. DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23 Run by Zion at 22:29:04 on 2011-12-20 Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.2046.1245 [GMT 1:00] . AV: ESET NOD32 Antivirus 3.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} FW: Outpost Firewall Pro *Enabled* . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe C:\Program Files\DU Meter\DUMeterSvc.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe svchost.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\logonui.exe C:\WINDOWS\system32\rdpclip.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\logon.scr C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe C:\Program Files\DU Meter\DUMeter.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\WINDOWS\system32\mmc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\TC UP\totalcmd.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.gazeta.pl/0,0.html?p=113 mDefault_Page_URL = hxxp://www.gazeta.pl/0,0.html?p=113 uInternet Settings,ProxyServer = 82.160.0.10:8080 BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: {c451c08a-ec37-45df-aaad-18b51ab5e837} - PDFCreator Toolbar Helper BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: PDFCreator Toolbar: {31cf9ebe-5755-4a1d-ac25-2834d952d9b4} - uRun: [DU Meter] c:\program files\du meter\DUMeter.exe uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe" mRun: [OutpostMonitor] c:\progra~1\agnitum\outpos~1\op_mon.exe /tray /noservice mRun: [OutpostFeedBack] "c:\program files\agnitum\outpost firewall pro\feedback.exe" /dump:os_startup mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe" mRun: [RTHDCPL] RTHDCPL.EXE mRun: [TrueImageMonitor.exe] "c:\program files\acronis\trueimagehome\TrueImageMonitor.exe" mRun: [Usługa Acronis Scheduler2] "c:\program files\common files\acronis\schedule2\schedhlp.exe" StartupFolder: c:\docume~1\alluse~1\menust~1\programy\autost~1\serviio.lnk - c:\program files\serviio\bin\ServiioConsole.exe mPolicies-system: EnableLinkedConnections = 1 (0x1) IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll IE: {44627E97-789B-40d4-B5C2-58BD171129A1} - {A1A7E22D-1587-4230-8F16-081C68D21448} - c:\program files\agnitum\outpost firewall pro\ie_bar.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL Trusted Zone: shoutcast.com\www DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1228235291156 DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1244153297114 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 194.204.159.1 194.204.152.34 192.168.0.1 TCP: Interfaces\{50E64A39-6893-4137-A032-D30DCE6CEFE0} : DhcpNameServer = 194.204.159.1 194.204.152.34 192.168.0.1 Notify: LMIinit - LMIinit.dll AppInit_DLLs: c:\progra~1\agnitum\outpos~1\wl_hook.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\zion\dane aplikacji\mozilla\firefox\profiles\2mqec2u0.default\ FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.gazeta.pl/0,0.html?p=113 FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query= FF - component: c:\documents and settings\zion\dane aplikacji\mozilla\firefox\profiles\2mqec2u0.default\extensions\{81bf1d23-5f17-408d-ac6b-bd6df7caf670}\components\imtcp_xpcom.dll FF - component: c:\documents and settings\zion\dane aplikacji\mozilla\firefox\profiles\2mqec2u0.default\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dll FF - plugin: c:\documents and settings\zion\dane aplikacji\mozilla\plugins\npcoolirisplugin.dll FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll . ---- FIREFOX POLICIES ---- . FF - user.js: browser.sessionstore.resume_from_crash - false FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 . ============= SERVICES / DRIVERS =============== . R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [2008-7-31 20616] R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\drivers\tdrpm273.sys [2011-6-23 752128] R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-7-1 35168] R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [2008-12-2 673920] R1 VD_FileDisk;VD_FileDisk;c:\windows\system32\drivers\vd_filedisk.sys [2006-1-13 15872] R2 acssrv;Agnitum Client Security Service;c:\progra~1\agnitum\outpos~1\acs.exe [2008-12-2 1238344] R2 afcdpsrv;Usługa Acronis Nonstop Backup;c:\program files\common files\acronis\cdp\afcdpsrv.exe [2011-6-23 3246040] R2 DUMeterSvc;DU Meter Service;c:\program files\du meter\DUMeterSvc.exe [2009-8-9 1391136] R2 ekrn;Eset Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2008-7-1 472280] R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-10-15 374152] R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-8-9 47640] R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [2011-6-23 167968] R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [2008-12-2 30864] R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [2008-12-2 234640] R3 ASWFilt;ASWFilt;c:\windows\system32\filt\ASWFilt.dll [2008-12-2 33408] S2 GEST Service;GEST Service for program management.;c:\program files\gigabyte\energysaver\GSvr.exe [2008-12-2 68136] S2 gupdate;Usługa Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-3-12 136176] S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-7-24 12856] S2 Serviio;Serviio;c:\program files\serviio\bin\ServiioService.exe [2011-9-25 276480] S2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [2004-8-4 5120] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-12-25 1684736] S3 GenericMount;Generic Mount Driver;c:\windows\system32\drivers\genericmount.sys --> c:\windows\system32\drivers\GenericMount.sys [?] S3 gupdatem;Usługa Google Update (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-3-12 136176] S3 GVTDrv;GVTDrv;c:\windows\system32\drivers\GVTDrv.sys [2008-12-2 24944] S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2008-7-2 26248] S3 MarkFun_NT;MarkFun_NT;c:\program files\gigabyte\dmi_view\markfun.w32 [2008-12-2 13512] S3 Teamingxp;Teamingxp;c:\windows\system32\drivers\teamingxp.sys --> c:\windows\system32\drivers\Teamingxp.sys [?] S4 LMIRfsClientNP;LMIRfsClientNP; [x] . =============== Created Last 30 ================ . 2011-12-19 14:53:08 359040 ----a-w- c:\windows\system32\tcpip.dat 2011-12-19 14:52:57 39424 ----a-w- c:\windows\system32\Sens32.dll . ==================== Find3M ==================== . 2011-12-20 16:27:13 16608 ----a-w- c:\windows\gdrv.sys 2011-12-19 14:53:08 359040 ----a-w- c:\windows\system32\drivers\tcpip.sys 2011-10-19 19:56:48 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-10-10 14:22:52 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-09-28 07:06:42 602624 ----a-w- c:\windows\system32\crypt32.dll 2011-09-26 16:16:14 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll 2011-09-26 16:16:04 52096 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll 2011-09-26 16:15:52 30592 ----a-w- c:\windows\system32\LMIport.dll 2011-09-26 16:15:50 87424 ----a-w- c:\windows\system32\LMIinit.dll 2011-09-26 09:41:54 614400 ----a-w- c:\windows\system32\uiautomationcore.dll 2011-09-26 09:41:54 23040 ----a-w- c:\windows\system32\oleaccrc.dll 2011-09-26 09:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll . ============= FINISH: 22:34:49,54 ===============