z tym skanowaniem pliku jest probblem bo go tam nie ma ;/ nie jest tez ukryty ;/ pozostale zrobione:
Fixwareout:
Username "asdf" - 2007-08-04 22:33:33 [Fixwareout edited 2007/07/05]
»»»»»Prerun check
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{8087F873-8E1F-4922-9F68-17DF0E1D95A1}
"nameserver"="85.255.116.100"
Pomyślnie opróżniono pamięć podręczną programu rozpoznawania nazw DNS.
System was rebooted successfully.
»»»»» Postrun check
HKLM\SOFTWARE\~\Winlogon\ "System"=""
....
Silentrunners:
"Silent Runners.vbs", revision R51, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"SpeedX" = "C:\PROGRA~1\MyPortal\Speed-X\SpeedX.exe" [file not found]
"Panel JZK Auto" = "C:\jzk\panel_jzk.exe /auto /zegar" [file not found]
"Spyware Doctor" = ""C:\Program Files\Spyware Doctor\swdoctor.exe" /Q" ["PC Tools Research Pty Ltd"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"SpeedTouch USB Diagnostics" = ""C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon" ["THOMSON Telecom Belgium"]
"QuickTime Task" = ""f:\qttask.exe" -atboottime" [file not found]
"SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"" ["Sun Microsystems, Inc."]
"odk_mon" = "C:\Program Files\Odkurzacz 9.3 Pro\odk_mon.exe" [file not found]
"odk_mcd" = "C:\Program Files\Odkurzacz 10.0 Pro beta\odk_mcd.exe" [file not found]
"Odkurzacz-MCD" = "C:\Program Files\Odkurzacz 10.1 Pro\odk_mcd.exe" ["FranmoSoft"]
"HP Software Update" = "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" ["Hewlett-Packard Co."]
"WinampAgent" = "C:\Program Files\Winamp\winampa.exe" [null data]
"avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" ["ALWIL Software"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll" ["Sun Microsystems, Inc."]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Helper"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "D:\OFFICE~1\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook"
\InProcServer32\(Default) = "D:\OFFICE~1\OFFICE11\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "D:\Office 2003\OFFICE11\msohev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{453D1B6D-BD6A-4FA1-B876-9E4DD848D434}" = "AQQ File Transfer Shell Extension"
-> {HKLM...CLSID} = "AQQ File Transfer Shell Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\Wapster\AQQ\System\AQQSHE~1.DLL" [null data]
"{23F0DC38-DC86-49D6-81EC-40C54A204212}" = "ZEN Nano Plus Media Explorer"
-> {HKLM...CLSID} = "ZEN Nano Plus Media Explorer"
\InProcServer32\(Default) = "C:\Program Files\Creative\Creative ZEN Nano Plus\ZEN Nano Plus Media Explorer\CTMvnsu.dll" ["Creative Technology Ltd"]
"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
HKLM\Software\Classes\PROTOCOLS\Filter\
<> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]
HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
AQQFileTransfer\(Default) = "{453D1B6D-BD6A-4FA1-B876-9E4DD848D434}"
-> {HKLM...CLSID} = "AQQ File Transfer Shell Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\Wapster\AQQ\System\AQQSHE~1.DLL" [null data]
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------
Note: detected settings may not have any effect.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
"NoChangeStartMenu" = (REG_DWORD) hex:0x00000000
{unrecognized setting}
"NoClose" = (REG_SZ) 1
{unrecognized setting}
"NoLogOff" = (REG_DWORD) hex:0x00000000
{User Configuration|Administrative Templates|System|Logon/Logoff|
Disable Logoff}
"NoRun" = (REG_DWORD) hex:0x00000000
{unrecognized setting}
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\
"NoDispCPL" = (REG_SZ) 1
{User Configuration|Administrative Templates|Control Panel|Display|
Remove Display in Control Panel}
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\
"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}
"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\asdf\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"
Startup items in "asdf" & "All Users" startup folders:
------------------------------------------------------
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
"Adobe Reader Speed Launch" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]
"Emil Junior" -> shortcut to: "C:\Program Files\Thomson\SpeedTouch USB\stdialup.exe /Dial /Entry "Emil Junior"" ["THOMSON Telecom Belgium"]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]
"{37B85A29-692B-4205-9CAD-2626E4993404}"
-> {HKLM...CLSID} = "My Global Search Bar"
\InProcServer32\(Default) = "C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL" ["My Global Search"]
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
-> {HKLM...CLSID} = "Yahoo! Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]
"{37B85A29-692B-4205-9CAD-2626E4993404}"
-> {HKLM...CLSID} = "My Global Search Bar"
\InProcServer32\(Default) = "C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL" ["My Global Search"]
Explorer Bars
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Badanie"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "D:\OFFICE~1\OFFICE11\REFIEBAR.DLL" [MS]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in 1.6.0_01"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.6.0_01"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll" ["Sun Microsystems, Inc."]
{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Badanie"
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
avast! Antivirus, avast! Antivirus, ""C:\Program Files\Alwil Software\Avast4\ashServ.exe"" ["ALWIL Software"]
avast! iAVS4 Control Service, aswUpdSv, ""C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" ["ALWIL Software"]
avast! Mail Scanner, avast! Mail Scanner, ""C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"]
avast! Web Scanner, avast! Web Scanner, ""C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]
Creative Service for CDROM Access, Creative Service for CDROM Access, "C:\WINDOWS\system32\CTsvcCDA.exe" ["Creative Technology Ltd"]
PC Tools Spyware Doctor, SDhelper, "C:\Program Files\Spyware Doctor\sdhelp.exe" ["PC Tools Research Pty Ltd"]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]
Print Monitors:
---------------
HKLM\System\CurrentControlSet\Control\Print\Monitors\
Canon BJ Language Monitor S400\Driver = "CNMLM2P.DLL" ["CANON INC."]
LIDIL Language Monitor\Driver = "hpzll3xu.dll" ["Hewlett-Packard Company"]
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]
Monitor 2 języka BJ\Driver = "CNBJMON2.DLL" [MS]
---------- (launch time: 2007-08-04 22:57:06)
<>: Suspicious data at a malware launch point.
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 266 seconds.
---------- (total run time: 638 seconds)
COMBOFIX:
2006-07-05 12:56 1012736 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\_000005_.tmp.dll.vir
2007-05-06 14:17 140 --a------ C:\Qoobox\Quarantine\C\Program Files\MyGlobalSearch\bar\1.bin\M9FFXTBR.MANIFEST.vir
2007-05-06 14:17 140 --a------ C:\Qoobox\Quarantine\C\Program Files\MyGlobalSearch\bar\1.bin\M9NTSTBR.MANIFEST.vir
2007-05-06 14:17 225280 --a------ C:\Qoobox\Quarantine\C\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL.vir
2007-05-06 14:17 24576 --a------ C:\Qoobox\Quarantine\C\Program Files\MyGlobalSearch\bar\1.bin\NPMYGLSH.DLL.vir
2007-05-06 14:17 45056 --a------ C:\Qoobox\Quarantine\C\Program Files\MyGlobalSearch\bar\1.bin\M9PLUGIN.DLL.vir
2007-05-06 14:17 4829 --a------ C:\Qoobox\Quarantine\C\Program Files\MyGlobalSearch\bar\1.bin\M9FFXTBR.JAR.vir
2007-05-06 14:17 6493 --a------ C:\Qoobox\Quarantine\C\Program Files\MyGlobalSearch\bar\1.bin\M9NTSTBR.JAR.vir
2007-05-08 18:20 1024 --a------ C:\Qoobox\Quarantine\C\Program Files\MyGlobalSearch\bar\History\search.vir
2007-05-08 18:20 1092 --a------ C:\Qoobox\Quarantine\C\Program Files\MyGlobalSearch\bar\Cache\017F56B4.bin.vir
2007-05-08 18:20 1320 --a------ C:\Qoobox\Quarantine\C\Program Files\MyGlobalSearch\bar\Cache\017F46FA.bin.vir
2007-05-08 18:20 4504 --a------ C:\Qoobox\Quarantine\C\Program Files\MyGlobalSearch\bar\Cache\017F4306.bin.vir
2007-05-08 18:20 7618 --a------ C:\Qoobox\Quarantine\C\Program Files\MyGlobalSearch\bar\Settings\prevcfg.htm.vir
2007-06-28 17:10 52424 --a------ C:\Qoobox\Quarantine\C\Program Files\PornoPlayer\Uninstall.exe.vir
2007-06-28 17:10 720 --a------ C:\Qoobox\Quarantine\C\DOCUME~1\asdf\MENUST~1\Programy\PornoPlayer\Uninstall.lnk.vir
2007-08-04 21:01 79 --a------ C:\Qoobox\Quarantine\C\Program Files\MyGlobalSearch\bar\Cache\003A23D2.vir
2007-08-04 23:08 309 --a------ C:\Qoobox\Quarantine\C\Program Files\MyGlobalSearch\bar\Cache\files.ini.vir
2007-08-04 23:10 830 --a------ C:\Qoobox\Quarantine\Registry_backups\LEGACY_WINDOWS_LOG.reg.cf
Zmienna PATH folderu
Numer seryjny woluminu: D451-315C
C:\QOOBOX
\---Quarantine
+---C
| +---DOCUME~1
| | \---asdf
| | \---MENUST~1
| | \---Programy
| | \---PornoPlayer
| | Uninstall.lnk.vir
| |
| +---Program Files
| | +---MyGlobalSearch
| | | \---bar
| | | +---1.bin
| | | | M9FFXTBR.JAR.vir
| | | | M9FFXTBR.MANIFEST.vir
| | | | M9NTSTBR.JAR.vir
| | | | M9NTSTBR.MANIFEST.vir
| | | | M9PLUGIN.DLL.vir
| | | | MGSBAR.DLL.vir
| | | | NPMYGLSH.DLL.vir
| | | |
| | | +---Cache
| | | | 003A23D2.vir
| | | | 017F4306.bin.vir
| | | | 017F46FA.bin.vir
| | | | 017F56B4.bin.vir
| | | | files.ini.vir
| | | |
| | | +---History
| | | | search.vir
| | | |
| | | \---Settings
| | | prevcfg.htm.vir
| | |
| | \---PornoPlayer
| | Uninstall.exe.vir
| |
| \---WINDOWS
| \---system32
| _000005_.tmp.dll.vir
|
\---Registry_backups
LEGACY_WINDOWS_LOG.reg.cf
HIJACK:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:25:03, on 2007-08-04
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [QuickTime Task] "f:\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [odk_mon] C:\Program Files\Odkurzacz 9.3 Pro\odk_mon.exe
O4 - HKLM\..\Run: [odk_mcd] C:\Program Files\Odkurzacz 10.0 Pro beta\odk_mcd.exe
O4 - HKLM\..\Run: [Odkurzacz-MCD] C:\Program Files\Odkurzacz 10.1 Pro\odk_mcd.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [SpeedX] C:\PROGRA~1\MyPortal\Speed-X\SpeedX.exe
O4 - HKCU\..\Run: [Panel JZK Auto] C:\jzk\panel_jzk.exe /auto /zegar
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Emil Junior.lnk = C:\Program Files\Thomson\SpeedTouch USB\stdialup.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\OFFICE~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\OFFICE~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{8087F873-8E1F-4922-9F68-17DF0E1D95A1}: NameServer = 85.255.116.100 85.255.112.169
O23 - Service: Abel - Unknown owner - F:\szyszunialo\haker\Cain\Abel.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O24 - Desktop Component 0: (no name) - http://www.artfan.net/data/media/66/tapety_new769.jpg
--
End of file - 6515 bytes
Złączono Posta : 04.08.2007 (Sob) 23:40
sorki za ten kod Combofixu ale taki mi pierwszy wyskoczyl a nei korzystalem z instrukcji.
Combofix:
ComboFix 07-08-04.3 - "asdf" 2007-08-04 23:07:59.1 [GMT 2:00] - NTFS