x-kom hosting

Prosze sprawdzenie logów

nidhogg
utworzono
utworzono

Oto moje logi:

"Silent Runners.vbs", revision 59, http://www.silentrunners.org/Operating System: Windows XP SP2Output limited to non-default values, except where indicated by "{++}"Startup items buried in registry:---------------------------------HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]"DAEMON Tools Lite" = ""C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun" ["DT Soft Ltd"]"NBJ" = ""C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"" ["Ahead Software AG"]"ALLUpdate" = ""C:\Program Files\ALLPlayer\ALLUpdate.exe" "sleep"" [null data]"H/PC Connection Agent" = ""C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"" [MS]"kava" = "C:\WINDOWS\system32\kavo.exe" [file not found]"cdoosoft" = "C:\WINDOWS\system32\olhrwef.exe" [file not found]HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\ {++}"FlashPlayerUpdate" = "C:\Program Files\Opera\Program\Plugins\NPSWF32_FlashUtil.exe -p" ["Adobe Systems, Inc."]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}"CnxDslTaskBar" = ""C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" "ZTE Corporation\ZXDSL852"" ["Conexant Systems, Inc."]"WOOWATCH" = "C:\PROGRA~1\NEOSTR~1\Watch.exe" ["France Télécom R&D"]"WOOTASKBARICON" = "C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe" ["France Télécom R&D"]"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]"RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."]"Alcmtr" = "ALCMTR.EXE" ["Realtek Semiconductor Corp."]"Adobe Reader Speed Launcher" = ""C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"" ["Adobe Systems Incorporated"]"SunJavaUpdateSched" = ""C:\Program Files\Java\jre6\bin\jusched.exe"" ["Sun Microsystems, Inc."]"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]"hpqSRMon" = "C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe" ["Hewlett-Packard"]"HP Software Update" = "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" ["Hewlett-Packard"]"RemoteControl8" = ""C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"" ["Cyberlink Corp."]"PDVD8LanguageShortcut" = ""C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"" [null data]"BDRegion" = "C:\Program Files\Cyberlink\Shared Files\brs.exe" ["cyberlink"]"QuickTime Task" = ""C:\Program Files\QuickTime\QTTask.exe" -atboottime" ["Apple Inc."]"avgnt" = ""C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min" ["Avira GmbH"]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07CA483F-30BC-425D-823D-48620A3BD13F}\(Default) = "TBSB06153"  -> {HKLM...CLSID} = "TBSB06153 Class"				   \InProcServer32\(Default) = "C:\Program Files\IEToolbar\Share Accelerator\ShareAcceleratorToolbar12_11_08.dll" [null data]{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\(Default) = "AcroIEHelperStub"  -> {HKLM...CLSID} = "Adobe PDF Link Helper"				   \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll" ["Adobe Systems Incorporated"]{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)  -> {HKLM...CLSID} = "Java Plug-In SSV Helper"				   \InProcServer32\(Default) = "C:\Program Files\Java\jre6\bin\ssv.dll" ["Sun Microsystems, Inc."]{DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)  -> {HKLM...CLSID} = "Java Plug-In 2 SSV Helper"				   \InProcServer32\(Default) = "C:\Program Files\Java\jre6\bin\jp2ssv.dll" ["Sun Microsystems, Inc."]{E7E6F031-17CE-4C07-BC86-EABFE594F69C}\(Default) = "JQSIEStartDetectorImpl"  -> {HKLM...CLSID} = "JQSIEStartDetectorImpl Class"				   \InProcServer32\(Default) = "C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll" ["Sun Microsystems, Inc."]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"  -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"				   \InProcServer32\(Default) = "deskpan.dll" [file not found]"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"				   \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]"{3028902F-6374-48b2-8DC6-9725E775B926}" = "IE Microsoft AutoComplete"  -> {HKLM...CLSID} = "IE Microsoft AutoComplete"				   \InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]"{EFA24E62-B078-11d0-89E4-00C04FC9E26E}" = "History Band"  -> {HKLM...CLSID} = "History Band"				   \InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]"{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" = "Shell Extension for Malware scanning"  -> {HKLM...CLSID} = "Shell Extension for Malware scanning"				   \InProcServer32\(Default) = "C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll" ["Avira GmbH"]"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"  -> {HKLM...CLSID} = "DesktopContext Class"				   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"  -> {HKLM...CLSID} = "NVIDIA CPL Extension"				   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"  -> {HKLM...CLSID} = "Desktop Explorer"				   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"  -> {HKLM...CLSID} = (no title provided)				   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"  -> {HKLM...CLSID} = "nView Desktop Context Menu"				   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"  -> {HKLM...CLSID} = "WinRAR"				   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]"{23170F69-40C1-278A-1000-000100020000}" = "7-Zip Shell Extension"  -> {HKLM...CLSID} = "7-Zip Shell Extension"				   \InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"]"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"  -> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook"				   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL" [MS]"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"  -> {HKLM...CLSID} = (no title provided)				   \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]"{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler"  -> {HKLM...CLSID} = "Microsoft Office Metadata Handler"				   \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]"{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler"  -> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler"				   \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]"{49BF5420-FA7F-11cf-8011-00A0C90A8F78}" = "Mobile Device"  -> {HKLM...CLSID} = "Urządzenie przenośne"				   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\Wcesview.dll" [MS]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"  -> {HKLM...CLSID} = "WPDShServiceObj Class"				   \InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"  -> {HKLM...CLSID} = "PDF Shell Extension"				   \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"  -> {HKLM...CLSID} = "7-Zip Shell Extension"				   \InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"]Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"  -> {HKLM...CLSID} = "Shell Extension for Malware scanning"				   \InProcServer32\(Default) = "C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll" ["Avira GmbH"]WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"  -> {HKLM...CLSID} = "WinRAR"				   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"  -> {HKLM...CLSID} = "7-Zip Shell Extension"				   \InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"]WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"  -> {HKLM...CLSID} = "WinRAR"				   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"  -> {HKLM...CLSID} = "Shell Extension for Malware scanning"				   \InProcServer32\(Default) = "C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll" ["Avira GmbH"]WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"  -> {HKLM...CLSID} = "WinRAR"				   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]Group Policies {policy setting}:--------------------------------Note: detected settings may not have any effect.HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\"DisallowRun" = (REG_DWORD) dword:0x00000001{unrecognized setting}HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\"HonorAutoRunSetting" = (REG_DWORD) dword:0x00000001{unrecognized setting}HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\"DisableTaskMgr" = (REG_DWORD) dword:0x00000000{Remove Task Manager}HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001{Shutdown: Allow system to be shut down without having to log on}"undockwithoutlogon" = (REG_DWORD) dword:0x00000001{Devices: Allow undock without having to log on}Active Desktop and Wallpaper:-----------------------------Active Desktop may be disabled at this entry:HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellStateDisplayed if Active Desktop enabled and wallpaper not set by Group Policy:HKCU\Software\Microsoft\Internet Explorer\Desktop\General\"Wallpaper" = "C:\WINDOWS\web\wallpaper\Idylla.bmp"Displayed if Active Desktop disabled and wallpaper not set by Group Policy:HKCU\Control Panel\Desktop\"Wallpaper" = "C:\WINDOWS\web\wallpaper\Idylla.bmp"Enabled Screen Saver:---------------------HKCU\Control Panel\Desktop\"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]Windows Portable Device AutoPlay Handlers-----------------------------------------HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\HPAutoplayPSE\"Provider" = "HP Photosmart Essential 2.5""InvokeProgID" = "HpqPSApl.Autoplay""InvokeVerb" = "Play"HKLM\SOFTWARE\Classes\HpqPSApl.Autoplay\shell\Play\DropTarget\CLSID = "{A6873065-D632-4615-A3A9-C5F05EE109C1}"  -> {HKLM...CLSID} = (no title provided)				   \LocalServer32\(Default) = "C:\Program Files\HP\Digital Imaging\bin\HpqPsApl.exe" ["Hewlett-Packard"]MSWPDShellNamespaceHandler\"Provider" = "@%SystemRoot%\System32\WPDShextRes.dll,-501""CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}""InitCmdLine" = " "  -> {HKLM...CLSID} = "WPDShextAutoplay"				   \LocalServer32\(Default) = "C:\WINDOWS\system32\WPDShextAutoplay.exe" [MS]NeroAutoPlay2CDAudio\"Provider" = "Nero Express""InvokeProgID" = "Nero.AutoPlay2""InvokeVerb" = "HandleCDBurningOnArrival_CDAudio"HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\HandleCDBurningOnArrival_CDAudio\command\(Default) = "C:\Program Files\Ahead\nero\nero.exe /w /New:AudioCD /Drive:%L" ["Ahead Software AG"]NeroAutoPlay2CopyCD\"Provider" = "Nero Express""InvokeProgID" = "Nero.AutoPlay2""InvokeVerb" = "PlayCDAudioOnArrival_CopyCD"HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\PlayCDAudioOnArrival_CopyCD\command\(Default) = "C:\Program Files\Ahead\nero\nero.exe /w /Dialog:DiscCopy /Drive:%L" ["Ahead Software AG"]NeroAutoPlay2DataDisc\"Provider" = "Nero Express""InvokeProgID" = "Nero.AutoPlay2""InvokeVerb" = "HandleCDBurningOnArrival_DataDisc"HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\HandleCDBurningOnArrival_DataDisc\command\(Default) = "C:\Program Files\Ahead\nero\nero.exe /w /New:ISODisc /Drive:%L" ["Ahead Software AG"]NeroAutoPlay2LaunchNeroStartSmart\"Provider" = "Nero StartSmart""InvokeProgID" = "Nero.AutoPlay2""InvokeVerb" = "HandleCDBurningOnArrival_LaunchNeroStartSmart"HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\HandleCDBurningOnArrival_LaunchNeroStartSmart\command\(Default) = "C:\Program Files\Ahead\Nero StartSmart\NeroStartSmart.exe /AutoPlay /Drive:%L" ["Ahead Software AG"]PDVD8PlayCDAudioOnArrival\"Provider" = "PowerDVD 8""InvokeProgID" = "AudioCD""InvokeVerb" = "PlayWithPowerDVD8"HKLM\SOFTWARE\Classes\AudioCD\shell\PlayWithPowerDVD8\Command\(Default) = ""C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe" "%L"" ["CyberLink Corp."]PDVD8PlayDVDMovieOnArrival\"Provider" = "PowerDVD 8""InvokeProgID" = "DVD""InvokeVerb" = "PlayWithPowerDVD8"HKLM\SOFTWARE\Classes\DVD\shell\PlayWithPowerDVD8\Command\(Default) = ""C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe"  "%L"" ["CyberLink Corp."]PDVD8PlayVCDMovieOnArrival\"Provider" = "PowerDVD 8""InvokeProgID" = "VCD""InvokeVerb" = "PlayWithPowerDVD8"HKLM\SOFTWARE\Classes\VCD\shell\PlayWithPowerDVD8\Command\(Default) = ""C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe"  "%L"" ["CyberLink Corp."]VLCPlayCDAudioOnArrival\"Provider" = "VideoLAN VLC media player""InvokeProgID" = "VLC.CDAudio""InvokeVerb" = "play"HKLM\SOFTWARE\Classes\VLC.CDAudio\shell\play\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file cdda:%1" ["VideoLAN Team"]VLCPlayDVDMovieOnArrival\"Provider" = "VideoLAN VLC media player""InvokeProgID" = "VLC.DVDMovie""InvokeVerb" = "play"HKLM\SOFTWARE\Classes\VLC.DVDMovie\shell\play\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file dvd:%1" ["VideoLAN Team"]WinampPlayMediaOnArrival\"Provider" = "Winamp""InvokeProgID" = "Winamp.File""InvokeVerb" = "Play"HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\command\(Default) = ""C:\Program Files\Winamp\winamp.exe" "%1"" ["Nullsoft"]HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\DropTarget\CLSID = "{46986115-84D6-459c-8F95-52DD653E532E}"  -> {HKLM...CLSID} = (no title provided)				   \LocalServer32\(Default) = ""C:\Program Files\Winamp\winamp.exe"" ["Nullsoft"]Startup items in "Anonymous" & "All Users" startup folders:-----------------------------------------------------------C:\Documents and Settings\All Users\Menu Start\Programy\Autostart"Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l" [MS]Enabled Scheduled Tasks:------------------------"AppleSoftwareUpdate" -> launches: "C:\Program Files\Apple Software Update\SoftwareUpdate.exe -task" ["Apple Inc."]Winsock2 Service Provider DLLs:-------------------------------Namespace Service ProvidersHKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]Transport Service ProvidersHKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05Toolbars, Explorer Bars, Extensions:------------------------------------ToolbarsHKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\"{FA34EE7E-55EB-41DB-9718-1AE6EA1CF9A5}"  -> {HKLM...CLSID} = "Share Accelerator"				   \InProcServer32\(Default) = "C:\Program Files\IEToolbar\Share Accelerator\ShareAcceleratorToolbar12_11_08.dll" [null data]Extensions (Tools menu items, main toolbar menu buttons)HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}\"ButtonText" = "Create Mobile Favorite""CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}"  -> {HKLM...CLSID} = "Create Mobile Favorite"				   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\INetRepl.dll" [MS]{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}\"MenuText" = "Utwórz Ulubione dla urządzenia przenośnego...""CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}"  -> {HKLM...CLSID} = "Create Mobile Favorite"				   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\INetRepl.dll" [MS]{E2E2DD38-D088-4134-82B7-F2BA38496583}\"MenuText" = "@xpsp3res.dll,-20001""Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]HOSTS file----------C:\WINDOWS\System32\drivers\etc\HOSTSmaps: 43 domain names to IP addresses,	  14 of the IP addresses are *not* localhost!Running Services (Display Name, Service Name, Path {Service DLL}):------------------------------------------------------------------Avira AntiVir Personal - Free Antivirus Guard, AntiVirService, ""C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe"" ["Avira GmbH"]Avira AntiVir Personal - Free Antivirus Scheduler, AntiVirScheduler, ""C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe"" ["Avira GmbH"]hpqcxs08, hpqcxs08, "C:\WINDOWS\system32\svchost.exe -k hpdevmgmt" {"C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll" ["Hewlett-Packard Co."]}Java Quick Starter, JavaQuickStarterService, ""C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"" ["Sun Microsystems, Inc."]Karta wydajności WMI, WmiApSrv, "C:\WINDOWS\system32\wbem\wmiapsrv.exe" [MS]Net Driver HPZ12, Net Driver HPZ12, "C:\WINDOWS\System32\svchost.exe -k HPZ12" {"C:\WINDOWS\system32\HPZinw12.dll" ["Hewlett-Packard"]}NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]Pml Driver HPZ12, Pml Driver HPZ12, "C:\WINDOWS\System32\svchost.exe -k HPZ12" {"C:\WINDOWS\system32\HPZipm12.dll" ["Hewlett-Packard"]}PnkBstrA, PnkBstrA, "C:\WINDOWS\system32\PnkBstrA.exe" [null data]Usługa HP CUE DeviceDiscovery, hpqddsvc, "C:\WINDOWS\system32\svchost.exe -k hpdevmgmt" {"C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll" ["Hewlett-Packard Co."]}Print Monitors:---------------HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\LIDIL hpzll5mu\Driver = "hpzll5mu.dll" ["Hewlett-Packard Company"]---------- (launch time: 2009-02-27 13:33:21)+ This report excludes default entries except where indicated.+ To see *everywhere* the script checks and *everything* it finds,  launch it from a command prompt or a shortcut with the -all parameter.+ The search for DESKTOP.INI DLL launch points on all local fixed drives  took 80 seconds.---------- (total run time: 110 seconds)
Logfile of Trend Micro HijackThis v2.0.2Scan saved at 13:32:22, on 2009-02-27Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exeC:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\PnkBstrA.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\svchost.exeC:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exeC:\PROGRA~1\NEOSTR~1\TaskbarIcon.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\WINDOWS\RTHDCPL.EXEC:\Program Files\Java\jre6\bin\jusched.exeC:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exeC:\Program Files\Cyberlink\Shared Files\brs.exeC:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\DAEMON Tools Lite\daemon.exeC:\Program Files\Microsoft ActiveSync\Wcescomm.exeC:\PROGRA~1\MICROS~4\rapimgr.exeC:\PROGRA~1\NEOSTR~1\NeostradaTP.exeC:\PROGRA~1\NEOSTR~1\ComComp.exeC:\Program Files\foobar2000\foobar2000.exeC:\WINDOWS\system32\wbem\wmiapsrv.exeC:\PROGRA~1\NEOSTR~1\Watch.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Nowe Gadu-Gadu\gg.exeC:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exeC:\Program Files\Opera\opera.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.plR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TPR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ŁączaO1 - Hosts: 68.178.151.28 delb.opt.fimserve.com # 728x90O1 - Hosts: 68.178.151.28 desk.opt.fimserve.com # 160x600O1 - Hosts: 68.178.151.28 demr.opt.fimserve.com # 300x250O1 - Hosts: 72.167.163.234 www.google-analytics.comO1 - Hosts: 72.167.163.234 ads1.msn.comO1 - Hosts: 208.109.221.107 dehp.myspace.comO1 - Hosts: 208.109.221.107 demr.myspace.comO1 - Hosts: 208.109.221.107 desk.myspace.comO1 - Hosts: 208.109.221.107 delb.myspace.comO1 - Hosts: 208.109.221.107 delb2.myspace.comO1 - Hosts: 208.109.221.107 debr.myspace.comO1 - Hosts: 208.109.221.107 view.atdmt.comO1 - Hosts: 208.109.221.107 rad.msn.comO1 - Hosts: 208.109.233.197 themis.geocities.yahoo.comO2 - BHO: TBSB06153 - {07CA483F-30BC-425D-823D-48620A3BD13F} - C:\Program Files\IEToolbar\Share Accelerator\ShareAcceleratorToolbar12_11_08.dllO2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllO4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" "ZTE Corporation\ZXDSL852"O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exeO4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exeO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXEO4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXEO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exeO4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exeO4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"O4 - HKLM\..\Run: [bDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottimeO4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /minO4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorunO4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"O4 - HKCU\..\Run: [ALLUpdate] "C:\Program Files\ALLPlayer\ALLUpdate.exe" "sleep"O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"O4 - HKCU\..\Run: [kava] C:\WINDOWS\system32\kavo.exeO4 - HKCU\..\Run: [cdoosoft] C:\WINDOWS\system32\olhrwef.exeO4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Program Files\Opera\Program\Plugins\NPSWF32_FlashUtil.exe -pO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXEO9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dllO9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dllO9 - Extra 'Tools' menuitem: Utwórz Ulubione dla urządzenia przenośnego... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cabO16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{FF2BF48E-D1A4-43C2-A9D9-CB2D10A20931}: NameServer = 194.204.159.1 217.98.63.164O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exeO23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe--End of file - 8238 bytes

Mateusz J.
komentarz
komentarz

W przypadku tej infekcji potrzebny jest log z ComboFix.

nidhogg
komentarz
komentarz
ComboFix 09-02-26.02 - Anonymous 2009-02-27 17:19:02.1 - NTFSx86Microsoft Windows XP Home Edition  5.1.2600.2.1250.1.1045.18.2047.1567 [GMT 1:00]Uruchomiony z: c:\documents and settings\Anonymous\Pulpit\ComboFix.exeAV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated) * Utworzono nowy punkt przywracania.(((((((((((((((((((((((((((((((((((((((   Usunięto   ))))))))))))))))))))))))))))))))))))))))))))))))).c:\program files\IEToolbarc:\program files\IEToolbar\Share Accelerator\basis.xmlc:\program files\IEToolbar\Share Accelerator\icons.bmpc:\program files\IEToolbar\Share Accelerator\icons.bmp_16.bmpc:\program files\IEToolbar\Share Accelerator\icons.bmp_24.bmpc:\program files\IEToolbar\Share Accelerator\info.txtc:\program files\IEToolbar\Share Accelerator\LOGO.BMPc:\program files\IEToolbar\Share Accelerator\ShareAcceleratorToolbar12_11_08.crcc:\program files\IEToolbar\Share Accelerator\ShareAcceleratorToolbar12_11_08.dllc:\program files\IEToolbar\Share Accelerator\tbhelper.dllc:\program files\IEToolbar\Share Accelerator\uninstall.exec:\program files\IEToolbar\Share Accelerator\update.exec:\program files\IEToolbar\Share Accelerator\version.txtc:\program files\IEToolbar\Share Accelerator\your_logo.pngc:\windows\system32\inst.datc:\windows\system32\msvcsv60.dllc:\windows\system32\pk.binc:\windows\system32\Setup_ver1.1351.25.exe.(((((((((((((((((((((((((   Pliki utworzone od 2009-01-27 do 2009-02-27  ))))))))))))))))))))))))))))))).2009-02-26 20:13 . 2009-02-26 20:13	<DIR>	d--------	c:\program files\Trend Micro2009-02-26 19:52 . 2009-02-26 19:52	<DIR>	d--------	c:\program files\Avira2009-02-26 19:52 . 2009-02-26 19:52	<DIR>	d--------	c:\documents and settings\All Users\Dane aplikacji\Avira2009-02-26 12:14 . 2009-02-26 12:14	<DIR>	d--------	c:\documents and settings\LocalService\Dane aplikacji\Xfire2009-02-26 12:12 . 2009-02-26 12:12	<DIR>	d--------	c:\documents and settings\NetworkService\Dane aplikacji\Xfire2009-02-26 11:13 . 2009-02-26 12:13	<DIR>	d--------	c:\program files\Xfire2009-02-26 11:13 . 2009-02-27 16:25	<DIR>	d--------	c:\documents and settings\Anonymous\Dane aplikacji\Xfire2009-02-26 11:08 . 2009-02-26 11:11	709	--a------	c:\windows\CoD.INI2009-02-11 01:14 . 2009-02-11 01:14	42,320	--a------	c:\windows\system32\xfcodec.dll2009-02-10 18:38 . 2009-02-10 18:41	<DIR>	d--------	c:\program files\Zapu2009-02-10 18:38 . 2004-02-17 00:00	434,252	--a------	c:\windows\system32\Msvcrtd.dll2009-02-04 20:48 . 2009-02-04 20:48	<DIR>	d--------	c:\program files\Common Files\Native Instruments2009-02-04 20:48 . 2007-08-08 09:52	185,856	--a------	c:\windows\system32\drivers\rig3usb.sys2009-02-04 20:48 . 2007-08-08 09:52	25,600	--a------	c:\windows\system32\drivers\rig3avs.sys2009-02-02 20:42 . 2009-02-02 20:42	<DIR>	d--------	c:\program files\QuickTime2009-02-02 20:42 . 2009-02-02 20:42	<DIR>	d--------	c:\documents and settings\All Users\Dane aplikacji\Apple Computer2009-02-02 15:18 . 2009-02-02 15:19	<DIR>	d--------	c:\program files\CyberLink2009-02-02 15:18 . 2009-02-02 15:18	<DIR>	d--------	c:\program files\Common Files\CyberLink2009-01-27 11:14 . 2009-01-27 11:14	<DIR>	d--------	c:\documents and settings\Anonymous\Dane aplikacji\Media Player Classic2009-01-27 11:13 . 2009-01-27 11:13	<DIR>	d--------	c:\program files\Real Alternative2009-01-27 11:13 . 2009-01-27 11:13	<DIR>	d--------	c:\program files\Media Player Classic.((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-02-27 16:17	---------	d-----w	c:\program files\Neostrada TP2009-02-27 16:17	---------	d-----w	c:\documents and settings\Anonymous\Dane aplikacji\foobar20002009-02-27 13:59	202,448	----a-w	c:\windows\system32\PnkBstrB.exe2009-02-27 13:59	138,376	----a-w	c:\windows\system32\drivers\PnkBstrK.sys2009-02-25 16:04	---------	d-----w	c:\documents and settings\Anonymous\Dane aplikacji\uTorrent2009-02-23 16:24	---------	d-----w	c:\program files\REAPER2009-02-19 05:38	---------	d-----w	c:\program files\ALLPlayer2009-02-13 22:09	---------	d-----w	c:\program files\Soulseek2009-02-10 05:13	---------	d-----w	c:\program files\Nowe Gadu-Gadu2009-02-04 19:48	---------	d-----w	c:\program files\VstPlugIns2009-02-04 19:48	---------	d-----w	c:\program files\Native Instruments2009-02-02 14:19	---------	d-----w	c:\documents and settings\All Users\Dane aplikacji\CyberLink2009-02-02 14:18	---------	d--h--w	c:\program files\InstallShield Installation Information2009-02-02 14:17	505,128	----a-w	c:\windows\system32\msvcp71.dll2009-02-02 14:17	353,576	----a-w	c:\windows\system32\msvcr71.dll2009-02-02 14:17	29,480	----a-w	c:\windows\system32\msxml3a.dll2009-01-29 15:11	---------	d-----w	c:\program files\Gadu-Gadu2009-01-28 20:28	---------	d-----w	c:\program files\IK Multimedia2009-01-12 17:20	---------	d-----w	c:\documents and settings\Anonymous\Dane aplikacji\REAPER2009-01-03 22:17	560	---ha-w	c:\windows\Fonts\SWFont9.fnt2009-01-03 22:17	560	----a-w	c:\program files\Global.sw2009-01-03 22:17	---------	d-----w	c:\program files\SoftwrapLicense2009-01-03 22:15	---------	d-----w	c:\program files\Electronic Piano 2.52008-12-29 00:01	---------	d-----w	c:\program files\tuxguitar-1.02008-12-16 21:17	697,353	----a-w	c:\windows\unins000.exe2008-12-14 19:24	73,216	----a-w	c:\windows\ST6UNST.EXE2008-12-14 19:24	249,856	------w	c:\windows\Setup1.exe2008-12-12 23:14	410,984	----a-w	c:\windows\system32\deploytk.dll.(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2006-03-02 15360]"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2006-02-10 2048000]"ALLUpdate"="c:\program files\ALLPlayer\ALLUpdate.exe" [2008-11-24 869888]"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]"FlashPlayerUpdate"="c:\program files\Opera\Program\Plugins\NPSWF32_FlashUtil.exe" [2008-10-05 235936][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"CnxDslTaskBar"="c:\program files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" [2005-07-21 278528]"WOOWATCH"="c:\progra~1\NEOSTR~1\Watch.exe" [2005-07-21 20480]"WOOTASKBARICON"="c:\progra~1\NEOSTR~1\TaskbarIcon.exe" [2005-07-21 53248]"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-13 136600]"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2008-03-21 91432]"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]"nwiz"="nwiz.exe" [2008-05-16 c:\windows\system32\nwiz.exe]"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 c:\windows\RTHDCPL.exe][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-02 15360]c:\documents and settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"VIDC.XFR1"= xfcodec.dll[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]"LightScribeService"=2 (0x2)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="d:\\Guitar Hero III\\GH3.exe"="c:\\Program Files\\uTorrent\\uTorrent.exe"="c:\\Program Files\\eMule\\emule.exe"="c:\\Program Files\\Gadu-Gadu\\gg.exe"="c:\\Program Files\\Opera\\opera.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\Deep Silver\\Sacred 2 - Fallen Angel\\system\\s2gs.exe"="c:\\Program Files\\Deep Silver\\Sacred 2 - Fallen Angel\\system\\sacred2.exe"="d:\\Dead.Space.Multi-5.Repack.Skullptura\\Dead Space\\Dead Space.exe"="c:\\Program Files\\Soulseek\\slsk.exe"="c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"c:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"="c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"="c:\\Program Files\\Zapu\\Zapu\\wDivi.exe"="c:\\Program Files\\Xfire\\Xfire.exe"="d:\\Call of Duty_\\CoDMP.exe"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"8461:TCP"= 8461:TCP:GoD High Port"8462:TCP"= 8462:TCP:GoD Low Port"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync ServiceR2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\[u]0[/u]00.fcl [2008-02-01 17:24:04 41456]R3 CnxEtP;ZTE ZXDSL852 Adapter Filter Driver;c:\windows\system32\drivers\CnxEtP.sys [2008-08-05 131072]R3 CnxEtU;ZTE ZXDSL852 Interface Device Driver;c:\windows\system32\drivers\CnxEtU.sys [2008-08-05 618112]R3 CnxTgNW;ZTE ZXDSL852 WAN PPPoA Adapter Driver;c:\windows\system32\drivers\CnxTgNW.sys [2008-08-05 52736][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3f4247fa-6318-11dd-9fd3-806d6172696f}]\Shell\AutoRun\command - I:\Run.exe[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bb654980-fb6c-11dd-917e-00d0d084d576}]\Shell\AutoRun\command - F:\qphdin.com\Shell\open\Command - F:\qphdin.com[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d4881407-f3ad-11dd-915d-00d0d084d576}]\Shell\AutoRun\command - F:\qphdin.com\Shell\open\Command - F:\qphdin.com.Zawartość folderu 'Zaplanowane zadania'2009-02-16 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34].- - - - USUNIĘTO PUSTE WPISY - - - -BHO-{07CA483F-30BC-425D-823D-48620A3BD13F} - c:\program files\IEToolbar\Share Accelerator\ShareAcceleratorToolbar12_11_08.dllWebBrowser-{FA34EE7E-55EB-41DB-9718-1AE6EA1CF9A5} - c:\program files\IEToolbar\Share Accelerator\ShareAcceleratorToolbar12_11_08.dllHKCU-Run-cdoosoft - c:\windows\system32\olhrwef.exe.------- Skan uzupełniający -------.uStart Page = hxxp://www.neostrada.plIE: { - c:\program files\Messenger\msmsgs.exeDPF: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cabFF - ProfilePath - c:\documents and settings\Anonymous\Dane aplikacji\Mozilla\Firefox\Profiles\hzceuy2c.default\FF - prefs.js: network.proxy.type - 2FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dllFF - plugin: c:\program files\Opera\program\plugins\nppl3260.dllFF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll.**************************************************************************catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-02-27 17:19:43Windows 5.1.2600 Dodatek Service Pack 2 NTFSskanowanie ukrytych procesów ...  skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ...  skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\[u]0[/u]00.fcl".--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------[HKEY_USERS\S-1-5-21-790525478-839522115-933362755-1004\Software\SecuROM\License information*]"datasecu"=hex:35,1a,28,05,b8,44,b8,53,12,7f,41,94,a1,46,47,9f,75,3c,f0,23,70,   06,9f,f3,f8,34,5c,c7,05,68,00,62,fe,d0,e1,54,49,98,a8,62,fd,26,a5,bb,13,42,\"rkeysecu"=hex:39,8e,b4,03,43,b1,cb,7f,cd,57,48,f4,e3,f0,30,67.Czas ukończenia: 2009-02-27 17:20:23ComboFix-quarantined-files.txt  2009-02-27 16:20:22Przed: 11 225 915 392 bajtów wolnychPo: 11,216,719,872 bajtów wolnychWindowsXP-KB310994-SP2-Home-BootDisk-PLK.exe[boot loader]timeout=2default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS[operating systems]c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdconsmulti(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer216	--- E O F ---	2009-02-25 23:20:55
Mateusz J.
komentarz
komentarz

ComboFix usunął co miał, postało jeszcze:

Do notatnika wklej:

Windows Registry Editor Version 5.00[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]

Plik ==> Zapisz jako ==> Zmień rozszerzenie na Wszystkie pliki ==> Zapisz pod nazwą FIX.REG

Uruchom utworzony plik FIX.REG i potwierdź dodanie do Rejestru i zresetuj komputer.

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.