x-kom hosting

Kontrolne logi do sprawdzenia.

Gość
utworzono
utworzono

HijackThis

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 16:31:28, on 2008-06-17Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\RTHDCPL.EXEC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\Unlocker\UnlockerAssistant.exeC:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exeC:\Program Files\ESET\ESET NOD32 Antivirus\egui.exeC:\Program Files\CyberLink\PowerDVD\PDVDServ.exeC:\WINDOWS\system32\ctfmon.exeC:\PROGRA~1\MyPortal\Speed-X\SpeedX.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\DAEMON Tools Lite\daemon.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exeC:\Program Files\Logitech\SetPoint\SetPoint.exeC:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXEC:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\CyberLink\Shared files\RichVideo.exeC:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exeC:\WINDOWS\system32\wscntfy.exeC:\Program Files\Opera\9.50\opera.exeC:\Program Files\Common Files\Teleca Shared\Generic.exeC:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Gadu-Gadu\gg.exeF:\Gry\The Sims 2\The sims 2 czas wolny\TSBin\Sims2EP7.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1098640R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet ExplorerR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ŁączaR3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllR3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dllO2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLLO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dllO3 - Toolbar: (no name) - {37B85A29-692B-4205-9CAD-2626E4993404} - (no file)O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLLO3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dllO4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXEO4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXEO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -HO4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptionsO4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitserviceO4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXEO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -kO4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [speedX] C:\PROGRA~1\MyPortal\Speed-X\SpeedX.exeO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorunO4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automountO4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXEO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exeO4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exeO8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://F:\Programy\MSOFFI~1\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Pobierz z &BitSpirit - C:\Program Files\BitSpirit\bsurl.htmO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\Programy\MSOFFI~1\OFFICE11\REFIEBAR.DLLO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dllO23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exeO23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exeO23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exeO23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exeO23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe--End of file - 8165 bytes

SilentRunners

"Silent Runners.vbs", revision 58, http://www.silentrunners.org/Operating System: Windows XPOutput limited to non-default values, except where indicated by "{++}"Startup items buried in registry:---------------------------------HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]"SpeedX" = "C:\PROGRA~1\MyPortal\Speed-X\SpeedX.exe" ["MyPortal.pl"]"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]"DAEMON Tools Lite" = ""C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun" ["DT Soft Ltd"]"AlcoholAutomount" = ""C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount" [null data]"Fraps" = "C:\FRAPS\FRAPS.EXE" ["Beepa P/L"]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}"RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."]"Alcmtr" = "ALCMTR.EXE" ["Realtek Semiconductor Corp."]"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]"UnlockerAssistant" = ""C:\Program Files\Unlocker\UnlockerAssistant.exe" -H" [null data]"Sony Ericsson PC Suite" = ""C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions" [null data]"egui" = ""C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice" ["ESET"]"Logitech Hardware Abstraction Layer" = "KHALMNPR.EXE" ["Logitech, Inc."]"Adobe Reader Speed Launcher" = ""C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"" ["Adobe Systems Incorporated"]"RemoteControl" = ""C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"" ["Cyberlink Corp."]"LanguageShortcut" = ""C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"" [null data]"KernelFaultCheck" = "C:\WINDOWS\system32\dumprep 0 -k"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\(Default) = (no title provided)  -> {HKLM...CLSID} = "&Yahoo! Toolbar Helper"				   \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)  -> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"				   \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}\(Default) = (no title provided)  -> {HKLM...CLSID} = "Megaupload Toolbar"				   \InProcServer32\(Default) = "C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL" ["MEGAUPLOAD								   "]{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)  -> {HKLM...CLSID} = "SSVHelper Class"				   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll" ["Sun Microsystems, Inc."]{ecdee021-0d17-467f-a1ff-c7a115230949}\(Default) = (no title provided)  -> {HKLM...CLSID} = "free-downloads.net Toolbar"				   \InProcServer32\(Default) = "C:\Program Files\free-downloads.net\tbfree.dll" ["Conduit Ltd."]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"  -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"				   \InProcServer32\(Default) = "deskpan.dll" [file not found]"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"				   \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"  -> {HKLM...CLSID} = "DesktopContext Class"				   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"  -> {HKLM...CLSID} = "NVIDIA CPL Extension"				   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"  -> {HKLM...CLSID} = "Desktop Explorer"				   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"  -> {HKLM...CLSID} = (no title provided)				   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"  -> {HKLM...CLSID} = "nView Desktop Context Menu"				   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"  -> {HKLM...CLSID} = "WinRAR"				   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]"{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}" = "UnlockerShellExtension"  -> {HKLM...CLSID} = "UnlockerShellExtension"				   \InProcServer32\(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data]"{03DAACC5-10BA-4E3E-9D54-2A569F6B4B87}" = "Sony Ericsson File Manager"  -> {HKLM...CLSID} = "Sony Ericsson File Manager"				   \InProcServer32\(Default) = "C:\Program Files\Sony Ericsson\Mobile2\File Manager\FM.dll" ["Popwire AB"]"{738D66C6-0149-4D40-84E4-A7BB2D0CE949}" = "Sony Ericsson File Manager"  -> {HKLM...CLSID} = "Sony Ericsson File Manager"				   \InProcServer32\(Default) = "C:\Program Files\Sony Ericsson\Mobile2\File Manager\FM.dll" ["Popwire AB"]"{B089FE88-FB52-11D3-BDF1-0050DA34150D}" = "Eset Smart Security - Context Menu Shell Extension"  -> {HKLM...CLSID} = "Eset Smart Security - Context Menu Shell Extension"				   \InProcServer32\(Default) = "C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll" ["ESET"]"{DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C}" = "Logitech Setpoint Extension"  -> {HKLM...CLSID} = "KbLogiExt Class"				   \InProcServer32\(Default) = "C:\Program Files\Logitech\SetPoint\kbcplext.dll" ["Logitech, Inc."]"{B9B9F083-2B04-452A-8691-83694AC1037B}" = "Logitech Setpoint Extension"  -> {HKLM...CLSID} = "LogiExt Class"				   \InProcServer32\(Default) = "C:\Program Files\Logitech\SetPoint\mcplext.dll" ["Logitech, Inc."]"{611AD258-4138-4348-A534-9856FA6BA398}" = "IconPackager Icon Handler"  -> {HKLM...CLSID} = "IPIconHandlerExt Class"				   \InProcServer32\(Default) = "C:\Program Files\Stardock\Object Desktop\IconPackager\shellext.dll" ["Stardock.net, Inc"]"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"  -> {HKLM...CLSID} = "Microsoft Office Outlook"				   \InProcServer32\(Default) = "F:\Programy\MSOFFI~1\OFFICE11\MLSHEXT.DLL" [MS]"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"  -> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook"				   \InProcServer32\(Default) = "F:\Programy\MSOFFI~1\OFFICE11\OLKFSTUB.DLL" [MS]"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"  -> {HKLM...CLSID} = (no title provided)				   \InProcServer32\(Default) = "F:\Programy\MS Office\OFFICE11\msohev.dll" [MS]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\"IconPackager Repair" = "{1799460C-0BC8-4865-B9DF-4A36CD703FF0}"  -> {HKLM...CLSID} = "IPShellInstantiator Class"				   \InProcServer32\(Default) = "C:\WINDOWS\system32\iprepair.dll" ["Stardock.net, Inc"]HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\<<!>> "BootExecute" = "autocheck autochk *"|"lsdelete" [null data]HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\<<!>> dimsntfy\DLLName = "C:\WINDOWS\System32\dimsntfy.dll" [MS]<<!>> LBTWlgn\DLLName = "c:\program files\common files\logitech\bluetooth\LBTWlgn.dll" ["Logitech, Inc."]HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"  -> {HKLM...CLSID} = (no title provided)				   \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"  -> {HKLM...CLSID} = "PDF Shell Extension"				   \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Eset Smart Security - Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"  -> {HKLM...CLSID} = "Eset Smart Security - Context Menu Shell Extension"				   \InProcServer32\(Default) = "C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll" ["ESET"]WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"  -> {HKLM...CLSID} = "WinRAR"				   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"  -> {HKLM...CLSID} = "WinRAR"				   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Eset Smart Security - Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"  -> {HKLM...CLSID} = "Eset Smart Security - Context Menu Shell Extension"				   \InProcServer32\(Default) = "C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll" ["ESET"]ImageResizer\(Default) = "{2BB59FC0-31E8-42DA-9D3C-E9A52953853B}"  -> {HKLM...CLSID} = "ImageResizer Shell Extension"				   \InProcServer32\(Default) = "C:\PROGRA~1\VSO\IMAGER~1\RSZShell.dll" ["VSO Software"]UnlockerShellExtension\(Default) = "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}"  -> {HKLM...CLSID} = "UnlockerShellExtension"				   \InProcServer32\(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data]WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"  -> {HKLM...CLSID} = "WinRAR"				   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\UnlockerShellExtension\(Default) = "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}"  -> {HKLM...CLSID} = "UnlockerShellExtension"				   \InProcServer32\(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data]Group Policies {GPedit.msc branch and setting}:-----------------------------------------------Note: detected settings may not have any effect.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|Shutdown: Allow system to be shut down without having to log on}"undockwithoutlogon" = (REG_DWORD) dword:0x00000001{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|Devices: Allow undock without having to log on}Active Desktop and Wallpaper:-----------------------------Active Desktop may be disabled at this entry:HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellStateDisplayed if Active Desktop enabled and wallpaper not set by Group Policy:HKCU\Software\Microsoft\Internet Explorer\Desktop\General\"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"Displayed if Active Desktop disabled and wallpaper not set by Group Policy:HKCU\Control Panel\Desktop\"Wallpaper" = "C:\Documents and Settings\KiceK\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"Enabled Screen Saver:---------------------HKCU\Control Panel\Desktop\"SCRNSAVE.EXE" = "C:\WINDOWS\system32\logon.scr" [MS]Windows Portable Device AutoPlay Handlers-----------------------------------------HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\AlcoholAutoPlayV2.BurnDisc\"Provider" = "Alcohol 120%""InvokeProgID" = "AlcoholAutoPlayV2""InvokeVerb" = "BurnDisc"HKLM\SOFTWARE\Classes\AlcoholAutoPlayV2\shell\BurnDisc\command\(Default) = ""C:\Program Files\Alcohol Soft\Alcohol 120\Alcohol.bin" %1" ["Alcohol Soft Development Team"]AlcoholAutoPlayV2.ReadDisc\"Provider" = "Alcohol 120%""InvokeProgID" = "AlcoholAutoPlayV2""InvokeVerb" = "BurnDisc"HKLM\SOFTWARE\Classes\AlcoholAutoPlayV2\shell\BurnDisc\command\(Default) = ""C:\Program Files\Alcohol Soft\Alcohol 120\Alcohol.bin" %1" ["Alcohol Soft Development Team"]MPCPlayCDAudioOnArrival\"Provider" = "Media Player Classic""InvokeProgID" = "MediaPlayerClassic.Autorun""InvokeVerb" = "PlayCDAudio"HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayCDAudio\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1 /cd" ["Gabest"]MPCPlayDVDMovieOnArrival\"Provider" = "Media Player Classic""InvokeProgID" = "MediaPlayerClassic.Autorun""InvokeVerb" = "PlayDVDMovie"HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayDVDMovie\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1 /dvd" ["Gabest"]MPCPlayMusicFilesOnArrival\"Provider" = "Media Player Classic""InvokeProgID" = "MediaPlayerClassic.Autorun""InvokeVerb" = "PlayMusicFiles"HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayMusicFiles\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1" ["Gabest"]MPCPlayVideoFilesOnArrival\"Provider" = "Media Player Classic""InvokeProgID" = "MediaPlayerClassic.Autorun""InvokeVerb" = "PlayVideoFiles"HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayVideoFiles\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1" ["Gabest"]NeroAutoPlay2AudioToNeroDigital\"Provider" = "Nero Burning ROM""InvokeProgID" = "Nero.AutoPlay2""InvokeVerb" = "PlayCDAudioOnArrival_AudioToNeroDigital"HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\PlayCDAudioOnArrival_AudioToNeroDigital\command\(Default) = "C:\Program Files\Ahead\nero\nero.exe /Dialog:SaveTracksND  /Drive:%L" ["Ahead Software AG"]NeroAutoPlay2CDAudio\"Provider" = "Nero Express""InvokeProgID" = "Nero.AutoPlay2""InvokeVerb" = "HandleCDBurningOnArrival_CDAudio"HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\HandleCDBurningOnArrival_CDAudio\command\(Default) = "C:\Program Files\Ahead\nero\nero.exe /w /New:AudioCD /Drive:%L" ["Ahead Software AG"]NeroAutoPlay2CopyCD\"Provider" = "Nero Express""InvokeProgID" = "Nero.AutoPlay2""InvokeVerb" = "PlayCDAudioOnArrival_CopyCD"HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\PlayCDAudioOnArrival_CopyCD\command\(Default) = "C:\Program Files\Ahead\nero\nero.exe /w /Dialog:DiscCopy /Drive:%L" ["Ahead Software AG"]NeroAutoPlay2DataDisc\"Provider" = "Nero Express""InvokeProgID" = "Nero.AutoPlay2""InvokeVerb" = "HandleCDBurningOnArrival_DataDisc"HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\HandleCDBurningOnArrival_DataDisc\command\(Default) = "C:\Program Files\Ahead\nero\nero.exe /w /New:ISODisc /Drive:%L" ["Ahead Software AG"]NeroAutoPlay2LaunchNeroStartSmart\"Provider" = "Nero StartSmart""InvokeProgID" = "Nero.AutoPlay2""InvokeVerb" = "HandleCDBurningOnArrival_LaunchNeroStartSmart"HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\HandleCDBurningOnArrival_LaunchNeroStartSmart\command\(Default) = "C:\Program Files\Ahead\Nero StartSmart\NeroStartSmart.exe /AutoPlay /Drive:%L" ["Ahead Software AG"]NeroAutoPlay2RipCD\"Provider" = "Nero Burning ROM""InvokeProgID" = "Nero.AutoPlay2""InvokeVerb" = "PlayCDAudioOnArrival_RipCD"HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\PlayCDAudioOnArrival_RipCD\command\(Default) = "C:\Program Files\Ahead\nero\nero.exe /Dialog:SaveTracks  /Drive:%L" ["Ahead Software AG"]PDVDPlayCDAudioOnArrival\"Provider" = "PowerDVD""InvokeProgID" = "AudioCD""InvokeVerb" = "PlayWithPowerDVD"HKLM\SOFTWARE\Classes\AudioCD\shell\PlayWithPowerDVD\command\(Default) = ""C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" "%L"" ["CyberLink Corp."]PDVDPlayDVDMovieOnArrival\"Provider" = "PowerDVD""InvokeProgID" = "DVD""InvokeVerb" = "PlayWithPowerDVD"HKLM\SOFTWARE\Classes\DVD\shell\PlayWithPowerDVD\Command\(Default) = ""C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" "%l"" ["CyberLink Corp."]PDVDPlayVCDMovieOnArrival\"Provider" = "PowerDVD""InvokeProgID" = "VCD""InvokeVerb" = "PlayWithPowerDVD"HKLM\SOFTWARE\Classes\VCD\shell\PlayWithPowerDVD\Command\(Default) = ""C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" "%l"" ["CyberLink Corp."]VSOImageResizerAutoplay_741406\"Provider" = "VSO Image Resizer""InvokeProgID" = "VSOImageResizerAutoplay""InvokeVerb" = "VSOImageResizerAutoplay_741406"HKLM\SOFTWARE\Classes\VSOImageResizerAutoplay\shell\VSOImageResizerAutoplay_741406\command\(Default) = "C:\Program Files\VSO\Image Resizer\Resize.exe %L\" ["VSO Software SARL, France"]WinampMTPHandler\"Provider" = "Winamp""ProgID" = "Shell.HWEventHandlerShellExecute""InitCmdLine" = "C:\Program Files\Winamp\winamp.exe"HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"  -> {HKLM...CLSID} = "ShellExecute HW Event Handler"				   \LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]WinampPlayMediaOnArrival\"Provider" = "Winamp""InvokeProgID" = "Winamp.File""InvokeVerb" = "Play"HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\command\(Default) = ""C:\Program Files\Winamp\winamp.exe" "%1"" ["Nullsoft"]HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\DropTarget\CLSID = "{46986115-84D6-459c-8F95-52DD653E532E}"  -> {HKLM...CLSID} = (no title provided)				   \LocalServer32\(Default) = ""C:\Program Files\Winamp\winamp.exe"" ["Nullsoft"]Startup items in "KiceK" & "All Users" startup folders:-------------------------------------------------------C:\Documents and Settings\KiceK\Menu Start\Programy\Autostart"Adobe Gamma" -> shortcut to: "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]C:\Documents and Settings\All Users\Menu Start\Programy\Autostart"Logitech Desktop Messenger" -> shortcut to: "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe -startup" ["Logitech Inc."]"Logitech SetPoint" -> shortcut to: "C:\Program Files\Logitech\SetPoint\SetPoint.exe" ["Logitech, Inc."]Winsock2 Service Provider DLLs:-------------------------------Namespace Service ProvidersHKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]Transport Service ProvidersHKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05Toolbars, Explorer Bars, Extensions:------------------------------------ToolbarsHKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\"{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}"  -> {HKLM...CLSID} = "Megaupload Toolbar"				   \InProcServer32\(Default) = "C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL" ["MEGAUPLOAD								   "]"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"  -> {HKLM...CLSID} = "Yahoo! Toolbar"				   \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]"{ECDEE021-0D17-467F-A1FF-C7A115230949}"  -> {HKLM...CLSID} = "free-downloads.net Toolbar"				   \InProcServer32\(Default) = "C:\Program Files\free-downloads.net\tbfree.dll" ["Conduit Ltd."]HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided)  -> {HKLM...CLSID} = "Yahoo! Toolbar"				   \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]"{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}" = (no title provided)  -> {HKLM...CLSID} = "Megaupload Toolbar"				   \InProcServer32\(Default) = "C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL" ["MEGAUPLOAD								   "]"{ECDEE021-0D17-467F-A1FF-C7A115230949}" = "free-downloads.net Toolbar"  -> {HKLM...CLSID} = "free-downloads.net Toolbar"				   \InProcServer32\(Default) = "C:\Program Files\free-downloads.net\tbfree.dll" ["Conduit Ltd."]Explorer BarsHKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Badanie"Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]InProcServer32\(Default) = "F:\Programy\MSOFFI~1\OFFICE11\REFIEBAR.DLL" [MS]Extensions (Tools menu items, main toolbar menu buttons)HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\"MenuText" = "Sun Java Console""CLSIDExtension" = "{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}"  -> {HKCU...CLSID} = "Java Plug-in 1.6.0_05"				   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll" ["Sun Microsystems, Inc."]  -> {HKLM...CLSID} = "Java Plug-in 1.6.0_05"				   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll" ["Sun Microsystems, Inc."]{92780B25-18CC-41C8-B9BE-3C9C571A8263}\"ButtonText" = "Badanie"{E2E2DD38-D088-4134-82B7-F2BA38496583}\"MenuText" = "@xpsp3res.dll,-20001""Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]{FB5F1910-F110-11D2-BB9E-00C04F795683}\"ButtonText" = "Messenger""MenuText" = "Windows Messenger""Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]Miscellaneous IE Hijack Points------------------------------HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\<<H>> "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = "*ow" (unwritable string)  -> {HKLM...CLSID} = "Yahoo! Toolbar"				   \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]<<H>> "{ecdee021-0d17-467f-a1ff-c7a115230949}" = (no title provided)  -> {HKLM...CLSID} = "free-downloads.net Toolbar"				   \InProcServer32\(Default) = "C:\Program Files\free-downloads.net\tbfree.dll" ["Conduit Ltd."]HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\<<H>> "Tabs" = "C:\Documents and Settings\KiceK\Dane aplikacji\MEGAUPLOADTOOLBAR\tabwelcome.html" [null data]Running Services (Display Name, Service Name, Path {Service DLL}):------------------------------------------------------------------Cyberlink RichVideo Service(CRVS), RichVideo, ""C:\Program Files\CyberLink\Shared files\RichVideo.exe"" [empty string]Eset Service, ekrn, ""C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe"" ["ESET"]Lavasoft Ad-Aware Service, aawservice, ""C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe"" ["Lavasoft"]Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS]NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]StarWind AE Service, StarWindServiceAE, "C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe" ["Rocket Division Software"]Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]Print Monitors:---------------HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]---------- (launch time: 2008-06-17 16:37:26)<<!>>: Suspicious data at a malware launch point.<<H>>: Suspicious data at a browser hijack point.+ This report excludes default entries except where indicated.+ To see *everywhere* the script checks and *everything* it finds,  launch it from a command prompt or a shortcut with the -all parameter.+ The search for DESKTOP.INI DLL launch points on all local fixed drives  took 87 seconds.---------- (total run time: 108 seconds)

Wrzuciłem wszystko co mi programy podały. Jak coś źle to piszcie - poprawię.

Mateusz J.
komentarz
komentarz
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dllO2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dllO3 - Toolbar: (no name) - {37B85A29-692B-4205-9CAD-2626E4993404} - (no file)

Fix

C:\Program Files\free-downloads.net

Do usunięcia ręcznego z dysku.

Do notatnika wklej:

Windows Registry Editor Version 5.00[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager]"BootExecute"=hex(7):61,00,75,00,74,00,6f,00,63,00,68,00,65,00,63,00,6b,00,20,\00,61,00,75,00,74,00,6f,00,63,00,68,00,6b,00,20,00,2a,00,00,00,00,00

Plik ==> Zapisz jako ==> Zmień rozszerzenie na Wszystkie pliki ==> Zapisz pod nazwą FIX.REG

Uruchom utworzony plik FIX.REG i potwierdź dodanie do Rejestru i zresetuj komputer.

Poproszę loga z ComboFix.

Gość
komentarz
komentarz

Ale jesiona, ze mną jak z głupim. Jak tego loga z ComboFixa uzyskać?

snip91
komentarz
komentarz

Włączasz ComboFix, czekasz aż przeskanuje, potem wchodzisz na dysk C: i tam masz plik log.txt

Potem już chyba wiesz co trzeba z nim zrobić :)

Gość
komentarz
komentarz

A więc leci log z ComboFixa

ComboFix 08-06-16.5 - KiceK 2008-06-17 22:09:04.2 - NTFSx86Microsoft Windows XP Professional  5.1.2600.3.1250.1.1045.18.1563 [GMT 2:00]Running from: C:\Documents and Settings\KiceK\Pulpit\ComboFix.exe * Resident AV is active[b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b].(((((((((((((((((((((((((   Files Created from 2008-05-17 to 2008-06-17  ))))))))))))))))))))))))))))))).2008-06-17 21:44 . 2008-06-17 21:44	2,560	--a------	C:\WINDOWS\_MSRSTRT.EXE2008-06-17 16:31 . 2008-06-17 16:31	<DIR>	d--------	C:\Program Files\Trend Micro2008-06-14 23:20 . 2008-06-14 23:20	<DIR>	d--------	C:\Program Files\CalcMaster2008-06-14 15:28 . 2004-08-18 10:34	442,368	-ra------	C:\WINDOWS\system32\vp6vfw.dll2008-06-12 20:35 . 2008-06-12 20:36	<DIR>	d--------	C:\Program Files\ePSXee2008-06-12 20:35 . 2008-06-12 20:35	<DIR>	d--------	C:\Program Files\ePSXe2008-06-12 20:35 . 2008-06-12 20:46	1,251	--a------	C:\WINDOWS\kaillera.ini2008-06-12 13:20 . 2008-06-12 14:45	<DIR>	d--------	C:\Program Files\GoD2008-06-12 13:20 . 2008-06-12 13:20	<DIR>	d--------	C:\Downloaded2008-06-12 11:12 . 2008-06-12 11:12	<DIR>	d--------	C:\Documents and Settings\KiceK\Dane aplikacji\Media Player Classic2008-06-12 11:11 . 2008-06-12 11:11	<DIR>	d--------	C:\Program Files\K-Lite Codec Pack2008-06-11 13:13 . 2008-06-11 13:13	<DIR>	d--------	C:\Program Files\Lavasoft2008-06-11 13:13 . 2008-06-11 13:13	<DIR>	d--------	C:\Program Files\Common Files\Wise Installation Wizard2008-06-11 13:13 . 2008-06-11 13:14	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft2008-06-08 17:42 . 2008-06-08 17:43	<DIR>	d--------	C:\Program Files\SopCast2008-06-07 00:54 . 2008-06-07 00:54	<DIR>	d--------	C:\Documents and Settings\KiceK\Dane aplikacji\Gadu-Gadu-8xALPHA2008-06-07 00:53 . 2008-06-08 13:43	<DIR>	d--------	C:\WINDOWS\SxsCaPendDel2008-06-07 00:53 . 2008-06-07 00:54	<DIR>	d--------	C:\Program Files\Gadu-Gadu 8.02008-06-05 20:42 . 2008-06-05 20:46	<DIR>	d--------	C:\Program Files\RegCleaner2008-05-29 19:47 . 2008-02-22 13:30	334,792	--a------	C:\WINDOWS\system32\_AxShlEx.dll2008-05-29 19:43 . 2008-06-17 21:46	<DIR>	d--------	C:\Program Files\Conduit2008-05-29 19:43 . 2008-05-29 19:43	<DIR>	d--------	C:\Program Files\Alcohol Soft2008-05-27 14:01 . 2007-03-12 16:42	3,495,784	--a------	C:\WINDOWS\system32\d3dx9_33.dll2008-05-27 09:42 . 2008-05-27 09:42	<DIR>	d--------	C:\Program Files\foobar20002008-05-27 09:42 . 2008-06-14 18:55	<DIR>	d--------	C:\Documents and Settings\KiceK\Dane aplikacji\foobar20002008-05-26 21:36 . 2003-06-19 01:31	17,920	--a------	C:\WINDOWS\system32\mdimon.dll2008-05-26 21:36 . 2008-05-26 21:36	421	--a------	C:\WINDOWS\ODBC.INI2008-05-26 21:35 . 2008-05-26 21:35	<DIR>	d--------	C:\WINDOWS\SHELLNEW2008-05-26 21:35 . 2008-05-26 21:35	<DIR>	d--------	C:\Program Files\Microsoft.NET2008-05-26 21:35 . 2008-05-26 21:35	<DIR>	d--------	C:\Program Files\Microsoft Works2008-05-26 21:29 . 2008-05-26 21:29	<DIR>	d--------	C:\Program Files\DAEMON Tools Lite2008-05-26 21:26 . 2008-05-26 21:26	716,272	--a------	C:\WINDOWS\system32\drivers\sptd.sys2008-05-26 21:25 . 2008-05-26 21:25	<DIR>	d--------	C:\Documents and Settings\KiceK\Dane aplikacji\DAEMON Tools2008-05-26 15:35 . 2008-04-14 00:50	361,344	--a------	C:\WINDOWS\system32\drivers\tcpip.sys.old2008-05-24 17:48 . 2008-05-27 09:54	<DIR>	d--------	C:\Program Files\RocketDock2008-05-23 23:56 . 2008-05-23 23:56	<DIR>	d--------	C:\Program Files\AveDesk132008-05-23 23:54 . 2008-05-23 23:59	<DIR>	d--------	C:\Documents and Settings\KiceK\Dane aplikacji\AveDesk2008-05-21 10:01 . 2008-05-24 19:10	<DIR>	d--------	C:\Program Files\Thoosje Sidebar V2.32008-05-21 09:19 . 2008-04-14 22:50	219,648	--a------	C:\WINDOWS\system32\uxtheme.backup2008-05-21 09:01 . 2004-08-27 08:56	45,056	--a------	C:\WINDOWS\system32\iprepair.dll2008-05-19 13:32 . 2008-05-19 13:32	<DIR>	d--------	C:\Program Files\MegauploadToolbar2008-05-19 13:32 . 2008-05-19 13:32	<DIR>	d--------	C:\Documents and Settings\KiceK\Dane aplikacji\Yahoo!2008-05-19 13:32 . 2008-05-19 13:32	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Yahoo! Companion2008-05-19 13:31 . 2008-06-17 21:44	<DIR>	d--------	C:\Documents and Settings\KiceK\Dane aplikacji\MegauploadToolbar.((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-06-17 20:04	---------	d---a-w	C:\Documents and Settings\All Users\Dane aplikacji\TEMP2008-06-17 13:20	---------	d-----w	C:\Program Files\Video Convert Master2008-06-13 18:31	---------	d-----w	C:\Program Files\Opera2008-06-13 17:01	---------	d-----w	C:\Program Files\SpeedFan2008-06-11 20:33	---------	d-----w	C:\Documents and Settings\KiceK\Dane aplikacji\VSO2008-06-11 10:42	---------	d-----w	C:\Program Files\Winamp2008-05-26 22:40	107,888	----a-w	C:\WINDOWS\system32\CmdLineExt.dll2008-05-22 09:47	---------	d--h--w	C:\Program Files\InstallShield Installation Information2008-05-21 12:54	163,712	----a-w	C:\WINDOWS\system32\drivers\vidstub.sys2008-05-21 07:19	219,648	----a-w	C:\WINDOWS\system32\uxtheme.dll2008-05-16 20:38	---------	d-----w	C:\Documents and Settings\All Users\Dane aplikacji\LogiShrd2008-05-16 20:03	---------	d-----w	C:\Program Files\Yahoo!2008-05-16 20:03	---------	d-----w	C:\Program Files\Common Files\Scanner2008-05-16 20:02	---------	d-----w	C:\Program Files\Common Files\Logitech2008-05-16 20:02	---------	d-----w	C:\Program Files\Common Files\Logishrd2008-05-16 20:02	---------	d-----w	C:\Documents and Settings\KiceK\Dane aplikacji\InstallShield2008-05-16 09:58	12,632	----a-w	C:\WINDOWS\system32\lsdelete.exe2008-05-10 16:14	---------	d-----w	C:\Program Files\BitDownload2008-04-29 09:20	15,648	----a-w	C:\WINDOWS\system32\drivers\NSDriver.sys2008-04-29 09:19	15,648	----a-w	C:\WINDOWS\system32\drivers\Awrtrd.sys2008-04-29 09:19	12,960	----a-w	C:\WINDOWS\system32\drivers\Awrtpd.sys2008-04-28 14:41	---------	d-----w	C:\Program Files\RivaTuner v2.082008-04-26 21:26	---------	d-----w	C:\Program Files\Lavalys2008-04-17 17:53	---------	d-----w	C:\Program Files\DeskSpace2008-04-17 17:49	---------	d-----w	C:\Program Files\AquaMark32008-04-14 21:16	1,804	----a-w	C:\WINDOWS\system32\dcache.bin2008-04-14 20:56	332,288	----a-w	C:\WINDOWS\system32\netsetup.exe2008-04-14 20:52	92,424	----a-w	C:\WINDOWS\system32\rdpdd.dll2008-04-14 20:52	87,176	----a-w	C:\WINDOWS\system32\rdpwsx.dll2008-04-14 20:52	12,168	----a-w	C:\WINDOWS\system32\tsddd.dll2008-04-14 20:50	999,936	-c--a-w	C:\WINDOWS\system32\syssetup.dll2008-04-14 20:49	98,304	----a-w	C:\WINDOWS\system32\actxprxy.dll2008-04-14 20:48	5,632	----a-w	C:\WINDOWS\system32\wmi.dll2008-04-14 20:48	1,449,472	----a-w	C:\WINDOWS\system32\winntbbu.dll2008-04-14 20:47	57,375	----a-w	C:\WINDOWS\system32\odbcji32.dll2008-04-14 20:47	103,424	----a-w	C:\WINDOWS\system32\dpcdll.dll2008-04-14 20:43	4,126	----a-w	C:\WINDOWS\system32\msdxmlc.dll2008-04-14 20:42	3,584	----a-w	C:\WINDOWS\system32\msafd.dll2008-04-14 20:36	3,584	----a-w	C:\WINDOWS\system32\icmp.dll2008-04-14 20:35	9,344	----a-w	C:\WINDOWS\system32\framebuf.dll2008-04-14 20:35	569,856	----a-w	C:\WINDOWS\system32\gpedit.dll2008-04-14 20:33	3,072	----a-w	C:\WINDOWS\system32\dpnlobby.dll2008-04-14 20:33	3,072	----a-w	C:\WINDOWS\system32\dpnaddr.dll2008-04-14 20:33	24,064	----a-w	C:\WINDOWS\system32\pidgen.dll2008-04-14 20:31	16,896	----a-w	C:\WINDOWS\system32\cfgmgr32.dll2008-04-14 20:30	285,696	----a-w	C:\WINDOWS\system32\atmfd.dll2008-04-14 19:59	2,146,816	-c--a-w	C:\WINDOWS\system32\ntoskrnl.exe2008-04-14 19:59	2,025,472	-c--a-w	C:\WINDOWS\system32\ntkrnlpa.exe2008-04-14 19:55	4,096	----a-w	C:\WINDOWS\system32\dsprpres.dll2008-04-14 19:52	89,600	------w	C:\WINDOWS\system32\msxml6r.dll2008-04-14 19:50	80,896	------w	C:\WINDOWS\system32\msshavmsg.dll2008-04-14 19:45	49,664	----a-w	C:\WINDOWS\system32\inetres.dll2008-04-14 19:45	2,977,792	-c--a-w	C:\WINDOWS\system32\wmploc.dll2008-04-14 19:43	563,200	-c--a-w	C:\WINDOWS\system32\shdoclc.dll2008-04-14 19:39	190,976	----a-w	C:\WINDOWS\system32\wmerror.dll2008-04-14 19:37	10,240	----a-w	C:\WINDOWS\system32\gpkrsrc.dll2008-04-14 19:35	67,584	----a-w	C:\WINDOWS\system32\browselc.dll2008-04-14 19:35	1,845,888	----a-w	C:\WINDOWS\system32\win32k.sys2008-04-14 19:32	57,344	----a-w	C:\WINDOWS\system32\mshtmler.dll2008-04-14 19:29	8,192	----a-w	C:\WINDOWS\system32\asferror.dll2008-04-13 22:15	17,664	----a-w	C:\WINDOWS\system32\watchdog.sys2008-04-13 22:13	9,728	------w	C:\WINDOWS\system32\comsdupd.exe2008-04-13 22:13	12,800	----a-w	C:\WINDOWS\system32\spiisupd.exe2008-04-13 22:10	427,008	----a-w	C:\WINDOWS\system32\xpob2res.dll2008-04-13 22:08	2,953,216	-c--a-w	C:\WINDOWS\system32\xpsp2res.dll2008-04-13 22:05	194,560	-c--a-w	C:\WINDOWS\system32\xpsp1res.dll2008-04-13 22:01	7,424	----a-w	C:\WINDOWS\system32\kd1394.dll2008-04-13 22:00	61,440	----a-w	C:\WINDOWS\system32\msvcrt40.dll2008-04-13 21:07	208,384	----a-w	C:\WINDOWS\system32\rsaenh.dll2008-04-13 21:07	138,752	----a-w	C:\WINDOWS\system32\dssenh.dll2008-04-13 20:56	12,288	----a-w	C:\WINDOWS\system32\odbcp32r.dll2008-04-13 20:56	12,288	----a-w	C:\WINDOWS\system32\mscpx32r.dll2008-04-13 20:51	733,696	----a-w	C:\WINDOWS\system32\qedwipes.dll2008-04-13 20:18	1,647,616	-c--a-w	C:\WINDOWS\system32\winbrand.dll2008-04-13 20:15	216,064	-c--a-w	C:\WINDOWS\system32\moricons.dll2008-04-13 19:53	48,128	----a-w	C:\WINDOWS\system32\msprivs.dll2008-04-13 19:09	884,736	----a-w	C:\WINDOWS\system32\msimsg.dll2008-03-31 21:25	682,496	----a-w	C:\WINDOWS\system32\divx.dll2008-03-28 17:41	7,680	----a-w	C:\WINDOWS\system32\ff_vfw.dll2008-03-21 20:30	3,596,288	----a-w	C:\WINDOWS\system32\qt-dx331.dll2008-03-21 20:28	81,920	----a-w	C:\WINDOWS\system32\dpl100.dll2008-03-04 08:23	81,920	----a-w	C:\Documents and Settings\KiceK\Dane aplikacji\ezpinst.exe2008-03-04 08:23	47,360	----a-w	C:\Documents and Settings\KiceK\Dane aplikacji\pcouffin.sys.(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 22:51 15360]"SpeedX"="C:\PROGRA~1\MyPortal\Speed-X\SpeedX.exe" [2006-06-27 14:11 46718]"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-02-14 01:09 486856]"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-05-29 19:47 4608]"Fraps"="C:\FRAPS\FRAPS.EXE" [2008-01-14 14:18 3182248][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RTHDCPL"="RTHDCPL.EXE" [2007-06-13 08:49 16377344 C:\WINDOWS\RTHDCPL.exe]"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]"nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe]"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-09-07 19:19 15872]"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 02:06 487424]"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 09:21 1443072]"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 03:10 55824 C:\WINDOWS\KHALMNPR.Exe]"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 14:06 40048]"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 22:57 30208]"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-05-18 11:29 49152][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 22:51 15360]C:\Documents and Settings\KiceK\Menu Start\Programy\Autostart\Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-03-14 23:25:45 67128]Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-05-16 22:02:42 784912][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]c:\program files\common files\logitech\bluetooth\LBTWlgn.dll 2007-11-15 10:10 72208 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"VIDC.YV12"= yv12vfw.dll[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]@=""[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]--a--c--- 2008-01-16 00:54 37376 C:\Program Files\Winamp\winampa.exe[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="C:\\Program Files\\Gadu-Gadu\\gg.exe"="F:\\Gry\\Atari\\Test Drive Unlimited\\TestDriveUnlimited.exe"="C:\\Program Files\\BearShare\\BearShare.exe"="C:\\Program Files\\BitSpirit\\BitSpirit.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="C:\\Program Files\\Gadu-Gadu 8.0\\gg.exe"="C:\\Program Files\\SopCast\\SopCast.exe"="C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"8461:TCP"= 8461:TCP:GoD High Port"8462:TCP"= 8462:TCP:GoD Low PortR1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-12-21 09:21]S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [2008-03-17 00:00]S3 GPU-Z;GPU-Z;C:\DOCUME~1\KiceK\USTAWI~1\Temp\GPU-Z.sys []S3 SetupNTGLM7X;SetupNTGLM7X;G:\NTGLM7X.sys []S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 00:15]*Newly Created Service* - CATCHME.**************************************************************************catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-06-17 22:09:53Windows 5.1.2600 Dodatek Service Pack 3 NTFSscanning hidden processes ... scanning hidden autostart entries ...scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ASFWHide]"ImagePath"="\??\C:\DOCUME~1\KiceK\USTAWI~1\Temp\ASFWHide"[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EverestDriver]"ImagePath"="\??\C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt".Completion time: 2008-06-17 22:10:29ComboFix-quarantined-files.txt  2008-06-17 20:10:24Pre-Run: 4,511,854,592 bajtów wolnychPost-Run: 4,500,381,696 bajtów wolnych217
Mateusz J.
komentarz
komentarz

Log czysty :)

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.