Ostre przymulanie kompa oraz duze zuzycie procka+trojan

Wtyku666 · 1 Lipiec 2007 12:17

Logfile of HijackThis v1.99.1

Scan saved at 14:06:02, on 2007-07-01

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Norton Internet Security\ISSVC.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\WINDOWS\system32\drivers\CDAC11BA.EXE

C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\Program Files\Eset\nod32krn.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\DOCUME~1\Agatka\USTAWI~1\Temp\RtkBtMnt.exe

C:\Program Files\Eset\nod32kui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Eset\nod32.exe

C:\Program Files\Winamp\winamp.exe

C:\WINDOWS\system32\taskmgr.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Documents and Settings\Agatka\Pulpit\wir\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: (no name) - {27784E9B-66F4-47EE-A7BF-F80994BF4CDB} - C:\WINDOWS\system32\cbxurrq.dll

O2 - BHO: (no name) - {30E72D33-5F38-4205-9649-D888A0B3B8F8} - C:\WINDOWS\system32\pmkhf.dll

O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll

O2 - BHO: (no name) - {CD3447D4-CA39-4377-8084-30E86331D74C} - C:\WINDOWS\system32\fhtbqypk.dll (file missing)

O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe

O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"

O4 - HKLM\..\Run: [INPROCOMMWireless] C:\Program Files\Atheros\Wireless\Utility\WlanUtil.exe

O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [j2241637] rundll32 C:\WINDOWS\system32\j2241637.dll sook

O4 - HKLM\..\Run: [ApachInc] rundll32.exe "C:\WINDOWS\system32\yvnoneix.dll",realset

O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm

O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm

O8 - Extra context menu item: Wyślij do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virusscanner/kavwebscan_unicode.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C2} (GameDesire Pool 9) - http://67.15.101.3/g_bin/pl/billard9_2_0_0_34.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: cbxurrq - C:\WINDOWS\SYSTEM32\cbxurrq.dll

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O20 - Winlogon Notify: instcat - instcat.dll (file missing)

O20 - Winlogon Notify: pmkhf - C:\WINDOWS\system32\pmkhf.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\

O20 - Winlogon Notify: wincqt32 - C:\WINDOWS\SYSTEM32\wincqt32.dll

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: Harmonogram automatycznej usługi LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

i jeszcze 1 problem z wirusem ktory zostaje wykryty przez nortona(trojan.Vundo i siedzi na dysku c:\WINDOWS\system32\cbxurrq.dll)

prubowalem go usunac w trybie awaryjnym ale ciagle wyskakuje mi przywracanie systemu i nic nie moge zrobiec

adam9870 · 1 Lipiec 2007 12:26

Trojan Vundo:

Użyj VundoFix + FixVundo + VirtumundoBeGone. Wszystkie narzędzia należy uruchomić będąc w trybie awaryjnym.

Po wykonaniu wklej log z ComboFix. Aby zrobić w nim log należy go uruchomić => nacisnąć klawisz Y => czekać cierpliwie i log powinien być w formie pliku .txt o nazwie combofix na partycji C.

Wtyku666 · 1 Lipiec 2007 18:20

utworzyl mi sie katalog z roznymi plikami i jest tam 1 ktory nazywa sie combofix bez razszezenia a jak otwieram do z notatnika to sa same kwadraciki

czy jak bym wyslal log z innego programu?

adam9870 · 1 Lipiec 2007 18:22

Ok, w takim razie spróbuj wykonać i wklej log z narzędzia Deckard’s System Scanner.

Wtyku666 · 1 Lipiec 2007 18:52

Deckard's System Scanner v20070611.50

Extra logfile - please post this as an attachment with your post.

--------------------------------------------------------------------------------


-- System Information ----------------------------------------------------------


Microsoft Windows XP Professional (build 2600) SP 2.0

Architecture: X86; Language: Polish


CPU 0: Intel(R) Celeron(R) M CPU 420 @ 1.60GHz

Percentage of Memory in Use: 67%

Physical Memory (total/avail): 502.05 MiB / 162.2 MiB

Pagefile Memory (total/avail): 1227.21 MiB / 879.67 MiB

Virtual Memory (total/avail): 2047.88 MiB / 1967.78 MiB


C: is Fixed (NTFS) - 19.53 GiB total, 11.08 GiB free. 

D: is Fixed (NTFS) - 36.35 GiB total, 28.65 GiB free. 

E: is CDROM (No Media)



-- Security Center -------------------------------------------------------------


AUOptions is scheduled to auto-install.



-- Environment Variables -------------------------------------------------------


ALLUSERSPROFILE=C:\Documents and Settings\All Users

APPDATA=C:\Documents and Settings\Agatka\Dane aplikacji

CLIENTNAME=Console

CommonProgramFiles=C:\Program Files\Common Files

COMPUTERNAME=AGATAM

ComSpec=C:\WINDOWS\system32\cmd.exe

FP_NO_HOST_CHECK=NO

HOMEDRIVE=C:

HOMEPATH=\Documents and Settings\Agatka

LOGONSERVER=\\AGATAM

NUMBER_OF_PROCESSORS=1

OS=Windows_NT

Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem

PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

PROCESSOR_ARCHITECTURE=x86

PROCESSOR_IDENTIFIER=x86 Family 6 Model 14 Stepping 8, GenuineIntel

PROCESSOR_LEVEL=6

PROCESSOR_REVISION=0e08

ProgramFiles=C:\Program Files

PROMPT=$P$G

SESSIONNAME=Console

SystemDrive=C:

SystemRoot=C:\WINDOWS

TEMP=C:\DOCUME~1\Agatka\USTAWI~1\Temp

TMP=C:\DOCUME~1\Agatka\USTAWI~1\Temp

USERDOMAIN=AGATAM

USERNAME=Agatka

USERPROFILE=C:\Documents and Settings\Agatka

windir=C:\WINDOWS



-- User Profiles ---------------------------------------------------------------


Agatka [I](admin)[/I]

Administrator [I](admin)[/I]



-- Add/Remove Programs ---------------------------------------------------------


 --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

Acer OrbiCam --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4A57592C-FF92-4083-97A9-92783BD5AFB4}\setup.exe" -l0x9 

Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG

Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete

Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe

Ahead Nero Burning ROM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL

Aktualizacja dla systemu Windows XP (KB894391) --> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"

Aktualizacja dla systemu Windows XP (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"

Aktualizacja dla systemu Windows XP (KB900485) --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"

Aktualizacja dla systemu Windows XP (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"

Aktualizacja dla systemu Windows XP (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"

Aktualizacja dla systemu Windows XP (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"

Aktualizacja dla systemu Windows XP (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"

Aktualizacja dla systemu Windows XP (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"

Aktualizacja dla systemu Windows XP (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"

Aktualizacja dla systemu Windows XP (KB927891) --> "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"

Aktualizacja dla systemu Windows XP (KB929338) --> "C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"

Aktualizacja dla systemu Windows XP (KB930916) --> "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"

Aktualizacja dla systemu Windows XP (KB931836) --> "C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"

Aktualizacja zabezpieczeń dla systemu Windows XP (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"

Aktualizacja zabezpieczeń dla systemu Windows XP (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"

Aktualizacja zabezpieczeń dla systemu Windows XP (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"

Aktualizacja zabezpieczeń dla systemu Windows XP (KB896424) --> "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"

Aktualizacja zabezpieczeń dla systemu Windows XP (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"

Aktualizacja zabezpieczeń dla systemu Windows XP (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"

Aktualizacja zabezpieczeń dla systemu Windows XP (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"

Aktualizacja zabezpieczeń dla systemu Windows XP (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"

Aktualizacja zabezpieczeń dla systemu Windows XP (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"

Aktualizacja zabezpieczeń dla systemu Windows XP (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"

Aktualizacja zabezpieczeń dla systemu Windows XP (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"

Aktualizacja zabezpieczeń dla systemu Windows XP (KB904706) --> "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"

Aktualizacja zabezpieczeń dla systemu Windows XP (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"

Aktualizacja zabezpieczeń dla systemu Windows XP (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"

Aktualizacja zabezpieczeń dla systemu Windows XP (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"

Aktualizacja zabezpieczeń dla systemu Windows XP (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"

Aktualizacja zabezpieczeń dla systemu Windows XP (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"

Aktualizacja zabezpieczeń dla systemu Windows XP (KB912919) --> "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"

Aktualizacja zabezpieczeń dla systemu Windows XP (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"

Aktualizacja zabezpieczeń dla systemu Windows XP (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"

Aktualizacja zabezpieczeń dla systemu Windows XP (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"

Aktualizacja zabezpieczeń dla systemu Windows XP (KB917344) --> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"

Aktualizacja zabezpieczeń dla systemu Windows XP (KB917422) --> "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"

Aktualizacja zabezpieczeń dla systemu Windows XP (KB917953) --> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"

Aktualizacja zabezpieczeń dla systemu Windows XP (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"

Aktualizacja zabezpieczeń dla systemu Windows XP (KB918439) --> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"

Aktualizacja zabezpieczeń dla systemu Windows XP (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"

Aktualizacja zabezpieczeń dla systemu Windows XP (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"

Aktualizacja zabezpieczeń dla systemu Windows XP (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"

Aktualizacja zabezpieczeń dla systemu Windows XP (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"

Aktualizacja zabezpieczeń dla systemu Windows XP (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"

Aktualizacja zabezpieczeń dla systemu Windows XP (KB921398) --> "C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"

Aktualizacja zabezpieczeń dla systemu Windows XP (KB922616) --> "C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"

Aktualizacja zabezpieczeń dla systemu Windows XP (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"

Aktualizacja zabezpieczeń dla systemu Windows XP (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"

Aktualizacja zabezpieczeń dla systemu Windows XP (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"

Aktualizacja zabezpieczeń dla systemu Windows XP (KB923694) --> "C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"

Aktualizacja zabezpieczeń dla systemu Windows XP (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"

Aktualizacja zabezpieczeń dla systemu Windows XP (KB924191) --> "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"

Aktualizacja zabezpieczeń dla systemu Windows XP (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"

Aktualizacja zabezpieczeń dla systemu Windows XP (KB924496) --> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"

Aktualizacja zabezpieczeń dla systemu Windows XP (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"

Aktualizacja zabezpieczeń dla systemu Windows XP (KB925454) --> "C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe"

Aktualizacja zabezpieczeń dla systemu Windows XP (KB925902) --> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"

Aktualizacja zabezpieczeń dla systemu Windows XP (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"

Aktualizacja zabezpieczeń dla systemu Windows XP (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"

Aktualizacja zabezpieczeń dla systemu Windows XP (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"

Aktualizacja zabezpieczeń dla systemu Windows XP (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"

Aktualizacja zabezpieczeń dla systemu Windows XP (KB928090) --> "C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe"

Aktualizacja zabezpieczeń dla systemu Windows XP (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"

Aktualizacja zabezpieczeń dla systemu Windows XP (KB928843) --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"

Aktualizacja zabezpieczeń dla systemu Windows XP (KB929123) --> "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"

Aktualizacja zabezpieczeń dla systemu Windows XP (KB929969) --> "C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe"

Aktualizacja zabezpieczeń dla systemu Windows XP (KB930178) --> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"

Aktualizacja zabezpieczeń dla systemu Windows XP (KB931261) --> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"

Aktualizacja zabezpieczeń dla systemu Windows XP (KB931768) --> "C:\WINDOWS\$NtUninstallKB931768$\spuninst\spuninst.exe"

Aktualizacja zabezpieczeń dla systemu Windows XP (KB931784) --> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"

Aktualizacja zabezpieczeń dla systemu Windows XP (KB932168) --> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"

Aktualizacja zabezpieczeń dla systemu Windows XP (KB933566) --> "C:\WINDOWS\$NtUninstallKB933566$\spuninst\spuninst.exe"

Aktualizacja zabezpieczeń dla systemu Windows XP (KB935839) --> "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"

Aktualizacja zabezpieczeń dla systemu Windows XP (KB935840) --> "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"

Aktualizacja zabezpieczeń dla Windows XP (KB923689) --> "C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"

ALLPlayer V2.4 --> "C:\Program Files\MarBit\ALLPlayer\unins000.exe"

Atheros Wireless LAN --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D70DE630-0D13-4394-A15B-5ACE6CF2A18D}\setup.exe" -l0x9 UNINSTALL

AVerMedia M103 (Hybrid DVB-T and NTSC/PAL/SECAM/FM) 1.0.2.34 --> C:\Program Files\AVerMedia\AVerMedia M103 (Hybrid DVB-T and NTSC_PAL_SECAM_FM)\uninst.exe

AVerMedia M104 Driver Uninstaller --> C:\Program Files\TVDriverUninstall\\M104_Drv_V1.0.1.39_Uninstaller.exe /s

DC++ 0.699 --> "C:\Program Files\DC++\uninstall.exe"

Gadu-Gadu 7.6 --> C:\Program Files\Gadu-Gadu\Setup.exe

HDAUDIO Soft Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_1025007F\HXFSETUP.EXE -U -IWstAzlK.inf

High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"

HijackThis 1.99.1 --> C:\Documents and Settings\Agatka\Pulpit\HijackThis.exe /uninstall

Intel(R) Graphics Media Accelerator Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_27A6 PCI\VEN_8086&DEV_27A2

Kaspersky Online Scanner --> C:\WINDOWS\system32\KASPER~1\KASPER~1\kavuninstall.exe

LiveUpdate 3.0 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U

MaXimus DVD Version 1.2 --> C:\WINDOWS\st6unst.exe -n "C:\Program Files\MaXimus DVD v1.2\ST6UNST.LOG"  

mCore --> MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}

mDriver --> MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}

mDrWiFi --> MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}

mEoU --> MsiExec.exe /I{B502B428-3386-40A9-98DB-079AAB72E64F}

mHelp --> MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68}

Microsoft Office 2000 Professional --> MsiExec.exe /I{00010415-78E1-11D2-B60F-006097C998E7}

mIWA --> MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}

mLogView --> MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}

mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}

mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}

mPfWiz --> MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}

mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}

mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}

mXML --> MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}

mZConfig --> MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}

Opera 9.21 --> MsiExec.exe /X{39619863-8A11-4B60-A166-E6747C986EBE}

Oprogramowanie Intel(R) PROSet/Wireless --> C:\WINDOWS\Installer\iProInst.exe

Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan

Pogoda 1.61 --> "C:\Program Files\Pogoda\unins000.exe"

Poprawka dla systemu Windows XP (KB935448) --> "C:\WINDOWS\$NtUninstallKB935448$\spuninst\spuninst.exe"

Poprawka systemu Windows XP - KB873339 --> C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe

Poprawka systemu Windows XP - KB885835 --> C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe

Poprawka systemu Windows XP - KB885836 --> C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe

Poprawka systemu Windows XP - KB886185 --> C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe

Poprawka systemu Windows XP - KB887472 --> C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe

Poprawka systemu Windows XP - KB888302 --> C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe

Poprawka systemu Windows XP - KB890859 --> "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"

Poprawka systemu Windows XP - KB891781 --> C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe

Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x15 -removeonly

SafeCast Shared Components --> C:\Program Files\Common Files\Macrovision Shared\SafeCast\Install\CDAC13BA.EXE /uninstall

Skype 3.1 --> "C:\Program Files\Skype\Phone\unins000.exe"

Skype Plugin Manager --> MsiExec.exe /I{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}

SMSC IrCC V5.1.3600.5 SP2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F1B8DB67-D30E-4FF9-A85F-3CEE51825AA2}\setup.exe" -l0x15 UNINSTALL

SubEdit-Player --> "C:\Program Files\SubEdit-Player\unins000.exe"

Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall

System Antywirusowy NOD32 --> C:\Program Files\Eset\Setup\setup.exe /UNINSTALL

UltimateZip 3.0.3 --> "C:\Program Files\UltimateZip\unins000.exe"

vanBasco's Karaoke Player --> C:\Program Files\vanBasco's Karaoke Player\uninst.exe

WIDCOMM Bluetooth Software --> MsiExec.exe /X{3F4EC965-28EF-45C3-B063-04B25D4E9679}

Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"

WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall

Zoom Player (remove only) --> "C:\Program Files\Zoom Player\uninstall.exe"



-- End of Deckard's System Scanner: finished at 2007-07-01 at 20:33:30 ---------

Deckard's System Scanner v20070611.50

Run by Agatka on 2007-07-01 at 20:27:39

Computer is in Normal Mode.

--------------------------------------------------------------------------------


-- System Restore --------------------------------------------------------------


Successfully created a Deckard's System Scanner Restore Point.



-- Last 5 Restore Point(s) --

61: 2007-07-01 18:27:45 UTC - RP126 - Deckard's System Scanner Restore Point

60: 2007-07-01 12:35:11 UTC - RP125 - Zainstalowano: Opera 9.21

59: 2007-06-30 10:30:17 UTC - RP124 - Punkt kontrolny systemu

58: 2007-06-29 09:12:11 UTC - RP123 - Punkt kontrolny systemu

57: 2007-06-27 20:55:17 UTC - RP122 - Punkt kontrolny systemu



-- First Restore Point -- 

1: 2007-04-03 10:34:43 UTC - RP66 - Software Distribution Service 2.0



Backed up registry hives.


Performed disk cleanup.



-- HijackThis (run as Agatka.exe) ----------------------------------------------


Logfile of HijackThis v1.99.1

Scan saved at 20:33, on 2007-07-01

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\WINDOWS\system32\drivers\CDAC11BA.EXE

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\Eset\nod32krn.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe

C:\Program Files\Eset\nod32kui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\DOCUME~1\Agatka\USTAWI~1\Temp\RtkBtMnt.exe

C:\Program Files\Opera\Opera.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\download z opery\dss.exe

C:\WINDOWS\system32\taskmgr.exe

C:\PROGRA~1\HIJACK~1\Agatka.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forum.dobreprogramy.pl/viewtopic.php?p=1125792#1125792

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = L1cza

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe

O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"

O4 - HKLM\..\Run: [INPROCOMMWireless] C:\Program Files\Atheros\Wireless\Utility\WlanUtil.exe

O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKLM\..\RunOnce: [isDeleteMe] "C:\WINDOWS\system32\cmd.exe" /c "C:\DOCUME~1\Agatka\USTAWI~1\Temp\isDel.bat"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun

O8 - Extra context menu item: Wyślij do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virusscanner/kavwebscan_unicode.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C2} (GameDesire Pool 9) - http://67.15.101.3/g_bin/pl/billard9_2_0_0_34.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\

O20 - Winlogon Notify: wincqt32 - wincqt32.dll (file missing)

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE

O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: Harmonogram automatycznej us3ugi LiveUpdate (Harmonogram automatycznej usługi LiveUpdate) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe



-- File Associations -----------------------------------------------------------


[COLOR=red].cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*[/COLOR]

[COLOR=red].cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*[/COLOR]



-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------


R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.4.9.0) - c:\windows\system32\drivers\aegisp.sys 

R2 BTSERIAL (Bluetooth Serial Driver) - c:\windows\system32\drivers\btserial.sys 

R2 CdaC15BA - c:\windows\system32\drivers\cdac15ba.sys 

R2 s24trans (Transport WLAN) - c:\windows\system32\drivers\s24trans.sys 

R4 SAVRTPEL - c:\program files\norton internet security\norton antivirus\savrtpel.sys (file missing)



-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------


R2 C-DillaCdaC11BA - c:\windows\system32\drivers\cdac11ba.exe 

R2 RegSrvc (Intel(R) PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe 



-- Files created between 2007-06-01 and 2007-07-01 -----------------------------


2050-07-01 12:55:20 298104 --a------ C:\WINDOWS\system32\imon.dll 

2007-07-01 16:53:56 170 --a------ C:\combo.vbs

2007-07-01 15:06:37 0 d-------- C:\VundoFix Backups

2007-07-01 14:42:27 0 d-------- C:\download z opery

2007-07-01 14:35:40 0 d-------- C:\Program Files\Opera

2007-07-01 13:42:51 0 d-------- C:\WINDOWS\pss

2007-07-01 12:41:37 0 d-------- C:\Program Files\Lavasoft

2007-06-29 22:23:35 0 d-------- C:\Program Files\Pogoda

2007-06-28 11:38:32 0 d-------- C:\Program Files\vanBasco's Karaoke Player

2007-06-27 15:48:45 0 d-------- C:\Program Files\MaXimus DVD v1.2

2007-06-27 15:48:17 73216 --a------ C:\WINDOWS\ST6UNST.EXE 

2007-06-27 15:33:05 0 d-------- C:\Program Files\MarBit

2007-06-23 15:21:29 4 --a------ C:\WINDOWS\system32\proc-1963933865.bin



-- Find3M Report ---------------------------------------------------------------


2007-07-01 20:27:04 0 d-------- C:\Documents and Settings\Agatka\Dane aplikacji\Skype

2007-07-01 20:04:08 0 d-------- C:\Program Files\Common Files\Symantec Shared

2007-07-01 19:45:42 356068 --a------ C:\WINDOWS\system32\perfh015.dat

2007-07-01 19:45:42 49910 --a------ C:\WINDOWS\system32\perfc015.dat

2007-07-01 14:37:00 0 d-------- C:\Documents and Settings\Agatka\Dane aplikacji\Opera

2007-07-01 12:43:36 0 d-------- C:\Program Files\UltimateZip

2007-07-01 12:41:51 0 d-------- C:\Documents and Settings\Agatka\Dane aplikacji\Lavasoft

2007-06-27 15:26:36 0 d-------- C:\Program Files\Zoom Player

2007-06-23 15:21:29 0 d-------- C:\Documents and Settings\Agatka\Dane aplikacji\GanymedeNet

2007-06-22 20:26:36 0 d-------- C:\Program Files\Gadu-Gadu

2007-05-25 21:21:17 0 d-------- C:\Program Files\Messenger

2007-05-25 20:50:47 0 d-------- C:\Program Files\Winamp

2007-05-23 23:01:12 0 d-------- C:\Program Files\Symantec

2007-05-23 17:48:15 206 --a------ C:\WINDOWS\g371291390.exe

2007-05-22 22:20:22 2 --a------ C:\-1203531844



-- Registry Dump ---------------------------------------------------------------


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]

"igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe"

"igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe"

"igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe"

"RTHDCPL"="RTHDCPL.EXE"

"Alcmtr"="ALCMTR.EXE"

"AzMixerSel"="C:\\Program Files\\Realtek\\InstallShield\\AzMixerSel.exe"

"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"

"IntelZeroConfig"="\"C:\\Program Files\\Intel\\Wireless\\bin\\ZCfgSvc.exe\""

"IntelWireless"="\"C:\\Program Files\\Intel\\Wireless\\Bin\\ifrmewrk.exe\" /tf Intel PROSet/Wireless"

"EOUApp"="\"C:\\Program Files\\Intel\\Wireless\\Bin\\EOUWiz.exe\""

"INPROCOMMWireless"="C:\\Program Files\\Atheros\\Wireless\\Utility\\WlanUtil.exe"

"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"

"nod32kui"="\"C:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE"

"MSConfig"="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\MSConfig.exe /auto"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]

"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"

"Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"

"Free Download Manager"="C:\\Program Files\\Free Download Manager\\fdm.exe -autorun"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]

"isDeleteMe"="\"C:\\WINDOWS\\system32\\cmd.exe\" /c \"C:\\DOCUME~1\\Agatka\\USTAWI~1\\Temp\\isDel.bat\""


[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wincqt32


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa

   Authentication Packages	REG_MULTI_SZ msv1_0\0\0

   Security Packages	REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0

   Notification Packages	REG_MULTI_SZ scecli\0\0



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^BTTray.lnk]

"path"="C:\\Documents and Settings\\All Users\\Menu Start\\Programy\\Autostart\\BTTray.lnk"

"backup"="C:\\WINDOWS\\pss\\BTTray.lnkCommon Startup"

"location"="Common Startup"

"command"="C:\\PROGRA~1\\WIDCOMM\\BLUETO~1\\BTTray.exe "

"item"="BTTray"


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk]

"path"="C:\\Documents and Settings\\All Users\\Menu Start\\Programy\\Autostart\\Microsoft Office.lnk"

"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"

"location"="Common Startup"

"command"="C:\\PROGRA~1\\MICROS~2\\Office\\OSA9.EXE -b -l"

"item"="Microsoft Office"


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="ccApp"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""

"inimapping"="0"


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\j2241637]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="j2241637"

"hkey"="HKLM"

"command"="rundll32 C:\\WINDOWS\\system32\\j2241637.dll sook"

"inimapping"="0"


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="msmsgs"

"hkey"="HKCU"

"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

"inimapping"="0"


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="NeroCheck"

"hkey"="HKLM"

"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"

"inimapping"="0"


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NI.UERSL_9999_N91S2209]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="errorsafeswedishnewreleaseinstall[1]"

"hkey"="HKLM"

"command"="\"c:\\documents and settings\\agatka\\dane aplikacji\\errorsafeswedishnewreleaseinstall[1].exe\" -nag "

"inimapping"="0"


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="SkyTel"

"hkey"="HKLM"

"command"="SkyTel.EXE"

"inimapping"="0"


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="winampa"

"hkey"="HKLM"

"command"="C:\\Program Files\\Winamp\\winampa.exe"

"inimapping"="0"


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]

HTTPFilter	REG_MULTI_SZ HTTPFilter\0\0

LocalService	REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0

NetworkService	REG_MULTI_SZ DnsCache\0\0

DcomLaunch	REG_MULTI_SZ DcomLaunch\0TermService\0\0

rpcss	REG_MULTI_SZ RpcSs\0\0

imgsvc	REG_MULTI_SZ StiSvc\0\0

termsvcs	REG_MULTI_SZ TermService\0\0



[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3327562e-c1ed-11db-be97-0016cfb26552}]

Shell\0\Command	.\RECYCLER\UExecute.exe

Shell\1\Command	.\RECYCLER\UExecute.exe

Shell\AutoRun\command	C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\RECYCLER\UExecute.exe



-- End of Deckard's System Scanner: finished at 2007-07-01 at 20:33:30 ---------