -----n--- D:\WINDOWS\system32\eapp3hst.dll 2008-05-01 10:08:54 31232 -----n--- D:\WINDOWS\system32\eapolqec.dll 2008-05-01 10:08:53 6144 -----n--- D:\WINDOWS\system32\kbdiultn.dll 2008-05-01 10:08:53 6144 -----n--- D:\WINDOWS\system32\kbdbhc.dll 2008-05-01 10:08:52 86016 -----n--- D:\WINDOWS\system32\mdmxsdk.dll 2008-05-01 10:08:52 37376 -----n--- D:\WINDOWS\system32\l2gpstore.dll 2008-05-01 10:08:52 61440 -----n--- D:\WINDOWS\system32\kmsvc.dll 2008-05-01 10:08:52 6144 -----n--- D:\WINDOWS\system32\kbdpash.dll 2008-05-01 10:08:52 6144 -----n--- D:\WINDOWS\system32\kbdnepr.dll 2008-05-01 10:08:51 155136 -----n--- D:\WINDOWS\system32\mssha.dll 2008-05-01 10:08:51 33792 -----n--- D:\WINDOWS\system32\mmcperf.exe 2008-05-01 10:08:50 176640 -----n--- D:\WINDOWS\system32\napstat.exe 2008-05-01 10:08:50 196608 -----n--- D:\WINDOWS\system32\napmontr.dll 2008-05-01 10:08:50 30720 -----n--- D:\WINDOWS\system32\napipsec.dll 2008-05-01 10:08:50 80896 -----n--- D:\WINDOWS\system32\msshavmsg.dll 2008-05-01 10:08:49 293376 -----n--- D:\WINDOWS\system32\qagentrt.dll 2008-05-01 10:08:49 150528 -----n--- D:\WINDOWS\system32\qagent.dll 2008-05-01 10:08:49 144896 -----n--- D:\WINDOWS\system32\onex.dll 2008-05-01 10:08:48 32866 -----n--- D:\WINDOWS\system32\slrundll.exe 2008-05-01 10:08:48 32768 -----n--- D:\WINDOWS\system32\setupn.exe 2008-05-01 10:08:48 61952 -----n--- D:\WINDOWS\system32\rasqec.dll 2008-05-01 10:08:48 76800 -----n--- D:\WINDOWS\system32\qutil.dll 2008-05-01 10:08:48 62464 -----n--- D:\WINDOWS\system32\qcliprov.dll 2008-05-01 10:08:47 50688 -----n--- D:\WINDOWS\system32\tspkg.dll 2008-05-01 10:08:42 0 d-------- D:\WINDOWS\system32\pl 2008-05-01 10:08:41 0 d-------- D:\WINDOWS\system32\bits 2008-05-01 10:01:31 144384 -----n--- D:\WINDOWS\system32\drivers\hdaudbus.sys 2008-05-01 10:01:26 10240 -----n--- D:\WINDOWS\system32\drivers\sffp_mmc.sys 2008-05-01 08:49:21 89600 --a------ D:\WINDOWS\system32\msxml6r.dll 2008-05-01 08:49:21 1306624 --a------ D:\WINDOWS\system32\msxml6.dll 2008-05-01 08:49:19 136192 --a------ D:\WINDOWS\system32\aaclient.dll 2008-05-01 08:49:18 53248 --a------ D:\WINDOWS\system32\tsgqec.dll 2008-05-01 08:49:18 290304 --a------ D:\WINDOWS\system32\rhttpaa.dll 2008-05-01 08:49:18 412160 --a------ D:\WINDOWS\system32\photometadatahandler.dll 2008-05-01 08:49:17 276992 --a------ D:\WINDOWS\system32\wmphoto.dll 2008-05-01 08:49:17 69120 --a------ D:\WINDOWS\system32\wlanapi.dll 2008-05-01 08:49:17 346112 --a------ D:\WINDOWS\system32\windowscodecsext.dll 2008-05-01 08:49:17 712704 --a------ D:\WINDOWS\system32\windowscodecs.dll 2008-05-01 08:49:17 28672 --a------ D:\WINDOWS\system32\verclsid.exe 2008-04-28 14:40:46 174592 --a------ D:\WINDOWS\system32\framedyn.dll 2008-04-28 14:38:44 0 d-------- D:\WINDOWS\system32\Samsung_USB_Drivers 2008-04-28 14:38:11 5632 --a------ D:\WINDOWS\system32\drivers\StarOpen.sys 2008-04-24 09:13:30 10368 --a------ D:\WINDOWS\system32\drivers\iviaspi.sys 2008-04-24 09:11:58 0 d-------- D:\Program Files\Common Files\Protexis 2008-04-24 09:10:23 0 d-------- D:\Program Files\Corel 2008-04-21 23:15:49 0 d-------- D:\Program Files\SIW 2008-04-21 19:47:47 0 d-------- D:\Program Files\QuickTime 2008-04-20 11:27:00 0 d-------- D:\Program Files\DAEMON Tools Lite 2008-04-20 09:44:19 236 --ah----- D:\Program Files\Common Files\dx.reg 2008-04-20 09:44:18 167936 --a------ D:\WINDOWS\system32\dxgi.dll 2008-04-20 09:44:18 39936 --a------ D:\WINDOWS\system32\dwmapi.dll 2008-04-20 09:44:16 187392 --a------ D:\WINDOWS\system32\d3d10core.dll 2008-04-20 09:44:16 1029120 --a------ D:\WINDOWS\system32\d3d10.dll 2008-04-17 18:46:43 0 d-------- D:\Program Files\Bolek I Lolek 2008-04-17 18:39:06 0 d-------- D:\Program Files\KeyTweak 2008-04-16 19:33:30 4096 --a------ D:\WINDOWS\d3dx.dat 2008-04-16 19:32:16 0 d-------- D:\Program Files\AxySnake 2008-04-16 19:17:58 0 d-------- D:\WINDOWS\system32\Adobe 2008-04-16 08:24:32 0 d-------- D:\Program Files\avisplit 2008-04-16 07:37:44 0 d-------- D:\Documents and Settings\Jakub\WINDOWS 2008-04-14 23:08:29 298104 --a------ D:\WINDOWS\system32\imon.dll 2008-04-14 22:52:04 0 d-------- D:\Program Files\MSECACHE 2008-04-14 22:51:44 20992 -----n--- D:\WINDOWS\system32\spupdwxp.exe 2008-04-14 22:51:44 7680 --a------ D:\WINDOWS\system32\spdwnwxp.exe 2008-04-14 22:51:18 20992 -----n--- D:\WINDOWS\system32\faxpatch.exe 2008-04-13 23:01:50 0 d-------- D:\Program Files\MozBackup 2008-04-13 22:52:22 0 --a------ D:\WINDOWS\nsreg.dat 2008-04-13 21:58:01 0 d-------- D:\Program Files\DAP 2008-04-13 19:21:24 0 d-------- D:\Program Files\DAP Premium 2008-04-12 09:13:40 0 d-------- D:\Program Files\Winamp Remote 2008-04-09 20:32:28 14155776 --a------ D:\Documents and Settings\Jakub\ntuser.dat 2008-04-09 20:17:30 0 d-------- D:\Program Files\Realtek AC97 -- Find3M Report --------------------------------------------------------------- 2008-05-06 07:49:05 0 d-------- D:\Documents and Settings\Jakub\Dane aplikacji\Skype 2008-05-06 07:20:36 0 d-------- D:\Program Files\Mozilla Thunderbird 2008-05-06 07:16:05 0 d-------- D:\Documents and Settings\Jakub\Dane aplikacji\skypePM 2008-05-04 20:36:50 0 d-------- D:\Documents and Settings\Jakub\Dane aplikacji\Spik 2008-05-04 20:36:24 0 d-------- D:\Program Files\Spik 2008-05-04 18:58:41 0 d-------- D:\Documents and Settings\Jakub\Dane aplikacji\uTorrent 2008-05-04 18:48:06 503200 --a----c- D:\WINDOWS\system32\perfh015.dat 2008-05-04 18:48:06 91214 --a----c- D:\WINDOWS\system32\perfc015.dat 2008-05-04 18:31:07 0 d-------- D:\Program Files\Windows NT 2008-05-04 18:31:05 0 d-------- D:\Program Files\Movie Maker 2008-05-03 10:40:12 0 d-------- D:\Program Files\Winamp 2008-05-03 09:59:46 0 d-------- D:\Program Files\Torrent Master 2008-05-02 18:20:03 1324 --a------ D:\WINDOWS\system32\d3d9caps.dat 2008-05-02 18:19:59 552 --a------ D:\WINDOWS\system32\d3d8caps.dat 2008-05-01 13:03:01 23688 --a----c- D:\WINDOWS\system32\emptyregdb.dat 2008-05-01 10:45:44 0 d--h----- D:\Program Files\InstallShield Installation Information 2008-05-01 09:52:02 0 d-------- D:\Documents and Settings\Jakub\Dane aplikacji\Samsung 2008-05-01 09:43:10 0 d-------- D:\Program Files\Autoplay Repair 2008-04-25 17:22:10 0 d-------- D:\Documents and Settings\Jakub\Dane aplikacji\Adobe 2008-04-24 12:08:30 0 d-------- D:\Program Files\SST-GSM 2008-04-24 09:24:45 0 d-------- D:\Documents and Settings\Jakub\Dane aplikacji\Corel 2008-04-24 09:11:58 0 d-------- D:\Program Files\Common Files 2008-04-20 10:02:31 0 d-------- D:\Program Files\Direx9 2008-04-16 19:18:10 7314 --a----c- D:\WINDOWS\mozver.dat 2008-04-16 17:56:35 0 d-------- D:\Program Files\SiMoCo 2008-04-16 17:01:38 0 d-------- D:\Program Files\DivX 2008-04-14 22:51:00 221184 --a----c- D:\WINDOWS\system32\wmpns.dll 2008-04-11 15:19:54 0 d-------- D:\Documents and Settings\Jakub\Dane aplikacji\Ashampoo 2008-04-09 20:32:20 0 d-------- D:\Documents and Settings\Jakub\Dane aplikacji\InstallShield 2008-04-09 18:49:13 0 d-------- D:\Program Files\Ashampoo 2008-04-08 22:06:25 0 d-------- D:\Documents and Settings\Jakub\Dane aplikacji\Expressivo 2008-04-06 00:29:42 0 d-------- D:\Program Files\Smarty Uninstaller Pro 2008-04-04 13:29:49 0 d-------- D:\Program Files\MIKSOFT 2008-04-04 13:00:49 3008 --a------ D:\WINDOWS\system32\SpoonUninstall-dBpoweramp WavPack Codec.dat 2008-04-04 13:00:22 3152 --a------ D:\WINDOWS\system32\SpoonUninstall-dBpoweramp mp3 (Fraunhofer IIS) Codec.dat 2008-04-04 13:00:02 2930 --a------ D:\WINDOWS\system32\SpoonUninstall-dBpoweramp [Multi Encoder] Codec.dat 2008-04-04 10:27:18 0 d-------- D:\Program Files\Dzielenie i laczenie plikow 2008-04-04 10:06:02 2649 --a------ D:\WINDOWS\system32\SpoonUninstall-dBpoweramp Midi Decoder.dat 2008-04-04 10:04:54 8457 --a------ D:\WINDOWS\system32\SpoonUninstall-dBpoweramp DSP Effects.dat 2008-04-04 10:04:48 13281 --a------ D:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.dat 2008-04-04 10:04:45 0 d-------- D:\Program Files\Illustrate 2008-04-04 09:52:25 0 d-------- D:\Documents and Settings\Jakub\Dane aplikacji\AccurateRip 2008-04-02 20:55:54 0 d-------- D:\Documents and Settings\Jakub\Dane aplikacji\Apple Computer 2008-03-31 23:25:48 823296 --a------ D:\WINDOWS\system32\divx_xx0c.dll 2008-03-31 23:25:48 823296 --a------ D:\WINDOWS\system32\divx_xx07.dll 2008-03-31 23:25:46 802816 --a------ D:\WINDOWS\system32\divx_xx11.dll 2008-03-31 23:25:46 831488 --a------ D:\WINDOWS\system32\divx_xx0a.dll 2008-03-31 23:25:46 682496 --a------ D:\WINDOWS\system32\DivX.dll 2008-03-31 04:55:52 0 d-------- D:\Documents and Settings\Jakub\Dane aplikacji\atitray 2008-03-30 21:53:53 0 d-------- D:\Documents and Settings\Jakub\Dane aplikacji\DivX 2008-03-30 21:43:50 0 d-------- D:\Program Files\ivo 2008-03-30 20:27:15 0 d-------- D:\Program Files\Odkurzacz 2008-03-30 20:26:28 0 d-------- D:\Program Files\FireTune 2008-03-30 10:47:43 0 d-------- D:\Program Files\Common Files\GraphBoard 1.00 2008-03-30 10:47:42 0 d-------- D:\Program Files\YDP 2008-03-28 14:42:39 0 d-------- D:\Program Files\Ubisoft 2008-03-22 23:21:43 0 d-------- D:\Program Files\OrtografiaDlaDzieci 2008-03-22 21:07:25 0 d-------- D:\Program Files\CDex_150 2008-03-21 22:30:08 3596288 --a------ D:\WINDOWS\system32\qt-dx331.dll 2008-03-21 22:28:54 196608 --a----c- D:\WINDOWS\system32\dtu100.dll 2008-03-21 22:28:54 81920 --a------ D:\WINDOWS\system32\dpl100.dll 2008-03-21 22:28:20 12288 --a------ D:\WINDOWS\system32\DivXWMPExtType.dll 2008-03-18 15:14:00 0 d-------- D:\Program Files\MP3 Player Utilities 4.00 2008-03-18 08:43:15 0 d-------- D:\Program Files\Picasa2 2008-03-15 16:35:03 0 d-------- D:\Documents and Settings\Jakub\Dane aplikacji\Vso 2008-03-15 16:35:02 47360 --a------ D:\Documents and Settings\Jakub\Dane aplikacji\pcouffin.sys 2008-03-15 16:35:02 33 --a------ D:\Documents and Settings\Jakub\Dane aplikacji\pcouffin.log 2008-03-15 16:35:02 1144 --a------ D:\Documents and Settings\Jakub\Dane aplikacji\pcouffin.inf 2008-03-15 16:35:02 7887 --a------ D:\Documents and Settings\Jakub\Dane aplikacji\pcouffin.cat 2008-03-15 16:33:28 668 --a------ D:\Documents and Settings\Jakub\Dane aplikacji\vso_ts_preview.xml 2008-03-11 21:31:26 0 d-------- D:\Program Files\KartingRace 2008-03-11 21:20:14 0 d-------- D:\Program Files\Radeon Omega Drivers 2008-03-10 15:04:09 0 d-------- D:\Program Files\Common Files\ACD Systems 2008-03-10 09:57:56 0 d-------- D:\Documents and Settings\Jakub\Dane aplikacji\WebCompiler3 2008-03-08 21:54:41 0 d-------- D:\Documents and Settings\Jakub\Dane aplikacji\Mozilla 2008-03-08 18:57:32 0 d-------- D:\Program Files\AidemMedia 2008-03-07 20:17:45 0 d-------- D:\Documents and Settings\Jakub\Dane aplikacji\AD ON Multimedia 2008-03-03 18:54:39 892928 --a------ D:\WINDOWS\system32\iconv.dll 2008-03-03 18:54:30 237568 --a------ D:\WINDOWS\system32\OggDS.dll 2008-03-03 18:54:27 921600 --a------ D:\WINDOWS\system32\vorbisenc.dll 2008-03-03 18:54:20 188416 --a------ D:\WINDOWS\system32\vorbis.dll 2008-03-03 18:54:16 45056 --a------ D:\WINDOWS\system32\ogg.dll 2008-03-03 18:54:15 1415680 --a------ D:\WINDOWS\system32\WMV9VCM.dll 2008-03-03 18:53:57 245760 --a------ D:\WINDOWS\system32\mplvpx.dll 2008-03-03 18:53:47 9216 --a------ D:\WINDOWS\system32\cpuinf32.dll 2008-03-03 18:53:20 1559040 --a------ D:\WINDOWS\system32\xvidcore.dll 2008-02-27 11:59:08 745 --a------ D:\Documents and Settings\Jakub\Dane aplikacji\AtomicAlarmClock.ini 2008-02-27 11:52:02 525 --a------ D:\Documents and Settings\Jakub\Dane aplikacji\alarms.ini 2008-02-19 23:16:14 73216 --a------ D:\WINDOWS\ST6UNST.EXE 2008-02-19 21:15:54 3440 --a------ D:\WINDOWS\unins000.dat 2008-02-19 21:05:24 691545 --a------ D:\WINDOWS\unins000.exe -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "nod32kui"="D:\Program Files\Eset\nod32kui.exe" [2008-04-14 23:08] "SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 D:\WINDOWS\soundman.exe] "ATIPTA"="atiptaxx.exe" [2006-02-22 03:05 D:\WINDOWS\system32\atiptaxx.exe] "Spik"="D:\Program Files\Spik\Spik.exe" [2008-04-08 12:04] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="D:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 18:22] "SpybotSD TeaTimer"="D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43] "AtiTrayTools"="D:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe" [2007-11-05 09:55] "DAEMON Tools Lite"="D:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39] "Gadu-Gadu"="D:\Program Files\Gadu-Gadu\gg.exe" [2008-03-20 12:04] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "SynchronousUserGroupPolicy"=0 (0x0) "SynchronousMachineGroupPolicy"=0 (0x0) "HideLegacyLogonScripts"=0 (0x0) "HideLogoffScripts"=0 (0x0) "RunLogonScriptSync"=1 (0x1) "RunStartupScriptSync"=1 (0x1) "HideStartupScripts"=0 (0x0) "NoDispBackgroundPage"=0 (0x0) "DisableRegistryTools"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "HideLegacyLogonScripts"=0 (0x0) "HideLogoffScripts"=0 (0x0) "RunLogonScriptSync"=1 (0x1) "RunStartupScriptSync"=1 (0x1) "HideStartupScripts"=0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"=1 (0x1) "NoPropertiesMyComputer"=0 (0x0) "NoFileAssociate"=0 (0x0) "NoSMHelp"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoWelcomeScreen"=0 (0x0) "NoSetTaskbar"=0 (0x0) "NoToolbarsOnTaskbar"=0 (0x0) "NoBandCustomize"=0 (0x0) "NoMovingBands"=0 (0x0) "NoCloseDragDropBands"=0 (0x0) "NoTaskGrouping"=0 (0x0) "NoRecentDocsHistory"=0 (0x0) "ClearRecentDocsOnExit"=1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy] D:\WINDOWS\System32\dimsntfy.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Notification Packages"= scecli scecli [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] eapsvcs eaphost dot3svc dot3svc [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6ed33f05-b563-11dc-a985-001109dda0e0}] AutoRun\command- G:\_AUTORUN\AUTORUN.EXE [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{95321edd-df9f-11dc-81c5-001109dda0e0}] AutoRun\command- H:\autorun.exe -- End of Deckard's System Scanner: finished at 2008-05-06 07:52:15 ------------ "Silent Runners.vbs", revision 56, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "Skype" = ""D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."] "SpybotSD TeaTimer" = "D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" ["Safer Networking Limited"] "AtiTrayTools" = ""D:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe"" ["Ray Adams"] "DAEMON Tools Lite" = ""D:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun" ["DT Soft Ltd"] "Gadu-Gadu" = ""D:\Program Files\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu S.A."] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "nod32kui" = ""D:\Program Files\Eset\nod32kui.exe" /WAITSERVICE" ["Eset "] "SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."] "ATIPTA" = "atiptaxx.exe" ["ATI Technologies, Inc."] "Spik" = "D:\Program Files\Spik\Spik.exe -autostart" [null data] HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}\(Default) = "Outlook Express" \StubPath = "D:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE" [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided) -> {HKLM...CLSID} = "Spybot-S&D IE Protection" \InProcServer32\(Default) = "D:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = "SSVHelper Class" \InProcServer32\(Default) = "D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania" -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "D:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data] "{e57ce731-33e8-4c51-8354-bb4de9d215d1}" = "Uniwersalne urządzenia Plug and Play" -> {HKLM...CLSID} = "Uniwersalne urządzenia Plug and Play" \InProcServer32\(Default) = "D:\WINDOWS\system32\upnpui.dll" [MS] "{CCA60260-A2C9-11D2-BA62-0020188191B2}" = "Registrar Registry Manager SHell Extension" -> {HKLM...CLSID} = "Registrar Registry Manager SHell Extension" \InProcServer32\(Default) = "rrShellX.dll" [null data] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "D:\Program Files\Microsoft Office\Office12\msohevi.dll" [MS] "{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler" -> {HKLM...CLSID} = "Microsoft Office Metadata Handler" \InProcServer32\(Default) = "D:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS] "{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler" -> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler" \InProcServer32\(Default) = "D:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS] "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}" = "UnlockerShellExtension" -> {HKLM...CLSID} = "UnlockerShellExtension" \InProcServer32\(Default) = "D:\Program Files\Unlocker\UnlockerCOM.dll" [null data] "{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5}" = "dBpoweramp Music Converter" -> {HKLM...CLSID} = "dMCIShell Class" \InProcServer32\(Default) = "D:\Program Files\Illustrate\dBpoweramp\dMCShell.dll" ["Illustrate"] "{B089FE88-FB52-11D3-BDF1-0050DA34150D}" = "NOD32 Context Menu Shell Extension" -> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension" \InProcServer32\(Default) = "D:\Program Files\Eset\nodshex.dll" [null data] "{EFA24E62-B078-11d0-89E4-00C04FC9E26E}" = "History Band" -> {HKLM...CLSID} = "History Band" \InProcServer32\(Default) = "D:\WINDOWS\system32\shdocvw.dll" [MS] "{B4B924A2-EBDA-11DA-95DA-00E08161165F}" = "Dodatki Spika" -> {HKLM...CLSID} = "SpikShellExt Class" \InProcServer32\(Default) = "D:\Program Files\Spik\shellext_wpmsg.dll" ["Wirtualna Polska"] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" -> {HKLM...CLSID} = "WPDShServiceObj Class" \InProcServer32\(Default) = "D:\WINDOWS\system32\WPDShServiceObj.dll" [MS] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify<> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."] <> dimsntfy\DLLName = "D:\WINDOWS\System32\dimsntfy.dll" [MS] <> wzcnotif\DLLName = "wzcdlg.dll" [MS] HKLM\SOFTWARE\Classes\PROTOCOLS\Filter<> text/xml\CLSID = "{807563E5-5146-11D5-A672-00B0D022E945}" -> {HKLM...CLSID} = "Microsoft Office InfoPath XML Mime Filter" \InProcServer32\(Default) = "D:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL" [MS] HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers{FED7043D-346A-414D-ACD7-550D052499A7}\(Default) = "dBpoweramp Column Handler" -> {HKLM...CLSID} = "dBpShell Class" \InProcServer32\(Default) = "D:\Program Files\Illustrate\dBpoweramp\dBShell.dll" ["Illustrate"] HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlersDAP_Menu\(Default) = "{BED4C38B-F765-45AC-8C56-613F76BBF43E}" -> {HKLM...CLSID} = "DAPMenuShellExt Class" \InProcServer32\(Default) = "D:\PROGRA~1\DAP\Privacy Package\DAPCtxMenuShell.dll" ["Speedbit Ltd."] DAP_ShredMenu\(Default) = "{BED4C38B-F765-45AC-8C56-613F76BBF43E}" -> {HKLM...CLSID} = "DAPMenuShellExt Class" \InProcServer32\(Default) = "D:\PROGRA~1\DAP\Privacy Package\DAPCtxMenuShell.dll" ["Speedbit Ltd."] NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}" -> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension" \InProcServer32\(Default) = "D:\Program Files\Eset\nodshex.dll" [null data] Spik\(Default) = "{B4B924A2-EBDA-11DA-95DA-00E08161165F}" -> {HKLM...CLSID} = "SpikShellExt Class" \InProcServer32\(Default) = "D:\Program Files\Spik\shellext_wpmsg.dll" ["Wirtualna Polska"] VIDEOTRANS\(Default) = "{C8CA0A66-AF32-4D5E-879E-F0809ACEDC55}" -> {HKLM...CLSID} = "AmvTransform Class" \InProcServer32\(Default) = "D:\Program Files\MP3 Player Utilities 4.00\AMVConverter\AmvTransform.dll" [empty string] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data] HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlersDAP_ShredMenu\(Default) = "{BED4C38B-F765-45AC-8C56-613F76BBF43E}" -> {HKLM...CLSID} = "DAPMenuShellExt Class" \InProcServer32\(Default) = "D:\PROGRA~1\DAP\Privacy Package\DAPCtxMenuShell.dll" ["Speedbit Ltd."] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data] HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlersNOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}" -> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension" \InProcServer32\(Default) = "D:\Program Files\Eset\nodshex.dll" [null data] Spik\(Default) = "{B4B924A2-EBDA-11DA-95DA-00E08161165F}" -> {HKLM...CLSID} = "SpikShellExt Class" \InProcServer32\(Default) = "D:\Program Files\Spik\shellext_wpmsg.dll" ["Wirtualna Polska"] UnlockerShellExtension\(Default) = "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}" -> {HKLM...CLSID} = "UnlockerShellExtension" \InProcServer32\(Default) = "D:\Program Files\Unlocker\UnlockerCOM.dll" [null data] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data] HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlersUnlockerShellExtension\(Default) = "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}" -> {HKLM...CLSID} = "UnlockerShellExtension" \InProcServer32\(Default) = "D:\Program Files\Unlocker\UnlockerCOM.dll" [null data] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer "NoWelcomeScreen" = (REG_DWORD) dword:0x00000000 {unrecognized setting} "NoSetTaskbar" = (REG_DWORD) dword:0x00000000 {User Configuration|Administrative Templates|Start Menu and Taskbar| Prevent changes to Taskbar and Start Menu Settings} "NoToolbarsOnTaskbar" = (REG_DWORD) dword:0x00000000 {unrecognized setting} "NoBandCustomize" = (REG_DWORD) dword:0x00000000 {User Configuration|Administrative Templates|Windows Components|Internet Explorer|Toolbars| Disable customizing browser toolbars} "NoMovingBands" = (REG_DWORD) dword:0x00000000 {unrecognized setting} "NoCloseDragDropBands" = (REG_DWORD) dword:0x00000000 {unrecognized setting} "ClassicShell" = (REG_DWORD) dword:0x00000000 {User Configuration|Administrative Templates|Windows Components|Windows Explorer| Enable Classic Shell / Turn on Classic Shell} "NoTaskGrouping" = (REG_DWORD) dword:0x00000000 {unrecognized setting} "NoNetHood" = (REG_DWORD) dword:0x00000000 {unrecognized setting} "NoCDBurning" = (REG_DWORD) dword:0x00000000 {unrecognized setting} "NoRecentDocsHistory" = (REG_DWORD) dword:0x00000000 {unrecognized setting} "ClearRecentDocsOnExit" = (REG_DWORD) dword:0x00000001 {unrecognized setting} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer "NoCDBurning" = (REG_DWORD) dword:0x00000000 {unrecognized setting} "NoResolveTrack" = (REG_DWORD) dword:0x00000001 {unrecognized setting} "NoPropertiesMyComputer" = (REG_DWORD) dword:0x00000000 {unrecognized setting} "NoFileAssociate" = (REG_DWORD) dword:0x00000000 {unrecognized setting} "NoSMHelp" = (REG_DWORD) dword:0x00000000 {unrecognized setting} HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System "HideLegacyLogonScripts" = (REG_DWORD) dword:0x00000000 {unrecognized setting} "HideLogoffScripts" = (REG_DWORD) dword:0x00000000 {unrecognized setting} "RunLogonScriptSync" = (REG_DWORD) dword:0x00000001 {unrecognized setting} "RunStartupScriptSync" = (REG_DWORD) dword:0x00000001 {unrecognized setting} "HideStartupScripts" = (REG_DWORD) dword:0x00000000 {unrecognized setting} HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel "SecurityTab" = (REG_DWORD) dword:0x00000000 {Computer Configuration|Administrative Templates|Windows Components|Internet Explorer|Internet Control Panel| Disable the Security page} "ConnectionsTab" = (REG_DWORD) dword:0x00000000 {Computer Configuration|Administrative Templates|Windows Components|Internet Explorer|Internet Control Panel| Disable the Connections page} "SecChangeSettings" = (REG_DWORD) dword:0x00000000 {unrecognized setting} HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer\Restrictions "NoBrowserOptions" = (REG_DWORD) dword:0x00000000 {Computer Configuration|Administrative Templates|Windows Components|Internet Explorer|Browser Menus| Tools menu: Disable Internet Options... menu option} "NoBrowserSaveAs" = (REG_DWORD) dword:0x00000000 {unrecognized setting} "NoFavorites" = (REG_DWORD) dword:0x00000000 {unrecognized setting} "NoFileNew" = (REG_DWORD) dword:0x00000000 {unrecognized setting} "NoFileOpen" = (REG_DWORD) dword:0x00000000 {unrecognized setting} "NoTheaterMode" = (REG_DWORD) dword:0x00000000 {unrecognized setting} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System "undockwithoutlogon" = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} "SynchronousUserGroupPolicy" = (REG_DWORD) dword:0x00000000 {unrecognized setting} "SynchronousMachineGroupPolicy" = (REG_DWORD) dword:0x00000000 {unrecognized setting} "HideLegacyLogonScripts" = (REG_DWORD) dword:0x00000000 {unrecognized setting} "HideLogoffScripts" = (REG_DWORD) dword:0x00000000 {unrecognized setting} "RunLogonScriptSync" = (REG_DWORD) dword:0x00000001 {unrecognized setting} "RunStartupScriptSync" = (REG_DWORD) dword:0x00000001 {unrecognized setting} "HideStartupScripts" = (REG_DWORD) dword:0x00000000 {unrecognized setting} "ShutdownWithoutLogon" = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} "NoDispBackgroundPage" = (REG_DWORD) dword:0x00000000 {unrecognized setting} "DisableRegistryTools" = (REG_DWORD) dword:0x00000000 {unrecognized setting} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General"Wallpaper" = "%APPDATA%\FastStone\FSIV\FSViewerWallPaper.bmp" Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop"Wallpaper" = "D:\Documents and Settings\Jakub\Dane aplikacji\FastStone\FSIV\FSViewerWallPaper.bmp" Enabled Scheduled Tasks: ------------------------ "1-Click Maintenance" -> launches: "D:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe /schedulestart" [file not found] "AppleSoftwareUpdate" -> launches: "D:\Program Files\Apple Software Update\SoftwareUpdate.exe -task" ["Apple Inc."] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: D:\WINDOWS\system32\imon.dll ["Eset "], 01 - 05, 19 %SystemRoot%\system32\mswsock.dll [MS], 06 - 08, 11 - 18 %SystemRoot%\system32\rsvpsp.dll [MS], 09 - 10 Toolbars, Explorer Bars, Extensions: ------------------------------------ Explorer Bars HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Poszukaj" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "D:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL" [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions{08B0E5C0-4FCB-11CF-AAA5-00401C608501}"MenuText" = "Sun Java Console" "CLSIDExtension" = "{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}" -> {HKCU...CLSID} = "Java Plug-in 1.6.0_03" \InProcServer32\(Default) = "D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."] -> {HKLM...CLSID} = "Java Plug-in 1.6.0_03" \InProcServer32\(Default) = "D:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll" ["Sun Microsystems, Inc."] {92780B25-18CC-41C8-B9BE-3C9C571A8263}"ButtonText" = "Research" {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}"MenuText" = "Spybot - Search & Destroy Configuration" "CLSIDExtension" = "{53707962-6F74-2D53-2644-206D7942484F}" -> {HKLM...CLSID} = "Spybot-S&D IE Protection" \InProcServer32\(Default) = "D:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"] {E2E2DD38-D088-4134-82B7-F2BA38496583}"MenuText" = "@xpsp3res.dll,-20001" "Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS] {FB5F1910-F110-11D2-BB9E-00C04F795683}"ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "D:\Program Files\Messenger\msmsgs.exe" [MS] Miscellaneous IE Hijack Points ------------------------------ HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs<> "NavigationFailure" = "res://ieframe.dll/navcancl.htm" [MS] <> "NavigationCanceled" = "res://ieframe.dll/navcancl.htm" [MS] <> "OfflineInformation" = "res://ieframe.dll/offcancl.htm" [MS] <> "PostNotCached" = "res://ieframe.dll/repost.htm" [MS] <> "NoAdd-ons" = "res://ieframe.dll/noaddon.htm" [MS] <> "NoAdd-onsInfo" = "res://ieframe.dll/noaddoninfo.htm" [MS] <> "SecurityRisk" = "res://ieframe.dll/securityatrisk.htm" [MS] <> "Tabs" = "res://ieframe.dll/tabswelcome.htm" [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Ati HotKey Poller, Ati HotKey Poller, "D:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."] NOD32 Kernel Service, NOD32krn, ""D:\Program Files\Eset\nod32krn.exe"" ["Eset "] PnkBstrA, PnkBstrA, "D:\WINDOWS\system32\PnkBstrA.exe" [null data] Protexis Licensing V2, PSI_SVC_2, ""D:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe"" ["Protexis Inc."] ---------- (launch time: 2008-05-06 07:55:05) <>: Suspicious data at a malware launch point. <>: Suspicious data at a browser hijack point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer "No" at the first message box and "Yes" at the second message box. ---------- (total run time: 45 seconds, including 3 seconds for message boxes)

mikus39

Dodano: 06.05.2008 09:33:52

Pokaz loga Combofixa.

Żółty

Dodano: 05.05.2008 23:05:44

Komunikat wyglada jak ikona Combo Fix i pojawia sie każdorazowo w oknie konkretnego programu jako komunikat o błędzie.Jak tu wkleić sceena nie wiem.:redface: Ja też lubię Żółtego

mikus39

Dodano: 05.05.2008 22:19:48

może tak screen komunikatu, komunikat jest w nodzie? W logu nic niepokojącego nie widzę. I jaki problem ze spikiem i z grafiką?

Small Mike

Dodano: 03.05.2008 13:53:41

Dziwne zachowanie instalatora sterownik&#243;w grafiki i Spika

Odpowiedzi: 6

Dziwne zachowanie instalatora sterowników grafiki i Spika