casanova07 utworzono 28 maja 2008 utworzono 28 maja 2008 (edytowane) Mam problem z zalogowaniem sie gdziekolwiek :/ Do tego mam pytanie, czy w tym programie a jak tak to, w którym da sie sprawdzić, czy ktoś nie planuje zrobić formatu lub itp. LOG: Logfile of Trend Micro HijackThis v2.0.2Scan saved at 15:58:54, on 2008-05-28Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16640)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\WINDOWS\System32\nvsvc32.exeC:\Program Files\Intel\Wireless\Bin\RegSrvc.exeC:\Program Files\CyberLink\Shared Files\RichVideo.exeC:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\WINDOWS\RTHDCPL.EXEC:\Program Files\Motorola\SMSERIAL\sm56hlpr.exeC:\Program Files\Wireless Select Switch\WLSS.exeC:\Program Files\Intel\Wireless\bin\ZCfgSvc.exeC:\Program Files\Intel\Wireless\Bin\ifrmewrk.exeC:\Program Files\Compal\Wow Video&Audio\WVAMain.exeC:\Program Files\Compal\Smart Battery\SMBTray.exeC:\Program Files\CyberLink\PowerDVD\PDVDServ.exeC:\Program Files\Winamp\winampa.exeC:\Program Files\Java\jre1.6.0_05\bin\jusched.exeC:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exeC:\WINDOWS\system32\hphmon04.exeC:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exeC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\Program Files\Protector Suite QL\psqltray.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Winamp Remote\bin\OrbTray.exeC:\Program Files\DAEMON Tools Lite\daemon.exeC:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exeC:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exeC:\Program Files\OpenOffice.org 2.4\program\soffice.exeC:\Program Files\OpenOffice.org 2.4\program\soffice.BINC:\Program Files\Winamp\winamp.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpageR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ŁączaR3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dllO2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dllO2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLLO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO2 - BHO: Alcohol Toolbar Helper - {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dllO3 - Toolbar: Alcohol Toolbar - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dllO3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dllO3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInitO4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXEO4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXEO4 - HKLM\..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exeO4 - HKLM\..\Run: [WLSS] C:\Program Files\Wireless Select Switch\WLSS.exeO4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startupO4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/WirelessO4 - HKLM\..\Run: [Wow Video&Audio] C:\Program Files\Compal\Wow Video&Audio\WVAMain.exeO4 - HKLM\..\Run: [sMBTray] C:\Program Files\Compal\Smart Battery\SMBTray.exeO4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exeO4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exeO4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exeO4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /backgroundO4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorunO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')O4 - S-1-5-18 Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe (User 'SYSTEM')O4 - .DEFAULT Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe (User 'Default user')O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exeO4 - Global Startup: BTTray.lnk = ?O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.htmlO8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000O8 - Extra context menu item: Wyślij do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htmO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLLO9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htmO9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htmO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1211041326765O16 - DPF: {9522589E-57B9-46C5-9A77-1F1C1CCBE550} (F-Secure Online Scanner 2.1 (CD version)) - file://C:\Documents and Settings\Artur\Ustawienia lokalne\Temp\OnlineScanner\is2007ols\fscax.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{E30B7F03-9638-40B5-8065-DB01EBD911CD}: NameServer = 10.1.1.1O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLLO23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeO23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exeO23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exeO23 - Service: FIM Speedway GP3 Drivers Auto Removal (pr2aq6eb) (pr2aq6eb) - Techland Sp.z o.o. - C:\WINDOWS\system32\pr2aq6eb.exeO23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exeO23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exeO23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exeO23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe--End of file - 10486 bytes // napisałam chyba wyraźnie, że logi należy wstawiać zawsze w tagi code lub codebox! // na przyszłość temat poleci do kosza // naekana
Mateusz J. komentarz 28 maja 2008 komentarz 28 maja 2008 O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file) Fix O17 - HKLM\System\CCS\Services\Tcpip\..\{E30B7F03-9638-40B5-8065-DB01EBD911CD}: NameServer = 10.1.1.1 Znasz te ip:10.1.1.1 jeśli nie to Fix Ogólnie jest ok. A wiesz może co to za driver?: O23 - Service: FIM Speedway GP3 Drivers Auto Removal (pr2aq6eb) (pr2aq6eb) - Techland Sp.z o.o. - [b]C:\WINDOWS\system32\pr2aq6eb.exe[/b] Jeśli nie to przeskanuj pogrubiony plik na www.virustotal.com
casanova07 komentarz 28 maja 2008 Autor komentarz 28 maja 2008 możliwe, że to jest obraz płyty, ale i tak nie chodzi gra (za dobre zabezpieczenia) więc można usunąć. jesli chodzi o ip, to kiedys taki miałem wpisywany do tcp, ale teraz mam automatyczne używanie adresu ip. Apropo usunięcie, mam normalnie wykasowac w notatników to co napisałaś, i przeciagnąć plik na ikone tego programu jak w innych tematach?
Mateusz J. komentarz 28 maja 2008 komentarz 28 maja 2008 Apropo usunięcie, mam normalnie wykasowac w notatników to co napisałaś, i przeciagnąć plik na ikone tego programu jak w innych tematach? Nie Uruchom HijackThis=>klikasz: Do a system scan=>zaznacz wpisy(kwadraciki "ptaszkujesz" obok nich), które podałem=>klikasz Fix checked.
casanova07 komentarz 28 maja 2008 Autor komentarz 28 maja 2008 obecny log: Logfile of Trend Micro HijackThis v2.0.2Scan saved at 17:04:39, on 2008-05-28Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16640)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\WINDOWS\System32\nvsvc32.exeC:\Program Files\Intel\Wireless\Bin\RegSrvc.exeC:\Program Files\CyberLink\Shared Files\RichVideo.exeC:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\WINDOWS\RTHDCPL.EXEC:\Program Files\Motorola\SMSERIAL\sm56hlpr.exeC:\Program Files\Wireless Select Switch\WLSS.exeC:\Program Files\Intel\Wireless\bin\ZCfgSvc.exeC:\Program Files\Intel\Wireless\Bin\ifrmewrk.exeC:\Program Files\Compal\Wow Video&Audio\WVAMain.exeC:\Program Files\Compal\Smart Battery\SMBTray.exeC:\Program Files\CyberLink\PowerDVD\PDVDServ.exeC:\Program Files\Winamp\winampa.exeC:\Program Files\Java\jre1.6.0_05\bin\jusched.exeC:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exeC:\WINDOWS\system32\hphmon04.exeC:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exeC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\Program Files\Protector Suite QL\psqltray.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Winamp Remote\bin\OrbTray.exeC:\Program Files\DAEMON Tools Lite\daemon.exeC:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exeC:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exeC:\Program Files\OpenOffice.org 2.4\program\soffice.exeC:\Program Files\OpenOffice.org 2.4\program\soffice.BINC:\Program Files\Winamp\winamp.exeC:\WINDOWS\system32\wuauclt.exeC:\WINDOWS\System32\msiexec.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpageR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ŁączaR3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dllO2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dllO2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLLO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO2 - BHO: Alcohol Toolbar Helper - {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dllO3 - Toolbar: Alcohol Toolbar - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dllO3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dllO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInitO4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXEO4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXEO4 - HKLM\..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exeO4 - HKLM\..\Run: [WLSS] C:\Program Files\Wireless Select Switch\WLSS.exeO4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startupO4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/WirelessO4 - HKLM\..\Run: [Wow Video&Audio] C:\Program Files\Compal\Wow Video&Audio\WVAMain.exeO4 - HKLM\..\Run: [sMBTray] C:\Program Files\Compal\Smart Battery\SMBTray.exeO4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exeO4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exeO4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exeO4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /backgroundO4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorunO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')O4 - S-1-5-18 Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe (User 'SYSTEM')O4 - .DEFAULT Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe (User 'Default user')O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exeO4 - Global Startup: BTTray.lnk = ?O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.htmlO8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000O8 - Extra context menu item: Wyślij do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htmO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLLO9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htmO9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htmO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1211041326765O16 - DPF: {9522589E-57B9-46C5-9A77-1F1C1CCBE550} (F-Secure Online Scanner 2.1 (CD version)) - file://C:\Documents and Settings\Artur\Ustawienia lokalne\Temp\OnlineScanner\is2007ols\fscax.cabO18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLLO23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeO23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exeO23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exeO23 - Service: FIM Speedway GP3 Drivers Auto Removal (pr2aq6eb) (pr2aq6eb) - Techland Sp.z o.o. - C:\WINDOWS\system32\pr2aq6eb.exeO23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exeO23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exeO23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exeO23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe--End of file - 10292 bytes
Mateusz J. komentarz 28 maja 2008 komentarz 28 maja 2008 Wpisy sfixowane Jeśli chcesz sprawdzić "dogłębniej" to poproszę o loga z ComboFix. Ale nie wydaje mi się żebyśmy coś znaleźli. A wiesz może co to za driver?:O23 - Service: FIM Speedway GP3 Drivers Auto Removal (pr2aq6eb) (pr2aq6eb) - Techland Sp.z o.o. - C:\WINDOWS\system32\pr2aq6eb.exe Jeśli nie to przeskanuj pogrubiony plik na www.virustotal.com
casanova07 komentarz 28 maja 2008 Autor komentarz 28 maja 2008 Combofix ComboFix 08-05-27.4 - Artur 2008-05-28 17:30:13.1 - NTFSx86Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.2628 [GMT 2:00]Running from: C:\Documents and Settings\Artur\Pulpit\ComboFix.exe * Created a new restore point[b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b].((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).C:\Documents and Settings\Artur\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows Media\10.0\WMSDKNSD.XMLE:\Autorun.inf.((((((((((((((((((((((((( Files Created from 2008-04-28 to 2008-05-28 ))))))))))))))))))))))))))))))).2008-05-28 15:58 . 2008-05-28 15:58 <DIR> d-------- C:\Program Files\Trend Micro2008-05-26 23:08 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll2008-05-26 23:07 . 2008-05-26 23:07 <DIR> d-------- C:\Program Files\MSBuild2008-05-26 23:07 . 2008-05-26 23:07 <DIR> d-------- C:\Program Files\Microsoft Works2008-05-26 22:58 . 2008-05-28 17:02 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help2008-05-26 22:57 . 2008-05-26 22:57 <DIR> dr-h----- C:\MSOCache2008-05-26 20:54 . 2008-05-28 17:34 <DIR> d-------- C:\Documents and Settings\Artur\Dane aplikacji\OpenOffice.org22008-05-26 16:31 . 2008-05-26 16:37 <DIR> d-------- C:\Program Files\DAEMON Tools Lite2008-05-26 16:26 . 2008-05-26 16:26 <DIR> d-------- C:\Documents and Settings\Artur\Dane aplikacji\DAEMON Tools2008-05-26 08:39 . 2008-05-26 08:39 82,380 --a------ C:\WINDOWS\system32\drivers\AFS2K.SYS2008-05-26 08:38 . 2008-05-26 08:39 <DIR> d-------- C:\Program Files\Hewlett-Packard2008-05-26 08:38 . 2008-05-26 08:38 <DIR> d-------- C:\Documents and Settings\Artur\Dane aplikacji\Folder przesyania Share-to-Web2008-05-26 08:36 . 2008-05-26 08:36 34 --a------ C:\WINDOWS\hpfsched.ini2008-05-26 08:28 . 2008-05-26 08:29 <DIR> d-------- C:\Program Files\HP Photosmart 112008-05-26 08:24 . 2008-04-14 00:09 206,976 --a------ C:\WINDOWS\system32\drivers\Dot4.sys2008-05-26 08:24 . 2008-04-14 00:09 206,976 --a--c--- C:\WINDOWS\system32\dllcache\dot4.sys2008-05-26 08:24 . 2001-10-26 16:46 23,936 --a------ C:\WINDOWS\system32\drivers\Dot4usb.sys2008-05-26 08:24 . 2001-10-26 16:46 23,936 --a--c--- C:\WINDOWS\system32\dllcache\dot4usb.sys2008-05-26 08:24 . 2001-08-17 21:47 12,928 --a------ C:\WINDOWS\system32\drivers\Dot4Prt.sys2008-05-26 08:24 . 2001-08-17 21:47 12,928 --a--c--- C:\WINDOWS\system32\dllcache\dot4prt.sys2008-05-21 11:09 . 2008-05-21 11:09 <DIR> d-------- C:\Program Files\EA SPORTS2008-05-21 08:33 . 2008-05-21 08:33 <DIR> d-------- C:\WINDOWS\system32\LogFiles2008-05-20 12:25 . 2008-05-20 12:25 <DIR> d-------- C:\Documents and Settings\Artur\Dane aplikacji\Symantec2008-05-20 12:21 . 2008-05-27 20:30 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Symantec2008-05-20 12:12 . 2008-05-27 20:30 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared2008-05-20 12:00 . 2008-03-01 15:02 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll2008-05-20 12:00 . 2007-04-17 11:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat2008-05-20 12:00 . 2007-03-08 07:11 1,036,288 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui2008-05-20 12:00 . 2008-03-01 15:02 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll2008-05-20 12:00 . 2008-03-01 15:02 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll2008-05-20 12:00 . 2008-03-01 15:02 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll2008-05-20 12:00 . 2008-03-01 15:02 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll2008-05-20 12:00 . 2008-03-01 15:02 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll2008-05-20 12:00 . 2008-02-22 12:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe2008-05-20 11:47 . 2008-05-26 23:29 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\CyberLink2008-05-19 20:17 . 2008-05-19 20:17 1 --a------ C:\WINDOWS\system32\SI.bin2008-05-18 18:05 . 2008-05-18 18:05 <DIR> d-------- C:\Program Files\Sidebar2008-05-18 17:01 . 2008-05-18 17:01 <DIR> d-------- C:\Documents and Settings\LocalService\Menu Start2008-05-18 17:01 . 2008-04-14 22:51 221,184 --a------ C:\WINDOWS\system32\wmpns.dll2008-05-18 15:50 . 2008-05-18 15:50 <DIR> d-------- C:\WINDOWS\ServicePackFiles2008-05-18 15:50 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll2008-05-18 15:48 . 2008-05-18 15:51 <DIR> d-------- C:\WINDOWS\EHome2008-05-18 12:48 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll2008-05-18 12:48 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui2008-05-18 11:37 . 2008-05-25 01:01 <DIR> d-------- C:\Program Files\uTorrent2008-05-18 11:37 . 2008-05-27 19:12 <DIR> d-------- C:\Documents and Settings\Artur\Dane aplikacji\uTorrent2008-05-18 10:17 . 2008-05-18 10:17 <DIR> d-------- C:\Program Files\Opera2008-05-18 10:16 . 2008-05-18 10:16 <DIR> d-------- C:\Program Files\CDex_1502008-05-18 10:16 . 2008-05-18 10:16 <DIR> d-------- C:\Program Files\Audacity2008-05-18 09:59 . 2008-05-18 09:59 866 --a------ C:\WINDOWS\ST5UNST.0002008-05-18 09:55 . 2000-06-08 17:00 99,866 --a------ C:\WINDOWS\system32\VB5DE.dll2008-05-18 09:55 . 1997-02-26 00:00 72,704 --a------ C:\WINDOWS\ST5UNST.EXE2008-05-18 09:55 . 1997-01-16 00:00 29,696 --a------ C:\WINDOWS\system32\VB5StKit.dll2008-05-18 09:28 . 2008-05-18 09:29 <DIR> d-------- C:\Program Files\ICeQ2008-05-18 09:15 . 2008-05-18 09:15 <DIR> d-------- C:\Program Files\OpenOffice.org 2.42008-05-18 00:04 . 2008-05-18 00:04 <DIR> d-------- C:\Documents and Settings\Artur\Dane aplikacji\Gadu-Gadu2008-05-17 23:48 . 2008-05-17 23:48 <DIR> d-------- C:\Program Files\Gadu-Gadu2008-05-17 23:48 . 2008-05-25 00:38 <DIR> d-------- C:\Documents and Settings\Artur\Gadu-Gadu2008-05-17 23:44 . 2008-05-17 23:44 <DIR> d-------- C:\WINDOWS\Sun2008-05-17 23:42 . 2008-05-18 09:15 <DIR> d-------- C:\Program Files\Java2008-05-17 23:42 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl2008-05-17 23:34 . 2008-05-17 23:34 <DIR> d-------- C:\Program Files\Common Files\Java2008-05-17 23:30 . 2008-05-17 23:30 <DIR> d-------- C:\Program Files\Winamp Toolbar2008-05-17 23:30 . 2008-05-17 23:30 <DIR> d-------- C:\Program Files\Winamp Remote2008-05-17 23:30 . 2008-05-17 23:30 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar2008-05-17 23:30 . 2008-05-17 23:35 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\OrbNetworks2008-05-17 23:19 . 2008-05-17 23:31 <DIR> d-------- C:\Program Files\Winamp2008-05-17 23:19 . 2008-05-17 23:31 <DIR> d-------- C:\Documents and Settings\Artur\Dane aplikacji\Winamp2008-05-17 20:08 . 2008-04-14 21:35 58,880 --a------ C:\WINDOWS\system32\drivers\redbook.sys2008-05-17 20:08 . 2008-04-14 00:06 14,208 --a------ C:\WINDOWS\system32\drivers\battc.sys2008-05-17 20:08 . 2008-04-14 00:06 13,952 --a------ C:\WINDOWS\system32\drivers\cmbatt.sys2008-05-17 20:08 . 2008-04-14 00:06 10,240 --a------ C:\WINDOWS\system32\drivers\compbatt.sys2008-05-17 20:08 . 2008-04-14 00:06 8,832 --a------ C:\WINDOWS\system32\drivers\wmiacpi.sys2008-05-17 20:08 . 2001-08-17 22:46 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys2008-05-17 20:08 . 2001-08-17 22:59 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys2008-05-17 20:07 . 2008-05-17 20:07 <DIR> dr-h----- C:\Documents and Settings\Default User\Ustawienia lokalne2008-05-17 20:07 . 2008-05-17 20:07 <DIR> d-------- C:\Documents and Settings\Default User\Ulubione2008-05-17 20:07 . 2008-05-17 13:07 <DIR> d--h----- C:\Documents and Settings\Default User\Szablony2008-05-17 20:07 . 2008-05-17 20:07 <DIR> d-------- C:\Documents and Settings\Default User\Pulpit2008-05-17 20:07 . 2008-05-17 20:07 <DIR> d-------- C:\Documents and Settings\Default User\Moje dokumenty2008-05-17 20:07 . 2008-05-17 20:07 <DIR> dr------- C:\Documents and Settings\Default User\Menu Start2008-05-17 20:07 . 2008-05-17 20:07 <DIR> dr-h----- C:\Documents and Settings\Default User\Dane aplikacji2008-05-17 20:07 . 2008-05-17 20:07 <DIR> d-------- C:\Documents and Settings\All Users\Ulubione2008-05-17 20:07 . 2008-05-18 09:15 <DIR> d--h----- C:\Documents and Settings\All Users\Szablony2008-05-17 20:07 . 2008-05-27 20:22 <DIR> d-------- C:\Documents and Settings\All Users\Pulpit2008-05-17 20:07 . 2008-05-26 23:05 <DIR> dr------- C:\Documents and Settings\All Users\Menu Start2008-05-17 20:07 . 2008-05-18 17:00 <DIR> dr------- C:\Documents and Settings\All Users\Dokumenty2008-05-17 20:07 . 2008-05-26 22:58 <DIR> dr-h----- C:\Documents and Settings\All Users\Dane aplikacji2008-05-17 20:06 . 2008-05-17 13:10 <DIR> d--h----- C:\Documents and Settings\Default User2008-05-17 20:06 . 2008-05-17 13:10 <DIR> d-------- C:\Documents and Settings\All Users2008-05-17 20:06 . 2008-05-17 13:14 <DIR> d-------- C:\Documents and Settings2008-05-17 19:06 . 2008-04-14 22:50 1,092,608 --a------ C:\WINDOWS\system32\esent.dll2008-05-17 18:15 . 2008-05-18 15:51 <DIR> d-------- C:\WINDOWS\system32\bits2008-05-17 18:15 . 2008-05-28 17:01 <DIR> d--h----- C:\WINDOWS\$hf_mig$2008-05-17 18:14 . 2008-05-17 18:14 <DIR> d---s---- C:\Documents and Settings\Artur\UserData2008-05-17 18:10 . 2008-05-26 15:51 <DIR> d-------- C:\Program Files\Techland2008-05-17 18:08 . 2008-05-17 18:08 13,646 --a------ C:\WINDOWS\system32\wpa.bak2008-05-17 17:33 . 2008-05-17 17:33 1,160 --a------ C:\WINDOWS\mozver.dat2008-05-17 17:28 . 2008-05-17 17:28 <DIR> d-------- C:\Documents and Settings\Artur\Dane aplikacji\Talkback2008-05-17 17:28 . 2008-05-17 17:28 0 --a------ C:\WINDOWS\nsreg.dat2008-05-17 17:20 . 2008-04-14 22:50 40,960 --a------ C:\WINDOWS\system32\mf3216.dll2008-05-17 17:12 . 2008-05-26 23:29 <DIR> d-------- C:\Documents and Settings\Artur\Dane aplikacji\CyberLink2008-05-17 17:10 . 2001-03-08 18:30 24,064 --------- C:\WINDOWS\system32\msxml3a.dll2008-05-17 17:09 . 2003-03-18 20:14 499,712 --------- C:\WINDOWS\system32\msvcp71.dll2008-05-17 17:09 . 2003-02-21 04:42 348,160 --------- C:\WINDOWS\system32\msvcr71.dll2008-05-17 17:08 . 2008-05-17 17:12 <DIR> d-------- C:\Program Files\CyberLink2008-05-17 17:01 . 2008-05-17 17:01 <DIR> d-------- C:\Documents and Settings\Artur\Dane aplikacji\Microsoft Web Folders2008-05-17 16:55 . 2008-05-17 17:03 427 --a------ C:\WINDOWS\ODBC.INI2008-05-17 16:54 . 2008-05-26 23:12 <DIR> d-------- C:\WINDOWS\ShellNew2008-05-17 15:32 . 2008-05-17 15:32 <DIR> d-------- C:\Program Files\Alcohol Toolbar2008-05-17 15:32 . 2008-05-17 15:32 <DIR> d-------- C:\Program Files\Alcohol Soft2008-05-17 15:32 . 2008-05-17 15:32 229,057 --a------ C:\WINDOWS\Alcohol_Toolbar_Uninstaller_2250.exe2008-05-17 15:30 . 2008-05-26 16:26 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys2008-05-17 15:16 . 2008-04-14 22:50 354,304 --a------ C:\WINDOWS\system32\winhttp.dll2008-05-17 15:16 . 2008-04-14 22:50 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll2008-05-17 15:16 . 2008-04-14 22:50 8,192 --------- C:\WINDOWS\system32\bitsprx2.dll2008-05-17 15:16 . 2008-04-14 22:50 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll2008-05-17 15:07 . 2007-05-03 17:45 790,528 --a------ C:\WINDOWS\system32\SMB.cpl2008-05-17 15:03 . 2008-05-17 15:03 <DIR> d-------- C:\Program Files\Compal2008-05-17 15:03 . 2007-05-03 17:47 1,986,560 --a------ C:\WINDOWS\system32\WVAProp.cpl2008-05-17 15:01 . 2008-05-17 15:01 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Dane aplikacji\Intel2008-05-17 15:01 . 2008-05-17 15:01 <DIR> d-------- C:\Documents and Settings\NetworkService\Dane aplikacji\Intel2008-05-17 15:01 . 2008-05-17 15:01 <DIR> d-------- C:\Documents and Settings\LocalService\Dane aplikacji\Intel2008-05-17 15:01 . 2008-05-17 15:01 <DIR> d-------- C:\Documents and Settings\Artur\Dane aplikacji\Intel2008-05-17 15:01 . 2008-05-17 15:01 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Intel.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-05-26 06:38 --------- d-----w C:\Documents and Settings\Artur\Dane aplikacji\Folder przesyłania Share-to-Web2008-05-17 15:07 --------- d-----w C:\Program Files\Common Files\InstallShield2008-05-17 15:01 --------- d-----w C:\Program Files\microsoft frontpage2008-05-17 11:08 --------- d-----w C:\Program Files\Usługi online2008-04-14 20:52 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys2008-04-14 20:52 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys2008-04-14 20:52 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys2008-04-14 20:52 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys2008-04-14 20:51 70,144 ----a-w C:\WINDOWS\notepad.exe2008-04-14 20:51 32,866 ------w C:\WINDOWS\slrundll.exe2008-04-14 20:51 285,696 ----a-w C:\WINDOWS\winhlp32.exe2008-04-14 20:51 149,504 ----a-w C:\WINDOWS\regedit.exe2008-04-14 20:51 10,752 ----a-w C:\WINDOWS\hh.exe2008-04-14 20:51 1,035,264 ----a-w C:\WINDOWS\explorer.exe2008-04-14 20:49 451,072 ----a-w C:\WINDOWS\AppPatch\aclayers.dll2008-04-14 20:49 39,424 ------w C:\WINDOWS\AppPatch\acadproc.dll2008-04-14 20:49 245,248 ----a-w C:\WINDOWS\AppPatch\acspecfc.dll2008-04-14 20:49 141,312 ----a-w C:\WINDOWS\AppPatch\aclua.dll2008-04-14 20:49 116,224 ----a-w C:\WINDOWS\AppPatch\acxtrnal.dll2008-04-14 20:49 1,852,928 ----a-w C:\WINDOWS\AppPatch\acgenral.dll2008-04-14 20:04 73,472 ----a-w C:\WINDOWS\system32\drivers\sr.sys2008-04-14 20:03 80,256 ----a-w C:\WINDOWS\system32\drivers\parport.sys2008-04-14 20:03 68,608 ----a-w C:\WINDOWS\system32\drivers\pci.sys2008-04-14 20:03 46,848 ----a-w C:\WINDOWS\system32\drivers\p3.sys2008-04-14 20:03 120,320 ----a-w C:\WINDOWS\system32\drivers\pcmcia.sys2008-04-14 19:52 800,000 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys2008-04-14 19:52 153,856 ----a-w C:\WINDOWS\system32\drivers\dmio.sys2008-04-14 19:50 24,960 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys2008-04-14 19:48 37,632 ----a-w C:\WINDOWS\system32\drivers\isapnp.sys2008-04-14 19:47 40,832 ----a-w C:\WINDOWS\system32\drivers\crusoe.sys2008-04-14 19:46 40,448 ------w C:\WINDOWS\system32\drivers\intelppm.sys2008-04-14 19:41 65,280 ----a-w C:\WINDOWS\system32\drivers\serial.sys2008-04-14 19:41 53,248 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys2008-04-14 19:39 25,728 ------w C:\WINDOWS\system32\drivers\hidbth.sys2008-04-14 19:35 273,920 ------w C:\WINDOWS\system32\drivers\bthport.sys2008-04-14 19:33 44,672 ----a-w C:\WINDOWS\system32\drivers\fips.sys2008-04-14 19:31 52,864 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys2008-04-14 19:30 701,440 ------w C:\WINDOWS\system32\drivers\ati2mtag.sys2008-04-14 19:30 39,936 ----a-w C:\WINDOWS\system32\drivers\processr.sys2008-04-14 19:30 327,040 ------w C:\WINDOWS\system32\drivers\ati2mtaa.sys2008-04-14 19:28 41,856 ----a-w C:\WINDOWS\system32\drivers\amdk7.sys2008-04-14 19:28 41,472 ----a-w C:\WINDOWS\system32\drivers\amdk6.sys2008-04-14 19:25 23,296 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys2008-04-14 19:24 30,208 ----a-w C:\WINDOWS\system32\drivers\modem.sys2008-04-14 19:24 188,544 ----a-w C:\WINDOWS\system32\drivers\acpi.sys2008-04-13 22:58 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys2008-04-13 22:51 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys2008-04-13 22:50 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys2008-04-13 22:50 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys2008-04-13 22:50 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys2008-04-13 22:49 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys2008-04-13 22:49 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys2008-04-13 22:49 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys2008-04-13 22:49 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys2008-04-13 22:49 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys2008-04-13 22:47 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys2008-04-13 22:47 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys2008-04-13 22:46 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys2008-04-13 22:46 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys2008-04-13 22:45 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys2008-04-13 22:45 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys2008-04-13 22:44 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys2008-04-13 22:44 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys2008-04-13 22:30 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys2008-04-13 22:30 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys2008-04-13 22:27 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys2008-04-13 22:27 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys2008-04-13 22:27 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys2008-04-13 22:27 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys2008-04-13 22:27 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys2008-04-13 22:27 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys2008-04-13 22:27 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys2008-04-13 22:26 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys2008-04-13 22:26 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys2008-04-13 22:26 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys2008-04-13 22:26 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys2008-04-13 22:26 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys2008-04-13 22:26 30,592 ------w C:\WINDOWS\system32\drivers\rndismpx.sys2008-04-13 22:26 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys2008-04-13 22:26 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys2008-04-13 22:26 12,800 ------w C:\WINDOWS\system32\drivers\usb8023x.sys2008-04-13 22:26 12,288 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys2008-04-13 22:25 202,624 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys2008-04-13 22:24 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys2008-04-13 22:23 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys2008-04-13 22:23 40,320 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys2008-04-13 22:23 36,608 ------w C:\WINDOWS\system32\drivers\ip6fw.sys2008-04-13 22:23 264,832 ------w C:\WINDOWS\system32\drivers\http.sys2008-04-13 22:21 61,824 ----a-w C:\WINDOWS\system32\drivers\nic1394.sys2008-04-13 22:21 60,800 ----a-w C:\WINDOWS\system32\drivers\arp1394.sys2008-04-13 22:21 59,904 ----a-w C:\WINDOWS\system32\drivers\atmarpc.sys2008-04-13 22:21 55,808 ----a-w C:\WINDOWS\system32\drivers\atmlane.sys2008-04-13 22:21 101,120 ------w C:\WINDOWS\system32\drivers\bthpan.sys2008-04-13 22:15 60,160 ----a-w C:\WINDOWS\system32\drivers\drmk.sys2008-04-13 22:14 81,664 ----a-w C:\WINDOWS\system32\drivers\videoprt.sys2008-04-13 22:14 20,992 ----a-w C:\WINDOWS\system32\drivers\vga.sys2008-04-13 22:13 14,208 ------w C:\WINDOWS\system32\drivers\wacompen.sys2008-04-13 22:13 12,672 ------w C:\WINDOWS\system32\drivers\mutohpen.sys2008-04-13 22:11 42,112 ----a-w C:\WINDOWS\system32\drivers\imapi.sys2008-04-13 22:09 92,544 ----a-w C:\WINDOWS\system32\drivers\mqac.sys.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]2008-03-20 00:36 1267040 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2008-03-20 00:36 1267040][HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}][HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1][HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}][HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand][HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2008-03-20 00:36 1267040][HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}][HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1][HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}][HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand][HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]@={F2F31467-B1AC-4df0-AE79-FD5FA085E22B}[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]@={A3E208F7-0E3A-4182-A7A6-B169D5D691AA}[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]2007-03-28 19:59 2953216 --a------ C:\Program Files\Protector Suite QL\farchns.dll[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]2007-03-28 19:59 2953216 --a------ C:\Program Files\Protector Suite QL\farchns.dll[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 22:51 15360]"Power2GoExpress"="" []"Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" [2008-04-01 03:54 507904]"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2007-06-26 14:06 8462336]"nwiz"="nwiz.exe" [2007-06-26 14:06 1626112 C:\WINDOWS\system32\nwiz.exe]"NvMediaCenter"="C:\WINDOWS\System32\NVMCTRAY.DLL" [2007-06-26 14:06 81920]"RTHDCPL"="RTHDCPL.EXE" [2007-05-10 12:08 16342528 C:\WINDOWS\RTHDCPL.exe]"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 11:31 630784]"WLSS"="C:\Program Files\Wireless Select Switch\WLSS.exe" [2007-10-17 11:40 189736]"PSQLLauncher"="C:\Program Files\Protector Suite QL\launcher.exe" [2007-03-28 19:23 49168]"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-06-01 10:51 823296]"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-06-01 10:49 974848]"Wow Video&Audio"="C:\Program Files\Compal\Wow Video&Audio\WVAMain.exe" [2007-05-03 17:51 951856]"SMBTray"="C:\Program Files\Compal\Smart Battery\SMBTray.exe" [2007-06-04 17:22 521776]"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2006-12-06 18:37 69216]"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 22:55 54832]"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 20:49 36352]"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-22 22:49 188416]"HPHmon04"="C:\WINDOWS\system32\hphmon04.exe" [2002-11-22 22:48 348160]"HPHUPD04"="C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe" [2002-11-22 22:50 49152]"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 10:42 69632]"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 22:51 15360]C:\Documents and Settings\Artur\Menu Start\Programy\Autostart\OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 15:41:28 393216]C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-12-11 16:35:34 561213][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]C:\WINDOWS\System32\psqlpwd.dll 2007-03-28 19:46 90112 C:\WINDOWS\system32\psqlpwd.dll[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"msacm.clmp3enc"= C:\PROGRA~1\CYBERL~1\Power2Go\CLMP3Enc.ACM[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]"DisableMonitoring"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]"DisableMonitoring"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\system32\\sessmgr.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=R0 EMSC;COMPAL Embedded System Control;C:\WINDOWS\system32\DRIVERS\EMSC.SYS [2007-03-14 10:16]R0 pe3aq6eb;FIM Speedway GP3 Environment Driver (pe3aq6eb);C:\WINDOWS\system32\drivers\pe3aq6eb.sys [2008-04-03 09:36]R0 ps7aq6eb;FIM Speedway GP3 Synchronization Driver (ps7aq6eb);C:\WINDOWS\system32\drivers\ps7aq6eb.sys [2008-04-03 09:35]R3 TcUsb;TC USB Kernel Driver;C:\WINDOWS\system32\Drivers\tcusb.sys [2007-03-28 19:15]S2 pr2aq6eb;FIM Speedway GP3 Drivers Auto Removal (pr2aq6eb);C:\WINDOWS\system32\pr2aq6eb.exe svc [].**************************************************************************catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-05-28 17:34:33Windows 5.1.2600 Dodatek Service Pack 3 NTFSscanning hidden processes ... scanning hidden autostart entries ...scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************.------------------------ Other Running Processes ------------------------.C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\Intel\Wireless\Bin\RegSrvc.exeC:\Program Files\CyberLink\Shared Files\RichVideo.exeC:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exeC:\WINDOWS\system32\wdfmgr.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\Protector Suite QL\psqltray.exeC:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exeC:\Program Files\OpenOffice.org 2.4\program\soffice.exeC:\Program Files\OpenOffice.org 2.4\program\soffice.binC:\Program Files\Mozilla Firefox\firefox.exeC:\WINDOWS\system32\verclsid.exe.**************************************************************************.Completion time: 2008-05-28 17:36:48 - machine was rebootedComboFix-quarantined-files.txt 2008-05-28 15:36:44Pre-Run: 80,528,076,800 bajtów wolnychPost-Run: 80,667,193,344 bajt˘w wolnych362 --- E O F --- 2008-05-28 15:02:51 przeskanowany plik: Plik pr2aq6eb.exe otrzymany 2008.05.28 17:39:58 (CET)Obecny status: Ładowanie ... w kolejce oczekuje skanowanie zakończono NIE ZNALEZIONO ZATRZYMANEWynik: 0/32 (0%)Ładowanie informacji serwera...Twój plik czeka w kolejce na pozycji: ___.Oczekiwany czas rozpoczęcia zawiera się między ___ i ___ .Nie zamykaj tego okna, dopóki skanowanie nie zostanie ukończone.Skaner nie odpowiada, trwają próby odzyskania wyników skanowania.Jeśli potrwa to dłużej niż 5 minut, wyślik plik ponownie.Twój plik jest obecnie skanowany, wyniki będą pojawiać się stopniowo.Zwięzły ZwięzłyDrukuj wyniki Drukuj wynikiTwój plik wygasł lub nie istnieje.Usługa została wstrzymana. Twój plik będzie czekać na skanowanie (na pozycji: ) przez nieokreślony czas.Możesz czekać na odpowiedź (automatyczne przeładowanie) lub podać swój email poniżej i kliknąć "przypomnij", wtedy system poinformuje Cię o zakończeniu skanowania wysyłając email.Przypomnij: Antywirus Wersja Ostatnia aktualizacja WynikAhnLab-V3 2008.5.29.0 2008.05.28 -AntiVir 7.8.0.19 2008.05.28 -Authentium 5.1.0.4 2008.05.28 -Avast 4.8.1195.0 2008.05.28 -AVG 7.5.0.516 2008.05.28 -BitDefender 7.2 2008.05.28 -CAT-QuickHeal 9.50 2008.05.28 -ClamAV 0.92.1 2008.05.28 -DrWeb 4.44.0.09170 2008.05.28 -eSafe 7.0.15.0 2008.05.27 -eTrust-Vet 31.4.5829 2008.05.28 -Ewido 4.0 2008.05.28 -F-Prot 4.4.4.56 2008.05.27 -F-Secure 6.70.13260.0 2008.05.28 -Fortinet 3.14.0.0 2008.05.28 -GData 2.0.7306.1023 2008.05.28 -Ikarus T3.1.1.26.0 2008.05.28 -Kaspersky 7.0.0.125 2008.05.28 -McAfee 5304 2008.05.27 -Microsoft 1.3520 2008.05.28 -NOD32v2 3140 2008.05.28 -Norman 5.80.02 2008.05.28 -Panda 9.0.0.4 2008.05.28 -Prevx1 V2 2008.05.28 -Rising 20.46.22.00 2008.05.28 -Sophos 4.29.0 2008.05.28 -Sunbelt 3.0.1123.1 2008.05.17 -Symantec 10 2008.05.28 -TheHacker 6.2.92.321 2008.05.27 -VBA32 3.12.6.6 2008.05.28 -VirusBuster 4.3.26:9 2008.05.28 -Webwasher-Gateway 6.6.2 2008.05.28 -Dodatkowe informacjeFile size: 415104 bytesMD5...: b2e78552f732aa05337775f9a2cd3180SHA1..: d901a00d2b461c547256024227959b8a4d5b1837SHA256: ace28cbd3ed905a5dccc87220904854a3f7b7cf777a4faae7a6087a30991d3b2SHA512: 82f171862f03e5baf920cd534216675de87d2cf9f151621950d806eaf81bc4c8fb395e743bfb2eccf8790fd1acdeab625338b0c51c38acebe4ce57b7c71f0c37PEiD..: -PEInfo: PE Structure information( base data )entrypointaddress.: 0x41af42timedatestamp.....: 0x47f48923 (Thu Apr 03 07:37:07 2008)machinetype.......: 0x14c (I386)( 4 sections )name viradd virsiz rawdsiz ntrpy md5.text 0x1000 0x3ea14 0x3f000 6.61 1f9d6794b4a937851aa75f5b17c9c66f.rdata 0x40000 0x1c4a0 0x1d000 4.85 333ca2d8f4ef2716366bf9e980426b79.data 0x5d000 0x7654 0x6000 4.58 a13413cd8f63113e27fe436af1735145.rsrc 0x65000 0x6e0 0x1000 2.18 02e2f6123d1fc3682557882733dfef57( 4 imports )> USER32.dll: MessageBoxA, MessageBoxW> KERNEL32.dll: FormatMessageA, CloseHandle, FreeLibrary, SystemTimeToFileTime, GetSystemTime, GetCurrentProcess, LoadLibraryW, LocalFree, SetLastError, GetFullPathNameW, QueryDosDeviceW, GetVersionExA, GetVersionExW, LoadLibraryA, CreateFileA, CreateFileW, GetModuleFileNameA, CreateFileMappingA, CreateFileMappingW, CreateMutexA, CreateMutexW, GetSystemDirectoryA, GetSystemDirectoryW, GetWindowsDirectoryA, GetWindowsDirectoryW, GetDriveTypeW, FindFirstFileA, FindFirstFileW, GetEnvironmentVariableW, GetModuleHandleW, WriteConsoleA, CreateProcessA, CreateProcessW, GetFileAttributesA, GetFileAttributesW, SetFileAttributesA, SetFileAttributesW, DeleteFileA, DeleteFileW, WideCharToMultiByte, LocalAlloc, FormatMessageW, AreFileApisANSI, GetOEMCP, GetACP, FindClose, GetFileSize, ReadFile, WriteFile, SetFileTime, MapViewOfFile, UnmapViewOfFile, DeviceIoControl, SleepEx, WaitForMultipleObjectsEx, ReleaseMutex, GetExitCodeProcess, WaitForSingleObject, HeapFree, HeapAlloc, RtlUnwind, HeapReAlloc, RaiseException, GetProcessHeap, GetStartupInfoA, HeapDestroy, HeapCreate, ExitProcess, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, GetCurrentThreadId, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, SetHandleCount, GetFileType, QueryPerformanceCounter, GetCurrentProcessId, GetSystemTimeAsFileTime, LCMapStringA, GetConsoleCP, GetConsoleMode, FlushFileBuffers, Sleep, HeapSize, GetStringTypeA, GetStringTypeW, GetLocaleInfoA, GetConsoleOutputCP, SetFilePointer, SetStdHandle, SetEndOfFile, GetCPInfo, GetTickCount, LeaveCriticalSection, EnterCriticalSection, DeleteCriticalSection, InitializeCriticalSection, GetEnvironmentVariableA, GetStdHandle, WriteConsoleW, VirtualFree, VirtualAlloc, InterlockedDecrement, InterlockedIncrement, LCMapStringW, MultiByteToWideChar, GetModuleHandleA, GetProcAddress, GetLastError, GetCommandLineA> ADVAPI32.dll: RegCloseKey, ControlService, DeleteService, CloseServiceHandle, SetSecurityDescriptorDacl, InitializeSecurityDescriptor, RegQueryValueExW, RegQueryValueExA, RegSetValueExW, RegSetValueExA, RegEnumKeyExW, RegDeleteKeyW, RegOpenKeyExW, RegOpenKeyExA, RegCreateKeyExW, RegisterServiceCtrlHandlerW, StartServiceCtrlDispatcherW, StartServiceW, ChangeServiceConfigW, QueryServiceConfigW, CreateServiceW, OpenServiceW, OpenSCManagerW, SetServiceStatus, RegDeleteValueW> VERSION.dll: GetFileVersionInfoSizeW, VerQueryValueA, GetFileVersionInfoW( 0 exports ) Nie zauważyłem nic złego po przeskanowaniu, na wszelki wypadek wkleiłem całość bo nie wiem dokładnie gdzie patrzeć. A logować sie po usunięciu tamtych plików dalej nie moge.
Mateusz J. komentarz 28 maja 2008 komentarz 28 maja 2008 Muszę Cię zmartwić, że to nie wina wirusów, bo ich nie ma. Piszę, że muszę Cię zmartwić, ponieważ szukanie przyczyny będzie trwało dłużej, niż usuwanie wirusów. ComboFix usunął plik: E:\Autorun.inf , który kojarzy mi się z infekcją z pendrive, ale nie widzę tu kluczy mounpoints2, więc to odpada.
casanova07 komentarz 29 maja 2008 Autor komentarz 29 maja 2008 co dziwne, na kolejne forum udało sie zalogować, ale na hattricka, sma czy poczte o2 dalej nic ;/ w konsoli błędów jest m.i. nieznana własność "_width" , "-height", _padding-right", "-webkit-border-bottom-left-radius" ... błąd podczas parsowania wartości dla własności "cursor" oczekiwano koloru ale odnaleziono "1px" oczekiwano deklaracji ale odnaleziono"*" Nie wiem, może to Ci coś powie, ja nie mam pomysłu już na to
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.