ComboFix 08-12-26.03 - Jakub 2008-12-28 14:57:34.2 - FAT32 x86
Microsoft Windows XP Professional 5.1.2600.0.1250.48.1045.18.1023.630 [GMT 1:00]
Uruchomiony z: c:\documents and settings\Jakub\Pulpit\ComboFix.exe
Użyto następujących komend :: c:\documents and settings\Jakub\Pulpit\CFScript.txt
* Utworzono nowy punkt przywracania
* Resident AV is active
UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA
FILE ::
c:\windows\ios.dat
c:\windows\system32\knzg.dll
c:\windows\system32\m3.ico
c:\windows\system32\sf.ico
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Dane aplikacji\1132B
c:\documents and settings\All Users\Dane aplikacji\1132B{8F1FCFF4-74C4-4479-915A-F7BA0874BA6B}.swf
c:\documents and settings\All Users\Dane aplikacji\1135A
c:\documents and settings\All Users\Dane aplikacji\1135A{59E07698-72A4-4570-9590-4E92E71AB1C9}.swf
c:\documents and settings\All Users\Dane aplikacji\17250
c:\documents and settings\All Users\Dane aplikacji\17250{8989575B-782B-4C56-83FC-D020E3662885}.swf
c:\documents and settings\All Users\Dane aplikacji\1728E
c:\documents and settings\All Users\Dane aplikacji\1728E{9E6B0204-AF79-42E4-96F8-B78F410C4EA0}.swf
c:\documents and settings\All Users\Dane aplikacji\18398
c:\documents and settings\All Users\Dane aplikacji\18398{27094B86-7E5B-47B2-B25A-A38D6E01620C}.swf
c:\documents and settings\All Users\Dane aplikacji\1C2CC
c:\documents and settings\All Users\Dane aplikacji\1C2CC{482AB8FE-87C5-4A84-8222-D60B285BF802}.swf
c:\documents and settings\All Users\Dane aplikacji\23A8
c:\documents and settings\All Users\Dane aplikacji\23A8{C3DE31EE-D840-415B-982C-BF3200F48CC5}.swf
c:\documents and settings\All Users\Dane aplikacji\242FC
c:\documents and settings\All Users\Dane aplikacji\242FC{B7BA1E33-4DF0-48AC-BD23-8BFC6B0B9067}.swf
c:\documents and settings\All Users\Dane aplikacji\24349
c:\documents and settings\All Users\Dane aplikacji\24349{8FFF959F-F87E-45D0-ABD1-DB9478D42A11}.swf
c:\documents and settings\All Users\Dane aplikacji\26165
c:\documents and settings\All Users\Dane aplikacji\26165{E062247E-C920-46AC-A5E1-37FD3BE0D2D2}.swf
c:\documents and settings\All Users\Dane aplikacji\28241
c:\documents and settings\All Users\Dane aplikacji\28241{D96C3441-A0D4-4832-BFC0-831DB64716D5}.swf
c:\documents and settings\All Users\Dane aplikacji\2F29E
c:\documents and settings\All Users\Dane aplikacji\2F29E{67669935-CCFC-4585-9CE8-4322938B08CF}.swf
c:\documents and settings\All Users\Dane aplikacji\307C
c:\documents and settings\All Users\Dane aplikacji\307C{FB81F623-82E0-40D0-A405-0AA0F8597398}.swf
c:\documents and settings\All Users\Dane aplikacji\3146
c:\documents and settings\All Users\Dane aplikacji\3146{59283CDD-92BD-4415-93DF-8F153DDD60F8}.swf
c:\documents and settings\All Users\Dane aplikacji\3211
c:\documents and settings\All Users\Dane aplikacji\3211{2C53E5B0-EF78-4999-B223-ECD7D9253D47}.swf
c:\documents and settings\All Users\Dane aplikacji\32D
c:\documents and settings\All Users\Dane aplikacji\32D{47CF115A-EEDC-4D93-9ED1-C2B24C1D2F4F}.swf
c:\documents and settings\All Users\Dane aplikacji\33C7
c:\documents and settings\All Users\Dane aplikacji\33C7{4C94F063-0516-4014-88A4-22BC5C0B299A}.swf
c:\documents and settings\All Users\Dane aplikacji\342FC
c:\documents and settings\All Users\Dane aplikacji\342FC{D9EEEC4A-8C78-4953-A2BD-54FD49F318FB}.swf
c:\documents and settings\All Users\Dane aplikacji\39194
c:\documents and settings\All Users\Dane aplikacji\39194{9B2B2263-5E9B-4324-861A-4AB112022537}.swf
c:\documents and settings\All Users\Dane aplikacji\3A29E
c:\documents and settings\All Users\Dane aplikacji\3A29E{1149F49A-5C68-481E-887A-33A6D9CEC858}.swf
c:\documents and settings\All Users\Dane aplikacji\64B
c:\documents and settings\All Users\Dane aplikacji\64B{A93839C8-B8DC-4945-8211-260B90F6A2D6}.swf
c:\documents and settings\All Users\Dane aplikacji\729D
c:\documents and settings\All Users\Dane aplikacji\729D{9C2DAEEC-4337-421D-899F-78AEE39179F1}.swf
c:\documents and settings\All Users\Dane aplikacji\93E6
c:\documents and settings\All Users\Dane aplikacji\93E6{FE7F1FB9-F70F-467B-9083-3DD3995AA16B}.swf
c:\documents and settings\All Users\Dane aplikacji\D240
c:\documents and settings\All Users\Dane aplikacji\D240{1F8CCCB3-9066-4A5E-A8E2-7E20EF98EDF8}.swf
c:\documents and settings\All Users\Dane aplikacji\E1C2
c:\documents and settings\All Users\Dane aplikacji\E1C2{6A4B6121-9387-42B8-8F5F-B39478A4B1C9}.swf
c:\documents and settings\All Users\Dane aplikacji\F220
c:\documents and settings\All Users\Dane aplikacji\F220{94762179-4C02-4C0E-9F71-0FBCEBB2841D}.swf
C:\FOUND.010
C:\FOUND.011
C:\FOUND.012
C:\FOUND.013
c:\found.013\FILE0000.CHK
c:\found.013\FILE0001.CHK
c:\found.013\FILE0002.CHK
c:\found.013\FILE0003.CHK
c:\found.013\FILE0004.CHK
c:\found.013\FILE0005.CHK
c:\found.013\FILE0006.CHK
c:\found.013\FILE0007.CHK
c:\found.013\FILE0008.CHK
c:\found.013\FILE0009.CHK
c:\found.013\FILE0010.CHK
c:\found.013\FILE0011.CHK
c:\found.013\FILE0012.CHK
c:\found.013\FILE0013.CHK
c:\found.013\FILE0014.CHK
c:\found.013\FILE0015.CHK
c:\found.013\FILE0016.CHK
c:\found.013\FILE0017.CHK
c:\found.013\FILE0018.CHK
c:\found.013\FILE0019.CHK
c:\found.013\FILE0020.CHK
c:\found.013\FILE0021.CHK
c:\found.013\FILE0022.CHK
c:\found.013\FILE0023.CHK
c:\found.013\FILE0024.CHK
c:\found.013\FILE0025.CHK
c:\found.013\FILE0026.CHK
c:\found.013\FILE0027.CHK
c:\found.013\FILE0028.CHK
c:\found.013\FILE0029.CHK
c:\found.013\FILE0030.CHK
c:\found.013\FILE0031.CHK
c:\found.013\FILE0032.CHK
c:\found.013\FILE0033.CHK
c:\found.013\FILE0034.CHK
c:\found.013\FILE0035.CHK
c:\found.013\FILE0036.CHK
c:\found.013\FILE0037.CHK
c:\found.013\FILE0038.CHK
c:\found.013\FILE0039.CHK
C:\FOUND.014
c:\found.014\FILE0000.CHK
c:\found.014\FILE0001.CHK
C:\FOUND.015
c:\found.015\FILE0000.CHK
c:\found.015\FILE0001.CHK
c:\found.015\FILE0002.CHK
c:\windows\ios.dat
c:\windows\system32\knzg.dll
c:\windows\system32\m3.ico
c:\windows\system32\sf.ico
.
((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_OFLPYDIN
-------\Service_oflpydin
((((((((((((((((((((((((( Pliki utworzone od 2008-11-28 do 2008-12-28 )))))))))))))))))))))))))))))))
.
2008-12-28 13:00 . 2008-12-28 13:00
2008-12-25 15:26 . 2008-12-25 15:26
2008-12-14 11:03 . 2008-12-14 11:03
2008-12-13 20:44 . 2008-12-13 20:44
2008-12-13 20:38 . 2008-06-25 14:41 79,904 --a------ c:\windows\system32\drivers\fsdfw.sys
2008-12-13 20:37 . 2008-12-13 20:37
2008-12-13 20:33 . 2008-12-13 20:33
2008-12-13 13:59 . 2008-12-13 13:59
2008-12-05 23:55 . 2008-12-05 23:55 0 --a------ c:\windows\nsreg.dat
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-06 14:39 31 ----a-w c:\documents and settings\Jakub\jagex_runescape_preferences.dat
2008-11-23 11:02 --------- d-----w c:\documents and settings\Jakub\Dane aplikacji\BitTorrent
2008-11-23 11:01 --------- d-----w c:\program files\DNA
2008-11-23 11:01 --------- d-----w c:\documents and settings\Jakub\Dane aplikacji\DNA
2008-11-21 14:54 --------- d-----w c:\program files\Nowe Gadu-Gadu
2008-11-10 14:17 --------- d-----w c:\program files\Samsung
2008-11-02 12:07 --------- d-----w c:\program files\NAPI-PROJEKT
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-03-15 16:31 36,088 ----a-w c:\documents and settings\Jakub\Dane aplikacji\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((( snapshot@2008-12-28_14.00.47.61 )))))))))))))))))))))))))))))))))))))))))
.
- 2005-10-20 19:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“NvMediaCenter”=“c:\windows\System32\NVMCTRAY.DLL” [2003-11-17 49152]
“BitTorrent DNA”=“c:\program files\DNA\btdna.exe” [2008-12-19 342848]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“Smapp”=“c:\program files\Analog Devices\SoundMAX\SMTray.exe” [2003-05-05 143360]
“HPDJ Taskbar Utility”=“c:\windows\System32\spool\drivers\w32x86\3\hpztsb09.exe” [2003-09-01 176128]
“NeroFilterCheck”=“c:\windows\system32\NeroCheck.exe” [2001-07-09 155648]
“LClock”=“c:\program files\LClock\LClock.exe” [2004-09-20 65536]
“VisualTooltip”=“c:\program files\VisualTooltip\VisualToolTip.exe” [2006-10-06 942080]
“CacheBoost”=“c:\program files\CacheBoost\trayicon.exe” [2003-06-24 60928]
“DAEMON Tools”=“c:\program files\DAEMON Tools 4.03HE\daemon.exe” [2005-12-10 133016]
“SunJavaUpdateSched”=“e:\program files\Java\jre1.6.0_03\bin\jusched.exe” [2007-09-25 132496]
“CardDetectorICON225”=“c:\program files\CardDetector\ICON225\CardDetector.exe” [2007-11-14 278528]
“BEWINTERNET-PLSessionManager”=“f:\bf\SessionManager\SessionManager.exe” [2007-07-24 102400]
“NvCplDaemon”=“c:\windows\System32\NvCpl.dll” [2003-11-17 3022848]
“KMCONFIG”=“c:\program files\Mouse Driver\StartAutorun.exe” [2007-03-06 212992]
“F-Secure Manager”=“e:\f-secure\F-Secure Internet Security\Common\FSM32.EXE” [2008-06-25 182936]
“F-Secure TNB”=“e:\f-secure\F-Secure Internet Security\FSGUI\TNBUtil.exe” [2008-06-25 957024]
“nwiz”=“nwiz.exe” [2003-11-17 c:\windows\system32\nwiz.exe]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“c:\windows\System32\CTFMON.EXE” [2001-10-26 13312]
c:\documents and settings\All Users\Menu Start\Programy\Autostart\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
“NoResolveTrack”= 1 (0x1)
“NoFileAssociate”= 0 (0x0)
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“f:\BF\Connectivity\ConnectivityManager.exe”=
“e:\bittorent\BitTorrent\bittorrent.exe”=
R0 FSFW;F-Secure Firewall Driver;c:\windows\System32\drivers\fsdfw.sys [2008-12-13 79904]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\System32\drivers\sfdrv01a.sys [2006-07-05 63352]
R0 VirtualK;VirtaulK;c:\windows\System32\drivers\VirtualK.sys [2006-01-07 3968]
R1 F-Secure HIPS;F-Secure HIPS Driver;??\e:\f-secure\F-Secure Internet Security\HIPS\drivers\fshs.sys [2008-12-13 66720]
R2 CacheBoost Service;CacheBoost Performance Optimizer and Tuner Service;c:\program files\CacheBoost\cbsrv.exe [2003-06-24 77312]
R2 DiskMgkS;DiskMagik Service;d:\diskmagik\DiskMgkS.exe [2007-12-14 415768]
R2 F-Secure Filter;F-Secure File System Filter;??\e:\f-secure\F-Secure Internet Security\Anti-Virus\Win2K\FSfilter.sys [2008-12-13 39776]
R2 F-Secure Gatekeeper;F-Secure Gatekeeper;??\e:\f-secure\F-Secure Internet Security\Anti-Virus\Win2K\FSgk.sys [2008-12-13 62176]
R2 F-Secure Recognizer;F-Secure File System Recognizer;??\e:\f-secure\F-Secure Internet Security\Anti-Virus\Win2K\FSrec.sys [2008-12-13 25184]
R2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files\Mouse Driver\KMWDSrv.exe [2007-04-05 208896]
R3 FSORSPClient;F-Secure ORSP Client;“e:\f-secure\F-Secure Internet Security\ORSP Client\fsorsp.exe” [2008-12-13 55904]
R3 GTFFBUS;GT FF BUS;c:\windows\System32\DRIVERS\gtffbus.sys [2008-07-03 17152]
R3 GTMNDISIRPXP;GT M 3G+ IRP NDIS;c:\windows\System32\DRIVERS\Gtm51Irp.sys [2008-06-28 122240]
R3 GTPTSER;GT PT SER;c:\windows\System32\DRIVERS\gtptser.sys [2008-07-03 8064]
R3 GTUQBUS;GT UQ BUS;c:\windows\System32\DRIVERS\gtuqbus.sys [2008-07-03 36992]
R3 skbusenum;SKBus Enumerator;c:\windows\System32\DRIVERS\skbusenum.sys [2006-01-07 10880]
S3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\System32\DRIVERS\Gt51Ip.sys [2008-07-02 95744]
S3 GT72UBUS;GT 72 U BUS;c:\windows\System32\DRIVERS\gt72ubus.sys [2008-07-02 51968]
.
Zawartość folderu ‘Zaplanowane zadania’
2008-11-03 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2006\SystemOptimizer.exe []
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://search.bearshare.com/pl/
IE: Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: Add to AMV Converter… - d:\program files\MP3 Player Utilities 4.07\AMVConverter\grab.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: Eksport do programu Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: MediaManager tool grab multimedia file - d:\program files\MP3 Player Utilities 4.07\MediaManager\grab.html
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
LSP: e:\f-secure\F-Secure Internet Security\FSPS\program\FSLSP.DLL
FF - ProfilePath - c:\documents and settings\Jakub\Dane aplikacji\Mozilla\Firefox\Profiles\s7p1m35r.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/firefox
FF - plugin: c:\documents and settings\All Users\Dane aplikacji\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: e:\program files\Java\jre1.6.0_03\bin\npjava11.dll
FF - plugin: e:\program files\Java\jre1.6.0_03\bin\npjava12.dll
FF - plugin: e:\program files\Java\jre1.6.0_03\bin\npjava13.dll
FF - plugin: e:\program files\Java\jre1.6.0_03\bin\npjava14.dll
FF - plugin: e:\program files\Java\jre1.6.0_03\bin\npjava32.dll
FF - plugin: e:\program files\Java\jre1.6.0_03\bin\npjpi160_03.dll
FF - plugin: e:\program files\Java\jre1.6.0_03\bin\npoji610.dll
ATTENTION: FIREFOX POLICES IS IN FORCE
FF - user.js: network.prefetch-next - true
FF - user.js: nglayout.initialpaint.delay - 250
FF - user.js: layout.spellcheckDefault - 1
FF - user.js: browser.urlbar.autoFill - false
FF - user.js: browser.search.openintab - false
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.opentabfor.middleclick - true
FF - user.js: browser.tabs.tabMinWidth - 100
FF - user.js: browser.urlbar.hideGoButton - false
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-28 15:00:52
Windows 5.1.2600 FAT NTAPI
skanowanie ukrytych procesów …
skanowanie ukrytych wpisów autostartu …
skanowanie ukrytych plików …
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
c:\windows\system32\ODBC32.dll
e:\f-secure\F-Secure Internet Security\FSPS\program\FSLSP.DLL
c:\windows\system32\mswsock.dll
c:\windows\System32\wshtcpip.dll
c:\windows\System32\dssenh.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
e:\f-secure\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
e:\f-secure\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
e:\f-secure\F-Secure Internet Security\Common\FSMA32.EXE
c:\program files\COMMON FILES\FRANCE TELECOM\SHARED MODULES\FTRTSVC\0\FTRTSVC.EXE
e:\f-secure\F-Secure Internet Security\Common\FSMB32.EXE
e:\f-secure\F-Secure Internet Security\Common\FCH32.EXE
c:\program files\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE
c:\windows\SYSTEM32\NVSVC32.EXE
c:\program files\ANALOG DEVICES\SOUNDMAX\SMAGENT.EXE
c:\windows\SYSTEM32\WDFMGR.EXE
c:\windows\SYSTEM32\UASERVICE7.EXE
e:\f-secure\F-Secure Internet Security\Common\FAMEH32.EXE
e:\f-secure\F-Secure Internet Security\Anti-Virus\fsqh.exe
e:\f-secure\F-Secure Internet Security\FSAUA\program\fsaua.exe
e:\f-secure\F-Secure Internet Security\Anti-Virus\fssm32.exe
e:\f-secure\F-Secure Internet Security\FSAUA\program\fsus.exe
c:\windows\SYSTEM32\RUNDLL32.EXE
c:\program files\MOUSE DRIVER\KMCONFIG.EXE
f:\bf\Launcher\Launcher.exe
c:\program files\MESSENGER\MSMSGS.EXE
c:\program files\MOUSE DRIVER\KMPROCESS.EXE
c:\program files\COMMON FILES\FRANCE TELECOM\SHARED MODULES\ALERTMODULE\0\ALERTMODULE.EXE
e:\f-secure\F-Secure Internet Security\FSGUI\fsguidll.exe
e:\f-secure\F-Secure Internet Security\Anti-Virus\fsav32.exe
f:\bf\systray\systrayapp.exe
f:\bf\connectivity\connectivitymanager.exe
f:\bf\PhoneTools\TextMessaging.exe
f:\bf\Deskboard\deskboard.exe
f:\bf\connectivity\CoreCom\CoreCom.exe
c:\progra~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
c:\windows\System32\dwwin.exe
f:\bf\connectivity\CoreCom\OraConfigRecover.exe
.
**************************************************************************
.
Czas ukończenia: 2008-12-28 15:03:31 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2008-12-28 14:03:28
ComboFix2.txt 2008-12-28 13:01:18
Przed: 227 106 816 bajtów wolnych
Po: 126,455,808 bajtów wolnych
315 — E O F — 2008-07-02 08:48:27
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:15:55, on 2008-12-28
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CacheBoost\cbsrv.exe
D:\diskmagik\DiskMgkS.exe
E:\f-secure\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
E:\f-secure\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
E:\f-secure\F-Secure Internet Security\Common\FSMA32.EXE
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
E:\f-secure\F-Secure Internet Security\Common\FSMB32.EXE
E:\f-secure\F-Secure Internet Security\Common\FCH32.EXE
C:\Program Files\Mouse Driver\KMWDSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\UAService7.exe
E:\f-secure\F-Secure Internet Security\Common\FAMEH32.EXE
E:\f-secure\F-Secure Internet Security\Anti-Virus\fsqh.exe
E:\f-secure\F-Secure Internet Security\FSAUA\program\fsaua.exe
E:\f-secure\F-Secure Internet Security\Anti-Virus\fssm32.exe
E:\f-secure\F-Secure Internet Security\FSAUA\program\fsus.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\LClock\LClock.exe
C:\Program Files\VisualTooltip\VisualToolTip.exe
C:\Program Files\CacheBoost\trayicon.exe
C:\Program Files\DAEMON Tools 4.03HE\daemon.exe
E:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\CardDetector\ICON225\CardDetector.exe
C:\Program Files\Mouse Driver\StartAutorun.exe
E:\f-secure\F-Secure Internet Security\Common\FSM32.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\DNA\btdna.exe
C:\Program Files\Mouse Driver\KMConfig.exe
F:\BF\Launcher\Launcher.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Mouse Driver\KMProcess.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
E:\f-secure\F-Secure Internet Security\FSGUI\fsguidll.exe
E:\f-secure\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\WINDOWS\System32\wuauclt.exe
F:\BF\systray\systrayapp.exe
F:\BF\PhoneTools\TextMessaging.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\WINDOWS\explorer.exe
F:\BF\connectivity\connectivitymanager.exe
F:\BF\Deskboard\deskboard.exe
F:\BF\connectivity\CoreCom\CoreCom.exe
F:\BF\connectivity\CoreCom\OraConfigRecover.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll
O4 - HKLM…\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM…\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM…\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM…\Run: [VisualTooltip] C:\Program Files\VisualTooltip\VisualToolTip.exe
O4 - HKLM…\Run: [CacheBoost] C:\Program Files\CacheBoost\trayicon.exe
O4 - HKLM…\Run: [DAEMON Tools] “C:\Program Files\DAEMON Tools 4.03HE\daemon.exe” -lang 1033
O4 - HKLM…\Run: [sunJavaUpdateSched] “E:\Program Files\Java\jre1.6.0_03\bin\jusched.exe”
O4 - HKLM…\Run: [CardDetectorICON225] C:\Program Files\CardDetector\ICON225\CardDetector.exe
O4 - HKLM…\Run: [bEWINTERNET-PLSessionManager] F:\BF\SessionManager\SessionManager.exe
O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM…\Run: [nwiz] nwiz.exe /install
O4 - HKLM…\Run: [KMCONFIG] C:\Program Files\Mouse Driver\StartAutorun.exe KMConfig.exe
O4 - HKLM…\Run: [F-Secure Manager] “E:\f-secure\F-Secure Internet Security\Common\FSM32.EXE” /splash
O4 - HKLM…\Run: [F-Secure TNB] “E:\f-secure\F-Secure Internet Security\FSGUI\TNBUtil.exe” /CHECKALL /WAITFORSW
O4 - HKCU…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU…\Run: [bitTorrent DNA] “C:\Program Files\DNA\btdna.exe”
O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’)
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Add to AMV Converter… - D:\Program Files\MP3 Player Utilities 4.07\AMVConverter\grab.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Eksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - D:\Program Files\MP3 Player Utilities 4.07\MediaManager\grab.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O17 - HKLM\System\CCS\Services\Tcpip…{787AC769-8F78-4E0B-9673-631359DDA816}: NameServer = 217.116.100.66 217.116.100.65
O23 - Service: CacheBoost Performance Optimizer and Tuner Service (CacheBoost Service) - Systweak India - C:\Program Files\CacheBoost\cbsrv.exe
O23 - Service: DiskMagik Service (DiskMgkS) - RoseCity Software - D:\diskmagik\DiskMgkS.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - E:\f-secure\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - E:\f-secure\F-Secure Internet Security\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - E:\f-secure\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - E:\f-secure\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - E:\f-secure\F-Secure Internet Security\ORSP Client\fsorsp.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program Files\Mouse Driver\KMWDSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\System32\UAService7.exe
–
End of file - 9056 bytes
Wielkie dzięki wam za pomoc.Nie wiedziałem co mam z tym zrobić.