x-kom hosting

Pilne Logi

cusek
utworzono
utworzono

Sprawdzcie mi powód bardzo wolny net informacja w Firefox "polaczenie zostało zresetowane"

HiJackThis:

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 13:59:06, on 2008-06-16Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\ATKKBService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exeC:\Program Files\Norton Ghost\Agent\VProSvc.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exeC:\WINDOWS\RTHDCPL.EXEC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\ASUS\GamerOSD\GamerOSD.exeC:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exeC:\Program Files\ESET\ESET NOD32 Antivirus\egui.exeC:\Program Files\Java\jre1.6.0_06\bin\jusched.exeC:\Program Files\Norton Ghost\Agent\VProTray.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exeC:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exeC:\WINDOWS\explorer.exeC:\Program Files\Konnekt\konnekt.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ŁączaO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dllO4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exeO4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe bootO4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXEO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [ASUSGamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exeO4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitserviceO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /autoO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dllO9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dllO9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exeO23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exeO23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exeO23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exeO23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exeO23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe--End of file - 6208 bytes

Silent Runners

"Silent Runners.vbs", revision 58, http://www.silentrunners.org/Operating System: Windows XP SP2Output limited to non-default values, except where indicated by "{++}"Startup items buried in registry:---------------------------------HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}"JMB36X IDE Setup" = "C:\WINDOWS\RaidTool\xInsIDE.exe" [null data]"36X Raid Configurer" = "C:\WINDOWS\system32\xRaidSetup.exe boot" ["JMicron Technology Corp."]"RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."]"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]"ASUSGamerOSD" = "C:\Program Files\ASUS\GamerOSD\GamerOSD.exe" ["ASUSTeK Computer Inc."]"NWEReboot" = "(empty string)" [file not found]"egui" = ""C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice" ["ESET"]"SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"" ["Sun Microsystems, Inc."]"MSConfig" = "C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto" [MS]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)  -> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"				   \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]{22BF413B-C6D2-4d91-82A9-A0F997BA588C}\(Default) = "Skype add-on (mastermind)"  -> {HKLM...CLSID} = "Skype add-on (mastermind)"				   \InProcServer32\(Default) = "C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll" ["Skype Technologies S.A."]{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)  -> {HKLM...CLSID} = "SSVHelper Class"				   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"  -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"				   \InProcServer32\(Default) = "deskpan.dll" [file not found]"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"				   \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"  -> {HKLM...CLSID} = "DesktopContext Class"				   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"  -> {HKLM...CLSID} = "NVIDIA CPL Extension"				   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"  -> {HKLM...CLSID} = "Desktop Explorer"				   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"  -> {HKLM...CLSID} = (no title provided)				   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"  -> {HKLM...CLSID} = "nView Desktop Context Menu"				   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"  -> {HKLM...CLSID} = "WinRAR"				   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"  -> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook"				   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL" [MS]"{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C}" = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search"  -> {HKLM...CLSID} = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search"				   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL" [MS]"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"  -> {HKLM...CLSID} = (no title provided)				   \InProcServer32\(Default) = "C:\Program Files\Microsoft Office2007\Office12\msohevi.dll" [MS]"{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler"  -> {HKLM...CLSID} = "Microsoft Office Metadata Handler"				   \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]"{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler"  -> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler"				   \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]"{B089FE88-FB52-11D3-BDF1-0050DA34150D}" = "Eset Smart Security - Context Menu Shell Extension"  -> {HKLM...CLSID} = "Eset Smart Security - Context Menu Shell Extension"				   \InProcServer32\(Default) = "C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll" ["ESET"]"{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx"  -> {HKLM...CLSID} = "AlcoholShellEx"				   \InProcServer32\(Default) = "C:\PROGRA~1\ALCOHO~1\ALCOHO~1\axshlex.dll" ["Alcohol Soft Development Team"]HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\<<!>> "BootExecute" = "autocheck autochk *"|"lsdelete" [null data]HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\<<!>> text/xml\CLSID = "{807563E5-5146-11D5-A672-00B0D022E945}"  -> {HKLM...CLSID} = "Microsoft Office InfoPath XML Mime Filter"				   \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL" [MS]HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"  -> {HKLM...CLSID} = "PDF Shell Extension"				   \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Eset Smart Security - Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"  -> {HKLM...CLSID} = "Eset Smart Security - Context Menu Shell Extension"				   \InProcServer32\(Default) = "C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll" ["ESET"]WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"  -> {HKLM...CLSID} = "WinRAR"				   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"  -> {HKLM...CLSID} = "WinRAR"				   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Eset Smart Security - Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"  -> {HKLM...CLSID} = "Eset Smart Security - Context Menu Shell Extension"				   \InProcServer32\(Default) = "C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll" ["ESET"]WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"  -> {HKLM...CLSID} = "WinRAR"				   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]Group Policies {GPedit.msc branch and setting}:-----------------------------------------------Note: detected settings may not have any effect.HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\"NoDrives" = (REG_DWORD) dword:0x00000000{unrecognized setting}HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\"NoDrives" = (REG_DWORD) dword:0x00000000{unrecognized setting}HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\"HideLegacyLogonScripts" = (REG_DWORD) dword:0x00000000{unrecognized setting}"HideLogoffScripts" = (REG_DWORD) dword:0x00000000{unrecognized setting}"RunLogonScriptSync" = (REG_DWORD) dword:0x00000001{unrecognized setting}"RunStartupScriptSync" = (REG_DWORD) dword:0x00000000{unrecognized setting}"HideStartupScripts" = (REG_DWORD) dword:0x00000000{unrecognized setting}"disableregistrytools" = (REG_DWORD) dword:0x00000000{User Configuration|Administrative Templates|System|Prevent access to registry editing tools}HKCU\Software\Policies\Microsoft\Windows\System\"DisableCMD" = (REG_DWORD) dword:0x00000000{User Configuration|Administrative Templates|System|Disable the command prompt}HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|Shutdown: Allow system to be shut down without having to log on}"undockwithoutlogon" = (REG_DWORD) dword:0x00000001{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|Devices: Allow undock without having to log on}"DisableRegistryTools" = (REG_DWORD) dword:0x00000000{unrecognized setting}"HideLegacyLogonScripts" = (REG_DWORD) dword:0x00000000{unrecognized setting}"HideLogoffScripts" = (REG_DWORD) dword:0x00000000{unrecognized setting}"RunLogonScriptSync" = (REG_DWORD) dword:0x00000001{unrecognized setting}"RunStartupScriptSync" = (REG_DWORD) dword:0x00000000{unrecognized setting}"HideStartupScripts" = (REG_DWORD) dword:0x00000000{unrecognized setting}Active Desktop and Wallpaper:-----------------------------Active Desktop may be disabled at this entry:HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellStateDisplayed if Active Desktop enabled and wallpaper not set by Group Policy:HKCU\Software\Microsoft\Internet Explorer\Desktop\General\"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"Displayed if Active Desktop disabled and wallpaper not set by Group Policy:HKCU\Control Panel\Desktop\"Wallpaper" = "C:\Documents and Settings\Rybka\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"Windows Portable Device AutoPlay Handlers-----------------------------------------HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\AlcoholAutoPlayV2.BurnDisc\"Provider" = "Alcohol 120%""InvokeProgID" = "AlcoholAutoPlayV2""InvokeVerb" = "BurnDisc"HKLM\SOFTWARE\Classes\AlcoholAutoPlayV2\shell\BurnDisc\command\(Default) = ""C:\Program Files\Alcohol Soft\Alcohol 120\Alcohol.exe" %1" ["Alcohol Soft Development Team"]AlcoholAutoPlayV2.ReadDisc\"Provider" = "Alcohol 120%""InvokeProgID" = "AlcoholAutoPlayV2""InvokeVerb" = "ReadDisc"HKLM\SOFTWARE\Classes\AlcoholAutoPlayV2\shell\ReadDisc\command\(Default) = ""C:\Program Files\Alcohol Soft\Alcohol 120\Alcohol.exe" %1" ["Alcohol Soft Development Team"]BridgeCS3ImportMediaOnArrival\"Provider" = "Adobe Bridge CS3""InvokeProgID" = "Adobe.adobebridge""InvokeVerb" = "launch"HKLM\SOFTWARE\Classes\Adobe.adobebridge\shell\launch\command\(Default) = "E:\Program Files\Adobe\Adobe Bridge CS3\bridgeproxy.exe -v %1" ["Adobe Systems, Inc."]MPCPlayCDAudioOnArrival\"Provider" = "Media Player Classic""InvokeProgID" = "MediaPlayerClassic.Autorun""InvokeVerb" = "PlayCDAudio"HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayCDAudio\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1 /cd" ["Gabest"]MPCPlayDVDMovieOnArrival\"Provider" = "Media Player Classic""InvokeProgID" = "MediaPlayerClassic.Autorun""InvokeVerb" = "PlayDVDMovie"HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayDVDMovie\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1 /dvd" ["Gabest"]MPCPlayMusicFilesOnArrival\"Provider" = "Media Player Classic""InvokeProgID" = "MediaPlayerClassic.Autorun""InvokeVerb" = "PlayMusicFiles"HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayMusicFiles\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1" ["Gabest"]MPCPlayVideoFilesOnArrival\"Provider" = "Media Player Classic""InvokeProgID" = "MediaPlayerClassic.Autorun""InvokeVerb" = "PlayVideoFiles"HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayVideoFiles\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1" ["Gabest"]MSPlayCDAudioOnArrival\"Provider" = "ALLPlayer""InvokeProgID" = "AllPlayerFile""InvokeVerb" = "play"HKLM\SOFTWARE\Classes\AllPlayerFile\shell\play\command\(Default) = ""C:\Program Files\MarBit\ALLPlayer\ALLPlayer.exe" "%1"" ["MarBit"]NeroAutoPlay7CopyCD\"Provider" = "Nero Burning ROM""InvokeProgID" = "Nero.AutoPlay3""InvokeVerb" = "PlayMusicFilesOnArrival_CopyCD"HKLM\SOFTWARE\Classes\Nero.AutoPlay3\shell\PlayMusicFilesOnArrival_CopyCD\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe /Dialog:DiscCopy /Drive:%L" ["Nero AG"]PDVDPlayDVDMovieOnArrival\"Provider" = "PowerDVD""InvokeProgID" = "DVD""InvokeVerb" = "PlayWithPowerDVD"HKLM\SOFTWARE\Classes\DVD\shell\PlayWithPowerDVD\Command\(Default) = ""C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" "%l"" ["CyberLink Corp."]WinampMTPHandler\"Provider" = "Winamp""ProgID" = "Shell.HWEventHandlerShellExecute""InitCmdLine" = "C:\Program Files\Winamp\winamp.exe"HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"  -> {HKLM...CLSID} = "ShellExecute HW Event Handler"				   \LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]WinampPlayMediaOnArrival\"Provider" = "Winamp""InvokeProgID" = "Winamp.File""InvokeVerb" = "Play"HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\command\(Default) = ""C:\Program Files\Winamp\winamp.exe" "%1"" ["Nullsoft"]HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\DropTarget\CLSID = "{46986115-84D6-459c-8F95-52DD653E532E}"  -> {HKLM...CLSID} = (no title provided)				   \LocalServer32\(Default) = ""C:\Program Files\Winamp\winamp.exe"" ["Nullsoft"]Winsock2 Service Provider DLLs:-------------------------------Namespace Service ProvidersHKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]000000000004\LibraryPath = "C:\Program Files\Bonjour\mdnsNSP.dll" ["Apple Computer, Inc."]Transport Service ProvidersHKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05Toolbars, Explorer Bars, Extensions:------------------------------------Explorer BarsHKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Poszukaj"Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL" [MS]Extensions (Tools menu items, main toolbar menu buttons)HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\"MenuText" = "Sun Java Console""CLSIDExtension" = "{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}"  -> {HKCU...CLSID} = "Java Plug-in 1.6.0_06"				   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]  -> {HKLM...CLSID} = "Java Plug-in 1.6.0_06"				   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_06\bin\npjpi160_06.dll" ["Sun Microsystems, Inc."]{2670000A-7350-4F3C-8081-5663EE0C6C49}\"ButtonText" = "Wyślij do programu OneNote""MenuText" = "Wyślij &do programu OneNote""CLSIDExtension" = "{48E73304-E1D6-4330-914C-F5F514E3486C}"  -> {HKLM...CLSID} = "Send to OneNote from Internet Explorer button"				   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll" [MS]{77BF5300-1474-4EC7-9980-D32B190E9B07}\"ButtonText" = "Skype""CLSIDExtension" = "{77BF5300-1474-4EC7-9980-D32B190E9B07}"  -> {HKLM...CLSID} = "Skype add-on (button)"				   \InProcServer32\(Default) = "C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll" ["Skype Technologies S.A."]{92780B25-18CC-41C8-B9BE-3C9C571A8263}\"ButtonText" = "Research"{FB5F1910-F110-11D2-BB9E-00C04F795683}\"ButtonText" = "Messenger""MenuText" = "Windows Messenger""Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]Running Services (Display Name, Service Name, Path {Service DLL}):------------------------------------------------------------------##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##, Bonjour Service, ""C:\Program Files\Bonjour\mDNSResponder.exe"" ["Apple Computer, Inc."]ATK Keyboard Service, ATKKeyboardService, "C:\WINDOWS\ATKKBService.exe" ["ASUSTeK COMPUTER INC."]Eset Service, ekrn, ""C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe"" ["ESET"]Norton Ghost, Norton Ghost, "C:\Program Files\Norton Ghost\Agent\VProSvc.exe" ["Symantec Corporation"]NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]Sunbelt Personal Firewall 4, SPF4, ""C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe"" ["Sunbelt Software"]Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]Print Monitors:---------------HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\Monitor języka PJL\Driver = "PJLMON.DLL" [MS]Send To Microsoft OneNote Monitor\Driver = "msonpmon.dll" [MS]---------- (launch time: 2008-06-16 14:03:12)<<!>>: Suspicious data at a malware launch point.+ This report excludes default entries except where indicated.+ To see *everywhere* the script checks and *everything* it finds,  launch it from a command prompt or a shortcut with the -all parameter.+ The search for DESKTOP.INI DLL launch points on all local fixed drives  took 45 seconds.---------- (total run time: 80 seconds)

Mateusz J.
komentarz
komentarz
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

Fix w HijackThis

Do notatnika wklej:

Windows Registry Editor Version 5.00[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager]"BootExecute"=hex(7):61,00,75,00,74,00,6f,00,63,00,68,00,65,00,63,00,6b,00,20,\00,61,00,75,00,74,00,6f,00,63,00,68,00,6b,00,20,00,2a,00,00,00,00,00

Plik ==> Zapisz jako ==> Zmień rozszerzenie na Wszystkie pliki ==> Zapisz pod nazwą FIX.REG

Uruchom utworzony plik FIX.REG i potwierdź dodanie do Rejestru i zresetuj komputer.

Jednak to tylko kosmetyka.

cusek
komentarz
komentarz

Gotowe, szczerz mówiąc bawiłem się ostatnio z proxy programem Proxy Switcher, którego musiałem nie poprawnie usunąć ponieważ wyświetlał przy deinstalacji wyświetlał mi bład dostępu bodajże do temp, bawiłem się zezwoleniami, zmieniałem atrybuty katalogów ale to nic nie dawało, usunąłem pliki ręczenie i wyczyściłem rejestr.

Jest lekka poprawa.

Dorzucam jeszcze log z COMBOFIX:

ComboFix 08-06-15.4 - Rybka 2008-06-16 14:45:31.2 - NTFSx86Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.2570 [GMT 2:00]Running from: C:\Documents and Settings\Rybka\Pulpit\ComboFix.exe * Resident AV is active[b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b].(((((((((((((((((((((((((   Files Created from 2008-05-16 to 2008-06-16  ))))))))))))))))))))))))))))))).2008-06-16 13:58 . 2008-06-16 13:58	<DIR>	d--------	C:\Program Files\Trend Micro2008-06-16 13:39 . 2008-06-16 13:39	<DIR>	d--------	C:\Program Files\Lavasoft2008-06-16 13:28 . 2008-06-16 13:42	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft2008-06-16 13:27 . 2008-06-16 13:27	<DIR>	d--------	C:\Program Files\Common Files\Wise Installation Wizard2008-06-16 09:22 . 2008-06-16 09:23	38	--a------	C:\WINDOWS\avisplitter.INI2008-06-16 09:07 . 2008-06-16 09:07	<DIR>	d--------	C:\Documents and Settings\Administrator\Dane aplikacji\Folder przesyłania Share-to-Web2008-06-16 09:07 . 2008-06-16 09:07	<DIR>	d--------	C:\Documents and Settings\Administrator\Dane aplikacji\DivX2008-06-16 09:06 . 2008-06-16 14:49	<DIR>	d--------	C:\Documents and Settings\Administrator\Ustawienia lokalne2008-06-16 09:06 . 2008-06-16 09:06	<DIR>	dr-------	C:\Documents and Settings\Administrator\Ulubione2008-06-16 09:06 . 2008-06-08 10:53	<DIR>	d--h-----	C:\Documents and Settings\Administrator\Szablony2008-06-16 09:06 . 2008-06-08 12:43	<DIR>	d--------	C:\Documents and Settings\Administrator\Pulpit2008-06-16 09:06 . 2008-06-16 09:07	<DIR>	dr-------	C:\Documents and Settings\Administrator\Moje dokumenty2008-06-16 09:06 . 2008-06-08 12:43	<DIR>	dr-------	C:\Documents and Settings\Administrator\Menu Start2008-06-16 09:06 . 2008-06-16 09:09	<DIR>	dr-h-----	C:\Documents and Settings\Administrator\Dane aplikacji2008-06-16 09:06 . 2008-06-16 09:06	<DIR>	d--------	C:\Documents and Settings\Administrator2008-06-15 15:16 . 2008-06-15 15:16	<DIR>	d--------	C:\Documents and Settings\Rybka\Dane aplikacji\WNR2008-06-14 15:21 . 2008-06-14 15:21	34	--a------	C:\WINDOWS\cdplayer.ini2008-06-13 22:25 . 2008-06-13 22:28	<DIR>	d--------	C:\videooutput2008-06-13 22:25 . 2007-02-25 15:36	383,238	--a------	C:\WINDOWS\system32\libmp3lame-0.dll2008-06-13 22:09 . 2008-06-13 22:09	<DIR>	d--------	C:\Documents and Settings\Rybka\Dane aplikacji\skypePM2008-06-13 22:09 . 2008-06-13 22:09	56	--ah-----	C:\WINDOWS\system32\ezsidmv.dat2008-06-13 22:08 . 2008-06-13 22:08	<DIR>	d--------	C:\Program Files\Skype2008-06-13 22:08 . 2008-06-13 22:08	<DIR>	d--------	C:\Program Files\Common Files\Skype2008-06-13 22:08 . 2008-06-15 08:28	<DIR>	d--------	C:\Documents and Settings\Rybka\Dane aplikacji\Skype2008-06-13 22:08 . 2008-06-13 22:08	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Skype2008-06-12 14:38 . 2008-06-12 14:38	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\FLEXnet2008-06-12 14:29 . 2008-06-12 14:29	<DIR>	d--------	C:\Program Files\Bonjour2008-06-12 14:23 . 2008-06-12 14:23	<DIR>	d--------	C:\Program Files\Common Files\Macrovision Shared2008-06-11 15:48 . 2007-03-05 06:01	39,184	--a------	C:\WINDOWS\system32\drivers\btcusb.sys2008-06-11 15:47 . 2008-06-11 15:59	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Bluetooth2008-06-11 15:46 . 2007-03-05 05:53	44,304	--a------	C:\WINDOWS\system32\drivers\VcommMgr.sys2008-06-11 15:46 . 2007-03-05 05:56	35,600	--a------	C:\WINDOWS\system32\drivers\BTHidMgr.sys2008-06-11 15:46 . 2007-03-05 05:52	34,448	--a------	C:\WINDOWS\system32\drivers\VComm.sys2008-06-11 15:46 . 2007-03-05 06:00	27,792	--a------	C:\WINDOWS\system32\drivers\BlueletSCOAudio.sys2008-06-11 15:46 . 2007-03-05 05:55	20,880	--a------	C:\WINDOWS\system32\drivers\vbtenum.sys2008-06-11 15:46 . 2007-03-05 05:59	18,320	--a------	C:\WINDOWS\system32\drivers\btnetdrv.sys2008-06-11 15:45 . 2004-08-03 23:15	140,928	--a------	C:\WINDOWS\system32\drivers\ks.sys2008-06-11 15:45 . 2004-03-16 10:58	136,960	--a------	C:\WINDOWS\system32\drivers\portcls.sys2008-06-11 15:45 . 2004-08-04 00:44	130,048	--a------	C:\WINDOWS\system32\ksproxy.ax2008-06-11 15:45 . 2004-08-03 23:08	60,288	--a------	C:\WINDOWS\system32\drivers\drmk.sys2008-06-11 15:45 . 2004-08-03 23:08	48,640	--a------	C:\WINDOWS\system32\drivers\stream.sys2008-06-11 15:45 . 2007-03-05 05:51	34,576	--a------	C:\WINDOWS\system32\drivers\blueletaudio.sys2008-06-11 15:45 . 2004-08-04 00:44	23,552	--a------	C:\WINDOWS\system32\wdmaud.drv2008-06-11 15:45 . 2004-08-04 00:44	4,096	--a------	C:\WINDOWS\system32\ksuser.dll2008-06-11 14:55 . 2004-08-04 00:38	14,848	--a------	C:\WINDOWS\system32\drivers\kbdhid.sys2008-06-11 14:55 . 2004-08-04 00:38	14,848	--a--c---	C:\WINDOWS\system32\dllcache\kbdhid.sys2008-06-11 14:50 . 2008-06-11 17:16	<DIR>	d--------	C:\Program Files\Sony Ericsson2008-06-11 14:46 . 2008-06-11 14:46	<DIR>	d--------	C:\Program Files\IVT Corporation2008-06-11 14:46 . 2008-06-11 15:15	32	--a------	C:\WINDOWS\[u]0[/u]2008-06-11 14:46 . 2008-06-11 14:46	0	--a------	C:\WINDOWS\system32\[u]0[/u]2008-06-11 13:15 . 2008-06-11 13:57	103,736	--a------	C:\WINDOWS\system32\PnkBstrB.exe2008-06-11 13:15 . 2008-06-11 13:40	66,872	--a------	C:\WINDOWS\system32\PnkBstrA.exe2008-06-11 13:15 . 2008-06-11 13:58	22,328	--a------	C:\WINDOWS\system32\drivers\PnkBstrK.sys2008-06-11 13:12 . 2008-06-11 13:12	<DIR>	d--------	C:\WINDOWS\system32\LogFiles2008-06-11 12:33 . 2007-05-16 16:45	3,497,832	--a------	C:\WINDOWS\system32\d3dx9_34.dll2008-06-11 12:33 . 2007-05-16 16:45	1,124,720	--a------	C:\WINDOWS\system32\D3DCompiler_34.dll2008-06-11 12:33 . 2007-05-16 16:45	443,752	--a------	C:\WINDOWS\system32\d3dx10_34.dll2008-06-11 12:33 . 2007-06-20 20:46	266,088	--a------	C:\WINDOWS\system32\xactengine2_8.dll2008-06-11 12:33 . 2007-04-04 18:53	81,768	--a------	C:\WINDOWS\system32\xinput1_3.dll2008-06-11 12:33 . 2007-10-22 03:37	17,928	--a------	C:\WINDOWS\system32\X3DAudio1_2.dll2008-06-11 12:32 . 2007-03-12 16:42	3,495,784	--a------	C:\WINDOWS\system32\d3dx9_33.dll2008-06-11 12:32 . 2007-03-12 16:42	1,123,696	--a------	C:\WINDOWS\system32\D3DCompiler_33.dll2008-06-11 12:32 . 2007-03-15 16:57	443,752	--a------	C:\WINDOWS\system32\d3dx10_33.dll2008-06-11 12:32 . 2007-04-04 18:55	261,480	--a------	C:\WINDOWS\system32\xactengine2_7.dll2008-06-11 12:32 . 2007-01-24 15:27	255,848	--a------	C:\WINDOWS\system32\xactengine2_6.dll2008-06-11 12:32 . 2007-03-05 12:42	15,128	--a------	C:\WINDOWS\system32\x3daudio1_1.dll2008-06-11 09:07 . 2008-04-14 17:53	273,024	---------	C:\WINDOWS\system32\drivers\bthport.sys2008-06-11 09:07 . 2008-04-14 17:53	273,024	-----c---	C:\WINDOWS\system32\dllcache\bthport.sys2008-06-10 18:58 . 2004-08-03 23:08	31,616	--a------	C:\WINDOWS\system32\drivers\usbccgp.sys2008-06-10 18:58 . 2004-08-03 23:08	31,616	--a--c---	C:\WINDOWS\system32\dllcache\usbccgp.sys2008-06-10 08:16 . 2008-06-10 08:16	271,360	--a------	C:\WINDOWS\system32\drivers\atksgt.sys2008-06-10 08:16 . 2008-06-10 08:16	18,048	--a------	C:\WINDOWS\system32\drivers\lirsgt.sys2008-06-09 17:57 . 2008-06-09 17:57	<DIR>	d--------	C:\Documents and Settings\Rybka\Dane aplikacji\Symantec2008-06-09 17:37 . 2008-06-09 17:37	<DIR>	d--------	C:\Program Files\Norton Ghost2008-06-09 17:37 . 2008-06-09 17:37	<DIR>	d--------	C:\Program Files\Common Files\Symantec Shared2008-06-09 17:37 . 2008-06-09 17:40	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Symantec2008-06-09 17:37 . 2007-03-28 20:29	131,944	--a------	C:\WINDOWS\system32\drivers\symsnap.sys2008-06-09 17:37 . 2007-03-28 20:49	128,104	--a------	C:\WINDOWS\system32\drivers\WimFltr.sys2008-06-09 17:37 . 2007-03-28 20:12	109,360	--a------	C:\WINDOWS\system32\GEARAspi.dll2008-06-09 17:37 . 2007-03-28 20:29	37,864	--a------	C:\WINDOWS\system32\drivers\v2imount.sys2008-06-09 17:37 . 2007-03-28 20:12	15,664	--a------	C:\WINDOWS\system32\drivers\GEARAspiWDM.sys2008-06-09 17:37 . 2007-03-28 20:23	14,072	--a------	C:\WINDOWS\system32\drivers\vproeventmonitor.sys2008-06-09 16:20 . 2008-06-16 13:35	69	--a------	C:\WINDOWS\NeroDigital.ini2008-06-09 16:19 . 2008-06-09 16:19	<DIR>	d--------	C:\Documents and Settings\Rybka\Dane aplikacji\Media Player Classic2008-06-09 15:04 . 2004-08-04 14:00	221,184	--a------	C:\WINDOWS\system32\wmpns.dll2008-06-09 13:50 . 2008-06-11 15:00	<DIR>	d--h-----	C:\WINDOWS\$hf_mig$2008-06-08 18:21 . 2008-06-08 18:21	<DIR>	d--------	C:\WINDOWS\Sun2008-06-08 18:20 . 2008-06-08 18:20	<DIR>	d--------	C:\Program Files\Java2008-06-08 18:20 . 2008-03-25 02:37	69,632	--a------	C:\WINDOWS\system32\javacpl.cpl2008-06-08 18:18 . 2008-06-08 18:18	<DIR>	d--------	C:\Program Files\Common Files\Java2008-06-08 17:39 . 2008-06-16 14:10	16,854	--a------	C:\WINDOWS\system32\drivers\fwdrv.err2008-06-08 17:38 . 2008-06-08 17:38	<DIR>	d--------	C:\Documents and Settings\Rybka\Dane aplikacji\Thunderbird2008-06-08 17:36 . 2008-06-08 17:36	<DIR>	d--------	C:\Program Files\Alcohol Soft2008-06-08 17:36 . 2008-06-08 17:36	223,128	--a------	C:\WINDOWS\system32\drivers\vaxscsi.sys2008-06-08 17:11 . 2008-06-08 17:11	239	--a------	C:\WINDOWS\WINCMD.INI2008-06-08 17:05 . 2008-06-12 14:30	<DIR>	d--------	C:\Program Files\Common Files\Adobe2008-06-08 16:59 . 2008-06-08 16:59	642,560	--a------	C:\WINDOWS\system32\drivers\sptd.sys2008-06-08 16:59 . 2008-06-08 16:59	96,256	--a------	C:\WINDOWS\system32\drivers\sptd8637.sys2008-06-08 16:18 . 2008-06-08 16:18	<DIR>	d--------	C:\Program Files\Sunbelt Software2008-06-08 16:11 . 2008-06-08 16:11	<DIR>	d--------	C:\Program Files\ESET2008-06-08 16:11 . 2008-06-08 16:11	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\ESET2008-06-08 15:47 . 2008-06-08 16:20	<DIR>	d--------	C:\Program Files\Konnekt2008-06-08 15:28 . 2008-06-08 15:28	<DIR>	d--------	C:\Documents and Settings\Rybka\Dane aplikacji\Gadu-Gadu2008-06-08 15:26 . 2008-06-08 15:26	<DIR>	d--------	C:\Program Files\Gadu-Gadu2008-06-08 15:26 . 2008-06-08 17:35	<DIR>	d--------	C:\Documents and Settings\Rybka\Gadu-Gadu2008-06-08 15:13 . 2008-06-08 15:13	<DIR>	d--------	C:\Program Files\K-Lite Codec Pack2008-06-08 15:11 . 2008-06-08 15:11	<DIR>	d--------	C:\Program Files\MarBit2008-06-08 15:09 . 2008-06-08 15:09	<DIR>	d--------	C:\WINDOWS\Downloaded Installations2008-06-08 14:49 . 2008-06-08 17:26	<DIR>	d--------	C:\Program Files\foobar20002008-06-08 14:49 . 2008-06-16 10:18	<DIR>	d--------	C:\Documents and Settings\Rybka\Dane aplikacji\foobar20002008-06-08 14:48 . 2008-06-08 14:49	<DIR>	d--------	C:\Program Files\Winamp2008-06-08 14:48 . 2008-06-08 14:49	<DIR>	d--------	C:\Documents and Settings\Rybka\Dane aplikacji\Winamp2008-06-08 14:47 . 2006-10-26 19:56	32,592	--a------	C:\WINDOWS\system32\msonpmon.dll2008-06-08 14:46 . 2008-06-08 14:46	<DIR>	d--------	C:\Program Files\Microsoft Works2008-06-08 14:45 . 2008-06-08 14:46	<DIR>	d--------	C:\Program Files\Microsoft Office20072008-06-08 14:45 . 2008-06-08 14:45	<DIR>	dr-h-----	C:\MSOCache2008-06-08 14:45 . 2008-06-08 14:47	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help2008-06-08 14:40 . 2008-06-08 14:40	427	--a------	C:\WINDOWS\ODBC.INI2008-06-08 14:39 . 2008-06-08 14:45	<DIR>	d--------	C:\WINDOWS\ShellNew2008-06-08 14:38 . 2008-06-08 14:38	<DIR>	d--------	C:\Program Files\Microsoft Office20002008-06-08 14:38 . 2008-06-08 14:38	<DIR>	d--------	C:\Documents and Settings\Rybka\Dane aplikacji\Microsoft Web Folders2008-06-08 14:32 . 2008-06-08 14:32	13,646	--a------	C:\WINDOWS\system32\wpa.bak2008-06-08 13:45 . 2008-06-15 15:34	<DIR>	d--------	C:\Program Files\Mozilla Thunderbird2008-06-08 13:45 . 2008-06-08 15:32	3,653	--a------	C:\WINDOWS\mozver.dat2008-06-08 13:42 . 2008-06-08 13:42	<DIR>	d--------	C:\Program Files\FireTune.((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-06-16 07:38	196,608	----a-w	C:\WINDOWS\system32\drivers\nStandard.bin2008-06-10 06:11	---------	d--h--w	C:\Program Files\InstallShield Installation Information2008-06-08 12:41	---------	d-----w	C:\Program Files\microsoft frontpage2008-06-08 10:28	---------	d-----w	C:\Program Files\My Company Name2008-06-08 10:27	---------	d-----w	C:\Program Files\ASUS2008-06-08 10:24	---------	d-----w	C:\Program Files\Common Files\InstallShield2008-06-08 10:17	---------	d-----w	C:\Program Files\Realtek2008-06-08 10:09	---------	d-----w	C:\Program Files\Attansic2008-06-08 10:05	315,392	----a-w	C:\WINDOWS\HideWin.exe2008-06-08 08:56	---------	d-----w	C:\Program Files\Usługi online2008-05-08 12:28	202,752	----a-w	C:\WINDOWS\system32\drivers\rmcast.sys2008-05-07 05:16	1,291,264	----a-w	C:\WINDOWS\system32\quartz.dll2008-04-29 09:20	15,648	----a-w	C:\WINDOWS\system32\drivers\NSDriver.sys2008-04-29 09:19	15,648	----a-w	C:\WINDOWS\system32\drivers\Awrtrd.sys2008-04-29 09:19	12,960	----a-w	C:\WINDOWS\system32\drivers\Awrtpd.sys2008-04-21 07:03	662,016	----a-w	C:\WINDOWS\system32\wininet.dll2008-03-25 04:52	621,344	----a-w	C:\WINDOWS\system32\mswstr10.dll2008-03-25 04:52	178,976	----a-w	C:\WINDOWS\system32\msjint40.dll2008-03-20 08:09	1,845,504	----a-w	C:\WINDOWS\system32\win32k.sys2006-06-23 14:48	32,768	----a-r	C:\WINDOWS\inf\UpdateUSB.exe.(((((((((((((((((((((((((((((   snapshot@2008-06-16_13.35.11,09   ))))))))))))))))))))))))))))))))))))))))).- 2008-06-16 11:21:15	2,048	--s-a-w	C:\WINDOWS\bootstat.dat+ 2008-06-16 12:13:44	2,048	--s-a-w	C:\WINDOWS\bootstat.dat+ 2008-05-16 09:58:04	12,632	----a-w	C:\WINDOWS\system32\lsdelete.exe+ 2008-06-16 12:18:11	16,384	----atw	C:\WINDOWS\Temp\Perflib_Perfdata_628.dat- 2008-06-16 11:21:25	16,384	----atw	C:\WINDOWS\Temp\Perflib_Perfdata_7b8.dat+ 2008-06-16 12:13:55	16,384	----atw	C:\WINDOWS\Temp\Perflib_Perfdata_7b8.dat.(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"JMB36X IDE Setup"="C:\WINDOWS\RaidTool\xInsIDE.exe" [2007-03-20 08:36 36864]"36X Raid Configurer"="C:\WINDOWS\system32\xRaidSetup.exe" [2007-03-21 10:23 1953792]"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 08:49 16126464 C:\WINDOWS\RTHDCPL.exe]"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-16 19:07 8491008]"nwiz"="nwiz.exe" [2007-09-16 19:07 1626112 C:\WINDOWS\system32\nwiz.exe]"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-09-16 19:07 81920]"ASUSGamerOSD"="C:\Program Files\ASUS\GamerOSD\GamerOSD.exe" [2007-09-13 15:54 380928]"NWEReboot"="" []"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 16:48 1443072]"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]"Ad-Watch"="C:\Program Files\Lavasoft\Ad-Aware\Ad-Watch.exe" [2008-05-22 09:36 2468200][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"VIDC.YV12"= yv12vfw.dll[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk]path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnkbackup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 12.0]--a------ 2007-03-28 20:41 2037352 C:\Program Files\Norton Ghost\Agent\VProTray.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]--a------ 2002-04-17 10:42 69632 C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]C:\Program Files\Winamp\winampa.exe[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="C:\\Program Files\\Microsoft Office2007\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Konnekt\\konnekt.exe"="C:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe"=R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-03-13 16:52]R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 10:21]R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-04-26 10:21]R2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe" [2007-04-26 10:21]R3 asusgsb;ASUS Virtual Video Capture Device Driver;C:\WINDOWS\system32\drivers\asusgsb.sys [2007-09-13 15:54]R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2007-03-15 08:12]R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys [2007-09-13 15:54]*Newly Created Service* - AD-WATCH_CONNECT_FILTER*Newly Created Service* - AD-WATCH_REAL-TIME_SCANNER*Newly Created Service* - AD-WATCH_REGISTRY_FILTER.**************************************************************************catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-06-16 14:49:26Windows 5.1.2600 Dodatek Service Pack 2 NTFSscanning hidden processes ... scanning hidden autostart entries ...scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************.Completion time: 2008-06-16 14:50:47ComboFix-quarantined-files.txt  2008-06-16 12:50:42Pre-Run: 33,942,478,848 bajtów wolnychPost-Run: 33,927,708,672 bajtów wolnych235	--- E O F ---	2008-06-11 13:01:38

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.