Nie mogę zainstalować żadnego antywirusa

nie mogę też przeskanować Kasperskym online, bo mi piszą że nie jestem administratorem i że muszę coś zmienić w IE na średni. mam priv lapa i potrzebuję pomocy, ale proszę tłumaczyć jak dziecku w piaskownicy, bo kobieta początkująca jestem… :lol:

a dokładnie co ?? zapewne jest to tam napisane.

pewnie poziom ochrony

Narzędzia -----> opcie internetowe -------> ZAbezpieczenia ---------> Ustawiasz poziom domyślny.

A to ze nie mozesz zainstalowac zadnego antyvirsua to moze dlatego ze zmieniałas sobie “przez przypadek” stopien dosepu w windowsie? Lub nie odinstalowałas wczesniejszego jakiegos antyvirusa

Pokaż log z ComboScan i dwa logi z Gmer’a wykonane przy takich ustawieniach:

  1. Zakładka Rootkit >>> zaznaczone wszystko oprócz Pokazuj wszystko >>> kliknij Szukaj >>> czekaj cierpliwie aż skończy >>> Kopiuj >>> wklej do posta

  2. Zakładka Rootkit >>> zaznaczone tylko Usługi i Pokazuj wszystko >>> kliknij Szukaj >>> czekaj cierpliwie aż skończy >>> Kopiuj >>> wklej do posta

Jeśli wszystkie logi nie zmieszczą się bezpośrednio do posta, to umieść je w jakimś serwisie hostingowym jako pliki *.txt, a tu tylko zlinkuj.

http://forum.dobreprogramy.pl/viewtopic.php?t=96929

Na uprawnieniach administratora:

  • przeczyść kompa np. ccleaner i rejestr jv16;

  • potem instaluj AV.:mrgreen:

poziom ochrony ustawiłam, ccleanerem czyszcze kompa regularnie, na 100% mam wirusa, bo jak miałam jeszcze avasta, to pokazał informację, że znalazł wirusa, chyba trojana, ale zaraz potem avast się zablokował i po odinstalowaniu i ponownym zainstalowaniu brakuje w avascie paru ikonek min. ashAvast.exe. Próbowałam ściągać inne min.: bitdefender - error writing to file: c:\program files\softin\bitdefender8\bdnews.exe. verify that you have access to that directory. a scanner Kaspersky znowu to samo: należy posiadać uprawnienia administracyjne na tym komputerze; należy również ustawić poziom zabezpieczeń na średni - co uczyniłam… poza tym we właściwościach np solitare mam: target: %systemroot%\system32\sol.exe to chyba nie jest normalne? przeczytałam na gdata, że email-worm.win32.bagle.eh kopiuje się jako %system%… pobrałam szczepionkę ale nie pomogła, więc to chyba nie ten… co dalej robić?

Wkleić logi, o które prosiłem.

no właśnie Ci odpisałam adamie 9870, że do mnie musisz pisać dużymi literami. daleko mi do informatyka i gdzie mam szukać tego combo i tego drugiego???

Złączono Posta : 11.03.2007 (Nie) 22:12

ten link do comboscan http://www.searchengines.pl/phpbb203/in … opic=86306 nie działa…

Spróbuj tego.

ComboScan v20070306.20 run by aga on 2007-03-11 at 22:27:56

Computer is in Normal Mode.


– System Restore --------------------------------------------------------------

Successfully created ComboScan Restore Point.

– Last 5 Restore Point(s) –

65: 2007-03-11 21:28:30 UTC - RP101 - ComboScan Restore Point

64: 2007-03-11 20:36:53 UTC - RP100 - Installed BitDefender 8 Free Edition

63: 2007-03-11 20:05:04 UTC - RP99 - System Checkpoint

62: 2007-03-10 19:45:36 UTC - RP98 - System Checkpoint

61: 2007-03-07 20:09:47 UTC - RP97 - System Checkpoint

– First Restore Point –

1: 2006-12-12 18:50:22 UTC - RP37 - System Checkpoint

Performed disk cleanup.

– HijackThis (run as aga.exe) -------------------------------------------------

Logfile of HijackThis v1.99.1

Scan saved at 22:35:29, on 2007-03-11

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\setrysvc.exe

C:\WINDOWS\System32\semwltry.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\ntvdm.exe

C:\WINDOWS\system32\hldrrr.exe

C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\WINDOWS\system32\sol.exe

C:\Documents and Settings\aga\Local Settings\Temporary Internet Files\Content.IE5\HZ77TL8A\comboscan[1].exe

C:\Program Files\Outlook Express\msimn.exe

C:\PROGRA~1\HIJACK~1\aga.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pajacyk.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

F2 - REG:system.ini: Shell=explorer.exe

F3 - REG:win.ini: load=C:\YDPDict\watch.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {56F1D444-11BF-4879-A12B-79CF0177F038} - (no file)

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll

O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU…\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005 … scan53.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: Sony Ericsson Wireless LAN Tray Service (setrysvc) - Unknown owner - C:\WINDOWS\System32\setrysvc.exe

– File Associations -----------------------------------------------------------

.bat - batfile - “%1” %*

.chm - chm.file - “C:\WINDOWS\hh.exe” %1

.cmd - cmdfile - “%1” %*

.com - comfile - “%1” %*

.exe - exefile - “%1” %*

.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1

.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1

.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1

.js - JSFile - %SystemRoot%\System32\WScript.exe “%1” %*

.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}

.pif - piffile - “%1” %*

.reg - regfile - regedit.exe “%1”

.scr - AutoCADScript - C:\WINDOWS\NOTEPAD.EXE “%1”

.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1

.vbs - VBSFile - %SystemRoot%\System32\WScript.exe “%1” %*

– Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

4S Aavmker4 (avast! Asynchronous Virus Monitor) - C:\WINDOWS\system32\drivers\aavmker4.sys

2R AegisP (AEGIS Protocol (IEEE 802.1x) v3.2.0.3) - C:\WINDOWS\system32\drivers\AegisP.sys

3R Arp1394 (1394 ARP Client Protocol) - C:\WINDOWS\system32\drivers\arp1394.sys

4S aswMon2 (avast! Standard Shield Support) - C:\WINDOWS\system32\drivers\aswmon2.sys

4S aswRdr - C:\WINDOWS\system32\drivers\aswRdr.sys

4S aswTdi (avast! Network Shield Support) - C:\WINDOWS\system32\drivers\aswTdi.sys

3R BCMModem (BCM V.92 56K Modem) - C:\WINDOWS\system32\drivers\BCMSM.sys

3S CCDECODE (Closed Caption Decoder) - C:\WINDOWS\system32\drivers\CCDECODE.sys

0R drvmcdb - C:\WINDOWS\system32\drivers\drvmcdb.sys

2R drvnddm - C:\WINDOWS\system32\drivers\drvnddm.sys

3S GT680x (GrandTechICNameNT) - C:\WINDOWS\system32\drivers\gt680x.sys

3S HidUsb (Microsoft HID Class Driver) - C:\WINDOWS\system32\drivers\hidusb.sys

1R intelppm (Intel Processor Driver) - C:\WINDOWS\system32\drivers\intelppm.sys

3S MSTEE (Microsoft Streaming Tee/Sink-to-Sink Converter) - C:\WINDOWS\system32\drivers\MSTEE.sys

3S NABTSFEC (NABTS/FEC VBI Codec) - C:\WINDOWS\system32\drivers\NABTSFEC.sys

3S NdisIP (Microsoft TV/Video Connection) - C:\WINDOWS\system32\drivers\ndisip.sys

3R NIC1394 (1394 Net Driver) - C:\WINDOWS\system32\drivers\nic1394.sys

3S Nokia USB Generic - C:\WINDOWS\system32\drivers\nmwcdc.sys

3S Nokia USB Modem - C:\WINDOWS\system32\drivers\nmwcdcm.sys

3S Nokia USB Phone Parent - C:\WINDOWS\system32\drivers\nmwcd.sys

3S Nokia USB Port - C:\WINDOWS\system32\drivers\nmwcdcj.sys

0R ohci1394 (Texas Instruments OHCI Compliant IEEE 1394 Host Controller) - C:\WINDOWS\system32\drivers\ohci1394.sys

3S ovt519 (PS2 EyeToy SLEH-00030 Webcam) - C:\WINDOWS\system32\drivers\ov519vid.sys

1R prodrv06 (StarForce Protection Environment Driver v6) - C:\WINDOWS\system32\drivers\prodrv06.sys

0R prohlp02 (StarForce Protection Helper Driver v2) - C:\WINDOWS\system32\drivers\prohlp02.sys

0R prosync1 (StarForce Protection Synchronization Driver v1) - C:\WINDOWS\system32\drivers\prosync1.sys

0R PxHelp20 - C:\WINDOWS\system32\drivers\pxhelp20.sys

3S SEM43XX (Sony Ericsson 802.11 Wireless LAN Adapter Driver SEM43XX) - C:\WINDOWS\system32\drivers\semwl5.SYS

3S SEMWModem (Sony Ericsson SEMWModem) - C:\WINDOWS\system32\drivers\GCXX.sys

3S SEMWWNIC (Sony Ericsson SEMWWNIC) - C:\WINDOWS\system32\drivers\GCXXNet.sys

2S Sentinel - C:\WINDOWS\system32\drivers\SENTINEL.SYS

0R sfhlp01 (StarForce Protection Helper Driver) - C:\WINDOWS\system32\drivers\sfhlp01.sys

3S SLIP (BDA Slip De-Framer) - C:\WINDOWS\system32\drivers\slip.sys

3S Sony_EricssonWWSC (Sony Ericsson SIM Card Reader) - C:\WINDOWS\system32\drivers\GCXXSC.sys

1R sscdbhk5 - C:\WINDOWS\system32\drivers\sscdbhk5.sys

1R ssrtln - C:\WINDOWS\system32\drivers\ssrtln.sys

3R STAC97 (Audio Driver (WDM) - SigmaTel CODEC) - C:\WINDOWS\system32\drivers\stac97.sys

3S streamip (BDA IPSink) - C:\WINDOWS\system32\drivers\streamip.sys

2R tfsnboio - C:\WINDOWS\system32\dla\tfsnboio.sys

2R tfsncofs - C:\WINDOWS\system32\dla\tfsncofs.sys

2R tfsndrct - C:\WINDOWS\system32\dla\tfsndrct.sys

2R tfsndres - C:\WINDOWS\system32\dla\tfsndres.sys

2R tfsnifs - C:\WINDOWS\system32\dla\tfsnifs.sys

2R tfsnopio - C:\WINDOWS\system32\dla\tfsnopio.sys

2R tfsnpool - C:\WINDOWS\system32\dla\tfsnpool.sys

2R tfsnudf - C:\WINDOWS\system32\dla\tfsnudf.sys

2R tfsnudfa - C:\WINDOWS\system32\dla\tfsnudfa.sys

2R tmcomm - C:\WINDOWS\system32\drivers\tmcomm.sys

3S usbaudio (USB Audio Driver (WDM)) - C:\WINDOWS\system32\drivers\USBAUDIO.sys

3S usbccgp (Microsoft USB Generic Parent Driver) - C:\WINDOWS\system32\drivers\usbccgp.sys

3R usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - C:\WINDOWS\system32\drivers\usbehci.sys

3S usbprint (Microsoft USB PRINTER Class) - C:\WINDOWS\system32\drivers\usbprint.sys

3S USBSTOR (USB Mass Storage Driver) - C:\WINDOWS\system32\drivers\usbstor.sys

3R USB_RNDIS (USB Remote NDIS Network Device Driver) - C:\WINDOWS\system32\drivers\usb8023.sys

1R WS2IFSL (Windows Socket 2.0 Non-IFS Service Provider Support Environment) - C:\WINDOWS\system32\drivers\ws2ifsl.sys

3S WSTCODEC (World Standard Teletext Codec) - C:\WINDOWS\system32\drivers\WSTCODEC.SYS

3R Xgiv3 - C:\WINDOWS\system32\drivers\Xgiv3m.sys

4R m_hook (Empty) - C:\Documents and Settings\aga\Application Data\hidires\m_hook.sys

– Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

4S aswUpdSv (avast! iAVS4 Control Service) - “C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe”

4S avast! Antivirus - “C:\Program Files\Alwil Software\Avast4\ashServ.exe”

4S avast! Mail Scanner - “C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe” /service

4S avast! Web Scanner - “C:\Program Files\Alwil Software\Avast4\ashWebSv.exe” /service

3S gusvc (Google Updater Service) - “C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe”

3S Macromedia Licensing Service - “C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe”

3S ose (Office Source Engine) - “C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE”

2R setrysvc (Sony Ericsson Wireless LAN Tray Service) - C:\WINDOWS\System32\setrysvc.exe C:\WINDOWS\System32\semwltry.exe

3S UMWdf (Windows User Mode Driver Framework) - C:\WINDOWS\system32\wdfmgr.exe

3S usnsvc (Usługa Messenger Sharing USN Journal Reader) - C:\WINDOWS\system32\svchost.exe -k usnsvc

– Files created between 2007-02-11 and 2007-03-11 -----------------------------

2007-03-06 16:36:58 0 d-------- C:\WINDOWS\pss

2007-03-03 12:35:39 0 d-------- C:\WINDOWS\report

2007-03-03 12:34:03 0 d-------- C:\WINDOWS\AU_Backup

2007-03-03 12:34:02 229957 --a------ C:\WINDOWS\tsc.exe

2007-03-03 12:34:01 1101904 --a------ C:\WINDOWS\vsapi32.dll

2007-03-03 12:34:01 71749 --a------ C:\WINDOWS\hcextoutput.dll

2007-03-03 12:34:00 86094 --a------ C:\WINDOWS\BPMNT.dll

2007-03-03 12:27:04 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2007-03-03 12:24:14 0 d-------- C:\WINDOWS\AU_Temp

2007-03-03 12:24:13 0 d-------- C:\WINDOWS\AU_Log

2007-03-03 12:24:00 507904 --a------ C:\WINDOWS\TMUPDATE.DLL

2007-03-03 12:23:59 69689 --a------ C:\WINDOWS\UNZIP.DLL

2007-03-03 12:23:59 286720 --a------ C:\WINDOWS\PATCH.EXE

2007-03-03 10:45:44 2560 -----n— C:\WINDOWS\system32\drivers\cdralw2k.sys

2007-03-03 10:45:44 2432 -----n— C:\WINDOWS\system32\drivers\cdr4_xp.sys

2007-03-03 10:45:41 129784 -----n— C:\WINDOWS\system32\pxafs.dll

2007-03-03 10:45:09 0 d-------- C:\Program Files\Winamp

2007-03-03 10:45:09 0 d-------- C:\Documents and Settings\aga\Application Data\Winamp

2007-03-03 10:40:39 0 d-------- C:\WINDOWS\exefld

2007-02-28 22:33:45 0 d-------- C:\Program Files\GrandVirtual

2007-02-27 12:11:48 0 d-------- C:\Documents and Settings\All Users\Application Data\EBP

2007-02-27 12:11:37 0 d-------- C:\Program Files\EBP

2007-02-27 12:06:08 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard

2007-02-26 11:30:36 0 d-------- C:\Program Files\Rzeczpospolita - Mała Księgowość

2007-02-22 16:37:48 0 d-------- C:\Projets NetlorStudio

2007-02-22 16:25:59 0 d-------- C:\Program Files\Netlor Studio

2007-02-22 15:45:17 0 d-------- C:\Program Files\Yahoo!

2007-02-22 15:45:02 0 d-------- C:\Program Files\CCleaner

2007-02-22 12:01:31 0 d-------- C:\Documents and Settings\aga\Application Data\Notepad++

2007-02-22 12:01:24 0 d-------- C:\Program Files\Notepad++

2007-02-20 12:26:19 181760 --a------ C:\WINDOWS\ying.exe

2007-02-19 13:18:13 0 d-------- C:\Program Files\Calcul

2007-02-19 12:21:21 41984 --a------ C:\WINDOWS\system32\ADIMON.DLL

2007-02-19 12:21:20 447488 --a------ C:\WINDOWS\system32\HEIDI3.DLL

2007-02-19 12:21:19 721168 --a------ C:\WINDOWS\system32\VB40032.DLL

2007-02-19 12:21:18 43008 --a------ C:\WINDOWS\system32\MTSTACK.EXE

2007-02-19 12:21:18 7680 --a------ C:\WINDOWS\system32\ADRESC.DLL

2007-02-19 12:21:18 267264 --a------ C:\WINDOWS\system32\ACADFICN.DLL

2007-02-19 12:06:18 38400 -----n— C:\WINDOWS\system32\SNTI386.DLL

2007-02-19 12:06:18 16896 --a------ C:\WINDOWS\system32\RNBOVDD.DLL

2007-02-19 12:06:18 64512 --a------ C:\WINDOWS\system32\drivers\SENTINEL.SYS

2007-02-19 12:06:01 77824 --a------ C:\WINDOWS\system32\REGACAD.DLL

2007-02-19 12:04:52 0 d-------- C:\Program Files\AutoCAD R14

2007-02-19 12:04:04 302592 --a------ C:\WINDOWS\unin040c.exe

– Find3M Report ---------------------------------------------------------------

2007-03-11 22:29:25 0 d-------- C:\Documents and Settings\aga\Application Data\Skype

2007-03-11 18:05:44 0 d-------- C:\Program Files\eMule

2007-03-10 21:04:01 0 d-------- C:\Documents and Settings\aga\Application Data\Tlen.pl

2007-02-28 23:02:18 0 d-------- C:\Program Files\FileZilla

2007-02-28 14:31:53 0 d-------- C:\Documents and Settings\aga\Application Data\Adobe

2007-02-27 12:11:30 0 d–h----- C:\Program Files\InstallShield Installation Information

2007-02-27 12:07:11 0 d-------- C:\Program Files\Desktop

2007-02-24 22:11:52 0 d-------- C:\Documents and Settings\aga\Application Data\Identities

2007-02-24 22:11:51 0 d-------- C:\Documents and Settings\aga\Application Data\Zylom

2007-02-24 22:09:33 0 d-------- C:\Program Files\Zylom Games

2007-02-22 17:00:56 390 --a------ C:\Program Files\Netlor StudioStyleView.sps

2007-02-07 08:24:46 0 d-------- C:\Documents and Settings\aga\Application Data\AdobeUM

2007-02-05 10:29:20 0 d-------- C:\Program Files\Google

2007-01-15 18:32:07 689280 --a------ C:\WINDOWS\system32\aswBoot.exe

2007-01-15 18:23:20 90112 --a------ C:\WINDOWS\system32\AVASTSS.scr

2007-01-13 11:18:42 26 --a------ C:\WINDOWS\WINSTART.BAT

2007-01-13 11:18:42 122 --a------ C:\WINDOWS\TMPDELIS.BAT

2007-01-13 11:18:42 123 --a------ C:\WINDOWS\TMPCPYIS.BAT

– Registry Dump ---------------------------------------------------------------

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]

“swg”=“C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe”

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]

“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe”

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]

“Installed”=“1”

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]

“NoChange”=“1”

“Installed”=“1”

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]

“Installed”=“1”

[HKEY_USERS.default\software\microsoft\windows\currentversion\run]

“ctfmon.exe”=“C:\WINDOWS\system32\CTFMON.EXE”

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]

“ctfmon.exe”=“C:\WINDOWS\system32\CTFMON.EXE”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

“SecurityProviders”=“msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll”

SafeBoot registry key needs to be repaired. This machine cannot enter Safe Mode.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]

HTTPFilter REG_MULTI_SZ HTTPFilter\0\0

LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0

NetworkService REG_MULTI_SZ DnsCache\0\0

DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0

rpcss REG_MULTI_SZ RpcSs\0\0

imgsvc REG_MULTI_SZ StiSvc\0\0

termsvcs REG_MULTI_SZ TermService\0\0

Usnsvc REG_MULTI_SZ usnsvc\0\0

– End of ComboScan: finished at 2007-03-11 at 22:36:19 ------------------------

ComboScan v20070306.20 run by aga on 2007-03-11 at 22:27:56

Supplementary logfile - please post this as an attachment with your post.


– System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0

Architecture: X86; Language: English

CPU 0: Mobile Intel® Pentium® 4 CPU 3.06GHz

CPU 1: Mobile Intel® Pentium® 4 CPU 3.06GHz

Percentage of Memory in Use: 94%

Physical Memory (total/avail): 255.34 MiB / 12.83 MiB

Pagefile Memory (total/avail): 619.44 MiB / 305.75 MiB

Virtual Memory (total/avail): 2047.88 MiB / 1987.41 MiB

C: is Fixed (NTFS) - 25.02 GiB total, 6.16 GiB free.

D: is CDROM (No Media)

– Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.

Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: Panda Titanium Antivirus 2004 v3.02.05 (Panda Software) Outdated

AV: avast! antivirus 4.7.942 [VPS 000703-1] v4.7.942 (ALWIL Software) Outdated

– Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users

APPDATA=C:\Documents and Settings\aga\Application Data

CommonProgramFiles=C:\Program Files\Common Files

COMPUTERNAME=AGA-802886359FD

ComSpec=C:\WINDOWS\system32\cmd.exe

FP_NO_HOST_CHECK=NO

HOMEDRIVE=C:

HOMEPATH=\Documents and Settings\aga

LOGONSERVER=\AGA-802886359FD

NUMBER_OF_PROCESSORS=2

OS=Windows_NT

Path=C:\Program Files\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM

PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

PROCESSOR_ARCHITECTURE=x86

PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel

PROCESSOR_LEVEL=15

PROCESSOR_REVISION=0401

ProgramFiles=C:\Program Files

PROMPT=$P$G

SESSIONNAME=Console

SystemDrive=C:

SystemRoot=C:\WINDOWS

TEMP=C:\DOCUME~1\aga\LOCALS~1\Temp

TMP=C:\DOCUME~1\aga\LOCALS~1\Temp

USERDOMAIN=AGA-802886359FD

USERNAME=aga

USERPROFILE=C:\Documents and Settings\aga

windir=C:\WINDOWS

– User Profiles ---------------------------------------------------------------

aga (admin)

– Add/Remove Programs ---------------------------------------------------------

–> C:\WINDOWS\system32\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}

–> C:\WINDOWS\system32\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}

–> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

ABBYY FineReader 4.0 Sprint --> C:\WINDOWS\bitdeins.exe C:\PROGRA~1\ABBYYF~1.0SP\bitdeins.ini

Adobe Reader 7.0.8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70800000002}

AutoCAD R14.0 - Français --> C:\WINDOWS\unin040c.exe -f"C:\Program Files\AutoCAD R14\DeIsL1.isu"

avast! Antivirus --> rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup

BCM V.92 56K Modem --> C:\WINDOWS\BCMSMU.exe quiet

BearPaw 1200CU Plus v2.0 --> C:\PROGRA~1\BEARPA~1\Driver\UNINST.EXE

C-Major Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe” -l0x15 -remove -removeonly

Canon iP4200 --> C:\WINDOWS\system32\CNMCP78.exe “-PRINTERNAMECanon iP4200” “-HELPERDLLC:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Inst2\cnmis.dll” “-RCDLLcnmi0415.dll”

Canon Setup Utility 2.0 --> “C:\Program Files\Canon\Canon Setup Utility 2.0\Maint.exe” /Uninstall C:\Program Files\Canon\Canon Setup Utility 2.0\uninst.ini

Canon Utilities Easy-PhotoPrint --> C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini

Canon Utilities Easy-PrintToolBox --> C:\WINDOWS\BJPSUNST.EXE

CCleaner (remove only) --> “C:\Program Files\CCleaner\uninst.exe”

CD-LabelPrint --> “C:\Program Files\Canon\CD-LabelPrint\Uninstal.exe” Canon.CDLabelPrint.Application

Desktop --> MsiExec.exe /I{CDEBF9E7-BCEB-43A7-986C-E66377C28ABC}

DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER

eMule --> “C:\Program Files\eMule\Uninstall.exe”

Francuski w pigułce 2.0 --> “C:\Program Files\Edgard Multimedia\Francuski w pigulce 2.0\unins000.exe”

Gadu-Gadu 7.1 --> C:\Program Files\Gadu-Gadu\Setup.exe

J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}

Mała Księgowość Rzeczpospolitej --> “C:\Program Files\Rzeczpospolita - Mała Księgowość\Odinstaluj.exe”

Macromedia Dreamweaver MX 2004 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}\Setup.exe” -l0x9 mmUninstall

Macromedia Extension Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{A5BA14E0-7384-11D4-BAE7-00409631A2C8}\setup.exe” -l0x9 mmUninstall

Microsoft Office 2000 Premium --> MsiExec.exe /I{00000415-78E1-11D2-B60F-006097C998E7}

Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}

MP3 Player Utilities --> MsiExec.exe /I{5BBFB0E4-2250-49C3-A8A3-65BE2197D13B}

Netlor Studio v3.15 --> MsiExec.exe /I{D2A697CF-4C7C-40BD-AF14-4877D279CFE8}

Niezbędnik CD --> C:\WINDOWS\unins000.exe

Nokia Connectivity Cable Driver --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{3C1599DA-9ED9-4090-930F-B8BC4D99D6B0} /l1036

Nokia PC Suite --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{FBD6A335-7E02-43B0-AF58-1B472F9BD3E1} /l1036

PowerDVD 5.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe” -uninstall

PS2 EyeToy SLEH-00030 Webcam --> C:\WINDOWS\CleanDev.exe C:\WINDOWS\ov519.TXT

Skype 2.5 --> “C:\Program Files\Skype\Phone\unins000.exe”

Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}

Sonic RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}

Spybot - Search & Destroy 1.4 --> “C:\Program Files\Spybot - Search & Destroy\unins000.exe”

Tlen.pl --> “C:\Program Files\Tlen.pl\uninstall.exe”

Winamp (remove only) --> “C:\Program Files\Winamp\UninstWA.exe”

Windows Live Messenger --> MsiExec.exe /I{6AE93735-08F7-4549-95A3-0C6ED0B2AB7E}

WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe

WordPerfect Office 12 --> MsiExec.exe /I{AF19F291-F22F-4798-9662-525305AE9E48}

XGI Volari-XP5 Display Driver --> XGIUnist.exe /uninst

Zylom Games Player Plugin --> “C:\Program Files\Zylom Games\UninstallPlugin.exe” --uninstall

– End of ComboScan: finished at 2007-03-11 at 22:36:19 ------------------------

Przyczyną Twojego problemu jest rootkit Bagle:

Combo dodatkowo pokazał plik:

Pobierz Gmer’a.

Teraz czynności będziesz wykonywał w Gmerze więc uruchom go, poczekaj chwilkę, kliknij na zakładkę >>> w celu otworzenia pozostałych.

  • W zakładce Procesy kliknij Gmer awaryjny. Komputer się zrestartuje i zostanie samo okienko Gmer’a.

  • W zakładce Usługi usuń z prawokliku usługę m_hook

  • W zakładce Procesy kliknij Pliki i usuń:

Zrestartuj komputer przyciskiem na obudowie.

Usuń kosmetycznie wpisy HJT.

Po wykonaniu pokaż nowy log z Combo plus dwa logi z Gmer’a wykonane przy takich ustawieniach:

  1. Zakładka Rootkit >>> zaznaczone wszystko oprócz Pokazuj wszystko >>> kliknij Szukaj >>> czekaj cierpliwie aż skończy >>> Kopiuj >>> wklej do posta

  2. Zakładka Rootkit >>> zaznaczone tylko Usługi i Pokazuj wszystko >>> kliknij Szukaj >>> czekaj cierpliwie aż skończy >>> Kopiuj >>> wklej do posta

Jeśli wszystkie logi nie zmieszczą się bezpośrednio do posta, to umieść je w jakimś serwisie hostingowym jako pliki *.txt, a tu tylko zlinkuj.

http://forum.dobreprogramy.pl/viewtopic.php?t=96929

Zajrzyj TUTAJ.

zrobiłam wszystko do miejsca zrestartuj komputer. przy usuwaniu C:\Documents and Settings\aga\Application Data\hidires\m_hook.sys w folderze hidires zostało: hidr.exe - usunąć??

i drugie pytanie dotyczy :

F2 - REG:system.ini: Shell=explorer.exe

O2 - BHO: (no name) - {56F1D444-11BF-4879-A12B-79CF0177F038} - (no file)

usuń kosmetycznie wpisy HJT - co znaczy kosmetycznie i gdzie mam znaleźć te pliki?

Masz wejść do katalogu C:\Documents and Settings\aga\Application Data\hidires i usunąć bezwzględnie wszystkie pliki znajdujące się w nim, a następnie cofnąć się do C:\Documents and Settings\aga\Application Data i usunąć folder hidires.

Co do kasowania wpisów w HijackThis - masz zrobić tylko tak:

Uruchamiasz HijackThis => klikasz Do a system scan only => pokaże się lista wpisów => stawiasz ptaszek przy wpisach:

=> klikasz Fix checked i potwierdzasz usunięcie.

wklejam GMER a zaraz zrobie combo… i dodam

GMER 1.0.12.12086 - http://www.gmer.net

Rootkit scan 2007-03-12 19:18:47

Windows 5.1.2600 Service Pack 2

---- Devices - GMER 1.0.12 ----

Device \Driver\prodrv06 \Device\ProDrv06 IRP_MJ_CREATE E18F5008

Device \Driver\prodrv06 \Device\ProDrv06 IRP_MJ_CLOSE E18F5008

Device \Driver\prodrv06 \Device\ProDrv06 IRP_MJ_DEVICE_CONTROL E18F5008

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_INTERNAL_DEVICE_CONTROL [F9D71661] prosync1.sys

Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL [F9D71661] prosync1.sys

Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL [F9D71661] prosync1.sys

Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_INTERNAL_DEVICE_CONTROL [F9D71661] prosync1.sys

Device \Driver\prohlp02 \Device\ProHlp02 IRP_MJ_CREATE E162BC30

Device \Driver\prohlp02 \Device\ProHlp02 IRP_MJ_CLOSE E162BC30

Device \Driver\prohlp02 \Device\ProHlp02 IRP_MJ_DEVICE_CONTROL E162BC30

Device \FileSystem\Fastfat \Fat IRP_MJ_CREATE EC286C8A

Device \FileSystem\Fastfat \Fat IRP_MJ_CLOSE EC2837C8

Device \FileSystem\Fastfat \Fat IRP_MJ_READ EC27F60A

Device \FileSystem\Fastfat \Fat IRP_MJ_WRITE EC27FAED

Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION EC28A958

Device \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION EC28D821

Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA EC29638A

Device \FileSystem\Fastfat \Fat IRP_MJ_SET_EA EC295D49

Device \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS EC28FBBE

Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION EC290331

Device \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION EC29E4F4

Device \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL EC286B37

Device \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL EC282948

Device \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL EC28C46B

Device \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN EC29D79D

Device \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL EC29CC4A

Device \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP EC2832FD

Device \FileSystem\Fastfat \Fat IRP_MJ_PNP EC29D1DB

Device \FileSystem\Fastfat \Fat FastIoCheckIfPossible EC2981F9

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer IRP_MJ_FILE_SYSTEM_CONTROL [ECC9E6B0] tfsnifs.sys

Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer IRP_MJ_FILE_SYSTEM_CONTROL [ECC9E6B0] tfsnifs.sys

Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer IRP_MJ_FILE_SYSTEM_CONTROL [ECC9E6B0] tfsnifs.sys

Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer IRP_MJ_FILE_SYSTEM_CONTROL [ECC9E6B0] tfsnifs.sys

Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer IRP_MJ_FILE_SYSTEM_CONTROL [ECC9E6B0] tfsnifs.sys

Device \FileSystem\Cdfs \Cdfs IRP_MJ_FILE_SYSTEM_CONTROL [ECC9E84C] tfsnifs.sys

---- EOF - GMER 1.0.12 ----

GMER 1.0.12.12086 - http://www.gmer.net

Rootkit scan 2007-03-12 19:20:33

Windows 5.1.2600 Service Pack 2

---- Services - GMER 1.0.12 ----

Service [DISABLED] Aavmker4

Service [DISABLED] Abiosdsk

Service [DISABLED] abp480n5

Service C:\WINDOWS\system32\DRIVERS\ACPI.sys [bOOT] ACPI

Service [DISABLED] ACPIEC

Service [DISABLED] adpu160m

Service C:\WINDOWS\system32\drivers\aec.sys [MANUAL] aec

Service C:\WINDOWS\system32\DRIVERS\AegisP.sys [AUTO] AegisP

Service C:\WINDOWS\System32\drivers\afd.sys [sYSTEM] AFD

Service C:\WINDOWS\system32\DRIVERS\agp440.sys [bOOT] agp440

Service [DISABLED] Aha154x

Service [DISABLED] aic78u2

Service [DISABLED] aic78xx

Service C:\WINDOWS\system32\svchost.exe [DISABLED] Alerter

Service C:\WINDOWS\System32\alg.exe [MANUAL] ALG

Service [DISABLED] AliIde

Service [DISABLED] amsint

Service C:\WINDOWS\system32\svchost.exe [MANUAL] AppMgmt

Service C:\WINDOWS\system32\DRIVERS\arp1394.sys [MANUAL] Arp1394

Service [DISABLED] asc

Service [DISABLED] asc3350p

Service [DISABLED] asc3550

Service [DISABLED] aswMon2

Service [DISABLED] aswRdr

Service [DISABLED] aswTdi

Service C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [DISABLED] aswUpdSv

Service C:\WINDOWS\system32\DRIVERS\asyncmac.sys [MANUAL] AsyncMac

Service C:\WINDOWS\system32\DRIVERS\atapi.sys [bOOT] atapi

Service [DISABLED] Atdisk

Service C:\WINDOWS\system32\DRIVERS\atmarpc.sys [MANUAL] Atmarpc

Service C:\WINDOWS\System32\svchost.exe [AUTO] AudioSrv

Service C:\WINDOWS\system32\DRIVERS\audstub.sys [MANUAL] audstub

Service C:\Program Files\Alwil Software\Avast4\ashServ.exe [DISABLED] avast! Antivirus

Service C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [DISABLED] avast! Mail Scanner

Service C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [DISABLED] avast! Web Scanner

Service Avg7Alrt

Service Avg7Core

Service Avg7RsW

Service Avg7RsXP

Service Avg7UpdSvc

Service AvgClean

Service AVGEMS

Service AvgTdi

Service BattC

Service C:\WINDOWS\system32\DRIVERS\BCMSM.sys [MANUAL] BCMModem

Service [sYSTEM] Beep

Service C:\WINDOWS\system32\svchost.exe [AUTO] BITS

Service C:\WINDOWS\system32\svchost.exe [AUTO] Browser

Service [DISABLED] cbidf2k

Service C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [MANUAL] CCDECODE

Service [DISABLED] cd20xrnt

Service [sYSTEM] Cdaudio

Service [DISABLED] Cdfs

Service C:\WINDOWS\system32\DRIVERS\cdrom.sys [sYSTEM] Cdrom

Service [sYSTEM] Changer

Service C:\WINDOWS\system32\cisvc.exe [MANUAL] CiSvc

Service C:\WINDOWS\system32\clipsrv.exe [DISABLED] ClipSrv

Service C:\WINDOWS\system32\DRIVERS\CmBatt.sys [MANUAL] CmBatt

Service [DISABLED] CmdIde

Service C:\WINDOWS\system32\DRIVERS\compbatt.sys [bOOT] Compbatt

Service C:\WINDOWS\system32\dllhost.exe [MANUAL] COMSysApp

Service ContentFilter

Service ContentIndex

Service [DISABLED] Cpqarray

Service C:\WINDOWS\system32\svchost.exe [AUTO] CryptSvc

Service [DISABLED] dac2w2k

Service [DISABLED] dac960nt

Service C:\WINDOWS\system32\svchost.exe [AUTO] DcomLaunch

Service C:\WINDOWS\system32\svchost.exe [AUTO] Dhcp

Service C:\WINDOWS\system32\DRIVERS\disk.sys [bOOT] Disk

Service C:\WINDOWS\System32\dmadmin.exe [MANUAL] dmadmin

Service C:\WINDOWS\System32\drivers\dmboot.sys [DISABLED] dmboot

Service [DISABLED] dmio

Service [DISABLED] dmload

Service C:\WINDOWS\System32\svchost.exe [MANUAL] dmserver

Service C:\WINDOWS\system32\drivers\DMusic.sys [MANUAL] DMusic

Service C:\WINDOWS\system32\svchost.exe [AUTO] Dnscache

Service [DISABLED] dpti2o

Service C:\WINDOWS\system32\drivers\drmkaud.sys [MANUAL] drmkaud

Service C:\WINDOWS\system32\drivers\drvmcdb.sys [bOOT] drvmcdb

Service drvncdb

Service C:\WINDOWS\system32\drivers\drvnddm.sys [AUTO] drvnddm

Service C:\WINDOWS\System32\svchost.exe [AUTO] ERSvc

Service C:\WINDOWS\system32\services.exe [AUTO] Eventlog

Service C:\WINDOWS\system32\svchost.exe [MANUAL] EventSystem

Service [DISABLED] Fastfat

Service C:\WINDOWS\System32\svchost.exe [MANUAL] FastUserSwitchingCompatibility

Service [sYSTEM] Fdc

Service [sYSTEM] Fips

Service [sYSTEM] Flpydisk

Service C:\WINDOWS\system32\DRIVERS\fltMgr.sys [bOOT] FltMgr

Service [sYSTEM] Fs_Rec

Service C:\WINDOWS\system32\DRIVERS\ftdisk.sys [bOOT] Ftdisk

Service C:\WINDOWS\System32\DRIVERS\gmer.sys [MANUAL] gmer

Service C:\WINDOWS\system32\DRIVERS\msgpc.sys [MANUAL] Gpc

Service C:\WINDOWS\System32\Drivers\gt680x.sys [MANUAL] GT680x

Service C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [MANUAL] gusvc

Service C:\WINDOWS\System32\svchost.exe [AUTO] helpsvc

Service C:\WINDOWS\System32\svchost.exe [DISABLED] HidServ

Service C:\WINDOWS\system32\DRIVERS\hidusb.sys [MANUAL] HidUsb

Service [DISABLED] hpn

Service C:\WINDOWS\System32\Drivers\HTTP.sys [MANUAL] HTTP

Service C:\WINDOWS\System32\svchost.exe [MANUAL] HTTPFilter

Service [sYSTEM] i2omgmt

Service [DISABLED] i2omp

Service C:\WINDOWS\system32\DRIVERS\i8042prt.sys [sYSTEM] i8042prt

Service C:\WINDOWS\system32\DRIVERS\imapi.sys [sYSTEM] Imapi

Service C:\WINDOWS\system32\imapi.exe [MANUAL] ImapiService

Service inetaccs

Service [DISABLED] ini910u

Service Inport

Service C:\WINDOWS\system32\DRIVERS\intelide.sys [bOOT] IntelIde

Service C:\WINDOWS\system32\DRIVERS\intelppm.sys [sYSTEM] intelppm

Service C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys [DISABLED] Ip6Fw

Service C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys [MANUAL] IpFilterDriver

Service C:\WINDOWS\system32\DRIVERS\ipinip.sys [MANUAL] IpInIp

Service C:\WINDOWS\system32\DRIVERS\ipnat.sys [MANUAL] IpNat

Service C:\WINDOWS\system32\DRIVERS\ipsec.sys [sYSTEM] IPSec

Service C:\WINDOWS\system32\DRIVERS\irenum.sys [MANUAL] IRENUM

Service ISAPISearch

Service C:\WINDOWS\system32\DRIVERS\isapnp.sys [bOOT] isapnp

Service C:\WINDOWS\system32\DRIVERS\kbdclass.sys [sYSTEM] Kbdclass

Service C:\WINDOWS\system32\drivers\kmixer.sys [MANUAL] kmixer

Service [bOOT] KSecDD

Service C:\WINDOWS\system32\svchost.exe [AUTO] lanmanserver

Service C:\WINDOWS\system32\svchost.exe [AUTO] lanmanworkstation

Service [sYSTEM] lbrtfdc

Service ldap

Service LicenseService

Service C:\WINDOWS\system32\svchost.exe [AUTO] LmHosts

Service C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [MANUAL] Macromedia Licensing Service

Service C:\WINDOWS\system32\svchost.exe [DISABLED] Messenger

Service [sYSTEM] mnmdd

Service C:\WINDOWS\system32\mnmsrvc.exe [MANUAL] mnmsrvc

Service [MANUAL] Modem

Service C:\WINDOWS\system32\DRIVERS\mouclass.sys [sYSTEM] Mouclass

Service [bOOT] MountMgr

Service [DISABLED] mraid35x

Service C:\WINDOWS\system32\DRIVERS\mrxdav.sys [MANUAL] MRxDAV

Service C:\WINDOWS\system32\DRIVERS\mrxsmb.sys [sYSTEM] MRxSmb

Service C:\WINDOWS\system32\msdtc.exe [MANUAL] MSDTC

Service [sYSTEM] Msfs

Service C:\WINDOWS\system32\msiexec.exe [MANUAL] MSIServer

Service C:\WINDOWS\system32\drivers\MSKSSRV.sys [MANUAL] MSKSSRV

Service C:\WINDOWS\system32\drivers\MSPCLOCK.sys [MANUAL] MSPCLOCK

Service C:\WINDOWS\system32\drivers\MSPQM.sys [MANUAL] MSPQM

Service C:\WINDOWS\system32\DRIVERS\mssmbios.sys [MANUAL] mssmbios

Service C:\WINDOWS\system32\drivers\MSTEE.sys [MANUAL] MSTEE

Service [bOOT] Mup

Service C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [MANUAL] NABTSFEC

Service [bOOT] NDIS

Service C:\WINDOWS\system32\DRIVERS\NdisIP.sys [MANUAL] NdisIP

Service C:\WINDOWS\system32\DRIVERS\ndistapi.sys [MANUAL] NdisTapi

Service C:\WINDOWS\system32\DRIVERS\ndisuio.sys [DISABLED] Ndisuio

Service C:\WINDOWS\system32\DRIVERS\ndiswan.sys [MANUAL] NdisWan

Service [MANUAL] NDProxy

Service C:\WINDOWS\system32\DRIVERS\netbios.sys [sYSTEM] NetBIOS

Service C:\WINDOWS\system32\DRIVERS\netbt.sys [sYSTEM] NetBT

Service C:\WINDOWS\system32\netdde.exe [DISABLED] NetDDE

Service C:\WINDOWS\system32\netdde.exe [DISABLED] NetDDEdsdm

Service C:\WINDOWS\system32\lsass.exe [MANUAL] Netlogon

Service C:\WINDOWS\System32\svchost.exe [MANUAL] Netman

Service C:\WINDOWS\system32\DRIVERS\nic1394.sys [MANUAL] NIC1394

Service C:\WINDOWS\system32\svchost.exe [MANUAL] Nla

Service C:\WINDOWS\system32\drivers\nmwcdc.sys [MANUAL] Nokia USB Generic

Service C:\WINDOWS\system32\drivers\nmwcdcm.sys [MANUAL] Nokia USB Modem

Service C:\WINDOWS\system32\drivers\nmwcd.sys [MANUAL] Nokia USB Phone Parent

Service C:\WINDOWS\system32\drivers\nmwcdcj.sys [MANUAL] Nokia USB Port

Service [sYSTEM] Npfs

Service [DISABLED] Ntfs

Service C:\WINDOWS\system32\lsass.exe [MANUAL] NtLmSsp

Service C:\WINDOWS\system32\svchost.exe [MANUAL] NtmsSvc

Service [sYSTEM] Null

Service C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys [MANUAL] NwlnkFlt

Service C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys [MANUAL] NwlnkFwd

Service C:\WINDOWS\system32\DRIVERS\ohci1394.sys [bOOT] ohci1394

Service C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [MANUAL] ose

Service C:\WINDOWS\System32\Drivers\ov519vid.sys [MANUAL] ovt519

Service [MANUAL] Parport

Service [bOOT] PartMgr

Service [AUTO] ParVdm

Service C:\WINDOWS\system32\DRIVERS\pci.sys [bOOT] PCI

Service [sYSTEM] PCIDump

Service [bOOT] PCIIde

Service C:\WINDOWS\system32\DRIVERS\pcmcia.sys [bOOT] Pcmcia

Service [MANUAL] PDCOMP

Service [MANUAL] PDFRAME

Service [MANUAL] PDRELI

Service [MANUAL] PDRFRAME

Service [DISABLED] perc2

Service [DISABLED] perc2hib

Service PerfDisk

Service PerfNet

Service PerfOS

Service PerfProc

Service C:\WINDOWS\system32\services.exe [AUTO] PlugPlay

Service C:\WINDOWS\system32\lsass.exe [AUTO] PolicyAgent

Service C:\WINDOWS\system32\DRIVERS\raspptp.sys [MANUAL] PptpMiniport

Service C:\WINDOWS\System32\drivers\prodrv06.sys [sYSTEM] prodrv06

Service C:\WINDOWS\System32\drivers\prohlp02.sys [bOOT] prohlp02

Service C:\WINDOWS\System32\drivers\prosync1.sys [bOOT] prosync1

Service C:\WINDOWS\system32\lsass.exe [AUTO] ProtectedStorage

Service C:\WINDOWS\system32\DRIVERS\psched.sys [MANUAL] PSched

Service C:\WINDOWS\system32\DRIVERS\ptilink.sys [MANUAL] Ptilink

Service C:\WINDOWS\System32\Drivers\PxHelp20.sys [bOOT] PxHelp20

Service [DISABLED] ql1080

Service [DISABLED] Ql10wnt

Service [DISABLED] ql12160

Service [DISABLED] ql1240

Service [DISABLED] ql1280

Service C:\WINDOWS\system32\DRIVERS\rasacd.sys [sYSTEM] RasAcd

Service C:\WINDOWS\system32\svchost.exe [MANUAL] RasAuto

Service C:\WINDOWS\system32\DRIVERS\rasl2tp.sys [MANUAL] Rasl2tp

Service C:\WINDOWS\system32\svchost.exe [MANUAL] RasMan

Service C:\WINDOWS\system32\DRIVERS\raspppoe.sys [MANUAL] RasPppoe

Service C:\WINDOWS\system32\DRIVERS\raspti.sys [MANUAL] Raspti

Service C:\WINDOWS\system32\DRIVERS\rdbss.sys [sYSTEM] Rdbss

Service C:\WINDOWS\System32\DRIVERS\RDPCDD.sys [sYSTEM] RDPCDD

Service RDPDD

Service RDPNP

Service [MANUAL] RDPWD

Service C:\WINDOWS\system32\sessmgr.exe [MANUAL] RDSessMgr

Service C:\WINDOWS\system32\DRIVERS\redbook.sys [sYSTEM] redbook

Service C:\WINDOWS\system32\svchost.exe [DISABLED] RemoteAccess

Service C:\WINDOWS\system32\locator.exe [MANUAL] RpcLocator

Service C:\WINDOWS\system32\svchost.exe [AUTO] RpcSs

Service C:\WINDOWS\system32\rsvp.exe [MANUAL] RSVP

Service C:\WINDOWS\system32\lsass.exe [AUTO] SamSs

Service C:\WINDOWS\System32\SCardSvr.exe [AUTO] SCardSvr

Service C:\WINDOWS\System32\svchost.exe [AUTO] Schedule

Service C:\WINDOWS\system32\DRIVERS\secdrv.sys [MANUAL] Secdrv

Service C:\WINDOWS\System32\svchost.exe [AUTO] seclogon

Service C:\WINDOWS\system32\DRIVERS\semwl5.sys [MANUAL] SEM43XX

Service SEMLogon

Service C:\WINDOWS\system32\DRIVERS\GCXX.sys [MANUAL] SEMWModem

Service C:\WINDOWS\system32\DRIVERS\GCXXNet.sys [MANUAL] SEMWWNIC

Service C:\WINDOWS\system32\svchost.exe [AUTO] SENS

Service C:\WINDOWS\System32\Drivers\SENTINEL.SYS [AUTO] Sentinel

Service [AUTO] Serial

Service C:\WINDOWS\System32\setrysvc.exe [AUTO] setrysvc

Service C:\WINDOWS\System32\drivers\sfhlp01.sys [bOOT] sfhlp01

Service [sYSTEM] Sfloppy

Service C:\WINDOWS\system32\svchost.exe [DISABLED] SharedAccess

Service C:\WINDOWS\System32\svchost.exe [AUTO] ShellHWDetection

Service [DISABLED] Simbad

Service C:\WINDOWS\system32\DRIVERS\SLIP.sys [MANUAL] SLIP

Service C:\WINDOWS\system32\DRIVERS\GCXXSC.sys [MANUAL] Sony_EricssonWWSC

Service [DISABLED] Sparrow

Service C:\WINDOWS\system32\drivers\splitter.sys [MANUAL] splitter

Service C:\WINDOWS\system32\spoolsv.exe [AUTO] Spooler

Service C:\WINDOWS\system32\DRIVERS\sr.sys [bOOT] sr

Service C:\WINDOWS\system32\svchost.exe [AUTO] srservice

Service C:\WINDOWS\system32\DRIVERS\srv.sys [MANUAL] Srv

Service C:\WINDOWS\system32\drivers\sscdbhk5.sys [sYSTEM] sscdbhk5

Service C:\WINDOWS\system32\svchost.exe [MANUAL] SSDPSRV

Service C:\WINDOWS\system32\drivers\ssrtln.sys [sYSTEM] ssrtln

Service C:\WINDOWS\system32\drivers\stac97.sys [MANUAL] STAC97

Service C:\WINDOWS\system32\svchost.exe [AUTO] stisvc

Service C:\WINDOWS\system32\DRIVERS\StreamIP.sys [MANUAL] streamip

Service C:\WINDOWS\system32\DRIVERS\swenum.sys [MANUAL] swenum

Service C:\WINDOWS\system32\drivers\swmidi.sys [MANUAL] swmidi

Service C:\WINDOWS\system32\dllhost.exe [MANUAL] SwPrv

Service [DISABLED] symc810

Service [DISABLED] symc8xx

Service [DISABLED] sym_hi

Service [DISABLED] sym_u3

Service C:\WINDOWS\system32\drivers\sysaudio.sys [MANUAL] sysaudio

Service C:\WINDOWS\system32\smlogsvc.exe [MANUAL] SysmonLog

Service C:\WINDOWS\System32\svchost.exe [MANUAL] TapiSrv

Service C:\WINDOWS\system32\DRIVERS\tcpip.sys [sYSTEM] Tcpip

Service [MANUAL] TDPIPE

Service [MANUAL] TDTCP

Service C:\WINDOWS\system32\DRIVERS\termdd.sys [sYSTEM] TermDD

Service C:\WINDOWS\System32\svchost.exe [MANUAL] TermService

Service C:\WINDOWS\system32\dla\tfsnboio.sys [AUTO] tfsnboio

Service C:\WINDOWS\system32\dla\tfsncofs.sys [AUTO] tfsncofs

Service C:\WINDOWS\system32\dla\tfsndrct.sys [AUTO] tfsndrct

Service C:\WINDOWS\system32\dla\tfsndres.sys [AUTO] tfsndres

Service C:\WINDOWS\system32\dla\tfsnifs.sys [AUTO] tfsnifs

Service C:\WINDOWS\system32\dla\tfsnopio.sys [AUTO] tfsnopio

Service C:\WINDOWS\system32\dla\tfsnpool.sys [AUTO] tfsnpool

Service C:\WINDOWS\system32\dla\tfsnudf.sys [AUTO] tfsnudf

Service C:\WINDOWS\system32\dla\tfsnudfa.sys [AUTO] tfsnudfa

Service C:\WINDOWS\System32\svchost.exe [AUTO] Themes

Service C:\WINDOWS\system32\drivers\tmcomm.sys [AUTO] tmcomm

Service [DISABLED] TosIde

Service C:\WINDOWS\system32\svchost.exe [AUTO] TrkWks

Service TSDDD

Service [DISABLED] Udfs

Service [DISABLED] ultra

Service C:\WINDOWS\system32\wdfmgr.exe [MANUAL] UMWdf

Service C:\WINDOWS\system32\DRIVERS\update.sys [MANUAL] Update

Service C:\WINDOWS\system32\svchost.exe [MANUAL] upnphost

Service C:\WINDOWS\System32\ups.exe [MANUAL] UPS

Service C:\WINDOWS\system32\drivers\usbaudio.sys [MANUAL] usbaudio

Service C:\WINDOWS\system32\DRIVERS\usbccgp.sys [MANUAL] usbccgp

Service C:\WINDOWS\system32\DRIVERS\usbehci.sys [MANUAL] usbehci

Service C:\WINDOWS\system32\DRIVERS\usbhub.sys [MANUAL] usbhub

Service C:\WINDOWS\system32\DRIVERS\usbprint.sys [MANUAL] usbprint

Service C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [MANUAL] USBSTOR

Service C:\WINDOWS\system32\DRIVERS\usbuhci.sys [MANUAL] usbuhci

Service C:\WINDOWS\system32\DRIVERS\usb8023.sys [MANUAL] USB_RNDIS

Service C:\WINDOWS\system32\svchost.exe [MANUAL] usnsvc

Service C:\WINDOWS\System32\drivers\vga.sys [sYSTEM] VgaSave

Service [DISABLED] ViaIde

Service [bOOT] VolSnap

Service C:\WINDOWS\System32\vssvc.exe [MANUAL] VSS

Service C:\WINDOWS\System32\svchost.exe [AUTO] W32Time

Service C:\WINDOWS\system32\DRIVERS\wanarp.sys [MANUAL] Wanarp

Service [MANUAL] WDICA

Service C:\WINDOWS\system32\drivers\wdmaud.sys [MANUAL] wdmaud

Service C:\WINDOWS\system32\svchost.exe [AUTO] WebClient

Service C:\WINDOWS\system32\svchost.exe [AUTO] winmgmt

Service [MANUAL] Winsock

Service [MANUAL] Winsock - Google Desktop Search Backup Before First Install

Service [MANUAL] Winsock - Google Desktop Search Backup Before Last Install

Service WinSock2

Service Winsock2 - Google Desktop Search Backup Before First Install

Service Winsock2 - Google Desktop Search Backup Before Last Install

Service WinTrust

Service C:\WINDOWS\System32\svchost.exe [MANUAL] WmdmPmSN

Service WmiApRpl

Service C:\WINDOWS\system32\wbem\wmiapsrv.exe [MANUAL] WmiApSrv

Service C:\WINDOWS\System32\drivers\ws2ifsl.sys [sYSTEM] WS2IFSL

Service C:\WINDOWS\System32\svchost.exe [DISABLED] wscsvc

Service C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [MANUAL] WSTCODEC

Service C:\WINDOWS\system32\svchost.exe [DISABLED] wuauserv

Service C:\WINDOWS\System32\svchost.exe [AUTO] WZCSVC

Service C:\WINDOWS\system32\DRIVERS\Xgiv3m.sys [MANUAL] Xgiv3

Service C:\WINDOWS\System32\svchost.exe [MANUAL] xmlprov

Service {0136C7B2-1307-432C-9140-A402A61D2246}

Service {1535D03B-7E2B-4B09-9EA3-F3553D9C86C9}

Service {565CB044-A09B-4FAC-A6F2-436EE816CF54}

Service {CA478C20-5B94-4096-A29C-E8D20A98C5BF}

Service {D4714501-48E0-4ABC-9C03-3083E5957B0D}

Service {DCC9A537-E247-4694-A7E8-471ABDE7DBB9}

---- EOF - GMER 1.0.12 ----

Złączono Posta : 12.03.2007 (Pon) 19:30

wklejam GMER 1

GMER 1.0.12.12086 - http://www.gmer.net

Rootkit scan 2007-03-12 19:18:47

Windows 5.1.2600 Service Pack 2

---- Devices - GMER 1.0.12 ----

Device \Driver\prodrv06 \Device\ProDrv06 IRP_MJ_CREATE E18F5008

Device \Driver\prodrv06 \Device\ProDrv06 IRP_MJ_CLOSE E18F5008

Device \Driver\prodrv06 \Device\ProDrv06 IRP_MJ_DEVICE_CONTROL E18F5008

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_INTERNAL_DEVICE_CONTROL [F9D71661] prosync1.sys

Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL [F9D71661] prosync1.sys

Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL [F9D71661] prosync1.sys

Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_INTERNAL_DEVICE_CONTROL [F9D71661] prosync1.sys

Device \Driver\prohlp02 \Device\ProHlp02 IRP_MJ_CREATE E162BC30

Device \Driver\prohlp02 \Device\ProHlp02 IRP_MJ_CLOSE E162BC30

Device \Driver\prohlp02 \Device\ProHlp02 IRP_MJ_DEVICE_CONTROL E162BC30

Device \FileSystem\Fastfat \Fat IRP_MJ_CREATE EC286C8A

Device \FileSystem\Fastfat \Fat IRP_MJ_CLOSE EC2837C8

Device \FileSystem\Fastfat \Fat IRP_MJ_READ EC27F60A

Device \FileSystem\Fastfat \Fat IRP_MJ_WRITE EC27FAED

Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION EC28A958

Device \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION EC28D821

Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA EC29638A

Device \FileSystem\Fastfat \Fat IRP_MJ_SET_EA EC295D49

Device \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS EC28FBBE

Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION EC290331

Device \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION EC29E4F4

Device \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL EC286B37

Device \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL EC282948

Device \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL EC28C46B

Device \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN EC29D79D

Device \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL EC29CC4A

Device \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP EC2832FD

Device \FileSystem\Fastfat \Fat IRP_MJ_PNP EC29D1DB

Device \FileSystem\Fastfat \Fat FastIoCheckIfPossible EC2981F9

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer IRP_MJ_FILE_SYSTEM_CONTROL [ECC9E6B0] tfsnifs.sys

Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer IRP_MJ_FILE_SYSTEM_CONTROL [ECC9E6B0] tfsnifs.sys

Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer IRP_MJ_FILE_SYSTEM_CONTROL [ECC9E6B0] tfsnifs.sys

Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer IRP_MJ_FILE_SYSTEM_CONTROL [ECC9E6B0] tfsnifs.sys

Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer IRP_MJ_FILE_SYSTEM_CONTROL [ECC9E6B0] tfsnifs.sys

Device \FileSystem\Cdfs \Cdfs IRP_MJ_FILE_SYSTEM_CONTROL [ECC9E84C] tfsnifs.sys

---- EOF - GMER 1.0.12 ----

Złączono Posta : 12.03.2007 (Pon) 19:32

a to w częściach …

jeśli może tak b yć

GMER 1.0.12.12086 - http://www.gmer.net

Rootkit scan 2007-03-12 19:20:33

Windows 5.1.2600 Service Pack 2

---- Services - GMER 1.0.12 ----

Service [DISABLED] Aavmker4

Service [DISABLED] Abiosdsk

Service [DISABLED] abp480n5

Service C:\WINDOWS\system32\DRIVERS\ACPI.sys [bOOT] ACPI

Service [DISABLED] ACPIEC

Service [DISABLED] adpu160m

Service C:\WINDOWS\system32\drivers\aec.sys [MANUAL] aec

Service C:\WINDOWS\system32\DRIVERS\AegisP.sys [AUTO] AegisP

Service C:\WINDOWS\System32\drivers\afd.sys [sYSTEM] AFD

Service C:\WINDOWS\system32\DRIVERS\agp440.sys [bOOT] agp440

Service [DISABLED] Aha154x

Service [DISABLED] aic78u2

Service [DISABLED] aic78xx

Service C:\WINDOWS\system32\svchost.exe [DISABLED] Alerter

Service C:\WINDOWS\System32\alg.exe [MANUAL] ALG

Service [DISABLED] AliIde

Service [DISABLED] amsint

Service C:\WINDOWS\system32\svchost.exe [MANUAL] AppMgmt

Service C:\WINDOWS\system32\DRIVERS\arp1394.sys [MANUAL] Arp1394

Service [DISABLED] asc

Service [DISABLED] asc3350p

Service [DISABLED] asc3550

Service [DISABLED] aswMon2

Service [DISABLED] aswRdr

Service [DISABLED] aswTdi

Service C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [DISABLED] aswUpdSv

Service C:\WINDOWS\system32\DRIVERS\asyncmac.sys [MANUAL] AsyncMac

Service C:\WINDOWS\system32\DRIVERS\atapi.sys [bOOT] atapi

Service [DISABLED] Atdisk

Service C:\WINDOWS\system32\DRIVERS\atmarpc.sys [MANUAL] Atmarpc

Service C:\WINDOWS\System32\svchost.exe [AUTO] AudioSrv

Service C:\WINDOWS\system32\DRIVERS\audstub.sys [MANUAL] audstub

Service C:\Program Files\Alwil Software\Avast4\ashServ.exe [DISABLED] avast! Antivirus

Service C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [DISABLED] avast! Mail Scanner

Service C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [DISABLED] avast! Web Scanner

Service Avg7Alrt

Service Avg7Core

Service Avg7RsW

Service Avg7RsXP

Service Avg7UpdSvc

Service AvgClean

Service AVGEMS

Service AvgTdi

Service BattC

Service C:\WINDOWS\system32\DRIVERS\BCMSM.sys [MANUAL] BCMModem

Service [sYSTEM] Beep

Service C:\WINDOWS\system32\svchost.exe [AUTO] BITS

Service C:\WINDOWS\system32\svchost.exe [AUTO] Browser

Service [DISABLED] cbidf2k

Service C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [MANUAL] CCDECODE

Service [DISABLED] cd20xrnt

Service [sYSTEM] Cdaudio

Service [DISABLED] Cdfs

Service C:\WINDOWS\system32\DRIVERS\cdrom.sys [sYSTEM] Cdrom

Service [sYSTEM] Changer

Service C:\WINDOWS\system32\cisvc.exe [MANUAL] CiSvc

Service C:\WINDOWS\system32\clipsrv.exe [DISABLED] ClipSrv

Service C:\WINDOWS\system32\DRIVERS\CmBatt.sys [MANUAL] CmBatt

Service [DISABLED] CmdIde

Service C:\WINDOWS\system32\DRIVERS\compbatt.sys [bOOT] Compbatt

Service C:\WINDOWS\system32\dllhost.exe [MANUAL] COMSysApp

Service ContentFilter

Service ContentIndex

Service [DISABLED] Cpqarray

Service C:\WINDOWS\system32\svchost.exe [AUTO] CryptSvc

Service [DISABLED] dac2w2k

Service [DISABLED] dac960nt

Service C:\WINDOWS\system32\svchost.exe [AUTO] DcomLaunch

Service C:\WINDOWS\system32\svchost.exe [AUTO] Dhcp

Service C:\WINDOWS\system32\DRIVERS\disk.sys [bOOT] Disk

Service C:\WINDOWS\System32\dmadmin.exe [MANUAL] dmadmin

Service C:\WINDOWS\System32\drivers\dmboot.sys [DISABLED] dmboot

Service [DISABLED] dmio

Service [DISABLED] dmload

Service C:\WINDOWS\System32\svchost.exe [MANUAL] dmserver

Service C:\WINDOWS\system32\drivers\DMusic.sys [MANUAL] DMusic

Service C:\WINDOWS\system32\svchost.exe [AUTO] Dnscache

Service [DISABLED] dpti2o

Service C:\WINDOWS\system32\drivers\drmkaud.sys [MANUAL] drmkaud

Service C:\WINDOWS\system32\drivers\drvmcdb.sys [bOOT] drvmcdb

Service drvncdb

Service C:\WINDOWS\system32\drivers\drvnddm.sys [AUTO] drvnddm

Service C:\WINDOWS\System32\svchost.exe [AUTO] ERSvc

Service C:\WINDOWS\system32\services.exe [AUTO] Eventlog

Service C:\WINDOWS\system32\svchost.exe [MANUAL] EventSystem

Service [DISABLED] Fastfat

Service C:\WINDOWS\System32\svchost.exe [MANUAL] FastUserSwitchingCompatibility

Service [sYSTEM] Fdc

Service [sYSTEM] Fips

Service [sYSTEM] Flpydisk

Service C:\WINDOWS\system32\DRIVERS\fltMgr.sys [bOOT] FltMgr

Service [sYSTEM] Fs_Rec

Service C:\WINDOWS\system32\DRIVERS\ftdisk.sys [bOOT] Ftdisk

Service C:\WINDOWS\System32\DRIVERS\gmer.sys [MANUAL] gmer

Service C:\WINDOWS\system32\DRIVERS\msgpc.sys [MANUAL] Gpc

Service C:\WINDOWS\System32\Drivers\gt680x.sys [MANUAL] GT680x

Service C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [MANUAL] gusvc

Service C:\WINDOWS\System32\svchost.exe [AUTO] helpsvc

Service C:\WINDOWS\System32\svchost.exe [DISABLED] HidServ

Service C:\WINDOWS\system32\DRIVERS\hidusb.sys [MANUAL] HidUsb

Service [DISABLED] hpn

Service C:\WINDOWS\System32\Drivers\HTTP.sys [MANUAL] HTTP

Service C:\WINDOWS\System32\svchost.exe [MANUAL] HTTPFilter

Service [sYSTEM] i2omgmt

Service [DISABLED] i2omp

Service C:\WINDOWS\system32\DRIVERS\i8042prt.sys [sYSTEM] i8042prt

Service C:\WINDOWS\system32\DRIVERS\imapi.sys [sYSTEM] Imapi

Service C:\WINDOWS\system32\imapi.exe [MANUAL] ImapiService

Service inetaccs

Service [DISABLED] ini910u

Service Inport

Service C:\WINDOWS\system32\DRIVERS\intelide.sys [bOOT] IntelIde

Service C:\WINDOWS\system32\DRIVERS\intelppm.sys [sYSTEM] intelppm

Service C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys [DISABLED] Ip6Fw

Service C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys [MANUAL] IpFilterDriver

Service C:\WINDOWS\system32\DRIVERS\ipinip.sys [MANUAL] IpInIp

Service C:\WINDOWS\system32\DRIVERS\ipnat.sys [MANUAL] IpNat

Service C:\WINDOWS\system32\DRIVERS\ipsec.sys [sYSTEM] IPSec

Service C:\WINDOWS\system32\DRIVERS\irenum.sys [MANUAL] IRENUM

Service ISAPISearch

Service C:\WINDOWS\system32\DRIVERS\isapnp.sys [bOOT] isapnp

Service C:\WINDOWS\system32\DRIVERS\kbdclass.sys [sYSTEM] Kbdclass

Service C:\WINDOWS\system32\drivers\kmixer.sys [MANUAL] kmixer

Service [bOOT] KSecDD

Service C:\WINDOWS\system32\svchost.exe [AUTO] lanmanserver

Service C:\WINDOWS\system32\svchost.exe [AUTO] lanmanworkstation

Service [sYSTEM] lbrtfdc

Service ldap

Service LicenseService

Service C:\WINDOWS\system32\svchost.exe [AUTO] LmHosts

Service C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [MANUAL] Macromedia Licensing Service

Service C:\WINDOWS\system32\svchost.exe [DISABLED] Messenger

Service [sYSTEM] mnmdd

Service C:\WINDOWS\system32\mnmsrvc.exe [MANUAL] mnmsrvc

Service [MANUAL] Modem

Service C:\WINDOWS\system32\DRIVERS\mouclass.sys [sYSTEM] Mouclass

Service [bOOT] MountMgr

Service [DISABLED] mraid35x

Service C:\WINDOWS\system32\DRIVERS\mrxdav.sys [MANUAL] MRxDAV

Service C:\WINDOWS\system32\DRIVERS\mrxsmb.sys [sYSTEM] MRxSmb

Service C:\WINDOWS\system32\msdtc.exe [MANUAL] MSDTC

Service [sYSTEM] Msfs

Service C:\WINDOWS\system32\msiexec.exe [MANUAL] MSIServer

Service C:\WINDOWS\system32\drivers\MSKSSRV.sys [MANUAL] MSKSSRV

Service C:\WINDOWS\system32\drivers\MSPCLOCK.sys [MANUAL] MSPCLOCK

Service C:\WINDOWS\system32\drivers\MSPQM.sys [MANUAL] MSPQM

Service C:\WINDOWS\system32\DRIVERS\mssmbios.sys [MANUAL] mssmbios

Service C:\WINDOWS\system32\drivers\MSTEE.sys [MANUAL] MSTEE

Service [bOOT] Mup

Service C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [MANUAL] NABTSFEC

Service [bOOT] NDIS

Service C:\WINDOWS\system32\DRIVERS\NdisIP.sys [MANUAL] NdisIP

Service C:\WINDOWS\system32\DRIVERS\ndistapi.sys [MANUAL] NdisTapi

Service C:\WINDOWS\system32\DRIVERS\ndisuio.sys [DISABLED] Ndisuio

Service C:\WINDOWS\system32\DRIVERS\ndiswan.sys [MANUAL] NdisWan

Service [MANUAL] NDProxy

Service C:\WINDOWS\system32\DRIVERS\netbios.sys [sYSTEM] NetBIOS

Service C:\WINDOWS\system32\DRIVERS\netbt.sys [sYSTEM] NetBT

Service C:\WINDOWS\system32\netdde.exe [DISABLED] NetDDE

Service C:\WINDOWS\system32\netdde.exe [DISABLED] NetDDEdsdm

Złączono Posta : 12.03.2007 (Pon) 19:47

jak widac jednak nie może tak być więc idę spędzić godziny nad serwisem hostingowym, cokolwiek to znaczy…

agacosieniezna

Brak tagów,przeczytaj tematy przyklejone w tym dziale i popraw posta.JNJN

Logi z GMER’a są w porządku.

reszta z gmera

Service C:\WINDOWS\system32\lsass.exe [MANUAL] Netlogon

Service C:\WINDOWS\System32\svchost.exe [MANUAL] Netman

Service C:\WINDOWS\system32\DRIVERS\nic1394.sys [MANUAL] NIC1394

Service C:\WINDOWS\system32\svchost.exe [MANUAL] Nla

Service C:\WINDOWS\system32\drivers\nmwcdc.sys [MANUAL] Nokia USB Generic

Service C:\WINDOWS\system32\drivers\nmwcdcm.sys [MANUAL] Nokia USB Modem

Service C:\WINDOWS\system32\drivers\nmwcd.sys [MANUAL] Nokia USB Phone Parent

Service C:\WINDOWS\system32\drivers\nmwcdcj.sys [MANUAL] Nokia USB Port

Service [sYSTEM] Npfs

Service [DISABLED] Ntfs

Service C:\WINDOWS\system32\lsass.exe [MANUAL] NtLmSsp

Service C:\WINDOWS\system32\svchost.exe [MANUAL] NtmsSvc

Service [sYSTEM] Null

Service C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys [MANUAL] NwlnkFlt

Service C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys [MANUAL] NwlnkFwd

Service C:\WINDOWS\system32\DRIVERS\ohci1394.sys [bOOT] ohci1394

Service C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [MANUAL] ose

Service C:\WINDOWS\System32\Drivers\ov519vid.sys [MANUAL] ovt519

Service [MANUAL] Parport

Service [bOOT] PartMgr

Service [AUTO] ParVdm

Service C:\WINDOWS\system32\DRIVERS\pci.sys [bOOT] PCI

Service [sYSTEM] PCIDump

Service [bOOT] PCIIde

Service C:\WINDOWS\system32\DRIVERS\pcmcia.sys [bOOT] Pcmcia

Service [MANUAL] PDCOMP

Service [MANUAL] PDFRAME

Service [MANUAL] PDRELI

Service [MANUAL] PDRFRAME

Service [DISABLED] perc2

Service [DISABLED] perc2hib

Service PerfDisk

Service PerfNet

Service PerfOS

Service PerfProc

Service C:\WINDOWS\system32\services.exe [AUTO] PlugPlay

Service C:\WINDOWS\system32\lsass.exe [AUTO] PolicyAgent

Service C:\WINDOWS\system32\DRIVERS\raspptp.sys [MANUAL] PptpMiniport

Service C:\WINDOWS\System32\drivers\prodrv06.sys [sYSTEM] prodrv06

Service C:\WINDOWS\System32\drivers\prohlp02.sys [bOOT] prohlp02

Service C:\WINDOWS\System32\drivers\prosync1.sys [bOOT] prosync1

Service C:\WINDOWS\system32\lsass.exe [AUTO] ProtectedStorage

Service C:\WINDOWS\system32\DRIVERS\psched.sys [MANUAL] PSched

Service C:\WINDOWS\system32\DRIVERS\ptilink.sys [MANUAL] Ptilink

Service C:\WINDOWS\System32\Drivers\PxHelp20.sys [bOOT] PxHelp20

Service [DISABLED] ql1080

Service [DISABLED] Ql10wnt

Service [DISABLED] ql12160

Service [DISABLED] ql1240

Service [DISABLED] ql1280

Service C:\WINDOWS\system32\DRIVERS\rasacd.sys [sYSTEM] RasAcd

Service C:\WINDOWS\system32\svchost.exe [MANUAL] RasAuto

Service C:\WINDOWS\system32\DRIVERS\rasl2tp.sys [MANUAL] Rasl2tp

Service C:\WINDOWS\system32\svchost.exe [MANUAL] RasMan

Service C:\WINDOWS\system32\DRIVERS\raspppoe.sys [MANUAL] RasPppoe

Service C:\WINDOWS\system32\DRIVERS\raspti.sys [MANUAL] Raspti

Service C:\WINDOWS\system32\DRIVERS\rdbss.sys [sYSTEM] Rdbss

Service C:\WINDOWS\System32\DRIVERS\RDPCDD.sys [sYSTEM] RDPCDD

Service RDPDD

Service RDPNP

Service [MANUAL] RDPWD

Service C:\WINDOWS\system32\sessmgr.exe [MANUAL] RDSessMgr

Service C:\WINDOWS\system32\DRIVERS\redbook.sys [sYSTEM] redbook

Service C:\WINDOWS\system32\svchost.exe [DISABLED] RemoteAccess

Service C:\WINDOWS\system32\locator.exe [MANUAL] RpcLocator

Service C:\WINDOWS\system32\svchost.exe [AUTO] RpcSs

Service C:\WINDOWS\system32\rsvp.exe [MANUAL] RSVP

Service C:\WINDOWS\system32\lsass.exe [AUTO] SamSs

Service C:\WINDOWS\System32\SCardSvr.exe [AUTO] SCardSvr

Service C:\WINDOWS\System32\svchost.exe [AUTO] Schedule

Service C:\WINDOWS\system32\DRIVERS\secdrv.sys [MANUAL] Secdrv

Service C:\WINDOWS\System32\svchost.exe [AUTO] seclogon

Service C:\WINDOWS\system32\DRIVERS\semwl5.sys [MANUAL] SEM43XX

Service SEMLogon

Service C:\WINDOWS\system32\DRIVERS\GCXX.sys [MANUAL] SEMWModem

Service C:\WINDOWS\system32\DRIVERS\GCXXNet.sys [MANUAL] SEMWWNIC

Service C:\WINDOWS\system32\svchost.exe [AUTO] SENS

Service C:\WINDOWS\System32\Drivers\SENTINEL.SYS [AUTO] Sentinel

Service [AUTO] Serial

Service C:\WINDOWS\System32\setrysvc.exe [AUTO] setrysvc

Service C:\WINDOWS\System32\drivers\sfhlp01.sys [bOOT] sfhlp01

Service [sYSTEM] Sfloppy

Service C:\WINDOWS\system32\svchost.exe [DISABLED] SharedAccess

Service C:\WINDOWS\System32\svchost.exe [AUTO] ShellHWDetection

Service [DISABLED] Simbad

Service C:\WINDOWS\system32\DRIVERS\SLIP.sys [MANUAL] SLIP

Service C:\WINDOWS\system32\DRIVERS\GCXXSC.sys [MANUAL] Sony_EricssonWWSC

Service [DISABLED] Sparrow

Service C:\WINDOWS\system32\drivers\splitter.sys [MANUAL] splitter

Service C:\WINDOWS\system32\spoolsv.exe [AUTO] Spooler

Service C:\WINDOWS\system32\DRIVERS\sr.sys [bOOT] sr

Service C:\WINDOWS\system32\svchost.exe [AUTO] srservice

Service C:\WINDOWS\system32\DRIVERS\srv.sys [MANUAL] Srv

Service C:\WINDOWS\system32\drivers\sscdbhk5.sys [sYSTEM] sscdbhk5

Service C:\WINDOWS\system32\svchost.exe [MANUAL] SSDPSRV

Service C:\WINDOWS\system32\drivers\ssrtln.sys [sYSTEM] ssrtln

Service C:\WINDOWS\system32\drivers\stac97.sys [MANUAL] STAC97

Service C:\WINDOWS\system32\svchost.exe [AUTO] stisvc

Service C:\WINDOWS\system32\DRIVERS\StreamIP.sys [MANUAL] streamip

Service C:\WINDOWS\system32\DRIVERS\swenum.sys [MANUAL] swenum

Service C:\WINDOWS\system32\drivers\swmidi.sys [MANUAL] swmidi

Service C:\WINDOWS\system32\dllhost.exe [MANUAL] SwPrv

Service [DISABLED] symc810

Service [DISABLED] symc8xx

Service [DISABLED] sym_hi

Service [DISABLED] sym_u3

Service C:\WINDOWS\system32\drivers\sysaudio.sys [MANUAL] sysaudio

Service C:\WINDOWS\system32\smlogsvc.exe [MANUAL] SysmonLog

Service C:\WINDOWS\System32\svchost.exe [MANUAL] TapiSrv

Service C:\WINDOWS\system32\DRIVERS\tcpip.sys [sYSTEM] Tcpip

Service [MANUAL] TDPIPE

Service [MANUAL] TDTCP

Service C:\WINDOWS\system32\DRIVERS\termdd.sys [sYSTEM] TermDD

Service C:\WINDOWS\System32\svchost.exe [MANUAL] TermService

Service C:\WINDOWS\system32\dla\tfsnboio.sys [AUTO] tfsnboio

Service C:\WINDOWS\system32\dla\tfsncofs.sys [AUTO] tfsncofs

Service C:\WINDOWS\system32\dla\tfsndrct.sys [AUTO] tfsndrct

Service C:\WINDOWS\system32\dla\tfsndres.sys [AUTO] tfsndres

Service C:\WINDOWS\system32\dla\tfsnifs.sys [AUTO] tfsnifs

Service C:\WINDOWS\system32\dla\tfsnopio.sys [AUTO] tfsnopio

Service C:\WINDOWS\system32\dla\tfsnpool.sys [AUTO] tfsnpool

Service C:\WINDOWS\system32\dla\tfsnudf.sys [AUTO] tfsnudf

Service C:\WINDOWS\system32\dla\tfsnudfa.sys [AUTO] tfsnudfa

Service C:\WINDOWS\System32\svchost.exe [AUTO] Themes

Service C:\WINDOWS\system32\drivers\tmcomm.sys [AUTO] tmcomm

Service [DISABLED] TosIde

Service C:\WINDOWS\system32\svchost.exe [AUTO] TrkWks

Service TSDDD

Service [DISABLED] Udfs

Service [DISABLED] ultra

Service C:\WINDOWS\system32\wdfmgr.exe [MANUAL] UMWdf

Service C:\WINDOWS\system32\DRIVERS\update.sys [MANUAL] Update

Service C:\WINDOWS\system32\svchost.exe [MANUAL] upnphost

Service C:\WINDOWS\System32\ups.exe [MANUAL] UPS

Service C:\WINDOWS\system32\drivers\usbaudio.sys [MANUAL] usbaudio

Service C:\WINDOWS\system32\DRIVERS\usbccgp.sys [MANUAL] usbccgp

Service C:\WINDOWS\system32\DRIVERS\usbehci.sys [MANUAL] usbehci

Service C:\WINDOWS\system32\DRIVERS\usbhub.sys [MANUAL] usbhub

Service C:\WINDOWS\system32\DRIVERS\usbprint.sys [MANUAL] usbprint

Service C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [MANUAL] USBSTOR

Service C:\WINDOWS\system32\DRIVERS\usbuhci.sys [MANUAL] usbuhci

Service C:\WINDOWS\system32\DRIVERS\usb8023.sys [MANUAL] USB_RNDIS

Service C:\WINDOWS\system32\svchost.exe [MANUAL] usnsvc

Service C:\WINDOWS\System32\drivers\vga.sys [sYSTEM] VgaSave

Service [DISABLED] ViaIde

Service [bOOT] VolSnap

Service C:\WINDOWS\System32\vssvc.exe [MANUAL] VSS

Service C:\WINDOWS\System32\svchost.exe [AUTO] W32Time

Service C:\WINDOWS\system32\DRIVERS\wanarp.sys [MANUAL] Wanarp

Service [MANUAL] WDICA

Service C:\WINDOWS\system32\drivers\wdmaud.sys [MANUAL] wdmaud

Service C:\WINDOWS\system32\svchost.exe [AUTO] WebClient

Service C:\WINDOWS\system32\svchost.exe [AUTO] winmgmt

Service [MANUAL] Winsock

Service [MANUAL] Winsock - Google Desktop Search Backup Before First Install

Service [MANUAL] Winsock - Google Desktop Search Backup Before Last Install

Service WinSock2

Service Winsock2 - Google Desktop Search Backup Before First Install

Service Winsock2 - Google Desktop Search Backup Before Last Install

Service WinTrust

Service C:\WINDOWS\System32\svchost.exe [MANUAL] WmdmPmSN

Service WmiApRpl

Service C:\WINDOWS\system32\wbem\wmiapsrv.exe [MANUAL] WmiApSrv

Service C:\WINDOWS\System32\drivers\ws2ifsl.sys [sYSTEM] WS2IFSL

Service C:\WINDOWS\System32\svchost.exe [DISABLED] wscsvc

Service C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [MANUAL] WSTCODEC

Service C:\WINDOWS\system32\svchost.exe [DISABLED] wuauserv

Service C:\WINDOWS\System32\svchost.exe [AUTO] WZCSVC

Service C:\WINDOWS\system32\DRIVERS\Xgiv3m.sys [MANUAL] Xgiv3

Service C:\WINDOWS\System32\svchost.exe [MANUAL] xmlprov

Service {0136C7B2-1307-432C-9140-A402A61D2246}

Service {1535D03B-7E2B-4B09-9EA3-F3553D9C86C9}

Service {565CB044-A09B-4FAC-A6F2-436EE816CF54}

Service {CA478C20-5B94-4096-A29C-E8D20A98C5BF}

Service {D4714501-48E0-4ABC-9C03-3083E5957B0D}

Service {DCC9A537-E247-4694-A7E8-471ABDE7DBB9}

---- EOF - GMER 1.0.12 ----

Złączono Posta : 13.03.2007 (Wto) 21:22

ComboScan v20070306.20 run by aga on 2007-03-13 at 21:20:18

Computer is in Normal Mode.


– HijackThis (run as aga.exe) -------------------------------------------------

Logfile of HijackThis v1.99.1

Scan saved at 21:20:25, on 2007-03-13

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\setrysvc.exe

C:\WINDOWS\System32\semwltry.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ntvdm.exe

C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\aga\Local Settings\Temporary Internet Files\Content.IE5\5YEVOECU\comboscan[1].exe

C:\PROGRA~1\HIJACK~1\aga.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pajacyk.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

F3 - REG:win.ini: load=C:\YDPDict\watch.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll

O4 - HKLM…\Run: [hldrrr] C:\WINDOWS\system32\hldrrr.exe

O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU…\Run: [hldrrr] C:\WINDOWS\system32\hldrrr.exe

O4 - HKCU…\Run: [german.exe] C:\WINDOWS\system32\wintems.exe

O4 - HKCU…\Run: [drvsyskit] C:\Documents and Settings\aga\Application Data\hidires\hidr.exe

O4 - HKCU…\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005 … scan53.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: Sony Ericsson Wireless LAN Tray Service (setrysvc) - Unknown owner - C:\WINDOWS\System32\setrysvc.exe

– Files created between 2007-02-13 and 2007-03-13 -----------------------------

2007-03-12 09:39:07 385100 --a------ C:\WINDOWS\system32\MSVCRTD.DLL

2007-03-12 09:39:07 516173 --a------ C:\WINDOWS\system32\MSVCP60D.DLL

2007-03-12 09:38:58 101888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL

2007-03-12 09:38:34 0 d-------- C:\Program Files\Free Audio Pack

2007-03-11 22:44:18 80 --a------ C:\WINDOWS\gmer_uninstall.cmd

2007-03-06 16:36:58 0 d-------- C:\WINDOWS\pss

2007-03-03 12:35:39 0 d-------- C:\WINDOWS\report

2007-03-03 12:34:03 0 d-------- C:\WINDOWS\AU_Backup

2007-03-03 12:34:02 229957 --a------ C:\WINDOWS\tsc.exe

2007-03-03 12:34:01 1101904 --a------ C:\WINDOWS\vsapi32.dll

2007-03-03 12:34:01 71749 --a------ C:\WINDOWS\hcextoutput.dll

2007-03-03 12:34:00 86094 --a------ C:\WINDOWS\BPMNT.dll

2007-03-03 12:27:04 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2007-03-03 12:24:14 0 d-------- C:\WINDOWS\AU_Temp

2007-03-03 12:24:13 0 d-------- C:\WINDOWS\AU_Log

2007-03-03 12:24:00 507904 --a------ C:\WINDOWS\TMUPDATE.DLL

2007-03-03 12:23:59 69689 --a------ C:\WINDOWS\UNZIP.DLL

2007-03-03 12:23:59 286720 --a------ C:\WINDOWS\PATCH.EXE

2007-03-03 11:08:16 25584 -----n— C:\WINDOWS\system32\wintems.exe

2007-03-03 10:45:44 2560 -----n— C:\WINDOWS\system32\drivers\cdralw2k.sys

2007-03-03 10:45:44 2432 -----n— C:\WINDOWS\system32\drivers\cdr4_xp.sys

2007-03-03 10:45:41 129784 -----n— C:\WINDOWS\system32\pxafs.dll

2007-03-03 10:45:09 0 d-------- C:\Program Files\Winamp

2007-03-03 10:45:09 0 d-------- C:\Documents and Settings\aga\Application Data\Winamp

2007-03-03 10:40:39 0 d-------- C:\WINDOWS\exefld

2007-02-28 22:33:45 0 d-------- C:\Program Files\GrandVirtual

2007-02-27 12:11:48 0 d-------- C:\Documents and Settings\All Users\Application Data\EBP

2007-02-27 12:11:37 0 d-------- C:\Program Files\EBP

2007-02-27 12:06:08 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard

2007-02-26 11:30:36 0 d-------- C:\Program Files\Rzeczpospolita - Mała Księgowość

2007-02-22 16:37:48 0 d-------- C:\Projets NetlorStudio

2007-02-22 16:25:59 0 d-------- C:\Program Files\Netlor Studio

2007-02-22 15:45:17 0 d-------- C:\Program Files\Yahoo!

2007-02-22 15:45:02 0 d-------- C:\Program Files\CCleaner

2007-02-22 12:01:31 0 d-------- C:\Documents and Settings\aga\Application Data\Notepad++

2007-02-22 12:01:24 0 d-------- C:\Program Files\Notepad++

2007-02-19 13:18:13 0 d-------- C:\Program Files\Calcul

2007-02-19 12:21:21 41984 --a------ C:\WINDOWS\system32\ADIMON.DLL

2007-02-19 12:21:20 447488 --a------ C:\WINDOWS\system32\HEIDI3.DLL

2007-02-19 12:21:19 721168 --a------ C:\WINDOWS\system32\VB40032.DLL

2007-02-19 12:21:18 43008 --a------ C:\WINDOWS\system32\MTSTACK.EXE

2007-02-19 12:21:18 7680 --a------ C:\WINDOWS\system32\ADRESC.DLL

2007-02-19 12:21:18 267264 --a------ C:\WINDOWS\system32\ACADFICN.DLL

2007-02-19 12:06:18 38400 -----n— C:\WINDOWS\system32\SNTI386.DLL

2007-02-19 12:06:18 16896 --a------ C:\WINDOWS\system32\RNBOVDD.DLL

2007-02-19 12:06:18 64512 --a------ C:\WINDOWS\system32\drivers\SENTINEL.SYS

2007-02-19 12:06:01 77824 --a------ C:\WINDOWS\system32\REGACAD.DLL

2007-02-19 12:04:52 0 d-------- C:\Program Files\AutoCAD R14

2007-02-19 12:04:04 302592 --a------ C:\WINDOWS\unin040c.exe

– Find3M Report ---------------------------------------------------------------

2007-03-12 15:48:55 0 d-------- C:\Documents and Settings\aga\Application Data\Tlen.pl

2007-03-11 23:50:39 0 d-------- C:\Documents and Settings\aga\Application Data\Skype

2007-03-11 18:05:44 0 d-------- C:\Program Files\eMule

2007-02-28 23:02:18 0 d-------- C:\Program Files\FileZilla

2007-02-28 14:31:53 0 d-------- C:\Documents and Settings\aga\Application Data\Adobe

2007-02-27 12:11:30 0 d–h----- C:\Program Files\InstallShield Installation Information

2007-02-27 12:07:11 0 d-------- C:\Program Files\Desktop

2007-02-24 22:11:52 0 d-------- C:\Documents and Settings\aga\Application Data\Identities

2007-02-24 22:11:51 0 d-------- C:\Documents and Settings\aga\Application Data\Zylom

2007-02-24 22:09:33 0 d-------- C:\Program Files\Zylom Games

2007-02-22 17:00:56 390 --a------ C:\Program Files\Netlor StudioStyleView.sps

2007-02-07 08:24:46 0 d-------- C:\Documents and Settings\aga\Application Data\AdobeUM

2007-02-05 10:29:20 0 d-------- C:\Program Files\Google

2007-01-15 18:32:07 689280 --a------ C:\WINDOWS\system32\aswBoot.exe

2007-01-15 18:23:20 90112 --a------ C:\WINDOWS\system32\AVASTSS.scr

2007-01-13 11:18:42 26 --a------ C:\WINDOWS\WINSTART.BAT

2007-01-13 11:18:42 122 --a------ C:\WINDOWS\TMPDELIS.BAT

2007-01-13 11:18:42 123 --a------ C:\WINDOWS\TMPCPYIS.BAT

– Registry Dump ---------------------------------------------------------------

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]

“hldrrr”=“C:\WINDOWS\system32\hldrrr.exe”

“german.exe”=“C:\WINDOWS\system32\wintems.exe”

“drvsyskit”=“C:\Documents and Settings\aga\Application Data\hidires\hidr.exe”

“swg”=“C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe”

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]

“hldrrr”=“C:\WINDOWS\system32\hldrrr.exe”

“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe”

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]

“Installed”=“1”

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]

“NoChange”=“1”

“Installed”=“1”

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]

“Installed”=“1”

[HKEY_USERS.default\software\microsoft\windows\currentversion\run]

“ctfmon.exe”=“C:\WINDOWS\system32\CTFMON.EXE”

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]

“ctfmon.exe”=“C:\WINDOWS\system32\CTFMON.EXE”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

“SecurityProviders”=“msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll”

SafeBoot registry key needs to be repaired. This machine cannot enter Safe Mode.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]

HTTPFilter REG_MULTI_SZ HTTPFilter\0\0

LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0

NetworkService REG_MULTI_SZ DnsCache\0\0

DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0

rpcss REG_MULTI_SZ RpcSs\0\0

imgsvc REG_MULTI_SZ StiSvc\0\0

termsvcs REG_MULTI_SZ TermService\0\0

Usnsvc REG_MULTI_SZ usnsvc\0\0

– End of ComboScan: finished at 2007-03-13 at 21:20:48 ------------------------

Teraz czynności będziesz wykonywał w Gmerze więc uruchom go, poczekaj chwilkę, kliknij na zakładkę >>> w celu otworzenia pozostałych.

  • W zakładce Procesy kliknij Gmer awaryjny. Komputer się zrestartuje i zostanie samo okienko Gmer’a.

  • W zakładce Usługi usuń z prawokliku usługę m_hook (jeśli będzie)

  • W zakładce Procesy kliknij Pliki i usuń (jeśli będą):

  • Zrestartuj komputer przyciskiem na obudowie.

  • Po resecie otwórz Gmer’a i do zakładki CMD z zaznaczoną opcją REGEDIT.EXE wklej:

  • Kliknij Uruchom i reset.

Usuń wpisy HJT jeśli będą.

Ze względu na ten wpis:

Zajrzyj tutaj.

Po wykonaniu wklej nowy log z ComboScan. Tylko tym razem wykonaj log z parametrem /config , opis masz tutaj.

ComboScan v20070306.20 run by aga on 2007-03-13 at 22:33:52

Supplementary logfile - please post this as an attachment with your post.


– System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0

Architecture: X86; Language: English

CPU 0: Mobile Intel® Pentium® 4 CPU 3.06GHz

CPU 1: Mobile Intel® Pentium® 4 CPU 3.06GHz

Percentage of Memory in Use: 89%

Physical Memory (total/avail): 255.34 MiB / 27.95 MiB

Pagefile Memory (total/avail): 619.44 MiB / 401.44 MiB

Virtual Memory (total/avail): 2047.88 MiB / 1995.21 MiB

C: is Fixed (NTFS) - 25.02 GiB total, 5.49 GiB free.

D: is CDROM (No Media)

– Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.

Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: Panda Titanium Antivirus 2004 v3.02.05 (Panda Software) Outdated

AV: avast! antivirus 4.7.942 [VPS 000703-1] v4.7.942 (ALWIL Software) Outdated

– Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users

APPDATA=C:\Documents and Settings\aga\Application Data

CLIENTNAME=Console

CommonProgramFiles=C:\Program Files\Common Files

COMPUTERNAME=AGA-802886359FD

ComSpec=C:\WINDOWS\system32\cmd.exe

FP_NO_HOST_CHECK=NO

HOMEDRIVE=C:

HOMEPATH=\Documents and Settings\aga

LOGONSERVER=\AGA-802886359FD

NUMBER_OF_PROCESSORS=2

OS=Windows_NT

Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM

PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

PROCESSOR_ARCHITECTURE=x86

PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel

PROCESSOR_LEVEL=15

PROCESSOR_REVISION=0401

ProgramFiles=C:\Program Files

PROMPT=$P$G

SESSIONNAME=Console

SystemDrive=C:

SystemRoot=C:\WINDOWS

TEMP=C:\DOCUME~1\aga\LOCALS~1\Temp

TMP=C:\DOCUME~1\aga\LOCALS~1\Temp

USERDOMAIN=AGA-802886359FD

USERNAME=aga

USERPROFILE=C:\Documents and Settings\aga

windir=C:\WINDOWS

– User Profiles ---------------------------------------------------------------

aga (admin)

– Add/Remove Programs ---------------------------------------------------------

–> C:\WINDOWS\system32\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}

–> C:\WINDOWS\system32\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}

–> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

ABBYY FineReader 4.0 Sprint --> C:\WINDOWS\bitdeins.exe C:\PROGRA~1\ABBYYF~1.0SP\bitdeins.ini

Adobe Reader 7.0.8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70800000002}

AutoCAD R14.0 - Français --> C:\WINDOWS\unin040c.exe -f"C:\Program Files\AutoCAD R14\DeIsL1.isu"

avast! Antivirus --> rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup

BCM V.92 56K Modem --> C:\WINDOWS\BCMSMU.exe quiet

BearPaw 1200CU Plus v2.0 --> C:\PROGRA~1\BEARPA~1\Driver\UNINST.EXE

C-Major Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe” -l0x15 -remove -removeonly

Canon iP4200 --> C:\WINDOWS\system32\CNMCP78.exe “-PRINTERNAMECanon iP4200” “-HELPERDLLC:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Inst2\cnmis.dll” “-RCDLLcnmi0415.dll”

Canon Setup Utility 2.0 --> “C:\Program Files\Canon\Canon Setup Utility 2.0\Maint.exe” /Uninstall C:\Program Files\Canon\Canon Setup Utility 2.0\uninst.ini

Canon Utilities Easy-PhotoPrint --> C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini

Canon Utilities Easy-PrintToolBox --> C:\WINDOWS\BJPSUNST.EXE

CCleaner (remove only) --> “C:\Program Files\CCleaner\uninst.exe”

CD-LabelPrint --> “C:\Program Files\Canon\CD-LabelPrint\Uninstal.exe” Canon.CDLabelPrint.Application

Desktop --> MsiExec.exe /I{CDEBF9E7-BCEB-43A7-986C-E66377C28ABC}

DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER

eMule --> “C:\Program Files\eMule\Uninstall.exe”

Francuski w pigułce 2.0 --> “C:\Program Files\Edgard Multimedia\Francuski w pigulce 2.0\unins000.exe”

Free Mp3 Wma Converter V 1.5.4 --> “C:\Program Files\Free Audio Pack\unins000.exe”

Gadu-Gadu 7.1 --> C:\Program Files\Gadu-Gadu\Setup.exe

HijackThis 1.99.1 --> C:\Program Files\HijackThis\HijackThis.exe /uninstall

J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}

Mała Księgowość Rzeczpospolitej --> “C:\Program Files\Rzeczpospolita - Mała Księgowość\Odinstaluj.exe”

Macromedia Dreamweaver MX 2004 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}\Setup.exe” -l0x9 mmUninstall

Macromedia Extension Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{A5BA14E0-7384-11D4-BAE7-00409631A2C8}\setup.exe” -l0x9 mmUninstall

Microsoft Office 2000 Premium --> MsiExec.exe /I{00000415-78E1-11D2-B60F-006097C998E7}

Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}

MP3 Player Utilities --> MsiExec.exe /I{5BBFB0E4-2250-49C3-A8A3-65BE2197D13B}

Netlor Studio v3.15 --> MsiExec.exe /I{D2A697CF-4C7C-40BD-AF14-4877D279CFE8}

Niezbędnik CD --> C:\WINDOWS\unins000.exe

Nokia Connectivity Cable Driver --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{3C1599DA-9ED9-4090-930F-B8BC4D99D6B0} /l1036

Nokia PC Suite --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{FBD6A335-7E02-43B0-AF58-1B472F9BD3E1} /l1036

PowerDVD 5.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe” -uninstall

PS2 EyeToy SLEH-00030 Webcam --> C:\WINDOWS\CleanDev.exe C:\WINDOWS\ov519.TXT

Skype 2.5 --> “C:\Program Files\Skype\Phone\unins000.exe”

Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}

Sonic RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}

Spybot - Search & Destroy 1.4 --> “C:\Program Files\Spybot - Search & Destroy\unins000.exe”

Tlen.pl --> “C:\Program Files\Tlen.pl\uninstall.exe”

Winamp (remove only) --> “C:\Program Files\Winamp\UninstWA.exe”

Windows Live Messenger --> MsiExec.exe /I{6AE93735-08F7-4549-95A3-0C6ED0B2AB7E}

WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe

WordPerfect Office 12 --> MsiExec.exe /I{AF19F291-F22F-4798-9662-525305AE9E48}

XGI Volari-XP5 Display Driver --> XGIUnist.exe /uninst

Zylom Games Player Plugin --> “C:\Program Files\Zylom Games\UninstallPlugin.exe” --uninstall

– End of ComboScan: finished at 2007-03-13 at 22:34:54 ------------------------

Złączono Posta : 13.03.2007 (Wto) 22:51

ComboScan v20070306.20 run by aga on 2007-03-13 at 22:33:52

Computer is in Normal Mode.


– System Restore --------------------------------------------------------------

Successfully created ComboScan Restore Point.

– Last 5 Restore Point(s) –

65: 2007-03-13 21:34:05 UTC - RP103 - ComboScan Restore Point

64: 2007-03-13 11:20:02 UTC - RP102 - System Checkpoint

63: 2007-03-11 21:28:30 UTC - RP101 - ComboScan Restore Point

62: 2007-03-11 20:36:53 UTC - RP100 - Installed BitDefender 8 Free Edition

61: 2007-03-11 20:05:04 UTC - RP99 - System Checkpoint

– First Restore Point –

1: 2006-12-15 09:49:26 UTC - RP39 - System Checkpoint

Performed disk cleanup.

– HijackThis (run as aga.exe) -------------------------------------------------

Logfile of HijackThis v1.99.1

Scan saved at 22:34:23, on 2007-03-13

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\setrysvc.exe

C:\WINDOWS\System32\semwltry.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ntvdm.exe

C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Documents and Settings\aga\Desktop\comboscan.exe

C:\PROGRA~1\HIJACK~1\aga.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pajacyk.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

F3 - REG:win.ini: load=C:\YDPDict\watch.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll

O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU…\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005 … scan53.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: Sony Ericsson Wireless LAN Tray Service (setrysvc) - Unknown owner - C:\WINDOWS\System32\setrysvc.exe

– HijackThis Fixed Entries (C:\PROGRA~1\HIJACK~1\backups) --------------------

backup-20070312-182823-138 F2 - REG:system.ini: Shell=explorer.exe

backup-20070312-182823-179 O2 - BHO: (no name) - {56F1D444-11BF-4879-A12B-79CF0177F038} - (no file)

– File Associations -----------------------------------------------------------

.bat - batfile - “%1” %*

.chm - chm.file - “C:\WINDOWS\hh.exe” %1

.cmd - cmdfile - “%1” %*

.com - comfile - “%1” %*

.exe - exefile - “%1” %*

.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1

.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1

.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1

.js - JSFile - %SystemRoot%\System32\WScript.exe “%1” %*

.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}

.pif - piffile - “%1” %*

.reg - regfile - regedit.exe “%1”

.scr - AutoCADScript - C:\WINDOWS\NOTEPAD.EXE “%1”

.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1

.vbs - VBSFile - %SystemRoot%\System32\WScript.exe “%1” %*

– Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

4S Aavmker4 (avast! Asynchronous Virus Monitor) - C:\WINDOWS\system32\drivers\aavmker4.sys

2R AegisP (AEGIS Protocol (IEEE 802.1x) v3.2.0.3) - C:\WINDOWS\system32\drivers\AegisP.sys

3R Arp1394 (1394 ARP Client Protocol) - C:\WINDOWS\system32\drivers\arp1394.sys

4S aswMon2 (avast! Standard Shield Support) - C:\WINDOWS\system32\drivers\aswmon2.sys

4S aswRdr - C:\WINDOWS\system32\drivers\aswRdr.sys

4S aswTdi (avast! Network Shield Support) - C:\WINDOWS\system32\drivers\aswTdi.sys

3R BCMModem (BCM V.92 56K Modem) - C:\WINDOWS\system32\drivers\BCMSM.sys

3S CCDECODE (Closed Caption Decoder) - C:\WINDOWS\system32\drivers\CCDECODE.sys

0R drvmcdb - C:\WINDOWS\system32\drivers\drvmcdb.sys

2R drvnddm - C:\WINDOWS\system32\drivers\drvnddm.sys

3S gmer - C:\WINDOWS\system32\drivers\gmer.sys

3S GT680x (GrandTechICNameNT) - C:\WINDOWS\system32\drivers\gt680x.sys

3S HidUsb (Microsoft HID Class Driver) - C:\WINDOWS\system32\drivers\hidusb.sys

1R intelppm (Intel Processor Driver) - C:\WINDOWS\system32\drivers\intelppm.sys

3S MSTEE (Microsoft Streaming Tee/Sink-to-Sink Converter) - C:\WINDOWS\system32\drivers\MSTEE.sys

3S NABTSFEC (NABTS/FEC VBI Codec) - C:\WINDOWS\system32\drivers\NABTSFEC.sys

3S NdisIP (Microsoft TV/Video Connection) - C:\WINDOWS\system32\drivers\ndisip.sys

3R NIC1394 (1394 Net Driver) - C:\WINDOWS\system32\drivers\nic1394.sys

3S Nokia USB Generic - C:\WINDOWS\system32\drivers\nmwcdc.sys

3S Nokia USB Modem - C:\WINDOWS\system32\drivers\nmwcdcm.sys

3S Nokia USB Phone Parent - C:\WINDOWS\system32\drivers\nmwcd.sys

3S Nokia USB Port - C:\WINDOWS\system32\drivers\nmwcdcj.sys

0R ohci1394 (Texas Instruments OHCI Compliant IEEE 1394 Host Controller) - C:\WINDOWS\system32\drivers\ohci1394.sys

3S ovt519 (PS2 EyeToy SLEH-00030 Webcam) - C:\WINDOWS\system32\drivers\ov519vid.sys

1R prodrv06 (StarForce Protection Environment Driver v6) - C:\WINDOWS\system32\drivers\prodrv06.sys

0R prohlp02 (StarForce Protection Helper Driver v2) - C:\WINDOWS\system32\drivers\prohlp02.sys

0R prosync1 (StarForce Protection Synchronization Driver v1) - C:\WINDOWS\system32\drivers\prosync1.sys

0R PxHelp20 - C:\WINDOWS\system32\drivers\pxhelp20.sys

3S SEM43XX (Sony Ericsson 802.11 Wireless LAN Adapter Driver SEM43XX) - C:\WINDOWS\system32\drivers\semwl5.SYS

3S SEMWModem (Sony Ericsson SEMWModem) - C:\WINDOWS\system32\drivers\GCXX.sys

3S SEMWWNIC (Sony Ericsson SEMWWNIC) - C:\WINDOWS\system32\drivers\GCXXNet.sys

2S Sentinel - C:\WINDOWS\system32\drivers\SENTINEL.SYS

0R sfhlp01 (StarForce Protection Helper Driver) - C:\WINDOWS\system32\drivers\sfhlp01.sys

3S SLIP (BDA Slip De-Framer) - C:\WINDOWS\system32\drivers\slip.sys

3S Sony_EricssonWWSC (Sony Ericsson SIM Card Reader) - C:\WINDOWS\system32\drivers\GCXXSC.sys

1R sscdbhk5 - C:\WINDOWS\system32\drivers\sscdbhk5.sys

1R ssrtln - C:\WINDOWS\system32\drivers\ssrtln.sys

3R STAC97 (Audio Driver (WDM) - SigmaTel CODEC) - C:\WINDOWS\system32\drivers\stac97.sys

3S streamip (BDA IPSink) - C:\WINDOWS\system32\drivers\streamip.sys

2R tfsnboio - C:\WINDOWS\system32\dla\tfsnboio.sys

2R tfsncofs - C:\WINDOWS\system32\dla\tfsncofs.sys

2R tfsndrct - C:\WINDOWS\system32\dla\tfsndrct.sys

2R tfsndres - C:\WINDOWS\system32\dla\tfsndres.sys

2R tfsnifs - C:\WINDOWS\system32\dla\tfsnifs.sys

2R tfsnopio - C:\WINDOWS\system32\dla\tfsnopio.sys

2R tfsnpool - C:\WINDOWS\system32\dla\tfsnpool.sys

2R tfsnudf - C:\WINDOWS\system32\dla\tfsnudf.sys

2R tfsnudfa - C:\WINDOWS\system32\dla\tfsnudfa.sys

2R tmcomm - C:\WINDOWS\system32\drivers\tmcomm.sys

3S usbaudio (USB Audio Driver (WDM)) - C:\WINDOWS\system32\drivers\USBAUDIO.sys

3S usbccgp (Microsoft USB Generic Parent Driver) - C:\WINDOWS\system32\drivers\usbccgp.sys

3R usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - C:\WINDOWS\system32\drivers\usbehci.sys

3R usbprint (Microsoft USB PRINTER Class) - C:\WINDOWS\system32\drivers\usbprint.sys

3S USBSTOR (USB Mass Storage Driver) - C:\WINDOWS\system32\drivers\usbstor.sys

3R USB_RNDIS (USB Remote NDIS Network Device Driver) - C:\WINDOWS\system32\drivers\usb8023.sys

1R WS2IFSL (Windows Socket 2.0 Non-IFS Service Provider Support Environment) - C:\WINDOWS\system32\drivers\ws2ifsl.sys

3S WSTCODEC (World Standard Teletext Codec) - C:\WINDOWS\system32\drivers\WSTCODEC.SYS

3R Xgiv3 - C:\WINDOWS\system32\drivers\Xgiv3m.sys

– Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

4S aswUpdSv (avast! iAVS4 Control Service) - “C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe”

4S avast! Antivirus - “C:\Program Files\Alwil Software\Avast4\ashServ.exe”

4S avast! Mail Scanner - “C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe” /service

4S avast! Web Scanner - “C:\Program Files\Alwil Software\Avast4\ashWebSv.exe” /service

3S gusvc (Google Updater Service) - “C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe”

3S Macromedia Licensing Service - “C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe”

3S ose (Office Source Engine) - “C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE”

2R setrysvc (Sony Ericsson Wireless LAN Tray Service) - C:\WINDOWS\System32\setrysvc.exe C:\WINDOWS\System32\semwltry.exe

3S UMWdf (Windows User Mode Driver Framework) - C:\WINDOWS\system32\wdfmgr.exe

3S usnsvc (Usługa Messenger Sharing USN Journal Reader) - C:\WINDOWS\system32\svchost.exe -k usnsvc

– Files created between 2007-02-13 and 2007-03-13 -----------------------------

2007-03-13 22:20:53 236 --a------ C:\WINDOWS\gmer.reg

2007-03-12 09:39:07 385100 --a------ C:\WINDOWS\system32\MSVCRTD.DLL

2007-03-12 09:39:07 516173 --a------ C:\WINDOWS\system32\MSVCP60D.DLL

2007-03-12 09:38:58 101888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL

2007-03-12 09:38:34 0 d-------- C:\Program Files\Free Audio Pack

2007-03-11 22:44:18 80 --a------ C:\WINDOWS\gmer_uninstall.cmd

2007-03-06 16:36:58 0 d-------- C:\WINDOWS\pss

2007-03-03 12:35:39 0 d-------- C:\WINDOWS\report

2007-03-03 12:34:03 0 d-------- C:\WINDOWS\AU_Backup

2007-03-03 12:34:02 229957 --a------ C:\WINDOWS\tsc.exe

2007-03-03 12:34:01 1101904 --a------ C:\WINDOWS\vsapi32.dll

2007-03-03 12:34:01 71749 --a------ C:\WINDOWS\hcextoutput.dll

2007-03-03 12:34:00 86094 --a------ C:\WINDOWS\BPMNT.dll

2007-03-03 12:27:04 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2007-03-03 12:24:14 0 d-------- C:\WINDOWS\AU_Temp

2007-03-03 12:24:13 0 d-------- C:\WINDOWS\AU_Log

2007-03-03 12:24:00 507904 --a------ C:\WINDOWS\TMUPDATE.DLL

2007-03-03 12:23:59 69689 --a------ C:\WINDOWS\UNZIP.DLL

2007-03-03 12:23:59 286720 --a------ C:\WINDOWS\PATCH.EXE

2007-03-03 10:45:44 2560 -----n— C:\WINDOWS\system32\drivers\cdralw2k.sys

2007-03-03 10:45:44 2432 -----n— C:\WINDOWS\system32\drivers\cdr4_xp.sys

2007-03-03 10:45:41 129784 -----n— C:\WINDOWS\system32\pxafs.dll

2007-03-03 10:45:09 0 d-------- C:\Program Files\Winamp

2007-03-03 10:45:09 0 d-------- C:\Documents and Settings\aga\Application Data\Winamp

2007-03-03 10:40:39 0 d-------- C:\WINDOWS\exefld

2007-02-28 22:33:45 0 d-------- C:\Program Files\GrandVirtual

2007-02-27 12:11:48 0 d-------- C:\Documents and Settings\All Users\Application Data\EBP

2007-02-27 12:11:37 0 d-------- C:\Program Files\EBP

2007-02-27 12:06:08 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard

2007-02-26 11:30:36 0 d-------- C:\Program Files\Rzeczpospolita - Mała Księgowość

2007-02-22 16:37:48 0 d-------- C:\Projets NetlorStudio

2007-02-22 16:25:59 0 d-------- C:\Program Files\Netlor Studio

2007-02-22 15:45:17 0 d-------- C:\Program Files\Yahoo!

2007-02-22 15:45:02 0 d-------- C:\Program Files\CCleaner

2007-02-22 12:01:31 0 d-------- C:\Documents and Settings\aga\Application Data\Notepad++

2007-02-22 12:01:24 0 d-------- C:\Program Files\Notepad++

2007-02-19 13:18:13 0 d-------- C:\Program Files\Calcul

2007-02-19 12:21:21 41984 --a------ C:\WINDOWS\system32\ADIMON.DLL

2007-02-19 12:21:20 447488 --a------ C:\WINDOWS\system32\HEIDI3.DLL

2007-02-19 12:21:19 721168 --a------ C:\WINDOWS\system32\VB40032.DLL

2007-02-19 12:21:18 43008 --a------ C:\WINDOWS\system32\MTSTACK.EXE

2007-02-19 12:21:18 7680 --a------ C:\WINDOWS\system32\ADRESC.DLL

2007-02-19 12:21:18 267264 --a------ C:\WINDOWS\system32\ACADFICN.DLL

2007-02-19 12:06:18 38400 -----n— C:\WINDOWS\system32\SNTI386.DLL

2007-02-19 12:06:18 16896 --a------ C:\WINDOWS\system32\RNBOVDD.DLL

2007-02-19 12:06:18 64512 --a------ C:\WINDOWS\system32\drivers\SENTINEL.SYS

2007-02-19 12:06:01 77824 --a------ C:\WINDOWS\system32\REGACAD.DLL

2007-02-19 12:04:52 0 d-------- C:\Program Files\AutoCAD R14

2007-02-19 12:04:04 302592 --a------ C:\WINDOWS\unin040c.exe

– Find3M Report ---------------------------------------------------------------

2007-03-12 15:48:55 0 d-------- C:\Documents and Settings\aga\Application Data\Tlen.pl

2007-03-11 23:50:39 0 d-------- C:\Documents and Settings\aga\Application Data\Skype

2007-03-11 18:05:44 0 d-------- C:\Program Files\eMule

2007-02-28 23:02:18 0 d-------- C:\Program Files\FileZilla

2007-02-28 14:31:53 0 d-------- C:\Documents and Settings\aga\Application Data\Adobe

2007-02-27 12:11:30 0 d–h----- C:\Program Files\InstallShield Installation Information

2007-02-27 12:07:11 0 d-------- C:\Program Files\Desktop

2007-02-24 22:11:52 0 d-------- C:\Documents and Settings\aga\Application Data\Identities

2007-02-24 22:11:51 0 d-------- C:\Documents and Settings\aga\Application Data\Zylom

2007-02-24 22:09:33 0 d-------- C:\Program Files\Zylom Games

2007-02-22 17:00:56 390 --a------ C:\Program Files\Netlor StudioStyleView.sps

2007-02-07 08:24:46 0 d-------- C:\Documents and Settings\aga\Application Data\AdobeUM

2007-02-05 10:29:20 0 d-------- C:\Program Files\Google

2007-01-15 18:32:07 689280 --a------ C:\WINDOWS\system32\aswBoot.exe

2007-01-15 18:23:20 90112 --a------ C:\WINDOWS\system32\AVASTSS.scr

2007-01-13 11:18:42 26 --a------ C:\WINDOWS\WINSTART.BAT

2007-01-13 11:18:42 122 --a------ C:\WINDOWS\TMPDELIS.BAT

2007-01-13 11:18:42 123 --a------ C:\WINDOWS\TMPCPYIS.BAT

– Registry Dump ---------------------------------------------------------------

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]

“swg”=“C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe”

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]

“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe”

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]

“Installed”=“1”

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]

“NoChange”=“1”

“Installed”=“1”

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]

“Installed”=“1”

[HKEY_USERS.default\software\microsoft\windows\currentversion\run]

“ctfmon.exe”=“C:\WINDOWS\system32\CTFMON.EXE”

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]

“ctfmon.exe”=“C:\WINDOWS\system32\CTFMON.EXE”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

“SecurityProviders”=“msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll”

SafeBoot registry key needs to be repaired. This machine cannot enter Safe Mode.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]

HTTPFilter REG_MULTI_SZ HTTPFilter\0\0

LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0

NetworkService REG_MULTI_SZ DnsCache\0\0

DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0

rpcss REG_MULTI_SZ RpcSs\0\0

imgsvc REG_MULTI_SZ StiSvc\0\0

termsvcs REG_MULTI_SZ TermService\0\0

Usnsvc REG_MULTI_SZ usnsvc\0\0

– End of ComboScan: finished at 2007-03-13 at 22:34:54 ------------------------

Złączono Posta : 13.03.2007 (Wto) 23:04

co do naprawiania SafeBoot: jak mam znaleźć date przedinfekcyjną? i jak potem sprawdzić czy po restarcie ładuje się tryb awaryjny?

Złączono Posta : 14.03.2007 (Sro) 17:09

Poprzednie pytanie z 13.03.07 z 23:04 nieaktualne - poszukałam, poczytałam i już wiem! :smiley:

wykonałam czynności odnośnie naprawy SafeBoota, czy jeżeli w kolejnym Combo nie ma już tej informacji

to znaczy, że naprawiłam ?

i co dalej Adamie9870, bo to chyba nie koniec? nie wiem czy to istotne ale nadal we właściwościach np Solitare mam w Target: %SystemRoot%\system32\sol.exe , to normalne czy raczej nie?

Log z Comboscan jest w porządku. Jedynie jeśli nie masz już Yahoo! Toolbar to możesz ciachnąć hijackiem ten wpis:

I usunąć backupu hijakca, które są gromadzone w katalogu C:\PROGRA~1\HIJACK~1\backups

Ta, to już koniec ponieważ śmieci już nie widać.

Solitare to właśnie skrót do aplikacji sol.exe znajdującej się w katalogu %SystemRoot%\system32 czyli c:\windows\system32. Zresztą możesz wejść do katalogu c:\windows\system32 i zobaczyć jaką ikonę ma plik o nazwie sol.exe