Okna z pulpitu mi uciekają HELP

skitles01 · 16 Lipiec 2007 10:34

Napisali mi w dziale od Windowsa xp ze mam tu te logi podac : HiJacka Silent Runners DSS ComboFix-a A oto mój problem:Okno np.IE wychodzi mi poza pulpit (czyli na drugi monitor) ale ja nie mam żadnego innego monitora podłączonego i nie chce żeby przy końcu pulpitu

okno jakiegoś programu znikało mi gdzieś i później muszę myszką jeździć z prawej strony i szukać gdzie to znikło … POMOCY JAK to zrobić aby okno nie dało się przeciągnąć poza granice pulpitu wdzianego na moim monitorze domyślnym???Proszę o odpowiedź… (drugi monitor mam wyłączony)

Logfile of HijackThis v1.99.1 Scan saved at 12:37:35, on 2007-07-16 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Palick Soft\HDD Temperature\HDDTsvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\WINDOWS\system32\rmctrl.exe C:\WINDOWS\system32\RunDll32.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\ExPLabs.com\LinkScanner\LinkScannerConnect.exe C:\WINDOWS\system32\notepad.exe C:\Documents and Settings\mskpc\Pulpit\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file) O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\ExPLabs.com\LinkScanner\LinkScannerIE.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Expressivo - {85F685C3-20D9-4943-95E4-EB4224056C3F} - C:\Program Files\ivo\Expressivo\IH_iexplore.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: Expressivo - {85F685C3-20D9-4943-95E4-EB4224056C3F} - C:\Program Files\ivo\Expressivo\IH_iexplore.dll O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll O3 - Toolbar: &Tłumaczenie - {0D704FAD-66E9-4F0A-BFED-4F665770DDB3} - C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe” O4 - HKLM…\Run: [RemoteControl] C:\WINDOWS\system32\rmctrl.exe O4 - HKLM…\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM…\Run: [AVP] “C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe” O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime O4 - HKLM…\Run: [GrooveMonitor] “C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe” O4 - HKLM…\Run: [scanRegistry] C:\W O4 - HKLM…\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 “EPSON Stylus DX3800 Series” /O6 “USB001” /M “Stylus DX3800” O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [LinkScanner Monitor] C:\Program Files\ExPLabs.com\LinkScanner\LinkScannerMonitor.exe /auto O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [Windows Defender] “C:\Program Files\Windows Defender\MSASCui.exe” -hide O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe” O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized O4 - HKCU…\Run: [Odkurzacz-MCD] C:\Program Files\Odkurzacz\odk_mcd.exe O4 - HKCU…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: DSLMON.lnk = ? O4 - Global Startup: Oprogramowanie Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O8 - Extra context menu item: Add to AMV Converter… - C:\Program Files\MP3 Player Utilities 4.09\AMVConverter\grab.html O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.09\MediaManager\grab.html O8 - Extra context menu item: Pobierz używając Download &Express’a - C:\Program Files\Download Express\Add_Url.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra ‘Tools’ menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {B46B0919-62BA-4D99-A5C4-916B57A6805C} - C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll O9 - Extra ‘Tools’ menuitem: @C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll,-103 - {B46B0919-62BA-4D99-A5C4-916B57A6805C} - C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\explabs.com\linkscanner\wrnetdrv.dll O10 - Unknown file in Winsock LSP: c:\program files\explabs.com\linkscanner\wrnetdrv.dll O10 - Unknown file in Winsock LSP: c:\program files\explabs.com\linkscanner\wrnetdrv.dll O10 - Unknown file in Winsock LSP: c:\program files\explabs.com\linkscanner\wrnetdrv.dll O10 - Unknown file in Winsock LSP: c:\program files\explabs.com\linkscanner\wrnetdrv.dll O10 - Unknown file in Winsock LSP: c:\program files\explabs.com\linkscanner\wrnetdrv.dll O11 - Options group: [iNTERNATIONAL] International* O17 - HKLM\System\CCS\Services\Tcpip…{56A1BCE8-C891-4FB3-8C25-02A4A70E8DC4}: NameServer = 213.241.79.37 83.238.255.76 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing) O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: HDD Temperature (HDDTService) - PalickSoft - C:\Program Files\Palick Soft\HDD Temperature\HDDTsvc.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Monczkin · 16 Lipiec 2007 10:49

Popraw tytuł na konkretny i obejmij logi znacznikami.

Poczytaj:

http://forum.dobreprogramy.pl/viewtopic.php?p=980957

http://forum.dobreprogramy.pl/viewtopic.php?t=66889

http://forum.dobreprogramy.pl/viewtopic.php?t=36654

skitles01 · 16 Lipiec 2007 10:57

A jakto wziąć w ten znak?

Złączono Posta : 16.07.2007 (Pon) 13:03

HELP!

Gutek · 17 Lipiec 2007 05:06

Skan AVG Anti-Spyware 7.5 po update + raport

usuń folder C:\ QOOBOX i C:\DOCUME~1\ALLUSE~1\DANEAP~1\ {54B37BDA-7415-4C17-A2C9-A871DC6D2370}

skitles01 · 17 Lipiec 2007 11:01

“dzięki” a raport tego AVG mam tu podać ???

Złączono Posta : 17.07.2007 (Wto) 13:09

Wcześniej skanowałem : Ad-aware se personal Spybot Search & Destroy Windows defender

Złączono Posta : 17.07.2007 (Wto) 16:36

Nic nie pomogło

Gutek · 17 Lipiec 2007 15:39

Daj raport z AVG + Pobierz program SDFix

skitles01 · 18 Lipiec 2007 20:19

AVG Anti-Spyware - Scan Report

Created at: 14:43:06 2007-07-17
Scan result:

:mozilla.23:C:\Documents and Settings\mskpc\Dane aplikacji\Mozilla\Firefox\Profiles\73hecd2j.default\cookies.txt -> TrackingCookie.Tradedoubler : No action taken.

:mozilla.24:C:\Documents and Settings\mskpc\Dane aplikacji\Mozilla\Firefox\Profiles\73hecd2j.default\cookies.txt -> TrackingCookie.Tradedoubler : No action taken.

::Report end

Złączono Posta : 18.07.2007 (Sro) 22:42

SDFix: Version 1.92 Run by mskpc on 2007-07-18 at 22:30 Microsoft Windows XP [Wersja 5.1.2600] Running From: C:\SDFix Safe Mode: Checking Services: Restoring Windows Registry Values Restoring Windows Default Hosts File Restoring Missing Security Center Service Restoring Missing SharedAccess Service Rebooting… Normal Mode: Checking Files: No Trojan Files Found Removing Temp Files… ADS Check: C:\WINDOWS No streams found. C:\WINDOWS\system32 No streams found. C:\WINDOWS\system32\svchost.exe No streams found. C:\WINDOWS\system32\ntoskrnl.exe No streams found. Final Check: Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] “C:\Program Files\Gadu-Gadu\gg.exe”=“C:\Program Files\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program gˆ˘wny” “C:\Program Files\Microsoft Office\Office12\GROOVE.EXE”=“C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove” “C:\Program Files\Skype\Phone\Skype.exe”=“C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath " “C:\Program Files\Hide IP Platinum\hideippla.exe”=“C:\Program Files\Hide IP Platinum\hideippla.exe:*:Enabled:Hide IP Platinum” “C:\Program Files\BearShare\BearShare.exe”=“C:\Program Files\BearShare\BearShare.exe:*:Disabled:BearShare” “C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe”=“C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare” “C:\Documents and Settings\mskpc\Pulpit\Skype.exe”=“C:\Documents and Settings\mskpc\Pulpit\Skype.exe:*:Enabled:Skype. Take a deep breath " “%windir%\system32\sessmgr.exe”=”%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019” [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] “%windir%\system32\sessmgr.exe”="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" Remaining Files: --------------- Files with Hidden Attributes: C:\Program Files\Common Files\Soap218\PFG41_12.dll Finished

Gutek · 20 Lipiec 2007 00:20

Daj log z ComboFix

skitles01 · 20 Lipiec 2007 12:10

“mskpc” - 2007-07-20 13:51:34 - ComboFix 07-07-13.8 - Dodatek Service Pack 2 NTFS ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\Program Files\myglobalsearch C:\Program Files\myglobalsearch\bar\1.bin\M9FFXTBR.JAR C:\Program Files\myglobalsearch\bar\1.bin\M9FFXTBR.MANIFEST C:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.JAR C:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.MANIFEST C:\Program Files\myglobalsearch\bar\1.bin\M9PLUGIN.DLL C:\Program Files\myglobalsearch\bar\1.bin\MGSBAR.DLL C:\Program Files\myglobalsearch\bar\1.bin\NPMYGLSH.DLL C:\Program Files\myglobalsearch\bar\Cache\01B8CEBD C:\Program Files\myglobalsearch\bar\Cache\01B8D601 C:\Program Files\myglobalsearch\bar\Cache\01B8DA08.bin C:\Program Files\myglobalsearch\bar\Cache\01B8DE2E.bin C:\Program Files\myglobalsearch\bar\Cache\01B8EDBF.bin C:\Program Files\myglobalsearch\bar\Cache\files.ini C:\Program Files\myglobalsearch\bar\History\search C:\Program Files\myglobalsearch\bar\Settings\prevcfg.htm ((((((((((((((((((((((((( Files Created from 2007-06-20 to 2007-07-20 ))))))))))))))))))))))))))))))) 2007-07-18 22:29 2007-07-18 18:40 2007-07-18 14:22 2007-07-17 23:43 24,072 --a------ C:\WINDOWS\system32\uxtuneup.dll 2007-07-17 23:33 2007-07-17 23:27 2007-07-17 22:44 36,864 --a------ C:\WINDOWS\system32\wbsys.dll 2007-07-17 22:44 20,480 --a------ C:\WINDOWS\system32\wbload.dll 2007-07-17 22:44 2007-07-17 13:07 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-07-16 15:08 2007-07-16 13:12 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-07-15 14:04 2007-07-06 20:49 2007-07-06 16:54 2007-07-06 16:51 180,224 --a------ C:\WINDOWS\system32\nvudisp.exe 2007-07-06 16:51 2007-07-06 16:50 180,224 --a------ C:\WINDOWS\system32\NVUNINST.EXE 2007-07-06 16:50 2007-07-06 16:50 2007-07-06 13:13 2007-07-06 13:06 2007-07-06 12:59 2007-07-06 12:22 2007-07-06 12:22 2007-07-06 12:22 2007-07-05 23:28 2007-07-05 23:23 2007-07-05 23:23 2007-07-05 17:08 2007-07-05 17:03 2007-07-05 17:01 2007-07-04 00:04 2007-07-03 14:29 2007-07-03 14:27 2007-07-02 17:14 2007-07-02 17:14 2007-07-01 15:37 2007-06-29 23:04 2007-06-29 18:49 65,536 --a------ C:\WINDOWS\system32\a1.dll 2007-06-29 18:49 520,192 --a------ C:\WINDOWS\system32\wscma2u.exe 2007-06-29 18:49 278,528 --a------ C:\WINDOWS\system32\ammpp.dll 2007-06-29 18:49 193,536 --a------ C:\WINDOWS\system32\atomid.exe 2007-06-29 18:49 2007-06-29 17:46 786,432 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT 2007-06-29 17:46 2007-06-29 17:46 2007-06-29 17:46 2007-06-29 17:46 2007-06-29 17:46 2007-06-29 17:46 2007-06-29 17:46 2007-06-29 17:46 2007-06-29 14:11 2007-06-29 13:25 2007-06-29 13:16 9,216 --a------ C:\WINDOWS\system32\cpuinf32.dll 2007-06-29 13:16 245,760 --a------ C:\WINDOWS\system32\mplvpx.dll 2007-06-29 13:16 1,415,680 --a------ C:\WINDOWS\system32\WMV9VCM.dll 2007-06-29 12:53 2007-06-29 12:29 2007-06-28 22:47 2007-06-28 21:40 106,496 --a------ C:\WINDOWS\system32\tsccvid.dll 2007-06-28 21:40 2007-06-28 21:39 2007-06-28 21:37 2007-06-28 21:09 39 --a------ C:\WINDOWS\TDEVXCW60.DLL 2007-06-28 21:09 39 --a------ C:\WINDOWS\system32\TEVPXCW60.DLL 2007-06-28 20:32 2007-06-28 19:27 2007-06-28 18:17 2007-06-28 16:57 412 --a------ C:\WINDOWS\wyczysc.reg 2007-06-28 16:57 22 --a------ C:\WINDOWS\wyczysc.cmd 2007-06-28 12:45 2007-06-28 12:45 2007-06-28 12:44 2007-06-28 12:44 2007-06-28 12:44 2007-06-28 12:44 2007-06-28 12:40 2007-06-28 12:36 85,408 -ra------ C:\WINDOWS\system32\drivers\k510mgmt.sys 2007-06-28 12:35 83,344 -ra------ C:\WINDOWS\system32\drivers\k510obex.sys 2007-06-28 12:34 94,064 -ra------ C:\WINDOWS\system32\drivers\k510mdm.sys 2007-06-28 12:34 8,336 -ra------ C:\WINDOWS\system32\drivers\k510mdfl.sys 2007-06-28 12:34 6,176 -ra------ C:\WINDOWS\system32\drivers\k510cmnt.sys 2007-06-28 12:34 6,176 -ra------ C:\WINDOWS\system32\drivers\k510cm.sys 2007-06-28 12:32 58,288 -ra------ C:\WINDOWS\system32\drivers\k510bus.sys 2007-06-28 12:32 5,808 -ra------ C:\WINDOWS\system32\drivers\k510whnt.sys 2007-06-28 12:32 5,808 -ra------ C:\WINDOWS\system32\drivers\k510wh.sys 2007-06-28 12:27 208,248 --a------ C:\WINDOWS\system32\muweb.dll 2007-06-28 12:26 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2007-06-27 15:01 2007-06-27 14:57 92,240 --a------ C:\WINDOWS\system32\EPPICPrinterDB.dat 2007-06-27 14:57 65,536 --a------ C:\WINDOWS\system32\EPPicMgr.dll 2007-06-27 14:57 479,232 --a------ C:\WINDOWS\system32\PICSDK.dll 2007-06-27 14:57 4,943 --a------ C:\WINDOWS\system32\EPPICPattern6.dat 2007-06-27 14:57 26,154 --a------ C:\WINDOWS\system32\EPPICPattern1.dat 2007-06-27 14:57 24,903 --a------ C:\WINDOWS\system32\EPPICPattern3.dat 2007-06-27 14:57 21,390 --a------ C:\WINDOWS\system32\EPPICPattern5.dat 2007-06-27 14:57 20,148 --a------ C:\WINDOWS\system32\EPPICPattern2.dat 2007-06-27 14:57 114,688 --a------ C:\WINDOWS\system32\EpPicPrt.dll (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-07-20 11:54:35 9,700,128 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat 2007-07-20 11:54:24 791,072 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat 2007-07-19 21:18:08 77,060 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx 2007-07-19 21:18:08 134,708 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2007-07-16 13:08:16 -------- d–h--w C:\Program Files\InstallShield Installation Information 2007-06-29 11:16:21 755,200 ----a-w C:\WINDOWS\system32\ir50_32.dll 2007-06-29 11:15:39 639,066 ----a-w C:\WINDOWS\system32\DivX.dll 2007-06-29 11:15:26 765,952 ----a-w C:\WINDOWS\system32\xvidcore.dll 2007-06-27 13:10:24 -------- d-----w C:\Program Files\Common Files\InstallShield 2007-06-25 12:22:14 358,834 ----a-w C:\WINDOWS\system32\perfh015.dat 2007-06-25 12:22:13 50,748 ----a-w C:\WINDOWS\system32\perfc015.dat 2007-06-18 16:39:27 -------- d-----w C:\Program Files\MP3 Player Utilities 4.09 2007-06-18 16:35:42 -------- d-----w C:\Program Files\Download Express 2007-06-18 16:35:42 -------- d-----w C:\DOCUME~1\mskpc\DANEAP~1\MetaProducts 2007-06-18 13:34:47 -------- d-----w C:\Program Files\Messenger 2007-06-18 13:31:21 -------- d-----w C:\Program Files\MSXML 4.0 2007-06-18 10:03:56 -------- d-----w C:\Program Files\Winamp 2007-06-17 21:06:52 -------- d-----w C:\Program Files\Common Files\ODBC 2007-06-17 21:06:49 -------- d-----w C:\Program Files\Common Files\SpeechEngines 2007-06-17 21:03:02 -------- d-----w C:\Program Files\Bonjour 2007-06-17 21:01:49 -------- d-----w C:\Program Files\Kodak 2007-06-17 20:59:29 -------- d-----w C:\Program Files\Common Files\Kodak 2007-06-17 20:33:21 0 ----a-w C:\WINDOWS\nsreg.dat 2007-06-17 20:23:11 82,258 ----a-w C:\WINDOWS\system32\drivers\klin.dat 2007-06-17 20:23:11 82,258 ----a-w C:\WINDOWS\system32\drivers\klick.dat 2007-06-17 20:18:29 31 ----a-w C:\WINDOWS\system32\drivers\adidsl.cfg 2007-06-17 20:18:01 -------- d-----w C:\Program Files\SAGEM 2007-06-17 20:09:57 -------- d-----w C:\Program Files\Kaspersky Lab 2007-06-17 20:08:30 -------- d-----w C:\Program Files\UltraISO 2007-06-17 20:08:30 -------- d-----w C:\Program Files\Common Files\EZB Systems 2007-06-17 20:00:46 -------- d-----w C:\Program Files\C-Media 3D Audio 2007-06-17 19:59:33 -------- d-----w C:\Program Files\CyberLink 2007-06-17 19:56:05 -------- d-----w C:\Program Files\MarBit 2007-06-17 19:55:05 -------- d-----w C:\Program Files\Xvid 2007-06-17 19:54:46 -------- d-----w C:\Program Files\Codec 2007-06-17 19:28:05 -------- d-----w C:\Program Files\microsoft frontpage 2007-06-17 19:27:55 0 --sha-r C:\MSDOS.SYS 2007-06-17 19:27:55 0 --sha-r C:\IO.SYS 2007-06-17 19:27:55 0 ----a-w C:\CONFIG.SYS 2007-06-17 19:27:55 0 ----a-w C:\AUTOEXEC.BAT 2007-06-17 19:26:20 -------- d–h--w C:\Program Files\WindowsUpdate 2007-06-17 19:26:16 -------- d-----w C:\Program Files\Usługi online 2007-06-17 19:25:27 -------- d-----w C:\Program Files\Common Files\MSSoap 2007-06-17 19:25:18 -------- d-----w C:\Program Files\Movie Maker 2007-06-17 19:24:53 21,856 ----a-w C:\WINDOWS\system32\emptyregdb.dat 2007-06-17 19:23:51 -------- d-----w C:\Program Files\MSN Gaming Zone 2007-06-17 19:23:41 -------- d-----w C:\Program Files\Windows NT 2007-05-17 22:40:02 507,904 ----a-w C:\WINDOWS\system32\MSVLP71.dll 2007-05-17 22:40:02 1,046,528 ----a-w C:\WINDOWS\system32\MFCL71U.DLL 2007-05-17 18:13:51 352,256 ----a-w C:\WINDOWS\system32\MSVLR71.dll 2007-05-16 15:18:58 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-04-25 14:23:30 144,896 ----a-w C:\WINDOWS\system32\schannel.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE~\Browser Helper Objects{00C6482D-C502-44C8-8409-FCE54AD9C208}] 2005-10-14 07:25 49152 --a------ C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll [HKEY_LOCAL_MACHINE~\Browser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] 2004-12-14 11:56 63136 -ra------ C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [HKEY_LOCAL_MACHINE~\Browser Helper Objects{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}] 2007-05-02 02:52 341536 --a------ C:\Program Files\ExPLabs.com\LinkScanner\LinkScannerIE.dll [HKEY_LOCAL_MACHINE~\Browser Helper Objects{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] 2006-10-27 00:48 2210608 --a------ C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [HKEY_LOCAL_MACHINE~\Browser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] 2007-03-14 03:43 501400 --a------ C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [HKEY_LOCAL_MACHINE~\Browser Helper Objects{85F685C3-20D9-4943-95E4-EB4224056C3F}] 2006-12-04 22:00 102400 --a------ C:\Program Files\ivo\Expressivo\IH_iexplore.dll [HKEY_LOCAL_MACHINE~\Browser Helper Objects{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}] 2005-02-22 13:50 368640 --a------ C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “Cmaudio”=“cmicnfg.cpl” [] “GrooveMonitor”=“C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe” [2006-10-27 00:47] “ScanRegistry”=“C:\W” [] “LinkScanner Monitor”=“C:\Program Files\ExPLabs.com\LinkScanner\LinkScannerMonitor.exe” [2007-07-07 00:13] “nwiz”=“nwiz.exe” [2005-12-10 03:06 C:\WINDOWS\system32\nwiz.exe] “Windows Defender”=“C:\Program Files\Windows Defender\MSASCui.exe” [2006-11-03 19:20] “!AVG Anti-Spyware”=“C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” [2007-06-11 11:25] “BearShare”=“C:\Program Files\BearShare\BearShare.exe” [2006-08-01 17:04] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 14:00] “Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-05-10 16:36] “Skype”=“C:\Program Files\Skype\Phone\Skype.exe” [2007-06-08 15:18] “Odkurzacz-MCD”=“C:\Program Files\Odkurzacz\odk_mcd.exe” [2007-03-02 22:38] [HKEY_USERS.default\software\microsoft\windows\currentversion\run] “DWQueuedReporting”=“C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe” -t [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] “NoInstrumentation”=0 (0x0) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] “{B5A7F190-DDA6-4420-B3BA-52453494E6CD}”=“C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [2006-10-27 00:48] “{57B86673-276A-48B2-BAE7-C6DBB3020EB8}”=“C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll” [2007-05-30 14:29] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv] C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll --a------ 2006-10-09 11:40 225280 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] “appinit_dlls”=wbsys.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^SnagIt 7.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\SnagIt 7.lnk backup=C:\WINDOWS\pss\SnagIt 7.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare] “C:\Program Files\BearShare\BearShare.exe” /pause [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] “C:\Program Files\iTunes\iTunesHelper.exe” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite] “C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe” /startoptions [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] C:\Program Files\Winamp\winampa.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] “QuickTime Task”=“C:\Program Files\QuickTime\qttask.exe” -atboottime “BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}”=“C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe” “MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” /background [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] “QuickTime Task”=“C:\Program Files\QuickTime\qttask.exe” -atboottime “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe” HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - netsvcs UxTuneUp Contents of the ‘Scheduled Tasks’ folder 2007-07-19 17:10:09 C:\WINDOWS\tasks\AppleSoftwareUpdate.job 2007-07-20 11:30:08 C:\WINDOWS\tasks\MP Scheduled Scan.job ************************************************************************** catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-07-20 13:54:51 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-07-20 13:56:27 C:\ComboFix-quarantined-files.txt … 2007-07-20 13:56 C:\ComboFix2.txt … 2007-07-16 13:52 — E O F —

Gutek · 20 Lipiec 2007 12:58

Optymalizacja XP: http://forum.dobreprogramy.pl/viewtopic.php?t=76580