ErrorSafe [wyskakujący popup, z którym sobie nie radzę]


(Czarny Iwan) #1

Witam. Jesetem nowy na forum, ale nie nowy w temacie wirusów. Piszę tu z prośbą o pomoc. Nie potrafię sobie poradzić z usunięciem tego popup'u. Cięgle wyskakuje, a ja jedyne co mogę zrobić, to odciąć mu dostęp do inernetu [McAfee Desktop Firewall]. Odrazu zaznaczam, że nie jestem jednym z tych gości typu "Daaaaa... nie umiem zrobić, pomóż." [czyt. Nawet nie próbowałem]. Przeszukałem internet w poszukiewaniu rozwiązania, robiłem skany McAfee VirusScan, AdAware SE Profesional, XoftSpy SE, Windows Worms Doors Cleaner, VundoFix... Jedyne, co mnie zaniepokoiło to wpis w rejestrze od Torrent101 wykrywane jedynie przez XoftSpy SE. Wpis ten po usunięciu pojawia się spowrotem[nie odrazu - po jakimś krótkim czasie]. Nie znam się na logach, dlatego wrzucam ten z HijackThis do waszej analizy.

Logfile of HijackThis v1.99.1

Scan saved at 17:29:44, on 08-04-2007

Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\NETWOR~1\MCAFEE~1\FireSvc.exe

C:\Program Files\Common Framework\FrameworkService.exe

C:\Program Files\Network Associates\Mcshield.exe

C:\Program Files\Network Associates\VsTskMgr.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Network Associates\SHSTAT.EXE

C:\Program Files\Common Framework\UpdaterUI.exe

C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe

D:\XFMC\XFiMode.exe

C:\PROGRA~1\FlashGet\FlashGet.exe

D:\D-Tools\daemon.exe

C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe

C:\WINDOWS\CTHELPER.EXE

C:\WINDOWS\System32\CTXFIHLP.EXE

C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe

C:\WINDOWS\SYSTEM32\CTXFISPI.EXE

C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe

C:\WINDOWS\System32\RUNDLL32.EXE

D:\iTunes\iTunesHelper.exe

C:\WINDOWS\System32\ctfmon.exe

D:\valve\steam.exe

C:\Program Files\iPod\bin\iPodService.exe

D:\Moje Dokumenty\Ściągnięte\Programy\Zegarynka.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\Network Associates\McAfee Desktop Firewall dla Windows XP\FireTray.exe

C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE

D:\Xfire\xfire.exe

C:\Program Files\Creative\Shared Files\Module Loader\DLLML.EXE

C:\PROGRA~1\AVANTB~1\avant.exe

C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe

C:\WINDOWS\System32\taskmgr.exe

D:\Moje Dokumenty\Ściągnięte\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)

O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Common Framework\UpdaterUI.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [XFMC] D:\XFMC\XFiMode.exe /START_ENTERTAINMENT

O4 - HKLM\..\Run: [Flashget] C:\PROGRA~1\FlashGet\FlashGet.exe /min

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\D-Tools\daemon.exe" -lang 1045

O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE

O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\System32\__c00E4D8C.dat",setvm

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [Steam] "d:\valve\steam.exe" -silent

O4 - HKCU\..\Run: [Zegarynka] D:\Moje Dokumenty\Ściągnięte\Programy\Zegarynka.exe

O4 - Startup: Xfire.lnk = D:\Xfire\xfire.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

O4 - Global Startup: Microsoft Office.lnk = D:\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: Zasobnik programu McAfee Desktop Firewall.lnk = C:\Program Files\Network Associates\McAfee Desktop Firewall dla Windows XP\FireTray.exe

O8 - Extra context menu item: &Download All with FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm

O8 - Extra context menu item: &Download with FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm

O8 - Extra context menu item: Blokuj wszystkie obrazy z tego serwera - C:\PROGRA~1\AVANTB~1\AddAllToADBlackList.htm

O8 - Extra context menu item: Dodaj do listy blokowanych reklam - C:\PROGRA~1\AVANTB~1\AddToADBlackList.htm

O8 - Extra context menu item: Otwórz w nowym Avant Browser - C:\PROGRA~1\AVANTB~1\OpenInNewBrowser.htm

O8 - Extra context menu item: Otwórz wszystkie adresy z tej strony... - C:\PROGRA~1\AVANTB~1\OpenAllLinks.htm

O8 - Extra context menu item: Podświetl - C:\PROGRA~1\AVANTB~1\Highlight.htm

O8 - Extra context menu item: Szukaj - C:\PROGRA~1\AVANTB~1\Search.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\FlashGet.exe

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\FlashGet.exe

O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game08.zylom.com/activex/zylomgamesplayer.cab

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: __c00497F2 - C:\WINDOWS\System32\__ c00497F2.dat

O23 - Service: McAfee Desktop Firewall Service (FireSvc) - Networks Associates Technology, Inc. - C:\PROGRA~1\NETWOR~1\MCAFEE~1\FireSvc.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Serwis struktury programu McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Common Framework\FrameworkService.exe

O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\Mcshield.exe

O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VsTskMgr.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Aha! Z jakiegoś powodu nie działa mi ComboFix Sygnał błędu:

AppName: combofix.exe AppVer: 0.0.0.0 ModName: kernel32.dll

ModVer: 5.1.2600.1106 Offset: 00013887

W zastępstwie mogę dać logi z ComboScan.


(adam9870) #2

Ściągasz program KillBox, zaznaczasz Delete on reboot , w polu full path of file wklej ścieżkę:

C:\WINDOWS\System32__c00E4D8C.dat

Klikasz X czerwony i restart kompa. Jeśli po wklejeniu ścieżeki pojawi się jakiś błąd, nie przejmuj się nim tylko przejdź do wykonywania dalszych czynności.

Usuń wpisy HJT.

Użyj VundoFix + FixVundo + VirtumundoBeGone. Wszystkie narzędzia należy uruchomić będąc w trybie awaryjnym.

Po wykonaniu wklej nowy log z HJT, SilentRunners plus log z ComboScana. Jeśli ComboScan również nie będzie działał to pokaż log numer 1 z narzędzia L2Mfix.

Nie ufaj dla programu XoftSpy, ponieważ jest to program wątpliwej reputacji i może pokazywać prawidłowe rzeczy jako szkodliwe dlatego proponuję go usunąć. O wiele lepszy od niego jest program AVG Anti-Spyware.


(Czarny Iwan) #3

HJT:

Logfile of HijackThis v1.99.1

Scan saved at 18:46:29, on 08-04-2007

Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\NETWOR~1\MCAFEE~1\FireSvc.exe

C:\Program Files\Common Framework\FrameworkService.exe

C:\Program Files\Network Associates\Mcshield.exe

C:\Program Files\Network Associates\VsTskMgr.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Network Associates\SHSTAT.EXE

C:\Program Files\Common Framework\UpdaterUI.exe

C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe

D:\XFMC\XFiMode.exe

C:\PROGRA~1\FlashGet\FlashGet.exe

D:\D-Tools\daemon.exe

C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe

C:\WINDOWS\CTHELPER.EXE

C:\WINDOWS\System32\CTXFIHLP.EXE

C:\WINDOWS\SYSTEM32\CTXFISPI.EXE

C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe

C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe

C:\WINDOWS\System32\RUNDLL32.EXE

D:\iTunes\iTunesHelper.exe

C:\WINDOWS\System32\ctfmon.exe

D:\valve\steam.exe

D:\Moje Dokumenty\Ściągnięte\Programy\Zegarynka.exe

C:\Program Files\Creative\Shared Files\Module Loader\DLLML.EXE

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\Network Associates\McAfee Desktop Firewall dla Windows XP\FireTray.exe

C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE

C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe

D:\Xfire\xfire.exe

C:\PROGRA~1\AVANTB~1\avant.exe

D:\Moje Dokumenty\Ściągnięte\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Common Framework\UpdaterUI.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [XFMC] D:\XFMC\XFiMode.exe /START_ENTERTAINMENT

O4 - HKLM\..\Run: [Flashget] C:\PROGRA~1\FlashGet\FlashGet.exe /min

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\D-Tools\daemon.exe" -lang 1045

O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE

O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [Steam] "d:\valve\steam.exe" -silent

O4 - HKCU\..\Run: [Zegarynka] D:\Moje Dokumenty\Ściągnięte\Programy\Zegarynka.exe

O4 - Startup: Xfire.lnk = D:\Xfire\xfire.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

O4 - Global Startup: Microsoft Office.lnk = D:\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: Zasobnik programu McAfee Desktop Firewall.lnk = C:\Program Files\Network Associates\McAfee Desktop Firewall dla Windows XP\FireTray.exe

O8 - Extra context menu item: &Download All with FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm

O8 - Extra context menu item: &Download with FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm

O8 - Extra context menu item: Blokuj wszystkie obrazy z tego serwera - C:\PROGRA~1\AVANTB~1\AddAllToADBlackList.htm

O8 - Extra context menu item: Dodaj do listy blokowanych reklam - C:\PROGRA~1\AVANTB~1\AddToADBlackList.htm

O8 - Extra context menu item: Otwórz w nowym Avant Browser - C:\PROGRA~1\AVANTB~1\OpenInNewBrowser.htm

O8 - Extra context menu item: Otwórz wszystkie adresy z tej strony... - C:\PROGRA~1\AVANTB~1\OpenAllLinks.htm

O8 - Extra context menu item: Podświetl - C:\PROGRA~1\AVANTB~1\Highlight.htm

O8 - Extra context menu item: Szukaj - C:\PROGRA~1\AVANTB~1\Search.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\FlashGet.exe

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\FlashGet.exe

O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game08.zylom.com/activex/zylomgamesplayer.cab

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: __c00497F2 - C:\WINDOWS\System32\__ c00497F2.dat

O23 - Service: McAfee Desktop Firewall Service (FireSvc) - Networks Associates Technology, Inc. - C:\PROGRA~1\NETWOR~1\MCAFEE~1\FireSvc.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Serwis struktury programu McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Common Framework\FrameworkService.exe

O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\Mcshield.exe

O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VsTskMgr.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

ComboScan:

ComboScan v20070306.20 run by Czarny Iwan on 2007-04-08 at 18:47:10

Computer is in Normal Mode.

--------------------------------------------------------------------------------




-- HijackThis (run as Czarny Iwan.exe) -----------------------------------------


Logfile of HijackThis v1.99.1

Scan saved at 18:47:12, on 08-04-2007

Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\NETWOR~1\MCAFEE~1\FireSvc.exe

C:\Program Files\Common Framework\FrameworkService.exe

C:\Program Files\Network Associates\Mcshield.exe

C:\Program Files\Network Associates\VsTskMgr.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Network Associates\SHSTAT.EXE

C:\Program Files\Common Framework\UpdaterUI.exe

C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe

D:\XFMC\XFiMode.exe

C:\PROGRA~1\FlashGet\FlashGet.exe

D:\D-Tools\daemon.exe

C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe

C:\WINDOWS\CTHELPER.EXE

C:\WINDOWS\System32\CTXFIHLP.EXE

C:\WINDOWS\SYSTEM32\CTXFISPI.EXE

C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe

C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe

C:\WINDOWS\System32\RUNDLL32.EXE

D:\iTunes\iTunesHelper.exe

C:\WINDOWS\System32\ctfmon.exe

D:\valve\steam.exe

D:\Moje Dokumenty\Ściągnięte\Programy\Zegarynka.exe

C:\Program Files\Creative\Shared Files\Module Loader\DLLML.EXE

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\Network Associates\McAfee Desktop Firewall dla Windows XP\FireTray.exe

C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE

C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe

D:\Xfire\xfire.exe

C:\PROGRA~1\AVANTB~1\avant.exe

D:\Moje Dokumenty\Ściągnięte\Programy\comboscan.exe

D:\MOJEDO~1\CIGNIT~1\Czarny Iwan.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Common Framework\UpdaterUI.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [XFMC] D:\XFMC\XFiMode.exe /START_ENTERTAINMENT

O4 - HKLM\..\Run: [Flashget] C:\PROGRA~1\FlashGet\FlashGet.exe /min

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\D-Tools\daemon.exe" -lang 1045

O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE

O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [Steam] "d:\valve\steam.exe" -silent

O4 - HKCU\..\Run: [Zegarynka] D:\Moje Dokumenty\Ściągnięte\Programy\Zegarynka.exe

O4 - Startup: Xfire.lnk = D:\Xfire\xfire.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

O4 - Global Startup: Microsoft Office.lnk = D:\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: Zasobnik programu McAfee Desktop Firewall.lnk = C:\Program Files\Network Associates\McAfee Desktop Firewall dla Windows XP\FireTray.exe

O8 - Extra context menu item: &Download All with FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm

O8 - Extra context menu item: &Download with FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm

O8 - Extra context menu item: Blokuj wszystkie obrazy z tego serwera - C:\PROGRA~1\AVANTB~1\AddAllToADBlackList.htm

O8 - Extra context menu item: Dodaj do listy blokowanych reklam - C:\PROGRA~1\AVANTB~1\AddToADBlackList.htm

O8 - Extra context menu item: Otwórz w nowym Avant Browser - C:\PROGRA~1\AVANTB~1\OpenInNewBrowser.htm

O8 - Extra context menu item: Otwórz wszystkie adresy z tej strony... - C:\PROGRA~1\AVANTB~1\OpenAllLinks.htm

O8 - Extra context menu item: Podświetl - C:\PROGRA~1\AVANTB~1\Highlight.htm

O8 - Extra context menu item: Szukaj - C:\PROGRA~1\AVANTB~1\Search.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\FlashGet.exe

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\FlashGet.exe

O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game08.zylom.com/activex/zylomgamesplayer.cab

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: __c00497F2 - C:\WINDOWS\System32\__ c00497F2.dat

O23 - Service: McAfee Desktop Firewall Service (FireSvc) - Networks Associates Technology, Inc. - C:\PROGRA~1\NETWOR~1\MCAFEE~1\FireSvc.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Serwis struktury programu McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Common Framework\FrameworkService.exe

O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\Mcshield.exe

O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VsTskMgr.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe



-- Files created between 2007-03-08 and 2007-04-08 -----------------------------


2007-04-08 18:11:17 0 d------c- C:\VundoFix Backups

2007-04-08 17:57:17 0 d------c- C:\!KillBox

2007-04-07 19:30:36 0 d------c- C:\Program Files\Avant Browser

2007-04-05 11:44:03 80 --a----c- C:\WINDOWS\gmer_uninstall.cmd

2007-03-20 20:27:06 134272 --a------ C:\WINDOWS\System32\drivers\portcls.sys

2007-03-20 20:27:06 57856 --a------ C:\WINDOWS\System32\drivers\drmk.sys

2007-03-20 16:53:12 23040 -ra------ C:\WINDOWS\System32\drivers\GVCplDrv.sys

2007-03-19 20:48:58 25600 --a------ C:\WINDOWS\System32\borlndmm.dll

2007-03-19 19:30:36 167552 --a------ C:\WINDOWS\System32\drivers\ndis.sys

2007-03-19 19:04:31 176128 --a------ C:\WINDOWS\System32\nvudisp.exe

2007-03-19 16:10:21 0 d------c- C:\WINDOWS\nview

2007-03-18 22:59:18 0 d------c- C:\Program Files\Common Files\Skype

2007-03-18 14:00:51 0 d------c- C:\Program Files\Skype

2007-03-17 23:47:16 4456448 --a------ C:\Documents and Settings\Czarny Iwan.DURENDAL\ntuser.dat

2007-03-17 11:51:44 0 d------c- C:\Program Files\Java

2007-03-16 19:53:01 9548 --a------ C:\WINDOWS\System32\ __c00497F2.dat<__ C004~1.DAT>

2007-03-15 21:33:39 0 d------c- C:\Program Files\QuickTime

2007-03-15 12:23:16 497496 --a------ C:\WINDOWS\System32\XceedZip.dll

2007-03-15 12:19:58 526184 --a------ C:\WINDOWS\System32\XceedCry.dll

2007-03-11 17:57:52 286720 -------c- C:\WINDOWS\Setup1.exe

2007-03-11 17:57:50 73216 --a----c- C:\WINDOWS\ST6UNST.EXE

2007-03-11 00:46:07 306688 --a----c- C:\WINDOWS\IsUninst.exe

2007-03-10 22:51:12 89360 --a------ C:\WINDOWS\System32\VB5DB.DLL

2007-03-08 20:06:06 0 d------c- C:\Program Files\OpenAL

2007-03-08 16:58:59 90112 -------c- C:\WINDOWS\Updreg.EXE

2007-03-08 16:57:29 10240 --a----c- C:\WINDOWS\CTDCRES.DLL



-- Find3M Report ---------------------------------------------------------------


2007-04-08 18:45:02 0 d------c- C:\Documents and Settings\Czarny Iwan.DURENDAL\Dane aplikacji\Xfire

2007-04-08 18:08:13 0 d------c- C:\Program Files\FlashGet

2007-04-07 16:12:23 1416 --a----c- C:\WINDOWS\mozver.dat

2007-04-06 22:15:41 0 d------c- C:\Documents and Settings\Czarny Iwan.DURENDAL\Dane aplikacji\Skype

2007-04-03 21:19:35 0 d------c- C:\Documents and Settings\Czarny Iwan.DURENDAL\Dane aplikacji\Help

2007-03-29 20:48:45 0 d------c- C:\Documents and Settings\Czarny Iwan.DURENDAL\Dane aplikacji\PlayFirst

2007-03-28 22:18:08 0 d---s--c- C:\Documents and Settings\Czarny Iwan.DURENDAL\Dane aplikacji\Microsoft

2007-03-28 00:03:17 0 d------c- C:\Documents and Settings\Czarny Iwan.DURENDAL\Dane aplikacji\ID3-TagIT 3

2007-03-26 16:18:40 0 d--h---c- C:\Program Files\InstallShield Installation Information

2007-03-25 09:41:40 435978 --a------ C:\WINDOWS\System32\perfh015.dat

2007-03-25 09:41:40 67078 --a------ C:\WINDOWS\System32\perfc015.dat

2007-03-23 16:00:10 0 d------c- C:\Documents and Settings\Czarny Iwan.DURENDAL\Dane aplikacji\Adobe

2007-03-23 15:28:00 0 d------c- C:\Program Files\Usługi online

2007-03-23 15:19:46 0 d------c- C:\Program Files\Creative

2007-03-22 22:51:24 0 d------c- C:\Program Files\iPod

2007-03-19 20:49:14 0 d------c- C:\Documents and Settings\Czarny Iwan.DURENDAL\Dane aplikacji\Gizmoz

2007-03-19 19:03:37 1324 --a------ C:\WINDOWS\System32\d3d9caps.dat

2007-03-19 16:58:41 1100 --a------ C:\WINDOWS\System32\d3d8caps.dat

2007-03-19 16:52:20 108144 --a------ C:\WINDOWS\System32\CmdLineExt.dll

2007-03-18 22:56:32 0 d------c- C:\Program Files\Common Files\Wise Installation Wizard

2007-03-18 22:47:20 0 d------c- C:\Documents and Settings\Czarny Iwan.DURENDAL\Dane aplikacji\SuperAdBlocker.com

2007-03-17 20:05:04 0 d------c- C:\Documents and Settings\Czarny Iwan.DURENDAL\Dane aplikacji\Macromedia

2007-03-17 12:40:33 0 d------c- C:\Documents and Settings\Czarny Iwan.DURENDAL\Dane aplikacji\teamspeak2

2007-03-16 20:02:37 413696 --a------ C:\WINDOWS\System32\wrap_oal.dll

2007-03-16 20:02:37 86016 --a------ C:\WINDOWS\System32\OpenAL32.dll

2007-03-12 20:20:20 0 d------c- C:\Program Files\ICEOWS

2007-03-08 15:30:15 0 d------c- C:\Documents and Settings\Czarny Iwan.DURENDAL\Dane aplikacji\Creative

2007-03-04 23:32:26 0 d------c- C:\Documents and Settings\Czarny Iwan.DURENDAL\Dane aplikacji\Hamachi

2007-03-01 21:25:17 0 d------c- C:\Program Files\Apple Software Update

2007-03-01 18:04:18 0 d------c- C:\Documents and Settings\Czarny Iwan.DURENDAL\Dane aplikacji\Folder przesylania Share-to-Web

2007-02-26 21:19:39 0 d------c- C:\Documents and Settings\Czarny Iwan.DURENDAL\Dane aplikacji\Folder przesyłania Share-to-Web

2007-02-23 20:50:33 0 d------c- C:\Documents and Settings\Czarny Iwan.DURENDAL\Dane aplikacji\Apple Computer

2007-02-19 20:01:21 0 d------c- C:\Documents and Settings\Czarny Iwan.DURENDAL\Dane aplikacji\Talkback

2007-02-19 20:01:17 0 d------c- C:\Documents and Settings\Czarny Iwan.DURENDAL\Dane aplikacji\Mozilla

2007-02-14 01:16:34 0 d------c- C:\Program Files\Ahead

2007-02-11 16:21:27 0 d------c- C:\Documents and Settings\Czarny Iwan.DURENDAL\Dane aplikacji\Lavasoft

2007-02-08 18:04:31 0 d------c- C:\Documents and Settings\Czarny Iwan.DURENDAL\Dane aplikacji\Sun

2007-02-08 16:27:19 0 d------c- C:\Program Files\ffdshow

2007-02-08 16:27:08 0 d------c- C:\Program Files\DirectShow Pack

2007-02-07 15:50:52 21856 --a------ C:\WINDOWS\System32\emptyregdb.dat

2007-02-07 15:44:46 62 --ahs--c- C:\Documents and Settings\Czarny Iwan.DURENDAL\Dane aplikacji\desktop.ini



-- Registry Dump ---------------------------------------------------------------



[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]

"CTFMON.EXE"="C:\\WINDOWS\\System32\\ctfmon.exe"

"Steam"="\"d:\\valve\\steam.exe\" -silent"

"Zegarynka"="D:\\Moje Dokumenty\\Ściągnięte\\Programy\\Zegarynka.exe"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]

"ShStatEXE"="\"C:\\Program Files\\Network Associates\\SHSTAT.EXE\" /STANDALONE"

"McAfeeUpdaterUI"="\"C:\\Program Files\\Common Framework\\UpdaterUI.exe\" /StartedFromRunKey"

"Network Associates Error Reporting Service"="\"C:\\Program Files\\Common Files\\Network Associates\\TalkBack\\TBMon.exe\""

"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"

"XFMC"="D:\\XFMC\\XFiMode.exe /START_ENTERTAINMENT"

"Flashget"="C:\\PROGRA~1\\FlashGet\\FlashGet.exe /min"

"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"

"DAEMON Tools-1033"="\"D:\\D-Tools\\daemon.exe\" -lang 1045"

"RCSystem"="\"C:\\Program Files\\Creative\\Shared Files\\Module Loader\\DLLML.exe\" RCSystem * -Startup"

"CTHelper"="CTHELPER.EXE"

"CTxfiHlp"="CTXFIHLP.EXE"

"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"

"VolPanel"="\"C:\\Program Files\\Creative\\Sound Blaster X-Fi\\Volume Panel\\VolPanel.exe\" /r"

"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"

"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""

"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"

"nwiz"="nwiz.exe /install"

"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvMcTray.dll,NvTaskbarInit"

"iTunesHelper"="\"D:\\iTunes\\iTunesHelper.exe\""


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]

"Installed"="1"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]

"NoChange"="1"

"Installed"="1"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]

"Installed"="1"



[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"


[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]

"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c00497F2


[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]

LocalService	REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0

NetworkService	REG_MULTI_SZ DnsCache\0\0

rpcss	REG_MULTI_SZ RpcSs\0\0

imgsvc	REG_MULTI_SZ StiSvc\0\0

termsvcs	REG_MULTI_SZ TermService\0\0


*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_ENTDRV51



-- End of ComboScan: finished at 2007-04-08 at 18:47:29 ------------------------

SilentRunners:

"Silent Runners.vbs", revision R50, http://www.silentrunners.org/

Operating System: Windows XP

Output limited to non-default values, except where indicated by "{++}"



Startup items buried in registry:

---------------------------------


HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"CTFMON.EXE" = "C:\WINDOWS\System32\ctfmon.exe" [MS]

"Steam" = ""d:\valve\steam.exe" -silent" ["Valve Corporation"]

"Zegarynka" = "D:\Moje Dokumenty\Ściągnięte\Programy\Zegarynka.exe" [null data]


HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"ShStatEXE" = ""C:\Program Files\Network Associates\SHSTAT.EXE" /STANDALONE" ["Network Associates, Inc."]

"McAfeeUpdaterUI" = ""C:\Program Files\Common Framework\UpdaterUI.exe" /StartedFromRunKey" ["Network Associates, Inc."]

"Network Associates Error Reporting Service" = ""C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"" ["Network Associates, Inc."]

"Logitech Hardware Abstraction Layer" = "KHALMNPR.EXE" ["Logitech Inc."]

"XFMC" = "D:\XFMC\XFiMode.exe /START_ENTERTAINMENT" ["Spectra9 [Budyanto Nurhalim]"]

"Flashget" = "C:\PROGRA~1\FlashGet\FlashGet.exe /min" ["FlashGet.com"]

"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]

"DAEMON Tools-1033" = ""D:\D-Tools\daemon.exe" -lang 1045" ["DAEMON'S HOME"]

"RCSystem" = ""C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup" ["Creative Technology Ltd."]

"CTHelper" = "CTHELPER.EXE" ["Creative Technology Ltd"]

"CTxfiHlp" = "CTXFIHLP.EXE" ["Creative Technology Ltd"]

"UpdReg" = "C:\WINDOWS\UpdReg.EXE" ["Creative Technology Ltd."]

"VolPanel" = ""C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r" ["Creative Technology Ltd"]

"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]

"SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"" ["Sun Microsystems, Inc."]

"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]

"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]

"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit" [MS]

"iTunesHelper" = ""D:\iTunes\iTunesHelper.exe"" ["Apple Inc."]


HKLM\Software\Microsoft\Active Setup\Installed Components\

>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}\(Default) = "Outlook Express"

                                        \StubPath = "C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE" [MS]


HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "AcroIEHlprObj Class"

                   \InProcServer32\(Default) = "D:\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]

{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}\(Default) = "flashget urlcatch"

  -> {HKLM...CLSID} = "FGCatchUrl"

                   \InProcServer32\(Default) = "C:\PROGRA~1\FlashGet\jccatch.dll" ["www.flashget.com"]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "SSVHelper Class"

                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll" ["Sun Microsystems, Inc."]

{F156768E-81EF-470C-9057-481BA8380DBA}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "FlashGet GetFlash Class"

                   \InProcServer32\(Default) = "C:\PROGRA~1\FlashGet\getflash.dll" ["www.flashget.com"]


HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"

  -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"

                   \InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"

  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"

                   \InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]

"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"

  -> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook"

                   \InProcServer32\(Default) = "D:\MICROS~1\Office\OLKFSTUB.DLL" [MS]

"{FEB7DAE0-E111-11D0-BFD7-444553540000}" = "ICEOWS"

  -> {HKLM...CLSID} = "Folder Iceows"

                   \InProcServer32\(Default) = "C:\WINDOWS\System32\ShellExt\IceGUI.dll" ["Raphaël MOUNIER"]

"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"

  -> {HKLM...CLSID} = "Portable Media Devices Menu"

                   \InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]

"{B8323370-FF27-11D2-97B6-204C4F4F5020}" = "SmartFTP Shell Extension DLL"

  -> {HKLM...CLSID} = "SmartFTP Shell Extension DLL"

                   \InProcServer32\(Default) = "D:\SmartFTP Client 2.0\smarthook.dll" ["SmartFTP"]

"{24849E2F-0A86-40CD-A62A-B12F161882DB}" = "ZEN V Series Media Explorer"

  -> {HKLM...CLSID} = "ZEN V Series Media Explorer"

                   \InProcServer32\(Default) = "C:\Program Files\Creative\Creative ZEN V Series (R2)\ZEN V Series Media Explorer\SHCTMTP.dll" ["Creative Technology Ltd"]

"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"

  -> {HKLM...CLSID} = "DesktopContext Class"

                   \InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]

"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"

  -> {HKLM...CLSID} = "Desktop Explorer"

                   \InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"

  -> {HKLM...CLSID} = "nView Desktop Context Menu"

                   \InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]

"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"

  -> {HKLM...CLSID} = "NVIDIA CPL Extension"

                   \InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]

"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"

  -> {HKLM...CLSID} = "iTunes"

                   \InProcServer32\(Default) = "D:\iTunes\iTunesMiniPlayer.dll" ["Apple Inc."]

"{71A466B0-65CC-4B41-9043-6090F2C830D3}" = "QCD IconHandler"

  -> {HKLM...CLSID} = "QIconHandler Class"

                   \InProcServer32\(Default) = "D:\Quintessential Player\QMPShell.dll" ["Quinnware"]

"{71A068F3-2DC9-438D-8944-6B4FF540D2F5}" = "QCD ContextMenu"

  -> {HKLM...CLSID} = "QContextMenu Class"

                   \InProcServer32\(Default) = "D:\Quintessential Player\QMPShell.dll" ["Quinnware"]


HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\

<> __c00497F2\DLLName = "C:\WINDOWS\System32\__ c00497F2.dat" [null data]


HKLM\Software\Classes\Folder\shellex\ColumnHandlers\

{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"

  -> {HKLM...CLSID} = "PDF Shell Extension"

                   \InProcServer32\(Default) = "D:\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]


HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

CTMTPMediaExplorer\(Default) = "{7895F317-A125-42CC-BD3E-5830765CE577}"

  -> {HKLM...CLSID} = "CtMtpContextMenu Class"

                   \InProcServer32\(Default) = "C:\PROGRA~1\Creative\SHARED~1\CtCmeCtx.dll" ["Creative Technology Ltd"]

ICEOWS\(Default) = "{FEB7DAE0-E111-11D0-BFD7-444553540000}"

  -> {HKLM...CLSID} = "Folder Iceows"

                   \InProcServer32\(Default) = "C:\WINDOWS\System32\ShellExt\IceGUI.dll" ["Raphaël MOUNIER"]

VirusScan\(Default) = "{cda2863e-2497-4c49-9b89-06840e070a87}"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "C:\Program Files\Network Associates\shext.dll" ["Network Associates, Inc."]


HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

ICEOWS\(Default) = "{FEB7DAE0-E111-11D0-BFD7-444553540000}"

  -> {HKLM...CLSID} = "Folder Iceows"

                   \InProcServer32\(Default) = "C:\WINDOWS\System32\ShellExt\IceGUI.dll" ["Raphaël MOUNIER"]

VirusScan\(Default) = "{cda2863e-2497-4c49-9b89-06840e070a87}"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "C:\Program Files\Network Associates\shext.dll" ["Network Associates, Inc."]


HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

CTMTPMediaExplorer\(Default) = "{7895F317-A125-42CC-BD3E-5830765CE577}"

  -> {HKLM...CLSID} = "CtMtpContextMenu Class"

                   \InProcServer32\(Default) = "C:\PROGRA~1\Creative\SHARED~1\CtCmeCtx.dll" ["Creative Technology Ltd"]

VirusScan\(Default) = "{cda2863e-2497-4c49-9b89-06840e070a87}"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "C:\Program Files\Network Associates\shext.dll" ["Network Associates, Inc."]



Group Policies {GPedit.msc branch and setting}:

-----------------------------------------------


Note: detected settings may not have any effect.


HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\


"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Shutdown: Allow system to be shut down without having to log on}


"undockwithoutlogon" = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Devices: Allow undock without having to log on}



Active Desktop and Wallpaper:

-----------------------------


Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState


Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

"Wallpaper" = "C:\Documents and Settings\Czarny Iwan.DURENDAL\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"


Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\Documents and Settings\Czarny Iwan.DURENDAL\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"



Startup items in "Czarny Iwan" & "All Users" startup folders:

-------------------------------------------------------------


C:\Documents and Settings\Czarny Iwan.DURENDAL\Menu Start\Programy\Autostart

"Xfire" -> shortcut to: "D:\Xfire\xfire.exe" ["Xfire Inc."]


C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart

"Adobe Reader Speed Launch" -> shortcut to: "D:\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]

"Logitech SetPoint" -> shortcut to: "C:\Program Files\Logitech\SetPoint\SetPoint.exe" ["Logitech Inc."]

"Microsoft Office" -> shortcut to: "D:\Microsoft Office\Office\OSA9.EXE -b -l" [MS]

"Zasobnik programu McAfee Desktop Firewall" -> shortcut to: "C:\Program Files\Network Associates\McAfee Desktop Firewall dla Windows XP\FireTray.exe" ["Networks Associates Technology, Inc."]



Enabled Scheduled Tasks:

------------------------


"AppleSoftwareUpdate" -> launches: "C:\Program Files\Apple Software Update\SoftwareUpdate.exe -Task" ["Apple Computer, Inc."]



Winsock2 Service Provider DLLs:

-------------------------------


Namespace Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]


Transport Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05



Toolbars, Explorer Bars, Extensions:

------------------------------------


Extensions (Tools menu items, main toolbar menu buttons)


HKLM\Software\Microsoft\Internet Explorer\Extensions\

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\

"MenuText" = "Sun Java Console"

"CLSIDExtension" = "{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}"

  -> {HKCU...CLSID} = "Java Plug-in 1.5.0_11"

                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll" ["Sun Microsystems, Inc."]

  -> {HKLM...CLSID} = "Java Plug-in 1.5.0_11"

                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll" ["Sun Microsystems, Inc."]


{D6E814A0-E0C5-11D4-8D29-0050BA6940E3}\

"ButtonText" = "FlashGet"

"MenuText" = "FlashGet"

"Exec" = "C:\PROGRA~1\FlashGet\FlashGet.exe" ["FlashGet.com"]



Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------


iPod Service, iPod Service, "C:\Program Files\iPod\bin\iPodService.exe" ["Apple Inc."]

McAfee Desktop Firewall Service, FireSvc, "C:\PROGRA~1\NETWOR~1\MCAFEE~1\FireSvc.exe" ["Networks Associates Technology, Inc."]

Network Associates McShield, McShield, ""C:\Program Files\Network Associates\Mcshield.exe"" ["Network Associates, Inc."]

Network Associates Task Manager, McTaskManager, ""C:\Program Files\Network Associates\VsTskMgr.exe"" ["Network Associates, Inc."]

NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"]

Serwis struktury programu McAfee, McAfeeFramework, "C:\Program Files\Common Framework\FrameworkService.exe /ServiceStart" ["Network Associates, Inc."]

Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\System32\wdfmgr.exe" [MS]



Print Monitors:

---------------


HKLM\System\CurrentControlSet\Control\Print\Monitors\

HPLJ1018LM\Driver = "ZLhp1018.DLL" ["Zenographics, Inc."]



----------

<>: Suspicious data at a malware launch point.


+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

  launch it from a command prompt or a shortcut with the -all parameter.

+ To search all directories of local fixed drives for DESKTOP.INI

  DLL launch points, use the -supp parameter or answer "No" at the

  first message box and "Yes" at the second message box.

---------- (total run time: 1087 seconds, including 16 seconds for message boxes)

(adam9870) #4

Pobierz Gmer'a.

Teraz czynności będziesz wykonywał w Gmerze więc uruchom go, poczekaj chwilkę, kliknij na zakładkę >>> w celu otworzenia pozostałych.

  • w zakładce Procesy kliknij Gmer awaryjny. Komputer się zrestartuje i zostanie samo okienko Gmer'a

  • w zakładce Procesy kliknij Pliki i usuń:

  • zrestartuj komputer przyciskiem na obudowie

  • po resecie utwórz Gmer'a i w zakładce CMD z zaznaczoną opcją REGEDIT.EXE wklej:

  • kliknij Uruchom i reset.

Usuń wpis HJT jeśli będzie.

Po wykonaniu wklej nowy log z ComboScana.


(Czarny Iwan) #5

Po uruchomieniu w trybie gmer awaryjny w zakładce procesy nie ma takich pozycji. Są jedynie

Sysyem Idle

Sysyem

C:\WINDOWS\System32\csrss.exe

C:\WINDOWS\gmer.exe

//EDITED: Dobra, głupi ja. Nie skumałem. Już usunąłem, zaraz wrzucę logi. Złączono Posta : 08.04.2007 (Nie) 20:47

ComboScan v20070306.20 run by Czarny Iwan on 2007-04-08 at 21:42:47

Computer is in Normal Mode.

--------------------------------------------------------------------------------




-- HijackThis (run as Czarny Iwan.exe) -----------------------------------------


Logfile of HijackThis v1.99.1

Scan saved at 21:42:49, on 08-04-2007

Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\NETWOR~1\MCAFEE~1\FireSvc.exe

C:\Program Files\Common Framework\FrameworkService.exe

C:\Program Files\Network Associates\Mcshield.exe

C:\Program Files\Network Associates\VsTskMgr.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Network Associates\SHSTAT.EXE

C:\Program Files\Common Framework\UpdaterUI.exe

C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe

D:\XFMC\XFiMode.exe

C:\PROGRA~1\FlashGet\FlashGet.exe

D:\D-Tools\daemon.exe

C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe

C:\WINDOWS\CTHELPER.EXE

C:\WINDOWS\System32\CTXFIHLP.EXE

C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe

C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe

C:\WINDOWS\System32\RUNDLL32.EXE

D:\iTunes\iTunesHelper.exe

C:\WINDOWS\System32\ctfmon.exe

C:\PROGRA~1\AVANTB~1\avant.exe

D:\valve\steam.exe

C:\WINDOWS\SYSTEM32\CTXFISPI.EXE

D:\Moje Dokumenty\Ściągnięte\Programy\Zegarynka.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\Network Associates\McAfee Desktop Firewall dla Windows XP\FireTray.exe

C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE

C:\Program Files\Creative\Shared Files\Module Loader\DLLML.EXE

D:\Xfire\xfire.exe

C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe

D:\Moje Dokumenty\Ściągnięte\Programy\comboscan.exe

C:\PROGRA~1\AVANTB~1\avant.exe

D:\MOJEDO~1\CIGNIT~1\CZARNY~1.EXE


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Common Framework\UpdaterUI.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [XFMC] D:\XFMC\XFiMode.exe /START_ENTERTAINMENT

O4 - HKLM\..\Run: [Flashget] C:\PROGRA~1\FlashGet\FlashGet.exe /min

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\D-Tools\daemon.exe" -lang 1045

O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE

O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [Steam] "d:\valve\steam.exe" -silent

O4 - HKCU\..\Run: [Zegarynka] D:\Moje Dokumenty\Ściągnięte\Programy\Zegarynka.exe

O4 - Startup: Xfire.lnk = D:\Xfire\xfire.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

O4 - Global Startup: Microsoft Office.lnk = D:\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: Zasobnik programu McAfee Desktop Firewall.lnk = C:\Program Files\Network Associates\McAfee Desktop Firewall dla Windows XP\FireTray.exe

O8 - Extra context menu item: &Download All with FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm

O8 - Extra context menu item: &Download with FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm

O8 - Extra context menu item: Blokuj wszystkie obrazy z tego serwera - C:\PROGRA~1\AVANTB~1\AddAllToADBlackList.htm

O8 - Extra context menu item: Dodaj do listy blokowanych reklam - C:\PROGRA~1\AVANTB~1\AddToADBlackList.htm

O8 - Extra context menu item: Otwórz w nowym Avant Browser - C:\PROGRA~1\AVANTB~1\OpenInNewBrowser.htm

O8 - Extra context menu item: Otwórz wszystkie adresy z tej strony... - C:\PROGRA~1\AVANTB~1\OpenAllLinks.htm

O8 - Extra context menu item: Podświetl - C:\PROGRA~1\AVANTB~1\Highlight.htm

O8 - Extra context menu item: Szukaj - C:\PROGRA~1\AVANTB~1\Search.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\FlashGet.exe

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\FlashGet.exe

O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game08.zylom.com/activex/zylomgamesplayer.cab

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Avant Service (AvantService) - Unknown owner - C:\PROGRA~1\AVANTB~1\asvc.exe

O23 - Service: McAfee Desktop Firewall Service (FireSvc) - Networks Associates Technology, Inc. - C:\PROGRA~1\NETWOR~1\MCAFEE~1\FireSvc.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Serwis struktury programu McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Common Framework\FrameworkService.exe

O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\Mcshield.exe

O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VsTskMgr.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe



-- Files created between 2007-03-08 and 2007-04-08 -----------------------------


2007-04-08 21:37:00 134 --a----c- C:\WINDOWS\gmer.reg

2007-04-08 17:57:17 0 d------c- C:\!KillBox

2007-04-07 19:30:36 0 d------c- C:\Program Files\Avant Browser

2007-04-05 11:44:03 80 --a----c- C:\WINDOWS\gmer_uninstall.cmd

2007-03-20 20:27:06 134272 --a------ C:\WINDOWS\System32\drivers\portcls.sys

2007-03-20 20:27:06 57856 --a------ C:\WINDOWS\System32\drivers\drmk.sys

2007-03-20 16:53:12 23040 -ra------ C:\WINDOWS\System32\drivers\GVCplDrv.sys

2007-03-19 20:48:58 25600 --a------ C:\WINDOWS\System32\borlndmm.dll

2007-03-19 19:30:36 167552 --a------ C:\WINDOWS\System32\drivers\ndis.sys

2007-03-19 19:04:31 176128 --a------ C:\WINDOWS\System32\nvudisp.exe

2007-03-19 16:10:21 0 d------c- C:\WINDOWS\nview

2007-03-18 22:59:18 0 d------c- C:\Program Files\Common Files\Skype

2007-03-18 14:00:51 0 d------c- C:\Program Files\Skype

2007-03-17 23:47:16 4456448 --a------ C:\Documents and Settings\Czarny Iwan.DURENDAL\ntuser.dat

2007-03-17 11:51:44 0 d------c- C:\Program Files\Java

2007-03-15 21:33:39 0 d------c- C:\Program Files\QuickTime

2007-03-15 12:23:16 497496 --a------ C:\WINDOWS\System32\XceedZip.dll

2007-03-15 12:19:58 526184 --a------ C:\WINDOWS\System32\XceedCry.dll

2007-03-11 00:46:07 306688 --a----c- C:\WINDOWS\IsUninst.exe

2007-03-10 22:51:12 89360 --a------ C:\WINDOWS\System32\VB5DB.DLL

2007-03-08 20:06:06 0 d------c- C:\Program Files\OpenAL

2007-03-08 16:58:59 90112 -------c- C:\WINDOWS\Updreg.EXE

2007-03-08 16:57:29 10240 --a----c- C:\WINDOWS\CTDCRES.DLL



-- Find3M Report ---------------------------------------------------------------


2007-04-08 21:39:08 0 d------c- C:\Documents and Settings\Czarny Iwan.DURENDAL\Dane aplikacji\Xfire

2007-04-08 21:25:56 0 d------c- C:\Program Files\FlashGet

2007-04-07 16:12:23 1416 --a----c- C:\WINDOWS\mozver.dat

2007-04-06 22:15:41 0 d------c- C:\Documents and Settings\Czarny Iwan.DURENDAL\Dane aplikacji\Skype

2007-04-03 21:19:35 0 d------c- C:\Documents and Settings\Czarny Iwan.DURENDAL\Dane aplikacji\Help

2007-03-29 20:48:45 0 d------c- C:\Documents and Settings\Czarny Iwan.DURENDAL\Dane aplikacji\PlayFirst

2007-03-28 22:18:08 0 d---s--c- C:\Documents and Settings\Czarny Iwan.DURENDAL\Dane aplikacji\Microsoft

2007-03-28 00:03:17 0 d------c- C:\Documents and Settings\Czarny Iwan.DURENDAL\Dane aplikacji\ID3-TagIT 3

2007-03-26 16:18:40 0 d--h---c- C:\Program Files\InstallShield Installation Information

2007-03-25 09:41:40 435978 --a------ C:\WINDOWS\System32\perfh015.dat

2007-03-25 09:41:40 67078 --a------ C:\WINDOWS\System32\perfc015.dat

2007-03-23 16:00:10 0 d------c- C:\Documents and Settings\Czarny Iwan.DURENDAL\Dane aplikacji\Adobe

2007-03-23 15:28:00 0 d------c- C:\Program Files\Usługi online

2007-03-23 15:19:46 0 d------c- C:\Program Files\Creative

2007-03-22 22:51:24 0 d------c- C:\Program Files\iPod

2007-03-19 20:49:14 0 d------c- C:\Documents and Settings\Czarny Iwan.DURENDAL\Dane aplikacji\Gizmoz

2007-03-19 19:03:37 1324 --a------ C:\WINDOWS\System32\d3d9caps.dat

2007-03-19 16:58:41 1100 --a------ C:\WINDOWS\System32\d3d8caps.dat

2007-03-19 16:52:20 108144 --a------ C:\WINDOWS\System32\CmdLineExt.dll

2007-03-18 22:56:32 0 d------c- C:\Program Files\Common Files\Wise Installation Wizard

2007-03-18 22:47:20 0 d------c- C:\Documents and Settings\Czarny Iwan.DURENDAL\Dane aplikacji\SuperAdBlocker.com

2007-03-17 20:05:04 0 d------c- C:\Documents and Settings\Czarny Iwan.DURENDAL\Dane aplikacji\Macromedia

2007-03-17 12:40:33 0 d------c- C:\Documents and Settings\Czarny Iwan.DURENDAL\Dane aplikacji\teamspeak2

2007-03-16 20:02:37 413696 --a------ C:\WINDOWS\System32\wrap_oal.dll

2007-03-16 20:02:37 86016 --a------ C:\WINDOWS\System32\OpenAL32.dll

2007-03-12 20:20:20 0 d------c- C:\Program Files\ICEOWS

2007-03-08 15:30:15 0 d------c- C:\Documents and Settings\Czarny Iwan.DURENDAL\Dane aplikacji\Creative

2007-03-04 23:32:26 0 d------c- C:\Documents and Settings\Czarny Iwan.DURENDAL\Dane aplikacji\Hamachi

2007-03-01 21:25:17 0 d------c- C:\Program Files\Apple Software Update

2007-03-01 18:04:18 0 d------c- C:\Documents and Settings\Czarny Iwan.DURENDAL\Dane aplikacji\Folder przesylania Share-to-Web

2007-02-26 21:19:39 0 d------c- C:\Documents and Settings\Czarny Iwan.DURENDAL\Dane aplikacji\Folder przesyłania Share-to-Web

2007-02-23 20:50:33 0 d------c- C:\Documents and Settings\Czarny Iwan.DURENDAL\Dane aplikacji\Apple Computer

2007-02-19 20:01:21 0 d------c- C:\Documents and Settings\Czarny Iwan.DURENDAL\Dane aplikacji\Talkback

2007-02-19 20:01:17 0 d------c- C:\Documents and Settings\Czarny Iwan.DURENDAL\Dane aplikacji\Mozilla

2007-02-14 01:16:34 0 d------c- C:\Program Files\Ahead

2007-02-11 16:21:27 0 d------c- C:\Documents and Settings\Czarny Iwan.DURENDAL\Dane aplikacji\Lavasoft

2007-02-08 18:04:31 0 d------c- C:\Documents and Settings\Czarny Iwan.DURENDAL\Dane aplikacji\Sun

2007-02-08 16:27:19 0 d------c- C:\Program Files\ffdshow

2007-02-08 16:27:08 0 d------c- C:\Program Files\DirectShow Pack

2007-02-07 15:50:52 21856 --a------ C:\WINDOWS\System32\emptyregdb.dat

2007-02-07 15:44:46 62 --ahs--c- C:\Documents and Settings\Czarny Iwan.DURENDAL\Dane aplikacji\desktop.ini



-- Registry Dump ---------------------------------------------------------------



[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]

"CTFMON.EXE"="C:\\WINDOWS\\System32\\ctfmon.exe"

"Steam"="\"d:\\valve\\steam.exe\" -silent"

"Zegarynka"="D:\\Moje Dokumenty\\Ściągnięte\\Programy\\Zegarynka.exe"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]

"ShStatEXE"="\"C:\\Program Files\\Network Associates\\SHSTAT.EXE\" /STANDALONE"

"McAfeeUpdaterUI"="\"C:\\Program Files\\Common Framework\\UpdaterUI.exe\" /StartedFromRunKey"

"Network Associates Error Reporting Service"="\"C:\\Program Files\\Common Files\\Network Associates\\TalkBack\\TBMon.exe\""

"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"

"XFMC"="D:\\XFMC\\XFiMode.exe /START_ENTERTAINMENT"

"Flashget"="C:\\PROGRA~1\\FlashGet\\FlashGet.exe /min"

"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"

"DAEMON Tools-1033"="\"D:\\D-Tools\\daemon.exe\" -lang 1045"

"RCSystem"="\"C:\\Program Files\\Creative\\Shared Files\\Module Loader\\DLLML.exe\" RCSystem * -Startup"

"CTHelper"="CTHELPER.EXE"

"CTxfiHlp"="CTXFIHLP.EXE"

"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"

"VolPanel"="\"C:\\Program Files\\Creative\\Sound Blaster X-Fi\\Volume Panel\\VolPanel.exe\" /r"

"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"

"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""

"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"

"nwiz"="nwiz.exe /install"

"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvMcTray.dll,NvTaskbarInit"

"iTunesHelper"="\"D:\\iTunes\\iTunesHelper.exe\""


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]

"Installed"="1"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]

"NoChange"="1"

"Installed"="1"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]

"Installed"="1"



[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"


[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]

"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"


[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]

LocalService	REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0

NetworkService	REG_MULTI_SZ DnsCache\0\0

rpcss	REG_MULTI_SZ RpcSs\0\0

imgsvc	REG_MULTI_SZ StiSvc\0\0

termsvcs	REG_MULTI_SZ TermService\0\0




-- End of ComboScan: finished at 2007-04-08 at 21:43:06 ------------------------

(adam9870) #6

Już jest Ok.

Proponuję zainstalować dodatek Service Pack 2. Poprawia on bezpieczeństwo w systemie, dodaje nową funkcjonalność etc. Możesz go pobrać stąd:

Czy masz jeszcze jakieś problemy?


(Czarny Iwan) #7

Bardzo chętnie bym zainstalował, ale mam problem z miejscem na partycji [już nigdy nie podzielę dysku na partycje]. Jest go <1GB. Mam niewielki problem z flashem, ale to już chyba nie w tym dziale.

BTW. Dziękuję bardzo za pomoc. Jestem dozgonnie wdzięczny.


(JNJN) #8

Proszę zmienić temat postu na konkretny,opcja zmień i popraw.JNJN