Komp sie muli, nowe dziwne procesy, zawiechy,spowolniony net

YaSiErS · 1 Czerwiec 2007 08:24

Tak jak w temacie. Od paru dni mam komputer w tym stanie:/

Logi:

“Silent Runners.vbs”, revision R50, http://www.silentrunners.org/ Operating System: Windows 2000 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “internat.exe” = “internat.exe” [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “SiS Tray” = “C:\WINNT\system32\sistray.EXE” [“Silicon Integrated Systems Corporation”] “SiS KHooker” = “C:\WINNT\system32\khooker.exe” [“Silicon Integrated Systems Corporation”] “Zone Labs Client” = “C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe” [“Zone Labs, LLC”] “Synchronization Manager” = “mobsync.exe /logon” [MS] “avgnt” = ““C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe” /min” [“Avira GmbH”] “SunJavaUpdateSched” = “C:\Program Files\Java\jre1.5.0\bin\jusched.exe” [“Sun Microsystems, Inc.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM…CLSID} = “AcroIEHlprObj Class” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx” [empty string] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINNT\system32\hticons.dll” [“Hilgraeve, Inc.”] “{E6FB5E20-DE35-11CF-9C87-00AA005127ED}” = “WebCheck” -> {HKLM…CLSID} = “WebCheck” \InProcServer32(Default) = “C:\WINNT\system32\dllcache\checkweb.dll” [null data] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] “{45AC2688-0253-4ED8-97DE-B5370FA7D48A}” = “Shell Extension for Malware scanning” -> {HKLM…CLSID} = “Shell Extension for Malware scanning” \InProcServer32(Default) = “C:\Program Files\AntiVir PersonalEdition Classic\shlext.dll” [“H+BEDV Datentechnik GmbH”] HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ “WebCheck” = “{E6FB5E20-DE35-11CF-9C87-00AA005127ED}” -> {HKLM…CLSID} = “WebCheck” \InProcServer32(Default) = “C:\WINNT\system32\dllcache\checkweb.dll” [null data] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ Shell Extension for Malware scanning(Default) = “{45AC2688-0253-4ED8-97DE-B5370FA7D48A}” -> {HKLM…CLSID} = “Shell Extension for Malware scanning” \InProcServer32(Default) = “C:\Program Files\AntiVir PersonalEdition Classic\shlext.dll” [“H+BEDV Datentechnik GmbH”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ Shell Extension for Malware scanning(Default) = “{45AC2688-0253-4ED8-97DE-B5370FA7D48A}” -> {HKLM…CLSID} = “Shell Extension for Malware scanning” \InProcServer32(Default) = “C:\Program Files\AntiVir PersonalEdition Classic\shlext.dll” [“H+BEDV Datentechnik GmbH”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be enabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ “Wallpaper” = “C:\Documents and Settings\Default User\Pulpit\Picts\tajpeta.jpg” Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\Program Files\SiS630_730_V2.08d\utility\setup.bmp” Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\rnr20.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\msafd.dll [MS], 01 - 03, 06 - 13 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ “MenuText” = “Sun Java Console” “CLSIDExtension” = “{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC}” -> {HKLM…CLSID} = “Java Plug-in 1.5.0” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll” [“Sun Microsystems, Inc.”] Miscellaneous IE Hijack Points ------------------------------ C:\WINNT\INF\IERESET.INF (used to “Reset Web Settings”) Missing lines (compared with English-language version): [DeleteAutosearch.reg]: 1 line Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Alternative User Input Services, Ctfmon, ““C:\WINNT\ctfmon.exe”” [null data] AntiVir PersonalEdition Classic Guard, AntiVirService, “C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe” [“AVIRA GmbH”] AntiVir PersonalEdition Classic Scheduler, AntiVirScheduler, “C:\Program Files\AntiVir PersonalEdition Classic\sched.exe” [“Avira GmbH”] LexBce Server, LexBceS, “C:\WINNT\system32\LEXBCES.EXE” [“Lexmark International, Inc.”] System zdarzeń COM+, EventSystem, “C:\WINNT\system32\svchost.exe -k netsvcs” {“C:\WINNT\system32\es.dll” [null data]} TrueVector Internet Monitor, vsmon, “C:\WINNT\system32\ZoneLabs\vsmon.exe -service” [“Zone Labs, LLC”] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ Lexmark Network Port\Driver = “LEXLMPM.DLL” [“Lexmark International, Inc.”] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 276 seconds. ---------- (total run time: 475 seconds)

L2MFIX find log 051206 These are the registry keys present ********************************************************************************** Winlogon/notify: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] “Asynchronous”=dword:00000000 “Impersonate”=dword:00000000 “DllName”=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 “Logoff”=“ChainWlxLogoffEvent” [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] “Asynchronous”=dword:00000000 “Impersonate”=dword:00000000 “DllName”=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 “Logoff”=“CryptnetWlxLogoffEvent” [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] “DLLName”=“cscdll.dll” “Logon”=“WinlogonLogonEvent” “Logoff”=“WinlogonLogoffEvent” “ScreenSaver”=“WinlogonScreenSaverEvent” “Startup”=“WinlogonStartupEvent” “Shutdown”=“WinlogonShutdownEvent” “StartShell”=“WinlogonStartShellEvent” “Impersonate”=dword:00000000 “Asynchronous”=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] “Logoff”=“WLEventLogoff” “Impersonate”=dword:00000000 “Asynchronous”=dword:00000001 “DllName”=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] “DLLName”=“WlNotify.dll” “Lock”=“SensLockEvent” “Logon”=“SensLogonEvent” “Logoff”=“SensLogoffEvent” “Safe”=dword:00000001 “MaxWait”=dword:00000258 “StartScreenSaver”=“SensStartScreenSaverEvent” “StopScreenSaver”=“SensStopScreenSaverEvent” “Startup”=“SensStartupEvent” “Shutdown”=“SensShutdownEvent” “StartShell”=“SensStartShellEvent” “Unlock”=“SensUnlockEvent” “Impersonate”=dword:00000001 “Asynchronous”=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif] “DLLName”=“wzcdlg.dll” “Logon”=“WZCEventLogon” “Logoff”=“WZCEventLogoff” “Impersonate”=dword:00000000 “Asynchronous”=dword:00000000 ********************************************************************************** useragent: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] ********************************************************************************** Shell Extension key: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] “{00022613-0000-0000-C000-000000000046}”=“Karta waciwoci pliku multimedialnego” “{176d6597-26d3-11d1-b350-080036a75b03}”=“ZarzĄdzanie skanerem ICM” “{1F2E5C40-9550-11CE-99D2-00AA006E086C}”=“Strona zabezpieczeä NTFS” “{3EA48300-8CF6-101B-84FB-666CCB9BCD32}”=“Strona waciwoci OLE Docfile” “{40dd6e20-7c17-11ce-a804-00aa003ca9f6}”=“Rozszerzenia powoki dla udost©pniania zasob˘w” “{41E300E0-78B6-11ce-849B-444553540000}”=“Rozszerzenie CPL pakietu PlusPack” “{42071712-76d4-11d1-8b24-00a0c9068ff3}”=“Rozszerzenie CPL karty graficznej” “{42071713-76d4-11d1-8b24-00a0c9068ff3}”=“Rozszerzenie CPL monitora wywietlania” “{42071714-76d4-11d1-8b24-00a0c9068ff3}”=“Rozszerzenie CPL kadrowania wywietlania” “{4E40F770-369C-11d0-8922-00A024AB2DBB}”=“Strona zabezpieczeä usugi DS” “{56117100-C0CD-101B-81E2-00AA004AE837}”=“Program obsugi danych wycinkowych powoki” “{59099400-57FF-11CE-BD94-0020AF85B590}”=“Rozszerzenie Disc Copy” “{59be4990-f85c-11ce-aff7-00aa003ca9f6}”=“Rozszerzenia powoki dla obiekt˘w Microsoft Windows Network” “{5DB2625A-54DF-11D0-B6C4-0800091AA605}”=“ZarzĄdzanie monitorem ICM” “{675F097E-4C4D-11D0-B6C1-0800091AA605}”=“ZarzĄdzanie drukarkĄ ICM” “{764BF0E1-F219-11ce-972D-00AA00A14F56}”=“Rozszerzenia powoki dla kompresji plik˘w” “{77597368-7b15-11d0-a0c2-080036af3f03}”=“Rozszerzenie powoki drukarek sieci Web” “{7988B573-EC89-11cf-9C00-00AA00A14F56}”=“Disk Quota UI” “{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}”=“Menu kontekstowe szyfrowania” “{85BBD920-42A0-1069-A2E4-08002B30309D}”=“Akt˘wka” “{88895560-9AA2-1069-930E-00AA0030EBC8}”=“Rozszerzenie ikony HyperTerminalu” “{BD84B380-8CA2-1069-AB1D-08000948F534}”=“Fonts” “{DBCE2480-C732-101B-BE72-BA78E9AD5B27}”=“Profil ICC” “{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}”=“Strona zabezpieczeä drukarek” “{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}”=“Rozszerzenia powoki dla udost©pniania zasob˘w” “{f92e8c40-3d33-11d2-b1aa-080036a75b03}”=“Display TroubleShoot CPL Extension” “{60254CA5-953B-11CF-8C96-00AA00B8708C}”=“Rozszerzenia powoki dla hosta skrypt˘w systemu Windows” “{7444C717-39BF-11D1-8CD9-00C04FC29D45}”=“Rozszerzenie Crypto PKO” “{7444C719-39BF-11D1-8CD9-00C04FC29D45}”=“Rozszerzenie Crypto Sign” “{7007ACC7-3202-11D1-AAD2-00805FC1270E}”=“PoĄczenia sieciowe i telefoniczne” “{EFA24E61-B078-11d0-89E4-00C04FC9E26E}”=“Favorites Band” “{0A89A860-D7B1-11CE-8350-444553540000}”=“Shell Automation Inproc Service” “{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}”=“Shell DocObject Viewer” “{FBF23B40-E3F0-101B-8488-00AA003E56F8}”=“InternetShortcut” “{3C374A40-BAE4-11CF-BF7D-00AA006946EE}”=“Microsoft Url History Service” “{FF393560-C2A7-11CF-BFF4-444553540000}”=“Historia” “{7BD29E00-76C1-11CF-9DD0-00A0C9034933}”=“Tymczasowe pliki internetowe” “{CFBFAE00-17A6-11D0-99CB-00C04FD64497}”=“Microsoft Url Search Hook” “{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}”=“Ekran powitalny pakietu IE4” “{67EA19A0-CCEF-11d0-8024-00C04FD75D13}”=“CDF Extension Copy Hook” “{131A6951-7F78-11D0-A979-00C04FD705A2}”=“ISFBand OC” “{9461b922-3c5a-11d2-bf8b-00c04fb93661}”=“Search Assistant OC” “{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}”=“Internet” “{871C5380-42A0-1069-A2EA-08002B30309D}”=“Internet Name Space” “{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}”=“Tasks Folder Icon Handler” “{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}”=“Tasks Folder Shell Extension” “{D6277990-4C6A-11CF-8D87-00AA0060F5BF}”=“Zaplanowane zadania” “{1A9BA3A0-143A-11CF-8350-444553540000}”=“Folder Ulubione powoki” “{20D04FE0-3AEA-1069-A2D8-08002B30309D}”=“M˘j komputer” “{86747AC0-42A0-1069-A2E6-08002B30309D}”=“Folder Akt˘wka” “{0AFACED1-E828-11D1-9187-B532F1E9575D}”=“Skr˘t folderu” “{12518493-00B2-11d2-9FA5-9E3420524153}”=“Wolumin zainstalowany” “{21B22460-3AEA-1069-A2DC-08002B30309D}”=“Rozszerzenie strony waciwoci pliku” “{B091E540-83E3-11CF-A713-0020AFD79762}”=“Strona typ˘w plik˘w” “{FBF23B41-E3F0-101B-8488-00AA003E56F8}”=“Przechwytywanie plik˘w typu MIME” “{C2FBB630-2971-11d1-A18C-00C04FD75D13}”=“Usuga Microsoft CopyTo” “{C2FBB631-2971-11d1-A18C-00C04FD75D13}”=“Usuga Microsoft MoveTo” “{13709620-C279-11CE-A49E-444553540000}”=“Usuga automatyzacji powoki” “{62112AA1-EBE4-11cf-A5FB-0020AFE7292D}”=“Widok folderu automatyzacji powoki” “{4622AD11-FF23-11d0-8D34-00A0C90F2719}”=“Menu Start” “{7BA4C740-9E81-11CF-99D3-00AA004AE837}”=“Usuga Microsoft SendTo” “{D969A300-E7FF-11d0-A93B-00A0C90F2719}”=“Usuga Microsoft New Object” “{09799AFB-AD67-11d1-ABCD-00C04FC30936}”=“Obsuga menu kontekstowego “Otw˘rz z”” “{3FC0B520-68A9-11D0-8D77-00C04FD70822}”=“Wywietlaj rozszerzenia HTML Panelu sterowania” “{75048700-EF1F-11D0-9888-006097DEACF9}”=“ActiveDesktop” “{6D5313C0-8C62-11D1-B2CD-006097DF8C11}”=“Rozszerzenie strony waciwoci Opcje folder˘w” “{57651662-CE3E-11D0-8D77-00C04FC99D61}”=“CmdFileIcon” “{4657278A-411B-11d2-839A-00C04FD918D0}”=“Pomocnik dla operacji przeciĄgania i upuszczania powoki” “{A470F8CF-A1E8-4f65-8335-227475AA5C46}”=“Dodaj opcj© szyfrowania do menu kontekstowych w Eksploratorze” “{5E6AB780-7743-11CF-A12B-00AA004AE837}”=“Microsoft Internet Toolbar” “{22BF0C20-6DA7-11D0-B373-00A0C9034938}”=“Download Status” “{568804CA-CBD7-11d0-9816-00C04FD91972}”=“Menu Shell Folder” “{5b4dae26-b807-11d0-9815-00c04fd91972}”=“Menu Band” “{8278F931-2A3E-11d2-838F-00C04FD918D0}”=“Tracking Shell Menu” “{E13EF4E4-D2F2-11d0-9816-00C04FD91972}”=“Menu Site” “{ECD4FC4F-521C-11D0-B792-00A0C90312E1}”=“Menu Desk Bar” “{91EA3F8B-C99B-11d0-9815-00C04FD91972}”=“Augmented Shell Folder” “{6413BA2C-B461-11d1-A18A-080036B11A03}”=“Augmented Merge Shell Folder” “{F61FFEC1-754F-11d0-80CA-00AA005B4383}”=“BandProxy” “{D82BE2B0-5764-11D0-A96E-00C04FD705A2}”=“IShellFolderBand” “{7BA4C742-9E81-11CF-99D3-00AA004AE837}”=“Microsoft BrowserBand” “{30D02401-6A81-11d0-8274-00C04FD5AE38}”=“Microsoft SearchBand” “{169A0691-8DF9-11d1-A1C4-00C04FD75D13}”=“In-pane search” “{07798131-AF23-11d1-9111-00A0C98BA67D}”=“Web Search” “{0E5CBF21-D15F-11d0-8301-00AA005B4383}”="&Links" “{AF4F6510-F982-11d0-8595-00AA004CD6D8}”=“Registry Tree Options Utility” “{01E04581-4EEE-11d0-BFE9-00AA005B4383}”="&Address" “{A08C11D2-A228-11d0-825B-00AA005B4383}”=“Address EditBox” “{00BB2763-6A77-11D0-A535-00C04FD7D062}”=“Microsoft AutoComplete” “{7487cd30-f71a-11d0-9ea7-00805f714772}”=“Thumbnail Image” “{7376D660-C583-11d0-A3A5-00C04FD706EC}”=“TridentImageExtractor” “{6756A641-DE71-11d0-831B-00AA005B4383}”=“MRU AutoComplete List” “{00BB2764-6A77-11D0-A535-00C04FD7D062}”=“Microsoft History AutoComplete List” “{03C036F1-A186-11D0-824A-00AA005B4383}”=“Microsoft Shell Folder AutoComplete List” “{00BB2765-6A77-11D0-A535-00C04FD7D062}”=“Microsoft Multiple AutoComplete List Container” “{ECD4FC4E-521C-11D0-B792-00A0C90312E1}”=“Shell Band Site Menu” “{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}”=“Shell DeskBarApp” “{ECD4FC4C-521C-11D0-B792-00A0C90312E1}”=“Shell DeskBar” “{ECD4FC4D-521C-11D0-B792-00A0C90312E1}”=“Shell Rebar BandSite” “{DD313E04-FEFF-11d1-8ECD-0000F87A470C}”=“User Assist” “{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}”=“Global Folder Settings” “{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}”=“Sendmail service” “{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}”=“Sendmail service” “{88C6C381-2E85-11D0-94DE-444553540000}”=“Folder pami©ci podr©cznej ActiveX” “{E6FB5E20-DE35-11CF-9C87-00AA005127ED}”=“WebCheck” “{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}”=“Subscription Mgr” “{F5175861-2688-11d0-9C5E-00AA00A45957}”=“Subscription Folder” “{08165EA0-E946-11CF-9C87-00AA005127ED}”=“WebCheckWebCrawler” “{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}”=“WebCheckChannelAgent” “{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}”=“TrayAgent” “{7D559C10-9FE9-11d0-93F7-00AA0059CE02}”=“Code Download Agent” “{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}”=“ConnectionAgent” “{D8BD2030-6FC9-11D0-864F-00AA006809D9}”=“PostAgent” “{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}”=“WebCheck SyncMgr Handler” “{8BEBB290-52D0-11D0-B7F4-00C04FD706EC}”=“Miniatury” “{EAB841A0-9550-11CF-8C16-00805F1408F3}”=“Rozpakowywacz miniatur HTML” “{1AEB1360-5AFC-11D0-B806-00C04FD706EC}”=“Rozpakowywacz miniatur filtr˘w graficznych Office” “{9DBD2C50-62AD-11D0-B806-00C04FD706EC}”=“Informacje podsumowujĄce obsugi miniatur (DOCFILES)” “{500202A0-731E-11D0-B829-00C04FD706EC}”=“Obsuga interfejsu miniatur plik˘w typu LNK” “{352EC2B7-8B9A-11D1-B8AE-006008059382}”=“Menedľer aplikacji powoki” “{0B124F8C-91F0-11D1-B8B5-006008059382}”=“Wyliczanie zainstalowanych aplikacji” “{CFCCC7A0-A282-11D1-9082-006008059382}”=“Darwin App Publisher” “{f39a0dc0-9cc8-11d0-a599-00c04fd64433}”=“Plik kanau” “{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}”=“Skr˘t kanau” “{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}”=“Obiekt obsugi kanau” “{f3da0dc0-9cc8-11d0-a599-00c04fd64437}”=“Channel Menu” “{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}”=“Channel Properties” “{fe1290f0-cfbd-11cf-a330-00aa00c16e65}”=“Directory Namespace” “{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}”=“Shell properties for a DS object” “{8A23E65E-31C2-11d0-891C-00A024AB2DBB}”=“Directory Query UI” “{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}”=“Directory Object Find” “{F020E586-5264-11d1-A532-0000F8757D7E}”=“Directory Start/Search Find” “{0D45D530-764B-11d0-A1CA-00AA00C16E65}”=“Directory Property UI” “{62AE1F9A-126A-11D0-A14B-0800361B1103}”=“Directory Context Menu Verbs” “{450D8FBA-AD25-11D0-98A8-0800361B1103}”=“MyDocs Folder” “{ECF03A33-103D-11d2-854D-006008059367}”=“MyDocs Copy Hook” “{ECF03A32-103D-11d2-854D-006008059367}”=“MyDocs Drop Target” “{4a7ded0a-ad25-11d0-98a8-0800361b1103}”=“MyDocs Properties” “{750fdf0e-2a26-11d1-a3ea-080036587f03}”=“Menu plik˘w trybu offline” “{10CFC467-4392-11d2-8DB4-00C04FA31A66}”=“Opcje folderu plik˘w trybu offline” “{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}”=“Folder plik˘w trybu offline” “{7A80E4A8-8005-11D2-BCF8-00C04F72C717}”=“MMC Icon Handler” “{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}”=".CAB file viewer" “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”=“WinRAR shell extension” “{45AC2688-0253-4ED8-97DE-B5370FA7D48A}”=“Shell Extension for Malware scanning” ********************************************************************************** HKEY ROOT CLASSIDS: ********************************************************************************** Files Found are not all bad files: C:\WINNT\SYSTEM32\ cmdlin~1.dll Sat 2007-05-19 15:38:00 A… 43 520 42,50 K px.dll Thu 2007-03-08 1:51:00 … 547 576 534,74 K pxafs.dll Thu 2007-03-08 1:51:00 … 129 784 126,74 K pxdrv.dll Thu 2007-03-08 1:51:00 … 510 712 498,74 K pxmas.dll Thu 2007-03-08 1:51:00 … 187 128 182,74 K pxsfs.dll Thu 2007-03-08 1:51:00 … 1 628 920 1,55 M pxwave.dll Thu 2007-03-08 1:51:00 … 379 640 370,74 K vxblock.dll Thu 2007-03-08 1:51:00 … 39 672 38,74 K 8 items found: 8 files, 0 directories. Total of file sizes: 3 466 952 bytes 3,30 M Locate .tmp files: No matches found. ********************************************************************************** Directory Listing of system files: Wolumin w stacji C nie ma etykiety. Numer seryjny woluminu: B451-F89D Katalog: C:\WINNT\System32 2007-06-01 06:13 0 plik(˘w) 0 bajt˘w 1 katalog(˘w) 29˙511˙176˙192 bajt˘w wolnych

Logfile of HijackThis v1.99.1 Scan saved at 10:14:09, on 2007-06-01 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v5.00 SP4 (5.00.2920.0000) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\LEXBCES.EXE C:\WINNT\system32\spoolsv.exe C:\WINNT\system32\LEXPPS.EXE C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\WINNT\ctfmon.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\Explorer.EXE c:\xlaxdjax.exe C:\WINNT\system32\sistray.EXE C:\WINNT\system32\khooker.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Java\jre1.5.0\bin\jusched.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\internat.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\ZoneLabs\vsmon.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE D:\Programs\hijackthis_199\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O4 - HKLM…\Run: [siS Tray] C:\WINNT\system32\sistray.EXE O4 - HKLM…\Run: [siS KHooker] C:\WINNT\system32\khooker.exe O4 - HKLM…\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM…\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM…\Run: [avgnt] “C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe” /min O4 - HKLM…\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe O4 - HKCU…\Run: [internat.exe] internat.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) - http://67.15.101.3/g_bin/pl/snooker_2_0_0_31.cab O17 - HKLM\System\CCS\Services\Tcpip…{07DA49ED-2BCB-4735-A652-F0B0C7CC5911}: NameServer = 217.30.129.149,217.30.137.200 O17 - HKLM\System\CS1\Services\Tcpip…{07DA49ED-2BCB-4735-A652-F0B0C7CC5911}: NameServer = 217.30.129.149,217.30.137.200 O17 - HKLM\System\CS2\Services\Tcpip…{07DA49ED-2BCB-4735-A652-F0B0C7CC5911}: NameServer = 217.30.129.149,217.30.137.200 O23 - Service: 72084 - Unknown owner - \87.105.217.234\Admin$\eraseme_51602.exe (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Alternative User Input Services (Ctfmon) - Unknown owner - C:\WINNT\ctfmon.exe O23 - Service: Usługa administracyjna Menedżera dysków logicznych (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe

sdar · 1 Czerwiec 2007 08:36

Takie “porady” zachowaj dla siebie. :evil:

Gutek · 1 Czerwiec 2007 11:44

Start >>> Uruchom >>> services.msc >>> zatrzymaj i wyłącz 72084 , a plik zaznaczony na czerwono usuń ręcznie.

Daj log z Combofix

YaSiErS · 1 Czerwiec 2007 17:58

72084 -wylaczony

Mam tylko powazny problem z xlaxdjax.exe. Dokladniej, okazuje się iż on nie istnieje. Po prostu fizycznie nie ma go na dysku. Nie jest ukryty ani systemowy, gdyż mam włączone wyświetlanie takich plików. Nawet wyszukiwanie nie daje zadnych rezultatow. Choć na przekór temu wszystkiemu proces ten włącza sie zawsze na pare pierwszych minut po starcie systemu i nie mozna nic zrobić gdyż straszliwie zamula.

Moze jakis inny sposob??

Mimo tego dam log:

“pogromca” - 2007-06-01 19:53:14 Service Pack 4 ComboFix 07-05.27.BV - Running from: “D:\Programs” (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) “C:\WINNT\ctfmon.exe” “C:\Program Files\video access activex object” ((((((((((((((((((((((((((((((( Files Created from 2007-05-01 to 2007-06-01 )))))))))))))))))))))))))))))))))) 2007-06-01 19:09 2007-06-01 12:35 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_748.dat 2007-06-01 12:34 740,442 --a------ C:\WINNT\system32\divx.dll 2007-06-01 12:34 73,728 --a------ C:\WINNT\system32\dpl100.dll 2007-06-01 12:34 593,920 --a------ C:\WINNT\system32\xvidcore.dll 2007-06-01 12:34 3,596,288 --a------ C:\WINNT\system32\qt-dx331.dll 2007-06-01 12:34 217,088 --a------ C:\WINNT\system32\yv12vfw.dll 2007-06-01 12:34 180,224 --a------ C:\WINNT\system32\xvidvfw.dll 2007-06-01 12:34 10,752 --a------ C:\WINNT\system32\ff_vfw.dll 2007-06-01 12:34 1,415,680 --a------ C:\WINNT\system32\wmv9vcm.dll 2007-06-01 12:34 2007-06-01 05:45 2007-06-01 00:24 154,624 --a------ C:\WINNT\eraseme_51602.exe 2007-05-31 23:50 2007-05-31 23:50 2007-05-31 22:11 2007-05-31 22:02 3,723,776 --a------ C:\CJW2K42LP.EXE 2007-05-31 21:55 3,307,008 --a------ C:\CJXP42LE.exe 2007-05-26 09:50 2007-05-26 09:05 2007-05-25 09:35 2007-05-23 16:45 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_3b8.dat 2007-05-23 07:21 2007-05-22 21:28 2007-05-22 18:19 9,464 --------- C:\WINNT\system32\drivers\cdralw2k.sys 2007-05-22 18:19 9,336 --------- C:\WINNT\system32\drivers\cdr4_2k.sys 2007-05-22 18:19 43,528 --------- C:\WINNT\system32\drivers\PxHelp20.sys 2007-05-22 18:19 129,784 --------- C:\WINNT\system32\pxafs.dll 2007-05-20 15:47 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_4f8.dat 2007-05-19 21:32 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_3b4.dat 2007-05-18 06:18 2007-05-14 21:10 2007-05-12 22:29 2007-05-12 12:29 10,345 --a------ C:\WINNT\system32\drivers\hamachi.sys 2007-05-08 15:29 2007-05-02 11:20 2007-05-02 11:20 2007-05-02 08:32 (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-06-01 17:34:35 41,232 ----a-w C:\WINNT\system32\ftp.exe 2007-06-01 17:34:35 17,680 ----a-w C:\WINNT\system32\tftp.exe 2007-06-01 17:23:52 -------- d-----w C:\Program Files\DC++ 2007-06-01 16:38:51 -------- d-----w C:\Program Files\mIRC 2007-05-27 16:30:41 1,956 ----a-w C:\WINNT\system32\d3d8caps.dat 2007-05-25 16:59:09 -------- d-----w C:\Program Files\Winamp 2007-05-25 07:35:33 -------- d–h--w C:\Program Files\InstallShield Installation Information 2007-05-22 19:28:52 -------- d-----w C:\DOCUME~1\pogromca\DANEAP~1\Opera 2007-05-19 22:18:20 2,068 ----a-w C:\WINNT\system32\d3d9caps.dat 2007-05-19 21:57:12 -------- d-----w C:\DOCUME~1\pogromca\DANEAP~1\Xfire 2007-05-19 21:36:06 -------- d-s—w C:\Program Files\Xfire 2007-05-19 13:37:58 43,520 ----a-w C:\WINNT\system32\CmdLineExt03.dll 2007-05-18 21:36:45 -------- d-----w C:\DOCUME~1\pogromca\DANEAP~1\Skype 2007-05-12 10:36:02 -------- d-----w C:\Program Files\Hamachi 2007-05-12 10:11:49 -------- d-----w C:\DOCUME~1\pogromca\DANEAP~1\Hamachi 2007-05-08 16:27:45 2,661 ----a-w C:\WINNT\DIIUnin.dat 2007-04-24 18:36:10 -------- d-----w C:\Program Files\Common Files\Adobe Systems Shared 2007-04-21 21:43:22 4,233 ----a-w C:\WINNT\mozver.dat 2007-04-20 22:30:02 -------- d-----w C:\Program Files\Need For Speed III 2007-04-16 14:53:00 16,384 ----atw C:\WINNT\system32\Perflib_Perfdata_424.dat 2007-04-16 04:24:18 130 ----a-w C:\WINNT\system32\mehjdluu.bat 2007-04-16 04:00:58 106,496 ----a-w C:\WINNT\system32\alkcx.exe 2007-04-16 03:59:40 27,548 ----a-w C:\WINNT\system32\hyovm.exe 2007-04-16 03:50:29 16,384 ----atw C:\WINNT\system32\Perflib_Perfdata_3d8.dat 2007-04-16 03:46:27 126 ----a-w C:\WINNT\system32\fdwz.bat 2007-04-16 03:22:17 106,496 ----a-w C:\WINNT\system32\eszl.exe 2007-04-16 03:22:00 27,548 ----a-w C:\WINNT\system32\qshuz.exe 2007-04-15 16:00:53 27,548 ----a-w C:\WINNT\system32\dbph.exe 2007-04-15 14:56:45 106,496 ----a-w C:\WINNT\system32\yjvf.exe 2007-04-15 14:38:57 27,548 ----a-w C:\WINNT\system32\rrck.exe 2007-04-15 14:21:30 27,548 ----a-w C:\WINNT\system32\ugfyfy.exe 2007-04-15 14:13:28 106,496 ----a-w C:\WINNT\system32\tqlxpqr.exe 2007-04-15 14:12:24 26,694 ----a-w C:\WINNT\system32\yayxvwu.dll.vir 2007-04-15 14:12:21 27,548 ----a-w C:\WINNT\system32\ezfpvyi.exe 2007-04-15 13:57:45 106,496 ----a-w C:\WINNT\system32\twluusvt.exe 2007-04-15 13:57:24 27,548 ----a-w C:\WINNT\system32\sdbdiee.exe 2007-04-15 12:26:13 27,548 ----a-w C:\WINNT\system32\rntx.exe 2007-04-14 19:17:07 106,496 ----a-w C:\WINNT\system32\asckey.exe 2007-04-14 19:16:54 27,548 ----a-w C:\WINNT\system32\veaz.exe 2007-04-14 14:09:49 27,548 ----a-w C:\WINNT\system32\ehdcrf.exe 2007-04-14 14:02:33 27,548 ----a-w C:\WINNT\system32\wlurkbrj.exe 2007-04-14 12:20:57 68,608 —ha-w C:\WINNT\system32\xtnj.exe 2007-04-14 10:33:20 27,548 ----a-w C:\WINNT\system32\ffgytvsw.exe 2007-04-14 04:51:02 16,384 ----atw C:\WINNT\system32\Perflib_Perfdata_3a0.dat 2007-04-13 18:10:31 28,572 ----a-w C:\WINNT\system32\pouwf.exe 2007-04-13 18:01:59 16,384 ----atw C:\WINNT\system32\Perflib_Perfdata_440.dat 2007-04-13 18:01:45 16,384 ----atw C:\WINNT\system32\Perflib_Perfdata_5a0.dat 2007-04-13 16:48:57 -------- d-----w C:\Program Files\Belt Generator 2007-04-13 13:36:37 28,572 ----a-w C:\WINNT\system32\tnajmbvr.exe 2007-04-13 07:25:02 28,572 ----a-w C:\WINNT\system32\cyjrmv.exe 2007-04-13 06:38:12 50,853 —ha-w C:\WINNT\system32\fyixgu.exe 2007-04-13 06:26:24 28,572 ----a-w C:\WINNT\system32\yrxuss.exe 2007-04-12 18:30:39 4 ----a-w C:\WINNT\system32\proc-1262580707.bin 2007-04-12 18:30:39 -------- d-----w C:\DOCUME~1\pogromca\DANEAP~1\GanymedeNet 2007-04-12 17:19:28 106,496 ----a-w C:\WINNT\system32\rbdnt.exe 2007-04-12 08:17:18 50,853 —ha-w C:\WINNT\system32\csrqnm.exe 2007-04-12 08:08:46 28,572 ----a-w C:\WINNT\system32\lqwxpho.exe 2007-04-11 20:01:35 25,088 —ha-w C:\WINNT\system32\nbkfxr.exe 2007-04-11 19:35:46 28,976 ----a-w C:\WINNT\system32\cyjmkehv.exe 2007-04-11 15:32:53 21,048 —ha-w C:\WINNT\system32\gzlvg.exe 2007-04-11 15:32:20 0 ----a-w C:\WINNT\system32\fdd.exe 2007-04-11 15:30:08 41,468 —ha-w C:\WINNT\system32\lbhjnuz.exe 2007-04-11 15:29:18 3,584 —ha-w C:\WINNT\system32\fgsf.exe 2007-04-11 15:23:49 29,388 —ha-w C:\WINNT\system32\glkgznkf.exe 2007-04-11 14:53:39 28,976 ----a-w C:\WINNT\system32\zqstzwkl.exe 2007-04-11 13:56:03 50,853 —ha-w C:\WINNT\system32\pgtv.exe 2007-04-11 13:32:30 28,976 ----a-w C:\WINNT\system32\qqdwgb.exe 2007-04-11 06:10:42 28,976 ----a-w C:\WINNT\system32\qgavk.exe 2007-04-10 10:26:22 28,976 ----a-w C:\WINNT\system32\sdmx.exe 2007-04-10 10:08:14 50,853 —ha-w C:\WINNT\system32\drnph.exe 2007-04-10 09:53:04 106,496 ----a-w C:\WINNT\system32\vhrfo.exe 2007-04-10 09:52:49 28,976 ----a-w C:\WINNT\system32\gpjqad.exe 2007-04-09 22:15:25 25,600 ----a-w C:\WINNT\system32\issul.exe 2007-04-09 18:16:28 25,600 ----a-w C:\WINNT\system32\rofyhh.exe 2007-04-09 17:53:29 120 ----a-w C:\WINNT\system32\jwia.bat 2007-04-09 17:42:02 106,496 ----a-w C:\WINNT\system32\ipeubypx.exe 2007-04-09 17:40:44 25,600 ----a-w C:\WINNT\system32\wqihjc.exe 2007-04-09 16:23:26 106,496 ----a-w C:\WINNT\system32\bhwj.exe 2007-04-09 16:23:10 25,600 ----a-w C:\WINNT\system32\ulinfk.exe 2007-04-09 13:10:38 287 ----a-w C:\WINNT\EReg072.dat 2007-04-09 12:31:37 106,496 ----a-w C:\WINNT\system32\lsaemsnp.exe 2007-04-09 12:31:18 25,600 ----a-w C:\WINNT\system32\xmehf.exe 2007-04-09 09:12:51 25,600 ----a-w C:\WINNT\system32\thkxe.exe 2007-04-08 22:41:03 -------- d-----w C:\Program Files\Gadu-Gadu 2007-04-08 22:36:56 106,496 ----a-w C:\WINNT\system32\mmfmf.exe 2007-04-08 22:36:49 31,696 ----a-w C:\WINNT\system32\lbeccvhp.exe 2007-04-08 20:45:40 31,696 ----a-w C:\WINNT\system32\bnxk.exe 2007-04-08 20:34:10 106,496 ----a-w C:\WINNT\system32\oxrcneoo.exe 2007-04-08 20:34:03 31,696 ----a-w C:\WINNT\system32\obxriidz.exe 2007-04-08 20:08:40 106,496 ----a-w C:\WINNT\system32\qzidb.exe 2007-04-08 20:08:33 31,696 ----a-w C:\WINNT\system32\zgmbomxc.exe 2007-04-08 13:45:29 31,696 ----a-w C:\WINNT\system32\vyyx.exe 2007-04-08 13:36:23 31,696 ----a-w C:\WINNT\system32\ublkmx.exe 2007-04-08 13:12:14 31,696 ----a-w C:\WINNT\system32\wknar.exe 2007-04-08 09:27:40 30,000 ----a-w C:\WINNT\system32\eikbghv.exe 2007-04-07 22:04:44 30,000 ----a-w C:\WINNT\system32\tmpq.exe 2007-04-07 19:52:12 30,000 ----a-w C:\WINNT\system32\qzybhvs.exe 2007-04-07 19:42:00 30,000 ----a-w C:\WINNT\system32\zcssh.exe 2007-04-07 15:37:22 -------- d-----w C:\Program Files\Real Alternative 2007-04-07 15:37:09 -------- d-----w C:\Program Files\Media Player Classic 2007-04-07 15:37:05 -------- d-----w C:\DOCUME~1\pogromca\DANEAP~1\Real 2007-04-07 14:08:16 30,000 ----a-w C:\WINNT\system32\azddhqf.exe 2007-04-07 09:28:33 -------- d-----w C:\Program Files\eMule 2007-04-07 09:28:16 -------- d-----w C:\Program Files\BitTorrent 2007-04-07 09:04:34 30,000 ----a-w C:\WINNT\system32\sdeu.exe 2007-04-07 08:22:29 30,000 ----a-w C:\WINNT\system32\cyhuvpbt.exe 2007-04-07 06:55:12 30,000 ----a-w C:\WINNT\system32\izptsbp.exe 2007-04-06 17:37:15 50,853 —ha-w C:\WINNT\system32\wmxkaqmc.exe 2007-04-06 17:12:10 30,000 ----a-w C:\WINNT\system32\yorw.exe 2007-04-06 16:52:42 30,000 ----a-w C:\WINNT\system32\jmwkd.exe 2007-04-06 15:43:47 30,000 ----a-w C:\WINNT\system32\biuijb.exe 2007-04-06 07:58:35 30,000 ----a-w C:\WINNT\system32\xyieeq.exe 2007-04-06 04:05:00 30,000 ----a-w C:\WINNT\system32\slnnoa.exe 2007-04-05 10:00:40 30,000 ----a-w C:\WINNT\system32\dzsva.exe 2007-04-05 09:06:50 30,000 ----a-w C:\WINNT\system32\arfcmt.exe 2007-04-05 08:10:48 30,000 ----a-w C:\WINNT\system32\xybjzwj.exe 2007-04-05 07:47:39 30,000 ----a-w C:\WINNT\system32\logmm.exe 2007-04-05 06:00:02 30,000 ----a-w C:\WINNT\system32\atwvyvi.exe 2007-04-05 04:29:36 30,000 ----a-w C:\WINNT\system32\jiswj.exe 2007-04-04 16:15:46 29,648 ----a-w C:\WINNT\system32\qqnv.exe 2007-04-04 10:43:43 29,648 ----a-w C:\WINNT\system32\chylt.exe 2007-04-04 09:43:50 48,828 —ha-w C:\WINNT\system32\btujqd.exe 2007-04-04 03:51:57 29,648 ----a-w C:\WINNT\system32\nvovj.exe 2007-04-03 04:29:01 29,648 ----a-w C:\WINNT\system32\jcubrda.exe 2007-04-02 14:33:26 130 ----a-w C:\WINNT\system32\hxcikpyb.bat 2007-04-02 11:04:42 29,648 ----a-w C:\WINNT\system32\bgphcnyz.exe 2007-04-02 10:17:07 50,853 —ha-w C:\WINNT\system32\lgmdf.exe 2007-04-02 09:33:41 29,648 ----a-w C:\WINNT\system32\mhrmwcx.exe 2007-04-02 05:40:27 29,648 ----a-w C:\WINNT\system32\mrjspzc.exe 2007-04-01 17:11:02 50,853 —ha-w C:\WINNT\system32\btaqo.exe 2007-04-01 17:00:02 29,648 ----a-w C:\WINNT\system32\ijqprbu.exe 2007-04-01 15:59:27 57,856 ----a-w C:\WINNT\system32\lpogucxm.exe 2007-04-01 15:59:10 29,648 ----a-w C:\WINNT\system32\vaauzyk.exe 2007-04-01 12:45:08 50,853 —ha-w C:\WINNT\system32\kmfnwg.exe 2007-04-01 12:08:45 29,648 ----a-w C:\WINNT\system32\ogjhhdkw.exe 2007-03-31 19:15:08 23,280 ----a-w C:\WINNT\system32\rbeury.exe 2007-03-31 13:58:56 23,280 ----a-w C:\WINNT\system32\fxcici.exe 2007-03-31 09:29:12 23,280 ----a-w C:\WINNT\system32\gmtsxw.exe 2007-03-31 08:01:53 23,280 ----a-w C:\WINNT\system32\rwote.exe 2007-03-31 06:53:59 23,280 ----a-w C:\WINNT\system32\zysqmrht.exe 2007-03-31 04:21:10 57,856 ----a-w C:\WINNT\system32\pfgcjmrh.exe 2007-03-31 04:20:51 23,280 ----a-w C:\WINNT\system32\uprj.exe 2007-03-30 19:49:50 23,280 ----a-w C:\WINNT\system32\huasad.exe 2007-03-30 18:29:26 57,856 ----a-w C:\WINNT\system32\lvatqm.exe 2007-03-30 18:29:16 23,280 ----a-w C:\WINNT\system32\rrkxebob.exe 2007-03-30 18:26:46 75,776 —ha-w C:\WINNT\system32\rirgth.exe 2007-03-30 15:48:34 23,280 ----a-w C:\WINNT\system32\fsibk.exe 2007-03-30 15:26:58 127 ----a-w C:\WINNT\system32\djdoe.bat 2007-03-30 15:26:44 50,853 —ha-w C:\WINNT\system32\avtzpycu.exe 2007-03-30 15:15:49 127 ----a-w C:\WINNT\system32\dgorx.bat 2007-03-30 15:15:34 50,853 —ha-w C:\WINNT\system32\kozqvgtz.exe 2007-03-30 15:05:54 115 ----a-w C:\WINNT\system32\yqgvp.bat 2007-03-30 15:05:38 50,853 —ha-w C:\WINNT\system32\hsik.exe 2007-03-30 14:56:44 118 ----a-w C:\WINNT\system32\xsxpc.bat 2007-03-30 14:56:29 50,853 —ha-w C:\WINNT\system32\fupes.exe 2007-03-30 14:45:48 115 ----a-w C:\WINNT\system32\xsdoy.bat 2007-03-30 14:45:34 50,853 —ha-w C:\WINNT\system32\hylw.exe 2007-03-30 14:36:22 124 ----a-w C:\WINNT\system32\meyooltj.bat 2007-03-30 14:36:06 50,853 —ha-w C:\WINNT\system32\jjojim.exe 2007-03-30 13:48:33 0 ----a-r C:\logwmemory.bin 2007-03-30 13:32:54 23,280 ----a-w C:\WINNT\system32\axfyuryg.exe 2007-03-30 07:30:25 57,856 ----a-w C:\WINNT\system32\yeyzbrqr.exe 2007-03-30 07:30:05 23,280 ----a-w C:\WINNT\system32\bhxy.exe 2007-03-29 20:03:51 48,128 —ha-w C:\WINNT\system32\abui.exe 2007-03-29 19:14:51 75,776 —ha-w C:\WINNT\system32\dcmdsyi.exe 2007-03-29 18:26:12 57,856 ----a-w C:\WINNT\system32\wyzvdfue.exe 2007-03-29 18:25:54 23,280 ----a-w C:\WINNT\system32\jwafm.exe 2007-03-29 15:23:27 23,280 ----a-w C:\WINNT\system32\lftjekqp.exe 2007-03-29 15:19:57 49,845 —ha-w C:\WINNT\system32\ktmesk.exe 2007-03-29 14:13:54 23,280 ----a-w C:\WINNT\system32\fmyqg.exe 2007-03-29 12:39:55 57,856 ----a-w C:\WINNT\system32\tahiztsj.exe 2007-03-29 12:39:39 23,280 ----a-w C:\WINNT\system32\bapkpnxn.exe 2007-03-28 19:34:42 57,856 ----a-w C:\WINNT\system32\dxktpn.exe 2007-03-28 19:34:26 29,136 ----a-w C:\WINNT\system32\edwqes.exe 2007-03-28 19:03:57 57,856 ----a-w C:\WINNT\system32\wgot.exe 2007-03-28 19:03:44 29,136 ----a-w C:\WINNT\system32\mpivntaq.exe 2007-03-28 16:51:03 57,856 ----a-w C:\WINNT\system32\mnnqerg.exe 2007-03-28 16:50:46 29,136 ----a-w C:\WINNT\system32\evdhfo.exe 2007-03-28 13:33:18 29,136 ----a-w C:\WINNT\system32\ciffgel.exe 2007-03-27 13:23:23 53,569 —ha-w C:\WINNT\system32\btzcl.exe 2007-03-27 12:39:00 29,136 ----a-w C:\WINNT\system32\jsom.exe 2007-03-26 16:06:38 53,569 —ha-w C:\WINNT\system32\gocfoc.exe 2007-03-26 14:55:23 29,488 ----a-w C:\WINNT\system32\jobb.exe 2007-03-26 14:55:18 57,856 ----a-w C:\WINNT\system32\wzprm.exe 2007-03-26 12:38:52 29,488 ----a-w C:\WINNT\system32\wpimun.exe 2007-03-25 11:19:39 29,488 ----a-w C:\WINNT\system32\soxoyh.exe 2007-03-25 09:54:04 29,488 ----a-w C:\WINNT\system32\pnfemunr.exe 2007-03-24 17:04:32 53,569 —ha-w C:\WINNT\system32\ghlxob.exe 2007-03-24 16:38:58 29,488 ----a-w C:\WINNT\system32\scxyy.exe 2007-03-24 14:42:54 57,856 ----a-w C:\WINNT\system32\yurbojz.exe 2007-03-24 14:40:03 57,856 ----a-w C:\WINNT\system32\uivqtxqu.exe 2007-03-24 14:25:38 57,856 ----a-w C:\WINNT\system32\jhnxerwk.exe 2007-03-24 14:11:59 57,856 ----a-w C:\WINNT\system32\kozlbqvl.exe 2007-03-24 14:04:33 57,856 ----a-w C:\WINNT\system32\fpbl.exe 2007-03-24 12:58:05 29,488 ----a-w C:\WINNT\system32\tsgif.exe 2007-03-24 12:46:32 29,488 ----a-w C:\WINNT\system32\ztalcfl.exe 2007-03-24 12:24:18 29,488 ----a-w C:\WINNT\system32\fwoyzo.exe 2007-03-24 12:05:48 29,488 ----a-w C:\WINNT\system32\yghz.exe 2007-03-24 09:20:19 29,488 ----a-w C:\WINNT\system32\ityyui.exe 2007-03-23 14:56:49 29,488 ----a-w C:\WINNT\system32\vqym.exe 2007-03-23 08:49:55 29,488 ----a-w C:\WINNT\system32\vkarjg.exe 2007-03-22 13:39:45 29,488 ----a-w C:\WINNT\system32\hhcenij.exe 2007-03-22 08:35:17 29,488 ----a-w C:\WINNT\system32\ufpu.exe 2007-03-21 18:11:44 29,488 ----a-w C:\WINNT\system32\iwxgi.exe 2007-03-21 18:06:10 29,488 ----a-w C:\WINNT\system32\slsecyjw.exe 2007-03-21 18:03:51 29,488 ----a-w C:\WINNT\system32\leyae.exe 2007-03-21 17:26:51 29,488 ----a-w C:\WINNT\system32\housyh.exe 2007-03-21 14:03:53 29,488 ----a-w C:\WINNT\system32\amqofnj.exe 2007-03-21 12:32:57 29,488 ----a-w C:\WINNT\system32\wzmnmlkl.exe 2007-03-20 21:21:45 22,016 —ha-w C:\WINNT\system32\bagvql.exe 2007-03-20 19:27:28 28,976 ----a-w C:\WINNT\system32\yhoxx.exe 2007-03-20 18:21:49 28,976 ----a-w C:\WINNT\system32\kktxitc.exe 2007-03-20 17:26:13 28,976 ----a-w C:\WINNT\system32\bwlasgv.exe 2007-03-20 13:38:57 28,976 ----a-w C:\WINNT\system32\stcqcfed.exe 2007-03-19 15:11:49 53,569 —ha-w C:\WINNT\system32\ittow.exe 2007-03-19 15:03:49 53,569 —ha-w C:\WINNT\system32\myjor.exe 2007-03-19 13:38:38 28,976 ----a-w C:\WINNT\system32\ihnk.exe 2007-03-17 18:32:48 21,503 ----a-w C:\WINNT\system32\wixfrs.exe 2007-03-17 18:30:33 16,896 —ha-w C:\WINNT\system32\iaqai.exe 2007-03-17 18:03:49 21,503 ----a-w C:\WINNT\system32\qfyshiqf.exe 2007-03-17 17:52:33 21,503 ----a-w C:\WINNT\system32\wwshe.exe 2007-03-17 17:47:59 21,503 ----a-w C:\WINNT\system32\niwf.exe 2007-03-17 17:42:22 21,503 ----a-w C:\WINNT\system32\yxjpcez.exe 2007-03-17 17:40:09 21,503 ----a-w C:\WINNT\system32\wzrlpi.exe 2007-03-17 17:24:19 21,503 ----a-w C:\WINNT\system32\ntem.exe 2007-03-17 12:36:03 50,853 —ha-w C:\WINNT\system32\bnasx.exe 2007-03-17 12:29:18 21,503 ----a-w C:\WINNT\system32\phwgbwrc.exe 2007-03-17 11:58:23 21,503 ----a-w C:\WINNT\system32\qwzz.exe 2007-03-17 11:44:12 21,503 ----a-w C:\WINNT\system32\kilet.exe 2007-03-17 08:05:15 21,503 ----a-w C:\WINNT\system32\pgktd.exe 2007-03-16 18:23:04 21,503 ----a-w C:\WINNT\system32\birwtm.exe 2007-03-16 04:39:24 21,503 ----a-w C:\WINNT\system32\yybx.exe 2007-03-15 21:30:20 14,848 —ha-w C:\WINNT\system32\ucmapn.exe 2007-03-15 20:53:40 21,503 ----a-w C:\WINNT\system32\yecmkd.exe 2007-03-15 20:40:10 21,503 ----a-w C:\WINNT\system32\dwwb.exe 2007-03-15 20:33:59 21,503 ----a-w C:\WINNT\system32\enphtf.exe 2007-03-15 20:26:21 21,503 ----a-w C:\WINNT\system32\dumxcj.exe 2007-03-15 19:43:06 21,503 ----a-w C:\WINNT\system32\vwvb.exe 2007-03-15 19:29:44 21,503 ----a-w C:\WINNT\system32\uzxg.exe 2007-03-15 19:20:03 21,503 ----a-w C:\WINNT\system32\ixuhkhv.exe 2007-03-15 18:53:58 21,503 ----a-w C:\WINNT\system32\ovqp.exe 2007-03-15 18:29:23 21,503 ----a-w C:\WINNT\system32\sqyevgo.exe 2007-03-15 18:02:03 21,503 ----a-w C:\WINNT\system32\wrbkjf.exe 2007-03-15 15:37:59 21,503 ----a-w C:\WINNT\system32\unqldnw.exe 2007-03-15 15:15:27 21,503 ----a-w C:\WINNT\system32\xlto.exe 2007-03-15 14:50:03 21,503 ----a-w C:\WINNT\system32\duqam.exe 2007-03-15 14:27:38 21,503 ----a-w C:\WINNT\system32\tayrrjhg.exe 2007-03-15 14:23:30 21,503 ----a-w C:\WINNT\system32\bsdfq.exe 2007-03-15 14:00:21 21,503 ----a-w C:\WINNT\system32\eqdlspvm.exe 2007-03-15 13:35:44 21,503 ----a-w C:\WINNT\system32\vxuy.exe 2007-03-15 13:13:12 21,503 ----a-w C:\WINNT\system32\ygpbv.exe 2007-03-15 12:48:29 21,503 ----a-w C:\WINNT\system32\eemfcsrr.exe 2007-03-15 09:19:46 21,503 ----a-w C:\WINNT\system32\bygb.exe 2007-03-15 08:57:14 21,503 ----a-w C:\WINNT\system32\jycmlm.exe 2007-03-15 08:46:09 21,503 ----a-w C:\WINNT\system32\dyci.exe 2007-03-15 08:23:36 21,503 ----a-w C:\WINNT\system32\xcwpemzu.exe 2007-03-15 08:01:02 21,503 ----a-w C:\WINNT\system32\nbahatc.exe 2007-03-15 07:38:24 21,503 ----a-w C:\WINNT\system32\aoskfb.exe 2007-03-15 07:15:58 21,503 ----a-w C:\WINNT\system32\ysiqjthd.exe 2007-03-15 06:53:19 21,503 ----a-w C:\WINNT\system32\boeapg.exe 2007-03-15 06:28:15 21,503 ----a-w C:\WINNT\system32\ekzypp.exe 2007-03-15 05:51:52 21,503 ----a-w C:\WINNT\system32\ynvp.exe 2007-03-15 05:25:17 21,503 ----a-w C:\WINNT\system32\vbwxio.exe 2007-03-15 04:39:36 21,503 ----a-w C:\WINNT\system32\msypbva.exe 2007-03-14 20:53:14 21,503 ----a-w C:\WINNT\system32\gopmfwt.exe 2007-03-14 20:12:09 21,503 ----a-w C:\WINNT\system32\ftpxo.exe 2007-03-14 19:46:21 21,503 ----a-w C:\WINNT\system32\lyqr.exe 2007-03-14 18:11:22 21,503 ----a-w C:\WINNT\system32\idebli.exe 2007-03-14 07:13:25 21,503 ----a-w C:\WINNT\system32\lratuakd.exe 2007-03-14 06:56:57 21,503 ----a-w C:\WINNT\system32\aqurhcg.exe 2007-03-14 05:13:25 21,503 ----a-w C:\WINNT\system32\oasdn.exe 2007-03-14 04:39:29 21,503 ----a-w C:\WINNT\system32\sfmocbh.exe 2007-03-13 21:15:19 21,503 ----a-w C:\WINNT\system32\pulp.exe 2007-03-13 17:45:17 21,503 ----a-w C:\WINNT\system32\pqptej.exe 2007-03-13 06:41:31 21,503 ----a-w C:\WINNT\system32\nygvyyo.exe 2007-03-12 19:06:41 4,380 —ha-w C:\WINNT\system32\ipgem.exe 2007-03-12 18:55:33 45,056 ----a-w C:\WINNT\system32\iexpl0re.exe 2007-03-12 18:51:26 16,384 ----atw C:\WINNT\system32\Perflib_Perfdata_70c.dat 2007-03-12 13:39:48 16,384 ----atw C:\WINNT\system32\Perflib_Perfdata_28c.dat 2007-03-10 17:34:58 16,384 ----atw C:\WINNT\system32\Perflib_Perfdata_290.dat 2007-03-07 17:51:22 16,384 ----atw C:\WINNT\system32\Perflib_Perfdata_298.dat 2007-03-05 18:28:03 16,384 ----atw C:\WINNT\system32\Perflib_Perfdata_394.dat 2007-03-05 18:13:24 0 —ha-w C:\WINNT\system32\pcbhxbu.exe 2007-03-04 10:58:22 16,384 ----atw C:\WINNT\system32\Perflib_Perfdata_3bc.dat 2007-03-03 21:02:50 17,408 —ha-w C:\WINNT\system32\wnyxi.exe 2007-03-03 20:58:59 12,288 —ha-w C:\WINNT\system32\vtyuo.exe 2007-03-03 12:10:14 12,344 —ha-w C:\WINNT\system32\vtefqbcy.exe 2007-03-03 08:18:00 6,144 —ha-w C:\WINNT\system32\ehutsu.exe 2007-03-03 06:20:19 249,856 ------w C:\WINNT\Setup1.exe 2007-03-03 06:20:15 73,216 ----a-w C:\WINNT\ST6UNST.EXE 2007-03-02 18:46:33 38,512 —ha-w C:\WINNT\system32\hmlpve.exe 2007-03-02 06:19:50 16,384 ----atw C:\WINNT\system32\Perflib_Perfdata_388.dat 2007-03-01 20:28:45 512 —ha-w C:\WINNT\system32\xocndxh.exe (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [01-04-16 16:39] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “Zone Labs Client”=“C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe” [05-11-15 01:51] “Synchronization Manager”=“mobsync.exe” [03-06-19 14:05 C:\WINNT\system32\mobsync.exe] “avgnt”=“C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe” [06-08-21 13:06] “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.5.0\bin\jusched.exe” [07-05-13 17:57] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “internat.exe”=“internat.exe” [00-03-21 03:00 C:\WINNT\system32\internat.exe] [HKEY_USERS.default\software\microsoft\windows\currentversion\runonce] “^SetupICWDesktop”=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop [HKEY_USERS.default\software\microsoft\windows\currentversion\run] “internat.exe”=internat.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Gamma Loader.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Gamma Loader.lnk backup=C:\WINNT\pss\Adobe Gamma Loader.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^pogromca^Menu Start^Programy^Autostart^Adobe Gamma.lnk] path=C:\Documents and Settings\pogromca\Menu Start\Programy\Autostart\Adobe Gamma.lnk backup=C:\WINNT\pss\Adobe Gamma.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrinTray] C:\WINNT\system32\spool\DRIVERS\W32X86\2\printray.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs* ******************************************************************** catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-06-01 19:57:15 Windows 5.0.2195 Service Pack 4 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ******************************************************************** Completion time: 2007-06-01 19:58:55 C:\ComboFix-quarantined-files.txt … 07-06-01 19:58 — E O F —

EDIT

Sam sie przerazilem jak ten log przeczytalem;p

Złączono Posta : 01.06.2007 (Pią) 19:59

EDIT

Sam sie przerazilem jak ten log przeczytalem;p

EDIT 2

Przepraszam za 2 razy to samo, ale moj komp zachowuje sie w sposob niekontrolowany:/, juz usunalem ;]

Gutek · 2 Czerwiec 2007 00:00

2007-04-07 09:04:34 30,000 ----a-w C:\WINNT\system32\sdeu.exe 2007-04-07 08:22:29 30,000 ----a-w C:\WINNT\system32\cyhuvpbt.exe 2007-04-07 06:55:12 30,000 ----a-w C:\WINNT\system32\izptsbp.exe 2007-04-06 17:37:15 50,853 —ha-w C:\WINNT\system32\wmxkaqmc.exe 2007-04-06 17:12:10 30,000 ----a-w C:\WINNT\system32\yorw.exe 2007-04-06 16:52:42 30,000 ----a-w C:\WINNT\system32\jmwkd.exe 2007-04-06 15:43:47 30,000 ----a-w C:\WINNT\system32\biuijb.exe 2007-04-06 07:58:35 30,000 ----a-w C:\WINNT\system32\xyieeq.exe 2007-04-06 04:05:00 30,000 ----a-w C:\WINNT\system32\slnnoa.exe 2007-04-05 10:00:40 30,000 ----a-w C:\WINNT\system32\dzsva.exe 2007-04-05 09:06:50 30,000 ----a-w C:\WINNT\system32\arfcmt.exe 2007-04-05 08:10:48 30,000 ----a-w C:\WINNT\system32\xybjzwj.exe 2007-04-05 07:47:39 30,000 ----a-w C:\WINNT\system32\logmm.exe 2007-04-05 06:00:02 30,000 ----a-w C:\WINNT\system32\atwvyvi.exe 2007-04-05 04:29:36 30,000 ----a-w C:\WINNT\system32\jiswj.exe 2007-04-04 16:15:46 29,648 ----a-w C:\WINNT\system32\qqnv.exe 2007-04-04 10:43:43 29,648 ----a-w C:\WINNT\system32\chylt.exe 2007-04-04 09:43:50 48,828 —ha-w C:\WINNT\system32\btujqd.exe 2007-04-04 03:51:57 29,648 ----a-w C:\WINNT\system32\nvovj.exe 2007-04-03 04:29:01 29,648 ----a-w C:\WINNT\system32\jcubrda.exe 2007-04-02 14:33:26 130 ----a-w C:\WINNT\system32\hxcikpyb.bat 2007-04-02 11:04:42 29,648 ----a-w C:\WINNT\system32\bgphcnyz.exe 2007-04-02 10:17:07 50,853 —ha-w C:\WINNT\system32\lgmdf.exe 2007-04-02 09:33:41 29,648 ----a-w C:\WINNT\system32\mhrmwcx.exe 2007-04-02 05:40:27 29,648 ----a-w C:\WINNT\system32\mrjspzc.exe 2007-04-01 17:11:02 50,853 —ha-w C:\WINNT\system32\btaqo.exe 2007-04-01 17:00:02 29,648 ----a-w C:\WINNT\system32\ijqprbu.exe 2007-04-01 15:59:27 57,856 ----a-w C:\WINNT\system32\lpogucxm.exe 2007-04-01 15:59:10 29,648 ----a-w C:\WINNT\system32\vaauzyk.exe 2007-04-01 12:45:08 50,853 —ha-w C:\WINNT\system32\kmfnwg.exe 2007-04-01 12:08:45 29,648 ----a-w C:\WINNT\system32\ogjhhdkw.exe 2007-03-31 19:15:08 23,280 ----a-w C:\WINNT\system32\rbeury.exe 2007-03-31 13:58:56 23,280 ----a-w C:\WINNT\system32\fxcici.exe 2007-03-31 09:29:12 23,280 ----a-w C:\WINNT\system32\gmtsxw.exe 2007-03-31 08:01:53 23,280 ----a-w C:\WINNT\system32\rwote.exe 2007-03-31 06:53:59 23,280 ----a-w C:\WINNT\system32\zysqmrht.exe 2007-03-31 04:21:10 57,856 ----a-w C:\WINNT\system32\pfgcjmrh.exe 2007-03-31 04:20:51 23,280 ----a-w C:\WINNT\system32\uprj.exe 2007-03-30 19:49:50 23,280 ----a-w C:\WINNT\system32\huasad.exe 2007-03-30 18:29:26 57,856 ----a-w C:\WINNT\system32\lvatqm.exe 2007-03-30 18:29:16 23,280 ----a-w C:\WINNT\system32\rrkxebob.exe 2007-03-30 15:48:34 23,280 ----a-w C:\WINNT\system32\fsibk.exe 2007-03-30 15:26:58 127 ----a-w C:\WINNT\system32\djdoe.bat 2007-03-30 15:26:44 50,853 —ha-w C:\WINNT\system32\avtzpycu.exe 2007-03-30 15:15:49 127 ----a-w C:\WINNT\system32\dgorx.bat 2007-03-30 15:15:34 50,853 —ha-w C:\WINNT\system32\kozqvgtz.exe 2007-03-30 15:05:54 115 ----a-w C:\WINNT\system32\yqgvp.bat 2007-03-30 15:05:38 50,853 —ha-w C:\WINNT\system32\hsik.exe 2007-03-30 14:56:44 118 ----a-w C:\WINNT\system32\xsxpc.bat 2007-03-30 14:56:29 50,853 —ha-w C:\WINNT\system32\fupes.exe 2007-03-30 14:45:48 115 ----a-w C:\WINNT\system32\xsdoy.bat 2007-03-30 14:45:34 50,853 —ha-w C:\WINNT\system32\hylw.exe 2007-03-30 14:36:22 124 ----a-w C:\WINNT\system32\meyooltj.bat 2007-03-30 14:36:06 50,853 —ha-w C:\WINNT\system32\jjojim.exe 2007-03-30 13:48:33 0 ----a-r C:\logwmemory.bin 2007-03-30 13:32:54 23,280 ----a-w C:\WINNT\system32\axfyuryg.exe 2007-03-30 07:30:25 57,856 ----a-w C:\WINNT\system32\yeyzbrqr.exe 2007-03-30 07:30:05 23,280 ----a-w C:\WINNT\system32\bhxy.exe 2007-03-29 20:03:51 48,128 —ha-w C:\WINNT\system32\abui.exe 2007-03-29 19:14:51 75,776 —ha-w C:\WINNT\system32\dcmdsyi.exe 2007-03-29 18:26:12 57,856 ----a-w C:\WINNT\system32\wyzvdfue.exe 2007-03-29 18:25:54 23,280 ----a-w C:\WINNT\system32\jwafm.exe 2007-03-29 15:23:27 23,280 ----a-w C:\WINNT\system32\lftjekqp.exe 2007-03-29 15:19:57 49,845 —ha-w C:\WINNT\system32\ktmesk.exe 2007-03-29 14:13:54 23,280 ----a-w C:\WINNT\system32\fmyqg.exe 2007-03-29 12:39:55 57,856 ----a-w C:\WINNT\system32\tahiztsj.exe 2007-03-29 12:39:39 23,280 ----a-w C:\WINNT\system32\bapkpnxn.exe 2007-03-28 19:34:42 57,856 ----a-w C:\WINNT\system32\dxktpn.exe 2007-03-28 19:34:26 29,136 ----a-w C:\WINNT\system32\edwqes.exe 2007-03-28 19:03:57 57,856 ----a-w C:\WINNT\system32\wgot.exe 2007-03-28 19:03:44 29,136 ----a-w C:\WINNT\system32\mpivntaq.exe 2007-03-28 16:51:03 57,856 ----a-w C:\WINNT\system32\mnnqerg.exe 2007-03-28 16:50:46 29,136 ----a-w C:\WINNT\system32\evdhfo.exe 2007-03-28 13:33:18 29,136 ----a-w C:\WINNT\system32\ciffgel.exe 2007-03-27 13:23:23 53,569 —ha-w C:\WINNT\system32\btzcl.exe 2007-03-27 12:39:00 29,136 ----a-w C:\WINNT\system32\jsom.exe 2007-03-26 16:06:38 53,569 —ha-w C:\WINNT\system32\gocfoc.exe 2007-03-26 14:55:23 29,488 ----a-w C:\WINNT\system32\jobb.exe 2007-03-26 14:55:18 57,856 ----a-w C:\WINNT\system32\wzprm.exe 2007-03-26 12:38:52 29,488 ----a-w C:\WINNT\system32\wpimun.exe 2007-03-25 11:19:39 29,488 ----a-w C:\WINNT\system32\soxoyh.exe 2007-03-25 09:54:04 29,488 ----a-w C:\WINNT\system32\pnfemunr.exe 2007-03-24 17:04:32 53,569 —ha-w C:\WINNT\system32\ghlxob.exe 2007-03-24 16:38:58 29,488 ----a-w C:\WINNT\system32\scxyy.exe 2007-03-24 14:42:54 57,856 ----a-w C:\WINNT\system32\yurbojz.exe 2007-03-24 14:40:03 57,856 ----a-w C:\WINNT\system32\uivqtxqu.exe 2007-03-24 14:25:38 57,856 ----a-w C:\WINNT\system32\jhnxerwk.exe 2007-03-24 14:11:59 57,856 ----a-w C:\WINNT\system32\kozlbqvl.exe 2007-03-24 14:04:33 57,856 ----a-w C:\WINNT\system32\fpbl.exe 2007-03-24 12:58:05 29,488 ----a-w C:\WINNT\system32\tsgif.exe 2007-03-24 12:46:32 29,488 ----a-w C:\WINNT\system32\ztalcfl.exe 2007-03-24 12:24:18 29,488 ----a-w C:\WINNT\system32\fwoyzo.exe 2007-03-24 12:05:48 29,488 ----a-w C:\WINNT\system32\yghz.exe 2007-03-24 09:20:19 29,488 ----a-w C:\WINNT\system32\ityyui.exe 2007-03-23 14:56:49 29,488 ----a-w C:\WINNT\system32\vqym.exe 2007-03-23 08:49:55 29,488 ----a-w C:\WINNT\system32\vkarjg.exe 2007-03-22 13:39:45 29,488 ----a-w C:\WINNT\system32\hhcenij.exe 2007-03-22 08:35:17 29,488 ----a-w C:\WINNT\system32\ufpu.exe 2007-03-21 18:11:44 29,488 ----a-w C:\WINNT\system32\iwxgi.exe 2007-03-21 18:06:10 29,488 ----a-w C:\WINNT\system32\slsecyjw.exe 2007-03-21 18:03:51 29,488 ----a-w C:\WINNT\system32\leyae.exe 2007-03-21 17:26:51 29,488 ----a-w C:\WINNT\system32\housyh.exe 2007-03-21 14:03:53 29,488 ----a-w C:\WINNT\system32\amqofnj.exe 2007-03-21 12:32:57 29,488 ----a-w C:\WINNT\system32\wzmnmlkl.exe 2007-03-20 21:21:45 22,016 —ha-w C:\WINNT\system32\bagvql.exe 2007-03-20 19:27:28 28,976 ----a-w C:\WINNT\system32\yhoxx.exe 2007-03-20 18:21:49 28,976 ----a-w C:\WINNT\system32\kktxitc.exe 2007-03-20 17:26:13 28,976 ----a-w C:\WINNT\system32\bwlasgv.exe 2007-03-20 13:38:57 28,976 ----a-w C:\WINNT\system32\stcqcfed.exe 2007-03-19 15:11:49 53,569 —ha-w C:\WINNT\system32\ittow.exe 2007-03-19 15:03:49 53,569 —ha-w C:\WINNT\system32\myjor.exe 2007-03-19 13:38:38 28,976 ----a-w C:\WINNT\system32\ihnk.exe 2007-03-17 18:32:48 21,503 ----a-w C:\WINNT\system32\wixfrs.exe 2007-03-17 18:30:33 16,896 —ha-w C:\WINNT\system32\iaqai.exe 2007-03-17 18:03:49 21,503 ----a-w C:\WINNT\system32\qfyshiqf.exe 2007-03-17 17:52:33 21,503 ----a-w C:\WINNT\system32\wwshe.exe 2007-03-17 17:47:59 21,503 ----a-w C:\WINNT\system32\niwf.exe 2007-03-17 17:42:22 21,503 ----a-w C:\WINNT\system32\yxjpcez.exe 2007-03-17 17:40:09 21,503 ----a-w C:\WINNT\system32\wzrlpi.exe 2007-03-17 17:24:19 21,503 ----a-w C:\WINNT\system32\ntem.exe 2007-03-17 12:36:03 50,853 —ha-w C:\WINNT\system32\bnasx.exe 2007-03-17 12:29:18 21,503 ----a-w C:\WINNT\system32\phwgbwrc.exe 2007-03-17 11:58:23 21,503 ----a-w C:\WINNT\system32\qwzz.exe 2007-03-17 11:44:12 21,503 ----a-w C:\WINNT\system32\kilet.exe 2007-03-17 08:05:15 21,503 ----a-w C:\WINNT\system32\pgktd.exe 2007-03-16 18:23:04 21,503 ----a-w C:\WINNT\system32\birwtm.exe 2007-03-16 04:39:24 21,503 ----a-w C:\WINNT\system32\yybx.exe 2007-03-15 21:30:20 14,848 —ha-w C:\WINNT\system32\ucmapn.exe 2007-03-15 20:53:40 21,503 ----a-w C:\WINNT\system32\yecmkd.exe 2007-03-15 20:40:10 21,503 ----a-w C:\WINNT\system32\dwwb.exe 2007-03-15 20:33:59 21,503 ----a-w C:\WINNT\system32\enphtf.exe 2007-03-15 20:26:21 21,503 ----a-w C:\WINNT\system32\dumxcj.exe 2007-03-15 19:43:06 21,503 ----a-w C:\WINNT\system32\vwvb.exe 2007-03-15 19:29:44 21,503 ----a-w C:\WINNT\system32\uzxg.exe 2007-03-15 19:20:03 21,503 ----a-w C:\WINNT\system32\ixuhkhv.exe 2007-03-15 18:53:58 21,503 ----a-w C:\WINNT\system32\ovqp.exe 2007-03-15 18:29:23 21,503 ----a-w C:\WINNT\system32\sqyevgo.exe 2007-03-15 18:02:03 21,503 ----a-w C:\WINNT\system32\wrbkjf.exe 2007-03-15 15:37:59 21,503 ----a-w C:\WINNT\system32\unqldnw.exe 2007-03-15 15:15:27 21,503 ----a-w C:\WINNT\system32\xlto.exe 2007-03-15 14:50:03 21,503 ----a-w C:\WINNT\system32\duqam.exe 2007-03-15 14:27:38 21,503 ----a-w C:\WINNT\system32\tayrrjhg.exe 2007-03-15 14:23:30 21,503 ----a-w C:\WINNT\system32\bsdfq.exe 2007-03-15 14:00:21 21,503 ----a-w C:\WINNT\system32\eqdlspvm.exe 2007-03-15 13:35:44 21,503 ----a-w C:\WINNT\system32\vxuy.exe 2007-03-15 13:13:12 21,503 ----a-w C:\WINNT\system32\ygpbv.exe 2007-03-15 12:48:29 21,503 ----a-w C:\WINNT\system32\eemfcsrr.exe 2007-03-15 09:19:46 21,503 ----a-w C:\WINNT\system32\bygb.exe 2007-03-15 08:57:14 21,503 ----a-w C:\WINNT\system32\jycmlm.exe 2007-03-15 08:46:09 21,503 ----a-w C:\WINNT\system32\dyci.exe 2007-03-15 08:23:36 21,503 ----a-w C:\WINNT\system32\xcwpemzu.exe 2007-03-15 08:01:02 21,503 ----a-w C:\WINNT\system32\nbahatc.exe 2007-03-15 07:38:24 21,503 ----a-w C:\WINNT\system32\aoskfb.exe 2007-03-15 07:15:58 21,503 ----a-w C:\WINNT\system32\ysiqjthd.exe 2007-03-15 06:53:19 21,503 ----a-w C:\WINNT\system32\boeapg.exe 2007-03-15 06:28:15 21,503 ----a-w C:\WINNT\system32\ekzypp.exe 2007-03-15 05:51:52 21,503 ----a-w C:\WINNT\system32\ynvp.exe 2007-03-15 05:25:17 21,503 ----a-w C:\WINNT\system32\vbwxio.exe 2007-03-15 04:39:36 21,503 ----a-w C:\WINNT\system32\msypbva.exe 2007-03-14 20:53:14 21,503 ----a-w C:\WINNT\system32\gopmfwt.exe 2007-03-14 20:12:09 21,503 ----a-w C:\WINNT\system32\ftpxo.exe 2007-03-14 19:46:21 21,503 ----a-w C:\WINNT\system32\lyqr.exe 2007-03-14 18:11:22 21,503 ----a-w C:\WINNT\system32\idebli.exe 2007-03-14 07:13:25 21,503 ----a-w C:\WINNT\system32\lratuakd.exe 2007-03-14 06:56:57 21,503 ----a-w C:\WINNT\system32\aqurhcg.exe 2007-03-14 05:13:25 21,503 ----a-w C:\WINNT\system32\oasdn.exe 2007-03-14 04:39:29 21,503 ----a-w C:\WINNT\system32\sfmocbh.exe 2007-03-13 21:15:19 21,503 ----a-w C:\WINNT\system32\pulp.exe 2007-03-13 17:45:17 21,503 ----a-w C:\WINNT\system32\pqptej.exe 2007-03-13 06:41:31 21,503 ----a-w C:\WINNT\system32\nygvyyo.exe 2007-03-12 19:06:41 4,380 —ha-w C:\WINNT\system32\ipgem.exe 2007-03-12 18:55:33 45,056 ----a-w C:\WINNT\system32\iexpl0re.exe 2007-03-05 18:13:24 0 —ha-w C:\WINNT\system32\pcbhxbu.exe 2007-03-03 21:02:50 17,408 —ha-w C:\WINNT\system32\wnyxi.exe 2007-03-03 20:58:59 12,288 —ha-w C:\WINNT\system32\vtyuo.exe 2007-03-03 12:10:14 12,344 —ha-w C:\WINNT\system32\vtefqbcy.exe 2007-03-03 08:18:00 6,144 —ha-w C:\WINNT\system32\ehutsu.exe 2007-03-01 20:28:45 512 —ha-w C:\WINNT\system32\xocndxh.exe

do usunięcia pliki w trybie awaryjnym.

Skan AVG Anti-Spyware 7.5 po update