Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:50:43 PM, on 9/2/2008
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system\proxy.exe
C:\Program Files\Nikon\Wireless Camera Setup Utility\NkPtpEnum.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\inf\svchoct.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\mspaint.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://antwrp.gsfc.nasa.gov/apod/astropix.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Lacza
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Skrót do strony wlasciwosci High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [kis] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat\AdobeUpdateManager.exe" AcPro7_0_8
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe"
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Policies\Explorer\Run: [minyust] C:\WINDOWS\system32\inf\svchoct.exe C:\WINDOWS\wftadfi16_080902a.dll tanlt88
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USLUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USLUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: AutorunsDisabled
O4 - Global Startup: Device Detector 2.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Dodaj do Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\\ie_banner_deny.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Ochrona WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\mmchost.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mmchost.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1198693948609
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1198693871359
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: zordisa.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MsService - Unknown owner - C:\WINDOWS\system\proxy.exe
O23 - Service: NkPtpEnumP2 - Nikon Corporation - C:\Program Files\Nikon\Wireless Camera Setup Utility\NkPtpEnum.exe
O23 - Service: perfs Co. Ltd. (perfs) - Unknown owner - C:\WINDOWS\system32\perfs.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: sotpeca Corporation inc. (sotpeca) - Unknown owner - C:\WINDOWS\system32\sotpeca.exe (file missing)

--
End of file - 9297 bytes

ComboFix 08-09-01.03 - Julien 2008-09-02 21:53:15.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1045.18.128 [GMT 2:00]
Running from: C:\Documents and Settings\Julien\Pulpit\ComboFix.exe
Command switches used :: C:\Documents and Settings\Julien\Pulpit\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Tygrysek\Cookies\tygrysek@indextools[1].txt
C:\Documents and Settings\Tygrysek\Dane aplikacji\macromedia\Flash Player\#SharedObjects\JJKR5UU3\bin.clearspring.com
C:\Documents and Settings\Tygrysek\Dane aplikacji\macromedia\Flash Player\#SharedObjects\JJKR5UU3\bin.clearspring.com\clearspring.sol
C:\Documents and Settings\Tygrysek\Dane aplikacji\macromedia\Flash Player\#SharedObjects\JJKR5UU3\static.youku.com
C:\Documents and Settings\Tygrysek\Dane aplikacji\macromedia\Flash Player\#SharedObjects\JJKR5UU3\static.youku.com\v1.0.0229\v\swf\qplayer.swf\youku.sol
C:\Documents and Settings\Tygrysek\Dane aplikacji\macromedia\Flash Player\#SharedObjects\JJKR5UU3\static.youku.com\v1.0.0230\v\swf\qplayer.swf\youku.sol
C:\Documents and Settings\Tygrysek\Dane aplikacji\macromedia\Flash Player\#SharedObjects\JJKR5UU3\static.youku.com\v1.0.0231\v\swf\qplayer.swf\youku.sol
C:\Documents and Settings\Tygrysek\Dane aplikacji\macromedia\Flash Player\#SharedObjects\JJKR5UU3\static.youku.com\v1.0.0232\v\swf\qplayer.swf\youku.sol
C:\Documents and Settings\Tygrysek\Dane aplikacji\macromedia\Flash Player\#SharedObjects\JJKR5UU3\static.youku.com\v1.0.0233\v\swf\qplayer.swf\youku.sol
C:\Documents and Settings\Tygrysek\Dane aplikacji\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com
C:\Documents and Settings\Tygrysek\Dane aplikacji\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol
C:\Documents and Settings\Tygrysek\Dane aplikacji\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.youku.com
C:\Documents and Settings\Tygrysek\Dane aplikacji\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.youku.com\settings.sol
C:\test.txt
C:\WINDOWS\dcbdcatys32_080902a.dll
C:\WINDOWS\Install.txt
C:\WINDOWS\MSSqlServer.dll
C:\WINDOWS\system\proxy.exe
C:\WINDOWS\system\sgcxcxxaspf080902.exe
C:\WINDOWS\system32\afisicx.exe
C:\WINDOWS\system32\atsxyzd.sys
C:\WINDOWS\system32\comsa32.sys
C:\WINDOWS\system32\inf\scsys16_080902.dll
C:\WINDOWS\system32\inf\sppdcrs080902.scr
C:\WINDOWS\system32\inf\svchoct.exe
C:\WINDOWS\system32\mabidwe.exe
C:\WINDOWS\system32\macidwe.exe
C:\WINDOWS\system32\mmchost.dll
C:\WINDOWS\system32\mywfhit.ini
C:\WINDOWS\system32\mywfhit.ini.tmp
C:\WINDOWS\system32\noytcyr.exe
C:\WINDOWS\system32\roxtctm.exe
C:\WINDOWS\system32\roytctm.exe
C:\WINDOWS\system32\rtl60.bpl
C:\WINDOWS\system32\soxpeca.exe
C:\WINDOWS\system32\syspilog.pil
C:\WINDOWS\system32\tdxdowkc.exe
C:\WINDOWS\system32\tdydowkc.exe
C:\WINDOWS\system32\tmp0_822581587651.bk
C:\WINDOWS\system32\zordisa.dll
C:\WINDOWS\tawisys.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AFINDING
-------\Legacy_INTERNET_SERVICE
-------\Legacy_MSSERVICE
-------\Legacy_PERFS
-------\Legacy_ROUTING
-------\Legacy_SEUICTOL
-------\Legacy_SOBICYT
-------\Legacy_SOTPECA
-------\Legacy_TDXDOWKC
-------\Legacy_WSERVING
-------\Legacy_WSLDOEKD
-------\Service_afinding
-------\Service_MsService
-------\Service_perfs
-------\Service_routing
-------\Service_seuictol
-------\Service_sobicyt
-------\Service_sotpeca
-------\Service_wserving


((((((((((((((((((((((((( Files Created from 2008-08-02 to 2008-09-02 )))))))))))))))))))))))))))))))
.

2008-10-28 00:57 . 2008-10-28 00:57 <DIR> d-------- C:\Documents and Settings\Julien\Dane aplikacji\InterVideo
2008-10-15 14:11 . 2008-09-02 00:51 <DIR> d-------- C:\Documents and Settings\Julien\Dane aplikacji\Skype
2008-10-15 14:11 . 2008-10-15 14:11 <DIR> d-------- C:\Documents and Settings\Julien\Dane aplikacji\Nikon
2008-10-15 14:10 . 2008-10-15 14:10 <DIR> d-------- C:\Documents and Settings\Julien\Dane aplikacji\AdobeUM
2008-10-15 14:10 . 2008-10-15 14:10 <DIR> d-------- C:\Documents and Settings\Julien
2008-08-28 22:50 . 2008-06-14 20:01 273,024 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-08-28 22:50 . 2008-06-14 20:01 273,024 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-08-28 18:48 . 2005-10-08 08:46 <DIR> d--h----- C:\Documents and Settings\Administrator\Ustawienia lokalne
2008-08-28 18:48 . 2005-10-08 06:56 <DIR> dr------- C:\Documents and Settings\Administrator\Ulubione
2008-08-28 18:48 . 2005-10-08 06:49 <DIR> d--h----- C:\Documents and Settings\Administrator\Szablony
2008-08-28 18:48 . 2005-10-08 08:46 <DIR> d-------- C:\Documents and Settings\Administrator\Pulpit
2008-08-28 18:48 . 2005-10-08 06:56 <DIR> dr------- C:\Documents and Settings\Administrator\Moje dokumenty
2008-08-28 18:48 . 2005-10-08 08:46 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Start
2008-08-28 18:48 . 2005-10-08 06:56 <DIR> dr-h----- C:\Documents and Settings\Administrator\Dane aplikacji
2008-08-28 18:48 . 2008-08-28 18:48 <DIR> d-------- C:\Documents and Settings\Administrator
2008-08-13 02:51 . 2008-08-13 02:51 <DIR> d-------- C:\WINDOWS\system32\windows media
2008-08-13 02:50 . 2008-08-13 02:51 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2008-08-13 02:50 . 2008-08-13 02:50 <DIR> d-------- C:\Program Files\Windows Media Components
2008-08-07 21:49 . 2008-08-07 21:49 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-08-07 21:48 . 2008-08-07 21:48 <DIR> d-------- C:\Program Files\Real
2008-08-07 21:47 . 2008-08-07 21:48 <DIR> d-------- C:\Program Files\Common Files\Real

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-28 17:27 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\PrevxCSI
2008-10-15 12:11 20 ---h--w C:\Documents and Settings\All Users\Dane aplikacji\PKP_DLec.DAT
2008-09-02 20:04 79,959,072 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-09-02 20:04 2,316,576 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-09-02 20:01 218,156 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-09-02 20:01 1,071,860 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-09-02 19:43 --------- d-----w C:\Documents and Settings\Tygrysek\Dane aplikacji\Skype
2008-07-21 18:29 137,472 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-07-09 15:15 --------- d-----w C:\Documents and Settings\Tygrysek\Dane aplikacji\AdobeUM
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="C:\Program Files\Adobe\Acrobat\AdobeUpdateManager.exe" [2006-03-30 313472]
"OM2_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-09-04 95536]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 286720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-09 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-09 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-09 114688]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 83608]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 286720]
"OM2_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2007-09-04 54576]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-08-07 185896]
"kis"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" [2006-03-24 139367]
"Skrót do strony wlasciwosci High Definition Audio"="HDAShCut.exe" [2005-01-07 C:\WINDOWS\system32\HdAShCut.exe]
"SoundMan"="SOUNDMAN.EXE" [2005-08-23 C:\WINDOWS\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2005-08-23 C:\WINDOWS\ALCWZRD.EXE]
"SMSERIAL"="sm56hlpr.exe" [2005-08-12 C:\WINDOWS\sm56hlpr.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Device Detector 2.lnk - C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe [2005-12-28 114688]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-09 28672]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\AutorunsDisabled
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe [2006-06-23 25214]
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-12-26 113664]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 29696]
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2006-04-14 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= Pvmjpg30.dll
"VIDC.PIM1"= pclepim1.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 vobiw;vobiw;C:\WINDOWS\system32\drivers\vobiw.sys [2004-09-01 188416]
R2 NkPtpEnumP2;NkPtpEnumP2;C:\Program Files\Nikon\Wireless Camera Setup Utility\NkPtpEnum.exe [2005-06-17 24064]
R3 cdrdrv;Cdrdrv;C:\WINDOWS\system32\Drivers\Cdrdrv.sys [2005-02-10 62976]
R3 VBus;Virtual Bus;C:\WINDOWS\system32\DRIVERS\NkVBus.sys [2005-06-17 17664]
S3 CnxEtP;ZTE ZXDSL852 Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys [2005-05-20 131072]
S3 CnxEtU;ZTE ZXDSL852 Interface Device Driver;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys [2005-05-20 618112]
S3 CnxTgNW;ZTE ZXDSL852 WAN PPPoA Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgNW.sys [2005-05-20 52736]
S3 VNUSB;VN Series Device;C:\WINDOWS\system32\DRIVERS\VNUSB.sys [2003-12-15 38448]
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

HKLM-Explorer_Run-minyust - C:\WINDOWS\system32\inf\svchoct.exe


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://antwrp.gsfc.nasa.gov/apod/astropix.html
R0 -: HKLM-Main,Start Page = hxxp://www.yahoo.com/
R0 -: HKLM-Main,Search Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
O8 -: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 -: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 -: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 -: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 -: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 -: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 -: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 -: Convert to existing PDF - C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 -: E&ksport do programu Microsoft Excel - C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-02 22:04:10
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-09-02 22:08:24 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-02 20:08:18

Pre-Run: 48,544,350,208 bajtów wolnych
Post-Run: 49,807,757,312 bajt¢w wolnych

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

216 --- E O F --- 2008-09-01 23:22:25

9/2/2008 11:35:29 PM Zainfekowany: Koń trojański Trojan-Clicker.Win32.VB.buc c:\windows\system32\fduvfct.sys 40 KB
9/2/2008 11:56:40 PM Zainfekowany: Koń trojański Trojan.Win32.Agent.abbe C:\System Volume Information\_restore{FB6D41A3-DF0A-43AD-A7E1-7C97F03692C9}\RP503\A0126167.exe 37.5 KB
9/3/2008 12:11:58 AM Zainfekowany: Koń trojański Trojan.Win32.DNSChanger.ica C:\System Volume Information\_restore{FB6D41A3-DF0A-43AD-A7E1-7C97F03692C9}\RP503\A0126169.sys 268.5 KB
9/3/2008 5:04:14 PM Zainfekowany: Koń trojański Trojan-Clicker.Win32.VB.bvw C:\System Volume Information\_restore{FB6D41A3-DF0A-43AD-A7E1-7C97F03692C9}\RP503\A0127176.old 40 KB

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:21:54 PM, on 9/3/2008
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nikon\Wireless Camera Setup Utility\NkPtpEnum.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://antwrp.gsfc.nasa.gov/apod/astropix.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Lacza
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Skrót do strony wlasciwosci High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM
O4 - HKLM\..\Run: [kis] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat\AdobeUpdateManager.exe" AcPro7_0_8
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USLUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USLUGA SIECIOWA')
O4 - HKUS\S-1-5-21-638445513-3742685772-2441467850-1006\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized (User 'Tygrysek')
O4 - HKUS\S-1-5-21-638445513-3742685772-2441467850-500\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized (User 'Administrator')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: AutorunsDisabled
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Dodaj do Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\\ie_banner_deny.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Ochrona WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1198693948609
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1198693871359
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NkPtpEnumP2 - Nikon Corporation - C:\Program Files\Nikon\Wireless Camera Setup Utility\NkPtpEnum.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe (file missing)

--
End of file - 8145 bytes

Malwarebytes' Anti-Malware 1.26
Database version: 1110
Windows 5.1.2600 Dodatek Service Pack 2

9/4/2008 12:05:22 AM
mbam-log-2008-09-04 (00-05-22).txt

Scan type: Full Scan (C:\|)
Objects scanned: 118634
Time elapsed: 46 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 16

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nobicyt (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\QooBox\Quarantine\C\WINDOWS\dcbdcatys32_080902a.dll.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system\proxy.exe.vir (Trojan.Proxy) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB6D41A3-DF0A-43AD-A7E1-7C97F03692C9}\RP503\A0127185.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB6D41A3-DF0A-43AD-A7E1-7C97F03692C9}\RP503\A0129204.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB6D41A3-DF0A-43AD-A7E1-7C97F03692C9}\RP503\A0129246.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB6D41A3-DF0A-43AD-A7E1-7C97F03692C9}\RP503\A0129271.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB6D41A3-DF0A-43AD-A7E1-7C97F03692C9}\RP503\A0130269.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB6D41A3-DF0A-43AD-A7E1-7C97F03692C9}\RP505\A0132498.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB6D41A3-DF0A-43AD-A7E1-7C97F03692C9}\RP506\A0132657.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB6D41A3-DF0A-43AD-A7E1-7C97F03692C9}\RP506\A0132673.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB6D41A3-DF0A-43AD-A7E1-7C97F03692C9}\RP506\A0132697.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB6D41A3-DF0A-43AD-A7E1-7C97F03692C9}\RP507\A0132716.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB6D41A3-DF0A-43AD-A7E1-7C97F03692C9}\RP507\A0132732.exe (Trojan.Proxy) -> Quarantined and deleted successfully.
C:\WINDOWS\Babelki.bmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Indianski pled.bmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\wftadfi16_080902a.dll (Trojan.Agent) -> Quarantined and deleted successfully.