Gość utworzono 17 czerwca 2008 utworzono 17 czerwca 2008 HijackThis Logfile of Trend Micro HijackThis v2.0.2Scan saved at 16:31:28, on 2008-06-17Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\RTHDCPL.EXEC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\Unlocker\UnlockerAssistant.exeC:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exeC:\Program Files\ESET\ESET NOD32 Antivirus\egui.exeC:\Program Files\CyberLink\PowerDVD\PDVDServ.exeC:\WINDOWS\system32\ctfmon.exeC:\PROGRA~1\MyPortal\Speed-X\SpeedX.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\DAEMON Tools Lite\daemon.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exeC:\Program Files\Logitech\SetPoint\SetPoint.exeC:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXEC:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\CyberLink\Shared files\RichVideo.exeC:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exeC:\WINDOWS\system32\wscntfy.exeC:\Program Files\Opera\9.50\opera.exeC:\Program Files\Common Files\Teleca Shared\Generic.exeC:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Gadu-Gadu\gg.exeF:\Gry\The Sims 2\The sims 2 czas wolny\TSBin\Sims2EP7.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1098640R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet ExplorerR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ŁączaR3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllR3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dllO2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLLO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dllO3 - Toolbar: (no name) - {37B85A29-692B-4205-9CAD-2626E4993404} - (no file)O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLLO3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dllO4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXEO4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXEO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -HO4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptionsO4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitserviceO4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXEO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -kO4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [speedX] C:\PROGRA~1\MyPortal\Speed-X\SpeedX.exeO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorunO4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automountO4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXEO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exeO4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exeO8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://F:\Programy\MSOFFI~1\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Pobierz z &BitSpirit - C:\Program Files\BitSpirit\bsurl.htmO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\Programy\MSOFFI~1\OFFICE11\REFIEBAR.DLLO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dllO23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exeO23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exeO23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exeO23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exeO23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe--End of file - 8165 bytes SilentRunners "Silent Runners.vbs", revision 58, http://www.silentrunners.org/Operating System: Windows XPOutput limited to non-default values, except where indicated by "{++}"Startup items buried in registry:---------------------------------HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]"SpeedX" = "C:\PROGRA~1\MyPortal\Speed-X\SpeedX.exe" ["MyPortal.pl"]"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]"DAEMON Tools Lite" = ""C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun" ["DT Soft Ltd"]"AlcoholAutomount" = ""C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount" [null data]"Fraps" = "C:\FRAPS\FRAPS.EXE" ["Beepa P/L"]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}"RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."]"Alcmtr" = "ALCMTR.EXE" ["Realtek Semiconductor Corp."]"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]"UnlockerAssistant" = ""C:\Program Files\Unlocker\UnlockerAssistant.exe" -H" [null data]"Sony Ericsson PC Suite" = ""C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions" [null data]"egui" = ""C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice" ["ESET"]"Logitech Hardware Abstraction Layer" = "KHALMNPR.EXE" ["Logitech, Inc."]"Adobe Reader Speed Launcher" = ""C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"" ["Adobe Systems Incorporated"]"RemoteControl" = ""C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"" ["Cyberlink Corp."]"LanguageShortcut" = ""C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"" [null data]"KernelFaultCheck" = "C:\WINDOWS\system32\dumprep 0 -k"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\(Default) = (no title provided) -> {HKLM...CLSID} = "&Yahoo! Toolbar Helper" \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "Adobe PDF Reader Link Helper" \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}\(Default) = (no title provided) -> {HKLM...CLSID} = "Megaupload Toolbar" \InProcServer32\(Default) = "C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL" ["MEGAUPLOAD "]{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = "SSVHelper Class" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll" ["Sun Microsystems, Inc."]{ecdee021-0d17-467f-a1ff-c7a115230949}\(Default) = (no title provided) -> {HKLM...CLSID} = "free-downloads.net Toolbar" \InProcServer32\(Default) = "C:\Program Files\free-downloads.net\tbfree.dll" ["Conduit Ltd."]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania" -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania" \InProcServer32\(Default) = "deskpan.dll" [file not found]"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class" -> {HKLM...CLSID} = "DesktopContext Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper" -> {HKLM...CLSID} = "NVIDIA CPL Extension" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer" -> {HKLM...CLSID} = "Desktop Explorer" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu" -> {HKLM...CLSID} = "nView Desktop Context Menu" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]"{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}" = "UnlockerShellExtension" -> {HKLM...CLSID} = "UnlockerShellExtension" \InProcServer32\(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data]"{03DAACC5-10BA-4E3E-9D54-2A569F6B4B87}" = "Sony Ericsson File Manager" -> {HKLM...CLSID} = "Sony Ericsson File Manager" \InProcServer32\(Default) = "C:\Program Files\Sony Ericsson\Mobile2\File Manager\FM.dll" ["Popwire AB"]"{738D66C6-0149-4D40-84E4-A7BB2D0CE949}" = "Sony Ericsson File Manager" -> {HKLM...CLSID} = "Sony Ericsson File Manager" \InProcServer32\(Default) = "C:\Program Files\Sony Ericsson\Mobile2\File Manager\FM.dll" ["Popwire AB"]"{B089FE88-FB52-11D3-BDF1-0050DA34150D}" = "Eset Smart Security - Context Menu Shell Extension" -> {HKLM...CLSID} = "Eset Smart Security - Context Menu Shell Extension" \InProcServer32\(Default) = "C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll" ["ESET"]"{DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C}" = "Logitech Setpoint Extension" -> {HKLM...CLSID} = "KbLogiExt Class" \InProcServer32\(Default) = "C:\Program Files\Logitech\SetPoint\kbcplext.dll" ["Logitech, Inc."]"{B9B9F083-2B04-452A-8691-83694AC1037B}" = "Logitech Setpoint Extension" -> {HKLM...CLSID} = "LogiExt Class" \InProcServer32\(Default) = "C:\Program Files\Logitech\SetPoint\mcplext.dll" ["Logitech, Inc."]"{611AD258-4138-4348-A534-9856FA6BA398}" = "IconPackager Icon Handler" -> {HKLM...CLSID} = "IPIconHandlerExt Class" \InProcServer32\(Default) = "C:\Program Files\Stardock\Object Desktop\IconPackager\shellext.dll" ["Stardock.net, Inc"]"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler" -> {HKLM...CLSID} = "Microsoft Office Outlook" \InProcServer32\(Default) = "F:\Programy\MSOFFI~1\OFFICE11\MLSHEXT.DLL" [MS]"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook" \InProcServer32\(Default) = "F:\Programy\MSOFFI~1\OFFICE11\OLKFSTUB.DLL" [MS]"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "F:\Programy\MS Office\OFFICE11\msohev.dll" [MS]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\"IconPackager Repair" = "{1799460C-0BC8-4865-B9DF-4A36CD703FF0}" -> {HKLM...CLSID} = "IPShellInstantiator Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\iprepair.dll" ["Stardock.net, Inc"]HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\<<!>> "BootExecute" = "autocheck autochk *"|"lsdelete" [null data]HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\<<!>> dimsntfy\DLLName = "C:\WINDOWS\System32\dimsntfy.dll" [MS]<<!>> LBTWlgn\DLLName = "c:\program files\common files\logitech\bluetooth\LBTWlgn.dll" ["Logitech, Inc."]HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Eset Smart Security - Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}" -> {HKLM...CLSID} = "Eset Smart Security - Context Menu Shell Extension" \InProcServer32\(Default) = "C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll" ["ESET"]WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Eset Smart Security - Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}" -> {HKLM...CLSID} = "Eset Smart Security - Context Menu Shell Extension" \InProcServer32\(Default) = "C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll" ["ESET"]ImageResizer\(Default) = "{2BB59FC0-31E8-42DA-9D3C-E9A52953853B}" -> {HKLM...CLSID} = "ImageResizer Shell Extension" \InProcServer32\(Default) = "C:\PROGRA~1\VSO\IMAGER~1\RSZShell.dll" ["VSO Software"]UnlockerShellExtension\(Default) = "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}" -> {HKLM...CLSID} = "UnlockerShellExtension" \InProcServer32\(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data]WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\UnlockerShellExtension\(Default) = "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}" -> {HKLM...CLSID} = "UnlockerShellExtension" \InProcServer32\(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data]Group Policies {GPedit.msc branch and setting}:-----------------------------------------------Note: detected settings may not have any effect.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|Shutdown: Allow system to be shut down without having to log on}"undockwithoutlogon" = (REG_DWORD) dword:0x00000001{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|Devices: Allow undock without having to log on}Active Desktop and Wallpaper:-----------------------------Active Desktop may be disabled at this entry:HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellStateDisplayed if Active Desktop enabled and wallpaper not set by Group Policy:HKCU\Software\Microsoft\Internet Explorer\Desktop\General\"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"Displayed if Active Desktop disabled and wallpaper not set by Group Policy:HKCU\Control Panel\Desktop\"Wallpaper" = "C:\Documents and Settings\KiceK\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"Enabled Screen Saver:---------------------HKCU\Control Panel\Desktop\"SCRNSAVE.EXE" = "C:\WINDOWS\system32\logon.scr" [MS]Windows Portable Device AutoPlay Handlers-----------------------------------------HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\AlcoholAutoPlayV2.BurnDisc\"Provider" = "Alcohol 120%""InvokeProgID" = "AlcoholAutoPlayV2""InvokeVerb" = "BurnDisc"HKLM\SOFTWARE\Classes\AlcoholAutoPlayV2\shell\BurnDisc\command\(Default) = ""C:\Program Files\Alcohol Soft\Alcohol 120\Alcohol.bin" %1" ["Alcohol Soft Development Team"]AlcoholAutoPlayV2.ReadDisc\"Provider" = "Alcohol 120%""InvokeProgID" = "AlcoholAutoPlayV2""InvokeVerb" = "BurnDisc"HKLM\SOFTWARE\Classes\AlcoholAutoPlayV2\shell\BurnDisc\command\(Default) = ""C:\Program Files\Alcohol Soft\Alcohol 120\Alcohol.bin" %1" ["Alcohol Soft Development Team"]MPCPlayCDAudioOnArrival\"Provider" = "Media Player Classic""InvokeProgID" = "MediaPlayerClassic.Autorun""InvokeVerb" = "PlayCDAudio"HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayCDAudio\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1 /cd" ["Gabest"]MPCPlayDVDMovieOnArrival\"Provider" = "Media Player Classic""InvokeProgID" = "MediaPlayerClassic.Autorun""InvokeVerb" = "PlayDVDMovie"HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayDVDMovie\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1 /dvd" ["Gabest"]MPCPlayMusicFilesOnArrival\"Provider" = "Media Player Classic""InvokeProgID" = "MediaPlayerClassic.Autorun""InvokeVerb" = "PlayMusicFiles"HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayMusicFiles\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1" ["Gabest"]MPCPlayVideoFilesOnArrival\"Provider" = "Media Player Classic""InvokeProgID" = "MediaPlayerClassic.Autorun""InvokeVerb" = "PlayVideoFiles"HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayVideoFiles\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1" ["Gabest"]NeroAutoPlay2AudioToNeroDigital\"Provider" = "Nero Burning ROM""InvokeProgID" = "Nero.AutoPlay2""InvokeVerb" = "PlayCDAudioOnArrival_AudioToNeroDigital"HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\PlayCDAudioOnArrival_AudioToNeroDigital\command\(Default) = "C:\Program Files\Ahead\nero\nero.exe /Dialog:SaveTracksND /Drive:%L" ["Ahead Software AG"]NeroAutoPlay2CDAudio\"Provider" = "Nero Express""InvokeProgID" = "Nero.AutoPlay2""InvokeVerb" = "HandleCDBurningOnArrival_CDAudio"HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\HandleCDBurningOnArrival_CDAudio\command\(Default) = "C:\Program Files\Ahead\nero\nero.exe /w /New:AudioCD /Drive:%L" ["Ahead Software AG"]NeroAutoPlay2CopyCD\"Provider" = "Nero Express""InvokeProgID" = "Nero.AutoPlay2""InvokeVerb" = "PlayCDAudioOnArrival_CopyCD"HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\PlayCDAudioOnArrival_CopyCD\command\(Default) = "C:\Program Files\Ahead\nero\nero.exe /w /Dialog:DiscCopy /Drive:%L" ["Ahead Software AG"]NeroAutoPlay2DataDisc\"Provider" = "Nero Express""InvokeProgID" = "Nero.AutoPlay2""InvokeVerb" = "HandleCDBurningOnArrival_DataDisc"HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\HandleCDBurningOnArrival_DataDisc\command\(Default) = "C:\Program Files\Ahead\nero\nero.exe /w /New:ISODisc /Drive:%L" ["Ahead Software AG"]NeroAutoPlay2LaunchNeroStartSmart\"Provider" = "Nero StartSmart""InvokeProgID" = "Nero.AutoPlay2""InvokeVerb" = "HandleCDBurningOnArrival_LaunchNeroStartSmart"HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\HandleCDBurningOnArrival_LaunchNeroStartSmart\command\(Default) = "C:\Program Files\Ahead\Nero StartSmart\NeroStartSmart.exe /AutoPlay /Drive:%L" ["Ahead Software AG"]NeroAutoPlay2RipCD\"Provider" = "Nero Burning ROM""InvokeProgID" = "Nero.AutoPlay2""InvokeVerb" = "PlayCDAudioOnArrival_RipCD"HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\PlayCDAudioOnArrival_RipCD\command\(Default) = "C:\Program Files\Ahead\nero\nero.exe /Dialog:SaveTracks /Drive:%L" ["Ahead Software AG"]PDVDPlayCDAudioOnArrival\"Provider" = "PowerDVD""InvokeProgID" = "AudioCD""InvokeVerb" = "PlayWithPowerDVD"HKLM\SOFTWARE\Classes\AudioCD\shell\PlayWithPowerDVD\command\(Default) = ""C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" "%L"" ["CyberLink Corp."]PDVDPlayDVDMovieOnArrival\"Provider" = "PowerDVD""InvokeProgID" = "DVD""InvokeVerb" = "PlayWithPowerDVD"HKLM\SOFTWARE\Classes\DVD\shell\PlayWithPowerDVD\Command\(Default) = ""C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" "%l"" ["CyberLink Corp."]PDVDPlayVCDMovieOnArrival\"Provider" = "PowerDVD""InvokeProgID" = "VCD""InvokeVerb" = "PlayWithPowerDVD"HKLM\SOFTWARE\Classes\VCD\shell\PlayWithPowerDVD\Command\(Default) = ""C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" "%l"" ["CyberLink Corp."]VSOImageResizerAutoplay_741406\"Provider" = "VSO Image Resizer""InvokeProgID" = "VSOImageResizerAutoplay""InvokeVerb" = "VSOImageResizerAutoplay_741406"HKLM\SOFTWARE\Classes\VSOImageResizerAutoplay\shell\VSOImageResizerAutoplay_741406\command\(Default) = "C:\Program Files\VSO\Image Resizer\Resize.exe %L\" ["VSO Software SARL, France"]WinampMTPHandler\"Provider" = "Winamp""ProgID" = "Shell.HWEventHandlerShellExecute""InitCmdLine" = "C:\Program Files\Winamp\winamp.exe"HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" -> {HKLM...CLSID} = "ShellExecute HW Event Handler" \LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]WinampPlayMediaOnArrival\"Provider" = "Winamp""InvokeProgID" = "Winamp.File""InvokeVerb" = "Play"HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\command\(Default) = ""C:\Program Files\Winamp\winamp.exe" "%1"" ["Nullsoft"]HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\DropTarget\CLSID = "{46986115-84D6-459c-8F95-52DD653E532E}" -> {HKLM...CLSID} = (no title provided) \LocalServer32\(Default) = ""C:\Program Files\Winamp\winamp.exe"" ["Nullsoft"]Startup items in "KiceK" & "All Users" startup folders:-------------------------------------------------------C:\Documents and Settings\KiceK\Menu Start\Programy\Autostart"Adobe Gamma" -> shortcut to: "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]C:\Documents and Settings\All Users\Menu Start\Programy\Autostart"Logitech Desktop Messenger" -> shortcut to: "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe -startup" ["Logitech Inc."]"Logitech SetPoint" -> shortcut to: "C:\Program Files\Logitech\SetPoint\SetPoint.exe" ["Logitech, Inc."]Winsock2 Service Provider DLLs:-------------------------------Namespace Service ProvidersHKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]Transport Service ProvidersHKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05Toolbars, Explorer Bars, Extensions:------------------------------------ToolbarsHKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\"{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}" -> {HKLM...CLSID} = "Megaupload Toolbar" \InProcServer32\(Default) = "C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL" ["MEGAUPLOAD "]"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" -> {HKLM...CLSID} = "Yahoo! Toolbar" \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]"{ECDEE021-0D17-467F-A1FF-C7A115230949}" -> {HKLM...CLSID} = "free-downloads.net Toolbar" \InProcServer32\(Default) = "C:\Program Files\free-downloads.net\tbfree.dll" ["Conduit Ltd."]HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided) -> {HKLM...CLSID} = "Yahoo! Toolbar" \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]"{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}" = (no title provided) -> {HKLM...CLSID} = "Megaupload Toolbar" \InProcServer32\(Default) = "C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL" ["MEGAUPLOAD "]"{ECDEE021-0D17-467F-A1FF-C7A115230949}" = "free-downloads.net Toolbar" -> {HKLM...CLSID} = "free-downloads.net Toolbar" \InProcServer32\(Default) = "C:\Program Files\free-downloads.net\tbfree.dll" ["Conduit Ltd."]Explorer BarsHKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Badanie"Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]InProcServer32\(Default) = "F:\Programy\MSOFFI~1\OFFICE11\REFIEBAR.DLL" [MS]Extensions (Tools menu items, main toolbar menu buttons)HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\"MenuText" = "Sun Java Console""CLSIDExtension" = "{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}" -> {HKCU...CLSID} = "Java Plug-in 1.6.0_05" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll" ["Sun Microsystems, Inc."] -> {HKLM...CLSID} = "Java Plug-in 1.6.0_05" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll" ["Sun Microsystems, Inc."]{92780B25-18CC-41C8-B9BE-3C9C571A8263}\"ButtonText" = "Badanie"{E2E2DD38-D088-4134-82B7-F2BA38496583}\"MenuText" = "@xpsp3res.dll,-20001""Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]{FB5F1910-F110-11D2-BB9E-00C04F795683}\"ButtonText" = "Messenger""MenuText" = "Windows Messenger""Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]Miscellaneous IE Hijack Points------------------------------HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\<<H>> "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = "*ow" (unwritable string) -> {HKLM...CLSID} = "Yahoo! Toolbar" \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]<<H>> "{ecdee021-0d17-467f-a1ff-c7a115230949}" = (no title provided) -> {HKLM...CLSID} = "free-downloads.net Toolbar" \InProcServer32\(Default) = "C:\Program Files\free-downloads.net\tbfree.dll" ["Conduit Ltd."]HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\<<H>> "Tabs" = "C:\Documents and Settings\KiceK\Dane aplikacji\MEGAUPLOADTOOLBAR\tabwelcome.html" [null data]Running Services (Display Name, Service Name, Path {Service DLL}):------------------------------------------------------------------Cyberlink RichVideo Service(CRVS), RichVideo, ""C:\Program Files\CyberLink\Shared files\RichVideo.exe"" [empty string]Eset Service, ekrn, ""C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe"" ["ESET"]Lavasoft Ad-Aware Service, aawservice, ""C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe"" ["Lavasoft"]Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS]NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]StarWind AE Service, StarWindServiceAE, "C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe" ["Rocket Division Software"]Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]Print Monitors:---------------HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]---------- (launch time: 2008-06-17 16:37:26)<<!>>: Suspicious data at a malware launch point.<<H>>: Suspicious data at a browser hijack point.+ This report excludes default entries except where indicated.+ To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter.+ The search for DESKTOP.INI DLL launch points on all local fixed drives took 87 seconds.---------- (total run time: 108 seconds) Wrzuciłem wszystko co mi programy podały. Jak coś źle to piszcie - poprawię.
Mateusz J. komentarz 17 czerwca 2008 komentarz 17 czerwca 2008 R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dllO2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dllO3 - Toolbar: (no name) - {37B85A29-692B-4205-9CAD-2626E4993404} - (no file) Fix C:\Program Files\free-downloads.net Do usunięcia ręcznego z dysku. Do notatnika wklej: Windows Registry Editor Version 5.00[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager]"BootExecute"=hex(7):61,00,75,00,74,00,6f,00,63,00,68,00,65,00,63,00,6b,00,20,\00,61,00,75,00,74,00,6f,00,63,00,68,00,6b,00,20,00,2a,00,00,00,00,00 Plik ==> Zapisz jako ==> Zmień rozszerzenie na Wszystkie pliki ==> Zapisz pod nazwą FIX.REG Uruchom utworzony plik FIX.REG i potwierdź dodanie do Rejestru i zresetuj komputer. Poproszę loga z ComboFix.
Gość komentarz 17 czerwca 2008 komentarz 17 czerwca 2008 Ale jesiona, ze mną jak z głupim. Jak tego loga z ComboFixa uzyskać?
snip91 komentarz 17 czerwca 2008 komentarz 17 czerwca 2008 Włączasz ComboFix, czekasz aż przeskanuje, potem wchodzisz na dysk C: i tam masz plik log.txt Potem już chyba wiesz co trzeba z nim zrobić
Gość komentarz 17 czerwca 2008 komentarz 17 czerwca 2008 A więc leci log z ComboFixa ComboFix 08-06-16.5 - KiceK 2008-06-17 22:09:04.2 - NTFSx86Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.1563 [GMT 2:00]Running from: C:\Documents and Settings\KiceK\Pulpit\ComboFix.exe * Resident AV is active[b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b].((((((((((((((((((((((((( Files Created from 2008-05-17 to 2008-06-17 ))))))))))))))))))))))))))))))).2008-06-17 21:44 . 2008-06-17 21:44 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE2008-06-17 16:31 . 2008-06-17 16:31 <DIR> d-------- C:\Program Files\Trend Micro2008-06-14 23:20 . 2008-06-14 23:20 <DIR> d-------- C:\Program Files\CalcMaster2008-06-14 15:28 . 2004-08-18 10:34 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll2008-06-12 20:35 . 2008-06-12 20:36 <DIR> d-------- C:\Program Files\ePSXee2008-06-12 20:35 . 2008-06-12 20:35 <DIR> d-------- C:\Program Files\ePSXe2008-06-12 20:35 . 2008-06-12 20:46 1,251 --a------ C:\WINDOWS\kaillera.ini2008-06-12 13:20 . 2008-06-12 14:45 <DIR> d-------- C:\Program Files\GoD2008-06-12 13:20 . 2008-06-12 13:20 <DIR> d-------- C:\Downloaded2008-06-12 11:12 . 2008-06-12 11:12 <DIR> d-------- C:\Documents and Settings\KiceK\Dane aplikacji\Media Player Classic2008-06-12 11:11 . 2008-06-12 11:11 <DIR> d-------- C:\Program Files\K-Lite Codec Pack2008-06-11 13:13 . 2008-06-11 13:13 <DIR> d-------- C:\Program Files\Lavasoft2008-06-11 13:13 . 2008-06-11 13:13 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard2008-06-11 13:13 . 2008-06-11 13:14 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft2008-06-08 17:42 . 2008-06-08 17:43 <DIR> d-------- C:\Program Files\SopCast2008-06-07 00:54 . 2008-06-07 00:54 <DIR> d-------- C:\Documents and Settings\KiceK\Dane aplikacji\Gadu-Gadu-8xALPHA2008-06-07 00:53 . 2008-06-08 13:43 <DIR> d-------- C:\WINDOWS\SxsCaPendDel2008-06-07 00:53 . 2008-06-07 00:54 <DIR> d-------- C:\Program Files\Gadu-Gadu 8.02008-06-05 20:42 . 2008-06-05 20:46 <DIR> d-------- C:\Program Files\RegCleaner2008-05-29 19:47 . 2008-02-22 13:30 334,792 --a------ C:\WINDOWS\system32\_AxShlEx.dll2008-05-29 19:43 . 2008-06-17 21:46 <DIR> d-------- C:\Program Files\Conduit2008-05-29 19:43 . 2008-05-29 19:43 <DIR> d-------- C:\Program Files\Alcohol Soft2008-05-27 14:01 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll2008-05-27 09:42 . 2008-05-27 09:42 <DIR> d-------- C:\Program Files\foobar20002008-05-27 09:42 . 2008-06-14 18:55 <DIR> d-------- C:\Documents and Settings\KiceK\Dane aplikacji\foobar20002008-05-26 21:36 . 2003-06-19 01:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll2008-05-26 21:36 . 2008-05-26 21:36 421 --a------ C:\WINDOWS\ODBC.INI2008-05-26 21:35 . 2008-05-26 21:35 <DIR> d-------- C:\WINDOWS\SHELLNEW2008-05-26 21:35 . 2008-05-26 21:35 <DIR> d-------- C:\Program Files\Microsoft.NET2008-05-26 21:35 . 2008-05-26 21:35 <DIR> d-------- C:\Program Files\Microsoft Works2008-05-26 21:29 . 2008-05-26 21:29 <DIR> d-------- C:\Program Files\DAEMON Tools Lite2008-05-26 21:26 . 2008-05-26 21:26 716,272 --a------ C:\WINDOWS\system32\drivers\sptd.sys2008-05-26 21:25 . 2008-05-26 21:25 <DIR> d-------- C:\Documents and Settings\KiceK\Dane aplikacji\DAEMON Tools2008-05-26 15:35 . 2008-04-14 00:50 361,344 --a------ C:\WINDOWS\system32\drivers\tcpip.sys.old2008-05-24 17:48 . 2008-05-27 09:54 <DIR> d-------- C:\Program Files\RocketDock2008-05-23 23:56 . 2008-05-23 23:56 <DIR> d-------- C:\Program Files\AveDesk132008-05-23 23:54 . 2008-05-23 23:59 <DIR> d-------- C:\Documents and Settings\KiceK\Dane aplikacji\AveDesk2008-05-21 10:01 . 2008-05-24 19:10 <DIR> d-------- C:\Program Files\Thoosje Sidebar V2.32008-05-21 09:19 . 2008-04-14 22:50 219,648 --a------ C:\WINDOWS\system32\uxtheme.backup2008-05-21 09:01 . 2004-08-27 08:56 45,056 --a------ C:\WINDOWS\system32\iprepair.dll2008-05-19 13:32 . 2008-05-19 13:32 <DIR> d-------- C:\Program Files\MegauploadToolbar2008-05-19 13:32 . 2008-05-19 13:32 <DIR> d-------- C:\Documents and Settings\KiceK\Dane aplikacji\Yahoo!2008-05-19 13:32 . 2008-05-19 13:32 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Yahoo! Companion2008-05-19 13:31 . 2008-06-17 21:44 <DIR> d-------- C:\Documents and Settings\KiceK\Dane aplikacji\MegauploadToolbar.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-06-17 20:04 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP2008-06-17 13:20 --------- d-----w C:\Program Files\Video Convert Master2008-06-13 18:31 --------- d-----w C:\Program Files\Opera2008-06-13 17:01 --------- d-----w C:\Program Files\SpeedFan2008-06-11 20:33 --------- d-----w C:\Documents and Settings\KiceK\Dane aplikacji\VSO2008-06-11 10:42 --------- d-----w C:\Program Files\Winamp2008-05-26 22:40 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll2008-05-22 09:47 --------- d--h--w C:\Program Files\InstallShield Installation Information2008-05-21 12:54 163,712 ----a-w C:\WINDOWS\system32\drivers\vidstub.sys2008-05-21 07:19 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll2008-05-16 20:38 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\LogiShrd2008-05-16 20:03 --------- d-----w C:\Program Files\Yahoo!2008-05-16 20:03 --------- d-----w C:\Program Files\Common Files\Scanner2008-05-16 20:02 --------- d-----w C:\Program Files\Common Files\Logitech2008-05-16 20:02 --------- d-----w C:\Program Files\Common Files\Logishrd2008-05-16 20:02 --------- d-----w C:\Documents and Settings\KiceK\Dane aplikacji\InstallShield2008-05-16 09:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe2008-05-10 16:14 --------- d-----w C:\Program Files\BitDownload2008-04-29 09:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys2008-04-29 09:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys2008-04-29 09:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys2008-04-28 14:41 --------- d-----w C:\Program Files\RivaTuner v2.082008-04-26 21:26 --------- d-----w C:\Program Files\Lavalys2008-04-17 17:53 --------- d-----w C:\Program Files\DeskSpace2008-04-17 17:49 --------- d-----w C:\Program Files\AquaMark32008-04-14 21:16 1,804 ----a-w C:\WINDOWS\system32\dcache.bin2008-04-14 20:56 332,288 ----a-w C:\WINDOWS\system32\netsetup.exe2008-04-14 20:52 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll2008-04-14 20:52 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll2008-04-14 20:52 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll2008-04-14 20:50 999,936 -c--a-w C:\WINDOWS\system32\syssetup.dll2008-04-14 20:49 98,304 ----a-w C:\WINDOWS\system32\actxprxy.dll2008-04-14 20:48 5,632 ----a-w C:\WINDOWS\system32\wmi.dll2008-04-14 20:48 1,449,472 ----a-w C:\WINDOWS\system32\winntbbu.dll2008-04-14 20:47 57,375 ----a-w C:\WINDOWS\system32\odbcji32.dll2008-04-14 20:47 103,424 ----a-w C:\WINDOWS\system32\dpcdll.dll2008-04-14 20:43 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll2008-04-14 20:42 3,584 ----a-w C:\WINDOWS\system32\msafd.dll2008-04-14 20:36 3,584 ----a-w C:\WINDOWS\system32\icmp.dll2008-04-14 20:35 9,344 ----a-w C:\WINDOWS\system32\framebuf.dll2008-04-14 20:35 569,856 ----a-w C:\WINDOWS\system32\gpedit.dll2008-04-14 20:33 3,072 ----a-w C:\WINDOWS\system32\dpnlobby.dll2008-04-14 20:33 3,072 ----a-w C:\WINDOWS\system32\dpnaddr.dll2008-04-14 20:33 24,064 ----a-w C:\WINDOWS\system32\pidgen.dll2008-04-14 20:31 16,896 ----a-w C:\WINDOWS\system32\cfgmgr32.dll2008-04-14 20:30 285,696 ----a-w C:\WINDOWS\system32\atmfd.dll2008-04-14 19:59 2,146,816 -c--a-w C:\WINDOWS\system32\ntoskrnl.exe2008-04-14 19:59 2,025,472 -c--a-w C:\WINDOWS\system32\ntkrnlpa.exe2008-04-14 19:55 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll2008-04-14 19:52 89,600 ------w C:\WINDOWS\system32\msxml6r.dll2008-04-14 19:50 80,896 ------w C:\WINDOWS\system32\msshavmsg.dll2008-04-14 19:45 49,664 ----a-w C:\WINDOWS\system32\inetres.dll2008-04-14 19:45 2,977,792 -c--a-w C:\WINDOWS\system32\wmploc.dll2008-04-14 19:43 563,200 -c--a-w C:\WINDOWS\system32\shdoclc.dll2008-04-14 19:39 190,976 ----a-w C:\WINDOWS\system32\wmerror.dll2008-04-14 19:37 10,240 ----a-w C:\WINDOWS\system32\gpkrsrc.dll2008-04-14 19:35 67,584 ----a-w C:\WINDOWS\system32\browselc.dll2008-04-14 19:35 1,845,888 ----a-w C:\WINDOWS\system32\win32k.sys2008-04-14 19:32 57,344 ----a-w C:\WINDOWS\system32\mshtmler.dll2008-04-14 19:29 8,192 ----a-w C:\WINDOWS\system32\asferror.dll2008-04-13 22:15 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys2008-04-13 22:13 9,728 ------w C:\WINDOWS\system32\comsdupd.exe2008-04-13 22:13 12,800 ----a-w C:\WINDOWS\system32\spiisupd.exe2008-04-13 22:10 427,008 ----a-w C:\WINDOWS\system32\xpob2res.dll2008-04-13 22:08 2,953,216 -c--a-w C:\WINDOWS\system32\xpsp2res.dll2008-04-13 22:05 194,560 -c--a-w C:\WINDOWS\system32\xpsp1res.dll2008-04-13 22:01 7,424 ----a-w C:\WINDOWS\system32\kd1394.dll2008-04-13 22:00 61,440 ----a-w C:\WINDOWS\system32\msvcrt40.dll2008-04-13 21:07 208,384 ----a-w C:\WINDOWS\system32\rsaenh.dll2008-04-13 21:07 138,752 ----a-w C:\WINDOWS\system32\dssenh.dll2008-04-13 20:56 12,288 ----a-w C:\WINDOWS\system32\odbcp32r.dll2008-04-13 20:56 12,288 ----a-w C:\WINDOWS\system32\mscpx32r.dll2008-04-13 20:51 733,696 ----a-w C:\WINDOWS\system32\qedwipes.dll2008-04-13 20:18 1,647,616 -c--a-w C:\WINDOWS\system32\winbrand.dll2008-04-13 20:15 216,064 -c--a-w C:\WINDOWS\system32\moricons.dll2008-04-13 19:53 48,128 ----a-w C:\WINDOWS\system32\msprivs.dll2008-04-13 19:09 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\divx.dll2008-03-28 17:41 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll2008-03-21 20:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll2008-03-04 08:23 81,920 ----a-w C:\Documents and Settings\KiceK\Dane aplikacji\ezpinst.exe2008-03-04 08:23 47,360 ----a-w C:\Documents and Settings\KiceK\Dane aplikacji\pcouffin.sys.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 22:51 15360]"SpeedX"="C:\PROGRA~1\MyPortal\Speed-X\SpeedX.exe" [2006-06-27 14:11 46718]"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-02-14 01:09 486856]"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-05-29 19:47 4608]"Fraps"="C:\FRAPS\FRAPS.EXE" [2008-01-14 14:18 3182248][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RTHDCPL"="RTHDCPL.EXE" [2007-06-13 08:49 16377344 C:\WINDOWS\RTHDCPL.exe]"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]"nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe]"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-09-07 19:19 15872]"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 02:06 487424]"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 09:21 1443072]"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 03:10 55824 C:\WINDOWS\KHALMNPR.Exe]"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 14:06 40048]"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 22:57 30208]"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-05-18 11:29 49152][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 22:51 15360]C:\Documents and Settings\KiceK\Menu Start\Programy\Autostart\Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-03-14 23:25:45 67128]Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-05-16 22:02:42 784912][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]c:\program files\common files\logitech\bluetooth\LBTWlgn.dll 2007-11-15 10:10 72208 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"VIDC.YV12"= yv12vfw.dll[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]@=""[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]--a--c--- 2008-01-16 00:54 37376 C:\Program Files\Winamp\winampa.exe[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="C:\\Program Files\\Gadu-Gadu\\gg.exe"="F:\\Gry\\Atari\\Test Drive Unlimited\\TestDriveUnlimited.exe"="C:\\Program Files\\BearShare\\BearShare.exe"="C:\\Program Files\\BitSpirit\\BitSpirit.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="C:\\Program Files\\Gadu-Gadu 8.0\\gg.exe"="C:\\Program Files\\SopCast\\SopCast.exe"="C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"8461:TCP"= 8461:TCP:GoD High Port"8462:TCP"= 8462:TCP:GoD Low PortR1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-12-21 09:21]S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [2008-03-17 00:00]S3 GPU-Z;GPU-Z;C:\DOCUME~1\KiceK\USTAWI~1\Temp\GPU-Z.sys []S3 SetupNTGLM7X;SetupNTGLM7X;G:\NTGLM7X.sys []S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 00:15]*Newly Created Service* - CATCHME.**************************************************************************catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-06-17 22:09:53Windows 5.1.2600 Dodatek Service Pack 3 NTFSscanning hidden processes ... scanning hidden autostart entries ...scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ASFWHide]"ImagePath"="\??\C:\DOCUME~1\KiceK\USTAWI~1\Temp\ASFWHide"[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EverestDriver]"ImagePath"="\??\C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt".Completion time: 2008-06-17 22:10:29ComboFix-quarantined-files.txt 2008-06-17 20:10:24Pre-Run: 4,511,854,592 bajtów wolnychPost-Run: 4,500,381,696 bajtów wolnych217
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.