Virtumondo?

Marikka · 28 Sierpień 2007 20:00

Wiem, że na 100 % gdzieś jest tu trojan, tylko w tym problem, że nie wiem, gdzie.

Wiem też tylko tyle, że uruchamiają mi się strony z reklamami podejrzanych skanerów antywirusowych… :mrgreen:

I ponoć gdzieś na dysku tworzy mi się log z zapisem tego, co wpisałam na klawiaturze…

SpyBot nie mógł wywalić tego czegoś z rejestru, a Norton wcale twego nie wykrywa …

a tu mam hajdżak :

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:35:09, on 2007-08-28 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\nvsvc32.exe E:\Spyware Doctor\svcntaux.exe E:\Spyware Doctor\swdsvc.exe C:\WINDOWS\system32\svchost.exe E:\Spyware Doctor\SDTrayApp.exe C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe C:\WINDOWS\system32\devldr32.exe E:\Nowy folder\PDVDServ.exe C:\WINDOWS\system32\RunDLL32.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe E:\HP Software Update\HPWuSchd2.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe E:\Program Files\Winamp\winampa.exe E:\Program Files\Unlocker\UnlockerAssistant.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe D:\Program Files\eMule\emule.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe E:\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe E:\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://onet.pl/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://onet.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O3 - Toolbar: Pokaż pasek narzędzi Norton - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [VGAUtil] C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe O4 - HKLM…\Run: [RemoteControl] “E:\Nowy folder\PDVDServ.exe” O4 - HKLM…\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe” O4 - HKLM…\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM…\Run: [HP Software Update] E:\HP Software Update\HPWuSchd2.exe O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “E:\Program Files\Reader\Reader_sl.exe” O4 - HKLM…\Run: [ccApp] “C:\Program Files\Common Files\Symantec Shared\ccApp.exe” O4 - HKLM…\Run: [symantec PIF AlertEng] “C:\Program Files\Common Files\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe” /a /m “C:\Program Files\Common Files\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll” O4 - HKLM…\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM…\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot O4 - HKLM…\Run: [WinampAgent] E:\Program Files\Winamp\winampa.exe O4 - HKLM…\Run: [sDTray] “E:\Spyware Doctor\SDTrayApp.exe” O4 - HKLM…\Run: [unlockerAssistant] “E:\Program Files\Unlocker\UnlockerAssistant.exe” O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized O4 - HKCU…\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe” O4 - HKCU…\Run: [spybotSD TeaTimer] E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU…\Run: [uniblue RegistryBooster 2] E:\Program Files\RegistryBooster 2\RegistryBooster.exe /S O4 - HKCU…\Run: [eMuleAutoStart] D:\Program Files\eMule\emule.exe -AutoStart O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA LOKALNA’) O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’) O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’) O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’) O4 - Global Startup: HP Digital Imaging Monitor.lnk = E:\Digital Imaging\bin\hpqtra08.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra ‘Tools’ menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc … oscan8.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan … asinst.cab O17 - HKLM\System\CCS\Services\Tcpip…{CAD86277-9A6E-4235-AF96-87A4B91B91D8}: NameServer = 10.0.0.1 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: iccsvc - C:\WINDOWS\SYSTEM32\iccsvc.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - E:\Spyware Doctor\svcntaux.exe O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - E:\Spyware Doctor\swdsvc.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe – End of file - 8540 bytes

Będę bardzo wdzięczna za szybką odpowiedź ;DDD .

Gutek · 28 Sierpień 2007 20:08

Użyj Pocket Killbox. Zaznaczasz opcję Delete on Reboot i w polu Full Path of File to Delete wklejasz ścieżkę

C:\WINDOWS\System32\iccsvc.dll

i naciskasz X czerwony. Program poprosi o reset kompa … czyli resetujesz.

Pobierz program SDFix

Marikka · 28 Sierpień 2007 20:59

Dziękuję a oto raport z SDFix’a :

SDFix: Version 1.100 Run by Administrator on 2007-08-28 at 22:51 Microsoft Windows XP [Wersja 5.1.2600] Running From: C:\SDFix\SDFix Safe Mode: Checking Services: Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting… Normal Mode: Checking Files: Trojan Files Found: C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\nsp6.tmp - Deleted Removing Temp Files… ADS Check: C:\WINDOWS No streams found. C:\WINDOWS\system32 No streams found. C:\WINDOWS\system32\svchost.exe No streams found. C:\WINDOWS\system32\ntoskrnl.exe No streams found. Final Check: Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] “%windir%\system32\sessmgr.exe”="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" “E:\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe”=“E:\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)” “E:\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe”=“E:\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)” “E:\Digital Imaging\bin\hpqtra08.exe”=“E:\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe” “E:\Digital Imaging\bin\hpqste08.exe”=“E:\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe” “E:\Digital Imaging\bin\hpofxm08.exe”=“E:\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe” “E:\Digital Imaging\bin\hposfx08.exe”=“E:\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe” “E:\Digital Imaging\bin\hposid01.exe”=“E:\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe” “E:\Digital Imaging\bin\hpqscnvw.exe”=“E:\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe” “E:\Digital Imaging\bin\hpqkygrp.exe”=“E:\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe” “E:\Digital Imaging\bin\hpqCopy.exe”=“E:\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe” “E:\Digital Imaging\bin\hpfccopy.exe”=“E:\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe” “E:\Digital Imaging\bin\hpzwiz01.exe”=“E:\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe” “E:\Digital Imaging\bin\hpoews01.exe”=“E:\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe” “E:\Digital Imaging\bin\hpqnrs08.exe”=“E:\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe” “C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\win80.tmp.exe”=“C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\win80.tmp.exe:*:Enabled:win80.tmp” “C:\WINDOWS\TEMP\winF.tmp.exe”=“C:\WINDOWS\TEMP\winF.tmp.exe:*:Enabled:winF.tmp” “C:\Program Files\Skype\Phone\Skype.exe”=“C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype” [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] “%windir%\system32\sessmgr.exe”="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" Remaining Files: --------------- File Backups: - C:\SDFix\SDFix\backups\backups.zip Files with Hidden Attributes: C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp Finished

Gutek · 28 Sierpień 2007 22:11

Daj log z DSS - http://forum.dobreprogramy.pl/viewtopic.php?t=36654 masz na samym dole

Marikka · 29 Sierpień 2007 09:09

Deckard's System Scanner v20070826.66

Run by Administrator on 2007-08-29 11:04:53

Computer is in Normal Mode.

--------------------------------------------------------------------------------


-- System Restore --------------------------------------------------------------


Successfully created a Deckard's System Scanner Restore Point.



-- Last 5 Restore Point(s) --

36: 2007-08-29 09:04:57 UTC - RP36 - Deckard's System Scanner Restore Point

35: 2007-08-29 08:43:46 UTC - RP35 - Software Distribution Service 3.0

34: 2007-08-28 16:41:45 UTC - RP34 - Removed Google Toolbar for Internet Explorer

33: 2007-08-27 11:53:44 UTC - RP33 - Operacja przywracania

32: 2007-08-25 13:50:08 UTC - RP32 - Shockwave Player



-- First Restore Point -- 

1: 2007-08-10 13:58:20 UTC - RP1 - Punkt kontrolny systemu



Backed up registry hives.

Performed disk cleanup.




-- HijackThis (run as Administrator.exe) ---------------------------------------


Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:05:46, on 2007-08-29

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\nvsvc32.exe

E:\Spyware Doctor\svcntaux.exe

E:\Spyware Doctor\swdsvc.exe

E:\Spyware Doctor\SDTrayApp.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\devldr32.exe

C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe

E:\Nowy folder\PDVDServ.exe

C:\WINDOWS\system32\RunDLL32.exe

C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

E:\HP Software Update\HPWuSchd2.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

E:\Program Files\Winamp\winampa.exe

E:\Program Files\Unlocker\UnlockerAssistant.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

D:\Program Files\eMule\emule.exe

E:\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

E:\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Documents and Settings\Administrator\Pulpit\dss.exe

C:\PROGRA~1\TRENDM~1\HIJACK~1\Administrator.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://onet.pl/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://onet.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll

O3 - Toolbar: Pokaż pasek narzędzi Norton - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [VGAUtil] C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe

O4 - HKLM\..\Run: [RemoteControl] "E:\Nowy folder\PDVDServ.exe"

O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

O4 - HKLM\..\Run: [HP Software Update] E:\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [WinampAgent] E:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [SDTray] "E:\Spyware Doctor\SDTrayApp.exe"

O4 - HKLM\..\Run: [UnlockerAssistant] "E:\Program Files\Unlocker\UnlockerAssistant.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] E:\Program Files\RegistryBooster 2\RegistryBooster.exe /S

O4 - HKCU\..\Run: [eMuleAutoStart] D:\Program Files\eMule\emule.exe -AutoStart

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = E:\Digital Imaging\bin\hpqtra08.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (file missing)

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (file missing)

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{CAD86277-9A6E-4235-AF96-87A4B91B91D8}: NameServer = 10.0.0.1

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: iccsvc - C:\WINDOWS\SYSTEM32\iccsvc.dll

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - E:\Spyware Doctor\svcntaux.exe

O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - E:\Spyware Doctor\swdsvc.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


--

End of file - 8394 bytes


-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------


backup-20070828-221707-439 O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll

backup-20070828-221707-825 O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll

backup-20070828-221708-427 O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

backup-20070828-233823-763 O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll

backup-20070828-234008-264 O20 - Winlogon Notify: iccsvc - C:\WINDOWS\SYSTEM32\iccsvc.dll


-- File Associations -----------------------------------------------------------


[COLOR=red].cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*[/COLOR]

[COLOR=red].cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*[/COLOR]



-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------


R3 GPCIDrv - c:\windows\gpcidrv.sys

R3 GVTDrv - c:\windows\system32\drivers\gvtdrv.sys


S3 GVCplDrv - c:\windows\system32\drivers\gvcpldrv.sys



-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------


R3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" 


S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe



-- Device Manager: Disabled ----------------------------------------------------


Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}

Description: nVidia WDM Video Capture (universal)

Device ID: DISPLAY\NVCAP\5&284F0238&0&CA000002&01&00

Manufacturer: nVidia

Name: nVidia WDM Video Capture (universal)

PNP Device ID: DISPLAY\NVCAP\5&284F0238&0&CA000002&01&00

Service: nvcap


Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}

Description: 

Device ID: DISPLAY\NVXBAR\5&284F0238&0&CA000003&01&00

Manufacturer: 

Name: 

PNP Device ID: DISPLAY\NVXBAR\5&284F0238&0&CA000003&01&00

Service: 


Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}

Description: Kontroler magistrali zarządzania systemem

Device ID: PCI\VEN_10DE&DEV_0264&SUBSYS_81BC1043&REV_A2\3&2411E6FE&0&51

Manufacturer: 

Name: Kontroler magistrali zarządzania systemem

PNP Device ID: PCI\VEN_10DE&DEV_0264&SUBSYS_81BC1043&REV_A2\3&2411E6FE&0&51

Service: 


Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}

Description: Nokia N91

Device ID: ROOT\WPD\0000

Manufacturer: Nokia

Name: Nokia N91

PNP Device ID: ROOT\WPD\0000

Service: WUDFRd



-- Scheduled Tasks -------------------------------------------------------------


2007-08-22 15:41:01 270 --a------ C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job

2007-08-22 10:52:42 376 --a------ C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job



-- Files created between 2007-07-29 and 2007-08-29 -----------------------------


2007-08-29 10:40:02 0 d-------- C:\WINDOWS\LastGood

2007-08-28 22:40:28 0 d-------- C:\WINDOWS\ERUNT

2007-08-28 22:18:59 0 d-------- C:\!KillBox

2007-08-28 21:34:53 0 d-------- C:\Program Files\Trend Micro

2007-08-28 19:28:03 0 d-------- C:\WINDOWS\system32\ActiveScan

2007-08-27 19:31:03 0 d-------- C:\Program Files\Neopets

2007-08-27 13:57:08 5112 --a------ C:\WINDOWS\GPCIDrv.sys

2007-08-26 12:38:16 0 d-------- C:\VundoFix Backups

2007-08-25 15:51:56 0 d-------- C:\Program Files\Norton Security Scan

2007-08-24 21:05:51 0 d-------- C:\WINDOWS\pss

2007-08-23 15:12:50 0 d-------- C:\Program Files\Common Files\xing shared

2007-08-23 15:12:29 0 d-------- C:\Program Files\Common Files\Real

2007-08-23 15:12:25 0 d-------- C:\Program Files\Real

2007-08-22 17:43:28 0 d--h----- C:\WINDOWS\PIF

2007-08-20 20:18:01 287769 --a------ C:\WINDOWS\system32\dn78f660a2.dat

2007-08-20 16:32:31 0 d-------- C:\Program Files\GSC World Publishing

2007-08-19 21:06:59 0 d-------- C:\WINDOWS\BDOSCAN8

2007-08-19 20:17:11 94651 -----n--- C:\WINDOWS\system32\iccsvc.dll

2007-08-19 20:17:05 120905 --a------ C:\WINDOWS\system32\sstqq.exe

2007-08-19 10:34:11 0 d-------- C:\Program Files\Windows Media Connect 2

2007-08-19 10:32:46 0 d-------- C:\WINDOWS\system32\LogFiles

2007-08-19 10:32:46 0 d-------- C:\WINDOWS\system32\drivers\UMDF

2007-08-17 20:53:27 0 d-------- C:\Program Files\Nero

2007-08-17 20:53:27 0 d-------- C:\Program Files\Common Files\Ahead

2007-08-17 20:52:16 0 d-------- C:\WINDOWS\RegisteredPackages

2007-08-17 19:22:18 0 d-------- C:\unzipped

2007-08-17 11:51:59 0 d-------- C:\Program Files\Norton 360

2007-08-17 11:50:51 0 d-------- C:\Program Files\Symantec

2007-08-15 19:17:17 0 d-------- C:\Program Files\Skype

2007-08-15 19:17:17 0 d-------- C:\Program Files\Common Files\Skype

2007-08-15 17:00:27 0 d-------- C:\Program Files\MSXML 4.0

2007-08-14 19:24:05 0 d-------- C:\Program Files\Common Files\HP

2007-08-14 19:22:05 0 d-------- C:\Program Files\Hewlett-Packard

2007-08-14 19:21:36 0 d-------- C:\Program Files\Common Files\Hewlett-Packard

2007-08-14 19:16:30 0 d-------- C:\Program Files\HP

2007-08-14 19:12:04 120185 --a------ C:\WINDOWS\hpoins11.dat

2007-08-14 10:21:35 0 d-------- C:\Program Files\Common Files\Adobe

2007-08-13 22:48:19 0 d-------- C:\Program Files\Common Files\PCSuite

2007-08-13 22:48:19 0 d-------- C:\Program Files\Common Files\Nokia

2007-08-13 22:48:12 0 d-------- C:\Program Files\DIFX

2007-08-13 22:48:04 0 d-------- C:\Program Files\PC Connectivity Solution

2007-08-13 22:47:58 0 d------c- C:\WINDOWS\system32\DRVSTORE

2007-08-13 22:47:53 0 d-------- C:\Program Files\Nokia

2007-08-12 18:59:34 1326 --a------ C:\WINDOWS\mozver.dat

2007-08-12 14:16:05 0 d-------- C:\Program Files\DivX

2007-08-12 12:31:45 0 --a------ C:\WINDOWS\nsreg.dat

2007-08-11 00:34:20 0 d-------- C:\Program Files\Google

2007-08-11 00:33:58 0 d-------- C:\WINDOWS\Sun

2007-08-11 00:33:16 0 d-------- C:\Program Files\Java

2007-08-11 00:30:23 0 d-------- C:\Program Files\Common Files\Java

2007-08-10 23:46:33 0 d--hs---- C:\WINDOWS\Installer

2007-08-10 23:46:33 0 d-------- C:\Program Files\Common Files\ODBC

2007-08-10 23:46:29 0 dr------- C:\Program Files

2007-08-10 23:46:29 0 d-------- C:\Program Files\Common Files

2007-08-10 23:46:29 0 d-------- C:\Program Files\Common Files\SpeechEngines

2007-08-10 23:45:47 0 d-------- C:\WINDOWS\system32\CatRoot2

2007-08-10 23:45:47 0 d-------- C:\WINDOWS\system32\CatRoot

2007-08-10 23:45:17 0 d-------- C:\Documents and Settings

2007-08-10 23:45:16 0 d--hs---- C:\System Volume Information

2007-08-10 23:39:48 0 d-------- C:\WINDOWS

2007-08-10 23:39:48 0 d-------- C:\WINDOWS\WinSxS

2007-08-10 23:39:48 0 dr------- C:\WINDOWS\Web

2007-08-10 23:39:48 0 d-------- C:\WINDOWS\twain_32

2007-08-10 23:39:48 0 d-------- C:\WINDOWS\system32

2007-08-10 23:39:48 0 d-------- C:\WINDOWS\system32\wins

2007-08-10 23:39:48 0 d-------- C:\WINDOWS\system32\wbem

2007-08-10 23:39:48 0 d-------- C:\WINDOWS\system32\usmt

2007-08-10 23:39:48 0 d-------- C:\WINDOWS\system32\spool

2007-08-10 23:39:48 0 d-------- C:\WINDOWS\system32\ShellExt

2007-08-10 23:39:48 0 d-------- C:\WINDOWS\system32\Setup

2007-08-10 23:39:48 0 d-------- C:\WINDOWS\system32\ras

2007-08-10 23:39:48 0 d-------- C:\WINDOWS\system32\oobe

2007-08-10 23:39:48 0 d-------- C:\WINDOWS\system32\npp

2007-08-10 23:39:48 0 d-------- C:\WINDOWS\system32\mui

2007-08-10 23:39:48 0 d-------- C:\WINDOWS\system32\inetsrv

2007-08-10 23:39:48 0 d-------- C:\WINDOWS\system32\IME

2007-08-10 23:39:48 0 d-------- C:\WINDOWS\system32\icsxml

2007-08-10 23:39:48 0 d-------- C:\WINDOWS\system32\ias

2007-08-10 23:39:48 0 d-------- C:\WINDOWS\system32\export

2007-08-10 23:39:48 0 d-------- C:\WINDOWS\system32\drivers

2007-08-10 23:39:48 0 d-------- C:\WINDOWS\system32\drivers\etc

2007-08-10 23:39:48 0 d-------- C:\WINDOWS\system32\drivers\disdn

2007-08-10 23:39:48 0 dr-hs--c- C:\WINDOWS\system32\dllcache

2007-08-10 23:39:48 0 d-------- C:\WINDOWS\system32\dhcp

2007-08-10 23:39:48 0 d-------- C:\WINDOWS\system32\config

2007-08-10 23:39:48 0 d-------- C:\WINDOWS\system32\3com_dmi

2007-08-10 23:39:48 0 d-------- C:\WINDOWS\system32\3076

2007-08-10 23:39:48 0 d-------- C:\WINDOWS\system32\2052

2007-08-10 23:39:48 0 d-------- C:\WINDOWS\system32\1054

2007-08-10 23:39:48 0 d-------- C:\WINDOWS\system32\1045

2007-08-10 23:39:48 0 d-------- C:\WINDOWS\system32\1042

2007-08-10 23:39:48 0 d-------- C:\WINDOWS\system32\1041

2007-08-10 23:39:48 0 d-------- C:\WINDOWS\system32\1037

2007-08-10 23:39:48 0 d-------- C:\WINDOWS\system32\1033

2007-08-10 23:39:48 0 d-------- C:\WINDOWS\system32\1031

2007-08-10 23:39:48 0 d-------- C:\WINDOWS\system32\1028

2007-08-10 23:39:48 0 d-------- C:\WINDOWS\system32\1025

2007-08-10 23:39:48 0 d-------- C:\WINDOWS\system

2007-08-10 23:39:48 0 d-------- C:\WINDOWS\security

2007-08-10 23:39:48 0 d-------- C:\WINDOWS\Resources

2007-08-10 23:39:48 0 d-------- C:\WINDOWS\repair

2007-08-10 23:39:48 0 d-------- C:\WINDOWS\Provisioning

2007-08-10 23:39:48 0 d-------- C:\WINDOWS\PeerNet

2007-08-10 23:39:48 0 d-------- C:\WINDOWS\pchealth

2007-08-10 23:39:48 0 d-------- C:\WINDOWS\mui

2007-08-10 23:39:48 0 d-------- C:\WINDOWS\msapps

2007-08-10 23:39:48 0 d-------- C:\WINDOWS\msagent

2007-08-10 23:39:48 0 d-------- C:\WINDOWS\Media

2007-08-10 23:39:48 0 d-------- C:\WINDOWS\java

2007-08-10 23:39:48 0 d--h----- C:\WINDOWS\inf

2007-08-10 23:39:48 0 d-------- C:\WINDOWS\ime

2007-08-10 23:39:48 0 d-------- C:\WINDOWS\Help

2007-08-10 23:39:48 0 dr--s---- C:\WINDOWS\Fonts

2007-08-10 23:39:48 0 d-------- C:\WINDOWS\ehome

2007-08-10 23:39:48 0 d-------- C:\WINDOWS\Driver Cache

2007-08-10 23:39:48 0 d-------- C:\WINDOWS\Debug

2007-08-10 23:39:48 0 d-------- C:\WINDOWS\Cursors

2007-08-10 23:39:48 0 d-------- C:\WINDOWS\Connection Wizard

2007-08-10 23:39:48 0 d-------- C:\WINDOWS\Config

2007-08-10 23:39:48 0 d-------- C:\WINDOWS\AppPatch

2007-08-10 23:39:48 0 d-------- C:\WINDOWS\addins

2007-08-10 23:25:57 0 d--h----- C:\WINDOWS\system32\GroupPolicy

2007-08-10 18:54:52 0 d-------- C:\WINDOWS\NV21803456.TMP

2007-08-10 18:54:21 0 d-------- C:\WINDOWS\system32\ReinstallBackups

2007-08-10 18:30:27 19039 --a------ C:\WINDOWS\system32\drivers\GVTDrv.sys

2007-08-10 18:28:37 0 d-------- C:\Program Files\GigaByte

2007-08-10 18:28:25 306688 --a------ C:\WINDOWS\IsUninst.exe 

2007-08-10 18:02:28 0 d-------- C:\WINDOWS\system32\PreInstall

2007-08-10 18:02:25 0 d--h----- C:\WINDOWS\$hf_mig$

2007-08-10 17:58:17 0 d-------- C:\WINDOWS\system32\SoftwareDistribution

2007-08-10 17:41:15 0 d-------- C:\Program Files\Common Files\Symantec Shared

2007-08-10 16:08:16 0 d-------- C:\WINDOWS\nview

2007-08-10 16:06:56 23040 -ra------ C:\WINDOWS\system32\drivers\GVCplDrv.sys

2007-08-10 16:05:34 0 d-------- C:\WINDOWS\OPTIONS

2007-08-10 16:05:34 0 d-------- C:\Program Files\Realtek

2007-08-10 16:05:29 0 d--h----- C:\Program Files\InstallShield Installation Information

2007-08-10 15:59:40 0 d-------- C:\Program Files\Common Files\InstallShield

2007-08-10 15:59:11 5824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS

2007-08-10 15:57:53 0 d-------- C:\WINDOWS\SoftwareDistribution

2007-08-10 15:57:52 0 d-------- C:\WINDOWS\Prefetch

2007-08-10 15:57:51 0 d---s---- C:\WINDOWS\system32\Microsoft

2007-08-10 15:54:02 0 d-------- C:\WINDOWS\system32\xircom

2007-08-10 15:54:02 0 d-------- C:\Program Files\microsoft frontpage

2007-08-10 15:53:46 0 -rahs---- C:\MSDOS.SYS

2007-08-10 15:53:46 0 -rahs---- C:\IO.SYS

2007-08-10 15:53:46 0 --a------ C:\CONFIG.SYS

2007-08-10 15:53:46 0 --a------ C:\AUTOEXEC.BAT

2007-08-10 15:52:40 0 dr------- C:\WINDOWS\Offline Web Pages

2007-08-10 15:52:40 0 d---s---- C:\WINDOWS\Downloaded Program Files

2007-08-10 15:52:30 0 d--h----- C:\Program Files\WindowsUpdate

2007-08-10 15:52:27 0 d-------- C:\Program Files\Usługi online

2007-08-10 15:52:08 0 d-------- C:\WINDOWS\system32\DirectX

2007-08-10 15:51:27 0 d---s---- C:\WINDOWS\Tasks

2007-08-10 15:51:26 0 d-------- C:\Program Files\Common Files\MSSoap

2007-08-10 15:51:21 0 d-------- C:\WINDOWS\srchasst

2007-08-10 15:51:20 0 d-------- C:\WINDOWS\system32\Macromed

2007-08-10 15:51:11 0 d-------- C:\Program Files\Movie Maker

2007-08-10 15:51:00 0 d-------- C:\WINDOWS\system32\Restore

2007-08-10 15:50:17 21856 --a------ C:\WINDOWS\system32\emptyregdb.dat

2007-08-10 15:50:02 0 d-------- C:\WINDOWS\Registration

2007-08-10 15:49:49 0 d-------- C:\Program Files\Messenger

2007-08-10 15:49:45 0 d-------- C:\Program Files\MSN Gaming Zone

2007-08-10 15:49:09 0 d-------- C:\Program Files\Windows NT

2007-08-10 15:49:05 0 d-------- C:\WINDOWS\system32\MsDtc

2007-08-10 15:49:03 0 d-------- C:\WINDOWS\system32\Com



-- Find3M Report ---------------------------------------------------------------


2007-08-29 10:50:10 0 d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Skype

2007-08-27 19:31:03 0 d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Neopets Toolbar

2007-08-27 15:04:01 0 d-------- C:\Documents and Settings\Administrator\Dane aplikacji\PC Tools

2007-08-23 15:13:33 0 d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Real

2007-08-22 15:47:30 0 d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Uniblue

2007-08-19 18:40:09 0 d-------- C:\Documents and Settings\Administrator\Dane aplikacji\FinalBurner Video DVD

2007-08-19 18:33:57 0 d-------- C:\Documents and Settings\Administrator\Dane aplikacji\FinalBurner DATA

2007-08-19 18:17:01 0 d-------- C:\Documents and Settings\Administrator\Dane aplikacji\FinalBurner Audio CD

2007-08-19 15:33:51 0 d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Gadu-Gadu

2007-08-19 13:39:39 0 d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Ahead

2007-08-16 15:47:09 0 d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Adobe

2007-08-16 15:35:48 0 d-------- C:\Documents and Settings\Administrator\Dane aplikacji\AdobeUM

2007-08-16 12:27:46 0 d-------- C:\Documents and Settings\Administrator\Dane aplikacji\PC Suite

2007-08-16 11:39:23 0 d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Nokia

2007-08-15 19:44:04 0 d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Symantec

2007-08-15 17:53:07 0 d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Image Zone Express

2007-08-14 19:34:32 0 d-------- C:\Documents and Settings\Administrator\Dane aplikacji\HP

2007-08-14 10:15:11 0 d-------- C:\Documents and Settings\Administrator\Dane aplikacji\DivX

2007-08-12 12:31:43 0 d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla

2007-08-11 09:36:14 0 d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Google

2007-08-11 00:33:58 0 d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Sun

2007-08-10 23:46:00 62 --ahs---- C:\Documents and Settings\Administrator\Dane aplikacji\desktop.ini

2007-08-10 22:10:06 0 d-------- C:\Documents and Settings\Administrator\Dane aplikacji\CyberLink

2007-08-10 22:00:11 355486 --a------ C:\WINDOWS\system32\perfh015.dat

2007-08-10 22:00:11 49492 --a------ C:\WINDOWS\system32\perfc015.dat

2007-08-10 18:32:16 0 d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Macromedia

2007-08-10 17:36:42 0 d-------- C:\Documents and Settings\Administrator\Dane aplikacji\vlc

2007-08-10 15:58:07 0 d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Identities

2007-07-26 04:53:34 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll

2007-07-26 04:50:34 196608 --a------ C:\WINDOWS\system32\dtu100.dll 

2007-07-26 04:50:34 81920 --a------ C:\WINDOWS\system32\dpl100.dll 

2007-07-26 04:50:22 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll 

2007-07-26 04:50:22 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll 

2007-07-26 04:50:22 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll 

2007-07-26 04:50:22 740442 --a------ C:\WINDOWS\system32\DivX.dll 

2007-07-26 04:49:28 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll



-- Registry Dump ---------------------------------------------------------------


*Note* empty entries & legit default entries are not shown



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-01 11:22]

"nwiz"="nwiz.exe" [2006-06-01 11:22 C:\WINDOWS\system32\nwiz.exe]

"VGAUtil"="C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe" [2006-07-12 15:27]

"RemoteControl"="E:\Nowy folder\PDVDServ.exe" [2004-11-02 20:24]

"NvMediaCenter"="NvMCTray.dll" [2006-06-01 11:22 C:\WINDOWS\system32\nvmctray.dll]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]

"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 15:10]

"HP Software Update"="E:\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41]

"Adobe Reader Speed Launcher"="E:\Program Files\Reader\Reader_sl.exe" [2007-05-11 03:06]

"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 23:59]

"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 11:22]

"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57]

"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-08-23 15:12]

"WinampAgent"="E:\Program Files\Winamp\winampa.exe" [2007-05-15 00:22]

"SDTray"="E:\Spyware Doctor\SDTrayApp.exe" [2007-08-27 15:07]

"UnlockerAssistant"="E:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-09-07 19:19]


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24]

"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-07-13 18:55]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 19:03]

"SpybotSD TeaTimer"="E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04]

"Uniblue RegistryBooster 2"="E:\Program Files\RegistryBooster 2\RegistryBooster.exe" []

"eMuleAutoStart"="D:\Program Files\eMule\emule.exe" [2006-09-14 16:15]


[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog


C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\

HP Digital Imaging Monitor.lnk - E:\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iccsvc] 

iccsvc.dll 2007-08-28 18:58 94651 C:\WINDOWS\system32\iccsvc.dll


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"


*Newly Created Service* - COMHOST




-- End of Deckard's System Scanner: finished at 2007-08-29 11:07:20 ------------

jessica · 29 Sierpień 2007 09:55

Usuń to Killboxem albo Unlockerem.

Usuń te Kwarantanny ręcznie.

Potem:

Przyjrzałam się jeszcze raportowi z SDFix:

Te pliki mają identyczną nazwę jak trojan oraz dialer.

Na wszelki wypadek sprawdź je na http://virusscan.jotti.org/

Opis, jak korzystać z JOTTI --> http://otfans.pl/forums/showthread.php?tid=552

albo na http://www.virustotal.com/en/indexf.html

(korzysta się podobnie jak z JOTTI).

Potem daj tu wynik sprawdzania oraz log z DSS.

jessi