Problem ze znikającymi plikami .exe i

irene · 10 Lipiec 2007 11:19

Od kilku dni mój komputer zasypywany jest wyskakującymi reklamami z internet explorera (reklamy na temat infekcji lub błędów systemu z ofertą zakupienia opowiedniego oprogramowania, które naprawi te problemy), jak również ze wszystkich programów, które mogłyby zabezpieczyć mój komputer znikają pliki .exe Proszę o pomoc. Oto log z hijack this.

Logfile of HijackThis v1.99.1

Scan saved at 13:10:09, on 2007-07-10

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\muyshygb.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe

E:\Program Files\iTunes+QuickTime\iTunesHelper.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\VM303_STI.EXE

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\G DATA AntiVirus Trial\AVKTray\AVKTray.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\PROGRA~1\3BSOFT~1\WINDOW~2\Windows Clean-Up Pro.uzy

C:\Program Files\poleng\Translatica2\bin\win\int\ms-oe\taoetray.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe

E:\Program Files\eMule\emule.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe

E:\Program Files\Gadu-Gadu\gg.exe

C:\Documents and Settings\Domownik\Pulpit\hijackthis\HijackThis.exe

C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.accoona.com/search_assistant … gn=wdz0805

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.accoona.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: Multi_Media toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul0.dll

O3 - Toolbar: Kellyfamily.nl toolbar - {3f341c57-3a96-46c5-868b-77b782d74980} - (no file)

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL

O3 - Toolbar: Protection Bar - {5d4831e0-5a7c-4a46-afd5-a79ab8ce36c2} - (no file)

O3 - Toolbar: Multi_Media toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul0.dll

O3 - Toolbar: Ad Blocker Pro Toolbar - {28BC2EC4-5EAD-45E1-9F9F-82CD5E293601} - C:\Program Files\3B Software\3B Ad Blocker Pro\AKToolbar.dll

O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM…\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup

O4 - HKLM…\Run: [nwiz] nwiz.exe /install

O4 - HKLM…\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe

O4 - HKLM…\Run: [iTunesHelper] “E:\Program Files\iTunes+QuickTime\iTunesHelper.exe”

O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime

O4 - HKLM…\Run: [bigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)

O4 - HKLM…\Run: [bDNewsAgent] “C:\PROGRA~1\softwin\BITDEF~2\bdnagent.exe”

O4 - HKLM…\Run: [AdBlocker] C:\Program Files\3B Software\3B Ad Blocker Pro\AdBlocker.exe

O4 - HKLM…\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Firewall\feedback.exe /dump:os_startup

O4 - HKLM…\Run: [Windows Clean-Up Pro] C:\PROGRA~1\3BSOFT~1\WINDOW~2\WINDOWS CLEAN-UP PRO.Exe

O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM…\Run: [AVKTray] “C:\Program Files\G DATA AntiVirus Trial\AVKTray\AVKTray.exe”

O4 - HKLM…\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe

O4 - HKLM…\Run: [GPLv3] rundll32.exe “C:\WINDOWS\system32\bpckyenw.dll”,realset

O4 - HKCU…\Run: [NBJ] “C:\Program Files\Ahead\Nero BackItUp\NBJ.exe”

O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized

O4 - HKCU…\Run: [taoetray] C:\Program Files\poleng\Translatica2\bin\win\int\ms-oe\taoetray.exe

O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background

O4 - HKCU…\Run: [Gadu-Gadu] “E:\Program Files\Gadu-Gadu\gg.exe” /tray

O4 - HKCU…\Run: [Odkurzacz-MCD] E:\Program Files\Odkurzacz\odk_mcd.exe

O4 - HKCU…\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4

O4 - HKCU…\Run: [FreeMem Pro] “C:\PROGRA~1\FREEME~1\fmempro.exe” autostart

O4 - HKCU…\Run: [Odkurzacz-QC] E:\Program Files\Odkurzacz\odk_qc.exe

O4 - HKCU…\Run: [eMuleAutoStart] E:\Program Files\eMule\emule.exe -AutoStart

O4 - Startup: VP-EYE.lnk = C:\VP-EYE\control\vpeyev4.exe

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: Szybkie dostosowywanie programu Outpost Firewall Pro - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Firewall\Plugins\BrowserBar\ie_bar.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: Translate into English - {CCCE5D70-9AA2-40F1-9C6B-12A255F08500} - C:\Program Files\poleng\Translatica2\bin\win\int\browser\iepolengextension.dll (HKCU)

O9 - Extra ‘Tools’ menuitem: Translate into English - {CCCE5D70-9AA2-40F1-9C6B-12A255F08500} - C:\Program Files\poleng\Translatica2\bin\win\int\browser\iepolengextension.dll (HKCU)

O9 - Extra button: Translate into Polish - {CCCE5D71-9AA2-40F1-9C6B-12A255F08500} - C:\Program Files\poleng\Translatica2\bin\win\int\browser\iepolengextension.dll (HKCU)

O9 - Extra ‘Tools’ menuitem: Translate into Polish - {CCCE5D71-9AA2-40F1-9C6B-12A255F08500} - C:\Program Files\poleng\Translatica2\bin\win\int\browser\iepolengextension.dll (HKCU)

O9 - Extra button: Save translated page - {CCCE5D72-9AA2-40F1-9C6B-12A255F08500} - C:\Program Files\poleng\Translatica2\bin\win\int\browser\iepolengextension.dll (HKCU)

O9 - Extra ‘Tools’ menuitem: Save translated page - {CCCE5D72-9AA2-40F1-9C6B-12A255F08500} - C:\Program Files\poleng\Translatica2\bin\win\int\browser\iepolengextension.dll (HKCU)

O9 - Extra button: Options - {CCCE5D73-9AA2-40F1-9C6B-12A255F08500} - C:\Program Files\poleng\Translatica2\bin\win\int\browser\iepolengextension.dll (HKCU)

O9 - Extra ‘Tools’ menuitem: Options - {CCCE5D73-9AA2-40F1-9C6B-12A255F08500} - C:\Program Files\poleng\Translatica2\bin\win\int\browser\iepolengextension.dll (HKCU)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda … 8629145890

O17 - HKLM\System\CCS\Services\Tcpip…{E3AB7FFD-DEDF-410B-B61A-DBB3C41E731A}: NameServer = 192.168.10.1

O21 - SSODL: BCEEHCIE - {773606CC-2429-16A6-12A5-4AB46B150A39} - (no file)

O21 - SSODL: mtklefap - {1D01A95F-3B55-4E3E-6EBF-E968582CC75C} - (no file)

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVKProxy - G DATA Software AG - C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe

O23 - Service: DomainService - - C:\WINDOWS\system32\muyshygb.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Power Manager (PowerManager) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)

Joan · 10 Lipiec 2007 11:47

Proszę stosować tagi “quote” lub “code” przy wklejaniu logów.

Zastosuj VundoFix + Trojan.Vundo Removal Tool + VirtumundoBeGone

Użyj SmitFraudFix z opcji 2 w trybie awaryjnym

start > uruchom > cmd > wpisz:

sc stop DomainService

sc delete DomainService

sc stop PowerManager

sc delete PowerManager

R3 - URLSearchHook: Multi_Media toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul0.dll O3 - Toolbar: Kellyfamily.nl toolbar - {3f341c57-3a96-46c5-868b-77b782d74980} - (no file) O3 - Toolbar: Protection Bar - {5d4831e0-5a7c-4a46-afd5-a79ab8ce36c2} - (no file) O3 - Toolbar: Multi_Media toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul0.dll O4 - HKLM…\Run: [GPLv3] rundll32.exe “C:\WINDOWS\system32\bpckyenw.dll”,realset O21 - SSODL: BCEEHCIE - {773606CC-2429-16A6-12A5-4AB46B150A39} - (no file) O21 - SSODL: mtklefap - {1D01A95F-3B55-4E3E-6EBF-E968582CC75C} - (no file) O23 - Service: DomainService - - C:\WINDOWS\system32\muyshygb.exe O23 - Service: Power Manager (PowerManager) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)

pliki na czerwono usuń z dysku w trybie awaryjnym, wpisy skasuj w hijacku

po tym nowe logi z HJT i Silent Runners a także raport ze SmitFraudFix – plik c:\rapport.txt.

irene · 10 Lipiec 2007 14:49

Mam problem z wejściem do trybu awaryjnego - pojawia się komunikat, że komputer został zainfekowany i nie można tam wejść

Gutek · 10 Lipiec 2007 15:30

Daj log z Combofix

irene · 10 Lipiec 2007 18:19

“Domownik” - 2007-07-10 20:14:19 - ComboFix 07-07-10.1 - Dodatek Service Pack 2 FAT32

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\DOCUME~1\Domownik\DANEAP~1.\hidires\hidr.exe.ren

C:\DOCUME~1\Domownik\DANEAP~1.\hidires\m_hook.sys

C:\setup.exe

C:\WINDOWS\dialerexe.ini

C:\WINDOWS\exefld

C:\WINDOWS\exefld\14887078.exe

C:\WINDOWS\exefld\14889046.exe

C:\WINDOWS\exefld\293109.exe

C:\WINDOWS\exefld\293250.exe

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

-------\LEGACY_M_HOOK

-------\LEGACY_ROSA

-------\rosa

((((((((((((((((((((((((( Files Created from 2007-06-10 to 2007-07-10 )))))))))))))))))))))))))))))))

2007-07-10 18:53 51,200 --a------ C:\WINDOWS\nircmd.exe

2007-07-10 18:17

2007-07-10 16:26

2007-07-10 16:04

2007-07-10 16:00 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll

2007-07-10 16:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll

2007-07-10 16:00 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll

2007-07-10 16:00 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll

2007-07-10 16:00 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll

2007-07-10 16:00

2007-07-10 15:13 53,248 --a------ C:\WINDOWS\system32\Process.exe

2007-07-10 15:13 51,200 --a------ C:\WINDOWS\system32\dumphive.exe

2007-07-10 15:13 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe

2007-07-10 14:05

2007-07-09 23:59 4,628 --a------ C:\WINDOWS\system32\xohvfjij.exe.ren

2007-07-09 23:56 66,068 --a------ C:\WINDOWS\system32\nblutkks.exe

2007-07-09 23:01

2007-07-09 23:00

2007-07-09 22:59

2007-07-09 00:11 4,628 --a------ C:\WINDOWS\system32\wvyvaddu.exe.ren

2007-07-08 23:56 4,628 --a------ C:\WINDOWS\system32\bhoxmira.exe.ren

2007-07-08 23:54 50,708 --a------ C:\WINDOWS\system32\muyshygb.exe

2007-07-08 22:26

2007-07-07 08:36 155,648 --a------ C:\WINDOWS\system32\Plug-in Maker.exe

2007-07-07 08:32 49,152 --a------ C:\WINDOWS\system32\ciaRegSvr.dll

2007-07-07 08:32 40,960 --a------ C:\WINDOWS\system32\ciaSubClsSvr.dll

2007-07-07 08:32 180,224 --a------ C:\WINDOWS\system32\ciaResSvr.dll

2007-07-03 22:59

2007-07-01 17:02

2007-06-30 09:42

2007-06-24 03:16 224,424 --a------ C:\WINDOWS\system32\flec003.exe

2007-06-24 02:59

2007-06-18 10:15

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-22 23:24:18 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll

2007-06-07 10:49:30 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys

2007-06-04 13:18:48 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys

2007-06-04 13:17:02 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys

2007-06-04 13:14:56 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys

2007-05-26 01:02:16 55 ----a-w C:\AUTOEXEC.BAT

2007-05-26 01:01:54 29,608 ----a-w C:\WINDOWS_SETUPD_.EXE

2007-05-18 19:23:58 53,760 ----a-w C:\WINDOWS\system32\wintems.exe.ren

2007-05-14 20:04:02 -------- d-----w C:\DOCUME~1\Domownik\DANEAP~1\Microsoft Web Folders

2007-05-14 19:23:20 81,984 ----a-w C:\WINDOWS\system32\bdod.bin

2007-05-14 18:31:10 84 ----a-w C:\WINDOWS\system32\getfile.dat

2007-05-12 01:15:06 -------- d-----w C:\Program Files\KotOR2-PL

2007-05-11 20:36:00 -------- d-----w C:\Program Files\LucasArts

2007-05-11 19:45:18 271,360 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys

2007-05-11 19:45:16 18,048 ----a-w C:\WINDOWS\system32\drivers\lirsgt.sys

2007-04-20 05:15:26 356,352 ----a-w C:\WINDOWS\system32\nvusmb.exe

2007-04-20 05:15:26 356,352 ----a-w C:\WINDOWS\system32\NVUNINST.EXE

2007-04-20 05:15:26 356,352 ----a-w C:\WINDOWS\system32\nvumctl.exe

2007-04-20 05:15:26 356,352 ----a-w C:\WINDOWS\system32\nvuide.exe

2007-04-20 05:15:26 356,352 ----a-w C:\WINDOWS\system32\nvugart.exe

2007-04-20 05:15:26 356,352 ----a-w C:\WINDOWS\system32\nvuenet.exe

2007-04-20 05:15:26 356,352 ----a-w C:\WINDOWS\system32\nvudisp.exe

2007-04-20 05:15:26 356,352 ----a-w C:\WINDOWS\system32\nvuaudio.exe

2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll

2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll

2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll

2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll

2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll

2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll

2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe

2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll

2007-04-13 13:19:52 7,680 ----a-w C:\WINDOWS\system32\lsdelete.exe

2006-02-10 00:17:00 4,184 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

2005-09-23 20:42:10 56 --sh–r C:\WINDOWS\system32\9B00BB4D45.sys

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE~\Browser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

2005-09-24 05:12 63136 --------- C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE~\Browser Helper Objects{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}]

2006-10-31 07:55 1803720 --a------ C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL

[HKEY_LOCAL_MACHINE~\Browser Helper Objects{911C4A8E-0F75-4B83-BEB9-02BDDF29D11E}]

2005-01-25 16:38 102400 --a------ C:\Program Files\3B Software\3B Ad Blocker Pro\AKHelper.dll

[HKEY_LOCAL_MACHINE~\Browser Helper Objects{b5146c40-189a-4311-bda9-fbae3e023187}]

2007-06-02 02:26 1326104 --------- C:\Program Files\Multi_Media\tbMul0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“ISUSPM Startup”=“C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe” [2005-02-16 17:15]

“nwiz”=“nwiz.exe” [2005-10-10 21:49 C:\WINDOWS\system32\nwiz.exe]

“WheelMouse”=“C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe” [2004-08-25 17:31]

“iTunesHelper”=“E:\Program Files\iTunes+QuickTime\iTunesHelper.exe” [2005-12-20 21:54]

“QuickTime Task”=“C:\Program Files\QuickTime\qttask.exe” [2006-02-01 18:56]

“AdBlocker”=“C:\Program Files\3B Software\3B Ad Blocker Pro\AdBlocker.exe” [2005-01-21 14:06]

“OutpostFeedBack”=“C:\Program Files\Agnitum\Outpost Firewall\feedback.exe” [2006-10-30 16:07]

“Windows Clean-Up Pro”=“C:\PROGRA~1\3BSOFT~1\WINDOW~2\WINDOWS CLEAN-UP PRO.Exe” [2003-06-24 02:53]

“AVKTray”=“C:\Program Files\G DATA AntiVirus Trial\AVKTray\AVKTray.exe” [2007-04-24 09:56]

“Ad-Watch”=“C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe” [2007-07-10 15:36]

“NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2005-10-10 21:49]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“NBJ”=“C:\Program Files\Ahead\Nero BackItUp\NBJ.exe” [2004-09-22 16:10]

“ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 03:44]

“Skype”=“C:\Program Files\Skype\Phone\Skype.exe” [2006-10-13 17:20]

“taoetray”=“C:\Program Files\poleng\Translatica2\bin\win\int\ms-oe\taoetray.exe” [2005-04-12 13:23]

“MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2004-10-13 18:24]

“Gadu-Gadu”=“E:\Program Files\Gadu-Gadu\gg.exe” [2007-07-10 00:25]

“Odkurzacz-MCD”=“E:\Program Files\Odkurzacz\odk_mcd.exe” [2007-05-03 10:02]

“Windows Registry Repair Pro”=“C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe” [2005-09-07 15:01]

“Odkurzacz-QC”=“E:\Program Files\Odkurzacz\odk_qc.exe” [2007-05-03 10:01]

“eMuleAutoStart”=“E:\Program Files\eMule\emule.exe” [2007-05-13 16:57]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

“NoRecentDocsHistory”=1 (0x1)

“NoInstrumentation”=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

“HideClock”=1 (0x1)

“NoLowDiskSpaceChecks”=1 (0x1)

SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.

~~\SafeBoot\Minimal\Base

~~\SafeBoot\Minimal\Boot Bus Extender

~~\SafeBoot\Minimal\Boot file system

~~\SafeBoot\Minimal\dmboot.sys

~~\SafeBoot\Minimal\dmio.sys

~~\SafeBoot\Minimal\dmload.sys

~~\SafeBoot\Minimal\dmserver

~~\SafeBoot\Minimal\File system

~~\SafeBoot\Minimal\Filter

~~\SafeBoot\Minimal\PCI Configuration

~~\SafeBoot\Minimal\Primary disk

~~\SafeBoot\Minimal\RpcSs

~~\SafeBoot\Minimal\SCSI Class

~~\SafeBoot\Minimal\sermouse.sys

~~\SafeBoot\Minimal\System Bus Extender

~~\SafeBoot\Minimal\vga.sys

~~\SafeBoot\Minimal\vgasave.sys

~~\SafeBoot\Minimal{4D36E967-E325-11CE-BFC1-08002BE10318}

~~\SafeBoot\Minimal{4D36E96A-E325-11CE-BFC1-08002BE10318}

~~\SafeBoot\Minimal{4D36E96B-E325-11CE-BFC1-08002BE10318}

~~\SafeBoot\Minimal{4D36E96F-E325-11CE-BFC1-08002BE10318}

~~\SafeBoot\Minimal{4D36E97D-E325-11CE-BFC1-08002BE10318}

~~\SafeBoot\Minimal{71A27CDD-812A-11D0-BEC7-08002BE2092F}

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Works Calendar Reminders.lnk]

backup=C:\WINDOWS\pss\Microsoft Works Calendar Reminders.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

C:\WINDOWS\System32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]

C:\Program Files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

“C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe” -start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

“C:\Program Files\Messenger\msmsgs.exe” /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]

“C:\Program Files\Ahead\Nero BackItUp\NBJ.exe”

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SAHBundle]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updater]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-07-10 20:17:38

Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully

hidden files: 0

**************************************************************************

Completion time: 2007-07-10 20:19:23 - machine was rebooted

C:\ComboFix-quarantined-files.txt … 2007-07-10 20:19

— E O F —

Złączono Posta: 10.07.2007 (Wto) 20:29 “Silent Runners.vbs”, revision R50, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “NBJ” = ““C:\Program Files\Ahead\Nero BackItUp\NBJ.exe”” [“Ahead Software AG”] “ctfmon.exe” = “C:\WINDOWS\system32\ctfmon.exe” [MS] “Skype” = ““C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized” [“Skype Technologies S.A.”] “taoetray” = “C:\Program Files\poleng\Translatica2\bin\win\int\ms-oe\taoetray.exe” [“POLENG”] “MSMSGS” = ““C:\Program Files\Messenger\msmsgs.exe” /background” [MS] “Gadu-Gadu” = ““E:\Program Files\Gadu-Gadu\gg.exe” /tray” [“Gadu-Gadu S.A.”] “Odkurzacz-MCD” = “E:\Program Files\Odkurzacz\odk_mcd.exe” [“Franmo Software”] “Windows Registry Repair Pro” = “C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4” [“3B Software, Inc.”] “Odkurzacz-QC” = “E:\Program Files\Odkurzacz\odk_qc.exe” [“Franmo Software”] “eMuleAutoStart” = “E:\Program Files\eMule\emule.exe -AutoStart” [“http://www.emule-project.net”] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “ISUSPM Startup” = “C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup” [“InstallShield Software Corporation”] “nwiz” = “nwiz.exe /install” [“NVIDIA Corporation”] “WheelMouse” = “C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe” [“A4Tech Co.,Ltd.”] “iTunesHelper” = ““E:\Program Files\iTunes+QuickTime\iTunesHelper.exe”” [“Apple Computer, Inc.”] “QuickTime Task” = ““C:\Program Files\QuickTime\qttask.exe” -atboottime” [“Apple Computer, Inc.”] “AdBlocker” = “C:\Program Files\3B Software\3B Ad Blocker Pro\AdBlocker.exe” [“3B Software Inc”] “OutpostFeedBack” = “C:\Program Files\Agnitum\Outpost Firewall\feedback.exe /dump:os_startup” [“Agnitum Ltd.”] “Windows Clean-Up Pro” = “C:\PROGRA~1\3BSOFT~1\WINDOW~2\WINDOWS CLEAN-UP PRO.Exe” [null data] “AVKTray” = ““C:\Program Files\G DATA AntiVirus Trial\AVKTray\AVKTray.exe”” [“G DATA Software”] “Ad-Watch” = “C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe” [“Lavasoft AB”] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM…CLSID} = “AcroIEHlprObj Class” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”] {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}(Default) = (no title provided) -> {HKLM…CLSID} = “MEGAUPLOADTOOLBAR” \InProcServer32(Default) = “C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL” [“MegaUpload”] {911C4A8E-0F75-4B83-BEB9-02BDDF29D11E}(Default) = (no title provided) -> {HKLM…CLSID} = “AKHelper.HelperBHO” \InProcServer32(Default) = “C:\Program Files\3B Software\3B Ad Blocker Pro\AKHelper.dll” [“DC”] {b5146c40-189a-4311-bda9-fbae3e023187}(Default) = (no title provided) -> {HKLM…CLSID} = “Multi_Media toolbar” \InProcServer32(Default) = “C:\Program Files\Multi_Media\tbMul0.dll” [“Conduit Ltd.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\system32\hticons.dll” [“Hilgraeve, Inc.”] “{A70C977A-BF00-412C-90B7-034C51DA2439}” = “NvCpl DesktopContext Class” -> {HKLM…CLSID} = “DesktopContext Class” \InProcServer32(Default) = “C:\WINDOWS\system32\nvcpl.dll” [“NVIDIA Corporation”] “{1CDB2949-8F65-4355-8456-263E7C208A5D}” = “Desktop Explorer” -> {HKLM…CLSID} = “Desktop Explorer” \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A47}” = “Desktop Explorer Menu” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A48}” = “nView Desktop Context Menu” -> {HKLM…CLSID} = “nView Desktop Context Menu” \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] “{950FF917-7A57-46BC-8017-59D9BF474000}” = “Shell Extension for CDRW” -> {HKLM…CLSID} = “Shell Extension for CDRW” \InProcServer32(Default) = “C:\Program Files\Ahead\InCD\incdshx.dll” [“Ahead Software AG”] “{cc86590a-b60a-48e6-996b-41d25ed39a1e}” = “Portable Media Devices Menu” -> {HKLM…CLSID} = “Portable Media Devices Menu” \InProcServer32(Default) = “C:\WINDOWS\system32\Audiodev.dll” [MS] “{EFA24E62-B078-11d0-89E4-00C04FC9E26E}” = “History Band” -> {HKLM…CLSID} = “History Band” \InProcServer32(Default) = “C:\WINDOWS\system32\shdocvw.dll” [MS] “{3028902F-6374-48b2-8DC6-9725E775B926}” = “IE Microsoft AutoComplete” -> {HKLM…CLSID} = “IE Microsoft AutoComplete” \InProcServer32(Default) = “C:\WINDOWS\system32\browseui.dll” [MS] “{AD392E40-428C-459F-961E-9B147782D099}” = “UltraISO” -> {HKLM…CLSID} = “UIContextMenu Class” \InProcServer32(Default) = “C:\Program Files\UltraISO\isoshell.dll” [“EZB Systems, Inc.”] “{FFB699E0-306A-11d3-8BD1-00104B6F7516}” = “Play on my TV helper” -> {HKLM…CLSID} = “NVIDIA CPL Extension” \InProcServer32(Default) = “C:\WINDOWS\system32\nvcpl.dll” [“NVIDIA Corporation”] “{0006F045-0000-0000-C000-000000000046}” = “Microsoft Outlook Custom Icon Handler” -> {HKLM…CLSID} = “Rozszerzenie ikon plików programu Outlook” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL” [MS] “{52B87208-9CCF-42C9-B88E-069281105805}” = “Trojan Remover Shell Extension” -> {HKLM…CLSID} = “Trojan Remover Shell Extension” \InProcServer32(Default) = “E:\PROGRA~1\TROJAN~1\Trshlex.dll” [“Simply Super Software”] HKLM\System\CurrentControlSet\Control\Session Manager\ <> “BootExecute” = “autocheck autochk *”|“lsdelete” [null data] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = “PDF Column Info” -> {HKLM…CLSID} = “PDF Shell Extension” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll” [“Adobe Systems, Inc.”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ ASW(Default) = “{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}” -> {HKLM…CLSID} = “Outpost.ASWShellExt Component” \InProcServer32(Default) = “C:\Program Files\Agnitum\Outpost Firewall\op_shell.dll” [“Agnitum Ltd.”] AVK9CM(Default) = “{CAF4C320-32F5-11D3-A222-004095200FF2}” -> {HKLM…CLSID} = “AVK9ContextMenue” \InProcServer32(Default) = “C:\Program Files\G DATA AntiVirus Trial\AVK\ShellExt.dll” [“G DATA Software AG”] Trojan Remover(Default) = “{52B87208-9CCF-42C9-B88E-069281105805}” -> {HKLM…CLSID} = “Trojan Remover Shell Extension” \InProcServer32(Default) = “E:\PROGRA~1\TROJAN~1\Trshlex.dll” [“Simply Super Software”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ ASW(Default) = “{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}” -> {HKLM…CLSID} = “Outpost.ASWShellExt Component” \InProcServer32(Default) = “C:\Program Files\Agnitum\Outpost Firewall\op_shell.dll” [“Agnitum Ltd.”] UltraISO(Default) = “{AD392E40-428C-459F-961E-9B147782D099}” -> {HKLM…CLSID} = “UIContextMenu Class” \InProcServer32(Default) = “C:\Program Files\UltraISO\isoshell.dll” [“EZB Systems, Inc.”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ ASW(Default) = “{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}” -> {HKLM…CLSID} = “Outpost.ASWShellExt Component” \InProcServer32(Default) = “C:\Program Files\Agnitum\Outpost Firewall\op_shell.dll” [“Agnitum Ltd.”] AVK9CM(Default) = “{CAF4C320-32F5-11D3-A222-004095200FF2}” -> {HKLM…CLSID} = “AVK9ContextMenue” \InProcServer32(Default) = “C:\Program Files\G DATA AntiVirus Trial\AVK\ShellExt.dll” [“G DATA Software AG”] Trojan Remover(Default) = “{52B87208-9CCF-42C9-B88E-069281105805}” -> {HKLM…CLSID} = “Trojan Remover Shell Extension” \InProcServer32(Default) = “E:\PROGRA~1\TROJAN~1\Trshlex.dll” [“Simply Super Software”] UltraISO(Default) = “{AD392E40-428C-459F-961E-9B147782D099}” -> {HKLM…CLSID} = “UIContextMenu Class” \InProcServer32(Default) = “C:\Program Files\UltraISO\isoshell.dll” [“EZB Systems, Inc.”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ “HideClock” = (REG_DWORD) hex:0x00000001 {unrecognized setting} “NoLowDiskSpaceChecks” = (REG_DWORD) hex:0x00000001 {unrecognized setting} HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ “NoRecentDocsHistory” = (REG_DWORD) hex:0x00000001 {unrecognized setting} “NoInstrumentation” = (REG_DWORD) hex:0x00000001 {unrecognized setting} HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\ “1601” = (REG_DWORD) hex:0x00000000 {unrecognized setting} HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\ “1601” = (REG_DWORD) hex:0x00000000 {unrecognized setting} HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\ “1601” = (REG_DWORD) hex:0x00000000 {unrecognized setting} HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\ “1601” = (REG_DWORD) hex:0x00000000 {unrecognized setting} HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\ “1601” = (REG_DWORD) hex:0x00000000 {unrecognized setting} HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\ “1601” = (REG_DWORD) hex:0x00000000 {unrecognized setting} HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} “undockwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be enabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ “Wallpaper” = “C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\Documents and Settings\Domownik\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Active Desktop web content (hidden if disabled): HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\0\ “FriendlyName” = “” “Source” = “http://www.k-ff.com/./Grafika/krypta/loga/10_2_panel_logo.jpg” “SubscribedURL” = “http://www.k-ff.com/./Grafika/krypta/loga/10_2_panel_logo.jpg” Startup items in “Domownik” & “All Users” startup folders: ---------------------------------------------------------- C:\Documents and Settings\Domownik\Menu Start\Programy\Autostart “VP-EYE” -> shortcut to: “C:\VP-EYE\control\vpeyev4.exe” [“Meta Media Inc.”] “Adobe Gamma” -> shortcut to: “C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe” [“Adobe Systems, Inc.”] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart “Adobe Reader Speed Launch” -> shortcut to: “C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe” [“Adobe Systems Incorporated”] “Microsoft Office” -> shortcut to: “C:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l” [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 14 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ “{B5146C40-189A-4311-BDA9-FBAE3E023187}” -> {HKLM…CLSID} = “Multi_Media toolbar” \InProcServer32(Default) = “C:\Program Files\Multi_Media\tbMul0.dll” [“Conduit Ltd.”] HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ “{EF99BD32-C1FB-11D2-892F-0090271D4F88}” -> {HKLM…CLSID} = “Yahoo! Toolbar” \InProcServer32(Default) = “C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll” [“Yahoo! Inc.”] “{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}” -> {HKLM…CLSID} = “MEGAUPLOADTOOLBAR” \InProcServer32(Default) = “C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL” [“MegaUpload”] “{B5146C40-189A-4311-BDA9-FBAE3E023187}” -> {HKLM…CLSID} = “Multi_Media toolbar” \InProcServer32(Default) = “C:\Program Files\Multi_Media\tbMul0.dll” [“Conduit Ltd.”] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ “{EF99BD32-C1FB-11D2-892F-0090271D4F88}” = (no title provided) -> {HKLM…CLSID} = “Yahoo! Toolbar” \InProcServer32(Default) = “C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll” [“Yahoo! Inc.”] “{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}” = (no title provided) -> {HKLM…CLSID} = “MEGAUPLOADTOOLBAR” \InProcServer32(Default) = “C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL” [“MegaUpload”] “{28BC2EC4-5EAD-45E1-9F9F-82CD5E293601}” = “Ad Blocker Pro Toolbar” -> {HKLM…CLSID} = “Ad Blocker Pro Toolbar” \InProcServer32(Default) = “C:\Program Files\3B Software\3B Ad Blocker Pro\AKToolbar.dll” [“3B Software”] Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ HKLM\Software\Classes\CLSID{A1A7E22D-1587-4230-8F16-081C68D21448}(Default) = “Szybkie dostosowywanie programu” Implemented Categories{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32(Default) = “C:\Program Files\Agnitum\Outpost Firewall\Plugins\BrowserBar\ie_bar.dll” [“Agnitum Ltd.”] Extensions (Tools menu items, main toolbar menu buttons) HKCU\Software\Microsoft\Internet Explorer\Extensions\ {CCCE5D70-9AA2-40F1-9C6B-12A255F08500}\ “ButtonText” = “Translate into English” “MenuText” = “Translate into English” “CLSIDExtension” = “{CC4371C0-D2F6-11D7-BDC4-00605209B788}” -> {HKCU…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\poleng\Translatica2\bin\win\int\browser\iepolengextension.dll” [“POLENG”] {CCCE5D71-9AA2-40F1-9C6B-12A255F08500}\ “ButtonText” = “Translate into Polish” “MenuText” = “Translate into Polish” “CLSIDExtension” = “{CC4371C1-D2F6-11D7-BDC4-00605209B788}” -> {HKCU…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\poleng\Translatica2\bin\win\int\browser\iepolengextension.dll” [“POLENG”] {CCCE5D72-9AA2-40F1-9C6B-12A255F08500}\ “ButtonText” = “Save translated page” “MenuText” = “Save translated page” “CLSIDExtension” = “{CC4371C2-D2F6-11D7-BDC4-00605209B788}” -> {HKCU…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\poleng\Translatica2\bin\win\int\browser\iepolengextension.dll” [“POLENG”] {CCCE5D73-9AA2-40F1-9C6B-12A255F08500}\ “ButtonText” = “Options” “MenuText” = “Options” “CLSIDExtension” = “{CC4371C3-D2F6-11D7-BDC4-00605209B788}” -> {HKCU…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\poleng\Translatica2\bin\win\int\browser\iepolengextension.dll” [“POLENG”] HKLM\Software\Microsoft\Internet Explorer\Extensions\ {44627E97-789B-40D4-B5C2-58BD171129A1}\ “ButtonText” = “Szybkie dostosowywanie programu Outpost Firewall Pro” {FB5F1910-F110-11D2-BB9E-00C04F795683}\ “ButtonText” = “Messenger” “MenuText” = “Windows Messenger” “Exec” = “C:\Program Files\Messenger\msmsgs.exe” [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Ad-Aware 2007 Service, aawservice, ““C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe”” [“Lavasoft AB”] InCD Helper, InCDsrv, “C:\Program Files\Ahead\InCD\InCDsrv.exe” [“Ahead Software AG”] iPodService, iPodService, “C:\Program Files\iPod\bin\iPodService.exe” [“Apple Computer, Inc.”] Machine Debug Manager, MDM, ““C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE”” [MS] NVIDIA Display Driver Service, NVSvc, “C:\WINDOWS\system32\nvsvc32.exe” [“NVIDIA Corporation”] ---------- <>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 73 seconds. ---------- (total run time: 159 seconds)

Gutek · 10 Lipiec 2007 21:28

Wyłacz Ad-Watch i:

Pobierz The Avenger. Wypakuj => uruchom => zaznacz opcję Input script manually => kliknij w taką lupkę => w okienku, które się otworzy wklej:

kliknij klawisz Done => teraz kliknij na zielone światełko => powinna pojawić się pewna informacja i kliknij OK (teraz restart).

Pobierz program SDFix

irene · 10 Lipiec 2007 21:56

Dzięki serdeczne za wszystkie porady Heh…wrócę do tego jutro, bo dziś już mam szczerze dość