Blokada dostepu do internetu

Dla specjalistów Bezpieczeństwo
#1

czesc

poniewaz nie mam zielonego pojecia co mogło zablokowac dostep do neta na moim kompie bardzo prosze was o pomoc

Logfile of HijackThis v1.99.1

Scan saved at 20:07:18, on 2009-01-21

Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe

C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Softex\OmniPass\Omniserv.exe

C:\Program Files\Lenovo\PM Driver\PMSveH.exe

C:\WINDOWS\System32\snmp.exe

C:\WINDOWS\system32\svchost.exe

c:\program files\lenovo\system update\suservice.exe

C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe

C:\Program Files\Windows Media Player\WMPNetwk.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Program Files\Softex\OmniPass\OPXPApp.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Lenovo\HOTKEY\TPHKMGR.exe

C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\PROGRA~1\THINKV~1\AMSG\amsg.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Lenovo\Client Security Solution\cssauth.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\TOPCOM\BULTER 4012\Butler 4012 USB VoIP.exe

C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Spyware Doctor\pctsAuxs.exe

C:\Program Files\Spyware Doctor\pctsSvc.exe

C:\Program Files\Spyware Doctor\pctsTray.exe

C:\WINDOWS\system32\taskmgr.exe

C:\Documents and Settings\Aneta\Moje dokumenty\rózne dziwne\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://onet.pl/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (file missing)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: LingTools - {7638AB14-B003-49F2-A342-D7BD4F7FD79A} - (no file)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll

O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll

O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)

O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (file missing)

O4 - HKLM…\Run: [synTPEnh] “C:\Program Files\Synaptics\SynTP\SynTPEnh.exe”

O4 - HKLM…\Run: [TPHOTKEY] “C:\Program Files\Lenovo\HOTKEY\TPHKMGR.exe”

O4 - HKLM…\Run: [TPWAUDAP] “C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe”

O4 - HKLM…\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM…\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM…\Run: [AMSG] C:\PROGRA~1\THINKV~1\AMSG\amsg.exe

O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe”

O4 - HKLM…\Run: [iTunesHelper] “C:\Program Files\iTunes\iTunesHelper.exe”

O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime

O4 - HKLM…\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM…\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe

O4 - HKLM…\Run: [ACTray] “C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe”

O4 - HKLM…\Run: [avgnt] “C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe” /min

O4 - HKLM…\Run: [Onet.pl AutoUpdate] C:\Program Files\Common Files\Onet.pl\AutoUpdate.exe /tsr

O4 - HKLM…\Run: [cssauth] “C:\Program Files\Lenovo\Client Security Solution\cssauth.exe” silent

O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”

O4 - HKLM…\Run: [iSTray] “C:\Program Files\Spyware Doctor\pctsTray.exe”

O4 - HKLM…\RunOnce: [spybotDeletingC2227] cmd.exe /c del “C:\Program Files\BearShare\db\searches.ini”

O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU…\Run: [msnmsgr] “C:\Program Files\MSN Messenger\msnmsgr.exe” /background

O4 - HKCU…\Run: [Flircik] C:\Program Files\Onet\Flircik\Flircik.exe

O4 - HKCU…\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU…\Run: [Google Update] “C:\Documents and Settings\Aneta\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe” /c

O4 - HKCU…\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU…\RunOnce: [spybotDeletingB3932] command.com /c del “C:\Program Files\BearShare\BSidle.dll”

O4 - HKCU…\RunOnce: [spybotDeletingD1891] cmd.exe /c del “C:\Program Files\BearShare\Webstats.ini”

O4 - HKCU…\RunOnce: [spybotDeletingB152] command.com /c del “C:\Program Files\BearShare\db\Hostiles-Chat.txt”

O4 - HKCU…\RunOnce: [spybotDeletingD6373] cmd.exe /c del “C:\Program Files\BearShare\db\Hostiles-Chat.txt”

O4 - HKCU…\RunOnce: [spybotDeletingB4628] command.com /c del “C:\Program Files\BearShare\db\searches.ini”

O4 - HKCU…\RunOnce: [spybotDeletingD2347] cmd.exe /c del “C:\Program Files\BearShare\Logs\ordinal.txt”

O4 - HKCU…\RunOnce: [spybotDeletingB4897] command.com /c del “C:\Program Files\BearShare\Logs\streams.txt”

O4 - Startup: Butler 4012 USB VoIP.lnk = ?

O8 - Extra context menu item: Konwertuj do Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Konwertuj miejsce docelowe łącza do Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Konwertuj miejsce docelowe łącza do istniejącego pliku PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Konwertuj wybrane łącza do Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Konwertuj zaznaczenie do Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Konwertuj zaznaczenie do istniejącego pliku PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Subskrybuj w Cafe News - C:\Program Files\CafeNews\addFeed.htm

O8 - Extra context menu item: Wyślij do urządzenia &Bluetooth… - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll

O9 - Extra ‘Tools’ menuitem: ThinkVantage Password Manager… - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: System Update - {DA320635-F48C-4613-8325-D75A933C549E} - C:\Program Files\Lenovo\System Update\sulauncher.exe

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra ‘Tools’ menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com/welcome/3000notebook

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) -

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.pl/s/v/33.06/uploader2.cab

O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInCon … ontrol.cab

O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Fac … oader3.cab

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Fac … loader.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso … 5352200687

O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab

O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) - https://www.bph.pl/sezam/components/SignActivX.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZI … b56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me … b56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s … wflash.cab

O16 - DPF: {EE73EF04-A76D-4AA1-9520-536216496702} (EasyCallLite Control) - https://www.easycall.pl/webdialer/easyCALLlite.ocx

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: textwareilluminatorbase - {CE5CD329-1650-414A-8DB0-4CBF72FAED87} - C:\WINDOWS\system32\textwareilluminatorbaseProtocol.dll

O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll

O20 - Winlogon Notify: tphotkey - C:\WINDOWS\SYSTEM32\tphklock.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe

O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe

O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Usługa iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\Omniserv.exe

O23 - Service: PMSveH - Lenovo - C:\Program Files\Lenovo\PM Driver\PMSveH.exe

O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

O23 - Service: System Update (SUService) - - c:\program files\lenovo\system update\suservice.exe

O23 - Service: ThinkVantage Registry Monitor Service - Unknown owner - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

#2

Podaj log z Combofix

Logi dajesz na http://wklej.eu lub na http://wklej.org a w poście dajesz tylko link

#3

usuń HijackThisem >> Fix checked

potem skan Combofixem i pokaż log

:slight_smile:

#4

ComboFix 09-01-21.01 - Aneta 2009-01-21 22:02:22.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1045.18.502.93 [GMT 1:00]

Uruchomiony z: E:\ComboFix.exe

AV: AVG 7.5.518 *On-access scanning enabled* (Updated)

AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated)

* Utworzono nowy punkt przywracania

UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!

.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\system32\drivers\drv.sys

C:\WINDOWS\system32\pc.dll

C:\WINDOWS\system32\UTSCSI.EXE

.

((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_DRV

((((((((((((((((((((((((( Pliki utworzone od 2008-12-21 do 2009-01-21 )))))))))))))))))))))))))))))))

.

2009-01-21 21:05 . 2009-01-21 21:06

2009-01-21 08:32 . 2009-01-21 21:08

2009-01-21 08:29 . 2009-01-21 08:30

2009-01-17 19:42 . 2008-04-13 19:45 60,032 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys

2009-01-17 19:42 . 2008-04-13 19:45 60,032 --a------ C:\WINDOWS\system32\dllcache\usbaudio.sys

2009-01-17 19:42 . 2008-04-14 18:20 21,504 --a------ C:\WINDOWS\system32\hidserv.dll

2009-01-17 19:42 . 2008-04-14 18:20 21,504 --a------ C:\WINDOWS\system32\dllcache\hidserv.dll

2009-01-17 19:28 . 2009-01-17 19:28

2009-01-17 19:04 . 2008-04-13 19:45 32,128 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys

2009-01-17 19:04 . 2008-04-13 19:45 32,128 --a------ C:\WINDOWS\system32\dllcache\usbccgp.sys

2009-01-02 09:18 . 2009-01-02 09:18 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat

2009-01-02 09:17 . 2009-01-02 09:17

.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-01-21 08:05 --------- dc----w C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search Destroy

2009-01-20 08:02 --------- dc----w C:\Documents and Settings\Aneta\Dane aplikacji\Skype

2009-01-20 07:06 --------- dc----w C:\Documents and Settings\Aneta\Dane aplikacji\skypePM

2009-01-13 17:32 --------- d-----w C:\Program Files\Common Files\Adobe

2009-01-07 20:58 --------- d-----w C:\Program Files\DC++

2008-12-11 10:57 333,952 ----a-w C:\WINDOWS\system32\drivers\srv.sys

2008-12-06 11:54 --------- dc----w C:\Documents and Settings\Aneta\Dane aplikacji\U3

2008-03-02 14:29 32 -c–a-w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat

2007-06-10 12:41 5,375,800 ----a-w C:\Program Files\picasaweb-current-setup.exe

2005-11-24 19:53 9,369,931 ----a-w C:\Program Files\nentplst.exe

.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2008-04-14 18:21 15360]

“msnmsgr”=“C:\Program Files\MSN Messenger\msnmsgr.exe” [2007-01-19 11:54 5674352]

“WMPNSCFG”=“C:\Program Files\Windows Media Player\WMPNSCFG.exe” [2006-12-01 11:46 204288]

“Google Update”=“C:\Documents and Settings\Aneta\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe” [2008-11-16 22:27 133104]

“SpybotSD TeaTimer”=“C:\Program Files\Spybot - Search Destroy\TeaTimer.exe” [2008-12-17 23:23 2107224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“UserFaultCheck”=“C:\WINDOWS\system32\dumprep 0 -u” [X]

“SynTPEnh”=“C:\Program Files\Synaptics\SynTP\SynTPEnh.exe” [2006-05-19 06:51 774233]

“TPHOTKEY”=“C:\Program Files\Lenovo\HOTKEY\TPHKMGR.exe” [2006-05-08 02:34 94208]

“TPWAUDAP”=“C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe” [2006-04-19 23:29 24576]

“igfxhkcmd”=“C:\WINDOWS\system32\hkcmd.exe” [2006-03-23 05:13 77824]

“igfxpers”=“C:\WINDOWS\system32\igfxpers.exe” [2006-03-23 05:17 118784]

“AMSG”=“C:\PROGRA~1\THINKV~1\AMSG\amsg.exe” [2005-11-22 12:36 507904]

“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe” [2008-06-10 03:27 144784]

“iTunesHelper”=“C:\Program Files\iTunes\iTunesHelper.exe” [2007-09-14 09:00 267064]

“QuickTime Task”=“C:\Program Files\QuickTime\qttask.exe” [2007-06-29 05:24 286720]

“Broadcom Wireless Manager UI”=“C:\WINDOWS\system32\WLTRAY.exe” [2006-06-25 14:19 1273856]

“ACTray”=“C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe” [2006-10-05 19:57 409600]

“avgnt”=“C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe” [2008-07-20 10:31 266497]

“cssauth”=“C:\Program Files\Lenovo\Client Security Solution\cssauth.exe” [2006-07-14 18:13 2341632]

“Adobe Reader Speed Launcher”=“C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe” [2008-10-15 01:04 39792]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2008-04-14 18:21 15360]

C:\Documents and Settings\Aneta\Menu Start\Programy\Autostart\

Butler 4012 USB VoIP.lnk - C:\Documents and Settings\Aneta\Dane aplikacji\Microsoft\Installer{C736F9EC-63A6-414F-9241-CE00E208F8D1}_5af141bb.exe [2009-01-17 19:29:16 24542]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

“SynchronousMachineGroupPolicy”= 0 (0x0)

“SynchronousUserGroupPolicy”= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

“NoStrCmpLogical”= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

“NoSMBalloonTip”= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]

2006-10-16 14:30 49152 C:\Program Files\Softex\OmniPass\OPXPGina.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]

2006-10-05 19:53 32768 C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]

2006-01-11 07:05 13824 C:\WINDOWS\system32\tphklock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

“msacm.avis”= ff_acm.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ scecli ACGina

[HKLM~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]

path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Find Fast.lnk]

backup=C:\WINDOWS\pss\Microsoft Find Fast.lnkCommon Startup

[HKLM~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Office Startup.lnk]

path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Office Startup.lnk

backup=C:\WINDOWS\pss\Office Startup.lnkCommon Startup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FEW

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nod32kui

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg{0228e555-4f9c-4e35-a3ec-b109a192b4c2}

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cssauth]

–a------ 2006-07-14 18:13 2341632 C:\Program Files\Lenovo\Client Security Solution\cssauth.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray]

–a------ 2006-05-18 16:24 196696 C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LPManager]

–a------ 2006-07-03 17:11 110592 C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

-r------- 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OmniPass]

–a------ 2006-10-16 14:36 2502656 C:\Program Files\Softex\OmniPass\ScureApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]

–a------ 2007-09-28 02:17 443968 C:\Program Files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

–a------ 2007-06-29 05:24 286720 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snp2std]

--------- 2006-04-21 14:32 675840 C:\WINDOWS\vsnp2std.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

–a------ 2006-11-09 15:07 49263 C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVT Scheduler Proxy]

–a--c— 2006-07-14 18:05 503808 C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

“TVT Scheduler”=2 (0x2)

“TVT Backup Service”=2 (0x2)

“ThinkVantage Registry Monitor Service”=2 (0x2)

“NOD32krn”=2 (0x2)

“IDriverT”=3 (0x3)

“Harmonogram automatycznej usługi LiveUpdate”=2 (0x2)

“gusvc”=3 (0x3)

“SysmonLog”=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

“DisableMonitoring”=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

“DisableMonitoring”=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

“DisableMonitoring”=dword:00000001

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

“%windir%\system32\sessmgr.exe”=

“C:\Program Files\MSN Messenger\msnmsgr.exe”=

“C:\Documents and Settings\Aneta\Ustawienia lokalne\Dane aplikacji\Google\Google Talk Plugin\googletalkplugin.dll”=

“C:\Documents and Settings\Aneta\Ustawienia lokalne\Dane aplikacji\Google\Google Talk Plugin\googletalkplugin.exe”=

“C:\Program Files\Gadu-Gadu\gg.exe”=

“C:\Program Files\DC++\DCPlusPlus.exe”=

“C:\Program Files\Skype\Phone\Skype.exe”=

R1 ANC;ANC;C:\WINDOWS\system32\drivers\ANC.sys [2006-11-14 09:57:51 11520]

R1 IBMTPCHK;IBMTPCHK;C:\WINDOWS\system32\drivers\IBMBLDID.sys [2006-11-14 09:57:51 6016]

R1 PMHler;PMHler;C:\WINDOWS\system32\drivers\PMHler.sys [2006-05-24 11:48:14 10240]

R4 smi2;smi2;C:\Program Files\SMI2\smi2.sys [2006-07-14 15:55:12 3968]

S3 BulkUsb;VoIPUSBDriver.sys;C:\WINDOWS\system32\drivers\VoIPUSBDriver.sys [2005-09-16 16:14:02 149504]

S3 PCD5SRVC{07D2499C-80E86AC3-05010004};PCD5SRVC{07D2499C-80E86AC3-05010004} - PCDR Kernel Mode Service Helper Driver;C:\PROGRA~1\PCDR5\PCD5SRVC.pkms [2006-08-25 23:38:56 28336]

S3 TPPWRIF;TPPWRIF;C:\WINDOWS_tpb0000.tmp\TPPWRIF.sys [2008-04-24 21:22:56 4442]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{5b6a966f-7640-11dc-85a9-000fb0cce916}]

\Shell\AutoRun\command - F:\USBNB.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{5b6a9670-7640-11dc-85a9-000fb0cce916}]

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe pagefile.sys.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{c43195bc-79ea-11dd-8636-0016cfada77d}]

\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{d3003374-7760-11dc-85aa-0016cfe7076e}]

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe pagefile.sys.vbs

.

Zawartość folderu ‘Zaplanowane zadania’

2009-01-21 C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-275949537-2153071682-3665694110-1006.job

  • C:\Documents and Settings\Aneta\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2008-11-16 22:27]

2007-10-07 C:\WINDOWS\Tasks\Low Battery Alarm Program.job

  • C:\Documents and Settings\Aneta\Moje dokumenty\moje\Muzyka\brian McKnight\Brian McKnight - Back At One.mp3 []

.

        • USUNIĘTO PUSTE WPISY - - - -

WebBrowser-{0388BA0C-C7F1-4E6A-BD7A-B59623F33363} - (no file)

HKCU-Run-Flircik - C:\Program Files\Onet\Flircik\Flircik.exe

HKLM-Run-Onet.pl AutoUpdate - C:\Program Files\Common Files\Onet.pl\AutoUpdate.exe

HKLM-Run-ISTray - C:\Program Files\Spyware Doctor\pctsTray.exe

MSConfigStartUp-ISUSScheduler - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

.

------- Skan uzupełniający -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}sourceid=ie7rls=com.microsoft:en-USie=utf8oe=utf8

uStart Page = hxxp://onet.pl/

uDefault_Search_URL = hxxp://www.google.com/ie

mStart Page = about:blank

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Konwertuj do Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Konwertuj miejsce docelowe łącza do Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Konwertuj miejsce docelowe łącza do istniejącego pliku PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Konwertuj wybrane łącza do Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Konwertuj zaznaczenie do Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Konwertuj zaznaczenie do istniejącego pliku PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Subskrybuj w Cafe News - C:\Program Files\CafeNews\addFeed.htm

IE: Wyślij do urządzenia Bluetooth… - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm

DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} - hxxps://www.bph.pl/sezam/components/SignActivX.cab

DPF: {EE73EF04-A76D-4AA1-9520-536216496702} - hxxps://www.easycall.pl/webdialer/easyCALLlite.ocx

.

Dodane 21.01.2009 (Śr) 22:53

PRZEPRASZAM , TERAZ JEST PO USUNIECIU ELEMENTOW WYMIENIONYCH…

ComboFix 09-01-21.01 - Aneta 2009-01-21 22:35:01.2 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1045.18.502.124 [GMT 1:00]

Uruchomiony z: E:\ComboFix.exe

AV: AVG 7.5.518 *On-access scanning enabled* (Updated)

AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated)

UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!

.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

---- Poprzednie uruchomienie -------

.

C:\WINDOWS\system32\drivers\drv.sys

C:\WINDOWS\system32\pc.dll

C:\WINDOWS\system32\UTSCSI.EXE

.

((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_DRV

((((((((((((((((((((((((( Pliki utworzone od 2008-12-21 do 2009-01-21 )))))))))))))))))))))))))))))))

.

2009-01-21 21:05 . 2009-01-21 21:06

2009-01-21 08:32 . 2009-01-21 21:08

2009-01-21 08:29 . 2009-01-21 08:30

2009-01-17 19:42 . 2008-04-13 19:45 60,032 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys

2009-01-17 19:42 . 2008-04-13 19:45 60,032 --a------ C:\WINDOWS\system32\dllcache\usbaudio.sys

2009-01-17 19:42 . 2008-04-14 18:20 21,504 --a------ C:\WINDOWS\system32\hidserv.dll

2009-01-17 19:42 . 2008-04-14 18:20 21,504 --a------ C:\WINDOWS\system32\dllcache\hidserv.dll

2009-01-17 19:28 . 2009-01-17 19:28

2009-01-17 19:04 . 2008-04-13 19:45 32,128 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys

2009-01-17 19:04 . 2008-04-13 19:45 32,128 --a------ C:\WINDOWS\system32\dllcache\usbccgp.sys

2009-01-02 09:18 . 2009-01-02 09:18 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat

2009-01-02 09:17 . 2009-01-02 09:17

.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-01-21 08:05 --------- dc----w C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search Destroy

2009-01-20 08:02 --------- dc----w C:\Documents and Settings\Aneta\Dane aplikacji\Skype

2009-01-20 07:06 --------- dc----w C:\Documents and Settings\Aneta\Dane aplikacji\skypePM

2009-01-13 17:32 --------- d-----w C:\Program Files\Common Files\Adobe

2009-01-07 20:58 --------- d-----w C:\Program Files\DC++

2008-12-11 10:57 333,952 ----a-w C:\WINDOWS\system32\drivers\srv.sys

2008-12-06 11:54 --------- dc----w C:\Documents and Settings\Aneta\Dane aplikacji\U3

2008-03-02 14:29 32 -c–a-w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat

2007-06-10 12:41 5,375,800 ----a-w C:\Program Files\picasaweb-current-setup.exe

2005-11-24 19:53 9,369,931 ----a-w C:\Program Files\nentplst.exe

.

((((((((((((((((((((((((((((( snapshot@2009-01-21_22.17.21.12 )))))))))))))))))))))))))))))))))))))))))

.

  • 2009-01-21 21:43:12 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_5ec.dat

  • 2009-01-21 21:43:14 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_6d8.dat

.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2008-04-14 18:21 15360]

“WMPNSCFG”=“C:\Program Files\Windows Media Player\WMPNSCFG.exe” [2006-12-01 11:46 204288]

“SpybotSD TeaTimer”=“C:\Program Files\Spybot - Search Destroy\TeaTimer.exe” [2008-12-17 23:23 2107224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“UserFaultCheck”=“C:\WINDOWS\system32\dumprep 0 -u” [X]

“SynTPEnh”=“C:\Program Files\Synaptics\SynTP\SynTPEnh.exe” [2006-05-19 06:51 774233]

“TPHOTKEY”=“C:\Program Files\Lenovo\HOTKEY\TPHKMGR.exe” [2006-05-08 02:34 94208]

“TPWAUDAP”=“C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe” [2006-04-19 23:29 24576]

“igfxhkcmd”=“C:\WINDOWS\system32\hkcmd.exe” [2006-03-23 05:13 77824]

“igfxpers”=“C:\WINDOWS\system32\igfxpers.exe” [2006-03-23 05:17 118784]

“AMSG”=“C:\PROGRA~1\THINKV~1\AMSG\amsg.exe” [2005-11-22 12:36 507904]

“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe” [2008-06-10 03:27 144784]

“QuickTime Task”=“C:\Program Files\QuickTime\qttask.exe” [2007-06-29 05:24 286720]

“Broadcom Wireless Manager UI”=“C:\WINDOWS\system32\WLTRAY.exe” [2006-06-25 14:19 1273856]

“ACTray”=“C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe” [2006-10-05 19:57 409600]

“avgnt”=“C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe” [2008-07-20 10:31 266497]

“Onet.pl AutoUpdate”=“C:\Program Files\Common Files\Onet.pl\AutoUpdate.exe” [bU]

“cssauth”=“C:\Program Files\Lenovo\Client Security Solution\cssauth.exe” [2006-07-14 18:13 2341632]

“Adobe Reader Speed Launcher”=“C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe” [2008-10-15 01:04 39792]

“ISTray”=“C:\Program Files\Spyware Doctor\pctsTray.exe” [bU]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2008-04-14 18:21 15360]

C:\Documents and Settings\Aneta\Menu Start\Programy\Autostart\

Butler 4012 USB VoIP.lnk - C:\Documents and Settings\Aneta\Dane aplikacji\Microsoft\Installer{C736F9EC-63A6-414F-9241-CE00E208F8D1}_5af141bb.exe [2009-01-17 19:29:16 24542]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

“SynchronousMachineGroupPolicy”= 0 (0x0)

“SynchronousUserGroupPolicy”= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

“NoStrCmpLogical”= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

“NoSMBalloonTip”= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]

2006-10-16 14:30 49152 C:\Program Files\Softex\OmniPass\OPXPGina.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]

2006-01-11 07:05 13824 C:\WINDOWS\system32\tphklock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

“msacm.avis”= ff_acm.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ scecli ACGina

[HKLM~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]

path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Find Fast.lnk]

backup=C:\WINDOWS\pss\Microsoft Find Fast.lnkCommon Startup

[HKLM~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Office Startup.lnk]

path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Office Startup.lnk

backup=C:\WINDOWS\pss\Office Startup.lnkCommon Startup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FEW

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nod32kui

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg{0228e555-4f9c-4e35-a3ec-b109a192b4c2}

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cssauth]

–a------ 2006-07-14 18:13 2341632 C:\Program Files\Lenovo\Client Security Solution\cssauth.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray]

–a------ 2006-05-18 16:24 196696 C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [bU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LPManager]

–a------ 2006-07-03 17:11 110592 C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

-r------- 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OmniPass]

–a------ 2006-10-16 14:36 2502656 C:\Program Files\Softex\OmniPass\ScureApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]

–a------ 2007-09-28 02:17 443968 C:\Program Files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

–a------ 2007-06-29 05:24 286720 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snp2std]

--------- 2006-04-21 14:32 675840 C:\WINDOWS\vsnp2std.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

–a------ 2006-11-09 15:07 49263 C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVT Scheduler Proxy]

–a--c— 2006-07-14 18:05 503808 C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

“TVT Scheduler”=2 (0x2)

“TVT Backup Service”=2 (0x2)

“ThinkVantage Registry Monitor Service”=2 (0x2)

“NOD32krn”=2 (0x2)

“IDriverT”=3 (0x3)

“Harmonogram automatycznej usługi LiveUpdate”=2 (0x2)

“gusvc”=3 (0x3)

“SysmonLog”=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

“DisableMonitoring”=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

“DisableMonitoring”=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

“DisableMonitoring”=dword:00000001

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

“%windir%\system32\sessmgr.exe”=

“C:\Program Files\MSN Messenger\msnmsgr.exe”=

“C:\Documents and Settings\Aneta\Ustawienia lokalne\Dane aplikacji\Google\Google Talk Plugin\googletalkplugin.dll”=

“C:\Documents and Settings\Aneta\Ustawienia lokalne\Dane aplikacji\Google\Google Talk Plugin\googletalkplugin.exe”=

“C:\Program Files\Gadu-Gadu\gg.exe”=

“C:\Program Files\DC++\DCPlusPlus.exe”=

“C:\Program Files\Skype\Phone\Skype.exe”=

R1 ANC;ANC;C:\WINDOWS\system32\drivers\ANC.sys [2006-11-14 09:57:51 11520]

R1 IBMTPCHK;IBMTPCHK;C:\WINDOWS\system32\drivers\IBMBLDID.sys [2006-11-14 09:57:51 6016]

R1 PMHler;PMHler;C:\WINDOWS\system32\drivers\PMHler.sys [2006-05-24 11:48:14 10240]

R4 smi2;smi2;C:\Program Files\SMI2\smi2.sys [2006-07-14 15:55:12 3968]

S3 BulkUsb;VoIPUSBDriver.sys;C:\WINDOWS\system32\drivers\VoIPUSBDriver.sys [2005-09-16 16:14:02 149504]

S3 PCD5SRVC{07D2499C-80E86AC3-05010004};PCD5SRVC{07D2499C-80E86AC3-05010004} - PCDR Kernel Mode Service Helper Driver;C:\PROGRA~1\PCDR5\PCD5SRVC.pkms [2006-08-25 23:38:56 28336]

S3 TPPWRIF;TPPWRIF;C:\WINDOWS_tpb0000.tmp\TPPWRIF.sys [2008-04-24 21:22:56 4442]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{5b6a966f-7640-11dc-85a9-000fb0cce916}]

\Shell\AutoRun\command - F:\USBNB.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{5b6a9670-7640-11dc-85a9-000fb0cce916}]

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe pagefile.sys.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{c43195bc-79ea-11dd-8636-0016cfada77d}]

\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{d3003374-7760-11dc-85aa-0016cfe7076e}]

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe pagefile.sys.vbs

.

Zawartość folderu ‘Zaplanowane zadania’

2009-01-21 C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-275949537-2153071682-3665694110-1006.job

  • C:\Documents and Settings\Aneta\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2008-11-16 22:27]

2007-10-07 C:\WINDOWS\Tasks\Low Battery Alarm Program.job

  • C:\Documents and Settings\Aneta\Moje dokumenty\moje\Muzyka\brian McKnight\Brian McKnight - Back At One.mp3 []

.

        • USUNIĘTO PUSTE WPISY - - - -

WebBrowser-{0388BA0C-C7F1-4E6A-BD7A-B59623F33363} - (no file)

.

------- Skan uzupełniający -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}sourceid=ie7rls=com.microsoft:en-USie=utf8oe=utf8

uStart Page = hxxp://onet.pl/

uDefault_Search_URL = hxxp://www.google.com/ie

mStart Page = about:blank

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Konwertuj do Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Konwertuj miejsce docelowe łącza do Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Konwertuj miejsce docelowe łącza do istniejącego pliku PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Konwertuj wybrane łącza do Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Konwertuj zaznaczenie do Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Konwertuj zaznaczenie do istniejącego pliku PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Subskrybuj w Cafe News - C:\Program Files\CafeNews\addFeed.htm

IE: Wyślij do urządzenia Bluetooth… - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm

DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} - hxxps://www.bph.pl/sezam/components/SignActivX.cab

.

#5

Wylecz pendriva lub kartę pamięci http://www.softpedia.com/get/Security/S … Tool.shtml

Flash Disinfector http://www.searchengines.pl/index.php?s … ntry369724

lub format

Otwórz notatnik i wklej

zapisz jako plik.reg >> wszystkie pliki

b57f17008275c957m.jpg

powstanie plik o takiej ikonie

062aec4c9b51c033m.jpg

w który dwa razy klikniesz potwierdzisz chęć dodania do rejestru potem restart

Pobierz CCleaner http://www.filehippo.com/download_ccleaner/

przeskanuj nim i wyczyść rejestr.

zrób optymalizacje uruchamiania

http://cybertrash.netarteria.pl/cyber/i … 378.0.html

usuń ręcznie folder C: \Qoobox usuń instalkę Combofix z dysku.

Wyłącz I włącz przywracanie systemu na wszystkich dyskach.http://support.microsoft.com/kb/310405/pl

przeskanuj obszar Mój komputer http://www.kaspersky.pl/virusscanner.html gdy będą wirusy pokaż raport

:slight_smile:

#6

anetab100 ,

Proszę poprawić pisownię w tytule tematu i w opisie problemu. W celu edycji swojego posta proszę skorzystać z przycisku ac7a4cd89050aa6e.gif