x-kom hosting

infostealer.gampass...

mlody8mlody
utworzono
utworzono (edytowane)

witam prawdopobonie to ten wirus...tzn infostealer.gampass... mam plik combo fix`a moze mi ktos powiedziec co dalej? i nie moge wlaczyc zeby widziec pliki ukryte... jesli by mial ktos chec pomoc bym byl wdzieczny..

Mateusz J.
komentarz
komentarz

Proszę pokazać loga z ComboFix.

mlody8mlody
komentarz
komentarz

Prosze tresc txt z combo fix`a

ComboFix 09-02-21.01 - NZOZ 2009-02-23 18:08:32.1 - NTFSx86Microsoft Windows XP Professional  5.1.2600.3.1250.1.1045.18.3327.2753 [GMT 1:00]Uruchomiony z: P:\ComboFix.exe * Utworzono nowy punkt przywracania.(((((((((((((((((((((((((((((((((((((((   Usunięto   ))))))))))))))))))))))))))))))))))))))))))))))))).C:\autorun.infC:\pook.comc:\windows\inetloader.dllc:\windows\system32\nmdfgds0.dllc:\windows\system32\olhrwef.exeD:\Autorun.infD:\pook.comE:\Autorun.infE:\pook.comF:\Autorun.infF:\pook.comG:\Autorun.infG:\pook.comH:\Autorun.infH:\pook.comJ:\Autorun.infJ:\pook.comK:\Autorun.infK:\pook.comL:\Autorun.infL:\pook.comP:\2fiy.batP:\autorun.infP:\pook.com.(((((((((((((((((((((((((   Pliki utworzone od 2009-01-23 do 2009-02-23  ))))))))))))))))))))))))))))))).2009-02-22 21:09 . 2009-02-22 21:09	2,298	--a------	c:\windows\TSCTNDBG.INI2009-02-05 22:29 . 2007-09-03 17:13	393,216	--a------	c:\windows\system32\GDS32.DLL2009-01-25 20:55 . 2009-01-25 20:55	<DIR>	d--------	c:\documents and settings\NZOZ\Dane aplikacji\gtk-2.02009-01-25 20:55 . 2009-01-25 20:55	<DIR>	d--------	c:\documents and settings\NZOZ\.gimp-2.62009-01-25 20:55 . 2009-01-25 20:55	<DIR>	d--------	c:\documents and settings\NZOZ\.gegl-0.02009-01-25 20:50 . 2009-01-25 20:50	410,984	--a------	c:\windows\system32\deploytk.dll.((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-02-23 17:03	---------	d-----w	c:\program files\Common Files\Symantec Shared2009-02-23 15:52	---------	d-----w	c:\program files\lg_fwupdate2009-02-22 20:02	---------	d-----w	c:\program files\ZAR2009-02-22 19:25	---------	d-----w	c:\program files\TomTom HOME2009-02-15 18:54	---------	d-----w	c:\program files\Norton Internet Security2009-02-09 22:18	---------	d-----w	c:\documents and settings\NZOZ\Dane aplikacji\OpenOffice.org22009-02-09 21:31	---------	d-----w	c:\documents and settings\NZOZ\Dane aplikacji\iMesh2009-02-06 12:06	---------	d-----w	c:\program files\English Translator 32009-02-05 21:29	---------	d-----w	c:\program files\Firebird2009-01-26 20:38	---------	d--h--w	c:\program files\InstallShield Installation Information2009-01-25 19:50	---------	d-----w	c:\program files\Java2009-01-14 18:11	---------	d-----w	c:\program files\Wavin2009-01-08 13:54	59,360	----a-w	c:\documents and settings\NZOZ\Dane aplikacji\GDIPFONTCACHEV1.DAT2009-01-07 21:07	---------	d-----w	c:\documents and settings\NZOZ\Dane aplikacji\Lasersoft Imaging2009-01-06 19:32	16	----a-w	c:\documents and settings\NZOZ\pzpc11.dll2008-12-30 12:16	---------	d-----w	c:\program files\SilverFast Application2008-12-29 21:08	---------	d-----w	c:\program files\Common Files\Corel2008-12-29 17:08	2,516	--sha-w	c:\windows\system32\KGyGaAvL.sys2008-12-29 17:08	---------	d-----w	c:\documents and settings\NZOZ\Dane aplikacji\Corel2008-12-29 17:07	---------	d-----w	c:\program files\Corel2008-12-29 17:07	---------	d-----w	c:\documents and settings\All Users\Dane aplikacji\Corel2008-12-20 23:03	826,368	----a-w	c:\windows\system32\wininet.dll2006-06-23 22:48	32,768	----a-r	c:\windows\inf\UpdateUSB.exe2004-10-01 14:00	40,960	----a-w	c:\program files\Uninstall_CDS.exe2008-09-01 13:48	32,768	--sha-w	c:\windows\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\MSHist012008090120080902\index.dat.(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]"Gadu-Gadu"="j:\jacek zachwieja\gadu;gadu\Gadu-Gadu\gg.exe" [2003-10-02 729088][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"PowerS"="c:\windows\PowerS.exe" [2001-08-03 159800]"WheelMouse"="c:\progra~1\A4Tech\Mouse\Amoumain.exe" [2002-12-27 159744]"MULTIMEDIA KEYBOARD"="c:\program files\Keymaestro\Multimedia Keyboard\MMKeybd.exe" [2002-07-30 176128]"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]"OrderReminder"="c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2006-01-30 98304]"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-25 136600]"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-11-22 180269]"FineReader7NewsReaderPro"="c:\program files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe" [2003-12-10 278528]"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-03-07 8425472]"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-03-07 81920]"RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 32768]"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2005-04-12 229376]"Pilot"="f:\ks\KS-EWD\PILOT.EXE" [2008-10-23 5585920]"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480]"Smart Start UP"="c:\program files\NewSoft\Smart Start UP\PnPDetect.exe" [2006-12-19 104528]"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-01-31 58728]"Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2008-12-09 100056]"VTTimer"="VTTimer.exe" [2006-09-21 c:\windows\system32\VTTimer.exe]"S3Trayp"="S3trayp.exe" [2007-02-06 c:\windows\system32\S3Trayp.exe]"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]"nwiz"="nwiz.exe" [2007-03-07 c:\windows\system32\nwiz.exe]"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 c:\windows\RTHDCPL.exe][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]c:\documents and settings\All Users\Menu Start\Programy\Autostart\Action Express (OpticPro ST64+).lnk - c:\program files\Plustek\OpticPro ST64+\Am32Plus.exe [2008-12-09 143360]Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-11-30 67128]Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-10-13 805392]Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]Przyspieszenie uruchomienia programu AutoCAD.lnk - c:\program files\Common Files\Autodesk Shared\acstart16.exe [2005-03-05 10872][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]2008-05-02 01:42 72208 c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"vidc.xvid"= xvid.dll"vidc.DIV3"= DivXc32.dll"vidc.DIV4"= DivXc32f.dll"vidc.DVX4"= DivX4.dll"msacm.divxa32"= DivXa32.acm[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]@=""[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]--a------ 2003-10-02 13:43 729088 j:\jacek zachwieja\gadu;gadu\Gadu-Gadu\gg.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]--a------ 2008-04-14 18:21 1695232 c:\program files\Messenger\msmsgs.exe[HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusDisableNotify"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]"DisableMonitoring"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="g:\\moto gp2\\Nowy folder\\motogp2.exe"="c:\\Program Files\\BitComet\\BitComet.exe"="j:\\JACEK ZACHWIEJA\\gadu;gadu\\Gadu-Gadu\\gg.exe"="g:\\Half-life\\Half-Life\\hl.exe"="c:\\Program Files\\iMesh Applications\\iMesh\\iMesh.exe"="c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync ServiceR0 ViBus;ViBus;c:\windows\system32\drivers\ViBus.sys [2007-11-17 16896]R0 ViPrt;VIA SATA IDE Device Driver;c:\windows\system32\drivers\ViPrt.sys [2007-11-17 52224]R1 HFSYS;HFSYS;c:\windows\system32\drivers\hfsys.sys [2004-01-12 19732]R1 msikbd2k;Multimedia Keyboard Filter Driver;c:\windows\system32\drivers\Msikbd2k.sys [2007-11-17 6656]R2 BT848;BtCap, WDM Video Capture;c:\windows\system32\drivers\BT848.SYS [2007-11-17 99206]R2 BTTUNER;BtTuner, WDM TV Tuner;c:\windows\system32\drivers\Bttuner.sys [2007-11-17 13898]R2 BTXBAR;BtXBar, WDM Crossbar;c:\windows\system32\drivers\Btxbar.sys [2007-11-17 6872]R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_2_0\bin\fbguard.exe -s --> c:\program files\Firebird\Firebird_2_0\bin\fbguard.exe -s [?]R2 Harmonogram automatycznej usługi LiveUpdate;Harmonogram automatycznej usługi LiveUpdate;c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe [2008-12-09 100032]R2 nhksrv;Netropa NHK Server;c:\program files\Keymaestro\Multimedia Keyboard\nhksrv.exe [2007-11-17 28672]R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [2007-11-30 38656]R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_2_0\bin\fbserver.exe -s --> c:\program files\Firebird\Firebird_2_0\bin\fbserver.exe -s [?]S2 BulkUsb;Plustek USB Scanner;c:\windows\system32\drivers\usbscan.sys [2007-11-17 15104]S3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:\windows\system32\drivers\Amps2prt.sys [2003-01-10 9728]S3 RTCore32;RTCore32;j:\jacek zachwieja\rmma38bin\RTCore32.sys [2008-04-12 4608]S3 S3GIGP;S3GIGP;c:\windows\system32\drivers\S3gIGPm.sys [2007-11-17 709632]S3 w200bus;Sony Ericsson W200 driver (WDM);c:\windows\system32\drivers\w200bus.sys [2007-12-05 61504]S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;c:\windows\system32\drivers\w200mdfl.sys [2007-12-05 9328]S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;c:\windows\system32\drivers\w200mdm.sys [2007-12-05 97056]S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\w200mgmt.sys [2007-12-05 88560]S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;c:\windows\system32\drivers\w200obex.sys [2007-12-05 86368][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{027bb78a-f8fb-11dd-8e59-001d60c3b4c8}]\Shell\AutoRun\command - P:\pook.com\Shell\open\Command - P:\pook.com[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5b295b6d-a0d5-11dc-874e-001d60c3b4c8}]\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe\Shell\Open(&0)\command - Recycled\ctfmon.exe.Zawartość folderu 'Zaplanowane zadania'2009-02-06 c:\windows\Tasks\Norton AntiVirus - Skanuj komputer - NZOZ.job- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2005-11-17 12:27].- - - - USUNIĘTO PUSTE WPISY - - - -HKCU-Run-cdoosoft - c:\windows\system32\olhrwef.exeHKCU-Run-PowerBar - (no file).------- Skan uzupełniający -------.uStart Page = hxxp://www.wp.pl/IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll.**************************************************************************catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-02-23 18:09:40Windows 5.1.2600 Dodatek Service Pack 3 NTFSskanowanie ukrytych procesów ...  skanowanie ukrytych wpisów autostartu ... HKCU\Software\Microsoft\Windows\CurrentVersion\Run  PowerBar = ????????????l?@?l?@?D?????6~??????????????6~l?@?l?@????? ???????????W?9~??6~??????6~K?6~x???????[?6~???????? ??????????????|x???0???????????0y????6~????????????????XS??????]???????l?@?l?@?????Q?7~????t?@?????l?@?8?@?l?@?3??s????????????????????8?@?_??s8?@?8?@ skanowanie ukrytych plików ...  skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************.--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------[HKEY_USERS\S-1-5-21-1078081533-688789844-1801674531-1003\Software\Microsoft\SystemCertificates\AddressBook*]@Allowed: (Read) (RestrictedCode)@Allowed: (Read) (RestrictedCode)[HKEY_USERS\S-1-5-21-1078081533-688789844-1801674531-1003\Software\SecuROM\License information*]"datasecu"=hex:6c,d6,c9,58,cc,7b,08,a0,4b,87,1e,bc,57,76,63,58,b7,7b,6e,96,a1,   7b,6c,c4,28,88,57,47,fe,f1,e8,d1,9b,b5,9b,0c,1b,52,02,43,3d,0b,e9,b9,eb,fb,\"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb.--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------- - - - - - - > 'winlogon.exe'(860)c:\program files\common files\logitech\bluetooth\LBTWlgn.dllc:\program files\common files\logitech\bluetooth\LBTServ.dll.Czas ukończenia: 2009-02-23 18:10:36ComboFix-quarantined-files.txt  2009-02-23 17:10:34Przed: 31 851 626 496 bajtów wolnychPo: 32,859,758,592 bajtów wolnychWindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe[boot loader]timeout=2default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS[operating systems]c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdconsmulti(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect226	--- E O F ---	2009-02-11 21:06:44

//Używaj tagów

 dla treści logów.

//piku[/color]

ComboFix.txt

ComboFix.txt

Mateusz J.
komentarz
komentarz

Usuń folder c:\QooBox.

Przeczyść swojego pendrive, to z niego pochodzi infekcja.

Do notatnika wklej:

Windows Registry Editor Version 5.00[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]

Plik ==> Zapisz jako ==> Zmień rozszerzenie na Wszystkie pliki ==> Zapisz pod nazwą FIX.REG

Uruchom utworzony plik FIX.REG i potwierdź dodanie do Rejestru i zresetuj komputer.

mlody8mlody
komentarz
komentarz

zrobilem to ale nie moge teraz wlaczyc zeby widziec pliki ukryte... czy cos jeszcze moze byc?

Mateusz J.
komentarz
komentarz

Wykonaj nowy log z ComboFix + log z Silent Runners.

mlody8mlody
komentarz
komentarz

combofix:

ComboFix 09-02-21.01 - NZOZ 2009-02-24 19:58:01.2 - NTFSx86Microsoft Windows XP Professional  5.1.2600.3.1250.1.1045.18.3327.2623 [GMT 1:00]Uruchomiony z: c:\documents and settings\NZOZ\Pulpit\ComboFix.exeAV: Kaspersky Internet Security *On-access scanning enabled* (Updated)AV: Norton Internet Security *On-access scanning enabled* (Updated)FW: Kaspersky Internet Security *enabled*FW: Norton Internet Security *enabled* * Resident AV is active.(((((((((((((((((((((((((((((((((((((((   Usunięto   ))))))))))))))))))))))))))))))))))))))))))))))))).C:\2fiy.batC:\autorun.infc:\windows\system32\nmdfgds0.dllc:\windows\system32\olhrwef.exeD:\2fiy.batD:\Autorun.infE:\2fiy.batE:\Autorun.infF:\2fiy.batF:\Autorun.infG:\2fiy.batG:\Autorun.infH:\2fiy.batH:\Autorun.infI:\2fiy.batI:\Autorun.infJ:\2fiy.batJ:\Autorun.infK:\2fiy.batK:\Autorun.infL:\2fiy.batL:\Autorun.infP:\2fiy.batP:\autorun.inf.(((((((((((((((((((((((((   Pliki utworzone od 2009-01-24 do 2009-02-24  ))))))))))))))))))))))))))))))).2009-02-24 16:39 . 2009-02-24 16:39	<DIR>	d--------	C:\Temp2009-02-23 21:46 . 2009-02-23 21:46	<DIR>	d--------	c:\program files\Kaspersky Lab2009-02-23 21:46 . 2009-02-24 20:04	<DIR>	d--------	c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab2009-02-23 21:46 . 2009-02-24 20:03	7,220,000	--ahs----	c:\windows\system32\drivers\fidbox.dat2009-02-23 21:46 . 2009-02-24 20:01	113,120	--ahs----	c:\windows\system32\drivers\fidbox.idx2009-02-23 21:46 . 2009-02-23 22:11	101,287	--a------	c:\windows\system32\drivers\klin.dat2009-02-23 21:46 . 2009-02-23 22:11	89,601	--a------	c:\windows\system32\drivers\klick.dat2009-02-23 21:46 . 2009-02-24 20:04	23,840	--ahs----	c:\windows\system32\drivers\fidbox2.dat2009-02-23 21:46 . 2009-02-24 20:01	12,632	--ahs----	c:\windows\system32\drivers\fidbox2.idx2009-02-23 21:45 . 2009-02-23 21:45	<DIR>	d--------	c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files2009-02-23 19:56 . 2009-02-23 19:56	2,899	--a------	c:\windows\hfxp.INI2009-02-22 21:09 . 2009-02-24 17:42	2,298	--a------	c:\windows\TSCTNDBG.INI2009-02-05 22:29 . 2007-09-03 17:13	393,216	--a------	c:\windows\system32\GDS32.DLL2009-01-25 20:55 . 2009-01-25 20:55	<DIR>	d--------	c:\documents and settings\NZOZ\Dane aplikacji\gtk-2.02009-01-25 20:55 . 2009-01-25 20:55	<DIR>	d--------	c:\documents and settings\NZOZ\.gimp-2.62009-01-25 20:55 . 2009-01-25 20:55	<DIR>	d--------	c:\documents and settings\NZOZ\.gegl-0.02009-01-25 20:50 . 2009-01-25 20:50	410,984	--a------	c:\windows\system32\deploytk.dll.((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-02-24 19:03	---------	d-----w	c:\program files\lg_fwupdate2009-02-23 21:11	112,144	----a-w	c:\windows\system32\drivers\kl1.sys2009-02-23 19:56	---------	d-----w	c:\documents and settings\All Users\Dane aplikacji\Symantec2009-02-23 19:11	---------	d-----w	c:\program files\English Translator 32009-02-23 18:54	---------	d-----w	c:\program files\Common Files\Symantec Shared2009-02-23 18:04	16	----a-w	c:\documents and settings\NZOZ\pzpc11.dll2009-02-22 20:02	---------	d-----w	c:\program files\ZAR2009-02-22 19:25	---------	d-----w	c:\program files\TomTom HOME2009-02-09 22:18	---------	d-----w	c:\documents and settings\NZOZ\Dane aplikacji\OpenOffice.org22009-02-09 21:31	---------	d-----w	c:\documents and settings\NZOZ\Dane aplikacji\iMesh2009-02-05 21:29	---------	d-----w	c:\program files\Firebird2009-01-26 20:38	---------	d--h--w	c:\program files\InstallShield Installation Information2009-01-25 19:50	---------	d-----w	c:\program files\Java2009-01-14 18:11	---------	d-----w	c:\program files\Wavin2009-01-08 13:54	59,360	----a-w	c:\documents and settings\NZOZ\Dane aplikacji\GDIPFONTCACHEV1.DAT2009-01-07 21:07	---------	d-----w	c:\documents and settings\NZOZ\Dane aplikacji\Lasersoft Imaging2008-12-30 12:16	---------	d-----w	c:\program files\SilverFast Application2008-12-29 21:08	---------	d-----w	c:\program files\Common Files\Corel2008-12-29 17:08	2,516	--sha-w	c:\windows\system32\KGyGaAvL.sys2008-12-29 17:08	---------	d-----w	c:\documents and settings\NZOZ\Dane aplikacji\Corel2008-12-29 17:07	---------	d-----w	c:\program files\Corel2008-12-29 17:07	---------	d-----w	c:\documents and settings\All Users\Dane aplikacji\Corel2008-12-20 23:03	826,368	----a-w	c:\windows\system32\wininet.dll2006-06-23 22:48	32,768	----a-r	c:\windows\inf\UpdateUSB.exe2004-10-01 14:00	40,960	----a-w	c:\program files\Uninstall_CDS.exe2008-09-01 13:48	32,768	--sha-w	c:\windows\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\MSHist012008090120080902\index.dat.(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]"Gadu-Gadu"="j:\jacek zachwieja\gadu;gadu\Gadu-Gadu\gg.exe" [2003-10-02 729088][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"PowerS"="c:\windows\PowerS.exe" [2001-08-03 159800]"WheelMouse"="c:\progra~1\A4Tech\Mouse\Amoumain.exe" [2002-12-27 159744]"MULTIMEDIA KEYBOARD"="c:\program files\Keymaestro\Multimedia Keyboard\MMKeybd.exe" [2002-07-30 176128]"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]"OrderReminder"="c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2006-01-30 98304]"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-25 136600]"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-11-22 180269]"FineReader7NewsReaderPro"="c:\program files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe" [2003-12-10 278528]"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-03-07 8425472]"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-03-07 81920]"RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 32768]"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2005-04-12 229376]"Pilot"="f:\ks\KS-EWD\PILOT.EXE" [2008-10-23 5585920]"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480]"Smart Start UP"="c:\program files\NewSoft\Smart Start UP\PnPDetect.exe" [2006-12-19 104528]"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2004-09-17 58488]"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 218376]"VTTimer"="VTTimer.exe" [2006-09-21 c:\windows\system32\VTTimer.exe]"S3Trayp"="S3trayp.exe" [2007-02-06 c:\windows\system32\S3Trayp.exe]"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]"nwiz"="nwiz.exe" [2007-03-07 c:\windows\system32\nwiz.exe]"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 c:\windows\RTHDCPL.exe][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]c:\documents and settings\All Users\Menu Start\Programy\Autostart\Action Express (OpticPro ST64+).lnk - c:\program files\Plustek\OpticPro ST64+\Am32Plus.exe [2008-12-09 143360]Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-11-30 67128]Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-10-13 805392]Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]Przyspieszenie uruchomienia programu AutoCAD.lnk - c:\program files\Common Files\Autodesk Shared\acstart16.exe [2005-03-05 10872][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]2008-05-02 01:42 72208 c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"vidc.xvid"= xvid.dll"vidc.DIV3"= DivXc32.dll"vidc.DIV4"= DivXc32f.dll"vidc.DVX4"= DivX4.dll"msacm.divxa32"= DivXa32.acm[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]@=""[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]--a------ 2003-10-02 13:43 729088 j:\jacek zachwieja\gadu;gadu\Gadu-Gadu\gg.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]--a------ 2008-04-14 18:21 1695232 c:\program files\Messenger\msmsgs.exe[HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusDisableNotify"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]"DisableMonitoring"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]"DisableMonitoring"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="g:\\moto gp2\\Nowy folder\\motogp2.exe"="c:\\Program Files\\BitComet\\BitComet.exe"="j:\\JACEK ZACHWIEJA\\gadu;gadu\\Gadu-Gadu\\gg.exe"="g:\\Half-life\\Half-Life\\hl.exe"="c:\\Program Files\\iMesh Applications\\iMesh\\iMesh.exe"="c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync ServiceR0 ViBus;ViBus;c:\windows\system32\drivers\ViBus.sys [2007-11-17 16896]R0 ViPrt;VIA SATA IDE Device Driver;c:\windows\system32\drivers\ViPrt.sys [2007-11-17 52224]R1 HFSYS;HFSYS;c:\windows\system32\drivers\hfsys.sys [2004-01-12 19732]R1 msikbd2k;Multimedia Keyboard Filter Driver;c:\windows\system32\drivers\Msikbd2k.sys [2007-11-17 6656]R2 BT848;BtCap, WDM Video Capture;c:\windows\system32\drivers\BT848.SYS [2007-11-17 99206]R2 BTTUNER;BtTuner, WDM TV Tuner;c:\windows\system32\drivers\Bttuner.sys [2007-11-17 13898]R2 BTXBAR;BtXBar, WDM Crossbar;c:\windows\system32\drivers\Btxbar.sys [2007-11-17 6872]R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_2_0\bin\fbguard.exe -s --> c:\program files\Firebird\Firebird_2_0\bin\fbguard.exe -s [?]R2 nhksrv;Netropa NHK Server;c:\program files\Keymaestro\Multimedia Keyboard\nhksrv.exe [2007-11-17 28672]R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [2007-11-30 38656]R3 dTVdrvNT;dTVdrvNT;c:\program files\Prolink\PlayTV Pro\DTVdrvNT.sys [2007-11-17 12188]R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_2_0\bin\fbserver.exe -s --> c:\program files\Firebird\Firebird_2_0\bin\fbserver.exe -s [?]R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2007-04-04 24344]S2 BulkUsb;Plustek USB Scanner;c:\windows\system32\drivers\usbscan.sys [2007-11-17 15104]S2 Harmonogram automatycznej usługi LiveUpdate;Harmonogram automatycznej usługi LiveUpdate;"c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" --> c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [?]S3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:\windows\system32\drivers\Amps2prt.sys [2003-01-10 9728]S3 AVPsys;AVPsys;\??\c:\windows\system32\drivers\cdaudio.sys --> c:\windows\system32\drivers\cdaudio.sys [?]S3 RTCore32;RTCore32;j:\jacek zachwieja\rmma38bin\RTCore32.sys [2008-04-12 4608]S3 S3GIGP;S3GIGP;c:\windows\system32\drivers\S3gIGPm.sys [2007-11-17 709632]S3 w200bus;Sony Ericsson W200 driver (WDM);c:\windows\system32\drivers\w200bus.sys [2007-12-05 61504]S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;c:\windows\system32\drivers\w200mdfl.sys [2007-12-05 9328]S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;c:\windows\system32\drivers\w200mdm.sys [2007-12-05 97056]S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\w200mgmt.sys [2007-12-05 88560]S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;c:\windows\system32\drivers\w200obex.sys [2007-12-05 86368]--- Inne Usługi/Sterowniki w Pamięci ---*NewlyCreated* - DTVDRVNT.- - - - USUNIĘTO PUSTE WPISY - - - -HKCU-Run-cdoosoft - c:\windows\system32\olhrwef.exe.------- Skan uzupełniający -------.uStart Page = hxxp://www.wp.pl/IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll.**************************************************************************catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-02-24 20:02:49Windows 5.1.2600 Dodatek Service Pack 3 NTFSskanowanie ukrytych procesów ...  skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ...  skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************.--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------[HKEY_USERS\S-1-5-21-1078081533-688789844-1801674531-1003\Software\Microsoft\SystemCertificates\AddressBook*]@Allowed: (Read) (RestrictedCode)@Allowed: (Read) (RestrictedCode)[HKEY_USERS\S-1-5-21-1078081533-688789844-1801674531-1003\Software\SecuROM\License information*]"datasecu"=hex:6c,d6,c9,58,cc,7b,08,a0,4b,87,1e,bc,57,76,63,58,b7,7b,6e,96,a1,   7b,6c,c4,28,88,57,47,fe,f1,e8,d1,9b,b5,9b,0c,1b,52,02,43,3d,0b,e9,b9,eb,fb,\"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb.--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------- - - - - - - > 'winlogon.exe'(1224)c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dllc:\windows\system32\klogon.dllc:\program files\common files\logitech\bluetooth\LBTWlgn.dllc:\program files\common files\logitech\bluetooth\LBTServ.dll- - - - - - - > 'lsass.exe'(1284)c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dllc:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll.------------------------ Pozostałe uruchomione procesy ------------------------.c:\program files\Common Files\Symantec Shared\ccSetMgr.exec:\program files\Common Files\Symantec Shared\ccEvtMgr.exec:\program files\Firebird\Firebird_2_0\bin\fbguard.exec:\program files\Java\jre6\bin\jqs.exec:\program files\Common Files\LightScribe\LSSrvc.exec:\windows\system32\nvsvc32.exec:\windows\system32\PSIService.exec:\program files\Keymaestro\Multimedia Keyboard\Traymon.exec:\program files\Keymaestro\Onscreen Display\osd.exec:\windows\system32\rundll32.exec:\windows\system32\spool\drivers\w32x86\3\WrtProc.exec:\progra~1\MICROS~3\rapimgr.exec:\program files\Firebird\Firebird_2_0\bin\fbserver.exec:\windows\system32\wbem\wmiapsrv.exec:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exec:\program files\Prolink\PlayTV Pro\PIXELTV.EXE.**************************************************************************.Czas ukończenia: 2009-02-24 20:06:49 - komputer został uruchomiony ponownieComboFix-quarantined-files.txt  2009-02-24 19:06:46ComboFix2.txt  2009-02-23 17:10:37Przed: 31 144 103 936 bajtów wolnychPo: 30,986,694,656 bajtów wolnych256	--- E O F ---	2009-02-11 21:06:44

silent runners.:

"Silent Runners.vbs", revision 59, http://www.silentrunners.org/Operating System: Windows XPOutput limited to non-default values, except where indicated by "{++}"Startup items buried in registry:---------------------------------HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]"H/PC Connection Agent" = ""C:\Program Files\Microsoft ActiveSync\wcescomm.exe"" [MS]"Gadu-Gadu" = ""J:\JACEK ZACHWIEJA\gadu;gadu\Gadu-Gadu\gg.exe" /tray" ["sms-express.com"]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}"VTTimer" = "VTTimer.exe" ["S3 Graphics, Inc."]"S3Trayp" = "S3trayp.exe" ["S3 Graphics Co., Ltd."]"PowerS" = "C:\WINDOWS\PowerS.exe" ["prolink"]"WheelMouse" = "C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe" ["A4Tech Co.,Ltd."]"MULTIMEDIA KEYBOARD" = "C:\Program Files\Keymaestro\Multimedia Keyboard\MMKeybd.exe" ["Netropa Corp."]"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]"OrderReminder" = "C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe" ["Hewlett-Packard"]"SunJavaUpdateSched" = ""C:\Program Files\Java\jre6\bin\jusched.exe"" ["Sun Microsystems, Inc."]"TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot" ["RealNetworks, Inc."]"FineReader7NewsReaderPro" = ""C:\Program Files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe"" ["ABBYY (BIT Software)"]"Kernel and Hardware Abstraction Layer" = "KHALMNPR.EXE" ["Logitech, Inc."]"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]"RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."]"RemoteControl" = ""C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"" ["Cyberlink Corp."]"LGODDFU" = ""C:\Program Files\lg_fwupdate\fwupdate.exe"" [null data]"Pilot" = "F:\KS\KS-EWD\PILOT.EXE" ["P.I.KAMSOFT"]"WrtMon.exe" = "C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe" [empty string]"Smart Start UP" = "C:\Program Files\NewSoft\Smart Start UP\PnPDetect.exe /Automation " ["NewSoft Technology Corporation"]"ccApp" = ""C:\Program Files\Common Files\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]"AVP" = ""C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"" ["Kaspersky Lab"]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)  -> {HKLM...CLSID} = "AcroIEHlprObj Class"				   \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx" [empty string]{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)  -> {HKLM...CLSID} = "Java Plug-In SSV Helper"				   \InProcServer32\(Default) = "C:\Program Files\Java\jre6\bin\ssv.dll" ["Sun Microsystems, Inc."]{DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)  -> {HKLM...CLSID} = "Java Plug-In 2 SSV Helper"				   \InProcServer32\(Default) = "C:\Program Files\Java\jre6\bin\jp2ssv.dll" ["Sun Microsystems, Inc."]{E7E6F031-17CE-4C07-BC86-EABFE594F69C}\(Default) = "JQSIEStartDetectorImpl"  -> {HKLM...CLSID} = "JQSIEStartDetectorImpl Class"				   \InProcServer32\(Default) = "C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll" ["Sun Microsystems, Inc."]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"				   \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"  -> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook"				   \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"  -> {HKLM...CLSID} = (no title provided)				   \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]"{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx"  -> {HKLM...CLSID} = "AlcoholShellEx"				   \InProcServer32\(Default) = "C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll" ["Alcohol Soft Development Team"]"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"  -> {HKLM...CLSID} = "WinRAR"				   \InProcServer32\(Default) = "C:\Program Files\WINRAR\rarext.dll" [null data]"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"  -> {HKLM...CLSID} = "RealOne Player Context Menu Class"				   \InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]"{DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C}" = "Logitech Setpoint Extension"  -> {HKLM...CLSID} = "KbLogiExt Class"				   \InProcServer32\(Default) = "C:\Program Files\Logitech\SetPoint\kbcplext.dll" ["Logitech, Inc."]"{B9B9F083-2B04-452A-8691-83694AC1037B}" = "Logitech Setpoint Extension"  -> {HKLM...CLSID} = "LogiExt Class"				   \InProcServer32\(Default) = "C:\Program Files\Logitech\SetPoint\mcplext.dll" ["Logitech, Inc."]"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"  -> {HKLM...CLSID} = "DesktopContext Class"				   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"  -> {HKLM...CLSID} = "NVIDIA CPL Extension"				   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"  -> {HKLM...CLSID} = "Desktop Explorer"				   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"  -> {HKLM...CLSID} = (no title provided)				   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"  -> {HKLM...CLSID} = "nView Desktop Context Menu"				   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]"{23170F69-40C1-278A-1000-000100020000}" = "7-Zip Shell Extension"  -> {HKLM...CLSID} = "7-Zip Shell Extension"				   \InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"]"{49BF5420-FA7F-11cf-8011-00A0C90A8F78}" = "Mobile Device"  -> {HKLM...CLSID} = "Urządzenie przenośne"				   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Wcesview.dll" [MS]"{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler"  -> {HKLM...CLSID} = "Microsoft Office Metadata Handler"				   \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]"{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler"  -> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler"				   \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]"{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" = "OpenOffice.org Column Handler"  -> {HKLM...CLSID} = (no title provided)				   \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]"{087B3AE3-E237-4467-B8DB-5A38AB959AC9}" = "OpenOffice.org Infotip Handler"  -> {HKLM...CLSID} = (no title provided)				   \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]"{63542C48-9552-494A-84F7-73AA6A7C99C1}" = "OpenOffice.org Property Sheet Handler"  -> {HKLM...CLSID} = (no title provided)				   \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]"{3B092F0C-7696-40E3-A80F-68D74DA84210}" = "OpenOffice.org Thumbnail Viewer"  -> {HKLM...CLSID} = (no title provided)				   \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]"{83903CAB-2FC1-40f6-8B82-DF123A5FB9E3}" = "ABBYYPDFContextMenuExtension"  -> {HKLM...CLSID} = "AbbyyPDF.PDFShellExtension.1"				   \InProcServer32\(Default) = "C:\Program Files\ABBYY PDF Transformer 1.0\PDFShellExtension.dll" ["ABBYY (BIT Software)"]"{AC1DB655-4F9A-4c39-8AD2-A65324A4C446}" = "Autodesk Drawing Preview"  -> {HKLM...CLSID} = "ACTHUMBNAIL"				   \InProcServer32\(Default) = "C:\Program Files\Common Files\Autodesk Shared\Thumbnail\AcThumbnail16.dll" ["Autodesk"]"{36A21736-36C2-4C11-8ACB-D4136F2B57BD}" = "Uchwyt nakładania ikony podpisu cyfrowego"  -> {HKLM...CLSID} = "AcSignIcon"				   \InProcServer32\(Default) = "C:\WINDOWS\system32\AcSignIcon.dll" ["Autodesk"]"{6DEA92E9-8682-4b6a-97DE-354772FE5727}" = "Autodesk DWF Preview"  -> {HKLM...CLSID} = "ACDWFTHMBPRXY"				   \InProcServer32\(Default) = "C:\Program Files\Common Files\Autodesk Shared\Thumbnail\AcDwfThmbPrxy16.dll" ["Autodesk"]"{85E0B171-04FA-11D1-B7DA-00A0C90348D6}" = "Statystyki dla ochrony WWW"  -> {HKLM...CLSID} = "Statystyki dla ochrony WWW"				   \InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll" ["Kaspersky Lab"]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"  -> {HKLM...CLSID} = "WPDShServiceObj Class"				   \InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\<<!>> klogon\DLLName = "C:\WINDOWS\system32\klogon.dll" ["Kaspersky Lab"]<<!>> LBTWlgn\DLLName = "c:\program files\common files\logitech\bluetooth\LBTWlgn.dll" ["Logitech, Inc."]HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\<<!>> text/xml\CLSID = "{807563E5-5146-11D5-A672-00B0D022E945}"  -> {HKLM...CLSID} = "Microsoft Office InfoPath XML Mime Filter"				   \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL" [MS]HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\(Default) = "OpenOffice.org Column Handler"  -> {HKLM...CLSID} = (no title provided)				   \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"  -> {HKLM...CLSID} = "7-Zip Shell Extension"				   \InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"]ABBYYPDFContextMenuExtension\(Default) = "{83903CAB-2FC1-40f6-8B82-DF123A5FB9E3}"  -> {HKLM...CLSID} = "AbbyyPDF.PDFShellExtension.1"				   \InProcServer32\(Default) = "C:\Program Files\ABBYY PDF Transformer 1.0\PDFShellExtension.dll" ["ABBYY (BIT Software)"]Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"  -> {HKLM...CLSID} = (no title provided)				   \InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ShellEx.dll" ["Kaspersky Lab"]WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"  -> {HKLM...CLSID} = "WinRAR"				   \InProcServer32\(Default) = "C:\Program Files\WINRAR\rarext.dll" [null data]HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"  -> {HKLM...CLSID} = "7-Zip Shell Extension"				   \InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"]WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"  -> {HKLM...CLSID} = "WinRAR"				   \InProcServer32\(Default) = "C:\Program Files\WINRAR\rarext.dll" [null data]HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\FineReader\(Default) = "{AC0DD14A-8F29-4F88-BE1D-0F0ED1B06C9F}"  -> {HKLM...CLSID} = "FineReaderExplorerContextMenuHandler"				   \InProcServer32\(Default) = "c:\program files\abbyy finereader 7.0 professional edition\fecmenu.dll" ["ABBYY (BIT Software)"]Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"  -> {HKLM...CLSID} = (no title provided)				   \InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ShellEx.dll" ["Kaspersky Lab"]WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"  -> {HKLM...CLSID} = "WinRAR"				   \InProcServer32\(Default) = "C:\Program Files\WINRAR\rarext.dll" [null data]Default executables:--------------------<<!>> HKLM\SOFTWARE\Classes\.com\(Default) = "ComFile"<<!>> HKCU\Software\Classes\.scr\(Default) = "AutoCADScriptFile"<<!>> HKCU\Software\Classes\AutoCADScriptFile\shell\open\command\(Default) = ""C:\WINDOWS\system32\notepad.exe" "%1"" [MS]Group Policies {GPedit.msc branch and setting}:-----------------------------------------------Note: detected settings may not have any effect.HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\"NoDrives" = (REG_DWORD) dword:0x00000000{unrecognized setting}HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\"NoDrives" = (REG_DWORD) dword:0x00000000{unrecognized setting}HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|Shutdown: Allow system to be shut down without having to log on}"undockwithoutlogon" = (REG_DWORD) dword:0x00000001{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|Devices: Allow undock without having to log on}"DisableRegistryTools" = (REG_DWORD) dword:0x00000000{unrecognized setting}Active Desktop and Wallpaper:-----------------------------Active Desktop may be disabled at this entry:HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellStateDisplayed if Active Desktop enabled and wallpaper not set by Group Policy:HKCU\Software\Microsoft\Internet Explorer\Desktop\General\"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"Displayed if Active Desktop disabled and wallpaper not set by Group Policy:HKCU\Control Panel\Desktop\"Wallpaper" = "C:\Documents and Settings\NZOZ\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"Windows Portable Device AutoPlay Handlers-----------------------------------------HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\AlcoholAutoPlayV2.BurnDisc\"Provider" = "Alcohol 120%""InvokeProgID" = "AlcoholAutoPlayV2""InvokeVerb" = "BurnDisc"HKLM\SOFTWARE\Classes\AlcoholAutoPlayV2\shell\BurnDisc\command\(Default) = ""C:\Program Files\Alcohol Soft\Alcohol 120\Alcohol.exe" %1" ["Alcohol Soft Development Team"]AlcoholAutoPlayV2.ReadDisc\"Provider" = "Alcohol 120%""InvokeProgID" = "AlcoholAutoPlayV2""InvokeVerb" = "ReadDisc"HKLM\SOFTWARE\Classes\AlcoholAutoPlayV2\shell\ReadDisc\command\(Default) = ""C:\Program Files\Alcohol Soft\Alcohol 120\Alcohol.exe" %1" ["Alcohol Soft Development Team"]IMMediaPlayerOnArrival\"Provider" = "iMesh""ProgID" = "iMesh.LauncherEventHandler"HKLM\SOFTWARE\Classes\iMesh.LauncherEventHandler\CLSID\(Default) = "{2C353E32-B8AC-4B82-B988-4C2D3394388A}"  -> {HKLM...CLSID} = "CLauncherEventHandler Object"				   \LocalServer32\(Default) = ""C:\PROGRA~1\IMESHA~1\iMesh\Launcher.exe"" ["iMesh Inc."]IMPlayCDAudioOnArrival\"Provider" = "iMesh""InvokeProgID" = "iMesh.AudioCD""InvokeVerb" = "play"HKLM\SOFTWARE\Classes\iMesh.AudioCD\shell\play\Command\(Default) = "C:\PROGRA~1\IMESHA~1\iMesh\iMesh.exe --playdrive %L" ["iMesh, Inc"]IMRipCDAudioOnArrival\"Provider" = "iMesh""InvokeProgID" = "iMesh.AudioCD""InvokeVerb" = "rip"HKLM\SOFTWARE\Classes\iMesh.AudioCD\shell\rip\Command\(Default) = "C:\PROGRA~1\IMESHA~1\iMesh\iMesh.exe --ripdrive %L" ["iMesh, Inc"]IMShowCDAudioOnArrival\"Provider" = "iMesh""InvokeProgID" = "iMesh.AudioCD""InvokeVerb" = "show"HKLM\SOFTWARE\Classes\iMesh.AudioCD\shell\show\Command\(Default) = "C:\PROGRA~1\IMESHA~1\iMesh\iMesh.exe --showdrive %L" ["iMesh, Inc"]MSWPDShellNamespaceHandler\"Provider" = "@%SystemRoot%\System32\WPDShextRes.dll,-501""CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}""InitCmdLine" = " "  -> {HKLM...CLSID} = "WPDShextAutoplay"				   \LocalServer32\(Default) = "C:\WINDOWS\system32\WPDShextAutoplay.exe" [MS]NeroAutoPlay2CDAudio\"Provider" = "Nero Express""InvokeProgID" = "Nero.AutoPlay2""InvokeVerb" = "HandleCDBurningOnArrival_CDAudio"HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\HandleCDBurningOnArrival_CDAudio\command\(Default) = "C:\Program Files\Ahead\nero\nero.exe /w /New:AudioCD /Drive:%L" ["Ahead Software AG"]NeroAutoPlay2CopyCD\"Provider" = "Nero Express""InvokeProgID" = "Nero.AutoPlay2""InvokeVerb" = "PlayCDAudioOnArrival_CopyCD"HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\PlayCDAudioOnArrival_CopyCD\command\(Default) = "C:\Program Files\Ahead\nero\nero.exe /w /Dialog:DiscCopy /Drive:%L" ["Ahead Software AG"]NeroAutoPlay2DataDisc\"Provider" = "Nero Express""InvokeProgID" = "Nero.AutoPlay2""InvokeVerb" = "HandleCDBurningOnArrival_DataDisc"HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\HandleCDBurningOnArrival_DataDisc\command\(Default) = "C:\Program Files\Ahead\nero\nero.exe /w /New:ISODisc /Drive:%L" ["Ahead Software AG"]NeroAutoPlay2LaunchNeroStartSmart\"Provider" = "Nero StartSmart""InvokeProgID" = "Nero.AutoPlay2""InvokeVerb" = "HandleCDBurningOnArrival_LaunchNeroStartSmart"HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\HandleCDBurningOnArrival_LaunchNeroStartSmart\command\(Default) = "C:\Program Files\Ahead\Nero StartSmart\NeroStartSmart.exe /AutoPlay /Drive:%L" ["Ahead Software AG"]Paint Shop Pro 9ShowPicturesOnArrivalHandler\"Provider" = "Paint Shop Pro 9""InvokeProgID" = "PaintShopPro9.BrowserCacheFile""InvokeVerb" = "open"HKLM\SOFTWARE\Classes\PaintShopPro9.BrowserCacheFile\shell\open\command\(Default) = "C:\PROGRA~1\JASCSO~1\PAINTS~1\PAINTS~1.EXE "/Browse" "%1" ["Jasc Software, Inc."]PDVDPlayCDAudioOnArrival\"Provider" = "PowerDVD""InvokeProgID" = "AudioCD""InvokeVerb" = "PlayWithPowerDVD"HKLM\SOFTWARE\Classes\AudioCD\shell\PlayWithPowerDVD\Command\(Default) = ""C:\Program Files\CyberLink DVD Solution\PowerDVD\PowerDVD.exe" "%L"" ["CyberLink Corp."]PDVDPlayDVDMovieOnArrival\"Provider" = "PowerDVD""InvokeProgID" = "DVD""InvokeVerb" = "PlayWithPowerDVD"HKLM\SOFTWARE\Classes\DVD\shell\PlayWithPowerDVD\Command\(Default) = ""C:\Program Files\CyberLink DVD Solution\PowerDVD\PowerDVD.exe" "%l"" ["CyberLink Corp."]PDVDPlayVCDMovieOnArrival\"Provider" = "PowerDVD""InvokeProgID" = "VCD""InvokeVerb" = "PlayWithPowerDVD"HKLM\SOFTWARE\Classes\VCD\shell\PlayWithPowerDVD\Command\(Default) = ""C:\Program Files\CyberLink DVD Solution\PowerDVD\PowerDVD.exe" "%l"" ["CyberLink Corp."]RPCDBurningOnArrival\"Provider" = "RealPlayer""InvokeProgID" = "RealPlayer.CDBurn.6""InvokeVerb" = "open"HKLM\SOFTWARE\Classes\RealPlayer.CDBurn.6\shell\open\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /burn "%1"" ["RealNetworks, Inc."]RPDeviceOnArrival\"Provider" = "RealPlayer""ProgID" = "RealPlayer.HWEventHandler"HKLM\SOFTWARE\Classes\RealPlayer.HWEventHandler\CLSID\(Default) = "{67E76F1D-BDE2-4052-913C-2752366192D2}"  -> {HKLM...CLSID} = "RealNetworks Scheduler"				   \LocalServer32\(Default) = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -autoplay" ["RealNetworks, Inc."]RPPlayCDAudioOnArrival\"Provider" = "RealPlayer""InvokeProgID" = "RealPlayer.AudioCD.6""InvokeVerb" = "play"HKLM\SOFTWARE\Classes\RealPlayer.AudioCD.6\shell\play\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe"  /play %1 " ["RealNetworks, Inc."]RPPlayDVDMovieOnArrival\"Provider" = "RealPlayer""InvokeProgID" = "RealPlayer.DVD.6""InvokeVerb" = "play"HKLM\SOFTWARE\Classes\RealPlayer.DVD.6\shell\play\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe"  /dvd %1 " ["RealNetworks, Inc."]RPPlayMediaOnArrival\"Provider" = "RealPlayer""InvokeProgID" = "RealPlayer.AutoPlay.6""InvokeVerb" = "open"HKLM\SOFTWARE\Classes\RealPlayer.AutoPlay.6\shell\open\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /autoplay "%1"" ["RealNetworks, Inc."]Startup items in "NZOZ" & "All Users" startup folders:------------------------------------------------------C:\Documents and Settings\All Users\Menu Start\Programy\Autostart"Action Express (OpticPro ST64+)" -> shortcut to: "C:\Program Files\Plustek\OpticPro ST64+\Am32Plus.exe" ["Impacct"]"Logitech Desktop Messenger" -> shortcut to: "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe -startup" ["Logitech Inc."]"Logitech SetPoint" -> shortcut to: "C:\Program Files\Logitech\SetPoint\SetPoint.exe" ["Logitech, Inc."]"Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l" [MS]"Przyspieszenie uruchomienia programu AutoCAD" -> shortcut to: "C:\Program Files\Common Files\Autodesk Shared\acstart16.exe" [null data]Winsock2 Service Provider DLLs:-------------------------------Namespace Service ProvidersHKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]Transport Service ProvidersHKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:%SystemRoot%\system32\mswsock.dll [MS], 01 - 04, 07 - 22%SystemRoot%\system32\rsvpsp.dll [MS], 05 - 06Toolbars, Explorer Bars, Extensions:------------------------------------Explorer BarsHKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\HKLM\SOFTWARE\Classes\CLSID\{85E0B171-04FA-11D1-B7DA-00A0C90348D6}\(Default) = "Statystyki dla ochrony WWW"Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll" ["Kaspersky Lab"]HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Poszukaj"Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL" [MS]Extensions (Tools menu items, main toolbar menu buttons)HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}\"ButtonText" = "Statystyki dla ochrony WWW"{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}\"ButtonText" = "Create Mobile Favorite""CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}"  -> {HKLM...CLSID} = "Create Mobile Favorite"				   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\INetRepl.dll" [MS]{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}\"MenuText" = "Utwórz Ulubione dla urządzenia przenośnego...""CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}"  -> {HKLM...CLSID} = "Create Mobile Favorite"				   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\INetRepl.dll" [MS]{92780B25-18CC-41C8-B9BE-3C9C571A8263}\"ButtonText" = "Research"{E2E2DD38-D088-4134-82B7-F2BA38496583}\"MenuText" = "@xpsp3res.dll,-20001""Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]{FB5F1910-F110-11D2-BB9E-00C04F795683}\"ButtonText" = "Messenger""MenuText" = "Windows Messenger""Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]Running Services (Display Name, Service Name, Path {Service DLL}):------------------------------------------------------------------Firebird Guardian - DefaultInstance, FirebirdGuardianDefaultInstance, "C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe -s" ["FirebirdSQL Project"]Firebird Server - DefaultInstance, FirebirdServerDefaultInstance, "C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe -s" ["FirebirdSQL Project"]Java Quick Starter, JavaQuickStarterService, ""C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"" ["Sun Microsystems, Inc."]Karta wydajności WMI, WmiApSrv, "C:\WINDOWS\system32\wbem\wmiapsrv.exe" [MS]Kaspersky Internet Security 7.0, AVP, ""C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r" ["Kaspersky Lab"]LightScribeService Direct Disc Labeling Service, LightScribeService, ""C:\Program Files\Common Files\LightScribe\LSSrvc.exe"" ["Hewlett-Packard Company"]Netropa NHK Server, nhksrv, "C:\Program Files\Keymaestro\Multimedia Keyboard\nhksrv.exe" [null data]NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]ProtexisLicensing, ProtexisLicensing, "C:\WINDOWS\system32\PSIService.exe" [null data]Symantec Event Manager, ccEvtMgr, ""C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"]Symantec Settings Manager, ccSetMgr, ""C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"" ["Symantec Corporation"]Keyboard Driver Filters:------------------------HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}\"UpperFilters" = <<!>> "msikbd2k" ["Netropa Corporation"]Print Monitors:---------------HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\HPLJ1020LM\Driver = "ZLhp1020.DLL" ["Zenographics, Inc."]---------- (launch time: 2009-02-24 20:39:39)<<!>>: Suspicious data at a malware launch point.+ This report excludes default entries except where indicated.+ To see *everywhere* the script checks and *everything* it finds,  launch it from a command prompt or a shortcut with the -all parameter.+ To search all directories of local fixed drives for DESKTOP.INI  DLL launch points, use the -supp parameter or answer "No" at the  first message box and "Yes" at the second message box.---------- (total run time: 29 seconds, including 3 seconds for message boxes)

ComboFix.txt

Startup_Programs__NZOZ_FF85106986__2009_02_24_20.39.39.txt

ComboFix.txt

Startup_Programs__NZOZ_FF85106986__2009_02_24_20.39.39.txt

Mateusz J.
komentarz
komentarz

Ehmm...komputer wyleczony.

Jednak podpinasz non stop zainfekowany pendrive lub tego typu urządzenie.

Wykonaj to co w drugim poście: http://www.searchengines.pl/Infekcje-z-pen...ych-t94761.html (patrz na Sprawdzanie dysku z niedziałającą opcją Pokaż ukryte)

mlody8mlody
komentarz
komentarz

a czym dobrze wyczyscic pendrive? tzn w jaki sposob zeby juz nie mial tej infekcji...

Mateusz J.
komentarz
komentarz

na początek flashdisinfector, następnie tak jak napisałem w moim poprzednim poście

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.