Knoxville utworzono 15 stycznia 2009 utworzono 15 stycznia 2009 Mam problem z wirusem Worm:Win32/Bagle.gen!C. Windows defender wyświetlił informację że wykrył wirusa 4 zainfekowane pliki, ale nie może ich usunąć. Przeskanowałem cały dysk skaner online Panda Active Scan i nic nie wykryl potem skanerem online NOD32 i też nic nie wykryl i przeskanowalem jeszcze antywirusem VIPRE ktora mam w bazie tego wirusa ale rowniez nic nie wykrył Prosiłbym o sprawdzenie logów Z góry dzięki za pomoc Logi z hijacka oraz combofixa Logfile of Trend Micro HijackThis v2.0.2Scan saved at 16:21:47, on 2009-01-15Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18000)Boot mode: NormalRunning processes:C:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Gadu-Gadu\gg.exeC:\Windows\System32\notepad.exeC:\Program Files\VideoLAN\VLC\vlc.exeC:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Windows\system32\taskeng.exeC:\Windows\Explorer.exeC:\Users\Marek\Desktop\HiJackThis\HijackThis.exeC:\Windows\system32\DllHost.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhostO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dllO4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exeO4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA SIECIOWA')O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (User 'Default user')O8 - Extra context menu item: Zapisz &obraz używając Flash and Media Capture - res://C:\Program Files\Common Files\MetaProducts\FMCapt.dll/saveimg.htmO8 - Extra context menu item: Zapisz pliki &medi?&medi?&medi?żywając Flash and Media Capture - res://C:\Program Files\Common Files\MetaProducts\FMCapt.dll/savemedia.htmO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra button: eBay - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/4908-44618-9400-3/4 (file missing)O9 - Extra button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redirect-home?tag=Toshibaukbholink-21&site=home (file missing)O13 - Gopher Prefix: O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://prerelease.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cabO16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://arcaonline.arcabit.com/ArcaOnline.cabO16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabO23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exeO23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exeO23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\Windows\system32\rpcnet.exeO23 - Service: VIPRE Antivirus + Antispyware (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exeO23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exeO23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exeO23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exeO23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exeO23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exeO23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe--End of file - 5401 bytes COMBOFIX ComboFix 09-01-13.04 - Marek 2009-01-15 16:48:51.1 - NTFSx86Microsoft? Windows Vista? Home Premium 6.0.6001.1.1250.1.1045.18.3070.2259 [GMT 1:00]Uruchomiony z: c:\users\Marek\Desktop\ComboFix.exe.((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))).c:\users\Marek\AppData\Roaming\inst.exec:\windows\system32\TDSSerrors.log.((((((((((((((((((((((((( Pliki utworzone od 2008-12-15 do 2009-01-15 ))))))))))))))))))))))))))))))).2009-01-15 14:05 . 2009-01-15 14:05 <DIR> d-------- c:\program files\MSXML 4.02009-01-15 03:29 . 2009-01-15 03:29 89 --a------ c:\users\Marek\AppData\Roaming\netstat.bat2009-01-15 02:22 . 2009-01-15 02:22 <DIR> d-------- c:\users\Marek\AppData\Roaming\Sunbelt2009-01-15 02:22 . 2009-01-15 02:22 <DIR> d-------- c:\users\All Users\Sunbelt2009-01-15 02:22 . 2009-01-15 02:22 <DIR> d-------- c:\programdata\Sunbelt2009-01-15 02:21 . 2009-01-15 02:21 <DIR> d-------- c:\program files\Sunbelt Software2009-01-15 02:21 . 2008-10-09 10:21 202,928 --a------ c:\windows\System32\drivers\sbtis.sys2009-01-15 00:22 . 2009-01-15 00:22 524,288 --ahs---- C:\ntuser.dat{d6a01e39-e28b-11dd-8507-00037aae77db}.TMContainer00000000000000000002.regtrans-ms2009-01-15 00:22 . 2009-01-15 00:23 524,288 --ahs---- C:\ntuser.dat{d6a01e39-e28b-11dd-8507-00037aae77db}.TMContainer00000000000000000001.regtrans-ms2009-01-15 00:22 . 2009-01-15 00:22 524,288 --ahs---- C:\ntuser.dat{d6a01e2d-e28b-11dd-8507-00037aae77db}.TMContainer00000000000000000002.regtrans-ms2009-01-15 00:22 . 2009-01-15 00:22 524,288 --ahs---- C:\ntuser.dat{d6a01e2d-e28b-11dd-8507-00037aae77db}.TMContainer00000000000000000001.regtrans-ms2009-01-15 00:22 . 2009-01-15 00:23 65,536 --ahs---- C:\ntuser.dat{d6a01e39-e28b-11dd-8507-00037aae77db}.TM.blf2009-01-15 00:22 . 2009-01-15 00:22 65,536 --ahs---- C:\ntuser.dat{d6a01e2d-e28b-11dd-8507-00037aae77db}.TM.blf2009-01-14 23:03 . 2009-01-14 23:03 524,288 --ahs---- C:\ntuser.dat{66853be4-e277-11dd-9b2d-dad3f0b40c26}.TMContainer00000000000000000002.regtrans-ms2009-01-14 23:03 . 2009-01-14 23:17 524,288 --ahs---- C:\ntuser.dat{66853be4-e277-11dd-9b2d-dad3f0b40c26}.TMContainer00000000000000000001.regtrans-ms2009-01-14 23:03 . 2009-01-14 23:03 524,288 --ahs---- C:\ntuser.dat{66853bd8-e277-11dd-9b2d-dad3f0b40c26}.TMContainer00000000000000000002.regtrans-ms2009-01-14 23:03 . 2009-01-14 23:03 524,288 --ahs---- C:\ntuser.dat{66853bd8-e277-11dd-9b2d-dad3f0b40c26}.TMContainer00000000000000000001.regtrans-ms2009-01-14 23:03 . 2009-01-14 23:17 65,536 --ahs---- C:\ntuser.dat{66853be4-e277-11dd-9b2d-dad3f0b40c26}.TM.blf2009-01-14 23:03 . 2009-01-14 23:03 65,536 --ahs---- C:\ntuser.dat{66853bd8-e277-11dd-9b2d-dad3f0b40c26}.TM.blf2009-01-14 23:03 . 2009-01-15 00:23 5,120 --ah----- C:\ntuser.dat.LOG12009-01-14 23:03 . 2009-01-15 00:22 0 --ah----- C:\ntuser.dat.LOG22009-01-14 21:22 . 2009-01-14 22:00 <DIR> d-------- c:\program files\EsetOnlineScanner2009-01-14 20:07 . 2009-01-14 20:07 298 --a------ c:\windows\System32\MRT.INI2009-01-14 19:54 . 2008-12-16 03:42 288,768 --a------ c:\windows\System32\drivers\srv.sys2009-01-13 01:04 . 2009-01-13 01:04 <DIR> d-------- c:\program files\AMS Photo Effects2009-01-12 19:04 . 2009-01-12 19:04 <DIR> d-------- c:\program files\OO Software2009-01-11 18:23 . 2006-11-02 11:23 <DIR> dr------- c:\users\Mcx1\Videos2009-01-11 18:23 . 2006-11-02 11:23 <DIR> d-------- c:\users\Mcx1\Saved Games2009-01-11 18:23 . 2006-11-02 11:23 <DIR> dr------- c:\users\Mcx1\Pictures2009-01-11 18:23 . 2006-11-02 11:23 <DIR> dr------- c:\users\Mcx1\Music2009-01-11 18:23 . 2006-11-02 11:23 <DIR> dr------- c:\users\Mcx1\Links2009-01-11 18:23 . 2006-11-02 11:23 <DIR> dr------- c:\users\Mcx1\Downloads2009-01-11 18:23 . 2009-01-11 18:23 <DIR> dr------- c:\users\Mcx1\Documents2009-01-11 18:23 . 2009-01-11 18:23 <DIR> d--h----- c:\users\Mcx1\AppData2009-01-11 18:23 . 2009-01-11 18:23 <DIR> d-------- c:\users\Mcx12009-01-09 16:26 . 2009-01-13 23:51 <DIR> d-------- c:\users\Marek\AppData\Roaming\GrabIt2009-01-09 16:23 . 2009-01-09 16:23 <DIR> d-------- c:\program files\GrabIt2009-01-08 11:15 . 1997-06-06 15:52 11,264 --a------ c:\windows\System32\SPORDER.DLL2009-01-07 18:12 . 2009-01-07 18:12 <DIR> d-------- c:\users\All Users\NewsBin2009-01-07 18:12 . 2009-01-07 18:12 <DIR> d-------- c:\programdata\NewsBin2009-01-06 19:44 . 2009-01-13 17:19 <DIR> d-------- c:\program files\abgx3602009-01-04 18:48 . 2009-01-05 17:37 <DIR> d-------- c:\users\Marek\AppData\Roaming\ImgBurn2009-01-04 18:48 . 2009-01-04 18:48 <DIR> d-------- c:\program files\ImgBurn2009-01-04 00:52 . 2009-01-04 00:52 <DIR> d-------- c:\program files\AVOne2009-01-03 16:12 . 2009-01-03 16:12 <DIR> d-------- c:\program files\MagicEffect Photo Editor 20092008-12-29 01:25 . 2009-01-13 22:52 <DIR> d-------- c:\users\Marek\AppData\Roaming\MagicEffect Photo2008-12-27 22:10 . 2008-12-27 22:10 <DIR> d-------- c:\program files\Boilsoft Video Joiner2008-12-20 16:35 . 2008-12-24 11:45 142,096 --a------ c:\windows\System32\drivers\tmcomm.sys2008-12-20 16:33 . 2008-12-20 16:33 <DIR> d-------- c:\windows\System32\HouseCall 6.62008-12-20 16:33 . 2008-12-20 18:16 <DIR> d-------- c:\users\Marek\AppData\Roaming\HouseCall 6.62008-12-20 16:32 . 2008-12-20 16:32 <DIR> d-------- c:\windows\Sun2008-12-19 22:24 . 2008-12-19 22:29 <DIR> d-------- c:\program files\Alchemy Mindworks2008-12-19 22:24 . 1999-03-15 16:39 212,992 --a------ c:\windows\ALCHUNIN.EXE2008-12-19 22:23 . 2008-12-19 22:29 <DIR> d-------- c:\users\Marek\AppData\Roaming\Alchemy Mindworks.(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-01-15 13:00 47,104 ----a-w c:\windows\System32\rpcnet.dll2009-01-15 13:00 17,408 ----a-w c:\windows\System32\rpcnetp.exe2009-01-14 19:28 --------- d-----w c:\program files\Panda Security2009-01-14 19:07 --------- d-----w c:\program files\Windows Mail2009-01-14 18:54 --------- d-----w c:\users\Marek\AppData\Roaming\uTorrent2009-01-12 17:31 --------- d-----w c:\users\Marek\AppData\Roaming\Vso2009-01-11 00:31 --------- d---a-w c:\programdata\TEMP2009-01-10 19:27 --------- d-----w c:\users\Marek\AppData\Roaming\Thinstall2009-01-10 11:02 --------- d-----w c:\users\Marek\AppData\Roaming\dvdcss2009-01-06 13:07 --------- d-----w c:\program files\Flash Particle Studio 1.02009-01-03 23:52 --------- d--h--w c:\program files\InstallShield Installation Information2008-12-21 09:30 --------- d-----w c:\program files\Opera2008-12-20 15:26 --------- d-----w c:\programdata\Ulead Systems2008-12-20 15:26 --------- d-----w c:\program files\Corel2008-12-09 19:39 --------- d-----w c:\program files\Picture Resize Genius2008-12-09 16:06 --------- d-----w c:\programdata\Kaspersky Lab Setup Files2008-12-09 11:13 --------- d-----w c:\programdata\McAfee2008-12-04 21:13 94,208 ----a-w c:\windows\System32\Momo.dll2008-12-04 21:13 626,688 ----a-w c:\windows\System32\msvcr80.dll2008-12-04 21:13 548,864 ----a-w c:\windows\System32\msvcp80.dll2008-12-04 21:13 491,520 ----a-w c:\windows\System32\picn.dll2008-12-04 21:13 49,152 ----a-w c:\windows\System32\DevFilt.dll2008-12-04 21:13 208,896 ----a-w c:\windows\System32\Image.dll2008-12-04 21:13 1,560,576 ----a-w c:\windows\System32\MainOp.dll2008-12-04 21:13 1,327,104 ----a-w c:\windows\System32\ImageReog.dll2008-12-04 21:12 94,208 ----a-w c:\windows\System32\ApBlend.dll2008-12-04 21:12 622,592 ----a-w c:\windows\System32\PicNotify.dll2008-12-04 21:12 5,632 ----a-w c:\windows\System32\biologon.dll2008-12-04 21:12 126,976 ----a-w c:\windows\System32\VideoOp.dll2008-11-23 21:50 --------- d-----w c:\program files\Real Alternative2008-11-21 21:54 --------- d-----w c:\program files\AoA Audio Extractor2008-11-21 21:51 --------- d-----w c:\users\Marek\AppData\Roaming\Audacity2008-11-18 23:13 --------- d--h--w c:\users\Marek\AppData\Roaming\FVSTemp2008-11-18 18:52 --------- d-----w c:\users\Marek\AppData\Roaming\InfraRecorder2008-11-17 14:40 3,668,480 ----a-w c:\windows\system32\drivers\NETw5v32.sys2008-11-16 18:34 --------- d-----w c:\program files\Google2008-11-16 15:46 --------- d-----w c:\programdata\Media Center Programs2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll2008-11-01 03:44 28,672 ----a-w c:\windows\System32\Apphlpdm.dll2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll2008-11-01 01:21 4,240,384 ----a-w c:\windows\System32\GameUXLegacyGDFs.dll2008-10-29 06:29 2,927,104 ----a-w c:\windows\explorer.exe2008-10-28 15:28 65,320 ----a-w c:\windows\System32\sbbd.exe2008-10-22 03:57 241,152 ----a-w c:\windows\System32\PortableDeviceApi.dll2008-10-22 01:22 2,048 ----a-w c:\windows\System32\tzres.dll2008-10-21 05:25 296,960 ----a-w c:\windows\System32\gdi32.dll2008-10-21 05:25 1,645,568 ----a-w c:\windows\System32\connect.dll2008-10-16 21:13 1,809,944 ----a-w c:\windows\System32\wuaueng.dll2008-10-16 21:12 561,688 ----a-w c:\windows\System32\wuapi.dll2008-10-16 21:09 51,224 ----a-w c:\windows\System32\wuauclt.exe2008-10-16 21:09 43,544 ----a-w c:\windows\System32\wups2.dll2008-10-16 21:08 34,328 ----a-w c:\windows\System32\wups.dll2008-10-16 20:56 1,524,736 ----a-w c:\windows\System32\wucltux.dll2008-10-16 20:55 83,456 ----a-w c:\windows\System32\wudriver.dll2008-10-16 13:08 162,064 ----a-w c:\windows\System32\wuwebv.dll2008-10-16 12:56 31,232 ----a-w c:\windows\System32\wuapp.exe2008-10-16 04:47 827,392 ----a-w c:\windows\System32\wininet.dll2008-09-13 18:02 47,360 ----a-w c:\users\Marek\AppData\Roaming\pcouffin.sys2008-08-01 11:57 55 ----a-w c:\program files\Profile Picture GeniusPPG.url2008-07-19 04:21 174 --sha-w c:\program files\desktop.ini2006-11-02 12:36 150,016 ----a-w c:\program files\MOVIEMK.exe2008-12-20 00:11 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll2008-12-20 00:11 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll2008-12-20 00:11 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll2008-12-20 00:11 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll2008-12-20 00:11 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll2008-10-14 01:22 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008101420081015\index.dat.((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2007-12-29 430080][HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"EnableUIADesktopToggle"= 0 (0x0)[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"msacm.l3acm"= l3codecp.acm[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]@="Service"[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnkbackup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartupbackupExtension=.CommonStartup[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnkbackup=c:\windows\pss\Adobe Reader Synchronizer.lnk.CommonStartupbackupExtension=.CommonStartup[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Manager.lnk]path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnkbackup=c:\windows\pss\Bluetooth Manager.lnk.CommonStartupbackupExtension=.CommonStartup[HKLM\~\startupfolder\C:^Users^Marek^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Easy CD-DA Extractor Pro Updater.exe]path=c:\users\Marek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Easy CD-DA Extractor Pro Updater.exebackup=c:\windows\pss\Easy CD-DA Extractor Pro Updater.exe.StartupbackupExtension=.Startup[HKLM\~\startupfolder\C:^Users^Marek^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk]path=c:\users\Marek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnkbackup=c:\windows\pss\MagicDisc.lnk.StartupbackupExtension=.Startup[HKLM\~\startupfolder\C:^Users^Marek^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^TRDCReminder.lnk]path=c:\users\Marek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnkbackup=c:\windows\pss\TRDCReminder.lnk.StartupbackupExtension=.Startup[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\[u]0[/u]0TCrdMain]--a------ 2008-01-22 13:25 712704 c:\program files\Toshiba\FlashCards\TCrdMain.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software]--a------ 2007-10-25 16:41 413696 c:\program files\Camera Assistant Software for Toshiba\traybar.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Desktop SMS]--a------ 2007-06-18 10:51 1507328 c:\program files\IDM\Desktop SMS\DesktopSMS.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]--a------ 2008-01-19 08:33 125952 c:\windows\ehome\ehtray.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HSON]--a------ 2007-10-31 22:01 54608 c:\program files\Toshiba\TBS\HSON.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ITSecMng]--a------ 2007-09-28 16:03 75136 c:\program files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MRT]--a------ 2009-01-10 02:35 20853704 c:\windows\System32\mrt.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]--a------ 2008-05-27 09:50 413696 c:\program files\QuickTime\QTTask.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SBAMTray]--a------ 2008-10-28 16:30 955688 c:\program files\Sunbelt Software\VIPRE\SBAMTray.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]--a------ 2008-01-19 08:33 1233920 c:\program files\Windows Sidebar\sidebar.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]--a------ 2008-01-25 10:22 509816 c:\program files\Toshiba\SmoothView\SmoothView.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]--a------ 2006-11-10 11:35 90112 c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]--a------ 2007-09-25 01:11 132496 c:\program files\Java\jre1.6.0_03\bin\jusched.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]--a------ 2007-11-29 17:58 1029416 c:\program files\Synaptics\SynTP\SynTPEnh.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\toolbar_eula_launcher]--a------ 2008-02-20 17:55 21504 c:\tb_eula\EULALauncher.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\topi]--a------ 2007-07-10 09:24 581632 c:\program files\Toshiba\Toshiba Online Product Information\TOPI.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba Registration]--a------ 2007-05-04 11:05 571024 c:\program files\Toshiba\Registration\ToshibaRegistration.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPwrMain]--a------ 2008-01-17 15:27 431456 c:\program files\Toshiba\Power Saver\TPwrMain.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]--a------ 2008-01-19 08:38 1008184 c:\program files\Windows Defender\MSASCui.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]--a------ 2008-01-19 08:33 202240 c:\program files\Windows Media Player\wmpnscfg.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]--a------ 2007-08-30 16:43 4670704 c:\program files\Yahoo!\Messenger\YahooMessenger.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]--a------ 2008-01-19 08:36 2153472 c:\windows\System32\oobefldr.dll[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]"{7C6E4CC0-CFFB-42A6-8276-F5AC3025C18F}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger"{1B6D658B-AAA5-4794-97D5-64DD7CE49C7B}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger"{91AE0865-1D8D-434B-8153-D1ABEECC21F5}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server"{C69ACF71-B114-486F-96BB-3B1A06E4181A}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server"TCP Query User{75E025C9-58C0-404F-AB55-1B11739F0078}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent"UDP Query User{1735155A-2B9F-4A99-889E-CDED2C789AAE}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent"TCP Query User{83D80B14-4FE1-41E5-81FC-C8674BA1BC1E}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= UDP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger"UDP Query User{B09D070F-9BA1-41E3-BF54-926D9BC7C787}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= TCP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger"TCP Query User{21CFECE4-94B1-4966-B3D4-D45C8D6FF090}c:\\program files\\videolan\\vlc\\vlc.exe"= UDP:c:\program files\videolan\vlc\vlc.exe:VLC media player"UDP Query User{B0198644-4189-4435-91DF-2631CAD94265}c:\\program files\\videolan\\vlc\\vlc.exe"= TCP:c:\program files\videolan\vlc\vlc.exe:VLC media player"TCP Query User{788C7065-8189-433C-BE35-1F05FCF754A3}c:\\program files\\opera\\opera.exe"= UDP:c:\program files\opera\opera.exe:Opera Internet Browser"UDP Query User{F9503293-B756-407B-8708-0F629A2FD1CC}c:\\program files\\opera\\opera.exe"= TCP:c:\program files\opera\opera.exe:Opera Internet Browser"TCP Query User{9FA95899-4905-474C-B875-D59F2F81259C}c:\\users\\marek\\desktop\\emule v0.49b beba v2.1 beta2 no ratio\\emule 0.49a beta 3 beba 2.0 no ratio\\emule.exe"= Disabled:UDP:c:\users\marek\desktop\emule v0.49b beba v2.1 beta2 no ratio\emule 0.49a beta 3 beba 2.0 no ratio\emule.exe:emule.exe"UDP Query User{FC1F5E82-A127-45E0-A1D9-96A823E163E8}c:\\users\\marek\\desktop\\emule v0.49b beba v2.1 beta2 no ratio\\emule 0.49a beta 3 beba 2.0 no ratio\\emule.exe"= Disabled:TCP:c:\users\marek\desktop\emule v0.49b beba v2.1 beta2 no ratio\emule 0.49a beta 3 beba 2.0 no ratio\emule.exe:emule.exe"TCP Query User{40191B00-713A-4301-B711-AA2A0982D979}c:\\users\\marek\\desktop\\arabella_third_generation_49b_05.08.2008\\emule.exe"= Disabled:UDP:c:\users\marek\desktop\arabella_third_generation_49b_05.08.2008\emule.exe:emule.exe"UDP Query User{3212DBEF-D283-403E-8DEE-37128CEE735A}c:\\users\\marek\\desktop\\arabella_third_generation_49b_05.08.2008\\emule.exe"= Disabled:TCP:c:\users\marek\desktop\arabella_third_generation_49b_05.08.2008\emule.exe:emule.exe"TCP Query User{84CC8D46-2EBF-4FFA-954B-FD6EF3101B18}c:\\users\\marek\\desktop\\nrpg ratiomaster\\nrpg ratiomaster.exe"= Disabled:UDP:c:\users\marek\desktop\nrpg ratiomaster\nrpg ratiomaster.exe:nrpg ratiomaster.exe"UDP Query User{ACAB1484-E1C1-4603-A521-BD772F8DA0E2}c:\\users\\marek\\desktop\\nrpg ratiomaster\\nrpg ratiomaster.exe"= Disabled:TCP:c:\users\marek\desktop\nrpg ratiomaster\nrpg ratiomaster.exe:nrpg ratiomaster.exe"TCP Query User{55BE88D4-C1E7-40BA-848B-978E45025F00}c:\\program files\\proxy checker\\pcv7.exe"= Disabled:UDP:c:\program files\proxy checker\pcv7.exe:Proxy Checker v7.4"UDP Query User{D617ABF4-A074-4130-B32A-FEB091ADC592}c:\\program files\\proxy checker\\pcv7.exe"= Disabled:TCP:c:\program files\proxy checker\pcv7.exe:Proxy Checker v7.4"TCP Query User{D0ED7701-EE0A-45EA-9157-A34E9B0FCF72}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer"UDP Query User{D0270F4C-BA9E-4BFE-83F1-BC4DBD3D7C12}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer"{9922940B-A5E7-4CFF-A49D-2F459E7EC2F1}"= UDP:c:\program files\uTorrent\uTorrent.exe:?Torrent (TCP-In)"{A4322706-B288-4C3B-B026-3CA8C7866CFA}"= TCP:c:\program files\uTorrent\uTorrent.exe:?Torrent (UDP-In)"TCP Query User{B087176D-A894-429C-953E-65D279330BD4}c:\\users\\marek\\desktop\\emule_0.49b_alias_1.0a_bin\\emule.exe"= UDP:c:\users\marek\desktop\emule_0.49b_alias_1.0a_bin\emule.exe:emule.exe"UDP Query User{DAFE40E5-1C94-4DC3-A79C-2EF088543866}c:\\users\\marek\\desktop\\emule_0.49b_alias_1.0a_bin\\emule.exe"= TCP:c:\users\marek\desktop\emule_0.49b_alias_1.0a_bin\emule.exe:emule.exe"TCP Query User{A035E7F7-0DF7-4496-A1F4-C7237AC83220}c:\\users\\marek\\desktop\\emule_0.49b_rapcom_v.1.2_fix\\emule-0.49b-rapcom v.1.2-fix\\emule.exe"= UDP:c:\users\marek\desktop\emule_0.49b_rapcom_v.1.2_fix\emule-0.49b-rapcom v.1.2-fix\emule.exe:emule.exe"UDP Query User{A0E06B21-5B28-4F83-96BE-7C8AF3666ABE}c:\\users\\marek\\desktop\\emule_0.49b_rapcom_v.1.2_fix\\emule-0.49b-rapcom v.1.2-fix\\emule.exe"= TCP:c:\users\marek\desktop\emule_0.49b_rapcom_v.1.2_fix\emule-0.49b-rapcom v.1.2-fix\emule.exe:emule.exe"TCP Query User{E63472F1-F71E-40FB-BA90-337A4BF947BF}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:?Torrent"UDP Query User{E98452E8-AD79-495C-AC08-903726DF3121}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:?Torrent"TCP Query User{E353CB51-640D-471C-8CC8-427FF879463E}c:\\program files\\mirc\\mirc.exe"= UDP:c:\program files\mirc\mirc.exe:mIRC"UDP Query User{1C5550FD-724E-4B3F-B674-A64D204E76FF}c:\\program files\\mirc\\mirc.exe"= TCP:c:\program files\mirc\mirc.exe:mIRC"{C1F51F7D-468B-440A-B266-AC8F9566409D}"= UDP:e:\gra\S.T.A.L.K.E.R. - Clear Sky\bin\xrEngine.exe:S.T.A.L.K.E.R. - Clear Sky (CLI)"{86F7BD5B-8593-4232-A246-65E1753A7B97}"= TCP:e:\gra\S.T.A.L.K.E.R. - Clear Sky\bin\xrEngine.exe:S.T.A.L.K.E.R. - Clear Sky (CLI)"{72949CBB-8E2D-4477-B6AB-C1386F268E3D}"= UDP:e:\gra\S.T.A.L.K.E.R. - Clear Sky\bin\dedicated\xrEngine.exe:S.T.A.L.K.E.R. - Clear Sky (SRV)"{05B451F6-9FA7-4076-ADFF-2B1F2EBAEFBC}"= TCP:e:\gra\S.T.A.L.K.E.R. - Clear Sky\bin\dedicated\xrEngine.exe:S.T.A.L.K.E.R. - Clear Sky (SRV)"TCP Query User{AE6716E1-4D04-4AFC-A313-BCC631DEFC45}c:\\program files\\icq6\\icq.exe"= UDP:c:\program files\icq6\icq.exe:ICQ Library"UDP Query User{05503768-A03C-471B-8610-6FD3AC313E6F}c:\\program files\\icq6\\icq.exe"= TCP:c:\program files\icq6\icq.exe:ICQ Library"TCP Query User{E13449B2-E932-47F9-BDB3-D103B0FB0BED}c:\\program files\\proxy checker pro\\pcv7.exe"= UDP:c:\program files\proxy checker pro\pcv7.exe:Proxy Checker Pro v7.4"UDP Query User{BA96A320-44C6-4EAA-A00A-42FBA633726B}c:\\program files\\proxy checker pro\\pcv7.exe"= TCP:c:\program files\proxy checker pro\pcv7.exe:Proxy Checker Pro v7.4"TCP Query User{94B1462A-365D-41DB-B744-CAE3393FF360}e:\\new\\left 4 dead\\left4dead.exe"= UDP:e:\new\left 4 dead\left4dead.exe:left4dead"UDP Query User{20DC5E23-FBE9-48E6-BB18-4CDA2BD85617}e:\\new\\left 4 dead\\left4dead.exe"= TCP:e:\new\left 4 dead\left4dead.exe:left4dead"TCP Query User{75586670-04A7-4DBE-A66C-E5DC5902F28D}e:\\new\\left 4 dead\\left4dead.exe"= UDP:e:\new\left 4 dead\left4dead.exe:left4dead"UDP Query User{01F41FF2-CBA8-4155-96ED-3F29A32083D4}e:\\new\\left 4 dead\\left4dead.exe"= TCP:e:\new\left 4 dead\left4dead.exe:left4dead"TCP Query User{630C1CAB-9A02-450F-9A04-D54F3733FE5E}c:\\program files\\konami\\pro evolution soccer 2009\\pes2009.exe"= Disabled:UDP:c:\program files\konami\pro evolution soccer 2009\pes2009.exe:Pro Evolution Soccer 2009"UDP Query User{7AACFB57-FF89-4E2E-AF36-63D776A42741}c:\\program files\\konami\\pro evolution soccer 2009\\pes2009.exe"= Disabled:TCP:c:\program files\konami\pro evolution soccer 2009\pes2009.exe:Pro Evolution Soccer 2009"TCP Query User{C7854BF3-0EA3-496B-980D-6D4E002548B1}c:\\program files\\proxy checker pro\\pcv7.exe"= Disabled:UDP:c:\program files\proxy checker pro\pcv7.exe:Proxy Checker Pro v7.4"UDP Query User{256D369B-3165-4585-953F-9101C1737E78}c:\\program files\\proxy checker pro\\pcv7.exe"= Disabled:TCP:c:\program files\proxy checker pro\pcv7.exe:Proxy Checker Pro v7.4"TCP Query User{12116E3F-41E9-4E5A-A1CB-92F636C39E9C}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox"UDP Query User{213E95D2-E96F-4040-9FEE-A8F3D62BC295}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox"TCP Query User{ECF4A25C-7717-41A4-BE73-2EFDCA85341E}c:\\users\\marek\\desktop\\housecall66.exe"= UDP:c:\users\marek\desktop\housecall66.exe:housecall66.exe"UDP Query User{53D48FE0-7487-4D95-AE5F-3EE248FD7457}c:\\users\\marek\\desktop\\housecall66.exe"= TCP:c:\users\marek\desktop\housecall66.exe:housecall66.exe"TCP Query User{8F1153F1-4F04-4466-B054-3F9D8ED0E01B}c:\\users\\marek\\desktop\\nrpg ratiomaster\\nrpg ratiomaster.exe"= UDP:c:\users\marek\desktop\nrpg ratiomaster\nrpg ratiomaster.exe:nrpg ratiomaster.exe"UDP Query User{73CA2DED-F4A0-4344-837F-1151F75390B6}c:\\users\\marek\\desktop\\nrpg ratiomaster\\nrpg ratiomaster.exe"= TCP:c:\users\marek\desktop\nrpg ratiomaster\nrpg ratiomaster.exe:nrpg ratiomaster.exe"TCP Query User{DB938534-79AB-42AE-965A-A5EC3E2FCEA0}c:\\program files\\netscape\\navigator 9\\navigator.exe"= UDP:c:\program files\netscape\navigator 9\navigator.exe:Navigator"UDP Query User{2B1D6DFD-2C0A-4F07-9870-5EEBB99207F4}c:\\program files\\netscape\\navigator 9\\navigator.exe"= TCP:c:\program files\netscape\navigator 9\navigator.exe:NavigatorR1 sbtis;sbtis;c:\windows\System32\drivers\sbtis.sys [2009-01-15 202928]R3 CnxtHdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service;c:\windows\System32\drivers\CHDART.sys [2008-03-05 187904]R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [2008-11-17 3668480]R3 O2MDRDR;O2MDRDR;c:\windows\System32\drivers\o2media.sys [2008-01-15 48472]R3 QIOMem;Generic IO & Memory Access;c:\windows\System32\drivers\QIOMem.sys [2007-04-09 8192]R4 sbapifs;sbapifs;c:\windows\System32\drivers\sbapifs.sys [2008-09-12 69168]R4 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\Toshiba\SMARTLogService\TosIPCSrv.exe [2007-12-03 126976]S3 SBRE;SBRE;c:\windows\System32\drivers\SBREDrv.sys [2008-10-23 92464]S4 ConfigFree Service;ConfigFree Service;c:\program files\Toshiba\ConfigFree\CFSvcs.exe [2007-12-25 40960]S4 SBAMSvc;VIPRE Antivirus + Antispyware;c:\program files\Sunbelt Software\VIPRE\SBAMSvc.exe [2008-10-28 886056]--- Inne Uslugi/Sterowniki w Pamieci ---*NewlyCreated* - SBAMSVC*NewlyCreated* - SBAPIFS*NewlyCreated* - SBTIS.- - - - USUNIĘTO PUSTE WPISY - - - -MSConfigStartUp-AdobeUpdater - c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exeMSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exeMSConfigStartUp-ICQ - c:\program files\ICQ6\ICQ.exeMSConfigStartUp-iMeshInstall - c:\users\Marek\AppData\Local\Temp\NSMACC~1.EXEMSConfigStartUp-mcagent_exe - c:\program files\McAfee.com\Agent\mcagent.exeMSConfigStartUp-Octoshape Streaming Services - c:\users\Marek\AppData\Local\Octoshape\Octoshape Streaming Services\OctoshapeClient.exeMSConfigStartUp-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exeMSConfigStartUp-UVS12 Preload - c:\program files\Corel\Corel VideoStudio 12\uvPL.exeMSConfigStartUp-VeriFacePassManager - c:\program files\Lenovo\VeriFace\PManage.exeMSConfigStartUp-NDSTray - NDSTray.exe.------- Skan uzupełniający -------.uStart Page = hxxp://www.google.pl/IE: Zapisz &obraz używając Flash and Media Capture - c:\program files\Common Files\MetaProducts\FMCapt.dll/saveimg.htmIE: Zapisz pliki &medi?&medi?&medi?żywając Flash and Media Capture - c:\program files\Common Files\MetaProducts\FMCapt.dll/savemedia.htmIE: {{76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/4908-44618-9400-3/4IE: {{8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redirect-home?tag=Toshibaukbholink-21&site=homeO16 -: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://prerelease.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cabc:\windows\Downloaded Program Files\hcImpl.infc:\windows\System32\ArcaMicroScanUpdater.exe - c:\windows\System32\ArcaOnlineUninstall.exec:\windows\System32\ArcaOnline.dllO16 -: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D}hxxp://arcaonline.arcabit.com/ArcaOnline.cabc:\windows\Downloaded Program Files\ArcaOnline.infFF - ProfilePath - c:\users\Marek\AppData\Roaming\Mozilla\Firefox\Profiles\kyxoeikz.default\FF - prefs.js: browser.startup.homepage - hxxp://www.google.plFF - component: c:\program files\Mozilla Firefox\components\xpinstal.dllFF - component: c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dllFF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dllFF - plugin: c:\program files\Mozilla Firefox\plugins\NPMSWMP.dllFF - plugin: c:\program files\Opera\program\plugins\nppl3260.dllFF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll---- FIREFOX - SPOSÓB POSTEPOWANIA ----c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true);c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=customc:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscoveryc:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.hideGoButton", false);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.enabled", false);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&appver={moz:version}&");c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&appver={moz:version}&");c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");.**************************************************************************catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-01-15 16:50:15Windows 6.0.6001 Service Pack 1 NTFSskanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ...HKCU\Software\Microsoft\Windows\CurrentVersion\Run TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i?????`?1h?$??????????(???h????? skanowanie ukrytych plików ... skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************.Czas ukończenia: 2009-01-15 16:51:48ComboFix-quarantined-files.txt 2009-01-15 15:51:46Przed: 34 051 104 768 bajtów wolnychPo: 34,085,212,160 bajtów wolnych360 --- E O F --- 2009-01-15 13:05:47
Mateusz J. komentarz 15 stycznia 2009 komentarz 15 stycznia 2009 Do notatnika wklej: File::c:\windows\System32\rpcnet.dllc:\windows\System32\rpcnetp.exe W notatniku zakladka Plik ==> Zapisz jako ==> zapisz pod nazwą CFScript.txt i zapisz go w tym katalogu co ściągnięty i zapisany został combofix Na ikonę ComboFix przeciągasz zrobiony plik CFScript.txt Tak jak na obrazku: Rozpocznie się usuwanie i powstanie log , który pokazujesz na forum.
Knoxville komentarz 16 stycznia 2009 Autor komentarz 16 stycznia 2009 Dzięki za odpowiedź ComboFix 09-01-13.04 - Marek 2009-01-15 18:01:03.2 - NTFSx86Microsoft? Windows Vista? Home Premium 6.0.6001.1.1250.1.1045.18.3070.2202 [GMT 1:00]Uruchomiony z: c:\comb\ComboFix.exeUżyto następujących komend :: c:\comb\CFScript.txtFILE ::c:\windows\System32\rpcnet.dllc:\windows\System32\rpcnetp.exe.((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))).c:\windows\System32\rpcnet.dllc:\windows\System32\rpcnetp.exe.((((((((((((((((((((((((( Pliki utworzone od 2008-12-15 do 2009-01-15 ))))))))))))))))))))))))))))))).2009-01-15 17:59 . 2009-01-15 18:00 <DIR> d-------- C:\comb2009-01-15 14:05 . 2009-01-15 14:05 <DIR> d-------- c:\program files\MSXML 4.02009-01-15 03:29 . 2009-01-15 03:29 89 --a------ c:\users\Marek\AppData\Roaming\netstat.bat2009-01-15 02:21 . 2008-10-09 10:21 202,928 --a------ c:\windows\System32\drivers\sbtis.sys2009-01-15 00:22 . 2009-01-15 00:22 524,288 --ahs---- C:\ntuser.dat{d6a01e39-e28b-11dd-8507-00037aae77db}.TMContainer00000000000000000002.regtrans-ms2009-01-15 00:22 . 2009-01-15 00:23 524,288 --ahs---- C:\ntuser.dat{d6a01e39-e28b-11dd-8507-00037aae77db}.TMContainer00000000000000000001.regtrans-ms2009-01-15 00:22 . 2009-01-15 00:22 524,288 --ahs---- C:\ntuser.dat{d6a01e2d-e28b-11dd-8507-00037aae77db}.TMContainer00000000000000000002.regtrans-ms2009-01-15 00:22 . 2009-01-15 00:22 524,288 --ahs---- C:\ntuser.dat{d6a01e2d-e28b-11dd-8507-00037aae77db}.TMContainer00000000000000000001.regtrans-ms2009-01-15 00:22 . 2009-01-15 00:23 65,536 --ahs---- C:\ntuser.dat{d6a01e39-e28b-11dd-8507-00037aae77db}.TM.blf2009-01-15 00:22 . 2009-01-15 00:22 65,536 --ahs---- C:\ntuser.dat{d6a01e2d-e28b-11dd-8507-00037aae77db}.TM.blf2009-01-14 23:03 . 2009-01-14 23:03 524,288 --ahs---- C:\ntuser.dat{66853be4-e277-11dd-9b2d-dad3f0b40c26}.TMContainer00000000000000000002.regtrans-ms2009-01-14 23:03 . 2009-01-14 23:17 524,288 --ahs---- C:\ntuser.dat{66853be4-e277-11dd-9b2d-dad3f0b40c26}.TMContainer00000000000000000001.regtrans-ms2009-01-14 23:03 . 2009-01-14 23:03 524,288 --ahs---- C:\ntuser.dat{66853bd8-e277-11dd-9b2d-dad3f0b40c26}.TMContainer00000000000000000002.regtrans-ms2009-01-14 23:03 . 2009-01-14 23:03 524,288 --ahs---- C:\ntuser.dat{66853bd8-e277-11dd-9b2d-dad3f0b40c26}.TMContainer00000000000000000001.regtrans-ms2009-01-14 23:03 . 2009-01-14 23:17 65,536 --ahs---- C:\ntuser.dat{66853be4-e277-11dd-9b2d-dad3f0b40c26}.TM.blf2009-01-14 23:03 . 2009-01-14 23:03 65,536 --ahs---- C:\ntuser.dat{66853bd8-e277-11dd-9b2d-dad3f0b40c26}.TM.blf2009-01-14 23:03 . 2009-01-15 00:23 5,120 --ah----- C:\ntuser.dat.LOG12009-01-14 23:03 . 2009-01-15 00:22 0 --ah----- C:\ntuser.dat.LOG22009-01-14 21:22 . 2009-01-14 22:00 <DIR> d-------- c:\program files\EsetOnlineScanner2009-01-14 20:07 . 2009-01-14 20:07 298 --a------ c:\windows\System32\MRT.INI2009-01-14 19:54 . 2008-12-16 03:42 288,768 --a------ c:\windows\System32\drivers\srv.sys2009-01-13 01:04 . 2009-01-13 01:04 <DIR> d-------- c:\program files\AMS Photo Effects2009-01-12 19:04 . 2009-01-12 19:04 <DIR> d-------- c:\program files\OO Software2009-01-11 18:23 . 2006-11-02 11:23 <DIR> dr------- c:\users\Mcx1\Videos2009-01-11 18:23 . 2006-11-02 11:23 <DIR> d-------- c:\users\Mcx1\Saved Games2009-01-11 18:23 . 2006-11-02 11:23 <DIR> dr------- c:\users\Mcx1\Pictures2009-01-11 18:23 . 2006-11-02 11:23 <DIR> dr------- c:\users\Mcx1\Music2009-01-11 18:23 . 2006-11-02 11:23 <DIR> dr------- c:\users\Mcx1\Links2009-01-11 18:23 . 2006-11-02 11:23 <DIR> dr------- c:\users\Mcx1\Downloads2009-01-11 18:23 . 2009-01-11 18:23 <DIR> dr------- c:\users\Mcx1\Documents2009-01-11 18:23 . 2009-01-11 18:23 <DIR> d--h----- c:\users\Mcx1\AppData2009-01-11 18:23 . 2009-01-11 18:23 <DIR> d-------- c:\users\Mcx12009-01-09 16:26 . 2009-01-13 23:51 <DIR> d-------- c:\users\Marek\AppData\Roaming\GrabIt2009-01-09 16:23 . 2009-01-09 16:23 <DIR> d-------- c:\program files\GrabIt2009-01-08 11:15 . 1997-06-06 15:52 11,264 --a------ c:\windows\System32\SPORDER.DLL2009-01-07 18:12 . 2009-01-07 18:12 <DIR> d-------- c:\users\All Users\NewsBin2009-01-07 18:12 . 2009-01-07 18:12 <DIR> d-------- c:\programdata\NewsBin2009-01-06 19:44 . 2009-01-13 17:19 <DIR> d-------- c:\program files\abgx3602009-01-04 18:48 . 2009-01-05 17:37 <DIR> d-------- c:\users\Marek\AppData\Roaming\ImgBurn2009-01-04 18:48 . 2009-01-04 18:48 <DIR> d-------- c:\program files\ImgBurn2009-01-04 00:52 . 2009-01-04 00:52 <DIR> d-------- c:\program files\AVOne2009-01-03 16:12 . 2009-01-03 16:12 <DIR> d-------- c:\program files\MagicEffect Photo Editor 20092008-12-29 01:25 . 2009-01-13 22:52 <DIR> d-------- c:\users\Marek\AppData\Roaming\MagicEffect Photo2008-12-27 22:10 . 2008-12-27 22:10 <DIR> d-------- c:\program files\Boilsoft Video Joiner2008-12-20 16:35 . 2008-12-24 11:45 142,096 --a------ c:\windows\System32\drivers\tmcomm.sys2008-12-20 16:33 . 2008-12-20 16:33 <DIR> d-------- c:\windows\System32\HouseCall 6.62008-12-20 16:33 . 2008-12-20 18:16 <DIR> d-------- c:\users\Marek\AppData\Roaming\HouseCall 6.62008-12-20 16:32 . 2008-12-20 16:32 <DIR> d-------- c:\windows\Sun2008-12-19 22:24 . 2008-12-19 22:29 <DIR> d-------- c:\program files\Alchemy Mindworks2008-12-19 22:24 . 1999-03-15 16:39 212,992 --a------ c:\windows\ALCHUNIN.EXE2008-12-19 22:23 . 2008-12-19 22:29 <DIR> d-------- c:\users\Marek\AppData\Roaming\Alchemy Mindworks.(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-01-14 19:28 --------- d-----w c:\program files\Panda Security2009-01-14 19:07 --------- d-----w c:\program files\Windows Mail2009-01-14 18:54 --------- d-----w c:\users\Marek\AppData\Roaming\uTorrent2009-01-12 17:31 --------- d-----w c:\users\Marek\AppData\Roaming\Vso2009-01-11 00:31 --------- d---a-w c:\programdata\TEMP2009-01-10 19:27 --------- d-----w c:\users\Marek\AppData\Roaming\Thinstall2009-01-10 11:02 --------- d-----w c:\users\Marek\AppData\Roaming\dvdcss2009-01-06 13:07 --------- d-----w c:\program files\Flash Particle Studio 1.02009-01-03 23:52 --------- d--h--w c:\program files\InstallShield Installation Information2008-12-21 09:30 --------- d-----w c:\program files\Opera2008-12-20 15:26 --------- d-----w c:\programdata\Ulead Systems2008-12-20 15:26 --------- d-----w c:\program files\Corel2008-12-09 19:39 --------- d-----w c:\program files\Picture Resize Genius2008-12-09 16:06 --------- d-----w c:\programdata\Kaspersky Lab Setup Files2008-12-09 11:13 --------- d-----w c:\programdata\McAfee2008-11-23 21:50 --------- d-----w c:\program files\Real Alternative2008-11-21 21:54 --------- d-----w c:\program files\AoA Audio Extractor2008-11-21 21:51 --------- d-----w c:\users\Marek\AppData\Roaming\Audacity2008-11-18 23:13 --------- d--h--w c:\users\Marek\AppData\Roaming\FVSTemp2008-11-18 18:52 --------- d-----w c:\users\Marek\AppData\Roaming\InfraRecorder2008-11-17 14:40 3,668,480 ----a-w c:\windows\system32\drivers\NETw5v32.sys2008-11-16 18:34 --------- d-----w c:\program files\Google2008-11-16 15:46 --------- d-----w c:\programdata\Media Center Programs2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll2008-10-29 06:29 2,927,104 ----a-w c:\windows\explorer.exe2008-09-13 18:02 47,360 ----a-w c:\users\Marek\AppData\Roaming\pcouffin.sys2008-08-01 11:57 55 ----a-w c:\program files\Profile Picture GeniusPPG.url2008-07-19 04:21 174 --sha-w c:\program files\desktop.ini2006-11-02 12:36 150,016 ----a-w c:\program files\MOVIEMK.exe2008-12-20 00:11 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll2008-12-20 00:11 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll2008-12-20 00:11 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll2008-12-20 00:11 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll2008-12-20 00:11 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll2008-10-14 01:22 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008101420081015\index.dat.((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2007-12-29 430080][HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"EnableUIADesktopToggle"= 0 (0x0)[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"msacm.l3acm"= l3codecp.acm[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnkbackup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartupbackupExtension=.CommonStartup[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnkbackup=c:\windows\pss\Adobe Reader Synchronizer.lnk.CommonStartupbackupExtension=.CommonStartup[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Manager.lnk]path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnkbackup=c:\windows\pss\Bluetooth Manager.lnk.CommonStartupbackupExtension=.CommonStartup[HKLM\~\startupfolder\C:^Users^Marek^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Easy CD-DA Extractor Pro Updater.exe]path=c:\users\Marek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Easy CD-DA Extractor Pro Updater.exebackup=c:\windows\pss\Easy CD-DA Extractor Pro Updater.exe.StartupbackupExtension=.Startup[HKLM\~\startupfolder\C:^Users^Marek^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk]path=c:\users\Marek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnkbackup=c:\windows\pss\MagicDisc.lnk.StartupbackupExtension=.Startup[HKLM\~\startupfolder\C:^Users^Marek^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^TRDCReminder.lnk]path=c:\users\Marek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnkbackup=c:\windows\pss\TRDCReminder.lnk.StartupbackupExtension=.Startup[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\[u]0[/u]0TCrdMain]--a------ 2008-01-22 13:25 712704 c:\program files\Toshiba\FlashCards\TCrdMain.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software]--a------ 2007-10-25 16:41 413696 c:\program files\Camera Assistant Software for Toshiba\traybar.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Desktop SMS]--a------ 2007-06-18 10:51 1507328 c:\program files\IDM\Desktop SMS\DesktopSMS.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]--a------ 2008-01-19 08:33 125952 c:\windows\ehome\ehtray.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HSON]--a------ 2007-10-31 22:01 54608 c:\program files\Toshiba\TBS\HSON.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ITSecMng]--a------ 2007-09-28 16:03 75136 c:\program files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MRT]--a------ 2009-01-10 02:35 20853704 c:\windows\System32\mrt.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]--a------ 2008-05-27 09:50 413696 c:\program files\QuickTime\QTTask.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]--a------ 2008-01-19 08:33 1233920 c:\program files\Windows Sidebar\sidebar.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]--a------ 2008-01-25 10:22 509816 c:\program files\Toshiba\SmoothView\SmoothView.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]--a------ 2006-11-10 11:35 90112 c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]--a------ 2007-09-25 01:11 132496 c:\program files\Java\jre1.6.0_03\bin\jusched.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]--a------ 2007-11-29 17:58 1029416 c:\program files\Synaptics\SynTP\SynTPEnh.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\toolbar_eula_launcher]--a------ 2008-02-20 17:55 21504 c:\tb_eula\EULALauncher.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\topi]--a------ 2007-07-10 09:24 581632 c:\program files\Toshiba\Toshiba Online Product Information\TOPI.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba Registration]--a------ 2007-05-04 11:05 571024 c:\program files\Toshiba\Registration\ToshibaRegistration.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPwrMain]--a------ 2008-01-17 15:27 431456 c:\program files\Toshiba\Power Saver\TPwrMain.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]--a------ 2008-01-19 08:38 1008184 c:\program files\Windows Defender\MSASCui.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]--a------ 2008-01-19 08:33 202240 c:\program files\Windows Media Player\wmpnscfg.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]--a------ 2007-08-30 16:43 4670704 c:\program files\Yahoo!\Messenger\YahooMessenger.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]--a------ 2008-01-19 08:36 2153472 c:\windows\System32\oobefldr.dll[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]"{7C6E4CC0-CFFB-42A6-8276-F5AC3025C18F}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger"{1B6D658B-AAA5-4794-97D5-64DD7CE49C7B}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger"{91AE0865-1D8D-434B-8153-D1ABEECC21F5}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server"{C69ACF71-B114-486F-96BB-3B1A06E4181A}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server"TCP Query User{75E025C9-58C0-404F-AB55-1B11739F0078}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent"UDP Query User{1735155A-2B9F-4A99-889E-CDED2C789AAE}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent"TCP Query User{83D80B14-4FE1-41E5-81FC-C8674BA1BC1E}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= UDP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger"UDP Query User{B09D070F-9BA1-41E3-BF54-926D9BC7C787}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= TCP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger"TCP Query User{21CFECE4-94B1-4966-B3D4-D45C8D6FF090}c:\\program files\\videolan\\vlc\\vlc.exe"= UDP:c:\program files\videolan\vlc\vlc.exe:VLC media player"UDP Query User{B0198644-4189-4435-91DF-2631CAD94265}c:\\program files\\videolan\\vlc\\vlc.exe"= TCP:c:\program files\videolan\vlc\vlc.exe:VLC media player"TCP Query User{788C7065-8189-433C-BE35-1F05FCF754A3}c:\\program files\\opera\\opera.exe"= UDP:c:\program files\opera\opera.exe:Opera Internet Browser"UDP Query User{F9503293-B756-407B-8708-0F629A2FD1CC}c:\\program files\\opera\\opera.exe"= TCP:c:\program files\opera\opera.exe:Opera Internet Browser"TCP Query User{9FA95899-4905-474C-B875-D59F2F81259C}c:\\users\\marek\\desktop\\emule v0.49b beba v2.1 beta2 no ratio\\emule 0.49a beta 3 beba 2.0 no ratio\\emule.exe"= Disabled:UDP:c:\users\marek\desktop\emule v0.49b beba v2.1 beta2 no ratio\emule 0.49a beta 3 beba 2.0 no ratio\emule.exe:emule.exe"UDP Query User{FC1F5E82-A127-45E0-A1D9-96A823E163E8}c:\\users\\marek\\desktop\\emule v0.49b beba v2.1 beta2 no ratio\\emule 0.49a beta 3 beba 2.0 no ratio\\emule.exe"= Disabled:TCP:c:\users\marek\desktop\emule v0.49b beba v2.1 beta2 no ratio\emule 0.49a beta 3 beba 2.0 no ratio\emule.exe:emule.exe"TCP Query User{40191B00-713A-4301-B711-AA2A0982D979}c:\\users\\marek\\desktop\\arabella_third_generation_49b_05.08.2008\\emule.exe"= Disabled:UDP:c:\users\marek\desktop\arabella_third_generation_49b_05.08.2008\emule.exe:emule.exe"UDP Query User{3212DBEF-D283-403E-8DEE-37128CEE735A}c:\\users\\marek\\desktop\\arabella_third_generation_49b_05.08.2008\\emule.exe"= Disabled:TCP:c:\users\marek\desktop\arabella_third_generation_49b_05.08.2008\emule.exe:emule.exe"TCP Query User{84CC8D46-2EBF-4FFA-954B-FD6EF3101B18}c:\\users\\marek\\desktop\\nrpg ratiomaster\\nrpg ratiomaster.exe"= Disabled:UDP:c:\users\marek\desktop\nrpg ratiomaster\nrpg ratiomaster.exe:nrpg ratiomaster.exe"UDP Query User{ACAB1484-E1C1-4603-A521-BD772F8DA0E2}c:\\users\\marek\\desktop\\nrpg ratiomaster\\nrpg ratiomaster.exe"= Disabled:TCP:c:\users\marek\desktop\nrpg ratiomaster\nrpg ratiomaster.exe:nrpg ratiomaster.exe"TCP Query User{55BE88D4-C1E7-40BA-848B-978E45025F00}c:\\program files\\proxy checker\\pcv7.exe"= Disabled:UDP:c:\program files\proxy checker\pcv7.exe:Proxy Checker v7.4"UDP Query User{D617ABF4-A074-4130-B32A-FEB091ADC592}c:\\program files\\proxy checker\\pcv7.exe"= Disabled:TCP:c:\program files\proxy checker\pcv7.exe:Proxy Checker v7.4"TCP Query User{D0ED7701-EE0A-45EA-9157-A34E9B0FCF72}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer"UDP Query User{D0270F4C-BA9E-4BFE-83F1-BC4DBD3D7C12}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer"{9922940B-A5E7-4CFF-A49D-2F459E7EC2F1}"= UDP:c:\program files\uTorrent\uTorrent.exe:?Torrent (TCP-In)"{A4322706-B288-4C3B-B026-3CA8C7866CFA}"= TCP:c:\program files\uTorrent\uTorrent.exe:?Torrent (UDP-In)"TCP Query User{B087176D-A894-429C-953E-65D279330BD4}c:\\users\\marek\\desktop\\emule_0.49b_alias_1.0a_bin\\emule.exe"= UDP:c:\users\marek\desktop\emule_0.49b_alias_1.0a_bin\emule.exe:emule.exe"UDP Query User{DAFE40E5-1C94-4DC3-A79C-2EF088543866}c:\\users\\marek\\desktop\\emule_0.49b_alias_1.0a_bin\\emule.exe"= TCP:c:\users\marek\desktop\emule_0.49b_alias_1.0a_bin\emule.exe:emule.exe"TCP Query User{A035E7F7-0DF7-4496-A1F4-C7237AC83220}c:\\users\\marek\\desktop\\emule_0.49b_rapcom_v.1.2_fix\\emule-0.49b-rapcom v.1.2-fix\\emule.exe"= UDP:c:\users\marek\desktop\emule_0.49b_rapcom_v.1.2_fix\emule-0.49b-rapcom v.1.2-fix\emule.exe:emule.exe"UDP Query User{A0E06B21-5B28-4F83-96BE-7C8AF3666ABE}c:\\users\\marek\\desktop\\emule_0.49b_rapcom_v.1.2_fix\\emule-0.49b-rapcom v.1.2-fix\\emule.exe"= TCP:c:\users\marek\desktop\emule_0.49b_rapcom_v.1.2_fix\emule-0.49b-rapcom v.1.2-fix\emule.exe:emule.exe"TCP Query User{E63472F1-F71E-40FB-BA90-337A4BF947BF}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:?Torrent"UDP Query User{E98452E8-AD79-495C-AC08-903726DF3121}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:?Torrent"TCP Query User{E353CB51-640D-471C-8CC8-427FF879463E}c:\\program files\\mirc\\mirc.exe"= UDP:c:\program files\mirc\mirc.exe:mIRC"UDP Query User{1C5550FD-724E-4B3F-B674-A64D204E76FF}c:\\program files\\mirc\\mirc.exe"= TCP:c:\program files\mirc\mirc.exe:mIRC"{C1F51F7D-468B-440A-B266-AC8F9566409D}"= UDP:e:\gra\S.T.A.L.K.E.R. - Clear Sky\bin\xrEngine.exe:S.T.A.L.K.E.R. - Clear Sky (CLI)"{86F7BD5B-8593-4232-A246-65E1753A7B97}"= TCP:e:\gra\S.T.A.L.K.E.R. - Clear Sky\bin\xrEngine.exe:S.T.A.L.K.E.R. - Clear Sky (CLI)"{72949CBB-8E2D-4477-B6AB-C1386F268E3D}"= UDP:e:\gra\S.T.A.L.K.E.R. - Clear Sky\bin\dedicated\xrEngine.exe:S.T.A.L.K.E.R. - Clear Sky (SRV)"{05B451F6-9FA7-4076-ADFF-2B1F2EBAEFBC}"= TCP:e:\gra\S.T.A.L.K.E.R. - Clear Sky\bin\dedicated\xrEngine.exe:S.T.A.L.K.E.R. - Clear Sky (SRV)"TCP Query User{AE6716E1-4D04-4AFC-A313-BCC631DEFC45}c:\\program files\\icq6\\icq.exe"= UDP:c:\program files\icq6\icq.exe:ICQ Library"UDP Query User{05503768-A03C-471B-8610-6FD3AC313E6F}c:\\program files\\icq6\\icq.exe"= TCP:c:\program files\icq6\icq.exe:ICQ Library"TCP Query User{E13449B2-E932-47F9-BDB3-D103B0FB0BED}c:\\program files\\proxy checker pro\\pcv7.exe"= UDP:c:\program files\proxy checker pro\pcv7.exe:Proxy Checker Pro v7.4"UDP Query User{BA96A320-44C6-4EAA-A00A-42FBA633726B}c:\\program files\\proxy checker pro\\pcv7.exe"= TCP:c:\program files\proxy checker pro\pcv7.exe:Proxy Checker Pro v7.4"TCP Query User{94B1462A-365D-41DB-B744-CAE3393FF360}e:\\new\\left 4 dead\\left4dead.exe"= UDP:e:\new\left 4 dead\left4dead.exe:left4dead"UDP Query User{20DC5E23-FBE9-48E6-BB18-4CDA2BD85617}e:\\new\\left 4 dead\\left4dead.exe"= TCP:e:\new\left 4 dead\left4dead.exe:left4dead"TCP Query User{75586670-04A7-4DBE-A66C-E5DC5902F28D}e:\\new\\left 4 dead\\left4dead.exe"= UDP:e:\new\left 4 dead\left4dead.exe:left4dead"UDP Query User{01F41FF2-CBA8-4155-96ED-3F29A32083D4}e:\\new\\left 4 dead\\left4dead.exe"= TCP:e:\new\left 4 dead\left4dead.exe:left4dead"TCP Query User{630C1CAB-9A02-450F-9A04-D54F3733FE5E}c:\\program files\\konami\\pro evolution soccer 2009\\pes2009.exe"= Disabled:UDP:c:\program files\konami\pro evolution soccer 2009\pes2009.exe:Pro Evolution Soccer 2009"UDP Query User{7AACFB57-FF89-4E2E-AF36-63D776A42741}c:\\program files\\konami\\pro evolution soccer 2009\\pes2009.exe"= Disabled:TCP:c:\program files\konami\pro evolution soccer 2009\pes2009.exe:Pro Evolution Soccer 2009"TCP Query User{C7854BF3-0EA3-496B-980D-6D4E002548B1}c:\\program files\\proxy checker pro\\pcv7.exe"= Disabled:UDP:c:\program files\proxy checker pro\pcv7.exe:Proxy Checker Pro v7.4"UDP Query User{256D369B-3165-4585-953F-9101C1737E78}c:\\program files\\proxy checker pro\\pcv7.exe"= Disabled:TCP:c:\program files\proxy checker pro\pcv7.exe:Proxy Checker Pro v7.4"TCP Query User{12116E3F-41E9-4E5A-A1CB-92F636C39E9C}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox"UDP Query User{213E95D2-E96F-4040-9FEE-A8F3D62BC295}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox"TCP Query User{ECF4A25C-7717-41A4-BE73-2EFDCA85341E}c:\\users\\marek\\desktop\\housecall66.exe"= UDP:c:\users\marek\desktop\housecall66.exe:housecall66.exe"UDP Query User{53D48FE0-7487-4D95-AE5F-3EE248FD7457}c:\\users\\marek\\desktop\\housecall66.exe"= TCP:c:\users\marek\desktop\housecall66.exe:housecall66.exe"TCP Query User{8F1153F1-4F04-4466-B054-3F9D8ED0E01B}c:\\users\\marek\\desktop\\nrpg ratiomaster\\nrpg ratiomaster.exe"= UDP:c:\users\marek\desktop\nrpg ratiomaster\nrpg ratiomaster.exe:nrpg ratiomaster.exe"UDP Query User{73CA2DED-F4A0-4344-837F-1151F75390B6}c:\\users\\marek\\desktop\\nrpg ratiomaster\\nrpg ratiomaster.exe"= TCP:c:\users\marek\desktop\nrpg ratiomaster\nrpg ratiomaster.exe:nrpg ratiomaster.exe"TCP Query User{DB938534-79AB-42AE-965A-A5EC3E2FCEA0}c:\\program files\\netscape\\navigator 9\\navigator.exe"= UDP:c:\program files\netscape\navigator 9\navigator.exe:Navigator"UDP Query User{2B1D6DFD-2C0A-4F07-9870-5EEBB99207F4}c:\\program files\\netscape\\navigator 9\\navigator.exe"= TCP:c:\program files\netscape\navigator 9\navigator.exe:NavigatorR1 sbtis;sbtis;c:\windows\System32\drivers\sbtis.sys [2009-01-15 202928]R3 CnxtHdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service;c:\windows\System32\drivers\CHDART.sys [2008-03-05 187904]R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [2008-11-17 3668480]R3 O2MDRDR;O2MDRDR;c:\windows\System32\drivers\o2media.sys [2008-01-15 48472]R3 QIOMem;Generic IO & Memory Access;c:\windows\System32\drivers\QIOMem.sys [2007-04-09 8192]R4 ConfigFree Service;ConfigFree Service;c:\program files\Toshiba\ConfigFree\CFSvcs.exe [2007-12-25 40960]R4 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\Toshiba\SMARTLogService\TosIPCSrv.exe [2007-12-03 126976].- - - - USUNIĘTO PUSTE WPISY - - - -MSConfigStartUp-SBAMTray - c:\program files\Sunbelt Software\VIPRE\SBAMTray.exe.------- Skan uzupełniający -------.uStart Page = hxxp://www.google.pl/IE: Zapisz &obraz używając Flash and Media Capture - c:\program files\Common Files\MetaProducts\FMCapt.dll/saveimg.htmIE: Zapisz pliki &medi?&medi?&medi?żywając Flash and Media Capture - c:\program files\Common Files\MetaProducts\FMCapt.dll/savemedia.htmIE: {{76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/4908-44618-9400-3/4IE: {{8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redirect-home?tag=Toshibaukbholink-21&site=homeO16 -: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://prerelease.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cabc:\windows\Downloaded Program Files\hcImpl.infc:\windows\System32\ArcaMicroScanUpdater.exe - c:\windows\System32\ArcaOnlineUninstall.exec:\windows\System32\ArcaOnline.dllO16 -: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D}hxxp://arcaonline.arcabit.com/ArcaOnline.cabc:\windows\Downloaded Program Files\ArcaOnline.infFF - ProfilePath - c:\users\Marek\AppData\Roaming\Mozilla\Firefox\Profiles\kyxoeikz.default\FF - prefs.js: browser.startup.homepage - hxxp://www.google.plFF - component: c:\program files\Mozilla Firefox\components\xpinstal.dllFF - component: c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll---- FIREFOX - SPOSÓB POSTEPOWANIA ----c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true);c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=customc:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscoveryc:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.hideGoButton", false);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.enabled", false);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&appver={moz:version}&");c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&appver={moz:version}&");c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");.**************************************************************************catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-01-15 18:03:15Windows 6.0.6001 Service Pack 1 NTFSskanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ...skanowanie ukrytych plików ... skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************.------------------------ Pozostałe uruchomione procesy ------------------------.c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exec:\windows\System32\Ati2evxx.exec:\windows\System32\audiodg.exec:\windows\System32\Ati2evxx.exec:\program files\O2Micro Flash Memory Card Driver\o2flash.exec:\windows\System32\rpcnet.exec:\program files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exec:\windows\System32\TODDSrv.exec:\program files\Toshiba\Power Saver\TosCoSrv.exec:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exec:\windows\System32\drivers\XAudio.exec:\windows\System32\conime.exec:\program files\Windows Media Player\wmpnetwk.exec:\windows\servicing\TrustedInstaller.exec:\windows\System32\wbem\WMIADAP.exe.**************************************************************************.Czas ukończenia: 2009-01-15 18:07:15 - komputer został uruchomiony ponownieComboFix-quarantined-files.txt 2009-01-15 17:07:04Przed: 34 424 266 752 bajtów wolnychPo: 34,398,609,408 bajtów wolnych324 --- E O F --- 2009-01-15 13:05:47 Oraz po jakis 20 minutach wyskoczył mi taki błąd i po 10 minutach znowu i tak cały czas co jakiś czas, wczesniej tego błędu nie było Mogłby mi ktoś pomóc dalejk pliki ktore usunąłem FILE :: c:\windows\System32\rpcnet.dll c:\windows\System32\rpcnetp.exe Powróciły na dysk oprocz rpcnet.dll wyłączylem uruchamianie procesu rpcnet.exe i teraz uruchamia sie rpcnetp.exe Dzięki za pomoc
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.