talatala utworzono 16 sierpnia 2008 utworzono 16 sierpnia 2008 witam:) mam problem:( na pasku wyskakuje mi dymek z napisem ,,you have a security probem" i nie umiem sie tego pozbyc:( czytalam juz duzo na ten temat jednak nie bardzo wiem jak sobie z tym poradzic bo nie znam sie na komputerach:/ wiem ze trzeba to zrobic poprzez ten program HijackThis ale nie wiem dokonca jak:( prosze o POMOC!! bylabym wdzieczna jesli ktos napisze mi jak zrobic to krok po kroku pozdrawiam:)
Mateusz J. komentarz 16 sierpnia 2008 komentarz 16 sierpnia 2008 HijackThis i Silent Runners opis: http://www.forumpc.pl/index.php?showtopic=11017 ComboFix opis: http://www.forumpc.pl/index.php?showtopic=11018
talatala komentarz 16 sierpnia 2008 Autor komentarz 16 sierpnia 2008 posiadam ten program HijackThis i wiem ze tam sie robi jakies logi i usowa sie jakies pliki ale skad mam wiedziec ktore sa zle?? wiem ze inni wklejac na forum swoje logi i ktos rozpoznawal te zle pliki;/
Mateusz J. komentarz 16 sierpnia 2008 komentarz 16 sierpnia 2008 talatala Link, który podałem, czyli: http://www.forumpc.pl/index.php?showtopic=11017 zawiera poradnik, który pomoże Ci wykonać loga, pokaż go na forum ja lub kto inny go z pewnością sprawdzi
talatala komentarz 16 sierpnia 2008 Autor komentarz 16 sierpnia 2008 Logfile of HijackThis v1.99.1Scan saved at 16:46:38, on 16.08.2008Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\SOUNDMAN.EXEC:\Program Files\Winamp\winampa.exeC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\Program Files\Java\jre1.6.0_03\bin\jusched.exeC:\Program Files\ScanSoft\PaperPort\pptd40nt.exeC:\Program Files\Brother\Brmfcmon\BrMfcWnd.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\Messenger\msmsgs.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Brother\ControlCenter3\brccMCtl.exeC:\DOCUME~1\Natalia\USTAWI~1\Temp\setup1018.exeC:\Program Files\Brother\Brmfcmon\BrMfcmon.exeC:\DOCUME~1\Natalia\USTAWI~1\Temp\4E.tmpC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Alwil Software\Avast4\ashMaiSv.exeC:\Program Files\Alwil Software\Avast4\ashWebSv.exeC:\Program Files\Mozilla Firefox\firefox.exeE:\Gadu-Gadu\gg.exeC:\Documents and Settings\Natalia\Pulpit\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssbR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = L1czaR3 - URLSearchHook: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - (no file)O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dllO2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dllO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWndO4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXEO4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exeO4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -bootO4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"O4 - HKLM\..\Run: [indexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Dane aplikacji\ScanSoft\PaperPort\11\Config\Ereg\Ereg.iniO4 - HKLM\..\Run: [brMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUNO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorunO4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [somefox] C:\DOCUME~1\Natalia\USTAWI~1\Temp\setup1018.exeO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htmO8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htmO8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htmO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dllO9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Mateusz J. komentarz 16 sierpnia 2008 komentarz 16 sierpnia 2008 Krok 1 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssbR3 - URLSearchHook: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - (no file)O4 - HKCU\..\Run: [somefox] C:\DOCUME~1\Natalia\USTAWI~1\Temp\setup1018.exeO9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing) Uruchom HijackThis. Kliknij Do a system scan only. Zaznaczasz kwadraciki obok wpisów, które podałem wyżej. Klikasz Fix checked. Krok 2* Uruchom Mój komputer. Przejdź do zakładki Narzędzia, wybierz opcje folderów. Następnie przejdź do zakładki Widok. Zaznacz pokaż ukryte pliki i foldery, kliknij ok. Przejdź do folderu: C:\Documents and Settings\Natalia\Ustawienia lokalne\Temp i usuń całą jego zawartość. Następnie ponownie wykonaj: Uruchom Mój komputer. Przejdź do zakładki Narzędzia, wybierz opcje folderów. Następnie przejdź do zakładki Widok. I tym razem odznacz pokaż ukryte pliki i foldery i zatwierdź wprowadzone zmiany klikając ok. Krok 3 Pobierz program ComboFix i utwórz z niego loga. Opis tworzenia loga: http://www.forumpc.pl/index.php?showtopic=11018 Utworzony log pokaż na forum. *Do wykonania Kroku 2 może być konieczność pracy w Trybie Awaryjnym.
talatala komentarz 16 sierpnia 2008 Autor komentarz 16 sierpnia 2008 jeden plik mi sie nie chce usonac w tym folderze TEMP nazwa pliku ,,4E.tmp"
Mateusz J. komentarz 16 sierpnia 2008 komentarz 16 sierpnia 2008 *Do wykonania Kroku 2 może być konieczność pracy w Trybie Awaryjnym. Nie usuwaj tego pliku. ComboFix i tak nam na pewno pokaże nowe pliki do usunięcia. Także usuniemy je później wraz z innymi.
talatala komentarz 16 sierpnia 2008 Autor komentarz 16 sierpnia 2008 ComboFix 08-08-15.04 - Natalia 2008-08-16 17:18:34.1 - NTFSx86Microsoft Windows XP Home Edition 5.1.2600.2.1250.48.1045.18.651 [GMT 2:00]Running from: C:\Documents and Settings\Natalia\Pulpit\ComboFix.exe * Created a new restore point[b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b].((((((((((((((((((((((((( Files Created from 2008-07-16 to 2008-08-16 ))))))))))))))))))))))))))))))).2008-08-16 00:51 . 2008-08-16 00:51 <DIR> d-------- C:\Program Files\GIMP-2.02008-08-16 00:28 . 2008-08-16 13:34 <DIR> d-------- C:\Documents and Settings\Natalia\Dane aplikacji\gtk-2.02008-08-16 00:28 . 2008-08-16 00:28 <DIR> d-------- C:\Documents and Settings\Natalia\.thumbnails2008-08-16 00:25 . 2008-08-16 13:34 <DIR> d-------- C:\Documents and Settings\Natalia\.gimp-2.42008-08-06 17:15 . 2007-01-25 17:16 94,208 -r------- C:\WINDOWS\system32\BrDctF2.dll2008-08-06 17:15 . 2007-01-15 21:54 12,288 -r------- C:\WINDOWS\system32\BrDctF2S.dll2008-08-06 17:15 . 2007-01-15 18:56 12,288 -r------- C:\WINDOWS\system32\BrDctF2L.dll2008-08-06 17:14 . 2008-08-06 17:14 <DIR> d-------- C:\Documents and Settings\Natalia\Dane aplikacji\InstallShield2008-08-06 17:14 . 2006-12-28 13:39 176,128 --------- C:\WINDOWS\system32\BroSNMP.dll2008-08-06 17:14 . 2007-01-18 13:51 163,840 --------- C:\WINDOWS\system32\NSSearch.dll2008-08-06 17:14 . 2004-10-21 01:00 6,222 --------- C:\WINDOWS\CVRPAGE.BMP2008-08-05 11:32 . 2008-08-05 11:32 <DIR> d-------- C:\Documents and Settings\Natalia\Dane aplikacji\AdobeUM.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-08-16 11:42 --------- d--h--w C:\Program Files\InstallShield Installation Information2008-08-06 15:15 --------- d-----w C:\Program Files\Brother2008-07-07 20:33 253,952 ----a-w C:\WINDOWS\system32\es.dll2008-06-28 08:54 --------- d-----w C:\Program Files\Tlen.pl2008-06-28 08:54 --------- d-----w C:\Documents and Settings\Natalia\Dane aplikacji\Tlen.pl2008-06-24 16:24 74,240 ----a-w C:\WINDOWS\system32\mscms.dll2008-06-23 15:41 662,016 ----a-w C:\WINDOWS\system32\wininet.dll2008-06-20 17:42 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys2008-06-16 15:46 713,728 ----a-w C:\WINDOWS\system32\opengl32.dll.tmp2008-06-16 09:16 --------- d-----w C:\Documents and Settings\Natalia\Dane aplikacji\Microsoft Games2008-06-16 09:16 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Games.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-27 18:53 68856]"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2003-12-13 02:50 33792]"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 16:38 78008]"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 10:03 210472]"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-29 22:12 30248]"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-29 22:10 46632]"PPort11reminder"="C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 14:46 255528]"BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-12 14:51 663552]"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]"ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 15:58 65536]"nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe]"SoundMan"="SOUNDMAN.EXE" [2005-09-22 10:42 90112 C:\WINDOWS\SOUNDMAN.EXE][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 14:00 15360]"Picasa Media Detector"="D:\programy\Picasa2\PicasaMediaDetector.exe" [2007-09-28 03:17 443968]C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 07:05:26 29696][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"VIDC.ACDV"= ACDV.dll[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="E:\\Gadu-Gadu\\gg.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\eMule\\emule.exe"="D:\\GRY\\The Heat of War\\System\\Iwo.exe"="C:\\Program Files\\BitComet\\BitComet.exe"="D:\\GRY\\zoo\\zt.exe"="C:\\Program Files\\Tlen.pl\\tlen.exe"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"27650:TCP"= 27650:TCP:BitComet 27650 TCP"27650:UDP"= 27650:UDP:BitComet 27650 UDPR1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 16:35]R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]*Newly Created Service* - CATCHME*Newly Created Service* - PROCEXP90.- - - - ORPHANS REMOVED - - - -HKLM-Run-Cmaudio - cmicnfg.cplHKLM-Run-NWEReboot - (no file).------- Supplementary Scan -------.FireFox -: Profile - C:\Documents and Settings\Natalia\Dane aplikacji\Mozilla\Firefox\Profiles\65n1ln0a.default\FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official**************************************************************************catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-08-16 17:20:39Windows 5.1.2600 Dodatek Service Pack 2 NTFSscanning hidden processes ... scanning hidden autostart entries ...scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************.Completion time: 2008-08-16 17:21:29ComboFix-quarantined-files.txt 2008-08-16 15:21:27Pre-Run: 8,643,063,808 bajtów wolnychPost-Run: 8,667,168,768 bajtów wolnych110 --- E O F --- 2008-08-15 18:12:48
Gość komentarz 16 sierpnia 2008 komentarz 16 sierpnia 2008 Ja nie widzę nic szkodliwego. Usuń ręcznie folder C:\Qoobox Usuń instalkę ComboFix z dysku. Wykonaj optymalizację autostartu Przeczyść komputer Ccleanerem Wyłącz i włącz przywracanie systemu na wszystkich dyskach.Instrukcja Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum. lub Dr.WEB CureIt!. //nie używaj kolorów //vocativus
Mateusz J. komentarz 16 sierpnia 2008 komentarz 16 sierpnia 2008 Co dziwne log jest czysty. Wejdź w Tryb Awaryjny i wykonaj ponownie Krok 2. Na koniec log z HijackThis. Czy komunikat nadal się pokazuje? Z Regulaminu: Sporządzone logi z programów, należy stawiać w tagi: [*codebox]Tutaj umieść log[*/codebox]. Usuwamy w poście gwiazdki (*).
talatala komentarz 16 sierpnia 2008 Autor komentarz 16 sierpnia 2008 on sie juz nie pokazuje odkad zrobilam to przez ten program ComboFix czy to znaczy ze wszystko jest juz ok??
talatala komentarz 16 sierpnia 2008 Autor komentarz 16 sierpnia 2008 juz tego nie ma :lol: :lol: :lol: Bardzo ale to bardzo dziekuje:*:*:* Jesiona jestes WIELKI pozdrawiam i jeszcze raz dziekuje:)
Patka komentarz 22 grudnia 2008 komentarz 22 grudnia 2008 witam:)ja mam taki samproblem:( na pasku wyskakuje mi dymek z napisem ,,you have a security probem" mógłóby mi ktoś jaknajszybciej sprawdzić proszę proszę Logfile of Trend Micro HijackThis v2.0.2Scan saved at 21:57:45, on 2008-12-22Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\SYSTEM32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeE:\anttttttiiiiiiii\ekrn.exeC:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exeC:\WINDOWS\SOUNDMAN.EXEC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\WINDOWS\VM305_STI.EXEC:\PROGRA~1\NEOSTR~1\CnxMon.exeC:\PROGRA~1\NEOSTR~1\TaskbarIcon.exeC:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exeC:\Program Files\Java\jre1.6.0_07\bin\jusched.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\Winamp\winampa.exeE:\anttttttiiiiiiii\egui.exeC:\WINDOWS\system32\IoctlSvc.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\Picasa2\PicasaMediaDetector.exeC:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exeC:\Program Files\Skype\Phone\Skype.exeC:\WINDOWS\system32\svchost.exeC:\DOCUME~1\MAZURE~1.MAZ\USTAWI~1\Temp\xxx1241.exeC:\Program Files\Ares\Ares.exeC:\DOCUME~1\MAZURE~1.MAZ\USTAWI~1\Temp\336.tmp.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exeC:\DOCUME~1\MAZURE~1.MAZ\USTAWI~1\Temp\~tmpe.exeC:\WINDOWS\system32\wscntfy.exeC:\Program Files\Common Files\Nero\Lib\NMIndexingService.exeC:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exeC:\Program Files\Neostrada TP\NeostradaTP.exeC:\Program Files\Neostrada TP\ComComp.exeC:\Program Files\Neostrada TP\Watch.exeC:\Program Files\Common Files\Teleca Shared\Generic.exeC:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exeC:\Program Files\Opera\Opera.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssbR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TPR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ŁączaR3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLLR3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing)O2 - BHO: LexlibPlugin - {1094613F-84B6-4131-AEC1-71DF88291044} - C:\WINDOWS\system32\pllib.dll (file missing)O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLLO2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\WINDOWS\system32\msxml71.dllO2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dllO2 - BHO: HTML module - {74EBCFFB-AF2D-4dd4-A9BC-2AC12864B3EC} - C:\WINDOWS\system32\mshtml90.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO2 - BHO: searchersmart search enhancer - {7CBC762A-0303-DED2-E9D8-A51A10A597EE} - C:\WINDOWS\system32\cgufdphxmculhkf.dll (file missing)O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing)O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dllO2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing)O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dllO3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLLO3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing)O3 - Toolbar: (no name) - {37B85A29-692B-4205-9CAD-2626E4993404} - (no file)O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dllO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXEO4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exeO4 - HKLM\..\Run: [bigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exeO4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exeO4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exeO4 - HKLM\..\Run: [bearShare] "C:\Program Files\BearShare\BearShare.exe" /pauseO4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptionsO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"O4 - HKLM\..\Run: [Office register] C:\Program Files\Common Files\Microsoft Shared\Office10\MSOICON.EXEO4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exeO4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"O4 - HKLM\..\Run: [e-Kiosk] "C:\Program Files\e-Kiosk Reader\eGazetaST.exe"O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdyqp.exe] C:\WINDOWS\system32\kdyqp.exeO4 - HKLM\..\Run: [egui] "E:\anttttttiiiiiiii\egui.exe" /hide /waitserviceO4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInitO4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /trayO4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exeO4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exeO4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimizedO4 - HKCU\..\Run: [MSFox] C:\DOCUME~1\MAZURE~1.MAZ\USTAWI~1\Temp\xxx1241.exeO4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -hO4 - HKCU\..\Run: [Cognac] C:\DOCUME~1\MAZURE~1.MAZ\USTAWI~1\Temp\336.tmp.exeO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeO4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exeO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=23100O17 - HKLM\System\CCS\Services\Tcpip\..\{2914DA97-4339-41C0-8BE6-D88A541065F6}: NameServer = 194.204.159.1 217.98.63.164O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exeO23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: Eset HTTP Server (EhttpSrv) - ESET - E:\anttttttiiiiiiii\EHttpSrv.exeO23 - Service: Eset Service (ekrn) - ESET - E:\anttttttiiiiiiii\ekrn.exeO23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exeO23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exeO23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exeO23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe--End of file - 10233 bytes
Mateusz J. komentarz 22 grudnia 2008 komentarz 22 grudnia 2008 O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing)O3 - Toolbar: (no name) - {37B85A29-692B-4205-9CAD-2626E4993404} - (no file)O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll Fix checked w Hijackthis. http://download.bleepingcomputer.com/sUBs/ComboFix.exe' rel="external nofollow"> Pobierz program ComboFix. Do notatnika wklej: File::C:\WINDOWS\system32\msxml71.dllC:\WINDOWS\system32\mshtml90.dllC:\WINDOWS\system32\kdyqp.exeC:\DOCUME~1\MAZURE~1.MAZ\USTAWI~1\Temp\336.tmp.exeC:\DOCUME~1\MAZURE~1.MAZ\USTAWI~1\Temp\xxx1241.exeFolder::C:\Program Files\BearShare ApplicationsRegistry::[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]"{9CB65206-89C4-402c-BA80-02D8C59F9B1D}"=-[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1094613F-84B6-4131-AEC1-71DF88291044}][-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{500BCA15-57A7-4eaf-8143-8C619470B13D}][-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}][-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74EBCFFB-AF2D-4dd4-A9BC-2AC12864B3EC}][-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\7CBC762A-0303-DED2-E9D8-A51A10A597EE}][-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9CB65201-89C4-402c-BA80-02D8C59F9B1D}][-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FE063DB1-4EC0-403e-8DD8-394C54984B2C}][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "C:\WINDOWS\system32\kdyqp.exe"=-[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSFox"=-"Cognac"=- W notatniku zakladka Plik ==> Zapisz jako ==> zapisz pod nazwą CFScript.txt i zapisz go w tym katalogu co ściągnięty i zapisany został combofix Na ikonę ComboFix przeciągasz zrobiony plik CFScript.txt Tak jak na obrazku: Rozpocznie się usuwanie i powstanie log , który pokazujesz na forum.
Patka komentarz 23 grudnia 2008 komentarz 23 grudnia 2008 Dziękuje Ci Jesiona bardzo bardzo już to się nie pokazuje;)))) Jesteś wielki ale dla pewności wysylam jeszcze ten log prosze sprawdź mi;* ComboFix 08-12-21.04 - mazurek 2008-12-23 10:59:24.1 - [b]FAT32[/b]x86Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.511.176 [GMT 1:00]Uruchomiony z: c:\documents and settings\mazurek.MAZUREK-639CF42\Pulpit\Nowy folder\ComboFix.exe[b]UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !![/b].((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))).c:\documents and settings\All Users.WINDOWS\Dane aplikacji\Solt Lake Softwarec:\documents and settings\mazurek.MAZUREK-639CF42\Ustawienia lokalne\Temporary Internet Files\[u]0[/u]05B0CEE_9E44_4874_BB3A_AA90BF414B9B.gifc:\documents and settings\mazurek.MAZUREK-639CF42\Ustawienia lokalne\Temporary Internet Files\[u]0[/u]1166880_8BC0_4d39_A5B3_2B79D15BD947.gifc:\documents and settings\mazurek.MAZUREK-639CF42\Ustawienia lokalne\Temporary Internet Files\1F48DC7F-5AAB-4068-94FB-28260DD487DD.gifc:\documents and settings\mazurek.MAZUREK-639CF42\Ustawienia lokalne\Temporary Internet Files\224C20AC-2B10-4f47-A087-071DF48FA255.gifc:\documents and settings\mazurek.MAZUREK-639CF42\Ustawienia lokalne\Temporary Internet Files\A9C3BB22_B095_4bb9_A4FD_1CB3643AF9A0.jpgc:\documents and settings\mazurek.MAZUREK-639CF42\Ustawienia lokalne\Temporary Internet Files\ADED7C5B-E485-4485-8089-5F2E2DE42E91.gifc:\documents and settings\mazurek.MAZUREK-639CF42\Ustawienia lokalne\Temporary Internet Files\B12B218E_7A00_457d_BC82_2757D4C18CC1.gifc:\documents and settings\mazurek.MAZUREK-639CF42\Ustawienia lokalne\Temporary Internet Files\C82F82E3_1710_4965_ACF4_176308ED93A5.gifc:\documents and settings\mazurek.MAZUREK-639CF42\Ustawienia lokalne\Temporary Internet Files\D0FE389E_400B_440b_9071_2587A57961E3.gifc:\documents and settings\mazurek.MAZUREK-639CF42\Ustawienia lokalne\Temporary Internet Files\D376F538-6C5D-41ae-B596-C030BE6366B7.gifc:\documents and settings\mazurek.MAZUREK-639CF42\Ustawienia lokalne\Temporary Internet Files\DE6B7F39_B028_48ef_8D77_5471C7278A14.gifc:\documents and settings\mazurek.MAZUREK-639CF42\Ustawienia lokalne\Temporary Internet Files\E293A409_F14F_4c04_962F_4FE36C7CDD9F.jpgc:\documents and settings\mazurek.MAZUREK-639CF42\Ustawienia lokalne\Temporary Internet Files\E99CE768_8677_4652_B475_BA6BE092A64A.gifc:\documents and settings\mazurek.MAZUREK-639CF42\Ustawienia lokalne\Temporary Internet Files\F3FCCA3A_1396_4121_84BC_C7AA4524D721.gifc:\documents and settings\mazurek.MAZUREK-639CF42\Ustawienia lokalne\Temporary Internet Files\FE560CBF_28CF_4906_A438_C86C6CA84F93.gifC:\resycledc:\windows\rs.txtc:\windows\system32\ieupdates.exe.tmpc:\windows\system32\msxml71.dllc:\windows\system32\qgB03q82.exe.a_aD:\resycledE:\resycledF:\resycled.((((((((((((((((((((((((( Pliki utworzone od 2008-11-23 do 2008-12-23 ))))))))))))))))))))))))))))))).2008-12-23 10:47 . 2008-12-18 06:17 <DIR> d-------- C:\32788R22FWJFW.0.tmp2008-12-23 00:17 . 2008-12-23 00:58 540,672 --ahs---- c:\windows\system32\drivers\fidbox.dat2008-12-23 00:17 . 2008-12-23 00:42 96,976 --a------ c:\windows\system32\drivers\klin.dat2008-12-23 00:17 . 2008-12-23 00:42 87,855 --a------ c:\windows\system32\drivers\klick.dat2008-12-23 00:17 . 2008-12-23 00:58 2,336 --ahs---- c:\windows\system32\drivers\fidbox.idx2008-12-23 00:17 . 2008-12-23 00:58 544 --ahs---- c:\windows\system32\drivers\fidbox2.dat2008-12-23 00:17 . 2008-12-23 00:58 32 --ahs---- c:\windows\system32\drivers\fidbox2.idx2008-12-22 23:59 . 2004-08-04 00:44 21,504 --a------ c:\windows\system32\hidserv.dll2008-12-22 23:59 . 2004-08-04 00:44 21,504 --a------ c:\windows\system32\dllcache\hidserv.dll2008-12-22 23:59 . 2004-08-04 00:38 14,848 --a------ c:\windows\system32\drivers\kbdhid.sys2008-12-22 23:59 . 2004-08-04 00:38 14,848 --a------ c:\windows\system32\dllcache\kbdhid.sys2008-12-22 23:58 . 2004-08-03 23:08 36,224 --a------ c:\windows\system32\drivers\hidclass.sys2008-12-22 23:58 . 2004-08-03 23:08 36,224 --a------ c:\windows\system32\dllcache\hidclass.sys2008-12-22 23:58 . 2004-08-03 23:08 24,960 --a------ c:\windows\system32\drivers\hidparse.sys2008-12-22 23:58 . 2004-08-03 23:08 24,960 --a------ c:\windows\system32\dllcache\hidparse.sys2008-12-22 23:58 . 2001-10-26 16:57 12,160 --a------ c:\windows\system32\drivers\mouhid.sys2008-12-22 23:58 . 2001-10-26 16:57 12,160 --a------ c:\windows\system32\dllcache\mouhid.sys2008-12-22 23:58 . 2001-08-17 22:02 9,600 --a------ c:\windows\system32\drivers\hidusb.sys2008-12-22 23:58 . 2001-08-17 22:02 9,600 --a------ c:\windows\system32\dllcache\hidusb.sys2008-12-22 23:55 . 2008-12-22 23:55 <DIR> d-------- c:\windows\system32\PAV2008-12-22 23:55 . 2008-12-22 23:55 <DIR> d-------- c:\program files\Common Files\Panda Security2008-12-22 23:55 . 2008-12-22 23:55 <DIR> d-------- c:\documents and settings\mazurek.MAZUREK-639CF42\Dane aplikacji\Panda Security2008-12-22 23:55 . 2008-12-22 23:55 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Dane aplikacji\Panda Security2008-12-22 23:12 . 2008-12-22 23:12 <DIR> d--hs---- C:\FOUND.0632008-12-22 21:57 . 2008-12-22 21:57 <DIR> d-------- c:\program files\Trend Micro2008-12-22 21:36 . 2008-12-22 21:36 <DIR> d--hs---- C:\FOUND.0622008-12-22 20:57 . 2008-12-22 20:57 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Dane aplikacji\ESET2008-12-21 19:06 . 2008-12-21 19:06 <DIR> d--hs---- C:\FOUND.0612008-12-19 00:19 . 2008-12-19 00:19 <DIR> dr------- c:\documents and settings\NetworkService.ZARZĄDZANIE NT\Ulubione2008-12-19 00:19 . 2008-12-19 00:19 <DIR> dr------- c:\documents and settings\NetworkService.ZARZĄDZANIE NT\Ulubione2008-12-18 18:42 . 2008-12-18 18:42 77,824 --a------ c:\windows\system32\qgB03q82.exe2008-12-08 18:00 . 2008-12-08 18:00 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Dane aplikacji\CrucialSoft Ltd2008-12-07 13:13 . 2008-12-21 16:22 8,627 --a------ c:\windows\system32\PAV_FOG.OPC2008-12-07 12:58 . 2008-12-23 09:40 13,880 --a------ c:\windows\system32\drivers\COMFiltr.sys2008-12-07 12:56 . 2008-04-28 17:35 84,024 --a------ c:\windows\system32\drivers\PAVDRV51.SYS2008-12-07 12:56 . 2007-03-15 19:38 54,832 --a------ c:\windows\system32\PAVCPL.CPL2008-12-07 12:55 . 2008-06-18 18:03 520,448 --a------ c:\windows\system32\PavSHook.dll2008-12-07 12:55 . 2003-10-22 18:23 446,464 --a------ c:\windows\system32\HHActiveX.dll2008-12-07 12:55 . 2008-06-24 14:48 193,280 --a------ c:\windows\system32\TpUtil.dll2008-12-07 12:55 . 2007-02-08 11:53 107,568 --a------ c:\windows\system32\SYSTOOLS.DLL2008-12-07 12:55 . 2008-06-18 18:03 87,296 --a------ c:\windows\system32\PavLspHook.dll2008-12-07 12:55 . 2008-03-18 16:58 58,672 --a------ c:\windows\system32\AVLDR.DLL2008-12-07 12:55 . 2008-06-18 18:03 55,552 --a------ c:\windows\system32\PAVIPC.DLL2008-12-07 12:54 . 2008-06-19 17:24 28,544 --a------ c:\windows\system32\drivers\PAVBOOT.SYS2008-12-07 12:53 . 2008-02-07 12:03 179,640 --a------ c:\windows\system32\drivers\PavProc.sys2008-12-07 12:53 . 2008-03-04 15:59 41,144 --a------ c:\windows\system32\drivers\ShlDrv51.sys2008-12-07 12:47 . 2008-12-23 00:30 421 --a------ c:\windows\AvDetected.ini2008-12-06 15:51 . 2008-12-06 15:51 <DIR> d--hs---- C:\FOUND.0602008-12-05 14:58 . 2008-12-05 14:58 <DIR> d--hs---- C:\FOUND.0592008-12-04 20:27 . 2008-12-04 20:27 <DIR> d--hs---- C:\FOUND.0582008-12-04 19:58 . 2008-12-04 19:58 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Dane aplikacji\Kaspersky Lab Setup Files2008-12-03 09:43 . 2008-12-03 09:43 <DIR> d--hs---- C:\FOUND.0572008-12-02 23:56 . 2008-12-02 23:56 <DIR> d--hs---- C:\FOUND.0562008-12-02 19:17 . 2008-12-02 19:17 125,956 --a------ c:\windows\system32\mshtml90.dll2008-12-02 00:43 . 2008-12-02 00:43 <DIR> d--hs---- C:\FOUND.0552008-12-01 19:43 . 2008-12-01 19:43 <DIR> d--hs---- C:\FOUND.0542008-12-01 17:50 . 2008-12-01 17:50 <DIR> d-------- c:\program files\Ares2008-12-01 10:30 . 2008-12-01 10:30 <DIR> d--hs---- C:\FOUND.0532008-11-30 19:37 . 2008-11-30 19:37 <DIR> d-------- c:\program files\Kaspersky Lab2008-11-30 19:37 . 2008-11-30 19:37 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Dane aplikacji\Kaspersky Lab2008-11-30 18:02 . 2008-11-30 18:02 <DIR> d--hs---- C:\#GDATA.Trash.Store#2008-11-30 13:46 . 2008-11-30 13:46 68,296 --a------ c:\windows\system32\drivers\GRD.sys2008-11-30 13:32 . 2008-11-30 13:32 50,888 --a------ c:\windows\system32\drivers\MiniIcpt.sys2008-11-30 13:30 . 2008-11-30 13:30 50,888 --a------ c:\windows\system32\drivers\GDTdiIcpt.sys2008-11-30 13:30 . 2008-11-30 13:30 22,272 --a------ c:\windows\system32\drivers\GDNdisIc.sys2008-11-30 13:28 . 2008-11-30 13:28 <DIR> d-------- c:\program files\G DATA2008-11-30 13:28 . 2008-11-30 13:28 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Dane aplikacji\G DATA2008-11-28 15:01 . 2008-11-28 15:01 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Dane aplikacji\2D5D2008-11-28 14:59 . 2008-11-28 14:59 <DIR> d-------- c:\program files\BearShare Applications2008-11-28 14:59 . 2008-09-25 14:20 483,328 --a------ c:\windows\system32\actskn45.ocx2008-11-23 09:15 . 2008-11-23 09:15 <DIR> d--hs---- C:\FOUND.0522008-11-23 00:25 . 2008-11-23 00:25 <DIR> d--hs---- C:\FOUND.051.(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-12-22 23:42 112,144 ----a-w c:\windows\system32\drivers\kl1.sys2008-11-22 01:12 27,904 ----a-w c:\windows\system32\drivers\ndisprot.sys2008-11-15 11:59 107,888 ----a-w c:\windows\system32\CmdLineExt.dll2008-11-15 11:59 --------- d--h--r c:\documents and settings\mazurek.MAZUREK-639CF42\Dane aplikacji\SecuROM2008-11-10 15:17 --------- d-----w c:\program files\Citrix2008-11-06 15:45 --------- d-----w c:\documents and settings\mazurek.MAZUREK-639CF42\Dane aplikacji\e-Kiosk Reader2008-11-06 15:31 --------- d-----w c:\program files\e-Kiosk Reader2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys2008-10-24 11:10 453,632 ------w c:\windows\system32\dllcache\mrxsmb.sys2008-10-21 17:09 21,024 ----a-w c:\documents and settings\mazurek.MAZUREK-639CF42\Dane aplikacji\GDIPFONTCACHEV1.DAT2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll2008-10-16 13:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll2008-10-16 13:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll2008-10-16 13:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll2008-10-16 13:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe2008-10-16 13:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll2008-10-16 13:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll2008-10-15 18:00 332,800 ----a-w c:\windows\system32\dllcache\netapi32.dll2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll2008-01-30 21:29 32 ----a-w c:\documents and settings\All Users.WINDOWS\Dane aplikacji\ezsid.dat.((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]2008-09-02 15:05 398776 --a------ c:\program files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NvMediaCenter"="c:\windows\system32\NVMCTRAY.DLL" [2003-11-18 49152]"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2007-11-14 2131392]"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 443968]"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-06-03 21718312]"ares"="c:\program files\Ares\Ares.exe" [2008-11-24 881152][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-11-18 3022848]"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]"BigDog305"="c:\windows\VM305_STI.EXE" [2005-08-05 61440]"WooCnxMon"="c:\progra~1\NEOSTR~1\CnxMon.exe" [2003-10-16 24576]"WOOWATCH"="c:\progra~1\NEOSTR~1\Watch.exe" [2003-10-16 20480]"WOOTASKBARICON"="c:\progra~1\NEOSTR~1\TaskbarIcon.exe" [2003-10-16 53248]"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 487424]"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]"Office register"="c:\program files\Common Files\Microsoft Shared\Office10\MSOICON.EXE" [2008-05-13 172544]"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-02-28 570664]"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-04-01 36352]"APVXDWIN"="e:\panda\APVXDWIN.EXE" [2008-10-22 869632]"SCANINICIO"="e:\panda\Inicio.exe" [2008-07-07 50432]"nwiz"="nwiz.exe" [2003-11-18 c:\windows\system32\nwiz.exe]"SoundMan"="SOUNDMAN.EXE" [2003-12-19 c:\windows\SOUNDMAN.EXE][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 443968]c:\documents and settings\All Users.WINDOWS\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-02-15 962661]Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]2008-03-18 16:58 58672 c:\windows\system32\AVLDR.DLL[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]@="Service"[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]"DisableMonitoring"=dword:00000001R0 pavboot;Panda boot driver;c:\windows\system32\Drivers\pavboot.sys [2008-12-07 28544]R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\DRIVERS\ShlDrv51.sys [2008-12-07 41144]R2 Gwmsrv;Panda Goodware Cache Manager;c:\windows\system32\svchost -k Panda []R2 PavProc;Panda Process Protection Driver;\??\c:\windows\system32\DRIVERS\PavProc.sys [2008-12-07 179640]R2 PskSvcRetail;Panda PSK service;"e:\panda\PskSvc.exe" [2008-12-07 28928]R3 ComFiltr;Panda Anti-Dialer;\??\c:\windows\system32\DRIVERS\COMFiltr.sys [2008-12-07 13880]R3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\PavTPK.sys []R3 ZSMC0305;A4 Tech PC Camera V;c:\windows\system32\Drivers\usbVM305.sys [2008-01-30 391688]S3 Ndisprot;ArcNet NDIS Protocol Driver;\??\c:\windows\system32\drivers\Ndisprot.sys [2008-11-22 27904]S3 se46bus;Sony Ericsson Device 070 driver (WDM);c:\windows\system32\DRIVERS\se46bus.sys [2008-04-04 61536]S3 se46mdfl;Sony Ericsson Device 070 USB WMC Modem Filter;c:\windows\system32\DRIVERS\se46mdfl.sys [2008-04-04 9360]S3 se46mdm;Sony Ericsson Device 070 USB WMC Modem Driver;c:\windows\system32\DRIVERS\se46mdm.sys [2008-04-04 97088]S3 se46mgmt;Sony Ericsson Device 070 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\se46mgmt.sys [2008-04-12 88624]S3 se46nd5;Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (NDIS);c:\windows\system32\DRIVERS\se46nd5.sys [2008-04-12 18704]S3 se46obex;Sony Ericsson Device 070 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\se46obex.sys [2008-04-12 86432]S3 se46unic;Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (WDM);c:\windows\system32\DRIVERS\se46unic.sys [2008-04-12 90800]S3 SetupNTGLM7X;SetupNTGLM7X;\??\G:\NTGLM7X.sys [][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]panda REG_MULTI_SZ GwmsrvHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcsAppMgmtAudioSrvBrowserCryptSvcDMServerDHCPERSvcFastUserSwitchingCompatibilityHidServLanmanServerLanmanWorkstationMessengerNlaNWCWorkstationScheduleSeclogonSRServiceThemesTrkWksW32TimeWmiWmdmPmSpwinmgmtwscsvcxmlprovBITSwuauservShellHWDetectionhelpsvc[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8878bd68-d16a-11dc-9eb1-00194b502998}]\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com i:\Shell\Open\command - i:\resycled\boot.com i:*Newly Created Service* - CATCHME*Newly Created Service* - PROCEXP90.Zawartość folderu 'Zaplanowane zadania'2008-12-07 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]2008-12-22 c:\windows\Tasks\At1.job- c:\windows\system32\qgB03q82.exe [2008-12-18 18:42]2008-12-22 c:\windows\Tasks\At2.job- c:\windows\system32\qgB03q82.exe [2008-12-18 18:42]2008-12-18 c:\windows\Tasks\At3.job- c:\windows\system32\qgB03q82.exe [2008-12-18 18:42]2008-12-18 c:\windows\Tasks\At4.job- c:\windows\system32\qgB03q82.exe [2008-12-18 18:42]2008-12-18 c:\windows\Tasks\At5.job- c:\windows\system32\qgB03q82.exe [2008-12-18 18:42]2008-12-18 c:\windows\Tasks\At6.job- c:\windows\system32\qgB03q82.exe [2008-12-18 18:42]2008-12-18 c:\windows\Tasks\At7.job- c:\windows\system32\qgB03q82.exe [2008-12-18 18:42]2008-12-18 c:\windows\Tasks\At8.job- c:\windows\system32\qgB03q82.exe [2008-12-18 18:42]2008-12-23 c:\windows\Tasks\At9.job- c:\windows\system32\qgB03q82.exe [2008-12-18 18:42]2008-12-23 c:\windows\Tasks\At10.job- c:\windows\system32\qgB03q82.exe [2008-12-18 18:42]2008-12-23 c:\windows\Tasks\At11.job- c:\windows\system32\qgB03q82.exe [2008-12-18 18:42]2008-12-21 c:\windows\Tasks\At12.job- c:\windows\system32\qgB03q82.exe [2008-12-18 18:42]2008-12-21 c:\windows\Tasks\At13.job- c:\windows\system32\qgB03q82.exe [2008-12-18 18:42]2008-12-22 c:\windows\Tasks\At14.job- c:\windows\system32\qgB03q82.exe [2008-12-18 18:42]2008-12-22 c:\windows\Tasks\At15.job- c:\windows\system32\qgB03q82.exe [2008-12-18 18:42]2008-12-22 c:\windows\Tasks\At16.job- c:\windows\system32\qgB03q82.exe [2008-12-18 18:42]2008-12-22 c:\windows\Tasks\At17.job- c:\windows\system32\qgB03q82.exe [2008-12-18 18:42]2008-12-22 c:\windows\Tasks\At18.job- c:\windows\system32\qgB03q82.exe [2008-12-18 18:42]2008-12-22 c:\windows\Tasks\At19.job- c:\windows\system32\qgB03q82.exe [2008-12-18 18:42]2008-12-22 c:\windows\Tasks\At20.job- c:\windows\system32\qgB03q82.exe [2008-12-18 18:42]2008-12-22 c:\windows\Tasks\At21.job- c:\windows\system32\qgB03q82.exe [2008-12-18 18:42]2008-12-22 c:\windows\Tasks\At22.job- c:\windows\system32\qgB03q82.exe [2008-12-18 18:42]2008-12-22 c:\windows\Tasks\At23.job- c:\windows\system32\qgB03q82.exe [2008-12-18 18:42]2008-12-22 c:\windows\Tasks\At24.job- c:\windows\system32\qgB03q82.exe [2008-12-18 18:42]2008-12-22 c:\windows\Tasks\At25.job- c:\windows\system32\qgB03q82.exe [2008-12-18 18:42]2008-12-22 c:\windows\Tasks\At26.job- c:\windows\system32\qgB03q82.exe [2008-12-18 18:42]2008-12-19 c:\windows\Tasks\At27.job- c:\windows\system32\qgB03q82.exe [2008-12-18 18:42]2008-12-19 c:\windows\Tasks\At28.job- c:\windows\system32\qgB03q82.exe [2008-12-18 18:42]2008-12-19 c:\windows\Tasks\At29.job- c:\windows\system32\qgB03q82.exe [2008-12-18 18:42]2008-12-19 c:\windows\Tasks\At30.job- c:\windows\system32\qgB03q82.exe [2008-12-18 18:42]2008-12-19 c:\windows\Tasks\At31.job- c:\windows\system32\qgB03q82.exe [2008-12-18 18:42]2008-12-19 c:\windows\Tasks\At32.job- c:\windows\system32\qgB03q82.exe [2008-12-18 18:42]2008-12-23 c:\windows\Tasks\At33.job- c:\windows\system32\qgB03q82.exe [2008-12-18 18:42]2008-12-23 c:\windows\Tasks\At34.job- c:\windows\system32\qgB03q82.exe [2008-12-18 18:42]2008-12-23 c:\windows\Tasks\At35.job- c:\windows\system32\qgB03q82.exe [2008-12-18 18:42]2008-12-21 c:\windows\Tasks\At36.job- c:\windows\system32\qgB03q82.exe [2008-12-18 18:42]2008-12-21 c:\windows\Tasks\At37.job- c:\windows\system32\qgB03q82.exe [2008-12-18 18:42]2008-12-22 c:\windows\Tasks\At38.job- c:\windows\system32\qgB03q82.exe [2008-12-18 18:42]2008-12-22 c:\windows\Tasks\At39.job- c:\windows\system32\qgB03q82.exe [2008-12-18 18:42]2008-12-22 c:\windows\Tasks\At40.job- c:\windows\system32\qgB03q82.exe [2008-12-18 18:42]2008-12-22 c:\windows\Tasks\At41.job- c:\windows\system32\qgB03q82.exe [2008-12-18 18:42]2008-12-22 c:\windows\Tasks\At42.job- c:\windows\system32\qgB03q82.exe [2008-12-18 18:42]2008-12-22 c:\windows\Tasks\At43.job- c:\windows\system32\qgB03q82.exe [2008-12-18 18:42]2008-12-22 c:\windows\Tasks\At44.job- c:\windows\system32\qgB03q82.exe [2008-12-18 18:42]2008-12-22 c:\windows\Tasks\At45.job- c:\windows\system32\qgB03q82.exe [2008-12-18 18:42]2008-12-22 c:\windows\Tasks\At46.job- c:\windows\system32\qgB03q82.exe [2008-12-18 18:42]2008-12-22 c:\windows\Tasks\At47.job- c:\windows\system32\qgB03q82.exe [2008-12-18 18:42]2008-12-22 c:\windows\Tasks\At48.job- c:\windows\system32\qgB03q82.exe [2008-12-18 18:42]2008-12-22 c:\windows\Tasks\At49.job- c:\windows\system32\qgB03q82.exe [2008-12-18 18:42]2008-12-22 c:\windows\Tasks\At50.job- c:\windows\system32\qgB03q82.exe [2008-12-18 18:42]2008-12-20 c:\windows\Tasks\At51.job- c:\windows\system32\qgB03q82.exe [2008-12-18 18:42]2008-12-20 c:\windows\Tasks\At52.job- c:\windows\system32\qgB03q82.exe [2008-12-18 18:42]2008-12-20 c:\windows\Tasks\At53.job- c:\windows\system32\qgB03q82.exe [2008-12-18 18:42]2008-12-20 c:\windows\Tasks\At54.job- c:\windows\system32\qgB03q82.exe [2008-12-18 18:42]2008-12-20 c:\windows\Tasks\At55.job- c:\windows\system32\qgB03q82.exe [2008-12-18 18:42]2008-12-20 c:\windows\Tasks\At56.job- c:\windows\system32\qgB03q82.exe [2008-12-18 18:42]2008-12-23 c:\windows\Tasks\At57.job- c:\windows\system32\qgB03q82.exe [2008-12-18 18:42]2008-12-23 c:\windows\Tasks\At58.job- c:\windows\system32\qgB03q82.exe [2008-12-18 18:42]2008-12-23 c:\windows\Tasks\At59.job- c:\windows\system32\qgB03q82.exe [2008-12-18 18:42]2008-12-21 c:\windows\Tasks\At60.job- c:\windows\system32\qgB03q82.exe [2008-12-18 18:42]2008-12-21 c:\windows\Tasks\At61.job- c:\windows\system32\qgB03q82.exe [2008-12-18 18:42]2008-12-22 c:\windows\Tasks\At62.job- c:\windows\system32\qgB03q82.exe [2008-12-18 18:42]2008-12-22 c:\windows\Tasks\At63.job- c:\windows\system32\qgB03q82.exe [2008-12-18 18:42]2008-12-22 c:\windows\Tasks\At64.job- c:\windows\system32\qgB03q82.exe [2008-12-18 18:42]2008-12-22 c:\windows\Tasks\At65.job- c:\windows\system32\qgB03q82.exe [2008-12-18 18:42]2008-12-22 c:\windows\Tasks\At66.job- c:\windows\system32\qgB03q82.exe [2008-12-18 18:42]2008-12-22 c:\windows\Tasks\At67.job- c:\windows\system32\qgB03q82.exe [2008-12-18 18:42]2008-12-22 c:\windows\Tasks\At68.job- c:\windows\system32\qgB03q82.exe [2008-12-18 18:42]2008-12-22 c:\windows\Tasks\At69.job- c:\windows\system32\qgB03q82.exe [2008-12-18 18:42]2008-12-22 c:\windows\Tasks\At70.job- c:\windows\system32\qgB03q82.exe [2008-12-18 18:42]2008-12-22 c:\windows\Tasks\At71.job- c:\windows\system32\qgB03q82.exe [2008-12-18 18:42]2008-12-22 c:\windows\Tasks\At72.job- c:\windows\system32\qgB03q82.exe [2008-12-18 18:42]2008-12-23 c:\windows\Tasks\At73.job- c:\windows\system32\qgB03q82.exe [2008-12-18 18:42]2008-12-22 c:\windows\Tasks\At74.job- c:\windows\system32\qgB03q82.exe [2008-12-18 18:42]2008-12-21 c:\windows\Tasks\At75.job- c:\windows\system32\qgB03q82.exe [2008-12-18 18:42]2008-12-21 c:\windows\Tasks\At76.job- c:\windows\system32\qgB03q82.exe [2008-12-18 18:42]2008-12-21 c:\windows\Tasks\At77.job- c:\windows\system32\qgB03q82.exe [2008-12-18 18:42]2008-12-21 c:\windows\Tasks\At78.job- c:\windows\system32\qgB03q82.exe [2008-12-18 18:42]2008-12-21 c:\windows\Tasks\At79.job- c:\windows\system32\qgB03q82.exe [2008-12-18 18:42]2008-12-21 c:\windows\Tasks\At80.job- c:\windows\system32\qgB03q82.exe [2008-12-18 18:42]2008-12-23 c:\windows\Tasks\At81.job- c:\windows\system32\qgB03q82.exe [2008-12-18 18:42]2008-12-23 c:\windows\Tasks\At82.job- c:\windows\system32\qgB03q82.exe [2008-12-18 18:42]2008-12-23 c:\windows\Tasks\At83.job- c:\windows\system32\qgB03q82.exe [2008-12-18 18:42]2008-12-21 c:\windows\Tasks\At84.job- c:\windows\system32\qgB03q82.exe [2008-12-18 18:42]2008-12-21 c:\windows\Tasks\At85.job- c:\windows\system32\qgB03q82.exe [2008-12-18 18:42]2008-12-22 c:\windows\Tasks\At86.job- c:\windows\system32\qgB03q82.exe [2008-12-18 18:42]2008-12-22 c:\windows\Tasks\At87.job- c:\windows\system32\qgB03q82.exe [2008-12-18 18:42]2008-12-22 c:\windows\Tasks\At88.job- c:\windows\system32\qgB03q82.exe [2008-12-18 18:42]2008-12-22 c:\windows\Tasks\At89.job- c:\windows\system32\qgB03q82.exe [2008-12-18 18:42]2008-12-22 c:\windows\Tasks\At90.job- c:\windows\system32\qgB03q82.exe [2008-12-18 18:42]2008-12-22 c:\windows\Tasks\At91.job- c:\windows\system32\qgB03q82.exe [2008-12-18 18:42]2008-12-22 c:\windows\Tasks\At92.job- c:\windows\system32\qgB03q82.exe [2008-12-18 18:42]2008-12-22 c:\windows\Tasks\At93.job- c:\windows\system32\qgB03q82.exe [2008-12-18 18:42]2008-12-22 c:\windows\Tasks\At94.job- c:\windows\system32\qgB03q82.exe [2008-12-18 18:42]2008-12-22 c:\windows\Tasks\At95.job- c:\windows\system32\qgB03q82.exe [2008-12-18 18:42]2008-12-22 c:\windows\Tasks\At96.job- c:\windows\system32\qgB03q82.exe [2008-12-18 18:42]2008-12-22 c:\windows\Tasks\At97.job- c:\windows\system32\qgB03q82.exe [2008-12-18 18:42]2008-12-22 c:\windows\Tasks\At98.job- c:\windows\system32\qgB03q82.exe [2008-12-18 18:42]2008-12-22 c:\windows\Tasks\At99.job- c:\windows\system32\qgB03q82.exe [2008-12-18 18:42]2008-12-22 c:\windows\Tasks\At100.job- c:\windows\system32\qgB03q82.exe [2008-12-18 18:42]2008-12-22 c:\windows\Tasks\At101.job- c:\windows\system32\qgB03q82.exe [2008-12-18 18:42]2008-12-22 c:\windows\Tasks\At102.job- c:\windows\system32\qgB03q82.exe [2008-12-18 18:42]2008-12-22 c:\windows\Tasks\At103.job- c:\windows\system32\qgB03q82.exe [2008-12-18 18:42]2008-12-22 c:\windows\Tasks\At104.job- c:\windows\system32\qgB03q82.exe [2008-12-18 18:42]2008-12-23 c:\windows\Tasks\At105.job- c:\windows\system32\qgB03q82.exe [2008-12-18 18:42]2008-12-23 c:\windows\Tasks\At106.job- c:\windows\system32\qgB03q82.exe [2008-12-18 18:42]2008-12-23 c:\windows\Tasks\At107.job- c:\windows\system32\qgB03q82.exe [2008-12-18 18:42]2008-12-22 c:\windows\Tasks\At108.job- c:\windows\system32\qgB03q82.exe [2008-12-18 18:42]2008-12-22 c:\windows\Tasks\At109.job- c:\windows\system32\qgB03q82.exe [2008-12-18 18:42]2008-12-22 c:\windows\Tasks\At110.job- c:\windows\system32\qgB03q82.exe [2008-12-18 18:42]2008-12-22 c:\windows\Tasks\At111.job- c:\windows\system32\qgB03q82.exe [2008-12-18 18:42]2008-12-22 c:\windows\Tasks\At112.job- c:\windows\system32\qgB03q82.exe [2008-12-18 18:42]2008-12-22 c:\windows\Tasks\At113.job- c:\windows\system32\qgB03q82.exe [2008-12-18 18:42]2008-12-22 c:\windows\Tasks\At114.job- c:\windows\system32\qgB03q82.exe [2008-12-18 18:42]2008-12-22 c:\windows\Tasks\At115.job- c:\windows\system32\qgB03q82.exe [2008-12-18 18:42]2008-12-22 c:\windows\Tasks\At116.job- c:\windows\system32\qgB03q82.exe [2008-12-18 18:42]2008-12-22 c:\windows\Tasks\At117.job- c:\windows\system32\qgB03q82.exe [2008-12-18 18:42]2008-12-22 c:\windows\Tasks\At118.job- c:\windows\system32\qgB03q82.exe [2008-12-18 18:42]2008-12-22 c:\windows\Tasks\At119.job- c:\windows\system32\qgB03q82.exe [2008-12-18 18:42]2008-12-22 c:\windows\Tasks\At120.job- c:\windows\system32\qgB03q82.exe [2008-12-18 18:42].- - - - USUNIĘTO PUSTE WPISY - - - -URLSearchHooks-{9CB65206-89C4-402c-BA80-02D8C59F9B1D} - c:\program files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLLBHO-{7CBC762A-0303-DED2-E9D8-A51A10A597EE} - c:\windows\system32\cgufdphxmculhkf.dllHKCU-Run-swg - c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exeHKLM-Run-BearShare - c:\program files\BearShare\BearShare.exeHKLM-Run-e-Kiosk - c:\program files\e-Kiosk Reader\eGazetaST.exeHKLM-Run-c:\windows\system32\kdyqp.exe - c:\windows\system32\kdyqp.exe.------- Skan uzupełniający -------.uStart Page = about:blankuDefault_Search_URL = hxxp://www.google.com/ieuInternet Connection Wizard,ShellNext = iexploreuSearchURL,(Default) = hxxp://www.google.com/search?q=%sIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000IE: { - c:\program files\Messenger\msmsgs.exeIE: {c:\program files\Messenger\msmsgs.exe - -..------- Skojarzenia plików -------.JSEFile=e:\panda\PavScrip.exe "%1" %*VBEFile=e:\panda\PavScrip.exe "%1" %*VBSFile=e:\panda\PavScrip.exe "%1" %*.**************************************************************************catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-12-23 11:11:06Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPIskanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ...HKLM\Software\Microsoft\Windows\CurrentVersion\Run BigDog305 = c:\windows\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)???????????????????0?????????@?????????????? skanowanie ukrytych plików ... skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************.--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------- - - - - - - > 'winlogon.exe'(536)c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dllc:\windows\system32\avldr.dllc:\windows\system32\klogon.dll- - - - - - - > 'lsass.exe'(600)c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\dnsq.dllc:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dllc:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\fssync.dll.Czas ukończenia: 2008-12-23 11:15:37ComboFix-quarantined-files.txt 2008-12-23 10:15:30Przed: 9 052 979 200 bajtów wolnychPo: 9,918,103,552 bajtów wolnych533 --- E O F --- 2008-11-28 17:09:36 lo
Mateusz J. komentarz 23 grudnia 2008 komentarz 23 grudnia 2008 Do notatnika wklej: File::c:\windows\system32\qgB03q82.exeC:\WINDOWS\Tasks\At1.jobC:\WINDOWS\Tasks\At10.jobC:\WINDOWS\Tasks\At100.jobC:\WINDOWS\Tasks\At101.jobC:\WINDOWS\Tasks\At102.jobC:\WINDOWS\Tasks\At103.jobC:\WINDOWS\Tasks\At104.jobC:\WINDOWS\Tasks\At105.jobC:\WINDOWS\Tasks\At106.jobC:\WINDOWS\Tasks\At107.jobC:\WINDOWS\Tasks\At108.jobC:\WINDOWS\Tasks\At109.jobC:\WINDOWS\Tasks\At11.jobC:\WINDOWS\Tasks\At110.jobC:\WINDOWS\Tasks\At111.jobC:\WINDOWS\Tasks\At112.jobC:\WINDOWS\Tasks\At113.jobC:\WINDOWS\Tasks\At114.jobC:\WINDOWS\Tasks\At115.jobC:\WINDOWS\Tasks\At116.jobC:\WINDOWS\Tasks\At117.jobC:\WINDOWS\Tasks\At118.jobC:\WINDOWS\Tasks\At119.jobC:\WINDOWS\Tasks\At12.jobC:\WINDOWS\Tasks\At120.jobC:\WINDOWS\Tasks\At121.jobC:\WINDOWS\Tasks\At122.jobC:\WINDOWS\Tasks\At123.jobC:\WINDOWS\Tasks\At124.jobC:\WINDOWS\Tasks\At125.jobC:\WINDOWS\Tasks\At126.jobC:\WINDOWS\Tasks\At127.jobC:\WINDOWS\Tasks\At128.jobC:\WINDOWS\Tasks\At129.jobC:\WINDOWS\Tasks\At13.jobC:\WINDOWS\Tasks\At130.jobC:\WINDOWS\Tasks\At131.jobC:\WINDOWS\Tasks\At132.jobC:\WINDOWS\Tasks\At133.jobC:\WINDOWS\Tasks\At134.jobC:\WINDOWS\Tasks\At135.jobC:\WINDOWS\Tasks\At136.jobC:\WINDOWS\Tasks\At137.jobC:\WINDOWS\Tasks\At138.jobC:\WINDOWS\Tasks\At139.jobC:\WINDOWS\Tasks\At14.jobC:\WINDOWS\Tasks\At140.jobC:\WINDOWS\Tasks\At141.jobC:\WINDOWS\Tasks\At142.jobC:\WINDOWS\Tasks\At143.jobC:\WINDOWS\Tasks\At144.jobC:\WINDOWS\Tasks\At15.jobC:\WINDOWS\Tasks\At16.jobC:\WINDOWS\Tasks\At169.jobC:\WINDOWS\Tasks\At17.jobC:\WINDOWS\Tasks\At170.jobC:\WINDOWS\Tasks\At171.jobC:\WINDOWS\Tasks\At172.jobC:\WINDOWS\Tasks\At173.jobC:\WINDOWS\Tasks\At174.jobC:\WINDOWS\Tasks\At175.jobC:\WINDOWS\Tasks\At176.jobC:\WINDOWS\Tasks\At177.jobC:\WINDOWS\Tasks\At178.jobC:\WINDOWS\Tasks\At179.jobC:\WINDOWS\Tasks\At18.jobC:\WINDOWS\Tasks\At180.jobC:\WINDOWS\Tasks\At181.jobC:\WINDOWS\Tasks\At182.jobC:\WINDOWS\Tasks\At183.jobC:\WINDOWS\Tasks\At184.jobC:\WINDOWS\Tasks\At185.jobC:\WINDOWS\Tasks\At186.jobC:\WINDOWS\Tasks\At187.jobC:\WINDOWS\Tasks\At189.jobC:\WINDOWS\Tasks\At188.jobC:\WINDOWS\Tasks\At19.jobC:\WINDOWS\Tasks\At190.jobC:\WINDOWS\Tasks\At191.jobC:\WINDOWS\Tasks\At192.jobC:\WINDOWS\Tasks\At2.jobC:\WINDOWS\Tasks\At20.jobC:\WINDOWS\Tasks\At21.jobC:\WINDOWS\Tasks\At22.jobC:\WINDOWS\Tasks\At23.jobC:\WINDOWS\Tasks\At24.jobC:\WINDOWS\Tasks\At25.jobC:\WINDOWS\Tasks\At26.jobC:\WINDOWS\Tasks\At266.jobC:\WINDOWS\Tasks\At267.jobC:\WINDOWS\Tasks\At268.jobC:\WINDOWS\Tasks\At269.jobC:\WINDOWS\Tasks\At27.jobC:\WINDOWS\Tasks\At270.jobC:\WINDOWS\Tasks\At271.jobC:\WINDOWS\Tasks\At272.jobC:\WINDOWS\Tasks\At273.jobC:\WINDOWS\Tasks\At274.jobC:\WINDOWS\Tasks\At275.jobC:\WINDOWS\Tasks\At276.jobC:\WINDOWS\Tasks\At277.jobC:\WINDOWS\Tasks\At278.jobC:\WINDOWS\Tasks\At279.jobC:\WINDOWS\Tasks\At28.jobC:\WINDOWS\Tasks\At280.jobC:\WINDOWS\Tasks\At281.jobC:\WINDOWS\Tasks\At282.jobC:\WINDOWS\Tasks\At283.jobC:\WINDOWS\Tasks\At284.jobC:\WINDOWS\Tasks\At285.jobC:\WINDOWS\Tasks\At286.jobC:\WINDOWS\Tasks\At287.jobC:\WINDOWS\Tasks\At288.jobC:\WINDOWS\Tasks\At29.jobC:\WINDOWS\Tasks\At3.jobC:\WINDOWS\Tasks\At30.jobC:\WINDOWS\Tasks\At31.jobC:\WINDOWS\Tasks\At32.jobC:\WINDOWS\Tasks\At33.jobC:\WINDOWS\Tasks\At34.jobC:\WINDOWS\Tasks\At35.jobC:\WINDOWS\Tasks\At36.jobC:\WINDOWS\Tasks\At37.jobC:\WINDOWS\Tasks\At38.jobC:\WINDOWS\Tasks\At39.jobC:\WINDOWS\Tasks\At4.jobC:\WINDOWS\Tasks\At40.jobC:\WINDOWS\Tasks\At41.jobC:\WINDOWS\Tasks\At42.jobC:\WINDOWS\Tasks\At43.jobC:\WINDOWS\Tasks\At44.jobC:\WINDOWS\Tasks\At45.jobC:\WINDOWS\Tasks\At46.jobC:\WINDOWS\Tasks\At47.jobC:\WINDOWS\Tasks\At48.jobC:\WINDOWS\Tasks\At49.jobC:\WINDOWS\Tasks\At5.jobC:\WINDOWS\Tasks\At50.jobC:\WINDOWS\Tasks\At51.jobC:\WINDOWS\Tasks\At52.jobC:\WINDOWS\Tasks\At53.jobC:\WINDOWS\Tasks\At54.jobC:\WINDOWS\Tasks\At55.jobC:\WINDOWS\Tasks\At56.jobC:\WINDOWS\Tasks\At57.jobC:\WINDOWS\Tasks\At58.jobC:\WINDOWS\Tasks\At59.jobC:\WINDOWS\Tasks\At6.jobC:\WINDOWS\Tasks\At60.jobC:\WINDOWS\Tasks\At61.jobC:\WINDOWS\Tasks\At62.jobC:\WINDOWS\Tasks\At63.jobC:\WINDOWS\Tasks\At64.jobC:\WINDOWS\Tasks\At65.jobC:\WINDOWS\Tasks\At66.jobC:\WINDOWS\Tasks\At67.jobC:\WINDOWS\Tasks\At68.jobC:\WINDOWS\Tasks\At69.jobC:\WINDOWS\Tasks\At7.jobC:\WINDOWS\Tasks\At70.jobC:\WINDOWS\Tasks\At71.jobC:\WINDOWS\Tasks\At72.jobC:\WINDOWS\Tasks\At73.jobC:\WINDOWS\Tasks\At74.jobC:\WINDOWS\Tasks\At75.jobC:\WINDOWS\Tasks\At76.jobC:\WINDOWS\Tasks\At77.jobC:\WINDOWS\Tasks\At78.jobC:\WINDOWS\Tasks\At79.jobC:\WINDOWS\Tasks\At8.jobC:\WINDOWS\Tasks\At80.jobC:\WINDOWS\Tasks\At81.jobC:\WINDOWS\Tasks\At82.jobC:\WINDOWS\Tasks\At83.jobC:\WINDOWS\Tasks\At84.jobC:\WINDOWS\Tasks\At85.jobC:\WINDOWS\Tasks\At86.jobC:\WINDOWS\Tasks\At87.jobC:\WINDOWS\Tasks\At88.jobC:\WINDOWS\Tasks\At89.jobC:\WINDOWS\Tasks\At9.jobC:\WINDOWS\Tasks\At90.jobC:\WINDOWS\Tasks\At91.jobC:\WINDOWS\Tasks\At92.jobC:\WINDOWS\Tasks\At93.jobC:\WINDOWS\Tasks\At94.jobC:\WINDOWS\Tasks\At95.jobC:\WINDOWS\Tasks\At96.jobC:\WINDOWS\Tasks\At97.jobC:\WINDOWS\Tasks\At98.jobC:\WINDOWS\Tasks\At99.jobc:\windows\system32\qgB03q82.exeC:\32788R22FWJFW.0.tmpc:\windows\system32\mshtml90.dllFodler::c:\program files\BearShare ApplicationsC:\FOUND.052C:\FOUND.051C:\FOUND.063C:\FOUND.062C:\FOUND.061C:\FOUND.060C:\FOUND.059C:\FOUND.058C:\FOUND.057C:\FOUND.056C:\FOUND.055C:\FOUND.054C:\FOUND.053Registry::[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2][-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}] W notatniku zakladka Plik ==> Zapisz jako ==> zapisz pod nazwą CFScript.txt i zapisz go w tym katalogu co ściągnięty i zapisany został combofix Na ikonę ComboFix przeciągasz zrobiony plik CFScript.txt Tak jak na obrazku: Rozpocznie się usuwanie i powstanie log , który pokazujesz na forum.
Patka komentarz 23 grudnia 2008 komentarz 23 grudnia 2008 to jest ten następny log....teraz już wszystko dobrze????? ComboFix 08-12-21.04 - mazurek 2008-12-23 12:30:39.2 - [b]FAT32[/b]x86Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.511.161 [GMT 1:00]Uruchomiony z: c:\documents and settings\mazurek.MAZUREK-639CF42\Pulpit\Nowy folder\ComboFix.exeUżyto następujących komend :: c:\documents and settings\mazurek.MAZUREK-639CF42\Pulpit\Nowy folder\CFScript..txt * Utworzono nowy punkt przywracania * Resident AV is active[b]UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !![/b]FILE ::C:\32788R22FWJFW.0.tmpc:\windows\system32\mshtml90.dllc:\windows\system32\qgB03q82.exec:\windows\Tasks\At1.jobc:\windows\Tasks\At10.jobc:\windows\Tasks\At100.jobc:\windows\Tasks\At101.jobc:\windows\Tasks\At102.jobc:\windows\Tasks\At103.jobc:\windows\Tasks\At104.jobc:\windows\Tasks\At105.jobc:\windows\Tasks\At106.jobc:\windows\Tasks\At107.jobc:\windows\Tasks\At108.jobc:\windows\Tasks\At109.jobc:\windows\Tasks\At11.jobc:\windows\Tasks\At110.jobc:\windows\Tasks\At111.jobc:\windows\Tasks\At112.jobc:\windows\Tasks\At113.jobc:\windows\Tasks\At114.jobc:\windows\Tasks\At115.jobc:\windows\Tasks\At116.jobc:\windows\Tasks\At117.jobc:\windows\Tasks\At118.jobc:\windows\Tasks\At119.jobc:\windows\Tasks\At12.jobc:\windows\Tasks\At120.jobc:\windows\Tasks\At121.jobc:\windows\Tasks\At122.jobc:\windows\Tasks\At123.jobc:\windows\Tasks\At124.jobc:\windows\Tasks\At125.jobc:\windows\Tasks\At126.jobc:\windows\Tasks\At127.jobc:\windows\Tasks\At128.jobc:\windows\Tasks\At129.jobc:\windows\Tasks\At13.jobc:\windows\Tasks\At130.jobc:\windows\Tasks\At131.jobc:\windows\Tasks\At132.jobc:\windows\Tasks\At133.jobc:\windows\Tasks\At134.jobc:\windows\Tasks\At135.jobc:\windows\Tasks\At136.jobc:\windows\Tasks\At137.jobc:\windows\Tasks\At138.jobc:\windows\Tasks\At139.jobc:\windows\Tasks\At14.jobc:\windows\Tasks\At140.jobc:\windows\Tasks\At141.jobc:\windows\Tasks\At142.jobc:\windows\Tasks\At143.jobc:\windows\Tasks\At144.jobc:\windows\Tasks\At15.jobc:\windows\Tasks\At16.jobc:\windows\Tasks\At169.jobc:\windows\Tasks\At17.jobc:\windows\Tasks\At170.jobc:\windows\Tasks\At171.jobc:\windows\Tasks\At172.jobc:\windows\Tasks\At173.jobc:\windows\Tasks\At174.jobc:\windows\Tasks\At175.jobc:\windows\Tasks\At176.jobc:\windows\Tasks\At177.jobc:\windows\Tasks\At178.jobc:\windows\Tasks\At179.jobc:\windows\Tasks\At18.jobc:\windows\Tasks\At180.jobc:\windows\Tasks\At181.jobc:\windows\Tasks\At182.jobc:\windows\Tasks\At183.jobc:\windows\Tasks\At184.jobc:\windows\Tasks\At185.jobc:\windows\Tasks\At186.jobc:\windows\Tasks\At187.jobc:\windows\Tasks\At188.jobc:\windows\Tasks\At189.jobc:\windows\Tasks\At19.jobc:\windows\Tasks\At190.jobc:\windows\Tasks\At191.jobc:\windows\Tasks\At192.jobc:\windows\Tasks\At2.jobc:\windows\Tasks\At20.jobc:\windows\Tasks\At21.jobc:\windows\Tasks\At22.jobc:\windows\Tasks\At23.jobc:\windows\Tasks\At24.jobc:\windows\Tasks\At25.jobc:\windows\Tasks\At26.jobc:\windows\Tasks\At266.jobc:\windows\Tasks\At267.jobc:\windows\Tasks\At268.jobc:\windows\Tasks\At269.jobc:\windows\Tasks\At27.jobc:\windows\Tasks\At270.jobc:\windows\Tasks\At271.jobc:\windows\Tasks\At272.jobc:\windows\Tasks\At273.jobc:\windows\Tasks\At274.jobc:\windows\Tasks\At275.jobc:\windows\Tasks\At276.jobc:\windows\Tasks\At277.jobc:\windows\Tasks\At278.jobc:\windows\Tasks\At279.jobc:\windows\Tasks\At28.jobc:\windows\Tasks\At280.jobc:\windows\Tasks\At281.jobc:\windows\Tasks\At282.jobc:\windows\Tasks\At283.jobc:\windows\Tasks\At284.jobc:\windows\Tasks\At285.jobc:\windows\Tasks\At286.jobc:\windows\Tasks\At287.jobc:\windows\Tasks\At288.jobc:\windows\Tasks\At29.jobc:\windows\Tasks\At3.jobc:\windows\Tasks\At30.jobc:\windows\Tasks\At31.jobc:\windows\Tasks\At32.jobc:\windows\Tasks\At33.jobc:\windows\Tasks\At34.jobc:\windows\Tasks\At35.jobc:\windows\Tasks\At36.jobc:\windows\Tasks\At37.jobc:\windows\Tasks\At38.jobc:\windows\Tasks\At39.jobc:\windows\Tasks\At4.jobc:\windows\Tasks\At40.jobc:\windows\Tasks\At41.jobc:\windows\Tasks\At42.jobc:\windows\Tasks\At43.jobc:\windows\Tasks\At44.jobc:\windows\Tasks\At45.jobc:\windows\Tasks\At46.jobc:\windows\Tasks\At47.jobc:\windows\Tasks\At48.jobc:\windows\Tasks\At49.jobc:\windows\Tasks\At5.jobc:\windows\Tasks\At50.jobc:\windows\Tasks\At51.jobc:\windows\Tasks\At52.jobc:\windows\Tasks\At53.jobc:\windows\Tasks\At54.jobc:\windows\Tasks\At55.jobc:\windows\Tasks\At56.jobc:\windows\Tasks\At57.jobc:\windows\Tasks\At58.jobc:\windows\Tasks\At59.jobc:\windows\Tasks\At6.jobc:\windows\Tasks\At60.jobc:\windows\Tasks\At61.jobc:\windows\Tasks\At62.jobc:\windows\Tasks\At63.jobc:\windows\Tasks\At64.jobc:\windows\Tasks\At65.jobc:\windows\Tasks\At66.jobc:\windows\Tasks\At67.jobc:\windows\Tasks\At68.jobc:\windows\Tasks\At69.jobc:\windows\Tasks\At7.jobc:\windows\Tasks\At70.jobc:\windows\Tasks\At71.jobc:\windows\Tasks\At72.jobc:\windows\Tasks\At73.jobc:\windows\Tasks\At74.jobc:\windows\Tasks\At75.jobc:\windows\Tasks\At76.jobc:\windows\Tasks\At77.jobc:\windows\Tasks\At78.jobc:\windows\Tasks\At79.jobc:\windows\Tasks\At8.jobc:\windows\Tasks\At80.jobc:\windows\Tasks\At81.jobc:\windows\Tasks\At82.jobc:\windows\Tasks\At83.jobc:\windows\Tasks\At84.jobc:\windows\Tasks\At85.jobc:\windows\Tasks\At86.jobc:\windows\Tasks\At87.jobc:\windows\Tasks\At88.jobc:\windows\Tasks\At89.jobc:\windows\Tasks\At9.jobc:\windows\Tasks\At90.jobc:\windows\Tasks\At91.jobc:\windows\Tasks\At92.jobc:\windows\Tasks\At93.jobc:\windows\Tasks\At94.jobc:\windows\Tasks\At95.jobc:\windows\Tasks\At96.jobc:\windows\Tasks\At97.jobc:\windows\Tasks\At98.jobc:\windows\Tasks\At99.job.((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))).c:\windows\system32\mshtml90.dllc:\windows\system32\qgB03q82.exec:\windows\Tasks\At1.jobc:\windows\Tasks\At10.jobc:\windows\Tasks\At100.jobc:\windows\Tasks\At101.jobc:\windows\Tasks\At102.jobc:\windows\Tasks\At103.jobc:\windows\Tasks\At104.jobc:\windows\Tasks\At105.jobc:\windows\Tasks\At106.jobc:\windows\Tasks\At107.jobc:\windows\Tasks\At108.jobc:\windows\Tasks\At109.jobc:\windows\Tasks\At11.jobc:\windows\Tasks\At110.jobc:\windows\Tasks\At111.jobc:\windows\Tasks\At112.jobc:\windows\Tasks\At113.jobc:\windows\Tasks\At114.jobc:\windows\Tasks\At115.jobc:\windows\Tasks\At116.jobc:\windows\Tasks\At117.jobc:\windows\Tasks\At118.jobc:\windows\Tasks\At119.jobc:\windows\Tasks\At12.jobc:\windows\Tasks\At120.jobc:\windows\Tasks\At13.jobc:\windows\Tasks\At14.jobc:\windows\Tasks\At15.jobc:\windows\Tasks\At16.jobc:\windows\Tasks\At17.jobc:\windows\Tasks\At18.jobc:\windows\Tasks\At19.jobc:\windows\Tasks\At2.jobc:\windows\Tasks\At20.jobc:\windows\Tasks\At21.jobc:\windows\Tasks\At22.jobc:\windows\Tasks\At23.jobc:\windows\Tasks\At24.jobc:\windows\Tasks\At25.jobc:\windows\Tasks\At26.jobc:\windows\Tasks\At27.jobc:\windows\Tasks\At28.jobc:\windows\Tasks\At29.jobc:\windows\Tasks\At3.jobc:\windows\Tasks\At30.jobc:\windows\Tasks\At31.jobc:\windows\Tasks\At32.jobc:\windows\Tasks\At33.jobc:\windows\Tasks\At34.jobc:\windows\Tasks\At35.jobc:\windows\Tasks\At36.jobc:\windows\Tasks\At37.jobc:\windows\Tasks\At38.jobc:\windows\Tasks\At39.jobc:\windows\Tasks\At4.jobc:\windows\Tasks\At40.jobc:\windows\Tasks\At41.jobc:\windows\Tasks\At42.jobc:\windows\Tasks\At43.jobc:\windows\Tasks\At44.jobc:\windows\Tasks\At45.jobc:\windows\Tasks\At46.jobc:\windows\Tasks\At47.jobc:\windows\Tasks\At48.jobc:\windows\Tasks\At49.jobc:\windows\Tasks\At5.jobc:\windows\Tasks\At50.jobc:\windows\Tasks\At51.jobc:\windows\Tasks\At52.jobc:\windows\Tasks\At53.jobc:\windows\Tasks\At54.jobc:\windows\Tasks\At55.jobc:\windows\Tasks\At56.jobc:\windows\Tasks\At57.jobc:\windows\Tasks\At58.jobc:\windows\Tasks\At59.jobc:\windows\Tasks\At6.jobc:\windows\Tasks\At60.jobc:\windows\Tasks\At61.jobc:\windows\Tasks\At62.jobc:\windows\Tasks\At63.jobc:\windows\Tasks\At64.jobc:\windows\Tasks\At65.jobc:\windows\Tasks\At66.jobc:\windows\Tasks\At67.jobc:\windows\Tasks\At68.jobc:\windows\Tasks\At69.jobc:\windows\Tasks\At7.jobc:\windows\Tasks\At70.jobc:\windows\Tasks\At71.jobc:\windows\Tasks\At72.jobc:\windows\Tasks\At73.jobc:\windows\Tasks\At74.jobc:\windows\Tasks\At75.jobc:\windows\Tasks\At76.jobc:\windows\Tasks\At77.jobc:\windows\Tasks\At78.jobc:\windows\Tasks\At79.jobc:\windows\Tasks\At8.jobc:\windows\Tasks\At80.jobc:\windows\Tasks\At81.jobc:\windows\Tasks\At82.jobc:\windows\Tasks\At83.jobc:\windows\Tasks\At84.jobc:\windows\Tasks\At85.jobc:\windows\Tasks\At86.jobc:\windows\Tasks\At87.jobc:\windows\Tasks\At88.jobc:\windows\Tasks\At89.jobc:\windows\Tasks\At9.jobc:\windows\Tasks\At90.jobc:\windows\Tasks\At91.jobc:\windows\Tasks\At92.jobc:\windows\Tasks\At93.jobc:\windows\Tasks\At94.jobc:\windows\Tasks\At95.jobc:\windows\Tasks\At96.jobc:\windows\Tasks\At97.jobc:\windows\Tasks\At98.jobc:\windows\Tasks\At99.job.((((((((((((((((((((((((( Pliki utworzone od 2008-11-23 do 2008-12-23 ))))))))))))))))))))))))))))))).2008-12-23 12:17 . 2008-12-23 12:17 <DIR> d-------- c:\windows\LastGood2008-12-23 12:12 . 2008-12-23 12:12 <DIR> d--hs---- C:\FOUND.0642008-12-23 11:44 . 2008-12-23 11:44 <DIR> d-------- c:\program files\ESET2008-12-22 23:59 . 2004-08-04 00:44 21,504 --a------ c:\windows\system32\hidserv.dll2008-12-22 23:59 . 2004-08-04 00:44 21,504 --a------ c:\windows\system32\dllcache\hidserv.dll2008-12-22 23:59 . 2004-08-04 00:38 14,848 --a------ c:\windows\system32\drivers\kbdhid.sys2008-12-22 23:59 . 2004-08-04 00:38 14,848 --a------ c:\windows\system32\dllcache\kbdhid.sys2008-12-22 23:58 . 2004-08-03 23:08 36,224 --a------ c:\windows\system32\drivers\hidclass.sys2008-12-22 23:58 . 2004-08-03 23:08 36,224 --a------ c:\windows\system32\dllcache\hidclass.sys2008-12-22 23:58 . 2004-08-03 23:08 24,960 --a------ c:\windows\system32\drivers\hidparse.sys2008-12-22 23:58 . 2004-08-03 23:08 24,960 --a------ c:\windows\system32\dllcache\hidparse.sys2008-12-22 23:58 . 2001-10-26 16:57 12,160 --a------ c:\windows\system32\drivers\mouhid.sys2008-12-22 23:58 . 2001-10-26 16:57 12,160 --a------ c:\windows\system32\dllcache\mouhid.sys2008-12-22 23:58 . 2001-08-17 22:02 9,600 --a------ c:\windows\system32\drivers\hidusb.sys2008-12-22 23:58 . 2001-08-17 22:02 9,600 --a------ c:\windows\system32\dllcache\hidusb.sys2008-12-22 23:55 . 2008-12-22 23:55 <DIR> d-------- c:\windows\system32\PAV2008-12-22 23:55 . 2008-12-22 23:55 <DIR> d-------- c:\program files\Common Files\Panda Security2008-12-22 23:55 . 2008-12-22 23:55 <DIR> d-------- c:\documents and settings\mazurek.MAZUREK-639CF42\Dane aplikacji\Panda Security2008-12-22 23:55 . 2008-12-22 23:55 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Dane aplikacji\Panda Security2008-12-22 23:12 . 2008-12-22 23:12 <DIR> d--hs---- C:\FOUND.0632008-12-22 21:57 . 2008-12-22 21:57 <DIR> d-------- c:\program files\Trend Micro2008-12-22 21:36 . 2008-12-22 21:36 <DIR> d--hs---- C:\FOUND.0622008-12-22 20:57 . 2008-12-22 20:57 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Dane aplikacji\ESET2008-12-21 19:06 . 2008-12-21 19:06 <DIR> d--hs---- C:\FOUND.0612008-12-19 00:19 . 2008-12-19 00:19 <DIR> dr------- c:\documents and settings\NetworkService.ZARZĄDZANIE NT\Ulubione2008-12-19 00:19 . 2008-12-19 00:19 <DIR> dr------- c:\documents and settings\NetworkService.ZARZĄDZANIE NT\Ulubione2008-12-08 18:00 . 2008-12-08 18:00 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Dane aplikacji\CrucialSoft Ltd2008-12-07 13:13 . 2008-12-21 16:22 8,627 --a------ c:\windows\system32\PAV_FOG.OPC2008-12-07 12:58 . 2008-12-23 11:57 13,880 --a------ c:\windows\system32\drivers\COMFiltr.sys2008-12-07 12:56 . 2008-04-28 17:35 84,024 --a------ c:\windows\system32\drivers\PAVDRV51.SYS2008-12-07 12:56 . 2007-03-15 19:38 54,832 --a------ c:\windows\system32\PAVCPL.CPL2008-12-07 12:55 . 2008-06-18 18:03 520,448 --a------ c:\windows\system32\PavSHook.dll2008-12-07 12:55 . 2003-10-22 18:23 446,464 --a------ c:\windows\system32\HHActiveX.dll2008-12-07 12:55 . 2008-06-24 14:48 193,280 --a------ c:\windows\system32\TpUtil.dll2008-12-07 12:55 . 2007-02-08 11:53 107,568 --a------ c:\windows\system32\SYSTOOLS.DLL2008-12-07 12:55 . 2008-06-18 18:03 87,296 --a------ c:\windows\system32\PavLspHook.dll2008-12-07 12:55 . 2008-03-18 16:58 58,672 --a------ c:\windows\system32\AVLDR.DLL2008-12-07 12:55 . 2008-06-18 18:03 55,552 --a------ c:\windows\system32\PAVIPC.DLL2008-12-07 12:54 . 2008-06-19 17:24 28,544 --a------ c:\windows\system32\drivers\PAVBOOT.SYS2008-12-07 12:53 . 2008-02-07 12:03 179,640 --a------ c:\windows\system32\drivers\PavProc.sys2008-12-07 12:53 . 2008-03-04 15:59 41,144 --a------ c:\windows\system32\drivers\ShlDrv51.sys2008-12-07 12:47 . 2008-12-23 00:30 421 --a------ c:\windows\AvDetected.ini2008-12-06 15:51 . 2008-12-06 15:51 <DIR> d--hs---- C:\FOUND.0602008-12-05 14:58 . 2008-12-05 14:58 <DIR> d--hs---- C:\FOUND.0592008-12-04 20:27 . 2008-12-04 20:27 <DIR> d--hs---- C:\FOUND.0582008-12-04 19:58 . 2008-12-04 19:58 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Dane aplikacji\Kaspersky Lab Setup Files2008-12-03 09:43 . 2008-12-03 09:43 <DIR> d--hs---- C:\FOUND.0572008-12-02 23:56 . 2008-12-02 23:56 <DIR> d--hs---- C:\FOUND.0562008-12-02 00:43 . 2008-12-02 00:43 <DIR> d--hs---- C:\FOUND.0552008-12-01 19:43 . 2008-12-01 19:43 <DIR> d--hs---- C:\FOUND.0542008-12-01 17:50 . 2008-12-01 17:50 <DIR> d-------- c:\program files\Ares2008-12-01 10:30 . 2008-12-01 10:30 <DIR> d--hs---- C:\FOUND.0532008-11-30 19:37 . 2008-11-30 19:37 <DIR> d-------- c:\program files\Kaspersky Lab2008-11-30 19:37 . 2008-11-30 19:37 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Dane aplikacji\Kaspersky Lab2008-11-30 18:02 . 2008-11-30 18:02 <DIR> d--hs---- C:\#GDATA.Trash.Store#2008-11-30 13:46 . 2008-11-30 13:46 68,296 --a------ c:\windows\system32\drivers\GRD.sys2008-11-30 13:32 . 2008-11-30 13:32 50,888 --a------ c:\windows\system32\drivers\MiniIcpt.sys2008-11-30 13:30 . 2008-11-30 13:30 50,888 --a------ c:\windows\system32\drivers\GDTdiIcpt.sys2008-11-30 13:30 . 2008-11-30 13:30 22,272 --a------ c:\windows\system32\drivers\GDNdisIc.sys2008-11-30 13:28 . 2008-11-30 13:28 <DIR> d-------- c:\program files\G DATA2008-11-30 13:28 . 2008-11-30 13:28 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Dane aplikacji\G DATA2008-11-28 15:01 . 2008-11-28 15:01 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Dane aplikacji\2D5D2008-11-28 14:59 . 2008-11-28 14:59 <DIR> d-------- c:\program files\BearShare Applications2008-11-28 14:59 . 2008-09-25 14:20 483,328 --a------ c:\windows\system32\actskn45.ocx2008-11-23 09:15 . 2008-11-23 09:15 <DIR> d--hs---- C:\FOUND.0522008-11-23 00:25 . 2008-11-23 00:25 <DIR> d--hs---- C:\FOUND.051.(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-11-22 01:12 27,904 ----a-w c:\windows\system32\drivers\ndisprot.sys2008-11-15 11:59 107,888 ----a-w c:\windows\system32\CmdLineExt.dll2008-11-15 11:59 --------- d--h--r c:\documents and settings\mazurek.MAZUREK-639CF42\Dane aplikacji\SecuROM2008-11-10 15:17 --------- d-----w c:\program files\Citrix2008-11-06 15:45 --------- d-----w c:\documents and settings\mazurek.MAZUREK-639CF42\Dane aplikacji\e-Kiosk Reader2008-11-06 15:31 --------- d-----w c:\program files\e-Kiosk Reader2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys2008-10-24 11:10 453,632 ------w c:\windows\system32\dllcache\mrxsmb.sys2008-10-21 17:09 21,024 ----a-w c:\documents and settings\mazurek.MAZUREK-639CF42\Dane aplikacji\GDIPFONTCACHEV1.DAT2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll2008-10-16 13:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll2008-10-16 13:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll2008-10-16 13:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll2008-10-16 13:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe2008-10-16 13:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll2008-10-16 13:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll2008-10-15 18:00 332,800 ----a-w c:\windows\system32\dllcache\netapi32.dll2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll2008-01-30 21:29 32 ----a-w c:\documents and settings\All Users.WINDOWS\Dane aplikacji\ezsid.dat.((((((((((((((((((((((((((((( snapshot@2008-12-23_11.12.54,59 ))))))))))))))))))))))))))))))))))))))))).+ 2008-12-23 11:18:02 10,134 ----a-r c:\windows\Installer\{E6B6FA66-92E7-4859-B0C6-1E70FC9700FD}\callmsi.exe+ 2008-12-23 11:18:02 136,448 ----a-r c:\windows\Installer\{E6B6FA66-92E7-4859-B0C6-1E70FC9700FD}\egui.exe+ 2008-07-01 07:56:22 39,944 ----a-w c:\windows\system32\drivers\eamon.sys+ 2008-07-01 07:57:14 53,256 ----a-w c:\windows\system32\drivers\easdrv.sys+ 2008-07-01 08:04:40 34,312 ----a-w c:\windows\system32\drivers\epfwtdir.sys.((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NvMediaCenter"="c:\windows\system32\NVMCTRAY.DLL" [2003-11-18 49152]"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2007-11-14 2131392]"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 443968]"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-06-03 21718312]"ares"="c:\program files\Ares\Ares.exe" [2008-11-24 881152][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-11-18 3022848]"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]"BigDog305"="c:\windows\VM305_STI.EXE" [2005-08-05 61440]"WooCnxMon"="c:\progra~1\NEOSTR~1\CnxMon.exe" [2003-10-16 24576]"WOOWATCH"="c:\progra~1\NEOSTR~1\Watch.exe" [2003-10-16 20480]"WOOTASKBARICON"="c:\progra~1\NEOSTR~1\TaskbarIcon.exe" [2003-10-16 53248]"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 487424]"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]"Office register"="c:\program files\Common Files\Microsoft Shared\Office10\MSOICON.EXE" [2008-05-13 172544]"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-02-28 570664]"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-04-01 36352]"egui"="e:\antivirus\egui.exe" [2008-07-01 1447168]"nwiz"="nwiz.exe" [2003-11-18 c:\windows\system32\nwiz.exe]"SoundMan"="SOUNDMAN.EXE" [2003-12-19 c:\windows\SOUNDMAN.EXE][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 443968]c:\documents and settings\All Users.WINDOWS\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-02-15 962661]Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]2008-03-18 16:58 58672 c:\windows\system32\AVLDR.DLL[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]@="Service"[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="c:\\Program Files\\Gadu-Gadu\\gg.exe"="c:\\Program Files\\Ares\\Ares.exe"="c:\\Program Files\\Bonjour\\mDNSResponder.exe"="c:\\Documents and Settings\\All Users.WINDOWS\\Dane aplikacji\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\Polish\\setup.exe"="c:\\Program Files\\Skype\\Phone\\Skype.exe"="c:\\Program Files\\Common Files\\Microsoft Shared\\Office10\\MSOICON.EXE"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"9443:TCP"= 9443:TCP:BitComet 9443 TCP"9443:UDP"= 9443:UDP:BitComet 9443 UDP"8461:TCP"= 8461:TCP:GoD High Port"8462:TCP"= 8462:TCP:GoD Low PortR0 pavboot;Panda boot driver;c:\windows\system32\Drivers\pavboot.sys [2008-12-07 28544]R1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2008-07-01 34312]R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\DRIVERS\ShlDrv51.sys [2008-12-07 41144]R2 ekrn;Eset Service;e:\antivirus\ekrn.exe [2008-07-01 468224]R2 PavProc;Panda Process Protection Driver;\??\c:\windows\system32\DRIVERS\PavProc.sys [2008-12-07 179640]R3 ZSMC0305;A4 Tech PC Camera V;c:\windows\system32\Drivers\usbVM305.sys [2008-01-30 391688]S2 Gwmsrv;Panda Goodware Cache Manager;c:\windows\system32\svchost -k Panda []S2 PskSvcRetail;Panda PSK service;"e:\panda\PskSvc.exe" []S3 ComFiltr;Panda Anti-Dialer;\??\c:\windows\system32\DRIVERS\COMFiltr.sys [2008-12-07 13880]S3 Ndisprot;ArcNet NDIS Protocol Driver;\??\c:\windows\system32\drivers\Ndisprot.sys [2008-11-22 27904]S3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\PavTPK.sys []S3 se46bus;Sony Ericsson Device 070 driver (WDM);c:\windows\system32\DRIVERS\se46bus.sys [2008-04-04 61536]S3 se46mdfl;Sony Ericsson Device 070 USB WMC Modem Filter;c:\windows\system32\DRIVERS\se46mdfl.sys [2008-04-04 9360]S3 se46mdm;Sony Ericsson Device 070 USB WMC Modem Driver;c:\windows\system32\DRIVERS\se46mdm.sys [2008-04-04 97088]S3 se46mgmt;Sony Ericsson Device 070 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\se46mgmt.sys [2008-04-12 88624]S3 se46nd5;Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (NDIS);c:\windows\system32\DRIVERS\se46nd5.sys [2008-04-12 18704]S3 se46obex;Sony Ericsson Device 070 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\se46obex.sys [2008-04-12 86432]S3 se46unic;Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (WDM);c:\windows\system32\DRIVERS\se46unic.sys [2008-04-12 90800]S3 SetupNTGLM7X;SetupNTGLM7X;\??\G:\NTGLM7X.sys [][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]panda REG_MULTI_SZ Gwmsrv*Newly Created Service* - EAMON*Newly Created Service* - EASDRV*Newly Created Service* - EKRN*Newly Created Service* - EPFWTDIR.Zawartość folderu 'Zaplanowane zadania'2008-12-07 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34].- - - - USUNIĘTO PUSTE WPISY - - - -HKLM-Run-APVXDWIN - e:\panda\APVXDWIN.EXEHKLM-Run-SCANINICIO - e:\panda\Inicio.exe.------- Skan uzupełniający -------.uStart Page = about:blankuDefault_Search_URL = hxxp://www.google.com/ieuInternet Connection Wizard,ShellNext = iexploreuInternet Settings,ProxyOverride = *.localuSearchURL,(Default) = hxxp://www.google.com/search?q=%sIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000IE: { - c:\program files\Messenger\msmsgs.exeIE: {c:\program files\Messenger\msmsgs.exe - -.**************************************************************************catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-12-23 12:32:49Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPIskanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ...HKLM\Software\Microsoft\Windows\CurrentVersion\Run BigDog305 = c:\windows\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)???????????????????0?????????@?????????????? skanowanie ukrytych plików ... skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************.--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------- - - - - - - > 'winlogon.exe'(472)c:\windows\system32\avldr.dll.Czas ukończenia: 2008-12-23 12:33:45ComboFix-quarantined-files.txt 2008-12-23 11:33:44ComboFix2.txt 2008-12-23 10:15:56Przed: 9 843 064 832 bajtów wolnychPo: 9,833,709,568 bajtów wolnych568 --- E O F --- 2008-11-28 17:09:36
Mateusz J. komentarz 23 grudnia 2008 komentarz 23 grudnia 2008 Tym razem do notatnika wklej: Folder::c:\program files\BearShare ApplicationsC:\FOUND.052C:\FOUND.051C:\FOUND.063C:\FOUND.062C:\FOUND.061C:\FOUND.060C:\FOUND.059C:\FOUND.058C:\FOUND.057C:\FOUND.056C:\FOUND.055C:\FOUND.054C:\FOUND.053 Następny log jest już zbędny. Usuń folder c:\QooBox. Dla pewności możesz przeskanować komputer malwarebytes.
Patka komentarz 23 grudnia 2008 komentarz 23 grudnia 2008 Ok ;)dziękuje Ci bardzo bardzo;* dużo mi pomogłeś jesteś kochany dzięki dzięki;))))))))
mlodymce komentarz 26 grudnia 2008 komentarz 26 grudnia 2008 witam tez mam problem z tym komunikatem "you have a security probem" i zrobiłem jak było opisane wczesniej i w tym programie hijackthis wyszlo mi to co podam nizej i proszę o sprawdzenie z gory dziekuje Logfile of Trend Micro HijackThis v2.0.2Scan saved at 20:12:23, on 2008-12-26Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5730.0013)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\RTHDCPL.EXEC:\WINDOWS\system32\rundll32.exeC:\PROGRA~1\AVG\AVG8\avgtray.exeC:\PROGRA~1\NEOSTR~1\TaskBarIcon.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\WINDOWS\system32\ctfmon.exeC:\Program Files\DAEMON Tools Lite\daemon.exeC:\Program Files\DNA\btdna.exeC:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exeC:\Program Files\neostrada tp\neostradatp.exeC:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exeC:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exeC:\DOCUME~1\MODY~1\USTAWI~1\Temp\yyy4438.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\Program Files\neostrada tp\ComComp.exeC:\WINDOWS\System32\FTRTSVC.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\PnkBstrA.exeC:\PROGRA~1\NEOSTR~1\Toaster.exeC:\PROGRA~1\NEOSTR~1\Inactivity.exeC:\WINDOWS\system32\svchost.exeC:\PROGRA~1\NEOSTR~1\PollingModule.exeC:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXEC:\PROGRA~1\AVG\AVG8\avgrsx.exeC:\PROGRA~1\AVG\AVG8\avgemc.exeC:\Program Files\PC Connectivity Solution\ServiceLayer.exeC:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exeC:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exeC:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exeC:\Program Files\neostrada tp\Watch.exeC:\Program Files\Xfire\xfire.exeC:\WINDOWS\system32\PnkBstrB.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.atcomet.com/b/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = neostrada tpR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ŁączaR3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLLO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dllO2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dllO2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\WINDOWS\system32\msxml71.dllO2 - BHO: Expressivo - {85F685C3-20D9-4943-95E4-EB4224056C3F} - C:\Program Files\ivo\Expressivo\integr\ih-iexplorer\IH_iexplorer.dllO2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLLO3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLLO3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\PROGRA~1\TEXTAL~1\TAForIE.dllO3 - Toolbar: Expressivo - {85F685C3-20D9-4943-95E4-EB4224056C3F} - C:\Program Files\ivo\Expressivo\integr\ih-iexplorer\IH_iexplorer.dllO4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXEO4 - HKLM\..\Run: [skyTel] SkyTel.EXEO4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXEO4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exeO4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\GestMaj.exe TaskBarIcon.exeO4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBarO4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exeO4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exeO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorunO4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe"O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialogO4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytrayO4 - HKCU\..\Run: [Expressivo] "C:\Program Files\ivo\Expressivo\expressivo.exe" -tO4 - HKCU\..\Run: [RGSC] C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silentO4 - HKCU\..\Run: [MSFox] C:\DOCUME~1\MODY~1\USTAWI~1\Temp\yyy4438.exeO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htmO8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htmO8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htmO8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO10 - Unknown file in Winsock LSP: c:\windows\system32\prxernsp.dllO10 - Unknown file in Winsock LSP: c:\windows\system32\prxerdrv.dllO10 - Unknown file in Winsock LSP: c:\windows\system32\prxerdrv.dllO17 - HKLM\System\CCS\Services\Tcpip\..\{1444A18F-3C05-4C0C-B0EF-7E432813FF18}: NameServer = 194.204.159.1 217.98.63.164O17 - HKLM\System\CS1\Services\Tcpip\..\{1444A18F-3C05-4C0C-B0EF-7E432813FF18}: NameServer = 194.204.159.1 217.98.63.164O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dllO20 - AppInit_DLLs: avgrsstx.dllO23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\WINDOWS\System32\appdrvrem01.exeO23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exeO23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exeO23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exeO23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exeO23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exeO23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe--End of file - 9612 bytes A tutaj zapomnialem dodac jeszcze 2 logi z proramu silent runners1. "Silent Runners.vbs", revision 59, http://www.silentrunners.org/Operating System: Windows XPOutput limited to non-default values, except where indicated by "{++}"Startup items buried in registry:---------------------------------HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]"DAEMON Tools Lite" = ""C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun" ["DT Soft Ltd"]"BitTorrent DNA" = ""C:\Program Files\DNA\btdna.exe"" ["BitTorrent, Inc."]"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = ""C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"" ["Nero AG"]"Nokia.PCSync" = ""C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog" ["Time Information Services Ltd."]"PC Suite Tray" = ""C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray" ["Nokia"]"Expressivo" = ""C:\Program Files\ivo\Expressivo\expressivo.exe" -t" ["IVO Software Sp. z o.o."]"RGSC" = "C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent" [null data]"MSFox" = "C:\DOCUME~1\MODY~1\USTAWI~1\Temp\yyy4438.exe" [null data]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}"RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."]"SkyTel" = "SkyTel.EXE" ["Realtek Semiconductor Corp."]"Alcmtr" = "ALCMTR.EXE" ["Realtek Semiconductor Corp."]"WOOWATCH" = "C:\PROGRA~1\NEOSTR~1\Watch.exe" ["France Télécom R&D"]"WOOTASKBARICON" = "C:\PROGRA~1\NEOSTR~1\GestMaj.exe TaskBarIcon.exe" ["France Télécom R&D"]"AdslTaskBar" = "rundll32.exe stmctrl.dll,TaskBar" [MS]"WinampAgent" = ""C:\Program Files\Winamp\winampa.exe"" [file not found]"AVG8_TRAY" = "C:\PROGRA~1\AVG\AVG8\avgtray.exe" ["AVG Technologies CZ, s.r.o."]"NeroFilterCheck" = "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" ["Nero AG"]"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]"MSConfig" = "C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto" [MS]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "Adobe PDF Reader Link Helper" \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}\(Default) = "BitComet ClickCapture" -> {HKLM...CLSID} = "BitComet Helper" \InProcServer32\(Default) = "C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll" ["BitComet"]{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\(Default) = "WormRadar.com IESiteBlocker.NavFilter" -> {HKLM...CLSID} = "AVG Safe Search" \InProcServer32\(Default) = "C:\Program Files\AVG\AVG8\avgssie.dll" ["AVG Technologies CZ, s.r.o."]{500BCA15-57A7-4eaf-8143-8C619470B13D}\(Default) = "XML module" -> {HKLM...CLSID} = "XML Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\msxml71.dll" [null data]{85F685C3-20D9-4943-95E4-EB4224056C3F}\(Default) = (no title provided) -> {HKLM...CLSID} = "Expressivo" \InProcServer32\(Default) = "C:\Program Files\ivo\Expressivo\integr\ih-iexplorer\IH_iexplorer.dll" ["IVO Software Sp. z o.o."]{A057A204-BACC-4D26-9990-79A187E2698E}\(Default) = (no title provided) -> {HKLM...CLSID} = "AVG Security Toolbar" \InProcServer32\(Default) = "C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL" ["AVG, Technologies CZ, s.r.o "]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania" -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania" \InProcServer32\(Default) = "deskpan.dll" [file not found]"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]"{EFA24E62-B078-11d0-89E4-00C04FC9E26E}" = "History Band" -> {HKLM...CLSID} = "History Band" \InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG8 Shell Extension" -> {HKLM...CLSID} = "AVG8 Shell Extension Class" \InProcServer32\(Default) = "C:\Program Files\AVG\AVG8\avgse.dll" ["AVG Technologies CZ, s.r.o."]"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler" -> {HKLM...CLSID} = "NeroDigitalIconHandler Class" \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler" -> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class" \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler" -> {HKLM...CLSID} = "Microsoft Office Outlook" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]"{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}" = "Nokia Phone Browser" -> {HKLM...CLSID} = "Nokia Phone Browser" \InProcServer32\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 7\phonebrowser.dll" ["Nokia"]"{0561EC90-CE54-4f0c-9C55-E226110A740C}" = "Haali Column Provider" -> {HKLM...CLSID} = "Haali Column Provider" \InProcServer32\(Default) = "C:\WINDOWS\system32\mmfinfo.dll" [null data]"{5574006C-28F5-4a65-A28C-74DE6BFBE0BB}" = "Haali Matroska Shell Property Page" -> {HKLM...CLSID} = "Haali Matroska Shell Property Page" \InProcServer32\(Default) = "C:\WINDOWS\system32\mmfinfo.dll" [null data]"{327669A0-59A7-4be9-B99E-1C9F3A57611A}" = "Haali Matroska Thumbnail Extractor" -> {HKLM...CLSID} = "Haali Matroska Thumbnail Extractor" \InProcServer32\(Default) = "C:\WINDOWS\system32\mmfinfo.dll" [null data]"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class" -> {HKLM...CLSID} = "DesktopContext Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper" -> {HKLM...CLSID} = "NVIDIA CPL Extension" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer" -> {HKLM...CLSID} = "Desktop Explorer" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu" -> {HKLM...CLSID} = "nView Desktop Context Menu" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" -> {HKLM...CLSID} = "WPDShServiceObj Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0561EC90-CE54-4f0c-9C55-E226110A740C}\(Default) = "Haali Column Provider" -> {HKLM...CLSID} = "Haali Column Provider" \InProcServer32\(Default) = "C:\WINDOWS\system32\mmfinfo.dll" [null data]{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler" -> {HKLM...CLSID} = "NeroDigitalColumnHandler Class" \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\AVG8 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" -> {HKLM...CLSID} = "AVG8 Shell Extension Class" \InProcServer32\(Default) = "C:\Program Files\AVG\AVG8\avgse.dll" ["AVG Technologies CZ, s.r.o."]WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AVG8 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" -> {HKLM...CLSID} = "AVG8 Shell Extension Class" \InProcServer32\(Default) = "C:\Program Files\AVG\AVG8\avgse.dll" ["AVG Technologies CZ, s.r.o."]WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]Group Policies {GPedit.msc branch and setting}:-----------------------------------------------Note: detected settings may not have any effect.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|Shutdown: Allow system to be shut down without having to log on}"undockwithoutlogon" = (REG_DWORD) dword:0x00000001{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|Devices: Allow undock without having to log on}Active Desktop and Wallpaper:-----------------------------Active Desktop may be disabled at this entry:HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellStateDisplayed if Active Desktop enabled and wallpaper not set by Group Policy:HKCU\Software\Microsoft\Internet Explorer\Desktop\General\"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"Displayed if Active Desktop disabled and wallpaper not set by Group Policy:HKCU\Control Panel\Desktop\"Wallpaper" = "C:\Documents and Settings\Młody\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"Enabled Screen Saver:---------------------HKCU\Control Panel\Desktop\"SCRNSAVE.EXE" = "C:\WINDOWS\GORGOR~1.SCR" (gorgoroth_screensaver_audioversion.scr) [empty string]Windows Portable Device AutoPlay Handlers-----------------------------------------HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\MPCPlayCDAudioOnArrival\"Provider" = "Media Player Classic""InvokeProgID" = "MediaPlayerClassic.Autorun""InvokeVerb" = "PlayCDAudio"HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayCDAudio\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1 /cd" ["Gabest"]MPCPlayDVDMovieOnArrival\"Provider" = "Media Player Classic""InvokeProgID" = "MediaPlayerClassic.Autorun""InvokeVerb" = "PlayDVDMovie"HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayDVDMovie\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1 /dvd" ["Gabest"]MPCPlayMusicFilesOnArrival\"Provider" = "Media Player Classic""InvokeProgID" = "MediaPlayerClassic.Autorun""InvokeVerb" = "PlayMusicFiles"HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayMusicFiles\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1" ["Gabest"]MPCPlayVideoFilesOnArrival\"Provider" = "Media Player Classic""InvokeProgID" = "MediaPlayerClassic.Autorun""InvokeVerb" = "PlayVideoFiles"HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayVideoFiles\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1" ["Gabest"]MSWPDShellNamespaceHandler\"Provider" = "@%SystemRoot%\System32\WPDShextRes.dll,-501""CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}""InitCmdLine" = " " -> {HKLM...CLSID} = "WPDShextAutoplay" \LocalServer32\(Default) = "C:\WINDOWS\system32\WPDShextAutoplay.exe" [MS]NeroAutoPlay7AudioToNeroDigital\"Provider" = "Nero Burning ROM""InvokeProgID" = "Nero.AutoPlay7""InvokeVerb" = "AudioToNeroDigital_PlayCDAudioOnArrival"HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\AudioToNeroDigital_PlayCDAudioOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe /Dialog:SaveTracks %L" ["Nero AG"]NeroAutoPlay7CDAudio\"Provider" = "Nero Express""InvokeProgID" = "Nero.AutoPlay7""InvokeVerb" = "CDAudio_HandleCDBurningOnArrival"HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\CDAudio_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe -w /New:AudioCD" ["Nero AG"]NeroAutoPlay7CopyCD\"Provider" = "Nero Burning ROM""InvokeProgID" = "Nero.AutoPlay7""InvokeVerb" = "CopyCD_PlayMusicFilesOnArrival"HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\CopyCD_PlayMusicFilesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe /Dialog:DiscCopy %L" ["Nero AG"]NeroAutoPlay7DataDisc\"Provider" = "Nero Express""InvokeProgID" = "Nero.AutoPlay7""InvokeVerb" = "DataDisc_HandleCDBurningOnArrival"HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\DataDisc_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe -w /New:ISODisc" ["Nero AG"]NeroAutoPlay7LaunchNeroStartSmart\"Provider" = "Nero StartSmart""InvokeProgID" = "Nero.AutoPlay7""InvokeVerb" = "LaunchNeroStartSmart_HandleCDBurningOnArrival"HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\LaunchNeroStartSmart_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe /AutoPlay" ["Nero AG"]NeroAutoPlay7PlayAudioCD\"Provider" = "Nero ShowTime""InvokeProgID" = "Nero.AutoPlay7""InvokeVerb" = "PlayAudioCD_PlayMusicFilesOnArrival"HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\PlayAudioCD_PlayMusicFilesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe /Play %L" ["Nero AG"]NeroAutoPlay7PlayDVD\"Provider" = "Nero ShowTime""InvokeProgID" = "Nero.AutoPlay7""InvokeVerb" = "PlayDVD_PlayVideoFilesOnArrival"HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\PlayDVD_PlayVideoFilesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe /Play %L" ["Nero AG"]NeroAutoPlay7RipCD\"Provider" = "Nero Burning ROM""InvokeProgID" = "Nero.AutoPlay7""InvokeVerb" = "RipCD_PlayCDAudioOnArrival"HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\RipCD_PlayCDAudioOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe /Dialog:SaveTracks %L" ["Nero AG"]NeroAutoPlay7TranscodeVideo\"Provider" = "Nero Recode""InvokeProgID" = "Nero.AutoPlay7""InvokeVerb" = "TranscodeVideo_PlayDVDMovieOnArrival"HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\TranscodeVideo_PlayDVDMovieOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero Recode\Recode.exe /New:CopyDVDVideo" ["Nero AG"]NeroAutoPlay7VideoCapture\"Provider" = "Nero Vision""ProgID" = "Shell.HWEventHandlerShellExecute""InitCmdLine" = ""C:\Program Files\Nero\Nero 7\Nero Vision\NeroVision.exe" /New:VideoCapture"HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" -> {HKLM...CLSID} = "ShellExecute HW Event Handler" \LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]NeroAutoPlay7ViewPhotos\"Provider" = "Nero PhotoSnap Viewer""InvokeProgID" = "Nero.AutoPlay7""InvokeVerb" = "ViewPhotos_ShowPicturesOnArrival"HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\ViewPhotos_ShowPicturesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero PhotoSnap\PhotoSnapViewer.exe /" ["Nero AG"]NMMPlayCDAudioOnArrival\"Provider" = "Nokia Music Manager""InvokeProgID" = "NokiaMusicManager""InvokeVerb" = "NMMPlayCD"HKLM\SOFTWARE\Classes\NokiaMusicManager\shell\NMMPlayCD\command\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 7\MusicManager.exe /playCD "%L"" ["Nokia"]NMMRipCDAudioOnArrival\"Provider" = "Nokia Music Manager""InvokeProgID" = "NokiaMusicManager""InvokeVerb" = "NMMRipCD"HKLM\SOFTWARE\Classes\NokiaMusicManager\shell\NMMRipCD\command\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 7\MusicManager.exe /ripCD "%L"" ["Nokia"]Picasa2ImportPicturesOnArrival\"Provider" = "Picasa2""InvokeProgID" = "picasa2.autoplay""InvokeVerb" = "import"HKLM\SOFTWARE\Classes\picasa2.autoplay\shell\import\command\(Default) = "C:\Program Files\Picasa2\Picasa2.exe "%1"" ["Google Inc."]WinampMTPHandler\"Provider" = "Winamp""ProgID" = "Shell.HWEventHandlerShellExecute""InitCmdLine" = "C:\Program Files\Winamp\winamp.exe"HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" -> {HKLM...CLSID} = "ShellExecute HW Event Handler" \LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]WinampPlayMediaOnArrival\"Provider" = "Winamp""InvokeProgID" = "Winamp.File""InvokeVerb" = "Play"HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\command\(Default) = ""C:\Program Files\Winamp\winamp.exe" "%1"" ["Nullsoft"]HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\DropTarget\CLSID = "{46986115-84D6-459c-8F95-52DD653E532E}" -> {HKLM...CLSID} = (no title provided) \LocalServer32\(Default) = ""C:\Program Files\Winamp\winamp.exe"" ["Nullsoft"]Enabled Scheduled Tasks:------------------------"FRU Task #Hewlett-Packard#hp psc 1200 series#1222009905" -> launches: "C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe -I "#Hewlett-Packard#hp psc 1200 series#1222009905"" [empty string]Winsock2 Service Provider DLLs:-------------------------------Namespace Service ProvidersHKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]000000000004\LibraryPath = "%SystemRoot%\system32\PrxerNsp.dll" [" "]Transport Service ProvidersHKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:%SystemRoot%\system32\PrxerDrv.dll ["Initex Software"], 01, 07%SystemRoot%\system32\mswsock.dll [MS], 02 - 04, 08 - 19%SystemRoot%\system32\rsvpsp.dll [MS], 05 - 06Toolbars, Explorer Bars, Extensions:------------------------------------ToolbarsHKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\"{A057A204-BACC-4D26-9990-79A187E2698E}" -> {HKLM...CLSID} = "AVG Security Toolbar" \InProcServer32\(Default) = "C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL" ["AVG, Technologies CZ, s.r.o "]HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\"{A057A204-BACC-4D26-9990-79A187E2698E}" = (no title provided) -> {HKLM...CLSID} = "AVG Security Toolbar" \InProcServer32\(Default) = "C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL" ["AVG, Technologies CZ, s.r.o "]"{F053C368-5458-45B2-9B4D-D8914BDDDBFF}" = (no title provided) -> {HKLM...CLSID} = "TextAloud" \InProcServer32\(Default) = "C:\PROGRA~1\TEXTAL~1\TAForIE.dll" [empty string]"{85F685C3-20D9-4943-95E4-EB4224056C3F}" = "Expressivo" -> {HKLM...CLSID} = "Expressivo" \InProcServer32\(Default) = "C:\Program Files\ivo\Expressivo\integr\ih-iexplorer\IH_iexplorer.dll" ["IVO Software Sp. z o.o."]Explorer BarsHKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\HKLM\SOFTWARE\Classes\CLSID\{F053C368-5458-45B2-9B4D-D8914BDDDBFF}\(Default) = "TextAloud"Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]InProcServer32\(Default) = "C:\PROGRA~1\TEXTAL~1\TAForIE.dll" [empty string]HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Badanie"Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS]Extensions (Tools menu items, main toolbar menu buttons)HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}\"ButtonText" = "Badanie"{D18A0B52-D63C-4ED0-AFC6-C1E3DC1AF43A}\"ButtonText" = "BitComet""Script" = "res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206" ["BitComet"]{E2E2DD38-D088-4134-82B7-F2BA38496583}\"MenuText" = "@xpsp3res.dll,-20001""Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]Miscellaneous IE Hijack Points------------------------------HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\<<H>> "{08C06D61-F1F3-4799-86F8-BE1A89362C85}" = (no title provided) -> {HKLM...CLSID} = "Search Class" \InProcServer32\(Default) = "C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL" [empty string]Running Services (Display Name, Service Name, Path {Service DLL}):------------------------------------------------------------------AVG Free8 E-mail Scanner, avg8emc, "C:\PROGRA~1\AVG\AVG8\avgemc.exe" ["AVG Technologies CZ, s.r.o."]AVG Free8 WatchDog, avg8wd, "C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe" ["AVG Technologies CZ, s.r.o."]France Telecom Routing Table Service, FTRTSVC, "C:\WINDOWS\System32\FTRTSVC.exe" ["France Telecom"]Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS]NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]PnkBstrA, PnkBstrA, "C:\WINDOWS\system32\PnkBstrA.exe" [null data]PnkBstrB, PnkBstrB, "C:\WINDOWS\system32\PnkBstrB.exe" [null data]ServiceLayer, ServiceLayer, ""C:\Program Files\PC Connectivity Solution\ServiceLayer.exe"" ["Nokia."]Windows Driver Foundation - User-mode Driver Framework, WudfSvc, "C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup" {"C:\WINDOWS\System32\WUDFSvc.dll" [MS]}Windows Presentation Foundation Font Cache 3.0.0.0, FontCache3.0.0.0, "C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe" [MS]Print Monitors:---------------HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\hpzsnt07\Driver = "hpzsnt07.dll" ["HP"]Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]---------- (launch time: 2008-12-26 21:38:47)<<!>>: Suspicious data at a malware launch point.<<H>>: Suspicious data at a browser hijack point.+ This report excludes default entries except where indicated.+ To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter.+ To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer "No" at the first message box and "Yes" at the second message box.---------- (total run time: 36 seconds, including 18 seconds for message boxes)2."Silent Runners.vbs", revision 59, http://www.silentrunners.org/Operating System: Windows XPOutput limited to non-default values, except where indicated by "{++}"Startup items buried in registry:---------------------------------HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]"DAEMON Tools Lite" = ""C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun" ["DT Soft Ltd"]"BitTorrent DNA" = ""C:\Program Files\DNA\btdna.exe"" ["BitTorrent, Inc."]"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = ""C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"" ["Nero AG"]"Nokia.PCSync" = ""C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog" ["Time Information Services Ltd."]"PC Suite Tray" = ""C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray" ["Nokia"]"Expressivo" = ""C:\Program Files\ivo\Expressivo\expressivo.exe" -t" ["IVO Software Sp. z o.o."]"RGSC" = "C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent" [null data]"MSFox" = "C:\DOCUME~1\MODY~1\USTAWI~1\Temp\yyy4438.exe" [null data]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}"RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."]"SkyTel" = "SkyTel.EXE" ["Realtek Semiconductor Corp."]"Alcmtr" = "ALCMTR.EXE" ["Realtek Semiconductor Corp."]"WOOWATCH" = "C:\PROGRA~1\NEOSTR~1\Watch.exe" ["France Télécom R&D"]"WOOTASKBARICON" = "C:\PROGRA~1\NEOSTR~1\GestMaj.exe TaskBarIcon.exe" ["France Télécom R&D"]"AdslTaskBar" = "rundll32.exe stmctrl.dll,TaskBar" [MS]"WinampAgent" = ""C:\Program Files\Winamp\winampa.exe"" [file not found]"AVG8_TRAY" = "C:\PROGRA~1\AVG\AVG8\avgtray.exe" ["AVG Technologies CZ, s.r.o."]"NeroFilterCheck" = "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" ["Nero AG"]"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]"MSConfig" = "C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto" [MS]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "Adobe PDF Reader Link Helper" \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}\(Default) = "BitComet ClickCapture" -> {HKLM...CLSID} = "BitComet Helper" \InProcServer32\(Default) = "C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll" ["BitComet"]{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\(Default) = "WormRadar.com IESiteBlocker.NavFilter" -> {HKLM...CLSID} = "AVG Safe Search" \InProcServer32\(Default) = "C:\Program Files\AVG\AVG8\avgssie.dll" ["AVG Technologies CZ, s.r.o."]{500BCA15-57A7-4eaf-8143-8C619470B13D}\(Default) = "XML module" -> {HKLM...CLSID} = "XML Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\msxml71.dll" [null data]{85F685C3-20D9-4943-95E4-EB4224056C3F}\(Default) = (no title provided) -> {HKLM...CLSID} = "Expressivo" \InProcServer32\(Default) = "C:\Program Files\ivo\Expressivo\integr\ih-iexplorer\IH_iexplorer.dll" ["IVO Software Sp. z o.o."]{A057A204-BACC-4D26-9990-79A187E2698E}\(Default) = (no title provided) -> {HKLM...CLSID} = "AVG Security Toolbar" \InProcServer32\(Default) = "C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL" ["AVG, Technologies CZ, s.r.o "]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania" -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania" \InProcServer32\(Default) = "deskpan.dll" [file not found]"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]"{EFA24E62-B078-11d0-89E4-00C04FC9E26E}" = "History Band" -> {HKLM...CLSID} = "History Band" \InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG8 Shell Extension" -> {HKLM...CLSID} = "AVG8 Shell Extension Class" \InProcServer32\(Default) = "C:\Program Files\AVG\AVG8\avgse.dll" ["AVG Technologies CZ, s.r.o."]"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler" -> {HKLM...CLSID} = "NeroDigitalIconHandler Class" \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler" -> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class" \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler" -> {HKLM...CLSID} = "Microsoft Office Outlook" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]"{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}" = "Nokia Phone Browser" -> {HKLM...CLSID} = "Nokia Phone Browser" \InProcServer32\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 7\phonebrowser.dll" ["Nokia"]"{0561EC90-CE54-4f0c-9C55-E226110A740C}" = "Haali Column Provider" -> {HKLM...CLSID} = "Haali Column Provider" \InProcServer32\(Default) = "C:\WINDOWS\system32\mmfinfo.dll" [null data]"{5574006C-28F5-4a65-A28C-74DE6BFBE0BB}" = "Haali Matroska Shell Property Page" -> {HKLM...CLSID} = "Haali Matroska Shell Property Page" \InProcServer32\(Default) = "C:\WINDOWS\system32\mmfinfo.dll" [null data]"{327669A0-59A7-4be9-B99E-1C9F3A57611A}" = "Haali Matroska Thumbnail Extractor" -> {HKLM...CLSID} = "Haali Matroska Thumbnail Extractor" \InProcServer32\(Default) = "C:\WINDOWS\system32\mmfinfo.dll" [null data]"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class" -> {HKLM...CLSID} = "DesktopContext Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper" -> {HKLM...CLSID} = "NVIDIA CPL Extension" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer" -> {HKLM...CLSID} = "Desktop Explorer" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu" -> {HKLM...CLSID} = "nView Desktop Context Menu" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" -> {HKLM...CLSID} = "WPDShServiceObj Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0561EC90-CE54-4f0c-9C55-E226110A740C}\(Default) = "Haali Column Provider" -> {HKLM...CLSID} = "Haali Column Provider" \InProcServer32\(Default) = "C:\WINDOWS\system32\mmfinfo.dll" [null data]{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler" -> {HKLM...CLSID} = "NeroDigitalColumnHandler Class" \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\AVG8 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" -> {HKLM...CLSID} = "AVG8 Shell Extension Class" \InProcServer32\(Default) = "C:\Program Files\AVG\AVG8\avgse.dll" ["AVG Technologies CZ, s.r.o."]WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AVG8 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" -> {HKLM...CLSID} = "AVG8 Shell Extension Class" \InProcServer32\(Default) = "C:\Program Files\AVG\AVG8\avgse.dll" ["AVG Technologies CZ, s.r.o."]WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]Group Policies {GPedit.msc branch and setting}:-----------------------------------------------Note: detected settings may not have any effect.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|Shutdown: Allow system to be shut down without having to log on}"undockwithoutlogon" = (REG_DWORD) dword:0x00000001{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|Devices: Allow undock without having to log on}Active Desktop and Wallpaper:-----------------------------Active Desktop may be disabled at this entry:HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellStateDisplayed if Active Desktop enabled and wallpaper not set by Group Policy:HKCU\Software\Microsoft\Internet Explorer\Desktop\General\"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"Displayed if Active Desktop disabled and wallpaper not set by Group Policy:HKCU\Control Panel\Desktop\"Wallpaper" = "C:\Documents and Settings\Młody\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"Enabled Screen Saver:---------------------HKCU\Control Panel\Desktop\"SCRNSAVE.EXE" = "C:\WINDOWS\GORGOR~1.SCR" (gorgoroth_screensaver_audioversion.scr) [empty string]Windows Portable Device AutoPlay Handlers-----------------------------------------HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\MPCPlayCDAudioOnArrival\"Provider" = "Media Player Classic""InvokeProgID" = "MediaPlayerClassic.Autorun""InvokeVerb" = "PlayCDAudio"HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayCDAudio\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1 /cd" ["Gabest"]MPCPlayDVDMovieOnArrival\"Provider" = "Media Player Classic""InvokeProgID" = "MediaPlayerClassic.Autorun""InvokeVerb" = "PlayDVDMovie"HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayDVDMovie\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1 /dvd" ["Gabest"]MPCPlayMusicFilesOnArrival\"Provider" = "Media Player Classic""InvokeProgID" = "MediaPlayerClassic.Autorun""InvokeVerb" = "PlayMusicFiles"HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayMusicFiles\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1" ["Gabest"]MPCPlayVideoFilesOnArrival\"Provider" = "Media Player Classic""InvokeProgID" = "MediaPlayerClassic.Autorun""InvokeVerb" = "PlayVideoFiles"HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayVideoFiles\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1" ["Gabest"]MSWPDShellNamespaceHandler\"Provider" = "@%SystemRoot%\System32\WPDShextRes.dll,-501""CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}""InitCmdLine" = " " -> {HKLM...CLSID} = "WPDShextAutoplay" \LocalServer32\(Default) = "C:\WINDOWS\system32\WPDShextAutoplay.exe" [MS]NeroAutoPlay7AudioToNeroDigital\"Provider" = "Nero Burning ROM""InvokeProgID" = "Nero.AutoPlay7""InvokeVerb" = "AudioToNeroDigital_PlayCDAudioOnArrival"HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\AudioToNeroDigital_PlayCDAudioOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe /Dialog:SaveTracks %L" ["Nero AG"]NeroAutoPlay7CDAudio\"Provider" = "Nero Express""InvokeProgID" = "Nero.AutoPlay7""InvokeVerb" = "CDAudio_HandleCDBurningOnArrival"HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\CDAudio_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe -w /New:AudioCD" ["Nero AG"]NeroAutoPlay7CopyCD\"Provider" = "Nero Burning ROM""InvokeProgID" = "Nero.AutoPlay7""InvokeVerb" = "CopyCD_PlayMusicFilesOnArrival"HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\CopyCD_PlayMusicFilesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe /Dialog:DiscCopy %L" ["Nero AG"]NeroAutoPlay7DataDisc\"Provider" = "Nero Express""InvokeProgID" = "Nero.AutoPlay7""InvokeVerb" = "DataDisc_HandleCDBurningOnArrival"HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\DataDisc_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe -w /New:ISODisc" ["Nero AG"]NeroAutoPlay7LaunchNeroStartSmart\"Provider" = "Nero StartSmart""InvokeProgID" = "Nero.AutoPlay7""InvokeVerb" = "LaunchNeroStartSmart_HandleCDBurningOnArrival"HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\LaunchNeroStartSmart_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe /AutoPlay" ["Nero AG"]NeroAutoPlay7PlayAudioCD\"Provider" = "Nero ShowTime""InvokeProgID" = "Nero.AutoPlay7""InvokeVerb" = "PlayAudioCD_PlayMusicFilesOnArrival"HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\PlayAudioCD_PlayMusicFilesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe /Play %L" ["Nero AG"]NeroAutoPlay7PlayDVD\"Provider" = "Nero ShowTime""InvokeProgID" = "Nero.AutoPlay7""InvokeVerb" = "PlayDVD_PlayVideoFilesOnArrival"HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\PlayDVD_PlayVideoFilesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe /Play %L" ["Nero AG"]NeroAutoPlay7RipCD\"Provider" = "Nero Burning ROM""InvokeProgID" = "Nero.AutoPlay7""InvokeVerb" = "RipCD_PlayCDAudioOnArrival"HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\RipCD_PlayCDAudioOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe /Dialog:SaveTracks %L" ["Nero AG"]NeroAutoPlay7TranscodeVideo\"Provider" = "Nero Recode""InvokeProgID" = "Nero.AutoPlay7""InvokeVerb" = "TranscodeVideo_PlayDVDMovieOnArrival"HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\TranscodeVideo_PlayDVDMovieOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero Recode\Recode.exe /New:CopyDVDVideo" ["Nero AG"]NeroAutoPlay7VideoCapture\"Provider" = "Nero Vision""ProgID" = "Shell.HWEventHandlerShellExecute""InitCmdLine" = ""C:\Program Files\Nero\Nero 7\Nero Vision\NeroVision.exe" /New:VideoCapture"HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" -> {HKLM...CLSID} = "ShellExecute HW Event Handler" \LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]NeroAutoPlay7ViewPhotos\"Provider" = "Nero PhotoSnap Viewer""InvokeProgID" = "Nero.AutoPlay7""InvokeVerb" = "ViewPhotos_ShowPicturesOnArrival"HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\ViewPhotos_ShowPicturesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero PhotoSnap\PhotoSnapViewer.exe /" ["Nero AG"]NMMPlayCDAudioOnArrival\"Provider" = "Nokia Music Manager""InvokeProgID" = "NokiaMusicManager""InvokeVerb" = "NMMPlayCD"HKLM\SOFTWARE\Classes\NokiaMusicManager\shell\NMMPlayCD\command\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 7\MusicManager.exe /playCD "%L"" ["Nokia"]NMMRipCDAudioOnArrival\"Provider" = "Nokia Music Manager""InvokeProgID" = "NokiaMusicManager""InvokeVerb" = "NMMRipCD"HKLM\SOFTWARE\Classes\NokiaMusicManager\shell\NMMRipCD\command\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 7\MusicManager.exe /ripCD "%L"" ["Nokia"]Picasa2ImportPicturesOnArrival\"Provider" = "Picasa2""InvokeProgID" = "picasa2.autoplay""InvokeVerb" = "import"HKLM\SOFTWARE\Classes\picasa2.autoplay\shell\import\command\(Default) = "C:\Program Files\Picasa2\Picasa2.exe "%1"" ["Google Inc."]WinampMTPHandler\"Provider" = "Winamp""ProgID" = "Shell.HWEventHandlerShellExecute""InitCmdLine" = "C:\Program Files\Winamp\winamp.exe"HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" -> {HKLM...CLSID} = "ShellExecute HW Event Handler" \LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]WinampPlayMediaOnArrival\"Provider" = "Winamp""InvokeProgID" = "Winamp.File""InvokeVerb" = "Play"HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\command\(Default) = ""C:\Program Files\Winamp\winamp.exe" "%1"" ["Nullsoft"]HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\DropTarget\CLSID = "{46986115-84D6-459c-8F95-52DD653E532E}" -> {HKLM...CLSID} = (no title provided) \LocalServer32\(Default) = ""C:\Program Files\Winamp\winamp.exe"" ["Nullsoft"]Enabled Scheduled Tasks:------------------------"FRU Task #Hewlett-Packard#hp psc 1200 series#1222009905" -> launches: "C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe -I "#Hewlett-Packard#hp psc 1200 series#1222009905"" [empty string]Winsock2 Service Provider DLLs:-------------------------------Namespace Service ProvidersHKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]000000000004\LibraryPath = "%SystemRoot%\system32\PrxerNsp.dll" [" "]Transport Service ProvidersHKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:%SystemRoot%\system32\PrxerDrv.dll ["Initex Software"], 01, 07%SystemRoot%\system32\mswsock.dll [MS], 02 - 04, 08 - 19%SystemRoot%\system32\rsvpsp.dll [MS], 05 - 06Toolbars, Explorer Bars, Extensions:------------------------------------ToolbarsHKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\"{A057A204-BACC-4D26-9990-79A187E2698E}" -> {HKLM...CLSID} = "AVG Security Toolbar" \InProcServer32\(Default) = "C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL" ["AVG, Technologies CZ, s.r.o "]HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\"{A057A204-BACC-4D26-9990-79A187E2698E}" = (no title provided) -> {HKLM...CLSID} = "AVG Security Toolbar" \InProcServer32\(Default) = "C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL" ["AVG, Technologies CZ, s.r.o "]"{F053C368-5458-45B2-9B4D-D8914BDDDBFF}" = (no title provided) -> {HKLM...CLSID} = "TextAloud" \InProcServer32\(Default) = "C:\PROGRA~1\TEXTAL~1\TAForIE.dll" [empty string]"{85F685C3-20D9-4943-95E4-EB4224056C3F}" = "Expressivo" -> {HKLM...CLSID} = "Expressivo" \InProcServer32\(Default) = "C:\Program Files\ivo\Expressivo\integr\ih-iexplorer\IH_iexplorer.dll" ["IVO Software Sp. z o.o."]Explorer BarsHKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\HKLM\SOFTWARE\Classes\CLSID\{F053C368-5458-45B2-9B4D-D8914BDDDBFF}\(Default) = "TextAloud"Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]InProcServer32\(Default) = "C:\PROGRA~1\TEXTAL~1\TAForIE.dll" [empty string]HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Badanie"Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS]Extensions (Tools menu items, main toolbar menu buttons)HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}\"ButtonText" = "Badanie"{D18A0B52-D63C-4ED0-AFC6-C1E3DC1AF43A}\"ButtonText" = "BitComet""Script" = "res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206" ["BitComet"]{E2E2DD38-D088-4134-82B7-F2BA38496583}\"MenuText" = "@xpsp3res.dll,-20001""Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]Miscellaneous IE Hijack Points------------------------------HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\<<H>> "{08C06D61-F1F3-4799-86F8-BE1A89362C85}" = (no title provided) -> {HKLM...CLSID} = "Search Class" \InProcServer32\(Default) = "C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL" [empty string]Running Services (Display Name, Service Name, Path {Service DLL}):------------------------------------------------------------------AVG Free8 E-mail Scanner, avg8emc, "C:\PROGRA~1\AVG\AVG8\avgemc.exe" ["AVG Technologies CZ, s.r.o."]AVG Free8 WatchDog, avg8wd, "C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe" ["AVG Technologies CZ, s.r.o."]France Telecom Routing Table Service, FTRTSVC, "C:\WINDOWS\System32\FTRTSVC.exe" ["France Telecom"]Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS]NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]PnkBstrA, PnkBstrA, "C:\WINDOWS\system32\PnkBstrA.exe" [null data]PnkBstrB, PnkBstrB, "C:\WINDOWS\system32\PnkBstrB.exe" [null data]ServiceLayer, ServiceLayer, ""C:\Program Files\PC Connectivity Solution\ServiceLayer.exe"" ["Nokia."]Windows Driver Foundation - User-mode Driver Framework, WudfSvc, "C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup" {"C:\WINDOWS\System32\WUDFSvc.dll" [MS]}Windows Presentation Foundation Font Cache 3.0.0.0, FontCache3.0.0.0, "C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe" [MS]Print Monitors:---------------HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\hpzsnt07\Driver = "hpzsnt07.dll" ["HP"]Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]---------- (launch time: 2008-12-26 21:39:30)<<!>>: Suspicious data at a malware launch point.<<H>>: Suspicious data at a browser hijack point.+ This report excludes default entries except where indicated.+ To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter.+ The search for DESKTOP.INI DLL launch points on all local fixed drives took 66 seconds.---------- (total run time: 87 seconds)
Mateusz J. komentarz 27 grudnia 2008 komentarz 27 grudnia 2008 Pobierz ComboFix, do notatnika wklej: File::C:\DOCUME~1\MODY~1\USTAWI~1\Temp\yyy4438.exeRegistry::[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"MSFox"=- W notatniku zakladka Plik ==> Zapisz jako ==> zapisz pod nazwą CFScript.txt i zapisz go w tym katalogu co ściągnięty i zapisany został combofix Na ikonę ComboFix przeciągasz zrobiony plik CFScript.txt Tak jak na obrazku: Rozpocznie się usuwanie i powstanie log , który pokazujesz na forum.
mlodymce komentarz 27 grudnia 2008 komentarz 27 grudnia 2008 a wiec zrobilem tak jak napisales i powstal o to taki log w combofix'ie: ComboFix 08-12-26.03 - Młody 2008-12-27 14:47:17.1 - NTFSx86Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.2046.1471 [GMT 1:00]Uruchomiony z: c:\documents and settings\Młody\Pulpit\ComboFix.exeUżyto następujących komend :: c:\documents and settings\Młody\Pulpit\CFScript.txtAV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated) * Utworzono nowy punkt przywracaniaFILE ::c:\docume~1\MODY~1\USTAWI~1\Temp\yyy4438.exe.((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))).c:\docume~1\MODY~1\USTAWI~1\Temp\yyy4438.exec:\program files\myglobalsearchc:\program files\myglobalsearch\bar\History\searchc:\windows\system32\msxml71.dllc:\windows\system32\setup.ini.((((((((((((((((((((((((( Pliki utworzone od 2008-11-27 do 2008-12-27 ))))))))))))))))))))))))))))))).2008-12-26 21:08 . 2008-12-26 21:08 <DIR> d--h----- c:\windows\system32\GroupPolicy2008-12-26 20:11 . 2008-12-26 20:11 <DIR> d-------- c:\program files\Trend Micro2008-12-26 15:08 . 2008-12-26 15:08 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\CrucialSoft Ltd2008-12-23 23:43 . 2008-12-23 23:48 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\NexonEU2008-12-11 21:37 . 2008-12-11 21:37 42,320 --a------ c:\windows\system32\xfcodec.dll2008-12-11 17:02 . 2008-12-11 17:02 <DIR> d-------- c:\windows\system32\xlive2008-12-11 17:02 . 2008-12-11 17:20 <DIR> d-------- c:\program files\Microsoft Games for Windows - LIVE2008-12-11 16:40 . 2008-12-11 16:40 <DIR> d-------- c:\program files\MSBuild2008-12-11 16:38 . 2008-12-11 16:38 <DIR> d-------- c:\windows\system32\XPSViewer2008-12-11 16:38 . 2008-12-11 16:38 <DIR> d-------- c:\program files\Reference Assemblies2008-12-11 16:37 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll2008-12-11 16:35 . 2008-12-11 16:42 <DIR> d-------- c:\program files\Rockstar Games2008-12-11 16:22 . 2008-12-11 16:22 <DIR> dr-h----- c:\documents and settings\Młody\Dane aplikacji\SecuROM2008-12-11 16:22 . 2008-12-11 16:22 <DIR> dr-h----- c:\documents and settings\Młody\Dane aplikacji\SecuROM2008-12-11 16:22 . 2008-12-11 16:22 <DIR> dr-h----- c:\documents and settings\Młody\Dane aplikacji\SecuROM2008-12-11 16:22 . 2008-12-11 16:22 107,888 --a------ c:\windows\system32\CmdLineExt.dll2008-11-28 19:13 . 2008-11-28 19:13 <DIR> d-------- c:\program files\Hamachi2008-11-28 19:13 . 2008-12-09 11:16 <DIR> d-------- c:\documents and settings\Młody\Dane aplikacji\Hamachi2008-11-28 19:13 . 2008-12-09 11:16 <DIR> d-------- c:\documents and settings\Młody\Dane aplikacji\Hamachi2008-11-28 19:13 . 2008-12-09 11:16 <DIR> d-------- c:\documents and settings\Młody\Dane aplikacji\Hamachi2008-11-28 19:13 . 2008-11-28 19:13 25,280 --a------ c:\windows\system32\drivers\hamachi.sys2008-11-28 15:10 . 2008-12-22 19:28 122 --a------ c:\windows\WA.INI2008-11-28 15:05 . 2008-11-28 15:05 1,594,540 --a------ c:\windows\WANEUninstaller.exe2008-11-28 15:03 . 2008-11-28 15:03 <DIR> d-------- C:\Games2008-11-28 14:54 . 2008-07-08 02:07 9,084,053 -ra------ c:\windows\gorgoroth_screensaver_audioversion.scr.(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-12-27 13:48 --------- d-----w c:\documents and settings\Młody\Dane aplikacji\DNA2008-12-27 13:48 --------- d-----w c:\documents and settings\Młody\Dane aplikacji\DNA2008-12-27 13:48 --------- d-----w c:\documents and settings\Młody\Dane aplikacji\DNA2008-12-27 12:58 --------- d-----w c:\program files\neostrada tp2008-12-26 20:10 187,536 ----a-w c:\windows\system32\PnkBstrB.exe2008-12-26 20:10 138,384 ----a-w c:\windows\system32\drivers\PnkBstrK.sys2008-12-26 18:34 --------- d-----w c:\documents and settings\Młody\Dane aplikacji\Ahead2008-12-26 18:34 --------- d-----w c:\documents and settings\Młody\Dane aplikacji\Ahead2008-12-26 18:34 --------- d-----w c:\documents and settings\Młody\Dane aplikacji\Ahead2008-12-19 23:22 70,968 ----a-w c:\windows\system32\PnkBstrA.exe2008-12-17 14:26 --------- d-----w c:\program files\Xfire2008-12-11 15:42 --------- d--h--w c:\program files\InstallShield Installation Information2008-11-25 19:12 --------- d-----w c:\program files\ALLPlayer2008-11-25 19:11 --------- d-----w c:\program files\NAPI-PROJEKT2008-11-25 19:04 --------- d-----w c:\program files\ivo2008-11-25 19:04 --------- d-----w c:\documents and settings\Młody\Dane aplikacji\Expressivo2008-11-25 19:04 --------- d-----w c:\documents and settings\Młody\Dane aplikacji\Expressivo2008-11-25 19:04 --------- d-----w c:\documents and settings\Młody\Dane aplikacji\Expressivo2008-11-23 19:58 --------- d-----w c:\program files\TextAloud2008-11-22 17:53 --------- d-----w c:\documents and settings\Młody\Dane aplikacji\Leadertech2008-11-22 17:53 --------- d-----w c:\documents and settings\Młody\Dane aplikacji\Leadertech2008-11-22 17:53 --------- d-----w c:\documents and settings\Młody\Dane aplikacji\Leadertech2008-11-17 14:45 22,328 ----a-w c:\documents and settings\Młody\Dane aplikacji\PnkBstrK.sys2008-11-17 14:45 22,328 ----a-w c:\documents and settings\Młody\Dane aplikacji\PnkBstrK.sys2008-11-17 14:45 22,328 ----a-w c:\documents and settings\Młody\Dane aplikacji\PnkBstrK.sys2008-11-17 14:44 682,280 ----a-w c:\windows\system32\pbsvc.exe2008-11-10 17:24 --------- d-----w c:\documents and settings\Młody\Dane aplikacji\gtk-2.02008-11-10 17:24 --------- d-----w c:\documents and settings\Młody\Dane aplikacji\gtk-2.02008-11-10 17:24 --------- d-----w c:\documents and settings\Młody\Dane aplikacji\gtk-2.02008-11-01 00:09 --------- d-----w c:\program files\Gadu-Gadu2008-10-31 12:51 --------- d-----w c:\program files\Picasa22008-10-31 12:51 --------- d-----w c:\program files\Google2008-10-30 15:31 --------- d-----w c:\program files\AGEIA Technologies2008-10-30 15:30 --------- d-----w c:\program files\Common Files\Wise Installation Wizard2008-10-28 16:41 14,303,392 ----a-w c:\windows\system32\xlive.dll2008-10-28 16:41 13,643,936 ----a-w c:\windows\system32\xlivefnt.dll2008-10-02 09:07 453,152 ----a-w c:\windows\system32\NVUNINST.EXE2008-09-11 18:47 16,384 --sha-w c:\windows\system32\config\systemprofile\Cookies\index.dat2008-09-11 18:47 32,768 --sha-w c:\windows\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat2008-09-11 18:47 32,768 --sha-w c:\windows\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\MSHist012008091120080912\index.dat2008-09-11 18:47 32,768 --sha-w c:\windows\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat.((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-09-17 289088]"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 139264]"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280]"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-08-11 1124352]"Expressivo"="c:\program files\ivo\Expressivo\expressivo.exe" [2007-10-15 1970176]"RGSC"="c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2008-12-13 306088][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"WOOWATCH"="c:\progra~1\NEOSTR~1\Watch.exe" [2004-08-23 20480]"WOOTASKBARICON"="c:\progra~1\NEOSTR~1\GestMaj.exe" [2004-10-14 32768]"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-12-01 1261336]"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-14 171520]"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 c:\windows\RTHDCPL.exe]"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]"AdslTaskBar"="stmctrl.dll" [2006-06-02 c:\windows\system32\stmctrl.dll]"nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]"nltide_2"="shell32" [X][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]"AppInit_DLLs"=avgrsstx.dll[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"vidc.I420"= i263_32.drv"VIDC.XFR1"= xfcodec.dll[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]--a------ 2008-01-11 21:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X Configure]-r------- 2006-10-30 13:44 1953792 c:\windows\system32\JMRaidSetup.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]-r------- 2006-10-30 13:44 36864 c:\windows\JM\JMInsIDE.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]--a------ 2008-10-07 13:33 13574144 c:\windows\system32\nvcpl.dll[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]--a------ 2008-10-07 13:33 86016 c:\windows\system32\nvmctray.dll[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]--a------ 2008-10-07 13:33 1630208 c:\windows\system32\nwiz.exe[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"="c:\\Program Files\\AVG\\AVG8\\avgupd.exe"="c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"="e:\\Gry\\S.T.A.L.K.E.R\\bin\\xrEngine.exe"="e:\\Gry\\S.T.A.L.K.E.R\\bin\\dedicated\\xrEngine.exe"="c:\\WINDOWS\\system32\\sessmgr.exe"="c:\\Program Files\\Xfire\\xfire.exe"="f:\\Call of Duty 4\\iw3mp.exe"="e:\gry\CA\Combat Arms EU\CombatArms.exe"= e:\gry\CA\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe"e:\gry\CA\Combat Arms EU\Engine.exe"= e:\gry\CA\Combat Arms EU\Engine.exe:*Enabled:Engine.exe"f:\\Call of Duty 5\\CoDWaWmp.exe"="f:\\Call of Duty 5\\CoDWaW.exe"="c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"="c:\\Documents and Settings\\All Users\\Dane aplikacji\\NexonUS\\NGM\\NGM.exe"="c:\\Documents and Settings\\All Users\\Dane aplikacji\\NexonEU\\NGM\\NGM.exe"="e:\\Gry\\CA\\Combat Arms EU\\NMService.exe"="c:\\WINDOWS\\system32\\PnkBstrA.exe"="c:\\WINDOWS\\system32\\PnkBstrB.exe"="c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"="c:\\Program Files\\DNA\\btdna.exe"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"13028:TCP"= 13028:TCP:*:Disabled:BitComet 13028 TCP"13028:UDP"= 13028:UDP:*:Disabled:BitComet 13028 UDP"23341:TCP"= 23341:TCP:BitComet 23341 TCP"23341:UDP"= 23341:UDP:BitComet 23341 UDPR1 appdrv01;Application Driver (01);c:\windows\system32\Drivers\appdrv01.sys [2008-09-12 2915944]R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-09-11 97928]R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-09-11 875288]R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-09-11 231704]R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-09-11 76040]R3 Stmatm;ATM/ADSL miniport;c:\windows\system32\DRIVERS\stmatm.sys [2008-09-11 60255]R3 TaurusUsb;ADSL Modem USB Service;c:\windows\system32\DRIVERS\torususb.sys [2008-09-11 684265]S2 appdrvrem01;Application Driver Auto Removal Service (01);c:\windows\System32\appdrvrem01.exe svc []*Newly Created Service* - PROCEXP90.Zawartość folderu 'Zaplanowane zadania'2008-12-21 c:\windows\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1222009905.job- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2004-06-16 17:06].- - - - USUNIĘTO PUSTE WPISY - - - -HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exeMSConfigStartUp-417579835 - c:\documents and settings\All Users\Application Data\1387990655\417579835.exeMSConfigStartUp-Cognac - c:\docume~1\MODY~1\USTAWI~1\Temp\~tmpb.exeMSConfigStartUp-nTrayFw - c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe.------- Skan uzupełniający -------.uStart Page = hxxp://google.atcomet.com/b/uDefault_Search_URL = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search?q=%sIE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htmIE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htmIE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htmIE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000IE: { - c:\program files\Messenger\msmsgs.exeLSP: %SystemRoot%\system32\PrxerDrv.dllTCP: {1444A18F-3C05-4C0C-B0EF-7E432813FF18} = 194.204.159.1 217.98.63.164FF - ProfilePath - c:\documents and settings\Młody\Dane aplikacji\Mozilla\Firefox\Profiles\os6hsoyt.default\FF - prefs.js: browser.startup.homepage - hxxp://google.plFF - component: c:\documents and settings\Młody\Dane aplikacji\Mozilla\Firefox\Profiles\os6hsoyt.default\extensions\bkmrksync@nokia.com\components\BkMrkExt.dllFF - plugin: c:\documents and settings\All Users\Dane aplikacji\NexonEU\NGM\npNxGameeu.dllFF - plugin: c:\documents and settings\All Users\Dane aplikacji\NexonUS\NGM\npNxGameUS.dllFF - plugin: c:\program files\Java\j2re1.4.0_03\bin\NPJava11.dllFF - plugin: c:\program files\Java\j2re1.4.0_03\bin\NPJava12.dllFF - plugin: c:\program files\Java\j2re1.4.0_03\bin\NPJava13.dllFF - plugin: c:\program files\Java\j2re1.4.0_03\bin\NPJava32.dllFF - plugin: c:\program files\Java\j2re1.4.0_03\bin\NPJPI140_03.dllFF - plugin: c:\program files\Java\j2re1.4.0_03\bin\NPOJI610.dllFF - plugin: c:\program files\Picasa2\npPicasa2.dll.**************************************************************************catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-12-27 14:48:03Windows 5.1.2600 Dodatek Service Pack 3 NTFSskanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ...skanowanie ukrytych plików ... skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************.--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------- - - - - - - > 'winlogon.exe'(628)c:\windows\system32\avgrsstx.dll- - - - - - - > 'lsass.exe'(716)c:\windows\system32\avgrsstx.dll.Czas ukończenia: 2008-12-27 14:48:31ComboFix-quarantined-files.txt 2008-12-27 13:48:22Przed: 19 545 710 592 bajtów wolnychPo: 19,558,711,296 bajtów wolnychWindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe[boot loader]timeout=2default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS[operating systems]c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdconsmulti(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect237
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.