mlody8mlody utworzono 23 lutego 2009 utworzono 23 lutego 2009 (edytowane) witam prawdopobonie to ten wirus...tzn infostealer.gampass... mam plik combo fix`a moze mi ktos powiedziec co dalej? i nie moge wlaczyc zeby widziec pliki ukryte... jesli by mial ktos chec pomoc bym byl wdzieczny..
mlody8mlody komentarz 24 lutego 2009 Autor komentarz 24 lutego 2009 Prosze tresc txt z combo fix`a ComboFix 09-02-21.01 - NZOZ 2009-02-23 18:08:32.1 - NTFSx86Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.3327.2753 [GMT 1:00]Uruchomiony z: P:\ComboFix.exe * Utworzono nowy punkt przywracania.((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))).C:\autorun.infC:\pook.comc:\windows\inetloader.dllc:\windows\system32\nmdfgds0.dllc:\windows\system32\olhrwef.exeD:\Autorun.infD:\pook.comE:\Autorun.infE:\pook.comF:\Autorun.infF:\pook.comG:\Autorun.infG:\pook.comH:\Autorun.infH:\pook.comJ:\Autorun.infJ:\pook.comK:\Autorun.infK:\pook.comL:\Autorun.infL:\pook.comP:\2fiy.batP:\autorun.infP:\pook.com.((((((((((((((((((((((((( Pliki utworzone od 2009-01-23 do 2009-02-23 ))))))))))))))))))))))))))))))).2009-02-22 21:09 . 2009-02-22 21:09 2,298 --a------ c:\windows\TSCTNDBG.INI2009-02-05 22:29 . 2007-09-03 17:13 393,216 --a------ c:\windows\system32\GDS32.DLL2009-01-25 20:55 . 2009-01-25 20:55 <DIR> d-------- c:\documents and settings\NZOZ\Dane aplikacji\gtk-2.02009-01-25 20:55 . 2009-01-25 20:55 <DIR> d-------- c:\documents and settings\NZOZ\.gimp-2.62009-01-25 20:55 . 2009-01-25 20:55 <DIR> d-------- c:\documents and settings\NZOZ\.gegl-0.02009-01-25 20:50 . 2009-01-25 20:50 410,984 --a------ c:\windows\system32\deploytk.dll.(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-02-23 17:03 --------- d-----w c:\program files\Common Files\Symantec Shared2009-02-23 15:52 --------- d-----w c:\program files\lg_fwupdate2009-02-22 20:02 --------- d-----w c:\program files\ZAR2009-02-22 19:25 --------- d-----w c:\program files\TomTom HOME2009-02-15 18:54 --------- d-----w c:\program files\Norton Internet Security2009-02-09 22:18 --------- d-----w c:\documents and settings\NZOZ\Dane aplikacji\OpenOffice.org22009-02-09 21:31 --------- d-----w c:\documents and settings\NZOZ\Dane aplikacji\iMesh2009-02-06 12:06 --------- d-----w c:\program files\English Translator 32009-02-05 21:29 --------- d-----w c:\program files\Firebird2009-01-26 20:38 --------- d--h--w c:\program files\InstallShield Installation Information2009-01-25 19:50 --------- d-----w c:\program files\Java2009-01-14 18:11 --------- d-----w c:\program files\Wavin2009-01-08 13:54 59,360 ----a-w c:\documents and settings\NZOZ\Dane aplikacji\GDIPFONTCACHEV1.DAT2009-01-07 21:07 --------- d-----w c:\documents and settings\NZOZ\Dane aplikacji\Lasersoft Imaging2009-01-06 19:32 16 ----a-w c:\documents and settings\NZOZ\pzpc11.dll2008-12-30 12:16 --------- d-----w c:\program files\SilverFast Application2008-12-29 21:08 --------- d-----w c:\program files\Common Files\Corel2008-12-29 17:08 2,516 --sha-w c:\windows\system32\KGyGaAvL.sys2008-12-29 17:08 --------- d-----w c:\documents and settings\NZOZ\Dane aplikacji\Corel2008-12-29 17:07 --------- d-----w c:\program files\Corel2008-12-29 17:07 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Corel2008-12-20 23:03 826,368 ----a-w c:\windows\system32\wininet.dll2006-06-23 22:48 32,768 ----a-r c:\windows\inf\UpdateUSB.exe2004-10-01 14:00 40,960 ----a-w c:\program files\Uninstall_CDS.exe2008-09-01 13:48 32,768 --sha-w c:\windows\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\MSHist012008090120080902\index.dat.((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]"Gadu-Gadu"="j:\jacek zachwieja\gadu;gadu\Gadu-Gadu\gg.exe" [2003-10-02 729088][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"PowerS"="c:\windows\PowerS.exe" [2001-08-03 159800]"WheelMouse"="c:\progra~1\A4Tech\Mouse\Amoumain.exe" [2002-12-27 159744]"MULTIMEDIA KEYBOARD"="c:\program files\Keymaestro\Multimedia Keyboard\MMKeybd.exe" [2002-07-30 176128]"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]"OrderReminder"="c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2006-01-30 98304]"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-25 136600]"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-11-22 180269]"FineReader7NewsReaderPro"="c:\program files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe" [2003-12-10 278528]"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-03-07 8425472]"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-03-07 81920]"RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 32768]"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2005-04-12 229376]"Pilot"="f:\ks\KS-EWD\PILOT.EXE" [2008-10-23 5585920]"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480]"Smart Start UP"="c:\program files\NewSoft\Smart Start UP\PnPDetect.exe" [2006-12-19 104528]"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-01-31 58728]"Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2008-12-09 100056]"VTTimer"="VTTimer.exe" [2006-09-21 c:\windows\system32\VTTimer.exe]"S3Trayp"="S3trayp.exe" [2007-02-06 c:\windows\system32\S3Trayp.exe]"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]"nwiz"="nwiz.exe" [2007-03-07 c:\windows\system32\nwiz.exe]"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 c:\windows\RTHDCPL.exe][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]c:\documents and settings\All Users\Menu Start\Programy\Autostart\Action Express (OpticPro ST64+).lnk - c:\program files\Plustek\OpticPro ST64+\Am32Plus.exe [2008-12-09 143360]Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-11-30 67128]Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-10-13 805392]Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]Przyspieszenie uruchomienia programu AutoCAD.lnk - c:\program files\Common Files\Autodesk Shared\acstart16.exe [2005-03-05 10872][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]2008-05-02 01:42 72208 c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"vidc.xvid"= xvid.dll"vidc.DIV3"= DivXc32.dll"vidc.DIV4"= DivXc32f.dll"vidc.DVX4"= DivX4.dll"msacm.divxa32"= DivXa32.acm[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]@=""[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]--a------ 2003-10-02 13:43 729088 j:\jacek zachwieja\gadu;gadu\Gadu-Gadu\gg.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]--a------ 2008-04-14 18:21 1695232 c:\program files\Messenger\msmsgs.exe[HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusDisableNotify"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]"DisableMonitoring"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="g:\\moto gp2\\Nowy folder\\motogp2.exe"="c:\\Program Files\\BitComet\\BitComet.exe"="j:\\JACEK ZACHWIEJA\\gadu;gadu\\Gadu-Gadu\\gg.exe"="g:\\Half-life\\Half-Life\\hl.exe"="c:\\Program Files\\iMesh Applications\\iMesh\\iMesh.exe"="c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync ServiceR0 ViBus;ViBus;c:\windows\system32\drivers\ViBus.sys [2007-11-17 16896]R0 ViPrt;VIA SATA IDE Device Driver;c:\windows\system32\drivers\ViPrt.sys [2007-11-17 52224]R1 HFSYS;HFSYS;c:\windows\system32\drivers\hfsys.sys [2004-01-12 19732]R1 msikbd2k;Multimedia Keyboard Filter Driver;c:\windows\system32\drivers\Msikbd2k.sys [2007-11-17 6656]R2 BT848;BtCap, WDM Video Capture;c:\windows\system32\drivers\BT848.SYS [2007-11-17 99206]R2 BTTUNER;BtTuner, WDM TV Tuner;c:\windows\system32\drivers\Bttuner.sys [2007-11-17 13898]R2 BTXBAR;BtXBar, WDM Crossbar;c:\windows\system32\drivers\Btxbar.sys [2007-11-17 6872]R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_2_0\bin\fbguard.exe -s --> c:\program files\Firebird\Firebird_2_0\bin\fbguard.exe -s [?]R2 Harmonogram automatycznej usługi LiveUpdate;Harmonogram automatycznej usługi LiveUpdate;c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe [2008-12-09 100032]R2 nhksrv;Netropa NHK Server;c:\program files\Keymaestro\Multimedia Keyboard\nhksrv.exe [2007-11-17 28672]R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [2007-11-30 38656]R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_2_0\bin\fbserver.exe -s --> c:\program files\Firebird\Firebird_2_0\bin\fbserver.exe -s [?]S2 BulkUsb;Plustek USB Scanner;c:\windows\system32\drivers\usbscan.sys [2007-11-17 15104]S3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:\windows\system32\drivers\Amps2prt.sys [2003-01-10 9728]S3 RTCore32;RTCore32;j:\jacek zachwieja\rmma38bin\RTCore32.sys [2008-04-12 4608]S3 S3GIGP;S3GIGP;c:\windows\system32\drivers\S3gIGPm.sys [2007-11-17 709632]S3 w200bus;Sony Ericsson W200 driver (WDM);c:\windows\system32\drivers\w200bus.sys [2007-12-05 61504]S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;c:\windows\system32\drivers\w200mdfl.sys [2007-12-05 9328]S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;c:\windows\system32\drivers\w200mdm.sys [2007-12-05 97056]S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\w200mgmt.sys [2007-12-05 88560]S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;c:\windows\system32\drivers\w200obex.sys [2007-12-05 86368][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{027bb78a-f8fb-11dd-8e59-001d60c3b4c8}]\Shell\AutoRun\command - P:\pook.com\Shell\open\Command - P:\pook.com[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5b295b6d-a0d5-11dc-874e-001d60c3b4c8}]\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe\Shell\Open(&0)\command - Recycled\ctfmon.exe.Zawartość folderu 'Zaplanowane zadania'2009-02-06 c:\windows\Tasks\Norton AntiVirus - Skanuj komputer - NZOZ.job- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2005-11-17 12:27].- - - - USUNIĘTO PUSTE WPISY - - - -HKCU-Run-cdoosoft - c:\windows\system32\olhrwef.exeHKCU-Run-PowerBar - (no file).------- Skan uzupełniający -------.uStart Page = hxxp://www.wp.pl/IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll.**************************************************************************catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-02-23 18:09:40Windows 5.1.2600 Dodatek Service Pack 3 NTFSskanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... HKCU\Software\Microsoft\Windows\CurrentVersion\Run PowerBar = ????????????l?@?l?@?D?????6~??????????????6~l?@?l?@????? ???????????W?9~??6~??????6~K?6~x???????[?6~???????? ??????????????|x???0???????????0y????6~????????????????XS??????]???????l?@?l?@?????Q?7~????t?@?????l?@?8?@?l?@?3??s????????????????????8?@?_??s8?@?8?@ skanowanie ukrytych plików ... skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************.--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------[HKEY_USERS\S-1-5-21-1078081533-688789844-1801674531-1003\Software\Microsoft\SystemCertificates\AddressBook*]@Allowed: (Read) (RestrictedCode)@Allowed: (Read) (RestrictedCode)[HKEY_USERS\S-1-5-21-1078081533-688789844-1801674531-1003\Software\SecuROM\License information*]"datasecu"=hex:6c,d6,c9,58,cc,7b,08,a0,4b,87,1e,bc,57,76,63,58,b7,7b,6e,96,a1, 7b,6c,c4,28,88,57,47,fe,f1,e8,d1,9b,b5,9b,0c,1b,52,02,43,3d,0b,e9,b9,eb,fb,\"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb.--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------- - - - - - - > 'winlogon.exe'(860)c:\program files\common files\logitech\bluetooth\LBTWlgn.dllc:\program files\common files\logitech\bluetooth\LBTServ.dll.Czas ukończenia: 2009-02-23 18:10:36ComboFix-quarantined-files.txt 2009-02-23 17:10:34Przed: 31 851 626 496 bajtów wolnychPo: 32,859,758,592 bajtów wolnychWindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe[boot loader]timeout=2default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS[operating systems]c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdconsmulti(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect226 --- E O F --- 2009-02-11 21:06:44 //Używaj tagów dla treści logów. //piku[/color] ComboFix.txt ComboFix.txt
Mateusz J. komentarz 24 lutego 2009 komentarz 24 lutego 2009 Usuń folder c:\QooBox. Przeczyść swojego pendrive, to z niego pochodzi infekcja. Do notatnika wklej: Windows Registry Editor Version 5.00[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2] Plik ==> Zapisz jako ==> Zmień rozszerzenie na Wszystkie pliki ==> Zapisz pod nazwą FIX.REG Uruchom utworzony plik FIX.REG i potwierdź dodanie do Rejestru i zresetuj komputer.
mlody8mlody komentarz 24 lutego 2009 Autor komentarz 24 lutego 2009 zrobilem to ale nie moge teraz wlaczyc zeby widziec pliki ukryte... czy cos jeszcze moze byc?
Mateusz J. komentarz 24 lutego 2009 komentarz 24 lutego 2009 Wykonaj nowy log z ComboFix + log z Silent Runners.
mlody8mlody komentarz 24 lutego 2009 Autor komentarz 24 lutego 2009 combofix: ComboFix 09-02-21.01 - NZOZ 2009-02-24 19:58:01.2 - NTFSx86Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.3327.2623 [GMT 1:00]Uruchomiony z: c:\documents and settings\NZOZ\Pulpit\ComboFix.exeAV: Kaspersky Internet Security *On-access scanning enabled* (Updated)AV: Norton Internet Security *On-access scanning enabled* (Updated)FW: Kaspersky Internet Security *enabled*FW: Norton Internet Security *enabled* * Resident AV is active.((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))).C:\2fiy.batC:\autorun.infc:\windows\system32\nmdfgds0.dllc:\windows\system32\olhrwef.exeD:\2fiy.batD:\Autorun.infE:\2fiy.batE:\Autorun.infF:\2fiy.batF:\Autorun.infG:\2fiy.batG:\Autorun.infH:\2fiy.batH:\Autorun.infI:\2fiy.batI:\Autorun.infJ:\2fiy.batJ:\Autorun.infK:\2fiy.batK:\Autorun.infL:\2fiy.batL:\Autorun.infP:\2fiy.batP:\autorun.inf.((((((((((((((((((((((((( Pliki utworzone od 2009-01-24 do 2009-02-24 ))))))))))))))))))))))))))))))).2009-02-24 16:39 . 2009-02-24 16:39 <DIR> d-------- C:\Temp2009-02-23 21:46 . 2009-02-23 21:46 <DIR> d-------- c:\program files\Kaspersky Lab2009-02-23 21:46 . 2009-02-24 20:04 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab2009-02-23 21:46 . 2009-02-24 20:03 7,220,000 --ahs---- c:\windows\system32\drivers\fidbox.dat2009-02-23 21:46 . 2009-02-24 20:01 113,120 --ahs---- c:\windows\system32\drivers\fidbox.idx2009-02-23 21:46 . 2009-02-23 22:11 101,287 --a------ c:\windows\system32\drivers\klin.dat2009-02-23 21:46 . 2009-02-23 22:11 89,601 --a------ c:\windows\system32\drivers\klick.dat2009-02-23 21:46 . 2009-02-24 20:04 23,840 --ahs---- c:\windows\system32\drivers\fidbox2.dat2009-02-23 21:46 . 2009-02-24 20:01 12,632 --ahs---- c:\windows\system32\drivers\fidbox2.idx2009-02-23 21:45 . 2009-02-23 21:45 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files2009-02-23 19:56 . 2009-02-23 19:56 2,899 --a------ c:\windows\hfxp.INI2009-02-22 21:09 . 2009-02-24 17:42 2,298 --a------ c:\windows\TSCTNDBG.INI2009-02-05 22:29 . 2007-09-03 17:13 393,216 --a------ c:\windows\system32\GDS32.DLL2009-01-25 20:55 . 2009-01-25 20:55 <DIR> d-------- c:\documents and settings\NZOZ\Dane aplikacji\gtk-2.02009-01-25 20:55 . 2009-01-25 20:55 <DIR> d-------- c:\documents and settings\NZOZ\.gimp-2.62009-01-25 20:55 . 2009-01-25 20:55 <DIR> d-------- c:\documents and settings\NZOZ\.gegl-0.02009-01-25 20:50 . 2009-01-25 20:50 410,984 --a------ c:\windows\system32\deploytk.dll.(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-02-24 19:03 --------- d-----w c:\program files\lg_fwupdate2009-02-23 21:11 112,144 ----a-w c:\windows\system32\drivers\kl1.sys2009-02-23 19:56 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Symantec2009-02-23 19:11 --------- d-----w c:\program files\English Translator 32009-02-23 18:54 --------- d-----w c:\program files\Common Files\Symantec Shared2009-02-23 18:04 16 ----a-w c:\documents and settings\NZOZ\pzpc11.dll2009-02-22 20:02 --------- d-----w c:\program files\ZAR2009-02-22 19:25 --------- d-----w c:\program files\TomTom HOME2009-02-09 22:18 --------- d-----w c:\documents and settings\NZOZ\Dane aplikacji\OpenOffice.org22009-02-09 21:31 --------- d-----w c:\documents and settings\NZOZ\Dane aplikacji\iMesh2009-02-05 21:29 --------- d-----w c:\program files\Firebird2009-01-26 20:38 --------- d--h--w c:\program files\InstallShield Installation Information2009-01-25 19:50 --------- d-----w c:\program files\Java2009-01-14 18:11 --------- d-----w c:\program files\Wavin2009-01-08 13:54 59,360 ----a-w c:\documents and settings\NZOZ\Dane aplikacji\GDIPFONTCACHEV1.DAT2009-01-07 21:07 --------- d-----w c:\documents and settings\NZOZ\Dane aplikacji\Lasersoft Imaging2008-12-30 12:16 --------- d-----w c:\program files\SilverFast Application2008-12-29 21:08 --------- d-----w c:\program files\Common Files\Corel2008-12-29 17:08 2,516 --sha-w c:\windows\system32\KGyGaAvL.sys2008-12-29 17:08 --------- d-----w c:\documents and settings\NZOZ\Dane aplikacji\Corel2008-12-29 17:07 --------- d-----w c:\program files\Corel2008-12-29 17:07 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Corel2008-12-20 23:03 826,368 ----a-w c:\windows\system32\wininet.dll2006-06-23 22:48 32,768 ----a-r c:\windows\inf\UpdateUSB.exe2004-10-01 14:00 40,960 ----a-w c:\program files\Uninstall_CDS.exe2008-09-01 13:48 32,768 --sha-w c:\windows\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\MSHist012008090120080902\index.dat.((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]"Gadu-Gadu"="j:\jacek zachwieja\gadu;gadu\Gadu-Gadu\gg.exe" [2003-10-02 729088][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"PowerS"="c:\windows\PowerS.exe" [2001-08-03 159800]"WheelMouse"="c:\progra~1\A4Tech\Mouse\Amoumain.exe" [2002-12-27 159744]"MULTIMEDIA KEYBOARD"="c:\program files\Keymaestro\Multimedia Keyboard\MMKeybd.exe" [2002-07-30 176128]"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]"OrderReminder"="c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2006-01-30 98304]"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-25 136600]"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-11-22 180269]"FineReader7NewsReaderPro"="c:\program files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe" [2003-12-10 278528]"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-03-07 8425472]"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-03-07 81920]"RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 32768]"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2005-04-12 229376]"Pilot"="f:\ks\KS-EWD\PILOT.EXE" [2008-10-23 5585920]"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480]"Smart Start UP"="c:\program files\NewSoft\Smart Start UP\PnPDetect.exe" [2006-12-19 104528]"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2004-09-17 58488]"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 218376]"VTTimer"="VTTimer.exe" [2006-09-21 c:\windows\system32\VTTimer.exe]"S3Trayp"="S3trayp.exe" [2007-02-06 c:\windows\system32\S3Trayp.exe]"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]"nwiz"="nwiz.exe" [2007-03-07 c:\windows\system32\nwiz.exe]"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 c:\windows\RTHDCPL.exe][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]c:\documents and settings\All Users\Menu Start\Programy\Autostart\Action Express (OpticPro ST64+).lnk - c:\program files\Plustek\OpticPro ST64+\Am32Plus.exe [2008-12-09 143360]Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-11-30 67128]Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-10-13 805392]Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]Przyspieszenie uruchomienia programu AutoCAD.lnk - c:\program files\Common Files\Autodesk Shared\acstart16.exe [2005-03-05 10872][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]2008-05-02 01:42 72208 c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"vidc.xvid"= xvid.dll"vidc.DIV3"= DivXc32.dll"vidc.DIV4"= DivXc32f.dll"vidc.DVX4"= DivX4.dll"msacm.divxa32"= DivXa32.acm[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]@=""[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]--a------ 2003-10-02 13:43 729088 j:\jacek zachwieja\gadu;gadu\Gadu-Gadu\gg.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]--a------ 2008-04-14 18:21 1695232 c:\program files\Messenger\msmsgs.exe[HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusDisableNotify"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]"DisableMonitoring"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]"DisableMonitoring"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="g:\\moto gp2\\Nowy folder\\motogp2.exe"="c:\\Program Files\\BitComet\\BitComet.exe"="j:\\JACEK ZACHWIEJA\\gadu;gadu\\Gadu-Gadu\\gg.exe"="g:\\Half-life\\Half-Life\\hl.exe"="c:\\Program Files\\iMesh Applications\\iMesh\\iMesh.exe"="c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync ServiceR0 ViBus;ViBus;c:\windows\system32\drivers\ViBus.sys [2007-11-17 16896]R0 ViPrt;VIA SATA IDE Device Driver;c:\windows\system32\drivers\ViPrt.sys [2007-11-17 52224]R1 HFSYS;HFSYS;c:\windows\system32\drivers\hfsys.sys [2004-01-12 19732]R1 msikbd2k;Multimedia Keyboard Filter Driver;c:\windows\system32\drivers\Msikbd2k.sys [2007-11-17 6656]R2 BT848;BtCap, WDM Video Capture;c:\windows\system32\drivers\BT848.SYS [2007-11-17 99206]R2 BTTUNER;BtTuner, WDM TV Tuner;c:\windows\system32\drivers\Bttuner.sys [2007-11-17 13898]R2 BTXBAR;BtXBar, WDM Crossbar;c:\windows\system32\drivers\Btxbar.sys [2007-11-17 6872]R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_2_0\bin\fbguard.exe -s --> c:\program files\Firebird\Firebird_2_0\bin\fbguard.exe -s [?]R2 nhksrv;Netropa NHK Server;c:\program files\Keymaestro\Multimedia Keyboard\nhksrv.exe [2007-11-17 28672]R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [2007-11-30 38656]R3 dTVdrvNT;dTVdrvNT;c:\program files\Prolink\PlayTV Pro\DTVdrvNT.sys [2007-11-17 12188]R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_2_0\bin\fbserver.exe -s --> c:\program files\Firebird\Firebird_2_0\bin\fbserver.exe -s [?]R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2007-04-04 24344]S2 BulkUsb;Plustek USB Scanner;c:\windows\system32\drivers\usbscan.sys [2007-11-17 15104]S2 Harmonogram automatycznej usługi LiveUpdate;Harmonogram automatycznej usługi LiveUpdate;"c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" --> c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [?]S3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:\windows\system32\drivers\Amps2prt.sys [2003-01-10 9728]S3 AVPsys;AVPsys;\??\c:\windows\system32\drivers\cdaudio.sys --> c:\windows\system32\drivers\cdaudio.sys [?]S3 RTCore32;RTCore32;j:\jacek zachwieja\rmma38bin\RTCore32.sys [2008-04-12 4608]S3 S3GIGP;S3GIGP;c:\windows\system32\drivers\S3gIGPm.sys [2007-11-17 709632]S3 w200bus;Sony Ericsson W200 driver (WDM);c:\windows\system32\drivers\w200bus.sys [2007-12-05 61504]S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;c:\windows\system32\drivers\w200mdfl.sys [2007-12-05 9328]S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;c:\windows\system32\drivers\w200mdm.sys [2007-12-05 97056]S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\w200mgmt.sys [2007-12-05 88560]S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;c:\windows\system32\drivers\w200obex.sys [2007-12-05 86368]--- Inne Usługi/Sterowniki w Pamięci ---*NewlyCreated* - DTVDRVNT.- - - - USUNIĘTO PUSTE WPISY - - - -HKCU-Run-cdoosoft - c:\windows\system32\olhrwef.exe.------- Skan uzupełniający -------.uStart Page = hxxp://www.wp.pl/IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll.**************************************************************************catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-02-24 20:02:49Windows 5.1.2600 Dodatek Service Pack 3 NTFSskanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************.--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------[HKEY_USERS\S-1-5-21-1078081533-688789844-1801674531-1003\Software\Microsoft\SystemCertificates\AddressBook*]@Allowed: (Read) (RestrictedCode)@Allowed: (Read) (RestrictedCode)[HKEY_USERS\S-1-5-21-1078081533-688789844-1801674531-1003\Software\SecuROM\License information*]"datasecu"=hex:6c,d6,c9,58,cc,7b,08,a0,4b,87,1e,bc,57,76,63,58,b7,7b,6e,96,a1, 7b,6c,c4,28,88,57,47,fe,f1,e8,d1,9b,b5,9b,0c,1b,52,02,43,3d,0b,e9,b9,eb,fb,\"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb.--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------- - - - - - - > 'winlogon.exe'(1224)c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dllc:\windows\system32\klogon.dllc:\program files\common files\logitech\bluetooth\LBTWlgn.dllc:\program files\common files\logitech\bluetooth\LBTServ.dll- - - - - - - > 'lsass.exe'(1284)c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dllc:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll.------------------------ Pozostałe uruchomione procesy ------------------------.c:\program files\Common Files\Symantec Shared\ccSetMgr.exec:\program files\Common Files\Symantec Shared\ccEvtMgr.exec:\program files\Firebird\Firebird_2_0\bin\fbguard.exec:\program files\Java\jre6\bin\jqs.exec:\program files\Common Files\LightScribe\LSSrvc.exec:\windows\system32\nvsvc32.exec:\windows\system32\PSIService.exec:\program files\Keymaestro\Multimedia Keyboard\Traymon.exec:\program files\Keymaestro\Onscreen Display\osd.exec:\windows\system32\rundll32.exec:\windows\system32\spool\drivers\w32x86\3\WrtProc.exec:\progra~1\MICROS~3\rapimgr.exec:\program files\Firebird\Firebird_2_0\bin\fbserver.exec:\windows\system32\wbem\wmiapsrv.exec:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exec:\program files\Prolink\PlayTV Pro\PIXELTV.EXE.**************************************************************************.Czas ukończenia: 2009-02-24 20:06:49 - komputer został uruchomiony ponownieComboFix-quarantined-files.txt 2009-02-24 19:06:46ComboFix2.txt 2009-02-23 17:10:37Przed: 31 144 103 936 bajtów wolnychPo: 30,986,694,656 bajtów wolnych256 --- E O F --- 2009-02-11 21:06:44 silent runners.: "Silent Runners.vbs", revision 59, http://www.silentrunners.org/Operating System: Windows XPOutput limited to non-default values, except where indicated by "{++}"Startup items buried in registry:---------------------------------HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]"H/PC Connection Agent" = ""C:\Program Files\Microsoft ActiveSync\wcescomm.exe"" [MS]"Gadu-Gadu" = ""J:\JACEK ZACHWIEJA\gadu;gadu\Gadu-Gadu\gg.exe" /tray" ["sms-express.com"]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}"VTTimer" = "VTTimer.exe" ["S3 Graphics, Inc."]"S3Trayp" = "S3trayp.exe" ["S3 Graphics Co., Ltd."]"PowerS" = "C:\WINDOWS\PowerS.exe" ["prolink"]"WheelMouse" = "C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe" ["A4Tech Co.,Ltd."]"MULTIMEDIA KEYBOARD" = "C:\Program Files\Keymaestro\Multimedia Keyboard\MMKeybd.exe" ["Netropa Corp."]"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]"OrderReminder" = "C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe" ["Hewlett-Packard"]"SunJavaUpdateSched" = ""C:\Program Files\Java\jre6\bin\jusched.exe"" ["Sun Microsystems, Inc."]"TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]"FineReader7NewsReaderPro" = ""C:\Program Files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe"" ["ABBYY (BIT Software)"]"Kernel and Hardware Abstraction Layer" = "KHALMNPR.EXE" ["Logitech, Inc."]"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]"RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."]"RemoteControl" = ""C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"" ["Cyberlink Corp."]"LGODDFU" = ""C:\Program Files\lg_fwupdate\fwupdate.exe"" [null data]"Pilot" = "F:\KS\KS-EWD\PILOT.EXE" ["P.I.KAMSOFT"]"WrtMon.exe" = "C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe" [empty string]"Smart Start UP" = "C:\Program Files\NewSoft\Smart Start UP\PnPDetect.exe /Automation " ["NewSoft Technology Corporation"]"ccApp" = ""C:\Program Files\Common Files\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]"AVP" = ""C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"" ["Kaspersky Lab"]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "AcroIEHlprObj Class" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx" [empty string]{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = "Java Plug-In SSV Helper" \InProcServer32\(Default) = "C:\Program Files\Java\jre6\bin\ssv.dll" ["Sun Microsystems, Inc."]{DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided) -> {HKLM...CLSID} = "Java Plug-In 2 SSV Helper" \InProcServer32\(Default) = "C:\Program Files\Java\jre6\bin\jp2ssv.dll" ["Sun Microsystems, Inc."]{E7E6F031-17CE-4C07-BC86-EABFE594F69C}\(Default) = "JQSIEStartDetectorImpl" -> {HKLM...CLSID} = "JQSIEStartDetectorImpl Class" \InProcServer32\(Default) = "C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll" ["Sun Microsystems, Inc."]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook" \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]"{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx" -> {HKLM...CLSID} = "AlcoholShellEx" \InProcServer32\(Default) = "C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll" ["Alcohol Soft Development Team"]"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WINRAR\rarext.dll" [null data]"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player" -> {HKLM...CLSID} = "RealOne Player Context Menu Class" \InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]"{DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C}" = "Logitech Setpoint Extension" -> {HKLM...CLSID} = "KbLogiExt Class" \InProcServer32\(Default) = "C:\Program Files\Logitech\SetPoint\kbcplext.dll" ["Logitech, Inc."]"{B9B9F083-2B04-452A-8691-83694AC1037B}" = "Logitech Setpoint Extension" -> {HKLM...CLSID} = "LogiExt Class" \InProcServer32\(Default) = "C:\Program Files\Logitech\SetPoint\mcplext.dll" ["Logitech, Inc."]"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class" -> {HKLM...CLSID} = "DesktopContext Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper" -> {HKLM...CLSID} = "NVIDIA CPL Extension" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer" -> {HKLM...CLSID} = "Desktop Explorer" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu" -> {HKLM...CLSID} = "nView Desktop Context Menu" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]"{23170F69-40C1-278A-1000-000100020000}" = "7-Zip Shell Extension" -> {HKLM...CLSID} = "7-Zip Shell Extension" \InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"]"{49BF5420-FA7F-11cf-8011-00A0C90A8F78}" = "Mobile Device" -> {HKLM...CLSID} = "Urządzenie przenośne" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Wcesview.dll" [MS]"{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler" -> {HKLM...CLSID} = "Microsoft Office Metadata Handler" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]"{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler" -> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]"{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" = "OpenOffice.org Column Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]"{087B3AE3-E237-4467-B8DB-5A38AB959AC9}" = "OpenOffice.org Infotip Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]"{63542C48-9552-494A-84F7-73AA6A7C99C1}" = "OpenOffice.org Property Sheet Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]"{3B092F0C-7696-40E3-A80F-68D74DA84210}" = "OpenOffice.org Thumbnail Viewer" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]"{83903CAB-2FC1-40f6-8B82-DF123A5FB9E3}" = "ABBYYPDFContextMenuExtension" -> {HKLM...CLSID} = "AbbyyPDF.PDFShellExtension.1" \InProcServer32\(Default) = "C:\Program Files\ABBYY PDF Transformer 1.0\PDFShellExtension.dll" ["ABBYY (BIT Software)"]"{AC1DB655-4F9A-4c39-8AD2-A65324A4C446}" = "Autodesk Drawing Preview" -> {HKLM...CLSID} = "ACTHUMBNAIL" \InProcServer32\(Default) = "C:\Program Files\Common Files\Autodesk Shared\Thumbnail\AcThumbnail16.dll" ["Autodesk"]"{36A21736-36C2-4C11-8ACB-D4136F2B57BD}" = "Uchwyt nakładania ikony podpisu cyfrowego" -> {HKLM...CLSID} = "AcSignIcon" \InProcServer32\(Default) = "C:\WINDOWS\system32\AcSignIcon.dll" ["Autodesk"]"{6DEA92E9-8682-4b6a-97DE-354772FE5727}" = "Autodesk DWF Preview" -> {HKLM...CLSID} = "ACDWFTHMBPRXY" \InProcServer32\(Default) = "C:\Program Files\Common Files\Autodesk Shared\Thumbnail\AcDwfThmbPrxy16.dll" ["Autodesk"]"{85E0B171-04FA-11D1-B7DA-00A0C90348D6}" = "Statystyki dla ochrony WWW" -> {HKLM...CLSID} = "Statystyki dla ochrony WWW" \InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll" ["Kaspersky Lab"]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" -> {HKLM...CLSID} = "WPDShServiceObj Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\<<!>> klogon\DLLName = "C:\WINDOWS\system32\klogon.dll" ["Kaspersky Lab"]<<!>> LBTWlgn\DLLName = "c:\program files\common files\logitech\bluetooth\LBTWlgn.dll" ["Logitech, Inc."]HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\<<!>> text/xml\CLSID = "{807563E5-5146-11D5-A672-00B0D022E945}" -> {HKLM...CLSID} = "Microsoft Office InfoPath XML Mime Filter" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL" [MS]HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\(Default) = "OpenOffice.org Column Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}" -> {HKLM...CLSID} = "7-Zip Shell Extension" \InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"]ABBYYPDFContextMenuExtension\(Default) = "{83903CAB-2FC1-40f6-8B82-DF123A5FB9E3}" -> {HKLM...CLSID} = "AbbyyPDF.PDFShellExtension.1" \InProcServer32\(Default) = "C:\Program Files\ABBYY PDF Transformer 1.0\PDFShellExtension.dll" ["ABBYY (BIT Software)"]Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ShellEx.dll" ["Kaspersky Lab"]WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WINRAR\rarext.dll" [null data]HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}" -> {HKLM...CLSID} = "7-Zip Shell Extension" \InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"]WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WINRAR\rarext.dll" [null data]HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\FineReader\(Default) = "{AC0DD14A-8F29-4F88-BE1D-0F0ED1B06C9F}" -> {HKLM...CLSID} = "FineReaderExplorerContextMenuHandler" \InProcServer32\(Default) = "c:\program files\abbyy finereader 7.0 professional edition\fecmenu.dll" ["ABBYY (BIT Software)"]Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ShellEx.dll" ["Kaspersky Lab"]WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WINRAR\rarext.dll" [null data]Default executables:--------------------<<!>> HKLM\SOFTWARE\Classes\.com\(Default) = "ComFile"<<!>> HKCU\Software\Classes\.scr\(Default) = "AutoCADScriptFile"<<!>> HKCU\Software\Classes\AutoCADScriptFile\shell\open\command\(Default) = ""C:\WINDOWS\system32\notepad.exe" "%1"" [MS]Group Policies {GPedit.msc branch and setting}:-----------------------------------------------Note: detected settings may not have any effect.HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\"NoDrives" = (REG_DWORD) dword:0x00000000{unrecognized setting}HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\"NoDrives" = (REG_DWORD) dword:0x00000000{unrecognized setting}HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|Shutdown: Allow system to be shut down without having to log on}"undockwithoutlogon" = (REG_DWORD) dword:0x00000001{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|Devices: Allow undock without having to log on}"DisableRegistryTools" = (REG_DWORD) dword:0x00000000{unrecognized setting}Active Desktop and Wallpaper:-----------------------------Active Desktop may be disabled at this entry:HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellStateDisplayed if Active Desktop enabled and wallpaper not set by Group Policy:HKCU\Software\Microsoft\Internet Explorer\Desktop\General\"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"Displayed if Active Desktop disabled and wallpaper not set by Group Policy:HKCU\Control Panel\Desktop\"Wallpaper" = "C:\Documents and Settings\NZOZ\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"Windows Portable Device AutoPlay Handlers-----------------------------------------HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\AlcoholAutoPlayV2.BurnDisc\"Provider" = "Alcohol 120%""InvokeProgID" = "AlcoholAutoPlayV2""InvokeVerb" = "BurnDisc"HKLM\SOFTWARE\Classes\AlcoholAutoPlayV2\shell\BurnDisc\command\(Default) = ""C:\Program Files\Alcohol Soft\Alcohol 120\Alcohol.exe" %1" ["Alcohol Soft Development Team"]AlcoholAutoPlayV2.ReadDisc\"Provider" = "Alcohol 120%""InvokeProgID" = "AlcoholAutoPlayV2""InvokeVerb" = "ReadDisc"HKLM\SOFTWARE\Classes\AlcoholAutoPlayV2\shell\ReadDisc\command\(Default) = ""C:\Program Files\Alcohol Soft\Alcohol 120\Alcohol.exe" %1" ["Alcohol Soft Development Team"]IMMediaPlayerOnArrival\"Provider" = "iMesh""ProgID" = "iMesh.LauncherEventHandler"HKLM\SOFTWARE\Classes\iMesh.LauncherEventHandler\CLSID\(Default) = "{2C353E32-B8AC-4B82-B988-4C2D3394388A}" -> {HKLM...CLSID} = "CLauncherEventHandler Object" \LocalServer32\(Default) = ""C:\PROGRA~1\IMESHA~1\iMesh\Launcher.exe"" ["iMesh Inc."]IMPlayCDAudioOnArrival\"Provider" = "iMesh""InvokeProgID" = "iMesh.AudioCD""InvokeVerb" = "play"HKLM\SOFTWARE\Classes\iMesh.AudioCD\shell\play\Command\(Default) = "C:\PROGRA~1\IMESHA~1\iMesh\iMesh.exe --playdrive %L" ["iMesh, Inc"]IMRipCDAudioOnArrival\"Provider" = "iMesh""InvokeProgID" = "iMesh.AudioCD""InvokeVerb" = "rip"HKLM\SOFTWARE\Classes\iMesh.AudioCD\shell\rip\Command\(Default) = "C:\PROGRA~1\IMESHA~1\iMesh\iMesh.exe --ripdrive %L" ["iMesh, Inc"]IMShowCDAudioOnArrival\"Provider" = "iMesh""InvokeProgID" = "iMesh.AudioCD""InvokeVerb" = "show"HKLM\SOFTWARE\Classes\iMesh.AudioCD\shell\show\Command\(Default) = "C:\PROGRA~1\IMESHA~1\iMesh\iMesh.exe --showdrive %L" ["iMesh, Inc"]MSWPDShellNamespaceHandler\"Provider" = "@%SystemRoot%\System32\WPDShextRes.dll,-501""CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}""InitCmdLine" = " " -> {HKLM...CLSID} = "WPDShextAutoplay" \LocalServer32\(Default) = "C:\WINDOWS\system32\WPDShextAutoplay.exe" [MS]NeroAutoPlay2CDAudio\"Provider" = "Nero Express""InvokeProgID" = "Nero.AutoPlay2""InvokeVerb" = "HandleCDBurningOnArrival_CDAudio"HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\HandleCDBurningOnArrival_CDAudio\command\(Default) = "C:\Program Files\Ahead\nero\nero.exe /w /New:AudioCD /Drive:%L" ["Ahead Software AG"]NeroAutoPlay2CopyCD\"Provider" = "Nero Express""InvokeProgID" = "Nero.AutoPlay2""InvokeVerb" = "PlayCDAudioOnArrival_CopyCD"HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\PlayCDAudioOnArrival_CopyCD\command\(Default) = "C:\Program Files\Ahead\nero\nero.exe /w /Dialog:DiscCopy /Drive:%L" ["Ahead Software AG"]NeroAutoPlay2DataDisc\"Provider" = "Nero Express""InvokeProgID" = "Nero.AutoPlay2""InvokeVerb" = "HandleCDBurningOnArrival_DataDisc"HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\HandleCDBurningOnArrival_DataDisc\command\(Default) = "C:\Program Files\Ahead\nero\nero.exe /w /New:ISODisc /Drive:%L" ["Ahead Software AG"]NeroAutoPlay2LaunchNeroStartSmart\"Provider" = "Nero StartSmart""InvokeProgID" = "Nero.AutoPlay2""InvokeVerb" = "HandleCDBurningOnArrival_LaunchNeroStartSmart"HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\HandleCDBurningOnArrival_LaunchNeroStartSmart\command\(Default) = "C:\Program Files\Ahead\Nero StartSmart\NeroStartSmart.exe /AutoPlay /Drive:%L" ["Ahead Software AG"]Paint Shop Pro 9ShowPicturesOnArrivalHandler\"Provider" = "Paint Shop Pro 9""InvokeProgID" = "PaintShopPro9.BrowserCacheFile""InvokeVerb" = "open"HKLM\SOFTWARE\Classes\PaintShopPro9.BrowserCacheFile\shell\open\command\(Default) = "C:\PROGRA~1\JASCSO~1\PAINTS~1\PAINTS~1.EXE "/Browse" "%1" ["Jasc Software, Inc."]PDVDPlayCDAudioOnArrival\"Provider" = "PowerDVD""InvokeProgID" = "AudioCD""InvokeVerb" = "PlayWithPowerDVD"HKLM\SOFTWARE\Classes\AudioCD\shell\PlayWithPowerDVD\Command\(Default) = ""C:\Program Files\CyberLink DVD Solution\PowerDVD\PowerDVD.exe" "%L"" ["CyberLink Corp."]PDVDPlayDVDMovieOnArrival\"Provider" = "PowerDVD""InvokeProgID" = "DVD""InvokeVerb" = "PlayWithPowerDVD"HKLM\SOFTWARE\Classes\DVD\shell\PlayWithPowerDVD\Command\(Default) = ""C:\Program Files\CyberLink DVD Solution\PowerDVD\PowerDVD.exe" "%l"" ["CyberLink Corp."]PDVDPlayVCDMovieOnArrival\"Provider" = "PowerDVD""InvokeProgID" = "VCD""InvokeVerb" = "PlayWithPowerDVD"HKLM\SOFTWARE\Classes\VCD\shell\PlayWithPowerDVD\Command\(Default) = ""C:\Program Files\CyberLink DVD Solution\PowerDVD\PowerDVD.exe" "%l"" ["CyberLink Corp."]RPCDBurningOnArrival\"Provider" = "RealPlayer""InvokeProgID" = "RealPlayer.CDBurn.6""InvokeVerb" = "open"HKLM\SOFTWARE\Classes\RealPlayer.CDBurn.6\shell\open\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /burn "%1"" ["RealNetworks, Inc."]RPDeviceOnArrival\"Provider" = "RealPlayer""ProgID" = "RealPlayer.HWEventHandler"HKLM\SOFTWARE\Classes\RealPlayer.HWEventHandler\CLSID\(Default) = "{67E76F1D-BDE2-4052-913C-2752366192D2}" -> {HKLM...CLSID} = "RealNetworks Scheduler" \LocalServer32\(Default) = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -autoplay" ["RealNetworks, Inc."]RPPlayCDAudioOnArrival\"Provider" = "RealPlayer""InvokeProgID" = "RealPlayer.AudioCD.6""InvokeVerb" = "play"HKLM\SOFTWARE\Classes\RealPlayer.AudioCD.6\shell\play\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /play %1 " ["RealNetworks, Inc."]RPPlayDVDMovieOnArrival\"Provider" = "RealPlayer""InvokeProgID" = "RealPlayer.DVD.6""InvokeVerb" = "play"HKLM\SOFTWARE\Classes\RealPlayer.DVD.6\shell\play\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /dvd %1 " ["RealNetworks, Inc."]RPPlayMediaOnArrival\"Provider" = "RealPlayer""InvokeProgID" = "RealPlayer.AutoPlay.6""InvokeVerb" = "open"HKLM\SOFTWARE\Classes\RealPlayer.AutoPlay.6\shell\open\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /autoplay "%1"" ["RealNetworks, Inc."]Startup items in "NZOZ" & "All Users" startup folders:------------------------------------------------------C:\Documents and Settings\All Users\Menu Start\Programy\Autostart"Action Express (OpticPro ST64+)" -> shortcut to: "C:\Program Files\Plustek\OpticPro ST64+\Am32Plus.exe" ["Impacct"]"Logitech Desktop Messenger" -> shortcut to: "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe -startup" ["Logitech Inc."]"Logitech SetPoint" -> shortcut to: "C:\Program Files\Logitech\SetPoint\SetPoint.exe" ["Logitech, Inc."]"Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l" [MS]"Przyspieszenie uruchomienia programu AutoCAD" -> shortcut to: "C:\Program Files\Common Files\Autodesk Shared\acstart16.exe" [null data]Winsock2 Service Provider DLLs:-------------------------------Namespace Service ProvidersHKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]Transport Service ProvidersHKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:%SystemRoot%\system32\mswsock.dll [MS], 01 - 04, 07 - 22%SystemRoot%\system32\rsvpsp.dll [MS], 05 - 06Toolbars, Explorer Bars, Extensions:------------------------------------Explorer BarsHKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\HKLM\SOFTWARE\Classes\CLSID\{85E0B171-04FA-11D1-B7DA-00A0C90348D6}\(Default) = "Statystyki dla ochrony WWW"Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll" ["Kaspersky Lab"]HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Poszukaj"Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL" [MS]Extensions (Tools menu items, main toolbar menu buttons)HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}\"ButtonText" = "Statystyki dla ochrony WWW"{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}\"ButtonText" = "Create Mobile Favorite""CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}" -> {HKLM...CLSID} = "Create Mobile Favorite" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\INetRepl.dll" [MS]{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}\"MenuText" = "Utwórz Ulubione dla urządzenia przenośnego...""CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}" -> {HKLM...CLSID} = "Create Mobile Favorite" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\INetRepl.dll" [MS]{92780B25-18CC-41C8-B9BE-3C9C571A8263}\"ButtonText" = "Research"{E2E2DD38-D088-4134-82B7-F2BA38496583}\"MenuText" = "@xpsp3res.dll,-20001""Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]{FB5F1910-F110-11D2-BB9E-00C04F795683}\"ButtonText" = "Messenger""MenuText" = "Windows Messenger""Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]Running Services (Display Name, Service Name, Path {Service DLL}):------------------------------------------------------------------Firebird Guardian - DefaultInstance, FirebirdGuardianDefaultInstance, "C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe -s" ["FirebirdSQL Project"]Firebird Server - DefaultInstance, FirebirdServerDefaultInstance, "C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe -s" ["FirebirdSQL Project"]Java Quick Starter, JavaQuickStarterService, ""C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"" ["Sun Microsystems, Inc."]Karta wydajności WMI, WmiApSrv, "C:\WINDOWS\system32\wbem\wmiapsrv.exe" [MS]Kaspersky Internet Security 7.0, AVP, ""C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r" ["Kaspersky Lab"]LightScribeService Direct Disc Labeling Service, LightScribeService, ""C:\Program Files\Common Files\LightScribe\LSSrvc.exe"" ["Hewlett-Packard Company"]Netropa NHK Server, nhksrv, "C:\Program Files\Keymaestro\Multimedia Keyboard\nhksrv.exe" [null data]NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]ProtexisLicensing, ProtexisLicensing, "C:\WINDOWS\system32\PSIService.exe" [null data]Symantec Event Manager, ccEvtMgr, ""C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"]Symantec Settings Manager, ccSetMgr, ""C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"" ["Symantec Corporation"]Keyboard Driver Filters:------------------------HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}\"UpperFilters" = <<!>> "msikbd2k" ["Netropa Corporation"]Print Monitors:---------------HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\HPLJ1020LM\Driver = "ZLhp1020.DLL" ["Zenographics, Inc."]---------- (launch time: 2009-02-24 20:39:39)<<!>>: Suspicious data at a malware launch point.+ This report excludes default entries except where indicated.+ To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter.+ To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer "No" at the first message box and "Yes" at the second message box.---------- (total run time: 29 seconds, including 3 seconds for message boxes) ComboFix.txt Startup_Programs__NZOZ_FF85106986__2009_02_24_20.39.39.txt ComboFix.txt Startup_Programs__NZOZ_FF85106986__2009_02_24_20.39.39.txt
Mateusz J. komentarz 24 lutego 2009 komentarz 24 lutego 2009 Ehmm...komputer wyleczony. Jednak podpinasz non stop zainfekowany pendrive lub tego typu urządzenie. Wykonaj to co w drugim poście: http://www.searchengines.pl/Infekcje-z-pen...ych-t94761.html (patrz na Sprawdzanie dysku z niedziałającą opcją Pokaż ukryte)
mlody8mlody komentarz 25 lutego 2009 Autor komentarz 25 lutego 2009 a czym dobrze wyczyscic pendrive? tzn w jaki sposob zeby juz nie mial tej infekcji...
Mateusz J. komentarz 25 lutego 2009 komentarz 25 lutego 2009 na początek flashdisinfector, następnie tak jak napisałem w moim poprzednim poście
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.