hijackThis raport/walka z trojanem

Bardzo was prosze o pomoc.Oto moj raport nie mam pojecia co usunac.

ps.staralam sie sciagnac combofix,ale nie laduje sie z zadnej stronki,powinnam wziasc DSS?

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 9:12:34 AM, on 4/27/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program Files\a-squared Free\a2service.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\system32\bgsvcgen.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\Program Files\McAfee\MSK\MskSrver.exe

C:\WINDOWS\system32\PRISMSVC.EXE

C:\Program Files\SiteAdvisor\6253\SAService.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\dllhost.exe

C:\PROGRA~1\McAfee.com\Agent\mcagent.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe

C:\Program Files\Dell Photo AIO Printer 926\memcard.exe

C:\Program Files\SiteAdvisor\6253\SiteAdv.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

C:\Program Files\Logitech\QuickCam\Quickcam.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\Program Files\VoipCheapCom\VoipCheapCom.exe

C:\Program Files\Dell Network Assistant\ezi_hnm2.exe

C:\Program Files\Dell Network Assistant\ezi_hnm2.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll

O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll

O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll

O3 - Toolbar: wxdbpfvo - {DDA28099-DACF-415D-A5A8-BB134FCA3D6A} - C:\WINDOWS\wxdbpfvo.dll (file missing)

O4 - HKLM…\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall

O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime

O4 - HKLM…\Run: [dlcxmon.exe] “C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe”

O4 - HKLM…\Run: [MemoryCardManager] “C:\Program Files\Dell Photo AIO Printer 926\memcard.exe”

O4 - HKLM…\Run: [FaxCenterServer] “C:\Program Files\Dell PC Fax\fm3032.exe” /s

O4 - HKLM…\Run: [iSUSPM Startup] “C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe” -startup

O4 - HKLM…\Run: [siteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe

O4 - HKLM…\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey

O4 - HKLM…\Run: [LogitechCommunicationsManager] “C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe”

O4 - HKLM…\Run: [LogitechQuickCamRibbon] “C:\Program Files\Logitech\QuickCam\Quickcam.exe” /hide

O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe”

O4 - HKLM…\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM…\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe

O4 - HKLM…\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU…\Run: [uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S

O4 - HKCU…\Run: [VoipCheapCom] “C:\Program Files\VoipCheapCom\VoipCheapCom.exe” -nosplash -minimized

O4 - Global Startup: Dell Network Assistant.lnk = ?

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virus … nicode.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.truprint.co.uk/TruprintActivia.cab

O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Fac … oader3.cab

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Fac … loader.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup … 7096007218

O16 - DPF: {82B56B47-90DC-4F58-9A7D-D27BA46D3C0F} (MyPhotoAlbum Easy Upload Tool Combo Control) - http://andthisis.myphotoalbum.com/ImageUploader4.cab

O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photobox.co.uk/sg/common/uploader_uni.cab

O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Fac … der4_5.cab

O17 - HKLM\System\CCS\Services\Tcpip…{3E386186-25BC-4407-83AB-93ECC3DCC76C}: NameServer = 87.194.0.51,87.194.0.52

O17 - HKLM\System\CCS\Services\Tcpip…{6B13790E-FA29-4AE4-9B16-090834F50C54}: NameServer = 192.168.1.254,87.194.0.52

O18 - Protocol: linkscanner - (no CLSID) - (no file)

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: avgrsstx.dll

O21 - SSODL: qadovnel - {ED6BE11B-3DFB-4859-A511-29E591E7F31C} - C:\WINDOWS\qadovnel.dll (file missing)

O21 - SSODL: bdkpfxqw - {51A83188-D4DD-4F64-A00D-D02E8FD8646E} - C:\WINDOWS\bdkpfxqw.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: B’s Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe

O23 - Service: PRISMSVC - Conexant Systems, Inc. - C:\WINDOWS\system32\PRISMSVC.EXE

O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe

O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

End of file - 11500 bytes

fix w hijackthis

Pobierz ComboFix, ale nie uruchamiaj

Wklej do notatnika:

File::

C:\WINDOWS\bdkpfxqw.dll


Folder::

C:\WINDOWS\privacy_danger

Plik -> zapisz jako -> CFScript.txt (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)

Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu ->

02f8f1e3c410a4cc.gif

Powinno się rozpocząć usuwanie i powstanie log, daj ten log na forum.

dzieki juz sprzatam ale

combofix wogole sie nie pobiera dostaje info ze macafee go blokuje-wiec sama go puszczam a potem tylko info ze

YOU CANNOT REMANE COMBOFIX AS COMBOFIX{1}

PLEASE US ANOTHER NAME PREFABLY MADE UP OF ALPHANUMERIC CHARACTERS

czy to znaczy ze gdzies go na kompie juz mam i instaluje podwojnie?

nie amm nigdzie ikonki combofixa

W dniu 27.04.2008 , o godzinie 10:24 został dopisany post przez paulaaa

seskanowalam drugi raz po usunieciu linkow ktore podales

staramal sie usunac tez

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm … Ojg5&lid=2

ale ciagle wraca

po skanie i usowaniu restartowac kompa odrazu?

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 9:23:11 AM, on 4/27/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program Files\a-squared Free\a2service.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\system32\bgsvcgen.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\Program Files\McAfee\MSK\MskSrver.exe

C:\WINDOWS\system32\PRISMSVC.EXE

C:\Program Files\SiteAdvisor\6253\SAService.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\dllhost.exe

C:\PROGRA~1\McAfee.com\Agent\mcagent.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe

C:\Program Files\Dell Photo AIO Printer 926\memcard.exe

C:\Program Files\SiteAdvisor\6253\SiteAdv.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

C:\Program Files\Logitech\QuickCam\Quickcam.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\Program Files\VoipCheapCom\VoipCheapCom.exe

C:\Program Files\Dell Network Assistant\ezi_hnm2.exe

C:\Program Files\Dell Network Assistant\ezi_hnm2.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm … Ojg5&lid=2

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll

O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll

O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll

O4 - HKLM…\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall

O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime

O4 - HKLM…\Run: [dlcxmon.exe] “C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe”

O4 - HKLM…\Run: [MemoryCardManager] “C:\Program Files\Dell Photo AIO Printer 926\memcard.exe”

O4 - HKLM…\Run: [FaxCenterServer] “C:\Program Files\Dell PC Fax\fm3032.exe” /s

O4 - HKLM…\Run: [iSUSPM Startup] “C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe” -startup

O4 - HKLM…\Run: [siteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe

O4 - HKLM…\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey

O4 - HKLM…\Run: [LogitechCommunicationsManager] “C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe”

O4 - HKLM…\Run: [LogitechQuickCamRibbon] “C:\Program Files\Logitech\QuickCam\Quickcam.exe” /hide

O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe”

O4 - HKLM…\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM…\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe

O4 - HKLM…\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU…\Run: [uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S

O4 - HKCU…\Run: [VoipCheapCom] “C:\Program Files\VoipCheapCom\VoipCheapCom.exe” -nosplash -minimized

O4 - Global Startup: Dell Network Assistant.lnk = ?

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virus … nicode.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.truprint.co.uk/TruprintActivia.cab

O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Fac … oader3.cab

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Fac … loader.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup … 7096007218

O16 - DPF: {82B56B47-90DC-4F58-9A7D-D27BA46D3C0F} (MyPhotoAlbum Easy Upload Tool Combo Control) - http://andthisis.myphotoalbum.com/ImageUploader4.cab

O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photobox.co.uk/sg/common/uploader_uni.cab

O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Fac … der4_5.cab

O17 - HKLM\System\CCS\Services\Tcpip…{3E386186-25BC-4407-83AB-93ECC3DCC76C}: NameServer = 87.194.0.51,87.194.0.52

O17 - HKLM\System\CCS\Services\Tcpip…{6B13790E-FA29-4AE4-9B16-090834F50C54}: NameServer = 192.168.1.254,87.194.0.52

O18 - Protocol: linkscanner - (no CLSID) - (no file)

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: avgrsstx.dll

O21 - SSODL: bdkpfxqw - {2282D2C8-F7BA-4CE8-B554-42A7E08806A0} - C:\WINDOWS\bdkpfxqw.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: B’s Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe

O23 - Service: PRISMSVC - Conexant Systems, Inc. - C:\WINDOWS\system32\PRISMSVC.EXE

O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe

End of file - 11289 bytes

To zróbmy tak:

Pobierz Avenger

wklej do niego ten tekst:

Files to delete:

C:\WINDOWS\bdkpfxqw.dll


Folders to delete:

C:\WINDOWS\privacy_danger

kopiuj to i klikasz na Paste Script from Clipboard wybierasz Execute oraz Potwierdzasz i zgadzasz się na restart klikając OK.

Kasujesz ręcznie z dysku plik: C:\Avenger\backup.zip i wklejasz na forum raport: C:\avenger.txt

Pokaż log z Deckard’s System Scanner

Logi dajesz na http://www.wklej.org

Edit//

Powtórz moją wcześniejszą wskazówkę w trybie awaryjnym chodzi mi o hijackthis

Deckard’s System Scanner v20071014.68

Run by Karina on 2008-04-27 09:36:08

Computer is in Normal Mode.


– System Restore --------------------------------------------------------------

Successfully created a Deckard’s System Scanner Restore Point.

– Last 5 Restore Point(s) –

75: 2008-04-27 08:36:18 UTC - RP524 - Deckard’s System Scanner Restore Point

74: 2008-04-26 22:25:33 UTC - RP523 - Installed AVG Free 8.0

73: 2008-04-25 19:01:33 UTC - RP522 - System Checkpoint

72: 2008-04-24 12:09:48 UTC - RP521 - Installed Java 6 Update 5

71: 2008-04-24 12:09:07 UTC - RP520 - Removed Java 6 Update 5

– First Restore Point –

1: 2008-01-26 20:47:24 UTC - RP450 - System Checkpoint

Backed up registry hives.

Performed disk cleanup.

– HijackThis (run as Karina.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 9:41:58 AM, on 4/27/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program Files\a-squared Free\a2service.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\system32\bgsvcgen.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\Program Files\McAfee\MSK\MskSrver.exe

C:\WINDOWS\system32\PRISMSVC.EXE

C:\Program Files\SiteAdvisor\6253\SAService.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\McAfee.com\Agent\mcagent.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe

C:\Program Files\Dell Photo AIO Printer 926\memcard.exe

C:\Program Files\SiteAdvisor\6253\SiteAdv.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

C:\Program Files\Logitech\QuickCam\Quickcam.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\Program Files\VoipCheapCom\VoipCheapCom.exe

C:\Program Files\Dell Network Assistant\ezi_hnm2.exe

C:\Program Files\Dell Network Assistant\ezi_hnm2.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\Documents and Settings\Karina\Local Settings\Temporary Internet Files\Content.IE5\BAJ25GB1\dss[1].exe

C:\PROGRA~1\TRENDM~1\HIJACK~1\Karina.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm … Ojg5&lid=2

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll

O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll

O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll

O4 - HKLM…\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall

O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime

O4 - HKLM…\Run: [dlcxmon.exe] “C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe”

O4 - HKLM…\Run: [MemoryCardManager] “C:\Program Files\Dell Photo AIO Printer 926\memcard.exe”

O4 - HKLM…\Run: [FaxCenterServer] “C:\Program Files\Dell PC Fax\fm3032.exe” /s

O4 - HKLM…\Run: [iSUSPM Startup] “C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe” -startup

O4 - HKLM…\Run: [siteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe

O4 - HKLM…\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey

O4 - HKLM…\Run: [LogitechCommunicationsManager] “C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe”

O4 - HKLM…\Run: [LogitechQuickCamRibbon] “C:\Program Files\Logitech\QuickCam\Quickcam.exe” /hide

O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe”

O4 - HKLM…\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM…\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe

O4 - HKLM…\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU…\Run: [uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S

O4 - HKCU…\Run: [VoipCheapCom] “C:\Program Files\VoipCheapCom\VoipCheapCom.exe” -nosplash -minimized

O4 - Global Startup: Dell Network Assistant.lnk = ?

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virus … nicode.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.truprint.co.uk/TruprintActivia.cab

O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Fac … oader3.cab

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Fac … loader.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup … 7096007218

O16 - DPF: {82B56B47-90DC-4F58-9A7D-D27BA46D3C0F} (MyPhotoAlbum Easy Upload Tool Combo Control) - http://andthisis.myphotoalbum.com/ImageUploader4.cab

O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photobox.co.uk/sg/common/uploader_uni.cab

O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Fac … der4_5.cab

O17 - HKLM\System\CCS\Services\Tcpip…{3E386186-25BC-4407-83AB-93ECC3DCC76C}: NameServer = 87.194.0.51,87.194.0.52

O17 - HKLM\System\CCS\Services\Tcpip…{6B13790E-FA29-4AE4-9B16-090834F50C54}: NameServer = 192.168.1.254,87.194.0.52

O18 - Protocol: linkscanner - (no CLSID) - (no file)

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: avgrsstx.dll

O21 - SSODL: bdkpfxqw - {2282D2C8-F7BA-4CE8-B554-42A7E08806A0} - C:\WINDOWS\bdkpfxqw.dll (file missing)

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: B’s Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe

O23 - Service: PRISMSVC - Conexant Systems, Inc. - C:\WINDOWS\system32\PRISMSVC.EXE

O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe

End of file - 11345 bytes

– HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups) -----------

backup-20080427-002236-192 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm … Ojg5&lid=2

backup-20080427-003144-113 O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)

backup-20080427-003144-419 O4 - HKLM…\Run: [DLCXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16

backup-20080427-003144-644 O23 - Service: dlcx_device - - C:\WINDOWS\system32\dlcxcoms.exe

backup-20080427-003144-915 O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)

backup-20080427-090231-867 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm … Ojg5&lid=2

backup-20080427-092207-116 O21 - SSODL: bdkpfxqw - {51A83188-D4DD-4F64-A00D-D02E8FD8646E} - C:\WINDOWS\bdkpfxqw.dll

backup-20080427-092207-188 O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

backup-20080427-092207-595 O18 - Protocol: linkscanner - (no CLSID) - (no file)

backup-20080427-092207-815 O3 - Toolbar: wxdbpfvo - {DDA28099-DACF-415D-A5A8-BB134FCA3D6A} - C:\WINDOWS\wxdbpfvo.dll (file missing)

backup-20080427-092207-836 O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

backup-20080427-092207-990 O21 - SSODL: qadovnel - {ED6BE11B-3DFB-4859-A511-29E591E7F31C} - C:\WINDOWS\qadovnel.dll (file missing)

– File Associations -----------------------------------------------------------

All associations okay.

– Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 FileDisk - c:\windows\system32\drivers\filedisk.sys

R2 ACEDRV07 - c:\windows\system32\drivers\acedrv07.sys

R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys

R2 hnmwrlspkt (HomeNet Manager Wireless Protocol) - c:\windows\system32\drivers\hnm_wrls_pkt.sys

R2 Packet (Auto Internet Protocol) - c:\windows\system32\drivers\packet.sys

R2 STEC3 - c:\windows\system32\stec3.sys

R2 wsppkt (Wireless Security Protocol) - c:\windows\system32\drivers\wsp_pkt.sys

S3 DSproct - c:\program files\dell support\gtaction\triggers\dsproct.sys

S3 NAL (Nal Service ) - c:\windows\system32\drivers\iqvw32.sys

S3 se59bus (Sony Ericsson Device 089 driver (WDM)) - c:\windows\system32\drivers\se59bus.sys

– Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 bgsvcgen (B’s Recorder GOLD Library General Service) - c:\windows\system32\bgsvcgen.exe

R2 PRISMSVC - c:\windows\system32\prismsvc.exe

– Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

– Scheduled Tasks -------------------------------------------------------------

2008-04-26 21:58:13 424 --ah----- C:\WINDOWS\Tasks\User_Feed_Synchronization-{5A98B218-16CF-4D13-BF09-50237CDE795F}.job

2008-02-15 19:07:11 342 --a------ C:\WINDOWS\Tasks\McDefragTask.job

2008-02-12 11:50:03 334 --a------ C:\WINDOWS\Tasks\McQcTask.job

2007-04-22 12:45:31 402 --ah----- C:\WINDOWS\Tasks\MP Scheduled Quick Scan.job

– Files created between 2008-03-27 and 2008-04-27 -----------------------------

2008-04-27 08:33:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab

2008-04-27 08:33:18 0 d-------- C:\WINDOWS\system32\Kaspersky Lab

2008-04-27 00:39:07 0 d-------- C:\Documents and Settings\Karina\DoctorWeb

2008-04-27 00:20:16 0 d-------- C:\Program Files\Trend Micro

2008-04-26 23:28:40 0 d–h----- C:$AVG8.VAULT$

2008-04-26 23:25:54 0 d-------- C:\WINDOWS\system32\drivers\Avg

2008-04-26 23:25:33 0 d-------- C:\Program Files\AVG

2008-04-26 23:25:33 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8

2008-04-26 22:53:30 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP

2008-04-26 22:52:44 77312 --a------ C:\WINDOWS\system32\ztvunace26.dll

2008-04-26 22:52:43 162304 --a------ C:\WINDOWS\system32\ztvunrar36.dll

2008-04-26 22:52:43 69632 --a------ C:\WINDOWS\system32\ztvcabinet.dll

2008-04-26 22:52:43 153088 --a------ C:\WINDOWS\system32\UNRAR3.dll

2008-04-26 22:52:43 75264 --a------ C:\WINDOWS\system32\unacev2.dll

2008-04-26 22:52:42 0 d-------- C:\Program Files\Trojan Remover

2008-04-26 22:52:42 0 d-------- C:\Documents and Settings\Karina\Application Data\Simply Super Software

2008-04-26 22:52:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software

2008-04-26 22:01:00 0 d-------- C:\Documents and Settings\Karina\Application Data\TmpRecentIcons

2008-04-26 21:28:36 0 d-------- C:\Program Files\a-squared Free

2008-04-26 20:31:24 0 d-------- C:\WINDOWS\system32\smp

2008-04-26 20:31:24 0 d-------- C:\Program Files\Inet Delivery

2008-04-26 20:31:23 0 d-------- C:\WINDOWS\mslagent

2008-04-26 20:31:23 0 d-------- C:\Program Files\akl

2008-04-26 20:31:13 0 d-------- C:\Documents and Settings\All Users\Application Data\vwfqrcvm

2008-04-26 20:31:07 81920 --a------ C:\WINDOWS\spwoqbmv.exe

2008-04-01 22:24:40 0 d-------- C:\Program Files\Kontiki

2008-04-01 22:24:40 0 d-------- C:\logs3

– Find3M Report ---------------------------------------------------------------

2008-04-27 00:17:40 0 d-------- C:\Program Files\Dl_cats

2008-04-26 22:50:42 0 d-------- C:\Program Files\Napisy

2008-04-26 21:47:22 0 d-------- C:\Program Files\VoipCheapCom

2008-04-26 20:57:37 0 d-------- C:\Program Files\DivX

2008-04-26 19:42:02 0 d-------- C:\Program Files\McAfee

2008-04-25 23:23:14 0 d-------- C:\Program Files\eMule

2008-04-24 13:10:34 0 d-------- C:\Program Files\Java

2008-04-23 19:40:19 0 d-------- C:\Documents and Settings\Karina\Application Data\Skype

2008-04-23 19:32:27 0 d-------- C:\Documents and Settings\Karina\Application Data\skypePM

2008-04-18 11:16:27 0 d-------- C:\Documents and Settings\Karina\Application Data\Adobe

2008-04-13 23:04:43 0 d-------- C:\Documents and Settings\Karina\Application Data\U3

2008-03-25 23:57:05 0 d-------- C:\Program Files\Ubisoft

2008-03-25 23:57:01 0 d–h----- C:\Program Files\InstallShield Installation Information

2008-03-19 10:59:42 0 d-------- C:\Program Files\Common Files\LogiShrd

2008-03-19 10:56:55 0 d-------- C:\Program Files\Common Files

2008-03-19 10:56:51 0 d-------- C:\Program Files\Logitech

2008-03-18 16:27:35 0 d-------- C:\Documents and Settings\Karina\Application Data\dvdcss

2008-03-04 20:14:26 0 d-------- C:\Program Files\Yahoo!

2008-03-04 20:06:26 0 d-------- C:\Documents and Settings\Karina\Application Data\Yahoo!

2008-03-01 17:56:12 0 d-------- C:\Program Files\Kodak

2008-02-28 14:41:00 0 d-------- C:\Program Files\Abbyy FineReader 6.0 Sprint

2008-02-13 13:40:05 187 --a------ C:\Documents and Settings\Karina\Application Data\G-Force Prefs (WindowsMediaPlayer).txt

– Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE~\Browser Helper Objects{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}]

11/26/2007 10:46 AM 324936 --a------ c:\PROGRA~1\mcafee\msk\mcapbho.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“MSKDetectorExe”=“C:\Program Files\McAfee\SpamKiller\MSKDetct.exe” [11/07/2006 03:49 PM]

“QuickTime Task”=“C:\Program Files\QuickTime\qttask.exe” [04/29/2007 11:50 AM]

“dlcxmon.exe”=“C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe” [01/12/2007 05:57 PM]

“MemoryCardManager”=“C:\Program Files\Dell Photo AIO Printer 926\memcard.exe” [11/03/2006 11:04 PM]

“FaxCenterServer”=“C:\Program Files\Dell PC Fax\fm3032.exe” [11/03/2006 11:09 PM]

“ISUSPM Startup”=“C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe” [06/10/2005 10:44 AM]

“SiteAdvisor”=“C:\Program Files\SiteAdvisor\6253\SiteAdv.exe” [08/24/2007 10:57 PM]

“mcagent_exe”=“C:\Program Files\McAfee.com\Agent\mcagent.exe” [08/03/2007 11:33 PM]

“LogitechCommunicationsManager”=“C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe” [10/25/2007 05:33 PM]

“LogitechQuickCamRibbon”=“C:\Program Files\Logitech\QuickCam\Quickcam.exe” [10/25/2007 05:37 PM]

“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe” [02/22/2008 04:25 AM]

“UserFaultCheck”=“C:\WINDOWS\system32\dumprep 0 -u” []

“TrojanScanner”=“C:\Program Files\Trojan Remover\Trjscan.exe” [04/24/2008 06:40 PM]

“AVG8_TRAY”=“C:\PROGRA~1\AVG\AVG8\avgtray.exe” [04/26/2008 11:25 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [08/10/2004 05:00 AM]

“Uniblue RegistryBooster 2”=“C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe” []

“VoipCheapCom”=“C:\Program Files\VoipCheapCom\VoipCheapCom.exe” [02/20/2007 03:23 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

Dell Network Assistant.lnk - C:\WINDOWS\Installer{0240BDFB-2995-4A3F-8C96-18D41282B716}\Icon0240BDFB3.exe [10/12/2006 10:17:39 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

“InstallVisualStyle”=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles

“InstallTheme”=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

“DisableRegistryTools”=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

“bdkpfxqw”= {2282D2C8-F7BA-4CE8-B554-42A7E08806A0} - C:\WINDOWS\bdkpfxqw.dll []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PRISMAPI.DLL]

PRISMAPI.DLL 12/22/2005 08:08 PM 450646 C:\WINDOWS\system32\PRISMAPI.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

“appinit_dlls”=avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^dlbcserv.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\dlbcserv.lnk

backup=C:\WINDOWS\pss\dlbcserv.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkbMonitor.exe.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk

backup=C:\WINDOWS\pss\NkbMonitor.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Wireless USB 2.0 WLAN Card Utility.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless USB 2.0 WLAN Card Utility.lnk

backup=C:\WINDOWS\pss\Wireless USB 2.0 WLAN Card Utility.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Karina^Start Menu^Programs^Startup^Adobe Gamma.lnk]

path=C:\Documents and Settings\Karina\Start Menu\Programs\Startup\Adobe Gamma.lnk

backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]

“C:\Program Files\ATI Technologies\ATI.ACE\cli.exe” runtime -Delay

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]

C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]

“C:\PROGRA~1\DELLSU~1\DSAgnt.exe” /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]

C:\Program Files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]

C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]

“C:\Program Files\Gadu-Gadu\gg.exe” /tray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

“C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe” -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

“C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe” -start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

“C:\Program Files\iTunes\iTunesHelper.exe”

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE]

C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

“C:\Program Files\Messenger\msmsgs.exe” /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

“C:\Program Files\QuickTime\qttask.exe” -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]

C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE]

C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]

stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiteAdvisor]

C:\Program Files\SiteAdvisor\6066\SiteAdv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

“C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe”

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

C:\Program Files\Winamp\winampa.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{361ac05d-0e0d-11da-9aa9-806d6172696f}]

AutoRun\command- E:\setup.exe

– End of Deckard’s System Scanner: finished at 2008-04-27 09:42:46 ------------

W dniu 27.04.2008 , o godzinie 10:45 został dopisany post przez paulaaa

Logfile of The Avenger Version 2.0, © by Swandog46

http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.

Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

extra.txt–>

Deckard’s System Scanner v20071014.68

Extra logfile - please post this as an attachment with your post.


– System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0

Architecture: X86; Language: English

CPU 0: Intel® Core2 CPU 6400 @ 2.13GHz

CPU 1: Intel® Core2 CPU 6400 @ 2.13GHz

Percentage of Memory in Use: 52%

Physical Memory (total/avail): 1021.98 MiB / 481.37 MiB

Pagefile Memory (total/avail): 2458.33 MiB / 1994.89 MiB

Virtual Memory (total/avail): 2047.88 MiB / 1926.82 MiB

C: is Fixed (NTFS) - 169.93 GiB total, 105.71 GiB free.

D: is Fixed (NTFS) - 58.19 GiB total, 17.37 GiB free.

E: is CDROM (No Media)

F: is Removable (No Media)

G: is Removable (No Media)

H: is Removable (No Media)

I: is Removable (No Media)

J: is Removable (No Media)

\.\PHYSICALDRIVE0 - ST3250824AS - 232.83 GiB - 4 partitions

\PARTITION0 - Unknown - 54.88 MiB

\PARTITION1 (bootable) - Installable File System - 169.93 GiB - C:

\PARTITION2 - Extended w/Extended Int 13 - 58.19 GiB - D:

\PARTITION3 - Unknown - 4.64 GiB

\.\PHYSICALDRIVE5 - Dell USB Mass Storage USB Device

\.\PHYSICALDRIVE1 - TEAC USB HS-CF Card USB Device

\.\PHYSICALDRIVE3 - TEAC USB HS-MS Card USB Device

\.\PHYSICALDRIVE4 - TEAC USB HS-SD Card USB Device

\.\PHYSICALDRIVE2 - TEAC USB HS-xD/SM USB Device

– Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.

Windows Internal Firewall is disabled.

FirstRunDisabled is set.

AntiVirusDisableNotify is set.

FirewallDisableNotify is set.

FW: McAfee Personal Firewall v (McAfee)

AV: AVG Anti-Virus Free v8.0 (AVG Technologies)

AV: McAfee VirusScan v (McAfee)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

“%windir%\system32\sessmgr.exe”="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

“C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe”=“C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL”

“C:\Program Files\Common Files\AOL\ACS\AOLDial.exe”=“C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL”

“C:\Program Files\AOL 9.0\waol.exe”=“C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL”

“%windir%\Network Diagnostic\xpnetdiag.exe”="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

“%windir%\system32\sessmgr.exe”="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

“C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe”=“C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL”

“C:\Program Files\Common Files\AOL\ACS\AOLDial.exe”=“C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL”

“C:\Program Files\AOL 9.0\waol.exe”=“C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL”

“C:\Program Files\Dell Network Assistant\ezi_hnm2.exe”=“C:\Program Files\Dell Network Assistant\ezi_hnm2.exe:*:Enabled:Dell Network Assistant”

“C:\Program Files\Messenger\msmsgs.exe”=“C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger”

“C:\Program Files\Gadu-Gadu\gg.exe”=“C:\Program Files\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program glówny”

“E:\STHIW\stInstall.exe”=“E:\STHIW\stInstall.exe:*:Enabled:SpeedTouch Home Install Wizard”

“C:\Program Files\Kontiki\KService.exe”=“C:\Program Files\Kontiki\KService.exe:*:Enabled:Delivery Manager Service”

“%windir%\Network Diagnostic\xpnetdiag.exe”="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

“C:\Program Files\LimeWire\LimeWire.exe”=“C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire”

“C:\Program Files\eMule\emule.exe”=“C:\Program Files\eMule\emule.exe:*:Enabled:eMule”

“C:\Program Files\iTunes\iTunes.exe”=“C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes”

“C:\Program Files\Real\RealPlayer\realplay.exe”=“C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer”

“C:\Program Files\Internet Explorer\iexplore.exe”=“C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer”

“C:\Program Files\QuickTime\QuickTimePlayer.exe”=“C:\Program Files\QuickTime\QuickTimePlayer.exe:*:Enabled:QuickTime Player”

“C:\WINDOWS\system32\dlcxcoms.exe”=“C:\WINDOWS\system32\dlcxcoms.exe:*:Enabled:Lexmark Communications System”

“C:\Program Files\Winamp Remote\bin\Orb.exe”=“C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb”

“C:\Program Files\Winamp Remote\bin\OrbTray.exe”=“C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray”

“C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe”=“C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client”

“C:\Program Files\Tlen.pl\tlen.exe”=“C:\Program Files\Tlen.pl\tlen.exe:*:Enabled:Komunikator Tlen.pl”

“C:\Program Files\VoipCheapCom\VoipCheapCom.exe”=“C:\Program Files\VoipCheapCom\VoipCheapCom.exe:*:Enabled:VoipCheapCom”

“C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe”=“C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent”

“C:\Program Files\Skype\Phone\Skype.exe”=“C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype”

“C:\Program Files\AVG\AVG8\avgupd.exe”=“C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe”

“C:\Program Files\AVG\AVG8\avgemc.exe”=“C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe”

– Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users

APPDATA=C:\Documents and Settings\Karina\Application Data

CLASSPATH=.;C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip

CLIENTNAME=Console

CommonProgramFiles=C:\Program Files\Common Files

COMPUTERNAME=IDONTKNOW

ComSpec=C:\WINDOWS\system32\cmd.exe

DEFAULT_CA_NR=CA8

FP_NO_HOST_CHECK=NO

HOMEDRIVE=C:

HOMEPATH=\Documents and Settings\Karina

LOGONSERVER=\IDONTKNOW

NUMBER_OF_PROCESSORS=2

OS=Windows_NT

Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Intel\DMIX;C:\Program Files\ATI Technologies\ATI.ACE;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Common Files\Teleca Shared

PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

PROCESSOR_ARCHITECTURE=x86

PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel

PROCESSOR_LEVEL=6

PROCESSOR_REVISION=0f06

ProgramFiles=C:\Program Files

PROMPT=$P$G

QTJAVA=C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip

SESSIONNAME=Console

SystemDrive=C:

SystemRoot=C:\WINDOWS

TEMP=C:\DOCUME~1\Karina\LOCALS~1\Temp

TMP=C:\DOCUME~1\Karina\LOCALS~1\Temp

USERDOMAIN=IDONTKNOW

USERNAME=Karina

USERPROFILE=C:\Documents and Settings\Karina

windir=C:\WINDOWS

__COMPAT_LAYER=EnableNXShowUI

– User Profiles ---------------------------------------------------------------

Karina (admin)

Administrator (admin)

– Add/Remove Programs ---------------------------------------------------------

–> MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}

–> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

a-squared Free 3.5 --> “C:\Program Files\a-squared Free\unins000.exe”

ABBYY FineReader 6.0 Sprint --> MsiExec.exe /X{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}

Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}

Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}

Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}

Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}

Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}

Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log

Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}

Archiwizator WinRAR --> C:\Program Files\WinRAR\uninstall.exe

ATI Catalyst Control Center --> MsiExec.exe /I{6913FBE5-1B4B-4308-8DDD-2944F9C91E06}

ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean

Audacity 1.2.4 --> “C:\Program Files\Audacity\unins000.exe”

AVG Free 8.0 --> C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL

Dell CinePlayer --> MsiExec.exe /I{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}

Dell Driver Reset Tool --> MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}

Dell Network Assistant --> MsiExec.exe /I{0240BDFB-2995-4A3F-8C96-18D41282B716}

Dell PC Fax --> C:\Program Files\Dell PC Fax\Install\x86\Uninst.exe /R:faxunst

Dell Photo AIO Printer 926 --> C:\Program Files\Dell Photo AIO Printer 926\Install\x86\Uninst.exe

Dell Photo Printer 720 Logger --> C:\Program Files\Dell Photo Printer 720\dlbcunst.exe

Dell Support 3.2 --> MsiExec.exe /X{3846E811-639D-4DE1-844B-30491C0A6C0C}

Disc2Phone --> MsiExec.exe /I{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9}

eMule --> “C:\Program Files\eMule\Uninstall.exe”

FinePixViewer Resource --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{B44529FF-501E-47CD-A06D-223C161BE058}\SETUP.EXE” -l0x9

FinePixViewer Ver.5.2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{24ED4D80-8294-11D5-96CD-0040266301AD}\SETUP.EXE” -l0x9

FUJIFILM USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{5490882C-6961-11D5-BAE5-00E0188E010B}\SETUP.EXE”

Gadu-Gadu 7.7 --> C:\Program Files\Gadu-Gadu\Setup.exe

GemMaster Mystic --> “C:\Program Files\GemMaster\uninstallgemmaster.exe”

High Definition Audio Driver Package - KB835221 --> C:\WINDOWS$NtUninstallKB835221WXP$\spuninst\spuninst.exe

HijackThis 2.0.2 --> “C:\Program Files\Trend Micro\HijackThis\HijackThis.exe” /uninstall

Hotfix for Windows Media Format 11 SDK (KB929399) --> “C:\WINDOWS$NtUninstallKB929399$\spuninst\spuninst.exe”

Intel® Matrix Storage Manager --> C:\WINDOWS\System32\Imsmudlg.exe

iPod for Windows 2006-03-23 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB} /l1033

iTunes --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{59C4F14F-7590-45FC-BE9F-A67AB3590709} /l1033

J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}

J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}

J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}

Jasc Paint Shop Photo Album --> MsiExec.exe /I{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}

Jasc Paint Shop Pro 8 Dell Edition --> MsiExec.exe /I{81A34902-9D0B-4920-A25C-4CDC5D14B328}

Java 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}

Java 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}

Java SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}

Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe

Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe

Logitech QuickCam --> MsiExec.exe /X{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}

Logitech QuickCam Driver Package --> “C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\11.50.1145\LgDrvInst.exe” -remove -instdir"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers" -enumdelay=2000 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -promptuninstall -arpregkey"lvdrivers_11.50" /clone_wait /hide_progress

MAGIX Goya burnR (UK) --> C:\MAGIX\Goya_burnR\instslct.exe

McAfee SecurityCenter --> C:\Program Files\McAfee\MSC\mcuninst.exe

MCU --> MsiExec.exe /I{D2988E9B-C73F-422C-AD4B-A66EBE257120}

Microsoft Compression Client Pack 1.0 for Windows XP --> “C:\WINDOWS$NtUninstallMSCompPackV1$\spuninst\spuninst.exe”

Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}

Microsoft User-Mode Driver Framework Feature Pack 1.0 --> “C:\WINDOWS$NtUninstallWudf01000$\spuninst\spuninst.exe”

Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

Microsoft Works --> MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}

MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP

Nikon FotoShare --> C:\Program Files\Nikon\FotoShare\Uninstal.exe C:\PROGRA~1\Nikon\FOTOSH~1\INSTALL.LOG

Nikon Message Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\Setup.exe” -l0x9 UNINSTALL

Otto --> “C:\Program Files\EnglishOtto\uninstallotto.exe”

PictureProject --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{FF3999BE-1A7B-4738-88AA-97BF14094A4A}\Setup.exe” -l0x9 UNINSTALL

Prince of Persia Warrior Within --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{EE5BC0BB-9EDA-423C-8276-48857B735D68}\setup.exe” -l0x9

QuickTime --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{929408E6-D265-4174-805F-81D1D914E2A4} /l1033

RAW FILE CONVERTER LE --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{D680C913-5955-469D-9D88-C1940F7506D6}\SETUP.EXE” -l0x9

RealPlayer Basic --> C:\Program Files\Common Files\Real\Update\rnuninst.exe RealNetworks|RealPlayer|6.0

SearchAssist --> C:\DELL\SearchAssist\UninstSA.bat

Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Skype™ 3.6 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}

Sonic Activation Module --> MsiExec.exe /I{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}

Sonic Encoders --> MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}

Text-To-Speech-Runtime --> MsiExec.exe /X{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}

Tlen.pl --> “C:\Program Files\Tlen.pl\uninstall.exe”

Trojan Remover 6.6.9 --> “C:\Program Files\Trojan Remover\unins000.exe”

Update Rollup 2 for Windows XP Media Center Edition 2005 --> C:\WINDOWS$NtUninstallKB900325$\spuninst\spuninst.exe

URL Assistant --> regsvr32 /u /s “C:\Program Files\BAE\BAE.dll”

USB 2.0 Wireless LAN Card Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{A3BC5D37-30F9-4CF7-BD5C-0DFF063E4B6D}\setup.exe” -l0x9 -L0x9 -removeonly

VideoLAN VLC media player 0.8.6d --> C:\Program Files\VideoLAN\VLC\uninstall.exe

Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u

Virtual DJ - Atomix Productions --> C:\PROGRA~1\VIRTUA~1\UNWISE.EXE C:\PROGRA~1\VIRTUA~1\INSTALL.LOG

VoipCheapCom --> “C:\Program Files\VoipCheapCom\unins000.exe”

WebVideo Support --> C:\WINDOWS\spwoqbmv.exe

Winamp --> “C:\Program Files\Winamp\UninstWA.exe”

Windows Media Format 11 runtime --> “C:\WINDOWS$NtUninstallWMFDist11$\spuninst\spuninst.exe”

Windows Media Format SDK Hotfix - KB898549 --> “C:\WINDOWS$NtUninstallKB898549$\spuninst\spuninst.exe”

Windows XP Media Center Edition 2005 KB908246 --> “C:\WINDOWS$NtUninstallKB908246$\spuninst\spuninst.exe”

Windows XP Media Center Edition 2005 KB925766 --> “C:\WINDOWS$NtUninstallKB925766$\spuninst\spuninst.exe”

– Application Event Log -------------------------------------------------------

Event Record #/Type1728 / Warning

Event Submitted/Written: 04/27/2008 09:32:07 AM

Event ID/Source: 1001 / MsiInstaller

Event Description:

Detection of product ‘{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}’, feature ‘QuickCam’ failed during request for component ‘{3BBB8098-03C8-48DC-AA83-9B2159E12E0D}’

Event Record #/Type1727 / Warning

Event Submitted/Written: 04/27/2008 09:32:07 AM

Event ID/Source: 1004 / MsiInstaller

Event Description:

Detection of product ‘{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}’, feature ‘QuickCam’, component ‘{B52C7B4D-F46F-438C-ADF2-05A138C57757}’ failed. The resource ‘HKEY_CURRENT_USER\Software\Logitech\InstallerKeys\QCDesktopShortcutKey’ does not exist.

Event Record #/Type1726 / Warning

Event Submitted/Written: 04/27/2008 09:32:07 AM

Event ID/Source: 1001 / MsiInstaller

Event Description:

Detection of product ‘{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}’, feature ‘QuickCam’ failed during request for component ‘{3BBB8098-03C8-48DC-AA83-9B2159E12E0D}’

Event Record #/Type1725 / Warning

Event Submitted/Written: 04/27/2008 09:32:07 AM

Event ID/Source: 1004 / MsiInstaller

Event Description:

Detection of product ‘{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}’, feature ‘QuickCam’, component ‘{B52C7B4D-F46F-438C-ADF2-05A138C57757}’ failed. The resource ‘HKEY_CURRENT_USER\Software\Logitech\InstallerKeys\QCDesktopShortcutKey’ does not exist.

Event Record #/Type1724 / Warning

Event Submitted/Written: 04/27/2008 09:32:06 AM

Event ID/Source: 1001 / MsiInstaller

Event Description:

Detection of product ‘{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}’, feature ‘QuickCam’ failed during request for component ‘{62BA7C13-20BB-41F7-A6A4-482632CE53D4}’

– Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

– System Event Log ------------------------------------------------------------

Event Record #/Type23290 / Warning

Event Submitted/Written: 04/27/2008 09:00:22 AM

Event ID/Source: 4226 / Tcpip

Event Description:

TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type23224 / Warning

Event Submitted/Written: 04/27/2008 00:42:35 AM

Event ID/Source: 27 / e1express

Event Description:

Intel® 82566DC Gigabit Network Connection

Link has been disconnected.

Event Record #/Type23220 / Warning

Event Submitted/Written: 04/27/2008 00:42:18 AM

Event ID/Source: 27 / e1express

Event Description:

Intel® 82566DC Gigabit Network Connection

Link has been disconnected.

Event Record #/Type23218 / Error

Event Submitted/Written: 04/27/2008 00:41:20 AM

Event ID/Source: 8007 / BROWSER

Event Description:

The browser was unable to update the service status bits. The data is the error.

Event Record #/Type23138 / Warning

Event Submitted/Written: 04/26/2008 11:20:22 PM

Event ID/Source: 4226 / Tcpip

Event Description:

TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

– End of Deckard’s System Scanner: finished at 2008-04-27 09:42:46 ------------

No rootkits found!

File “C:\WINDOWS\bdkpfxqw.dll” deleted successfully.

Folder “C:\WINDOWS\privacy_danger” deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

W dniu 27.04.2008 , o godzinie 10:48 został dopisany post przez paulaaa

http://www.wklej.org/id/eaae5d0a29

fix w hijackthis

Pobierz Avenger

wklej do niego ten tekst:

Files to delete:

C:\WINDOWS\spwoqbmv.exe

C:\WINDOWS\bdkpfxqw.dll


Folders to delete:

C:\Documents and Settings\All Users\Application Data\vwfqrcvm

kopiuj to i klikasz na Paste Script from Clipboard wybierasz Execute oraz Potwierdzasz i zgadzasz się na restart klikając OK.

Kasujesz ręcznie z dysku plik: C:\Avenger\backup.zip i wklejasz na forum raport: C:\avenger.txt

otwórz notatnik i wklej

Z menu Notatnika -> Plik -> Zapisz jako -> Zmień rozszerzenie z .txt na wszystkie pliki -> zapisz pod nazwą Fix.reg

Uruchom ten plik, uruchom ponownie komputer

Daj nowy log z Dss

Logi dajesz na http://www.wklej.org

Ok zrobione.

Co myslisz? http://www.wklej.org/id/5495964e10

W dniu 27.04.2008 , o godzinie 11:20 został dopisany post przez paulaaa

Wydaje sie,ze syf sie usunol,ale moze jest cos czego nie widze. ![-o<

W dniu 27.04.2008 , o godzinie 11:34 został dopisany post przez paulaaa

![-o<

paulaaa ,

Proszę poprawić pisownię w opisie problemu.

W celu dokonania korekty proszę użyć przycisku ac7a4cd89050aa6e.gif przy poście otwierającym ten temat.

Zignorowanie zalecenia będzie skutkowało usunięciem tematu do Kosza.

Ważne - w związku ze zmianą, jaka obowiązuje przy wklejaniu logów w tym dziale, przeczytaj i zastosuj się do Tematu

Przepraszam o niedostosowanie sie do zasad ,ale niestety nie posiadam polskich znakow na komputerze.Klikam z UK.Poprawie opis jak tylko sie da.

W dniu 27.04.2008 , o godzinie 12:02 został dopisany post przez paulaaa

Czy myslicie ze to juz wszystko.?Komp wyglada na czysty,zeskanowalam go Trojan Remover,ale nic nie wykryl. ![-o<

Jak na mnie log wygląda na czysty

Hubert jestes moim Bogiem!Dzieki wielkie! =D>

Temat pomocny

Polski układ klawiatury w anglojęzycznym Windows XP