Bardzo Proszę o sprawdzenie loga


(Siampa) #1

gdy wlaczam komputer pokazuje sie cos takiego:

NTkrnl.jpg

dodaje loga z HT

Logfile of HijackThis v1.99.1

Scan saved at 15:00:31, on 2007-04-05

Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

D:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\System32\GEARSec.exe

D:\Program Files\Norton Ghost\Agent\VProSvc.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\Cyberlink\Shared files\RichVideo.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\dllhost.exe

C:\WINDOWS\System32\vssvc.exe

D:\Program Files\Java\jre1.5.0_02\bin\jusched.exe

C:\PROGRA~1\NEOSTR~1\CnxMon.exe

C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe

D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\System32\algose32.exe

C:\WINDOWS\System32\svcchosst.exe

C:\WINDOWS\System32\sxes.exe

C:\WINDOWS\System32\ctfmon.exe

D:\Program Files\Gadu-Gadu\gg.exe

C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe

C:\PROGRA~1\NEOSTR~1\ComComp.exe

C:\PROGRA~1\NEOSTR~1\Watch.exe

C:\WINDOWS\System32\dllhost.exe

D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

D:\Program Files\Alwil Software\Avast4\ashWebSv.exe

D:\Program Files\Firefox\firefox.exe

D:\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotinfolink.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL

O1 - Hosts: 85.221.229.44 l2authd.lineage2.com

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\PROGRA~1\FLASHGET\jccatch.dll (file missing)

O3 - Toolbar: Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\fgiebar.dll

O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_02\bin\jusched.exe

O4 - HKLM\..\Run: [Resume copy] copyfstq.exe /startup

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe

O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe

O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe

O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Program Files\D-Tools\daemon.exe" -lang 1033 -noicon

O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Offices Monitorse] C:\WINDOWS\System32\algose32.exe

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKLM\..\RunServices: [msvccc66] svcchosst.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [Gadu-Gadu] "D:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU\..\Run: [Offices Monitorse] C:\WINDOWS\System32\algose32.exe

O8 - Extra context menu item: Download All by FlashGet - D:\Program Files\FlashGet\jc_all.htm

O8 - Extra context menu item: Download using FlashGet - D:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: Eksport do programu Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\flashget.exe

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\flashget.exe

O17 - HKLM\System\CCS\Services\Tcpip\..\{9BE0A58B-D1AB-441E-9E56-45C2B87E6E08}: NameServer = 194.204.159.1 217.98.63.164

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: NVDESK32.DLL,

O20 - Winlogon Notify: mszsrn32 - C:\WINDOWS\system32\mszsrn32.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe

O23 - Service: Norton Ghost - Symantec Corporation - D:\Program Files\Norton Ghost\Agent\VProSvc.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

(Macio117) #2

Skanowałeś programem SpyBot :?:

Jak nie to ściągnij z Naszego vortalu, zainstaluj i przeskanuj po aktualizacji programu.

Na dodatek zrób skana z ComboFix, i zapodaj log z ComboScan.


(Siampa) #3

skanowalem avastem, Ad-Aware i Spy Bot

zaraz dolacze loga

Złączono Posta : 05.04.2007 (Czw) 15:28

ComboScan

ComboScan v20070306.20 run by AmarU on 2007-04-05 at 15:24:56

Computer is in Normal Mode.

--------------------------------------------------------------------------------


-- System Restore --------------------------------------------------------------


Successfully created ComboScan Restore Point.



-- Last 1 Restore Point(s) --

1: 2007-04-05 13:25:08 UTC - RP29 - ComboScan Restore Point



Performed disk cleanup.



-- HijackThis (run as AmarU.exe) -----------------------------------------------


Logfile of HijackThis v1.99.1

Scan saved at 15:25:37, on 2007-04-05

Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

D:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\System32\GEARSec.exe

D:\Program Files\Norton Ghost\Agent\VProSvc.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\Cyberlink\Shared files\RichVideo.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\dllhost.exe

C:\WINDOWS\System32\vssvc.exe

D:\Program Files\Java\jre1.5.0_02\bin\jusched.exe

C:\PROGRA~1\NEOSTR~1\CnxMon.exe

C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe

D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\System32\algose32.exe

C:\WINDOWS\System32\svcchosst.exe

C:\WINDOWS\System32\sxes.exe

C:\WINDOWS\System32\ctfmon.exe

C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe

C:\PROGRA~1\NEOSTR~1\ComComp.exe

C:\PROGRA~1\NEOSTR~1\Watch.exe

C:\WINDOWS\System32\dllhost.exe

D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

D:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Documents and Settings\AmarU\Pulpit\Combo scan\comboscan.exe

D:\AmarU.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotinfolink.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL

O1 - Hosts: 85.221.229.44 l2authd.lineage2.com

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\PROGRA~1\FLASHGET\jccatch.dll (file missing)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\fgiebar.dll

O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_02\bin\jusched.exe

O4 - HKLM\..\Run: [Resume copy] copyfstq.exe /startup

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe

O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe

O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe

O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Program Files\D-Tools\daemon.exe" -lang 1033 -noicon

O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Offices Monitorse] C:\WINDOWS\System32\algose32.exe

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKLM\..\RunServices: [msvccc66] svcchosst.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [Gadu-Gadu] "D:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU\..\Run: [Offices Monitorse] C:\WINDOWS\System32\algose32.exe

O8 - Extra context menu item: Download All by FlashGet - D:\Program Files\FlashGet\jc_all.htm

O8 - Extra context menu item: Download using FlashGet - D:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\flashget.exe

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\flashget.exe

O17 - HKLM\System\CCS\Services\Tcpip\..\{9BE0A58B-D1AB-441E-9E56-45C2B87E6E08}: NameServer = 194.204.159.1 217.98.63.164

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: NVDESK32.DLL,

O20 - Winlogon Notify: mszsrn32 - C:\WINDOWS\system32\mszsrn32.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe

O23 - Service: Norton Ghost - Symantec Corporation - D:\Program Files\Norton Ghost\Agent\VProSvc.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe



-- File Associations -----------------------------------------------------------


.bat - batfile - "%1" %*

.chm - chm.file - "C:\WINDOWS\hh.exe" %1

.cmd - cmdfile - "%1" %*

.com - comfile - "%1" %*

.exe - exefile - "%1" %*

.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1

.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1

.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1

.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*

.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}

.pif - piffile - "%1" %*

.reg - regfile - regedit.exe "%1"

.scr - scrfile - "%1" /S

.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1

.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*



-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------


1R Aavmker4 (avast! Asynchronous Virus Monitor) - C:\WINDOWS\system32\drivers\aavmker4.sys

3R alcan5wn (SpeedTouch USB ADSL PPP Networking Driver (NDISWAN)) - C:\WINDOWS\system32\drivers\alcan5wn.sys

3R alcaudsl (SpeedTouch ADSL Modem ATM Transport) - C:\WINDOWS\system32\drivers\alcaudsl.sys

3R ALCXSENS (Service for WDM 3D Audio Driver) - C:\WINDOWS\system32\drivers\ALCXSENS.SYS

3R ALCXWDM (Service for Realtek AC97 Audio (WDM)) - C:\WINDOWS\system32\drivers\ALCXWDM.SYS

1R AmdK7 (Sterownik procesora AMD K7) - C:\WINDOWS\system32\drivers\amdk7.sys

3R Arp1394 (Protokół klienta 1394 ARP) - C:\WINDOWS\system32\drivers\arp1394.sys

2R aswMon2 (avast! Standard Shield Support) - C:\WINDOWS\system32\drivers\aswmon2.sys

3R aswRdr - C:\WINDOWS\system32\drivers\aswRdr.sys

1R aswTdi (avast! Network Shield Support) - C:\WINDOWS\system32\drivers\aswTdi.sys

1R GearAspiWDM - C:\WINDOWS\system32\drivers\GEARAspiWDM.sys

3S hamachi (Hamachi Network Interface) - C:\WINDOWS\system32\drivers\hamachi.sys

3S hidusb (Sterownik Microsoft klasy HID) - C:\WINDOWS\system32\drivers\hidusb.sys

2R irda (Protokół IrDA) - C:\WINDOWS\system32\drivers\irda.sys

3S MSIRCOMM (Microsoft IR Communications Driver) - C:\WINDOWS\system32\drivers\MSIRCOMM.sys

3R ms_mpu401 (Sterownik portu MIDI UART Microsoft MPU-401) - C:\WINDOWS\system32\drivers\msmpu401.sys

3R NIC1394 (Sterownik sieci 1394) - C:\WINDOWS\system32\drivers\nic1394.sys

3S npkcrypt - D:\Gry\Lineage II C5\system\npkcrypt.sys (not found)

3R nv - C:\WINDOWS\system32\drivers\nv4_mini.sys

0R nvatabus - C:\WINDOWS\system32\drivers\nvatabus.sys

0R nv_agp (NVIDIA nForce AGP Bus Filter) - C:\WINDOWS\system32\drivers\nv_agp.SYS

0R ohci1394 (Kontroler hosta IEEE 1394 VIA zgodny z OHCI) - C:\WINDOWS\system32\drivers\ohci1394.sys

0R PxHelp20 - C:\WINDOWS\system32\drivers\PxHelp20.sys

3R Rasirda (WAN Miniport (IrDA)) - C:\WINDOWS\system32\drivers\rasirda.sys

3R st3wolf - C:\WINDOWS\system32\drivers\st3wolf.sys

3R STIrUsb (STIrUsb.sys USB-IrDA Adapter) - C:\WINDOWS\system32\drivers\irstusb.sys

0R stwlfbus - C:\WINDOWS\system32\drivers\stwlfbus.sys

2R symlcbrd - C:\WINDOWS\system32\drivers\symlcbrd.sys

0R SymSnap - C:\WINDOWS\system32\drivers\SymSnap.sys

3R usbehci (Sterownik Miniport rozszerzonego kontrolera hosta USB 2.0 Microsoft) - C:\WINDOWS\system32\drivers\usbehci.sys

3R usbohci (Sterownik Miniport otwartego kontrolera hosta USB Microsoft) - C:\WINDOWS\system32\drivers\usbohci.sys

3S usbprint (Klasa PRINTER USB Microsoft) - C:\WINDOWS\system32\drivers\usbprint.sys

3S usbscan (Sterownik skanera USB) - C:\WINDOWS\system32\drivers\usbscan.sys

3S USBSTOR (Sterownik magazynu masowego USB) - C:\WINDOWS\system32\drivers\USBSTOR.SYS

1R V2IMount - C:\WINDOWS\system32\drivers\V2iMount.sys



-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------


3S aspnet_state (ASP.NET State Service) - C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe

2R aswUpdSv (avast! iAVS4 Control Service) - "D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"

2R avast! Antivirus - "D:\Program Files\Alwil Software\Avast4\ashServ.exe"

3R avast! Mail Scanner - "D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service

3R avast! Web Scanner - "D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service

2R ccEvtMgr (Symantec Event Manager) - "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"

3S ccPwdSvc (Symantec Password Validation) - "C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe"

2R ccSetMgr (Symantec Settings Manager) - "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"

2R GEARSecurity - C:\WINDOWS\System32\GEARSec.exe

2R Irmon (Monitor podczerwieni) - C:\WINDOWS\System32\svchost.exe -k netsvcs

2R Norton Ghost - D:\Program Files\Norton Ghost\Agent\VProSvc.exe

2R NVSvc (NVIDIA Driver Helper Service) - C:\WINDOWS\System32\nvsvc32.exe

3S ose (Office Source Engine) - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

2R RichVideo (Cyberlink RichVideo Service(CRVS)) - "C:\Program Files\Cyberlink\Shared files\RichVideo.exe"

3S SCardDrv (Pomocnik karty inteligentnej) - C:\WINDOWS\System32\SCardSvr.exe

3S Symantec Core LC - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

2R UMWdf (Windows User Mode Driver Framework) - C:\WINDOWS\System32\wdfmgr.exe

2R uploadmgr (Menedżer przekazywania) - C:\WINDOWS\System32\svchost.exe -k netsvcs

3S usprserv (User Privilege Service) - C:\WINDOWS\System32\svchost.exe -k netsvcs



-- Scheduled Tasks -------------------------------------------------------------


2007-03-14 15:29:20 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job



-- Files created between 2007-03-05 and 2007-04-05 -----------------------------


2007-04-05 14:37:34 0 d--hs---- C:\FOUND.010

2007-04-05 08:51:19 0 d-------- C:\WINDOWS\System32\AdCache

2007-04-04 22:32:16 115200 --a------ C:\WINDOWS\System32\jrhsat.exe

2007-04-04 22:05:55 115200 --a------ C:\WINDOWS\saktasjah.exe

2007-04-04 21:13:49 115200 --a------ C:\xsecurityjx.exe

2007-04-04 20:56:42 115712 --a------ C:\WINDOWS\bmgjh.exe

2007-04-04 20:26:51 115200 --a------ C:\WINDOWS\tlkajsj.exe

2007-04-04 19:59:33 115200 --a------ C:\WINDOWS\System32\sxes.exe

2007-04-04 19:58:59 23040 --a------ C:\WINDOWS\System32\mszsrn32.dll

2007-04-03 19:14:18 0 d--hs---- C:\FOUND.009

2007-04-03 10:47:59 63529 --a------ C:\WINDOWS\System32\dload.exe

2007-04-02 21:29:18 0 d--hs---- C:\FOUND.008

2007-04-01 14:34:35 153925 --a------ C:\WINDOWS\System32\drivers\dump_wmimmc.sys

2007-04-01 14:34:19 4682 --a------ C:\WINDOWS\System32\npptNT2.sys

2007-03-31 12:27:12 0 d-------- C:\Program Files\Common Files\SWF Studio

2007-03-29 16:58:03 79872 --a------ C:\WINDOWS\System32\algose32.exe

2007-03-27 19:46:53 0 d-------- C:\Program Files\Common Files\DirectX

2007-03-23 16:48:31 90112 --a------ C:\WINDOWS\System32\AVASTSS.scr

2007-03-23 16:15:56 23352 --a------ C:\WINDOWS\System32\drivers\aswRdr.sys

2007-03-23 16:15:55 43176 --a------ C:\WINDOWS\System32\drivers\aswTdi.sys

2007-03-23 16:15:52 94424 --a------ C:\WINDOWS\System32\drivers\aswmon2.sys

2007-03-23 16:15:52 85952 --a------ C:\WINDOWS\System32\drivers\aswmon.sys

2007-03-23 16:15:51 31560 --a------ C:\WINDOWS\System32\drivers\aavmker4.sys

2007-03-23 16:15:26 689280 --a------ C:\WINDOWS\System32\aswBoot.exe

2007-03-20 12:45:38 626688 --a------ C:\WINDOWS\System32\msvcr80.dll

2007-03-20 12:45:37 548864 --a------ C:\WINDOWS\System32\msvcp80.dll

2007-03-20 12:45:37 479232 --a------ C:\WINDOWS\System32\msvcm80.dll

2007-03-20 12:14:54 0 d--hs---- C:\FOUND.007

2007-03-16 14:49:52 0 --a------ C:\WINDOWS\System32\regfix.exe

2007-03-14 15:29:11 0 d-------- C:\Program Files\Apple Software Update

2007-03-13 13:20:09 0 d-------- C:\Program Files\Common Files\NSV

2007-03-10 14:27:20 2432 -----n--- C:\WINDOWS\System32\drivers\cdr4_xp.sys

2007-03-10 14:27:19 115880 -----n--- C:\WINDOWS\System32\pxinsi64.exe

2007-03-10 14:27:19 36528 -----n--- C:\WINDOWS\System32\drivers\PxHelp20.sys

2007-03-10 14:27:19 2560 -----n--- C:\WINDOWS\System32\drivers\cdralw2k.sys

2007-03-10 14:27:17 129784 -----n--- C:\WINDOWS\System32\pxafs.dll

2007-03-10 14:20:47 0 d-------- C:\Program Files\Winamp

2007-03-10 13:16:35 10345 --a------ C:\WINDOWS\System32\drivers\hamachi.sys

2007-03-07 20:26:31 5632 --a------ C:\WINDOWS\System32\ptpusb.dll

2007-03-07 20:26:15 150528 --a------ C:\WINDOWS\System32\ptpusd.dll

2007-03-07 20:26:11 14208 --a------ C:\WINDOWS\System32\drivers\usbscan.sys

2007-03-06 18:30:23 0 d-------- C:\Program Files\BitTorrent

2007-03-06 15:50:00 0 d-------- C:\Program Files\AC3Filter

2007-03-06 15:49:36 0 d-------- C:\Program Files\Codec Pack - All In 1

2007-03-05 16:48:40 0 d--hs---- C:\FOUND.006



-- Find3M Report ---------------------------------------------------------------


2007-03-31 12:27:10 1385744 --a------ C:\WINDOWS\System32\msvbvm60.dll

2007-03-28 19:28:48 498652 --a------ C:\WINDOWS\System32\perfh015.dat

2007-03-28 19:28:48 74788 --a------ C:\WINDOWS\System32\perfc015.dat

2007-03-15 16:55:44 0 d-------- C:\Documents and Settings\AmarU\Dane aplikacji\Groove Games

2007-03-06 18:30:34 0 d-------- C:\Documents and Settings\AmarU\Dane aplikacji\BitTorrent

2007-03-06 15:48:52 737280 --a------ C:\WINDOWS\iun6002.exe

2007-03-02 19:04:14 0 d-------- C:\Documents and Settings\AmarU\Dane aplikacji\AdobeUM

2007-03-02 19:01:58 0 d-------- C:\Documents and Settings\AmarU\Dane aplikacji\Adobe

2007-03-02 15:21:48 5335 --a------ C:\WINDOWS\mozver.dat

2007-03-02 15:21:46 0 d-------- C:\Program Files\Temp

2007-03-02 15:21:46 0 d-------- C:\Program Files\GinCards

2007-03-02 15:21:46 0 d-------- C:\Program Files\GanymedeNet

2007-03-02 15:21:46 0 d-------- C:\Program Files\Common

2007-03-02 15:21:46 0 d-------- C:\Program Files\Adv

2007-03-02 13:06:10 0 d-------- C:\Documents and Settings\AmarU\Dane aplikacji\Skype

2007-03-02 13:05:52 0 d-------- C:\Program Files\Common Files\Skype

2007-03-01 13:11:18 0 d-------- C:\Program Files\Skype

2007-02-27 16:47:48 0 d-------- C:\Documents and Settings\AmarU\Dane aplikacji\Lavasoft

2007-02-21 17:39:12 0 d-------- C:\Program Files\Microsoft.NET

2007-02-21 16:28:34 0 d-------- C:\Program Files\Symantec

2007-02-21 14:55:32 0 d-------- C:\Documents and Settings\AmarU\Dane aplikacji\Sun

2007-02-20 22:52:16 0 d-------- C:\Documents and Settings\AmarU\Dane aplikacji\Symantec

2007-02-20 22:51:52 0 d-------- C:\Program Files\Common Files\Symantec Shared

2007-02-20 22:24:48 0 d-------- C:\Documents and Settings\AmarU\Dane aplikacji\Macromedia

2007-02-20 21:42:10 0 --a------ C:\WINDOWS\nsreg.dat

2007-02-20 21:42:10 0 d-------- C:\Documents and Settings\AmarU\Dane aplikacji\Talkback

2007-02-20 21:36:44 0 d-------- C:\Program Files\Thomson

2007-02-20 21:35:28 0 d-------- C:\Program Files\Neostrada TP

2007-02-20 21:22:32 0 d-------- C:\Program Files\Realtek Sound Manager

2007-02-20 21:22:28 0 d-------- C:\Program Files\AvRack

2007-02-20 21:16:50 0 d-------- C:\Program Files\Cyberlink

2007-02-20 21:16:10 0 d--h----- C:\Program Files\InstallShield Installation Information

2007-02-20 21:15:54 0 d-------- C:\Program Files\Common Files\InstallShield

2007-02-20 21:14:34 9694 --a------ C:\WINDOWS\irunin.dat

2007-02-20 21:13:12 0 d-------- C:\Program Files\Common Files\Java

2007-02-20 21:11:30 0 d-------- C:\Program Files\Common Files\Adobe

2007-02-20 21:07:24 0 d-------- C:\Program Files\Common Files\Ahead

2007-02-20 21:06:34 100482 --a------ C:\WINDOWS\UninstallFirefox.exe

2007-02-20 21:06:12 0 d-------- C:\Documents and Settings\AmarU\Dane aplikacji\Mozilla

2007-02-20 21:00:34 0 d-------- C:\Program Files\ACD Systems

2007-02-20 20:58:36 0 d-------- C:\Documents and Settings\AmarU\Dane aplikacji\Identities

2007-02-20 20:53:24 0 d-------- C:\Program Files\microsoft frontpage

2007-02-20 20:53:00 0 -rahs---- C:\MSDOS.SYS

2007-02-20 20:53:00 0 -rahs---- C:\IO.SYS

2007-02-20 20:53:00 0 --a------ C:\CONFIG.SYS

2007-02-20 20:53:00 0 --a------ C:\AUTOEXEC.BAT

2007-02-20 20:49:02 0 d-------- C:\Program Files\Common Files\MSSoap

2007-02-20 20:48:48 0 d-------- C:\Program Files\Movie Maker

2007-02-20 20:47:32 21856 --a------ C:\WINDOWS\System32\emptyregdb.dat

2007-02-20 20:47:10 0 d--h----- C:\Program Files\WindowsUpdate

2007-02-20 20:47:10 0 d-------- C:\Program Files\Usługi online

2007-02-20 20:47:00 0 d-------- C:\Program Files\Messenger

2007-02-20 20:46:50 0 d-------- C:\Program Files\MSN Gaming Zone

2007-02-20 20:45:38 0 d-------- C:\Program Files\Windows NT

2007-02-20 20:39:50 0 d-------- C:\Program Files\Common Files\ODBC

2007-02-20 20:39:44 0 d-------- C:\Program Files\Common Files\SpeechEngines

2007-02-20 20:38:58 62 --ahs---- C:\Documents and Settings\AmarU\Dane aplikacji\desktop.ini

2007-02-20 20:38:38 0 d---s---- C:\Documents and Settings\AmarU\Dane aplikacji\Microsoft



-- Registry Dump ---------------------------------------------------------------



[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]

"CTFMON.EXE"="C:\\WINDOWS\\System32\\ctfmon.exe"

"Gadu-Gadu"="\"D:\\Program Files\\Gadu-Gadu\\gg.exe\" /tray"

"Offices Monitorse"="C:\\WINDOWS\\System32\\algose32.exe"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]

"SunJavaUpdateSched"="D:\\Program Files\\Java\\jre1.5.0_02\\bin\\jusched.exe"

"Resume copy"="copyfstq.exe /startup"

"NvCplDaemon"="RUNDLL32.EXE NvQTwk,NvCplDaemon initialize"

"WooCnxMon"="C:\\PROGRA~1\\NEOSTR~1\\CnxMon.exe"

"WOOWATCH"="C:\\PROGRA~1\\NEOSTR~1\\Watch.exe"

"WOOTASKBARICON"="C:\\PROGRA~1\\NEOSTR~1\\TaskbarIcon.exe"

"QuickTime Task"="\"D:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"

"DAEMON Tools-1033"="\"D:\\Program Files\\D-Tools\\daemon.exe\" -lang 1033 -noicon"

"avast!"="D:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"

"Offices Monitorse"="C:\\WINDOWS\\System32\\algose32.exe"

"MSConfig"="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\MSConfig.exe /auto"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]

"Installed"="1"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]

"Installed"="1"

"NoChange"="1"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]

"Installed"="1"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]

"msvccc66"="svcchosst.exe"


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^ImageFox.lnk]

"path"="C:\\Documents and Settings\\All Users\\Menu Start\\Programy\\Autostart\\ImageFox.lnk"

"backup"="C:\\WINDOWS\\pss\\ImageFox.lnkCommon Startup"

"location"="Common Startup"

"command"="C:\\WINDOWS\\Installer\\{92E64C51-5096-442F-9A44-61CB2941391D}\\NewShortcut1.exe "

"item"="ImageFox"


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^WinZip Quick Pick.lnk]

"path"="C:\\Documents and Settings\\All Users\\Menu Start\\Programy\\Autostart\\WinZip Quick Pick.lnk"

"backup"="C:\\WINDOWS\\pss\\WinZip Quick Pick.lnkCommon Startup"

"location"="Common Startup"

"command"="D:\\PROGRA~1\\WinZip\\WZQKPICK.EXE "

"item"="WinZip Quick Pick"


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="bittorrent"

"hkey"="HKCU"

"command"="\"D:\\Program Files\\BitTorrent\\bittorrent.exe\" --force_start_minimized"

"inimapping"="0"


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="ccApp"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""

"inimapping"="0"


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Language"

"hkey"="HKLM"

"command"="\"D:\\Program Files\\CyberLink\\PowerDVD\\Language\\Language.exe\""

"inimapping"="0"


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msvccc66]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="svcchosst"

"hkey"="HKLM"

"command"="svcchosst.exe"

"inimapping"="0"


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="NeroCheck"

"hkey"="HKLM"

"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"

"inimapping"="0"


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 10.0]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="GhostTray"

"hkey"="HKLM"

"command"="\"D:\\Program Files\\Norton Ghost\\Agent\\GhostTray.exe\""

"inimapping"="0"


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="PDVDServ"

"hkey"="HKLM"

"command"="\"D:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""

"inimapping"="0"


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="SOUNDMAN"

"hkey"="HKLM"

"command"="SOUNDMAN.EXE"

"inimapping"="0"


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Dragdiag"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\Thomson\\SpeedTouch USB\\Dragdiag.exe\" /icon"

"inimapping"="0"


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Security Center Notification Applse]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="sxes"

"hkey"="HKLM"

"command"="C:\\WINDOWS\\System32\\sxes.exe"

"inimapping"="0"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"appinit_dlls"="NVDESK32.DLL,"



[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

"Offices Monitorse"="C:\\WINDOWS\\System32\\algose32.exe"


[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]

"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

"Offices Monitorse"="C:\\WINDOWS\\System32\\algose32.exe"


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mszsrn32


[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]

LocalService	REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0

NetworkService	REG_MULTI_SZ DnsCache\0\0

rpcss	REG_MULTI_SZ RpcSs\0\0

imgsvc	REG_MULTI_SZ StiSvc\0\0

termsvcs	REG_MULTI_SZ TermService\0\0




-- Hosts -----------------------------------------------------------------------


85.221.229.44 l2authd.lineage2.com



-- End of ComboScan: finished at 2007-04-05 at 15:26:18 ------------------------

ComboScan v20070306.20 run by AmarU on 2007-04-05 at 15:24:56

Supplementary logfile - please post this as an attachment with your post.

--------------------------------------------------------------------------------


-- System Information ----------------------------------------------------------


Microsoft Windows XP Professional (build 2600) SP 1.0

Architecture: X86; Language: Polish


CPU 0: AMD Duron(tm) processor

Percentage of Memory in Use: 88%

Physical Memory (total/avail): 126.42 MiB / 14.45 MiB

Pagefile Memory (total/avail): 684.41 MiB / 442.24 MiB

Virtual Memory (total/avail): 2047.88 MiB / 1995.46 MiB


A: is Removable (No Media)

C: is Fixed (FAT32) - 5.85 GiB total, 3.34 GiB free. 

D: is Fixed (FAT32) - 34.17 GiB total, 27.7 GiB free. 

E: is Fixed (FAT32) - 34.48 GiB total, 0.71 GiB free. 

F: is CDROM (No Media)

G: is CDROM (No Media)

H: is CDROM (CDFS)



-- Security Center -------------------------------------------------------------


AUOptions is disabled.

AUState says computer has updates disabled.

Windows Internal Firewall is enabled.



-- Environment Variables -------------------------------------------------------


ALLUSERSPROFILE=C:\Documents and Settings\All Users

APPDATA=C:\Documents and Settings\AmarU\Dane aplikacji

CLASSPATH=.;D:\Program Files\Java\jre1.5.0_02\lib\ext\QTJava.zip

CommonProgramFiles=C:\Program Files\Common Files

COMPUTERNAME=AS-CDP4Y4MNGLXG

ComSpec=C:\WINDOWS\system32\cmd.exe

HOMEDRIVE=C:

HOMEPATH=\Documents and Settings\AmarU

LOGONSERVER=\\AS-CDP4Y4MNGLXG

NUMBER_OF_PROCESSORS=1

OS=Windows_NT

Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;D:\Program Files\QuickTime\QTSystem\

PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

PROCESSOR_ARCHITECTURE=x86

PROCESSOR_IDENTIFIER=x86 Family 6 Model 7 Stepping 0, AuthenticAMD

PROCESSOR_LEVEL=6

PROCESSOR_REVISION=0700

ProgramFiles=C:\Program Files

PROMPT=$P$G

QTJAVA=D:\Program Files\Java\jre1.5.0_02\lib\ext\QTJava.zip

SESSIONNAME=Console

SystemDrive=C:

SystemRoot=C:\WINDOWS

TEMP=C:\DOCUME~1\AmarU\USTAWI~1\Temp

TMP=C:\DOCUME~1\AmarU\USTAWI~1\Temp

USERDOMAIN=AS-CDP4Y4MNGLXG

USERNAME=AmarU

USERPROFILE=C:\Documents and Settings\AmarU

windir=C:\WINDOWS



-- User Profiles ---------------------------------------------------------------


AmarU [I](admin)[/I]

Mama i Tata [I](admin)[/I]

Administrator [I](new local, admin)[/I]



-- Add/Remove Programs ---------------------------------------------------------


 --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

AC3Filter (remove only) --> C:\Program Files\AC3Filter\uninstall.exe

ACDSee 4.0 PowerPack Suite --> MsiExec.exe /I{92E64C51-5096-442F-9A44-61CB2941391D}

Ad-Aware SE Personal --> D:\PROGRA~1\LAVASOFT\AD-AWA~1\UNWISE.EXE D:\PROGRA~1\LAVASOFT\AD-AWA~1\INSTALL.LOG

Adobe Reader 6.0 CE --> MsiExec.exe /I{AC76BA86-7AD7-1038-7646-CE0000000001}

Apple Software Update --> MsiExec.exe /I{A260B422-70E1-41E2-957D-F76FA21266D5}

Archiwizator WinRAR --> D:\Program Files\WinRAR\uninstall.exe

avast! Antivirus --> rundll32 D:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup

Canon i320 --> C:\WINDOWS\System32\CNMCP47.exe "-PRINTERNAMECanon i320" "-HELPERDLLC:\BJPrinter\CNMWINDOWS\Canon i320 Installer\Inst2\cnmis.dll" "-RCDLLC:\BJPrinter\CNMWINDOWS\Canon i320 Installer\Inst2\cnmi0415.dll"

CDex extraction audio --> "D:\Program Files\CDex_150\uninstall.exe"

Codec Pack - All In 1 6.0.3.0 --> C:\WINDOWS\iun6002.exe "C:\Program Files\Codec Pack - All In 1\irunin.ini"

DAEMON Tools --> MsiExec.exe /I{7A27AE24-F5B8-4ABC-B3DA-AB57BC7309FB}

DC++ 0.670 --> "D:\Program Files\DC++\uninstall.exe"

EVEREST Home Edition v2.20 --> "D:\Program Files\Lavalys\EVEREST Home Edition\unins000.exe"

FlashGet(JetCar) --> D:\PROGRA~1\FLASHGET\UNWISE.EXE D:\PROGRA~1\FLASHGET\INSTALL.LOG

Gadu-Gadu 7.6 --> D:\Program Files\Gadu-Gadu\Setup.exe

GTA VC - NFS Undeground --> "D:\Program Files\GTA VC - NFS Undeground\unins000.exe"

Hamachi 0.9.9.9 --> D:\Program Files\Hamachi\uninstall.exe

HijackThis 1.99.1 --> D:\HijackThis.exe /uninstall

J2SE Runtime Environment 5.0 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020}

LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE

LiveUpdate 2.6 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U

Microsoft Office FrontPage 2003 --> MsiExec.exe /I{90170415-6000-11D3-8CFE-0150048383C9}

Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110415-6000-11D3-8CFE-0150048383C9}

mIRC --> "D:\Program Files\mIRC\mirc.exe" -uninstall

Mozilla Firefox (1.0.4) --> C:\WINDOWS\UninstallFirefox.exe /ua "1.0.4 (pl-PL)"

Need For Speed Underground --> D:\Program Files\EA GAMES\Need For Speed Underground\EAUninstall.exe

Neostrada TP --> C:\PROGRA~1\NEOSTR~1\SondageDesinstallation.exe

Nero 6 --> D:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL

Norton Ghost 10.0 --> MsiExec.exe /X{32F720F5-2D0D-4245-A2B0-9EB3CECF8101}

NVIDIA Drivers --> C:\WINDOWS\System32\NVUNINST.EXE UninstallGUI

NVIDIA Windows 2000/XP Display Drivers --> rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nv4_disp.inf

Onet.pl - Skype 3.0 --> "C:\Program Files\Skype\Phone\unins000.exe"

PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall

QuickTime --> MsiExec.exe /I{5E863175-E85D-44A6-8968-82507D34AE7F}

Real-Draw PRO 4.0 --> "D:\Program Files\RealDrawPRO4\unins000.exe"

Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE

Skype Plugin Manager --> MsiExec.exe /I{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}

SpeedTouch USB Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D41FAAA9-8048-4906-86B2-9AADEA1FA0B7}\setup.exe" /l0009 -Control_Panel

Spybot - Search & Destroy 1.4 --> "D:\Program Files\Spybot - Search & Destroy\unins000.exe"

Total Commander (Remove or Repair) --> D:\Program Files\totalcmd\tcuninst.exe

TotalCopy 1.2 (Luki Edition) --> C:\WINDOWS\iun6002.exe "C:\WINDOWS\irunin.ini"

USB-IrDA Adapter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{10F5D9BB-E2F2-4B18-A65D-928B73D22E6F}\Setup.exe" -l0x9 

Winamp (remove only) --> "D:\Program Files\Winamp\UninstWA.exe"

WinZip --> "D:\Program Files\WinZip\WINZIP32.EXE" /uninstall



-- End of ComboScan: finished at 2007-04-05 at 15:26:18 ------------------------

ComboFix

"AmarU" - 07-04-05 15:23:04 Dodatek Service Pack. 1

ComboFix 07-04-05 - Running from: "C:\Documents and Settings\AmarU\Pulpit\ComboFIX"



(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))



C:\WINDOWS\system32\a.exe



((((((((((((((((((((((((((((((( Files Created from 2007-03-05 to 2007-04-05 ))))))))))))))))))))))))))))))))))



2007-04-05 14:37

[code] 07-04-05 15:22 115200 --a------ C:\Qoobox\Quarantine\WINDOWS\system32\a.exe.vir Zmienna PATH folderu dla woluminu SYSTEM Numer seryjny woluminu: 71F5E346 E0C1:8FD2 C:\QOOBOX ---Quarantine +---Registry_backups ---WINDOWS ---system32 a.exe.vir


(adam9870) #4

Użyj Windows Worms Doors Cleanera zmień znaczki z disable na enable (wszystkie znaczki maja być na zielono, jeżeli któryś z nich będzie na żółto to go zostaw). Po użyciu narzędzia wymagany jest restart.

Ściągasz program KillBox, zaznaczasz Delete on reboot , w polu full path of file wklej ścieżki:

C:\WINDOWS\System32\jrhsat.exe

C:\WINDOWS\saktasjah.exe

C:\xsecurityjx.exe

C:\WINDOWS\bmgjh.exe

C:\WINDOWS\tlkajsj.exe

C:\WINDOWS\System32\sxes.exe

C:\WINDOWS\System32\mszsrn32.dll

C:\WINDOWS\System32\dload.exe

C:\WINDOWS\System32\algose32.exe

C:\WINDOWS\System32\regfix.exe

Po wklejeniu każdej ścieżki z osobna klikasz na czerwonego iksa, ale dopiero po wklejeniu ostatniej zgadzasz się na restart.

Otwórz Notatnik i wklej w nim to:

Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.REG >>> kliknij dwa razy na utworzony plik FIX.REG i potwierdź dodanie do rejestru >>> restart.

Usuń wpisy HJT jeśli będą.

Po wykonaniu wklej nowy log z HijackThis i ComboFix.


(Siampa) #5

dzieki wielkie za pomoc ale format i tak jest najlepszy :stuck_out_tongue:

Pozdrawiam

Siampa