Jak pzobyć się trojana .VB.aqt z dysku?

Oprogramowanie komputerowe Problemy z oprogramowaniem
#1

Witam, jestem zupełnym laikiem w temacie - będę wdzięczna za pomoc. Mój komp świruje od jakiegoś czasu, sytem zawiesza się w nieoczekiwanych momentach. Word w ogóle nie działa. AVG wykrył u mnie cztery pliki zainfekowane trojanem VB.aqt. Jak go usunąć?

#2

tresa , proszę zapoznaj się z tą stroną oraz tym tematem, a następnie popraw tytuł tematu, używając przycisku ac7a4cd89050aa6e.gif

#3

Plik zainfekował dwa dyski - C:\System Volume Information, E:\System Volume Information i E:\Recycled\ctfmon.exe,

#4

dla pewności dałabyś logi z Hijack This , ComboFix i Sillent Runners to zobczymy co tam siedzi :-o

#5

w takim razie muszę jeszcze zapytać co to są logi? :slight_smile:

#6

viewtopic.php?t=36654

#7

Zainstalowałam HijackThis. To log z przeskanowania sytemu. AVG poddał pliki kwarantannie, czy to ma wpływ na wygląd poniższego?

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:39:23, on 2008-01-26

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\HPQ\IAM\bin\asghost.exe

C:\WINDOWS\Explorer.EXE

c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

c:\Program Files\Common Files\Symantec Shared\ccProxy.exe

c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\WINDOWS\System32\FTRTSVC.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe

C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE

C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe

C:\WINDOWS\SMINST\Scheduler.exe

C:\Program Files\D-Tools\daemon.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\PROGRA~1\NEOSTR~1\TaskBarIcon.exe

C:\Program Files\Winamp\winampa.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE

C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe

C:\Program Files\Corel\Graphics9\Register\Remind32.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe

C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE

c:\progra~1\common~1\instal~1\update~1\isuspm.exe

C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = neostrada tp

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll

O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM…\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM…\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM…\Run: [soundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray

O4 - HKLM…\Run: [PTHOSTTR] C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start

O4 - HKLM…\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM…\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE

O4 - HKLM…\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM…\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM…\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM…\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM…\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

O4 - HKLM…\Run: [ccApp] “c:\Program Files\Common Files\Symantec Shared\ccApp.exe”

O4 - HKLM…\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule

O4 - HKLM…\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM…\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe

O4 - HKLM…\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe

O4 - HKLM…\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe

O4 - HKLM…\Run: [scheduler] C:\WINDOWS\SMINST\Scheduler.exe

O4 - HKLM…\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe

O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime

O4 - HKLM…\Run: [DAEMON Tools-1033] “C:\Program Files\D-Tools\daemon.exe” -lang 1033

O4 - HKLM…\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM…\Run: [iSUSScheduler] “C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe” -start

O4 - HKLM…\Run: [statusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto

O4 - HKLM…\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe

O4 - HKLM…\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe

O4 - HKLM…\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\GestMaj.exe TaskBarIcon.exe

O4 - HKLM…\Run: [iTunesHelper] “C:\Program Files\iTunes\iTunesHelper.exe”

O4 - HKLM…\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU…\Run: [Zinio DLM] C:\Program Files\Zinio\ZinioDeliveryManager.exe /autostart

O4 - HKCU…\Run: [MsnMsgr] “C:\Program Files\MSN Messenger\MsnMsgr.Exe” /background

O4 - HKCU…\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA LOKALNA’)

O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’)

O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)

O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)

O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe

O4 - Startup: Rejestrowanie produktów Corela.lnk = C:\Program Files\Corel\Graphics9\Register\Remind32.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Wyślij do interfejsu &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com

O15 - Trusted Zone: http://www.mks.com.pl

O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.c … hcImpl.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar … /cabsa.cab

O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MainControl Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab

O20 - Winlogon Notify: OneCard - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Harmonogram automatycznej usługi LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe

O23 - Service: Usługa Auto-Protect programu Norton AntiVirus (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: Usługa Norton Protection Center (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE

O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

End of file - 13294 bytes

#8

Dziękuje Sguall

#9

Poniżej log z Silent Runners:

“Silent Runners.vbs”, revision 55, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by “{++}”

Startup items buried in registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

“CTFMON.EXE” = “C:\WINDOWS\system32\ctfmon.exe” [MS]

“Zinio DLM” = “C:\Program Files\Zinio\ZinioDeliveryManager.exe /autostart” [file not found]

“MsnMsgr” = ““C:\Program Files\MSN Messenger\MsnMsgr.Exe” /background” [file not found]

“swg” = “C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe” [“Google Inc.”]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

“AGRSMMSG” = “AGRSMMSG.exe” [“Agere Systems”]

“SoundMAXPnP” = “C:\Program Files\Analog Devices\Core\smax4pnp.exe” [“Analog Devices, Inc.”]

“SoundMAX” = “C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray” [“Analog Devices, Inc.”]

“PTHOSTTR” = “C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start” [“Hewlett-Packard Development Company, L.P.”]

“HP Software Update” = “C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe” [“Hewlett-Packard Co.”]

“DLA” = “C:\WINDOWS\System32\DLA\DLACTRLW.EXE” [“Sonic Solutions”]

“SynTPEnh” = “C:\Program Files\Synaptics\SynTP\SynTPEnh.exe” [“Synaptics, Inc.”]

“igfxtray” = “C:\WINDOWS\system32\igfxtray.exe” [“Intel Corporation”]

“igfxhkcmd” = “C:\WINDOWS\system32\hkcmd.exe” [“Intel Corporation”]

“igfxpers” = “C:\WINDOWS\system32\igfxpers.exe” [“Intel Corporation”]

“hpWirelessAssistant” = “C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe” [“Hewlett-Packard Development Company, L.P.”]

“ccApp” = ““c:\Program Files\Common Files\Symantec Shared\ccApp.exe”” [“Symantec Corporation”]

“CognizanceTS” = “rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule” [MS]

“QlbCtrl” = “C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start”

“Cpqset” = “C:\Program Files\HPQ\Default Settings\cpqset.exe” [null data]

“Recguard” = “C:\WINDOWS\Sminst\Recguard.exe” [empty string]

“Reminder” = “C:\WINDOWS\Creator\Remind_XP.exe” [empty string]

“Scheduler” = “C:\WINDOWS\SMINST\Scheduler.exe” [empty string]

“WatchDog” = “C:\Program Files\InterVideo\DVD Check\DVDCheck.exe” [“InterVideo Inc.”]

“QuickTime Task” = ““C:\Program Files\QuickTime\qttask.exe” -atboottime” [“Apple Computer, Inc.”]

“DAEMON Tools-1033” = ““C:\Program Files\D-Tools\daemon.exe” -lang 1033” [“DAEMON’S HOME”]

“ISUSPM Startup” = “C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup” [“InstallShield Software Corporation”]

“ISUSScheduler” = ““C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe” -start” [“InstallShield Software Corporation”]

“(Default)” = (empty string) [file not found]

“StatusClient” = “C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto” [“Hewlett-Packard”]

“TomcatStartup” = “C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe” [“Hewlett-Packard”]

“WOOWATCH” = “C:\PROGRA~1\NEOSTR~1\Watch.exe” [“France Télécom R&D”]

“WOOTASKBARICON” = “C:\PROGRA~1\NEOSTR~1\GestMaj.exe TaskBarIcon.exe” [“France Télécom R&D”]

“iTunesHelper” = ““C:\Program Files\iTunes\iTunesHelper.exe”” [“Apple Computer, Inc.”]

“WinampAgent” = “C:\Program Files\Winamp\winampa.exe” [null data]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided)

-> {HKLM…CLSID} = “Adobe PDF Reader Link Helper”

\InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”]

{53707962-6F74-2D53-2644-206D7942484F}(Default) = (no title provided)

-> {HKLM…CLSID} = (no title provided)

\InProcServer32(Default) = “C:\PROGRA~1\SPYBOT~1\SDHelper.dll” [“Safer Networking Limited”]

{5CA3D70E-1895-11CF-8E15-001234567890}(Default) = “*_” (unwritable string)

-> {HKLM…CLSID} = “DriveLetterAccess”

\InProcServer32(Default) = “C:\WINDOWS\System32\DLA\DLASHX_W.DLL” [“Sonic Solutions”]

{9030D464-4C02-4ABF-8ECC-5164760863C6}(Default) = (no title provided)

-> {HKLM…CLSID} = “Windows Live Sign-in Helper”

\InProcServer32(Default) = “C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll” [MS]

{A8F38D8D-E480-4D52-B7A2-731BB6995FDD}(Default) = “NAV Helper”

-> {HKLM…CLSID} = “CNavExtBho Class”

\InProcServer32(Default) = “c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll” [“Symantec Corporation”]

{AA58ED58-01DD-4d91-8333-CF10577473F7}(Default) = (no title provided)

-> {HKLM…CLSID} = “Google Toolbar Helper”

\InProcServer32(Default) = “c:\program files\google\googletoolbar2.dll” [“Google Inc.”]

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}(Default) = (no title provided)

-> {HKLM…CLSID} = “Google Toolbar Notifier BHO”

\InProcServer32(Default) = “C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll” [“Google Inc.”]

{DF21F1DB-80C6-11D3-9483-B03D0EC10000}(Default) = “HP Credential Manager for ProtectTools”

-> {HKLM…CLSID} = “HP Credential Manager for ProtectTools”

\InProcServer32(Default) = “C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll” [“Infineon Technologies AG”]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

“{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania”

-> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania”

\InProcServer32(Default) = “deskpan.dll” [file not found]

“{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu”

-> {HKLM…CLSID} = “HyperTerminal Icon Ext”

\InProcServer32(Default) = “C:\WINDOWS\system32\hticons.dll” [“Hilgraeve, Inc.”]

“{5CA3D70E-1895-11CF-8E15-001234567890}” = “DriveLetterAccess”

-> {HKLM…CLSID} = “DriveLetterAccess”

\InProcServer32(Default) = “C:\WINDOWS\System32\DLA\DLASHX_W.DLL” [“Sonic Solutions”]

“{2F603045-309F-11CF-9774-0020AFD0CFF6}” = “Synaptics Control Panel”

-> {HKLM…CLSID} = (no title provided)

\InProcServer32(Default) = “C:\Program Files\Synaptics\SynTP\SynTPCpl.dll” [“Synaptics, Inc.”]

“{cc86590a-b60a-48e6-996b-41d25ed39a1e}” = “Portable Media Devices Menu”

-> {HKLM…CLSID} = “Portable Media Devices Menu”

\InProcServer32(Default) = “C:\WINDOWS\system32\Audiodev.dll” [MS]

“{666C7831-A9B6-4AB4-94ED-DC238C81E925}” = “Document Manager (Context Menu)”

-> {HKLM…CLSID} = “Document Manager (Shell Context Menu)”

\InProcServer32(Default) = “C:\Program Files\HPQ\IAM\Bin\SFSShell.dll” [“Cognizance Corporation”]

“{666C7832-A9B6-4AB4-94ED-DC238C81E925}” = “Document Manager (File Properties)”

-> {HKLM…CLSID} = “Document Manager (Shell File Properties)”

\InProcServer32(Default) = “C:\Program Files\HPQ\IAM\Bin\SFSShell.dll” [“Cognizance Corporation”]

“{666C7835-A9B6-4AB4-94ED-DC238C81E925}” = “Document Manager (Drive Properties)”

-> {HKLM…CLSID} = “Document Manager (Shell Drive Properties)”

\InProcServer32(Default) = “C:\Program Files\HPQ\IAM\Bin\SFSShell.dll” [“Cognizance Corporation”]

“{7F67036B-66F1-411A-AD85-759FB9C5B0DB}” = “SampleView”

-> {HKLM…CLSID} = “SampleView”

\InProcServer32(Default) = “C:\WINDOWS\system32\ShellvRTF.dll” [“XSS”]

“{6af09ec9-b429-11d4-a1fb-0090960218cb}” = “My Bluetooth Places”

-> {HKLM…CLSID} = “Moje miejsca interfejsu Bluetooth”

\InProcServer32(Default) = “C:\WINDOWS\system32\btneighborhood.dll” [“Broadcom Corporation.”]

“{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler”

-> {HKLM…CLSID} = (no title provided)

\InProcServer32(Default) = “C:\Program Files\Microsoft Office\OFFICE11\msohev.dll” [MS]

“{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}” = “Shell Extensions for RealOne Player”

-> {HKLM…CLSID} = “RealOne Player Context Menu Class”

\InProcServer32(Default) = “C:\Program Files\Real\RealPlayer\rpshell.dll” [“RealNetworks, Inc.”]

“{6DEA92E9-8682-4b6a-97DE-354772FE5727}” = “Autodesk DWF Preview”

-> {HKLM…CLSID} = “ACDWFTHMBPRXY”

\InProcServer32(Default) = “C:\Program Files\Common Files\Autodesk Shared\AcDwfThmbPrxy16.dll” [“Autodesk”]

“{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}” = “iTunes”

-> {HKLM…CLSID} = “iTunes”

\InProcServer32(Default) = “C:\Program Files\iTunes\iTunesMiniPlayer.dll” [“Apple Computer, Inc.”]

“{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension”

-> {HKLM…CLSID} = “WinRAR”

\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]

“{0006F045-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Custom Icon Handler”

-> {HKLM…CLSID} = “Rozszerzenie ikon plików programu Outlook”

\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL” [MS]

“{00020D75-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Desktop Icon Handler”

-> {HKLM…CLSID} = “Microsoft Office Outlook”

\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL” [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\

<> “{57B86673-276A-48B2-BAE7-C6DBB3020EB8}” = “AVG Anti-Spyware 7.5”

-> {HKLM…CLSID} = “CShellExecuteHookImpl Object”

\InProcServer32(Default) = “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll” [“GRISOFT s.r.o.”]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\

<> igfxcui\DLLName = “igfxdev.dll” [“Intel Corporation”]

<> OneCard\DLLName = “C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll” [“Cognizance Corporation”]

HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\

<> text/xml\CLSID = “{807553E5-5146-11D5-A672-00B0D022E945}”

-> {HKLM…CLSID} = (no title provided)

\InProcServer32(Default) = “C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL” [MS]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\

{F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = “PDF Column Info”

-> {HKLM…CLSID} = “PDF Shell Extension”

\InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll” [“Adobe Systems, Inc.”]

HKLM\SOFTWARE\Classes*\shellex\ContextMenuHandlers\

AVG Anti-Spyware(Default) = “{8934FCEF-F5B8-468f-951F-78A921CD3920}”

-> {HKLM…CLSID} = “CContextScan Object”

\InProcServer32(Default) = “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll” [“GRISOFT s.r.o.”]

Document Manager(Default) = “{666C7831-A9B6-4AB4-94ED-DC238C81E925}”

-> {HKLM…CLSID} = “Document Manager (Shell Context Menu)”

\InProcServer32(Default) = “C:\Program Files\HPQ\IAM\Bin\SFSShell.dll” [“Cognizance Corporation”]

Symantec.Norton.Antivirus.IEContextMenu(Default) = “{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}”

-> {HKLM…CLSID} = “IEContextMenu Class”

\InProcServer32(Default) = “c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll” [“Symantec Corporation”]

WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”

-> {HKLM…CLSID} = “WinRAR”

\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\

AVG Anti-Spyware(Default) = “{8934FCEF-F5B8-468f-951F-78A921CD3920}”

-> {HKLM…CLSID} = “CContextScan Object”

\InProcServer32(Default) = “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll” [“GRISOFT s.r.o.”]

Document Manager(Default) = “{666C7831-A9B6-4AB4-94ED-DC238C81E925}”

-> {HKLM…CLSID} = “Document Manager (Shell Context Menu)”

\InProcServer32(Default) = “C:\Program Files\HPQ\IAM\Bin\SFSShell.dll” [“Cognizance Corporation”]

WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”

-> {HKLM…CLSID} = “WinRAR”

\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\

Symantec.Norton.Antivirus.IEContextMenu(Default) = “{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}”

-> {HKLM…CLSID} = “IEContextMenu Class”

\InProcServer32(Default) = “c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll” [“Symantec Corporation”]

WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”

-> {HKLM…CLSID} = “WinRAR”

\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]

Group Policies {policy setting}:

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\

“DisableRegistryTools” = (REG_DWORD) dword:0x00000000

{Prevent access to registry editing tools}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

“shutdownwithoutlogon” = (REG_DWORD) dword:0x00000001

{Shutdown: Allow system to be shut down without having to log on}

“undockwithoutlogon” = (REG_DWORD) dword:0x00000001

{Devices: Allow undock without having to log on}

Active Desktop and Wallpaper:

Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

“Wallpaper” = “C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp”

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCU\Control Panel\Desktop\

“Wallpaper” = “C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp”

Enabled Screen Saver:

HKCU\Control Panel\Desktop\

“SCRNSAVE.EXE” = “C:\WINDOWS\system32\ssstars.scr” [MS]

DESKTOP.INI DLL launch in local fixed drive directories:

C:\Program Files\WIDCOMM\Bluetooth Software\Moje miejsca interfejsu Bluetooth\DESKTOP.INI

[.ShellClassInfo]

CLSID={6af09ec9-b429-11d4-a1fb-0090960218cb}

-> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\btneighborhood.dll” [“Broadcom Corporation.”]

E:\cmdcons\DESKTOP.INI

[.ShellClassInfo]

CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}

-> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ShellvRTF.dll” [“XSS”]

E:\MiniNT\DESKTOP.INI

[.ShellClassInfo]

CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}

-> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ShellvRTF.dll” [“XSS”]

E:\i386\DESKTOP.INI

[.ShellClassInfo]

CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}

-> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ShellvRTF.dll” [“XSS”]

E:\PRELOAD\DESKTOP.INI

[.ShellClassInfo]

CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}

-> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ShellvRTF.dll” [“XSS”]

Startup items in “admin” & “All Users” startup folders:

C:\Documents and Settings\admin\Menu Start\Programy\Autostart

“Picture Motion Browser Media Check Tool” -> shortcut to: “C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe /nobaloononstart” [“Sony Corporation”]

“Rejestrowanie produktów Corela” -> shortcut to: “C:\Program Files\Corel\Graphics9\Register\Remind32.exe” [“IntelliQuest Communications, Inc.”]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart

“Adobe Reader Speed Launch” -> shortcut to: “C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe” [“Adobe Systems Incorporated”]

“BTTray” -> shortcut to: “C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe” [“Broadcom Corporation.”]

“DVD Check” -> shortcut to: “C:\Program Files\InterVideo\DVD Check\DVDCheck.exe” [“InterVideo Inc.”]

Enabled Scheduled Tasks:

“AppleSoftwareUpdate” -> launches: “C:\Program Files\Apple Software Update\SoftwareUpdate.exe -Task” [“Apple Computer, Inc.”]

“Norton AntiVirus - Uruchom pełne skanowanie systemu - admin” -> launches: “c:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe /TASK:“C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Norton AntiVirus\Tasks\mycomp.sca”” [“Symantec Corporation”]

Winsock2 Service Provider DLLs:

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS]

000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS]

000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 23

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

Toolbars, Explorer Bars, Extensions:

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

“{C4069E3A-68F1-403E-B40E-20066696354B}”

-> {HKLM…CLSID} = “Norton AntiVirus”

\InProcServer32(Default) = “c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll” [“Symantec Corporation”]

“{2318C2B1-4965-11D4-9B18-009027A5CD4F}”

-> {HKLM…CLSID} = “&Google”

\InProcServer32(Default) = “c:\program files\google\googletoolbar2.dll” [“Google Inc.”]

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\

“{C4069E3A-68F1-403E-B40E-20066696354B}” = “Norton AntiVirus”

-> {HKLM…CLSID} = “Norton AntiVirus”

\InProcServer32(Default) = “c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll” [“Symantec Corporation”]

“{2318C2B1-4965-11D4-9B18-009027A5CD4F}” = (no title provided)

-> {HKLM…CLSID} = “&Google”

\InProcServer32(Default) = “c:\program files\google\googletoolbar2.dll” [“Google Inc.”]

Explorer Bars

HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\

HKLM\SOFTWARE\Classes\CLSID{FF059E31-CC5A-4E2E-BF3B-96E929D65503}(Default) = “&Badanie”

Implemented Categories{00021493-0000-0000-C000-000000000046}\ [vertical bar]

InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL” [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\

“ButtonText” = “Badanie”

Miscellaneous IE Hijack Points

HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\

<> “{08C06D61-F1F3-4799-86F8-BE1A89362C85}” = (no title provided)

-> {HKLM…CLSID} = “Search Class”

\InProcServer32(Default) = “C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL” [empty string]

Running Services (Display Name, Service Name, Path {Service DLL}):

Autodesk Licensing Service, Autodesk Licensing Service, ““C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe”” [“Autodesk”]

AVG Anti-Spyware Guard, AVG Anti-Spyware Guard, “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe” [“GRISOFT s.r.o.”]

Bluetooth Service, btwdins, “C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe” [“Broadcom Corporation.”]

France Telecom Routing Table Service, FTRTSVC, “C:\WINDOWS\System32\FTRTSVC.exe” [“France Telecom”]

Harmonogram automatycznej usługi LiveUpdate, Harmonogram automatycznej usługi LiveUpdate, ““C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe”” [“Symantec Corporation”]

hpqwmiex, hpqwmiex, “C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe” [“Hewlett-Packard Development Company, L.P.”]

iPod Service, iPod Service, ““C:\Program Files\iPod\bin\iPodService.exe”” [“Apple Computer, Inc.”]

LightScribeService Direct Disc Labeling Service, LightScribeService, ““C:\Program Files\Common Files\LightScribe\LSSrvc.exe”” [“Hewlett-Packard Company”]

Local Communication Channel, ASChannel, “C:\WINDOWS\System32\svchost.exe -k Cognizance” {“C:\Program Files\HPQ\IAM\Bin\ASChnl.dll” [“Cognizance Corporation”]}

Machine Debug Manager, MDM, ““C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE”” [MS]

RaySat_3dsmax8 Server, mi-raysat_3dsmax8, ““C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe”” [null data]

Symantec Core LC, Symantec Core LC, ““C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe”” [“Symantec Corporation”]

Symantec Event Manager, ccEvtMgr, ““c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe”” [“Symantec Corporation”]

Symantec Network Drivers Service, SNDSrvc, ““c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe”” [“Symantec Corporation”]

Symantec Network Proxy, ccProxy, ““c:\Program Files\Common Files\Symantec Shared\ccProxy.exe”” [“Symantec Corporation”]

Symantec Settings Manager, ccSetMgr, ““c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe”” [“Symantec Corporation”]

Usługa Norton Protection Center, NSCService, “C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE” [“Symantec Corporation”]

Windows User Mode Driver Framework, UMWdf, “C:\WINDOWS\system32\wdfmgr.exe” [MS]

Print Monitors:

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\

HP Master Monitor\Driver = “HPBMMON.DLL” [“Hewlett-Packard”]

HP Mobile Printing Monitor\Driver = “HPMPMW.DLL” [“Hewlett-Packard”]

Microsoft Document Imaging Writer Monitor\Driver = “mdimon.dll” [MS]

Port drukarki interfejsu Bluetooth\Driver = “bthcrp.dll” [“Broadcom Corporation.”]

---------- (launch time: 2008-01-26 13:51:43)

<>: Suspicious data at a malware launch point.

<>: Suspicious data at a browser hijack point.

  • This report excludes default entries except where indicated.

  • To see *everywhere* the script checks and *everything* it finds,

launch it from a command prompt or a shortcut with the -all parameter.

  • The search for DESKTOP.INI DLL launch points on all local fixed drives

took 36 seconds.

---------- (total run time: 68 seconds)

#10

Jeszcze Combo Fix…

#11

ComboFix 08-01-23.1C - admin 2008-01-26 14:01:08.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.595 [GMT 1:00]

Running from: C:\Documents and Settings\admin\Ustawienia lokalne\Temporary Internet Files\Content.IE5\QLHV1LJB\ComboFix[1].exe

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED!!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Autorun.inf

E:\Autorun.inf

.

((((((((((((((((((((((((( Files Created from 2007-12-26 to 2008-01-26 )))))))))))))))))))))))))))))))

.

2008-01-26 14:00 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe

2008-01-26 13:39 . 2008-01-26 13:39

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-01-26 13:04 --------- d-----w C:\Program Files\neostrada tp

2008-01-25 21:42 --------- d-----w C:\Program Files\Common Files\Adobe

2008-01-13 13:57 --------- d-----w C:\Program Files\eMule

2007-12-17 21:30 --------- d-----w C:\Program Files\Common Files\Symantec Shared

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 09:00 15360]

“Zinio DLM”=“C:\Program Files\Zinio\ZinioDeliveryManager.exe” []

“MsnMsgr”=“C:\Program Files\MSN Messenger\MsnMsgr.exe” []

“swg”=“C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe” [2007-10-06 13:17 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“AGRSMMSG”=“AGRSMMSG.exe” [2006-01-30 02:00 88203 C:\WINDOWS\AGRSMMSG.exe]

“SoundMAXPnP”=“C:\Program Files\Analog Devices\Core\smax4pnp.exe” [2005-05-20 09:11 925696]

“SoundMAX”=“C:\Program Files\Analog Devices\SoundMAX\Smax4.exe” [2005-05-06 13:06 716800]

“PTHOSTTR”=“C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.exe” [2006-02-14 10:56 122880]

“HP Software Update”=“C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe” [2005-02-16 22:11 49152]

“DLA”=“C:\WINDOWS\System32\DLA\DLACTRLW.EXE” [2005-08-31 04:20 122940]

“SynTPEnh”=“C:\Program Files\Synaptics\SynTP\SynTPEnh.exe” [2005-11-10 19:04 761945]

“igfxtray”=“C:\WINDOWS\system32\igfxtray.exe” [2006-03-23 13:17 94208]

“igfxhkcmd”=“C:\WINDOWS\system32\hkcmd.exe” [2006-03-23 13:13 77824]

“igfxpers”=“C:\WINDOWS\system32\igfxpers.exe” [2006-03-23 13:17 118784]

“hpWirelessAssistant”=“C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe” [2006-02-14 09:49 454656]

“ccApp”=“c:\Program Files\Common Files\Symantec Shared\ccApp.exe” [2007-03-01 11:29 52840]

“CognizanceTS”=“C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll” [2003-12-22 19:12 17920]

“QlbCtrl”=“C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe” [2006-03-02 14:39 131072]

“Cpqset”=“C:\Program Files\HPQ\Default Settings\cpqset.exe” [2006-02-22 07:03 40960]

“Recguard”=“C:\WINDOWS\Sminst\Recguard.exe” [2005-12-20 14:51 1187840]

“Reminder”=“C:\WINDOWS\Creator\Remind_XP.exe” [2006-01-23 15:11 802816]

“Scheduler”=“C:\WINDOWS\SMINST\Scheduler.exe” [2006-02-15 14:43 892928]

“WatchDog”=“C:\Program Files\InterVideo\DVD Check\DVDCheck.exe” [2005-11-08 10:59 184320]

“QuickTime Task”=“C:\Program Files\QuickTime\qttask.exe” [2006-10-25 18:58 282624]

“DAEMON Tools-1033”=“C:\Program Files\D-Tools\daemon.exe” [2004-08-22 16:05 81920]

“ISUSPM Startup”=“C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe” [2004-07-27 15:50 221184]

“ISUSScheduler”=“C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe” [2004-07-27 15:50 81920]

“StatusClient”=“C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe” [2002-12-16 15:51 36864]

“TomcatStartup”=“C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe” [2003-03-31 18:28 155648]

“WOOWATCH”=“C:\PROGRA~1\NEOSTR~1\Watch.exe” [2004-08-23 14:49 20480]

“WOOTASKBARICON”=“C:\PROGRA~1\NEOSTR~1\GestMaj.exe” [2004-10-14 16:55 32768]

“iTunesHelper”=“C:\Program Files\iTunes\iTunesHelper.exe” [2006-10-30 09:36 256576]

“WinampAgent”=“C:\Program Files\Winamp\winampa.exe” [2006-11-21 18:38 35328]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-04 09:00 15360]

C:\Documents and Settings\admin\Menu Start\Programy\Autostart\

Picture Motion Browser Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-06-06 20:37:08 344064]

Rejestrowanie produkt˘w Corela.lnk - C:\Program Files\Corel\Graphics9\Register\Remind32.exe [2007-07-16 20:31:58 67584]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\

Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696]

BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-02-15 15:16:02 581693]

DVD Check.lnk - C:\Program Files\InterVideo\DVD Check\DVDCheck.exe [2006-08-08 11:29:51 184320]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]

C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll 2005-07-25 19:41 40960 C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll

R2 ASChannel;Local Communication Channel;C:\WINDOWS\System32\svchost.exe [2004-08-04 09:00]

R2 Harmonogram automatycznej usługi LiveUpdate;Harmonogram automatycznej usługi LiveUpdate;“C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe” [2006-08-03 16:40]

S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\system32\Drivers\e4ldr.sys [2006-09-15 11:07]

S3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\system32\DRIVERS\e4usbaw.sys [2006-09-19 11:03]

S4 Beeidi;Beeidi;C:\WINDOWS\system32\drivers\arp1394.sys [2004-08-04 09:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

Cognizance REG_MULTI_SZ ASChannel

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{735b6422-edbe-11db-bf3c-001302654fbb}]

\Shell\AutoRun\command - H:\USBNB.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{8f149120-458c-11dc-bfd0-0016417d3942}]

\Shell\AutoRun\command - G:\LaunchU3.exe -a

*Newly Created Service* - COMHOST

.

Contents of the ‘Scheduled Tasks’ folder

“2007-12-14 12:36:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job”

  • C:\Program Files\Apple Software Update\SoftwareUpdate.exe

“2007-12-14 21:48:04 C:\WINDOWS\Tasks\Norton AntiVirus - Uruchom pełne skanowanie systemu - admin.job”

#12

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED!

  • co to oznacza?

Próbowałam ostatnio stwrzyć płyty odzyskiwania, komputer podziękował mi przy 6 płycie twierdząc, że moje DVD jest gotowe. Wkładałam płyty CD, wg informacji podanych na poczatku powinno być ich 12. Czy w związku z tym nie mogę przywracać systemu i ustalać punktów przywracania?