Win32:Small-EQY

t_1 · 6 Kwiecień 2007 15:41

Witam

Zalapalem cos takiego, prosze wiec o sprawdzenie mojego loga:

ComboScan v20070306.20 run by top1 on 2007-04-06 at 13:17:25 Supplementary logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- – System Information ---------------------------------------------------------- Microsoft Windows XP Professional (build 2600) SP 2.0 Architecture: X86; Language: Polish CPU 0: Intel® Pentium® 4 CPU 2.00GHz Percentage of Memory in Use: 42% Physical Memory (total/avail): 1023.48 MiB / 583.89 MiB Pagefile Memory (total/avail): 2461.5 MiB / 2050.66 MiB Virtual Memory (total/avail): 2047.88 MiB / 1992.44 MiB A: is Removable (No Media) C: is Fixed (NTFS) - 10.74 GiB total, 3.68 GiB free. … K: is CDROM (No Media) – Security Center ------------------------------------------------------------- AUOptions is disabled. Windows Internal Firewall is disabled. – Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\top1\Dane aplikacji CLASSPATH=.;C:\Program Files\Java\jre1.5.0_11\lib\ext\QTJava.zip CLIENTNAME=Console CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=KHN-16D0D3513BF ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\top1 LOGONSERVER=\KHN-16D0D3513BF NUMBER_OF_PROCESSORS=1 OS=Windows_NT Path=C:\Program Files\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\SecureCRT;C:\Program Files\QuickTime\QTSystem;;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 4, GenuineIntel PROCESSOR_LEVEL=15 PROCESSOR_REVISION=0204 ProgramFiles=C:\Program Files PROMPT=$P$G QTJAVA=C:\Program Files\Java\jre1.5.0_11\lib\ext\QTJava.zip SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\top1\USTAWI~1\Temp TMP=C:\DOCUME~1\top1\USTAWI~1\Temp USERDOMAIN=KHN-16D0D3513BF USERNAME=top1 USERPROFILE=C:\Documents and Settings\top1 windir=C:\WINDOWS – User Profiles --------------------------------------------------------------- top1 (admin) – Add/Remove Programs --------------------------------------------------------- --> C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL --> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL --> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL --> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL --> C:\WINDOWS\UNRecode.exe /UNINSTALL --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{15B3F9F8-4CF9-452A-9AF2-AA8553765DA7}\setup.exe” -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{2C81600D-D6C7-4687-9362-DD4A78B3483E}\setup.exe” -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{513D9FB1-27A2-44E4-8F2D-77A6737921A5}\setup.exe” -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe” -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{6BE926E5-66F4-4166-A5E5-E14D7A165BBD}\setup.exe” -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE” -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe” -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.exe” -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{EAF97B2C-0B9B-403C-829C-EF8099237DA9}\setup.exe” -l0x9 --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Adobe Acrobat 7.0 Professional --> msiexec /I {AC76BA86-1033-0000-7760-100000000002} Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete Advanced Video FX Engine --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.exe” -l0x9 /remove ALLPlayer V2.1 --> C:\Program Files\MarBit\ALLPlayer\UnGins.exe “C:\Program Files\MarBit\ALLPlayer\install.log” Apple Software Update --> MsiExec.exe /I{A260B422-70E1-41E2-957D-F76FA21266D5} Archiwizator WinRAR --> C:\Program Files\WinRAR\uninstall.exe µTorrent --> “C:\Program Files\uTorrent\uninstall.exe” avast! Antivirus --> rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup BPFTP Server (remove only) --> “C:\Program Files\G6 FTP Server\uninstall-bpftpd.exe” CloneCD --> “C:\Program Files\SlySoft\CloneCD\ccd-uninst.exe” /D=“C:\Program Files\SlySoft\CloneCD” Creative Live! Cam Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{6BE926E5-66F4-4166-A5E5-E14D7A165BBD}\setup.exe” -l0x9 /remove Creative Live! Cam Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{15B3F9F8-4CF9-452A-9AF2-AA8553765DA7}\setup.exe” -l0x9 /remove Creative Live! Cam Video IM Pro Driver (1.00.07.0725) --> C:\WINDOWS\CtDrvIns.exe -uninstall -script VF0230.uns -unsext NT -plugin V0230Pin.dll -pluginres CtCamPin.crl Creative Live! Cam Video IM Pro User’s Guide (English) --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\Creative Live! Cam Video IM Pro\Creative Live! Cam Video IM Pro User’s Guide\English\CTManual.isu" Creative Photo Calendar --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{2C81600D-D6C7-4687-9362-DD4A78B3483E}\setup.exe” -l0x9 /remove Creative Photo Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{513D9FB1-27A2-44E4-8F2D-77A6737921A5}\setup.exe” -l0x9 /remove Creative Software AutoUpdate --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE” -l0x9 /remove Creative System Information --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe” -l0x9 /remove CZATeriaKam 1.6 --> C:\Program Files\INTERIAPL\CZATeria\uninst.exe EditPlus 2 --> C:\Program Files\EditPlus 2\remove.exe eMule Plus 1.2b --> “C:\Program Files\eMule\unins000.exe” eMusic - 50 Free MP3 offer --> “C:\Program Files\Winamp\eMusic\Uninst-eMusic-promotion.exe” FlashFXP v3 --> “D:\Program Files\FlashFXP\Uninstall.exe” “D:\Program Files\FlashFXP\install.log” -u Gadu-Gadu 7.6 --> C:\Program Files\Gadu-Gadu\Setup.exe Get Yahoo! Messenger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{EAF97B2C-0B9B-403C-829C-EF8099237DA9}\setup.exe” -l0x9 /remove iTunes --> MsiExec.exe /I{AB90749C-7422-4580-8A7A-66CC5E9E5F98} J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110} K-Lite Codec Pack 2.85 Full --> “C:\Program Files\K-Lite Codec Pack\unins000.exe” Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110415-6000-11D3-8CFE-0150048383C9} Miranda IM 0.6.7 --> C:\Program Files\Miranda IM\uninstall.exe mIRC --> “D:\Program Files\mIRC\mirc.exe” -uninstall muvee autoProducer 4.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{76B78008-3832-42FD-AE55-C8F946ED3C7E}\Setup.exe” -l0x9 NAPIPROJEKT 1.0.4.3 --> “C:\Program Files\NAPI-PROJEKT\unins000.exe” Nero 7 Ultra Edition --> MsiExec.exe /I{2D7D9D86-923A-41A8-919F-437332AB1045} Norton PartitionMagic 8.0 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{21DBBDD6-93A5-4326-9A04-C9A5C9148502} Plato Video To 3GP Converter 3.18 --> “C:\Program Files\Plato Video To 3GP Converter\unins000.exe” QuickTime --> MsiExec.exe /I{5E863175-E85D-44A6-8968-82507D34AE7F} Real Alternative 1.51 --> “C:\Program Files\Real Alternative\unins000.exe” SightSpeed (remove only) --> “C:\Program Files\SightSpeed\uninst.exe” Skype 3.0 --> “C:\Program Files\Skype\Phone\unins000.exe” Skype Plugin Manager --> MsiExec.exe /I{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03} Spy Sweeper --> “C:\Program Files\Webroot\Spy Sweeper\unins000.exe” Total Commander (Remove or Repair) --> C:\Program Files\totalcmd\tcuninst.exe VanDyke Software SecureCRT 5.0 --> C:\PROGRA~1\SECURE~1\UNINSTAL.EXE C:\PROGRA~1\SECURE~1\INSTALL.LOG Winamp (remove only) --> “C:\Program Files\Winamp\UninstWA.exe” xp-AntiSpy 3.96-4 --> C:\Program Files\xp-AntiSpy\Uninstall.exe – End of ComboScan: finished at 2007-04-06 at 13:18:44 ------------------------

ComboScan v20070306.20 run by top1 on 2007-04-06 at 13:17:25 Computer is in Normal Mode. -------------------------------------------------------------------------------- – System Restore -------------------------------------------------------------- Successfully created ComboScan Restore Point. – Last 5 Restore Point(s) – 29: 2007-04-06 11:17:30 UTC - RP53 - ComboScan Restore Point 28: 2007-04-05 20:45:42 UTC - RP52 - Punkt kontrolny systemu 27: 2007-04-04 19:32:18 UTC - RP51 - Punkt kontrolny systemu 26: 2007-04-03 19:15:57 UTC - RP50 - Punkt kontrolny systemu 25: 2007-04-02 19:14:53 UTC - RP49 - Punkt kontrolny systemu – First Restore Point – 1: 2007-03-11 18:08:39 UTC - RP25 - Installed muvee autoProducer 4.1 Performed disk cleanup. – HijackThis (run as top1.exe) ------------------------------------------------ Logfile of HijackThis v1.99.1 Scan saved at 13:18:04, on 2007-04-06 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Winamp\winampa.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\devldr32.exe C:\WINDOWS\system32\V0230Mon.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe C:\windows\system32\uvnx.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe C:\DOCUME~1\top1\USTAWI~1\Temp\winlogon.exe C:\Program Files\Skype\Plugin Manager\SkypePM.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Webroot\Spy Sweeper\SSU.EXE C:\DOCUME~1\top1\USTAWI~1\Temp\Temporary Internet Files\Content.IE5\H5LCFRIS\comboscan[1].exe C:\PROGRA~1\HIJACK~1\top1.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza F2 - REG:system.ini: Shell=explorer.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - D:\PROGRA~1\FlashFXP\IEFlash.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM…\Run: [WinampAgent] “C:\Program Files\Winamp\winampa.exe” O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe” O4 - HKLM…\Run: [NeroFilterCheck] “C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe” O4 - HKLM…\Run: [Acrobat Assistant 7.0] “C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe” O4 - HKLM…\Run: [AVFX Engine] “C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe” O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime O4 - HKLM…\Run: [V0230Mon.exe] C:\WINDOWS\system32\V0230Mon.exe O4 - HKLM…\Run: [iTunesHelper] “C:\Program Files\iTunes\iTunesHelper.exe” O4 - HKLM…\Run: [CloneCDTray] “C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe” /s O4 - HKLM…\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM…\Run: [uvnx] c:\windows\system32\uvnx.exe O4 - HKLM…\Run: [spySweeper] “C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe” /startintray O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized O4 - HKCU…\Run: [Creative Live! Cam Manager] “C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe” O4 - HKCU…\Run: [Firewall auto setup] C:\DOCUME~1\top1\USTAWI~1\Temp\winlogon.exe O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe – File Associations ----------------------------------------------------------- .bat - batfile - “%1” %* .chm - chm.file - “C:\WINDOWS\hh.exe” %1 .cmd - cmdfile - “%1” %* .com - comfile - “%1” %* .exe - exefile - “%1” %* .hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1 .inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1 .ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1 .js - JSFile - %SystemRoot%\System32\WScript.exe “%1” %* .lnk - lnkfile - {00021401-0000-0000-C000-000000000046} .pif - piffile - “%1” %* .reg - regfile - regedit.exe “%1” .scr - scrfile - “%1” /S .txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1 .vbs - VBSFile - %SystemRoot%\System32\WScript.exe “%1” %* – Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- 1R Aavmker4 (avast! Asynchronous Virus Monitor) - C:\WINDOWS\system32\drivers\aavmker4.sys 2R aswMon2 (avast! Standard Shield Support) - C:\WINDOWS\system32\drivers\aswmon2.sys 3R aswRdr - C:\WINDOWS\system32\drivers\aswRdr.sys 1R aswTdi (avast! Network Shield Support) - C:\WINDOWS\system32\drivers\aswTdi.sys 3S CCDECODE (Dekoder napisów) - C:\WINDOWS\system32\drivers\CCDECODE.sys 3R ctljystk (Port gier dla karty Creative SB Live!) - C:\WINDOWS\system32\drivers\ctljystk.sys 3R EL90XBC (Sterownik karty 3Com EtherLink XL 90XB/C) - C:\WINDOWS\system32\drivers\el90xbc5.sys 3R ElbyCDFL - C:\WINDOWS\system32\drivers\ElbyCDFL.sys 2R ElbyCDIO (ElbyCDIO Driver) - C:\WINDOWS\system32\drivers\ElbyCDIO.sys 3R emu10k (Creative SB Live! (WDM)) - C:\WINDOWS\system32\drivers\emu10k1m.sys 3R emu10k1 (Sterownik Creative Interface Manager (WDM)) - C:\WINDOWS\system32\drivers\ctlfacem.sys 3R GEARAspiWDM - C:\WINDOWS\system32\drivers\GEARAspiWDM.sys 3S HwIOctl - C:\Program Files\Setup Files\MS-6728 v2.50\HwIOctl.sys (not found) 1R intelppm (Sterownik procesora Intel) - C:\WINDOWS\system32\drivers\intelppm.sys 3S Memctl - C:\Program Files\Setup Files\MS-6728 v2.50\Memctl.sys (not found) 3S MSTEE (Konwerter strumieni Tee/Sink-to-Sink Microsoft Streaming) - C:\WINDOWS\system32\drivers\MSTEE.sys 3S NABTSFEC (Koder-dekoder NABTS/FEC VBI) - C:\WINDOWS\system32\drivers\NABTSFEC.sys 3S NdisIP (Połączenie TV/wideo firmy Microsoft) - C:\WINDOWS\system32\drivers\NdisIP.sys 3R nv - C:\WINDOWS\system32\drivers\nv4_mini.sys 1R PQNTDrv - C:\WINDOWS\system32\drivers\PQNTDRV.sys 0R PxHelp20 - C:\WINDOWS\system32\drivers\PxHelp20.sys 3R sfman (Sterownik Creative SoundFont Manager (WDM)) - C:\WINDOWS\system32\drivers\sfmanm.sys 3S SLIP (BDA Slip De-Framer) - C:\WINDOWS\system32\drivers\SLIP.sys 0R sptd - C:\WINDOWS\system32\drivers\sptd.sys 0R SSFS0509 (Spy Sweeper File System Filer Driver: 0509) - C:\WINDOWS\system32\drivers\SSFS0509.sys 0R SSHRMD (Spy Sweeper Hookrack MiniDriver) - C:\WINDOWS\system32\drivers\sshrmd.sys 0R SSIDRV (Spy Sweeper Interdiction Driver) - C:\WINDOWS\system32\drivers\ssidrv.sys 3R SSKBFD (Webroot Spy Sweeper Keylogger Shield Keyboard Filter) - C:\WINDOWS\system32\drivers\sskbfd.sys 3S streamip (BDA IPSink) - C:\WINDOWS\system32\drivers\StreamIP.sys 3R usbehci (Sterownik Miniport rozszerzonego kontrolera hosta USB 2.0 Microsoft) - C:\WINDOWS\system32\drivers\usbehci.sys 3S USBSTOR (Sterownik magazynu masowego USB) - C:\WINDOWS\system32\drivers\USBSTOR.SYS 3R V0230Vfx - C:\WINDOWS\system32\drivers\V0230Vfx.sys 3R V0230VID (Live! Cam Video IM Pro) - C:\WINDOWS\system32\drivers\V0230VID.sys 3R vaxscsi - C:\WINDOWS\system32\drivers\vaxscsi.sys 3S WSTCODEC (Kodery-dekodery teletekstu w standardzie światowym) - C:\WINDOWS\system32\drivers\WSTCODEC.SYS – Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- 2R aswUpdSv (avast! iAVS4 Control Service) - “C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe” 2R avast! Antivirus - “C:\Program Files\Alwil Software\Avast4\ashServ.exe” 3R avast! Web Scanner - “C:\Program Files\Alwil Software\Avast4\ashWebSv.exe” /service 3R iPod Service - “C:\Program Files\iPod\bin\iPodService.exe” 3S NBService - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe 3S ose (Office Source Engine) - “C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE” 2R StarWindService (StarWind iSCSI Service) - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe 2R UMWdf (Windows User Mode Driver Framework) - C:\WINDOWS\system32\wdfmgr.exe 2R WebrootSpySweeperService (Webroot Spy Sweeper Engine) - “C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe” – Scheduled Tasks ------------------------------------------------------------- 2007-04-05 15:51:00 1260 --a------ C:\WINDOWS\Tasks\wrSpySweeperTrialSweep.job 2007-03-31 08:39:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job – Files created between 2007-03-06 and 2007-04-06 ----------------------------- 2007-04-06 13:06:27 0 d-------- C:\fixwareout 2007-04-05 15:50:51 14848 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys 2007-04-05 15:50:51 117248 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys 2007-04-05 15:50:51 15360 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys 2007-04-05 15:50:51 13824 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys 2007-04-05 15:50:37 0 d-------- C:\Program Files\Webroot 2007-04-05 04:08:21 23040 --a------ C:\WINDOWS\system32\uvnx.exe 2007-04-05 04:08:21 30720 --a------ C:\WINDOWS\system32\rpcc.dll 2007-04-03 19:14:17 0 d-------- C:\Temp 2007-04-03 19:12:28 0 d-------- C:\Program Files\ImTOO 2007-04-03 01:20:15 475136 --a------ C:\WINDOWS\system32\SkinCrafter.dll 2007-04-03 01:20:14 81920 --a------ C:\WINDOWS\system32\viscomwave.dll 2007-04-03 01:20:14 139264 --a------ C:\WINDOWS\system32\viscomqtde.dll 2007-04-03 01:20:12 0 d-------- C:\Program Files\Plato Video To 3GP Converter 2007-03-21 23:23:45 0 d-------- C:\Program Files\eMule 2007-03-21 22:46:57 0 d-------- C:\WINDOWS\pss 2007-03-20 17:56:10 0 d-------- C:\Program Files\SlySoft 2007-03-17 11:07:56 0 d-------- C:\Program Files\iPod 2007-03-17 11:07:53 0 d-------- C:\Program Files\iTunes 2007-03-13 12:33:09 0 d-------- C:\Program Files\Miranda IM 2007-03-11 20:29:47 0 d-------- C:\Program Files\INTERIAPL 2007-03-11 20:11:58 41984 -----n— C:\WINDOWS\Ctregrun.exe 2007-03-11 20:11:00 5504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys 2007-03-11 20:10:58 10880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys 2007-03-11 20:10:56 15360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys 2007-03-11 20:10:54 11136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys 2007-03-11 20:10:52 19328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS 2007-03-11 20:10:49 85376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys 2007-03-11 20:10:46 17024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys 2007-03-11 20:10:37 9216 -ra------ C:\WINDOWS\V0230Cfg.exe 2007-03-11 20:10:37 122880 -ra------ C:\WINDOWS\system32\V0230Vfw.dll 2007-03-11 20:10:37 8192 -ra------ C:\WINDOWS\system32\V0230Srv.exe 2007-03-11 20:10:37 36961 -ra------ C:\WINDOWS\system32\V0230Mon.exe 2007-03-11 20:10:37 253952 -ra------ C:\WINDOWS\system32\V0230CVW.dll 2007-03-11 20:10:37 6272 -ra------ C:\WINDOWS\system32\drivers\V0230Vfx.sys 2007-03-11 20:10:37 36864 -ra------ C:\WINDOWS\system32\CtCamMgr.dll 2007-03-11 20:10:37 86016 -ra------ C:\WINDOWS\CtDrvIns.exe 2007-03-11 20:10:36 25600 -ra------ C:\WINDOWS\system32\V0230Pin.dll 2007-03-11 20:10:36 18432 -ra------ C:\WINDOWS\system32\V0230Hwx.dll 2007-03-11 20:10:36 498464 -ra------ C:\WINDOWS\system32\drivers\V0230VID.sys 2007-03-11 20:10:35 54784 --a------ C:\WINDOWS\system32\vfwwdm32.dll 2007-03-11 20:10:05 0 d-------- C:\WINDOWS\CtDrvInstall 2007-03-11 20:09:21 0 d-------- C:\Program Files\QuickTime 2007-03-11 20:09:04 0 d-------- C:\Program Files\Apple Software Update 2007-03-11 20:08:42 0 d-------- C:\Program Files\muvee Technologies 2007-03-11 20:08:40 0 d-------- C:\Program Files\Common Files\muvee Technologies 2007-03-11 20:04:41 0 d-------- C:\Program Files\SightSpeed 2007-03-11 20:01:28 0 d-------- C:\Program Files\Creative 2007-03-07 20:45:12 0 d-------- C:\Program Files\EditPlus 2 2007-03-06 22:55:21 0 d-------- C:\Program Files\NAPI-PROJEKT 2007-03-06 13:26:11 0 d-------- C:\Program Files\uTorrent – Find3M Report --------------------------------------------------------------- 2007-04-06 13:11:18 0 d-------- C:\Documents and Settings\top1\Dane aplikacji\Skype 2007-04-05 15:50:37 0 d-------- C:\Documents and Settings\top1\Dane aplikacji\Webroot 2007-04-05 15:43:48 0 d-------- C:\Program Files\totalcmd 2007-04-05 02:44:23 0 d-------- C:\Program Files\G6 FTP Server 2007-03-31 16:25:18 0 d-------- C:\Documents and Settings\top1\Dane aplikacji\Apple Computer 2007-03-31 16:00:25 0 d-------- C:\Documents and Settings\top1\Dane aplikacji\uTorrent 2007-03-28 22:19:40 0 d-------- C:\Documents and Settings\top1\Dane aplikacji\Help 2007-03-25 19:36:42 355830 --a------ C:\WINDOWS\system32\perfh015.dat 2007-03-25 19:36:42 49712 --a------ C:\WINDOWS\system32\perfc015.dat 2007-03-17 20:08:37 0 d—s---- C:\Documents and Settings\top1\Dane aplikacji\Microsoft 2007-03-13 12:33:14 0 d-------- C:\Documents and Settings\top1\Dane aplikacji\Miranda 2007-03-11 20:20:29 0 d-------- C:\Documents and Settings\top1\Dane aplikacji\Creative 2007-03-11 20:14:00 0 d–h----- C:\Program Files\InstallShield Installation Information 2007-03-11 20:08:54 50 --a------ C:\AUTOEXEC.BAT 2007-03-11 20:00:51 0 d-------- C:\Program Files\Common Files\InstallShield 2007-03-05 23:37:58 0 d-------- C:\Documents and Settings\top1\Dane aplikacji\Sun 2007-03-05 11:47:02 0 d-------- C:\Documents and Settings\top1\Dane aplikacji\Real 2007-03-05 01:09:24 0 d-------- C:\Program Files\Real Alternative 2007-03-04 21:11:56 0 d-------- C:\Program Files\Microsoft.NET 2007-03-04 20:53:14 0 d-------- C:\Documents and Settings\top1\Dane aplikacji\FlashFXP 2007-03-04 20:41:06 0 d-------- C:\Documents and Settings\top1\Dane aplikacji\AdobeUM 2007-03-04 20:39:06 0 d-------- C:\Documents and Settings\top1\Dane aplikacji\Adobe 2007-03-04 20:38:52 0 d-------- C:\Program Files\Common Files\Adobe 2007-03-04 20:33:42 0 d-------- C:\Program Files\Alcohol Soft 2007-03-04 18:18:15 0 d-------- C:\Program Files\MarBit 2007-03-04 15:20:34 0 d-------- C:\Program Files\Skype 2007-03-04 15:20:33 0 d-------- C:\Program Files\Common Files\Skype 2007-03-03 17:31:41 0 d-------- C:\Documents and Settings\top1\Dane aplikacji\Ahead 2007-03-03 17:22:33 0 d-------- C:\Program Files\Common Files\Ahead 2007-03-03 17:21:47 0 d-------- C:\Program Files\Nero 2007-03-03 14:32:53 0 d-------- C:\Program Files\Gadu-Gadu 2007-03-03 10:11:18 0 d-------- C:\Program Files\Java 2007-03-03 10:10:48 0 d-------- C:\Program Files\Common Files\Java 2007-03-03 10:10:22 0 d-------- C:\Documents and Settings\top1\Dane aplikacji\Macromedia 2007-03-02 22:23:12 0 d-------- C:\Program Files\Symantec 2007-03-02 21:03:28 0 d-------- C:\Documents and Settings\top1\Dane aplikacji\VanDyke 2007-03-02 21:02:57 0 d-------- C:\Program Files\SecureCRT 2007-03-02 17:15:37 0 d-------- C:\Program Files\Alwil Software 2007-03-02 17:14:48 0 d-------- C:\Program Files\Winamp 2007-03-02 17:10:13 0 d-------- C:\Program Files\K-Lite Codec Pack 2007-03-02 17:07:14 0 d-------- C:\Program Files\xp-AntiSpy 2007-03-01 20:58:12 0 d-------- C:\Program Files\Common Files\ODBC 2007-03-01 20:58:09 0 d-------- C:\Program Files\Common Files\SpeechEngines 2007-03-01 20:57:40 62 --ahs---- C:\Documents and Settings\top1\Dane aplikacji\desktop.ini 2007-03-01 20:29:00 0 d-------- C:\Program Files\Setup Files 2007-03-01 20:26:35 0 d-------- C:\Program Files\Intel 2007-03-01 20:16:51 0 d-------- C:\Documents and Settings\top1\Dane aplikacji\Identities 2007-03-01 20:12:32 0 d-------- C:\Program Files\microsoft frontpage 2007-03-01 20:12:15 0 -rahs---- C:\MSDOS.SYS 2007-03-01 20:12:15 0 -rahs---- C:\IO.SYS 2007-03-01 20:12:15 0 --a------ C:\CONFIG.SYS 2007-03-01 20:10:42 0 d–h----- C:\Program Files\WindowsUpdate 2007-03-01 20:10:40 0 d-------- C:\Program Files\Usługi online 2007-03-01 20:09:39 0 d-------- C:\Program Files\Common Files\MSSoap 2007-03-01 20:09:29 0 d-------- C:\Program Files\Movie Maker 2007-03-01 20:08:31 21856 --a------ C:\WINDOWS\system32\emptyregdb.dat 2007-03-01 20:08:10 0 d-------- C:\Program Files\Messenger 2007-03-01 20:08:04 0 d-------- C:\Program Files\MSN Gaming Zone 2007-03-01 20:07:51 0 d-------- C:\Program Files\Windows NT 2007-02-21 22:00:28 10752 --a------ C:\WINDOWS\system32\ff_vfw.dll 2007-02-01 06:56:06 639066 --a------ C:\WINDOWS\system32\divx.dll 2007-01-30 07:03:42 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2007-01-30 07:03:28 200704 --a------ C:\WINDOWS\system32\ssldivx.dll 2007-01-30 07:03:28 1044480 --a------ C:\WINDOWS\system32\libdivx.dll 2007-01-30 06:56:58 196608 --a------ C:\WINDOWS\system32\dtu100.dll 2007-01-30 06:56:58 73728 --a------ C:\WINDOWS\system32\dpl100.dll 2007-01-20 22:26:06 1565480 --a------ C:\WINDOWS\system32\wmv9vcm.dll 2007-01-15 19:32:07 689280 --a------ C:\WINDOWS\system32\aswBoot.exe 2007-01-15 19:23:20 90112 --a------ C:\WINDOWS\system32\AVASTSS.scr – Registry Dump --------------------------------------------------------------- [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] “Gadu-Gadu”="“C:\Program Files\Gadu-Gadu\gg.exe” /tray" “MSMSGS”="“C:\Program Files\Messenger\msmsgs.exe” /background" “Skype”="“C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized" “Creative Live! Cam Manager”="“C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe”" “Firewall auto setup”=“C:\DOCUME~1\top1\USTAWI~1\Temp\winlogon.exe” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] “WinampAgent”="“C:\Program Files\Winamp\winampa.exe”" “avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” “SunJavaUpdateSched”="“C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe”" “NeroFilterCheck”="“C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe”" “Acrobat Assistant 7.0”="“C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe”" @="" “AVFX Engine”="“C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe”" “QuickTime Task”="“C:\Program Files\QuickTime\qttask.exe” -atboottime" “V0230Mon.exe”=“C:\WINDOWS\system32\V0230Mon.exe” “iTunesHelper”="“C:\Program Files\iTunes\iTunesHelper.exe”" “CloneCDTray”="“C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe” /s" “KernelFaultCheck”="%systemroot%\system32\dumprep 0 -k" “uvnx”=“c:\windows\system32\uvnx.exe” “SpySweeper”="“C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe” /startintray" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] “Installed”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] “Installed”=“1” “NoChange”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] “Installed”=“1” [HKEY_USERS.default\software\microsoft\windows\currentversion\run] “CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] “CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] “ClearRecentDocsOnExit”=dword:00000001 HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rpcc [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] “SecurityProviders”=“msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll” HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 – End of ComboScan: finished at 2007-04-06 at 13:18:44 ------------------------

adam9870 · 6 Kwiecień 2007 15:56

Użyj Windows Worms Doors Cleanera zmień znaczki z disable na enable (wszystkie znaczki maja być na zielono, jeżeli któryś z nich będzie na żółto to go zostaw). Po użyciu narzędzia wymagany jest restart.

Ściągasz program KillBox, zaznaczasz Delete on reboot , w polu full path of file wklej ścieżki:

C:\WINDOWS\system32\uvnx.exe

C:\WINDOWS\system32\rpcc.dll

Po wklejeniu każdej ścieżki z osobna klikasz na czerwonego iksa, ale dopiero po wklejeniu ostatniej zgadzasz się na restart.

Użyj programu ATF Cleaner w trybie awaryjnym i przeczyść TEMP’y.

Otwórz Notatnik i wklej w nim to:

Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.REG >>> kliknij dwa razy na utworzony plik FIX.REG i potwierdź dodanie do rejestru >>> restart.

Usuń wpisy HJT jeśli będą.

Po wykonani wklej nowy log z Combo.

t_1 · 7 Kwiecień 2007 14:43

Hej

Thx, chyba pomoglo - trojan usuniety…

Wklejam logi:

Deckard’s System Scanner v20070328.36 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- – System Information ---------------------------------------------------------- Microsoft Windows XP Professional (build 2600) SP 2.0 Architecture: X86; Language: Polish CPU 0: Intel® Pentium® 4 CPU 2.00GHz Percentage of Memory in Use: 43% Physical Memory (total/avail): 1023.48 MiB / 579.71 MiB Pagefile Memory (total/avail): 2461.5 MiB / 2084.06 MiB Virtual Memory (total/avail): 2047.88 MiB / 1997.55 MiB A: is Removable (No Media) C: is Fixed (NTFS) - 10.74 GiB total, 3.84 GiB free. … K: is CDROM (No Media) – Security Center ------------------------------------------------------------- AUOptions is disabled. Windows Internal Firewall is disabled. – Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\top1\Dane aplikacji CLASSPATH=.;C:\Program Files\Java\jre1.5.0_11\lib\ext\QTJava.zip CLIENTNAME=Console COMMANDER_PATH=C:\Program Files\totalcmd CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=KHN-16D0D3513BF ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\top1 LOGONSERVER=\KHN-16D0D3513BF NUMBER_OF_PROCESSORS=1 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\SecureCRT;C:\Program Files\QuickTime\QTSystem;;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 4, GenuineIntel PROCESSOR_LEVEL=15 PROCESSOR_REVISION=0204 ProgramFiles=C:\Program Files PROMPT=$P$G QTJAVA=C:\Program Files\Java\jre1.5.0_11\lib\ext\QTJava.zip SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\top1\USTAWI~1\Temp TMP=C:\DOCUME~1\top1\USTAWI~1\Temp USERDOMAIN=KHN-16D0D3513BF USERNAME=top1 USERPROFILE=C:\Documents and Settings\top1 windir=C:\WINDOWS – User Profiles --------------------------------------------------------------- top1 (admin) – Add/Remove Programs --------------------------------------------------------- --> C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL --> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL --> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL --> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL --> C:\WINDOWS\UNRecode.exe /UNINSTALL --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{15B3F9F8-4CF9-452A-9AF2-AA8553765DA7}\setup.exe” -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{2C81600D-D6C7-4687-9362-DD4A78B3483E}\setup.exe” -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{513D9FB1-27A2-44E4-8F2D-77A6737921A5}\setup.exe” -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe” -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{6BE926E5-66F4-4166-A5E5-E14D7A165BBD}\setup.exe” -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE” -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe” -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.exe” -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{EAF97B2C-0B9B-403C-829C-EF8099237DA9}\setup.exe” -l0x9 --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Adobe Acrobat 7.0 Professional --> msiexec /I {AC76BA86-1033-0000-7760-100000000002} Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete Advanced Video FX Engine --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.exe” -l0x9 /remove ALLPlayer V2.1 --> C:\Program Files\MarBit\ALLPlayer\UnGins.exe “C:\Program Files\MarBit\ALLPlayer\install.log” Apple Software Update --> MsiExec.exe /I{A260B422-70E1-41E2-957D-F76FA21266D5} Archiwizator WinRAR --> C:\Program Files\WinRAR\uninstall.exe µTorrent --> “C:\Program Files\uTorrent\uninstall.exe” avast! Antivirus --> rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup BPFTP Server (remove only) --> “C:\Program Files\G6 FTP Server\uninstall-bpftpd.exe” CloneCD --> “C:\Program Files\SlySoft\CloneCD\ccd-uninst.exe” /D=“C:\Program Files\SlySoft\CloneCD” Creative Live! Cam Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{6BE926E5-66F4-4166-A5E5-E14D7A165BBD}\setup.exe” -l0x9 /remove Creative Live! Cam Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{15B3F9F8-4CF9-452A-9AF2-AA8553765DA7}\setup.exe” -l0x9 /remove Creative Live! Cam Video IM Pro Driver (1.00.07.0725) --> C:\WINDOWS\CtDrvIns.exe -uninstall -script VF0230.uns -unsext NT -plugin V0230Pin.dll -pluginres CtCamPin.crl Creative Live! Cam Video IM Pro User’s Guide (English) --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\Creative Live! Cam Video IM Pro\Creative Live! Cam Video IM Pro User’s Guide\English\CTManual.isu" Creative Photo Calendar --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{2C81600D-D6C7-4687-9362-DD4A78B3483E}\setup.exe” -l0x9 /remove Creative Photo Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{513D9FB1-27A2-44E4-8F2D-77A6737921A5}\setup.exe” -l0x9 /remove Creative Software AutoUpdate --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE” -l0x9 /remove Creative System Information --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe” -l0x9 /remove CZATeriaKam 1.6 --> C:\Program Files\INTERIAPL\CZATeria\uninst.exe EditPlus 2 --> C:\Program Files\EditPlus 2\remove.exe eMule Plus 1.2b --> “C:\Program Files\eMule\unins000.exe” eMusic - 50 Free MP3 offer --> “C:\Program Files\Winamp\eMusic\Uninst-eMusic-promotion.exe” FlashFXP v3 --> “D:\Program Files\FlashFXP\Uninstall.exe” “D:\Program Files\FlashFXP\install.log” -u Gadu-Gadu 7.6 --> C:\Program Files\Gadu-Gadu\Setup.exe Get Yahoo! Messenger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{EAF97B2C-0B9B-403C-829C-EF8099237DA9}\setup.exe” -l0x9 /remove HijackThis 1.99.1 --> C:\Program Files\HijackThis\HijackThis.exe /uninstall iTunes --> MsiExec.exe /I{AB90749C-7422-4580-8A7A-66CC5E9E5F98} J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110} K-Lite Codec Pack 2.85 Full --> “C:\Program Files\K-Lite Codec Pack\unins000.exe” Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110415-6000-11D3-8CFE-0150048383C9} Miranda IM 0.6.7 --> C:\Program Files\Miranda IM\uninstall.exe mIRC --> “D:\Program Files\mIRC\mirc.exe” -uninstall muvee autoProducer 4.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{76B78008-3832-42FD-AE55-C8F946ED3C7E}\Setup.exe” -l0x9 NAPIPROJEKT 1.0.4.3 --> “C:\Program Files\NAPI-PROJEKT\unins000.exe” Nero 7 Ultra Edition --> MsiExec.exe /I{2D7D9D86-923A-41A8-919F-437332AB1045} Norton PartitionMagic 8.0 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{21DBBDD6-93A5-4326-9A04-C9A5C9148502} Plato Video To 3GP Converter 3.18 --> “C:\Program Files\Plato Video To 3GP Converter\unins000.exe” QuickTime --> MsiExec.exe /I{5E863175-E85D-44A6-8968-82507D34AE7F} Real Alternative 1.51 --> “C:\Program Files\Real Alternative\unins000.exe” SightSpeed (remove only) --> “C:\Program Files\SightSpeed\uninst.exe” Skype 3.0 --> “C:\Program Files\Skype\Phone\unins000.exe” Skype Plugin Manager --> MsiExec.exe /I{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03} Spy Sweeper --> “C:\Program Files\Webroot\Spy Sweeper\unins000.exe” Total Commander (Remove or Repair) --> C:\Program Files\totalcmd\tcuninst.exe VanDyke Software SecureCRT 5.0 --> C:\PROGRA~1\SECURE~1\UNINSTAL.EXE C:\PROGRA~1\SECURE~1\INSTALL.LOG Winamp (remove only) --> “C:\Program Files\Winamp\UninstWA.exe” xp-AntiSpy 3.96-4 --> C:\Program Files\xp-AntiSpy\Uninstall.exe – End of Deckard’s System Scanner: finished at 2007-04-07 at 16:38:27 ---------

Deckard’s System Scanner v20070328.36 Run by top1 on 2007-04-07 at 16:36:43 Computer is in Normal Mode. -------------------------------------------------------------------------------- – System Restore -------------------------------------------------------------- Successfully created a Deckard’s System Scanner Restore Point. – Last 5 Restore Point(s) – 31: 2007-04-07 14:36:47 UTC - RP55 - Deckard’s System Scanner Restore Point 30: 2007-04-07 11:39:51 UTC - RP54 - Punkt kontrolny systemu 29: 2007-04-06 11:17:30 UTC - RP53 - ComboScan Restore Point 28: 2007-04-05 20:45:42 UTC - RP52 - Punkt kontrolny systemu 27: 2007-04-04 19:32:18 UTC - RP51 - Punkt kontrolny systemu – First Restore Point – 1: 2007-03-11 18:08:39 UTC - RP25 - Installed muvee autoProducer 4.1 Backed up registry hives. Performed disk cleanup. – HijackThis (run as top1.exe) ------------------------------------------------ Logfile of HijackThis v1.99.1 Scan saved at 16:37:36, on 2007-04-07 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Winamp\winampa.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\V0230Mon.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe C:\WINDOWS\system32\devldr32.exe C:\DOCUME~1\top1\USTAWI~1\Temp\winlogon.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Skype\Plugin Manager\SkypePM.exe C:\Program Files\SecureCRT\SecureCRT.EXE C:\Program Files\totalcmd\TOTALCMD.EXE C:\Program Files\G6 FTP Server\G6FTPSrv.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\dss.exe C:\PROGRA~1\HIJACK~1\top1.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - D:\PROGRA~1\FlashFXP\IEFlash.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM…\Run: [WinampAgent] “C:\Program Files\Winamp\winampa.exe” O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe” O4 - HKLM…\Run: [NeroFilterCheck] “C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe” O4 - HKLM…\Run: [Acrobat Assistant 7.0] “C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe” O4 - HKLM…\Run: [AVFX Engine] “C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe” O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime O4 - HKLM…\Run: [V0230Mon.exe] C:\WINDOWS\system32\V0230Mon.exe O4 - HKLM…\Run: [iTunesHelper] “C:\Program Files\iTunes\iTunesHelper.exe” O4 - HKLM…\Run: [CloneCDTray] “C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe” /s O4 - HKLM…\Run: [spySweeper] “C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe” /startintray O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized O4 - HKCU…\Run: [Creative Live! Cam Manager] “C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe” O4 - HKCU…\Run: [Firewall auto setup] C:\DOCUME~1\top1\USTAWI~1\Temp\winlogon.exe O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe – HijackThis Fixed Entries (C:\PROGRA~1\HIJACK~1\backups) -------------------- backup-20070406-183430-584 F2 - REG:system.ini: Shell=explorer.exe backup-20070406-183430-749 O4 - HKCU…\Run: [Firewall auto setup] C:\DOCUME~1\top1\USTAWI~1\Temp\winlogon.exe backup-20070406-183430-970 O4 - HKLM…\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k – File Associations ----------------------------------------------------------- All associations okay. – Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R0 SSFS0509 (Spy Sweeper File System Filer Driver: 0509) - c:\windows\system32\drivers\ssfs0509.sys R0 SSHRMD (Spy Sweeper Hookrack MiniDriver) - c:\windows\system32\drivers\sshrmd.sys R0 SSIDRV (Spy Sweeper Interdiction Driver) - c:\windows\system32\drivers\ssidrv.sys R1 PQNTDrv - c:\windows\system32\drivers\pqntdrv.sys R2 ElbyCDIO (ElbyCDIO Driver) - c:\windows\system32\drivers\elbycdio.sys R3 EL90XBC (Sterownik karty 3Com EtherLink XL 90XB/C) - c:\windows\system32\drivers\el90xbc5.sys R3 ElbyCDFL - c:\windows\system32\drivers\elbycdfl.sys R3 SSKBFD (Webroot Spy Sweeper Keylogger Shield Keyboard Filter) - c:\windows\system32\drivers\sskbfd.sys R3 V0230Vfx - c:\windows\system32\drivers\v0230vfx.sys R3 V0230VID (Live! Cam Video IM Pro) - c:\windows\system32\drivers\v0230vid.sys R3 vaxscsi - c:\windows\system32\drivers\vaxscsi.sys S3 HwIOctl - c:\program files\setup files\ms-6728 v2.50\hwioctl.sys (file missing) S3 Memctl - c:\program files\setup files\ms-6728 v2.50\memctl.sys (file missing) – Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 StarWindService (StarWind iSCSI Service) - c:\program files\alcohol soft\alcohol 120\starwind\starwindservice.exe S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe – Scheduled Tasks ------------------------------------------------------------- 2007-04-07 08:39:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job 2007-04-05 15:51:00 1260 --a------ C:\WINDOWS\Tasks\wrSpySweeperTrialSweep.job – Files created between 2007-03-07 and 2007-04-07 ----------------------------- 2007-04-07 16:36:01 456344 --a------ C:\comboscan.exe 2007-04-07 16:35:52 462330 --a------ C:\dss.exe 2007-04-06 18:24:59 308 --a------ C:\fix.reg 2007-04-06 18:09:30 0 d-------- C:!KillBox 2007-04-06 18:09:28 73728 --a------ C:\KillBox.exe 2007-04-06 18:08:19 50688 --a------ C:\ATF-Cleaner.exe 2007-04-06 18:06:04 51232 --a------ C:\wwdc.exe 2007-04-05 15:50:51 14848 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys 2007-04-05 15:50:51 117248 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys 2007-04-05 15:50:51 15360 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys 2007-04-05 15:50:51 13824 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys 2007-04-05 15:50:37 0 d-------- C:\Program Files\Webroot 2007-04-03 19:14:17 0 d-------- C:\Temp 2007-04-03 19:12:28 0 d-------- C:\Program Files\ImTOO 2007-04-03 01:20:15 475136 --a------ C:\WINDOWS\system32\SkinCrafter.dll 2007-04-03 01:20:14 81920 --a------ C:\WINDOWS\system32\viscomwave.dll 2007-04-03 01:20:14 139264 --a------ C:\WINDOWS\system32\viscomqtde.dll 2007-04-03 01:20:12 0 d-------- C:\Program Files\Plato Video To 3GP Converter 2007-03-21 23:23:45 0 d-------- C:\Program Files\eMule 2007-03-21 22:46:57 0 d-------- C:\WINDOWS\pss 2007-03-20 17:56:10 0 d-------- C:\Program Files\SlySoft 2007-03-17 11:07:56 0 d-------- C:\Program Files\iPod 2007-03-17 11:07:53 0 d-------- C:\Program Files\iTunes 2007-03-13 12:33:09 0 d-------- C:\Program Files\Miranda IM 2007-03-11 20:29:47 0 d-------- C:\Program Files\INTERIAPL 2007-03-11 20:11:58 41984 -----n— C:\WINDOWS\Ctregrun.exe 2007-03-11 20:11:00 5504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys 2007-03-11 20:10:58 10880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys 2007-03-11 20:10:56 15360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys 2007-03-11 20:10:54 11136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys 2007-03-11 20:10:52 19328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS 2007-03-11 20:10:49 85376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys 2007-03-11 20:10:46 17024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys 2007-03-11 20:10:37 9216 -ra------ C:\WINDOWS\V0230Cfg.exe 2007-03-11 20:10:37 122880 -ra------ C:\WINDOWS\system32\V0230Vfw.dll 2007-03-11 20:10:37 8192 -ra------ C:\WINDOWS\system32\V0230Srv.exe 2007-03-11 20:10:37 36961 -ra------ C:\WINDOWS\system32\V0230Mon.exe 2007-03-11 20:10:37 253952 -ra------ C:\WINDOWS\system32\V0230CVW.dll 2007-03-11 20:10:37 6272 -ra------ C:\WINDOWS\system32\drivers\V0230Vfx.sys 2007-03-11 20:10:37 3716 -ra------ C:\WINDOWS\system32\drivers\V0230FwH.bin 2007-03-11 20:10:37 3716 -ra------ C:\WINDOWS\system32\drivers\V0230FwF.bin 2007-03-11 20:10:37 36864 -ra------ C:\WINDOWS\system32\CtCamMgr.dll 2007-03-11 20:10:37 86016 -ra------ C:\WINDOWS\CtDrvIns.exe 2007-03-11 20:10:36 25600 -ra------ C:\WINDOWS\system32\V0230Pin.dll 2007-03-11 20:10:36 18432 -ra------ C:\WINDOWS\system32\V0230Hwx.dll 2007-03-11 20:10:36 498464 -ra------ C:\WINDOWS\system32\drivers\V0230VID.sys 2007-03-11 20:10:35 54784 --a------ C:\WINDOWS\system32\vfwwdm32.dll 2007-03-11 20:10:05 0 d-------- C:\WINDOWS\CtDrvInstall 2007-03-11 20:09:21 0 d-------- C:\Program Files\QuickTime 2007-03-11 20:09:04 0 d-------- C:\Program Files\Apple Software Update 2007-03-11 20:08:42 0 d-------- C:\Program Files\muvee Technologies 2007-03-11 20:08:40 0 d-------- C:\Program Files\Common Files\muvee Technologies 2007-03-11 20:04:41 0 d-------- C:\Program Files\SightSpeed 2007-03-11 20:01:28 0 d-------- C:\Program Files\Creative 2007-03-07 20:45:12 0 d-------- C:\Program Files\EditPlus 2 – Find3M Report --------------------------------------------------------------- 2007-04-07 16:36:28 0 d-------- C:\Documents and Settings\top1\Dane aplikacji\Skype 2007-04-05 15:50:37 0 d-------- C:\Documents and Settings\top1\Dane aplikacji\Webroot 2007-04-05 15:43:48 0 d-------- C:\Program Files\totalcmd 2007-04-05 02:44:23 0 d-------- C:\Program Files\G6 FTP Server 2007-04-03 12:25:14 0 d-------- C:\Program Files\NAPI-PROJEKT 2007-03-31 16:25:18 0 d-------- C:\Documents and Settings\top1\Dane aplikacji\Apple Computer 2007-03-31 16:00:25 0 d-------- C:\Documents and Settings\top1\Dane aplikacji\uTorrent 2007-03-31 15:50:11 0 d-------- C:\Program Files\uTorrent 2007-03-28 22:19:40 0 d-------- C:\Documents and Settings\top1\Dane aplikacji\Help 2007-03-25 19:36:42 355830 --a------ C:\WINDOWS\system32\perfh015.dat 2007-03-25 19:36:42 49712 --a------ C:\WINDOWS\system32\perfc015.dat 2007-03-17 20:08:37 0 d—s---- C:\Documents and Settings\top1\Dane aplikacji\Microsoft 2007-03-13 12:33:14 0 d-------- C:\Documents and Settings\top1\Dane aplikacji\Miranda 2007-03-11 20:20:29 0 d-------- C:\Documents and Settings\top1\Dane aplikacji\Creative 2007-03-11 20:14:00 0 d–h----- C:\Program Files\InstallShield Installation Information 2007-03-11 20:08:54 50 --a------ C:\AUTOEXEC.BAT 2007-03-11 20:00:51 0 d-------- C:\Program Files\Common Files\InstallShield 2007-03-05 23:37:58 0 d-------- C:\Documents and Settings\top1\Dane aplikacji\Sun 2007-03-05 11:47:02 0 d-------- C:\Documents and Settings\top1\Dane aplikacji\Real 2007-03-05 01:09:24 0 d-------- C:\Program Files\Real Alternative 2007-03-04 21:11:56 0 d-------- C:\Program Files\Microsoft.NET 2007-03-04 20:53:14 0 d-------- C:\Documents and Settings\top1\Dane aplikacji\FlashFXP 2007-03-04 20:41:06 0 d-------- C:\Documents and Settings\top1\Dane aplikacji\AdobeUM 2007-03-04 20:39:06 0 d-------- C:\Documents and Settings\top1\Dane aplikacji\Adobe 2007-03-04 20:38:52 0 d-------- C:\Program Files\Common Files\Adobe 2007-03-04 20:33:42 0 d-------- C:\Program Files\Alcohol Soft 2007-03-04 18:18:15 0 d-------- C:\Program Files\MarBit 2007-03-04 15:20:34 0 d-------- C:\Program Files\Skype 2007-03-04 15:20:33 0 d-------- C:\Program Files\Common Files\Skype 2007-03-03 17:31:41 0 d-------- C:\Documents and Settings\top1\Dane aplikacji\Ahead 2007-03-03 17:22:33 0 d-------- C:\Program Files\Common Files\Ahead 2007-03-03 17:21:47 0 d-------- C:\Program Files\Nero 2007-03-03 14:32:53 0 d-------- C:\Program Files\Gadu-Gadu 2007-03-03 10:11:18 0 d-------- C:\Program Files\Java 2007-03-03 10:10:48 0 d-------- C:\Program Files\Common Files\Java 2007-03-03 10:10:22 0 d-------- C:\Documents and Settings\top1\Dane aplikacji\Macromedia 2007-03-02 22:23:12 0 d-------- C:\Program Files\Symantec 2007-03-02 21:03:28 0 d-------- C:\Documents and Settings\top1\Dane aplikacji\VanDyke 2007-03-02 21:02:57 0 d-------- C:\Program Files\SecureCRT 2007-03-02 17:15:37 0 d-------- C:\Program Files\Alwil Software 2007-03-02 17:14:48 0 d-------- C:\Program Files\Winamp 2007-03-02 17:10:13 0 d-------- C:\Program Files\K-Lite Codec Pack 2007-03-02 17:07:14 0 d-------- C:\Program Files\xp-AntiSpy 2007-03-01 20:58:12 0 d-------- C:\Program Files\Common Files\ODBC 2007-03-01 20:58:09 0 d-------- C:\Program Files\Common Files\SpeechEngines 2007-03-01 20:57:40 62 --ahs---- C:\Documents and Settings\top1\Dane aplikacji\desktop.ini 2007-03-01 20:29:00 0 d-------- C:\Program Files\Setup Files 2007-03-01 20:26:35 0 d-------- C:\Program Files\Intel 2007-03-01 20:16:51 0 d-------- C:\Documents and Settings\top1\Dane aplikacji\Identities 2007-03-01 20:12:32 0 d-------- C:\Program Files\microsoft frontpage 2007-03-01 20:12:15 0 -rahs---- C:\MSDOS.SYS 2007-03-01 20:12:15 0 -rahs---- C:\IO.SYS 2007-03-01 20:12:15 0 --a------ C:\CONFIG.SYS 2007-03-01 20:10:42 0 d–h----- C:\Program Files\WindowsUpdate 2007-03-01 20:10:40 0 d-------- C:\Program Files\Usługi online 2007-03-01 20:09:39 0 d-------- C:\Program Files\Common Files\MSSoap 2007-03-01 20:09:29 0 d-------- C:\Program Files\Movie Maker 2007-03-01 20:08:31 21856 --a------ C:\WINDOWS\system32\emptyregdb.dat 2007-03-01 20:08:10 0 d-------- C:\Program Files\Messenger 2007-03-01 20:08:04 0 d-------- C:\Program Files\MSN Gaming Zone 2007-03-01 20:07:51 0 d-------- C:\Program Files\Windows NT 2007-02-21 22:00:28 10752 --a------ C:\WINDOWS\system32\ff_vfw.dll 2007-02-01 06:56:06 639066 --a------ C:\WINDOWS\system32\divx.dll 2007-01-30 07:03:42 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2007-01-30 07:03:28 200704 --a------ C:\WINDOWS\system32\ssldivx.dll 2007-01-30 07:03:28 1044480 --a------ C:\WINDOWS\system32\libdivx.dll 2007-01-30 06:56:58 196608 --a------ C:\WINDOWS\system32\dtu100.dll 2007-01-30 06:56:58 73728 --a------ C:\WINDOWS\system32\dpl100.dll 2007-01-20 22:26:06 1565480 --a------ C:\WINDOWS\system32\wmv9vcm.dll 2007-01-15 19:32:07 689280 --a------ C:\WINDOWS\system32\aswBoot.exe 2007-01-15 19:23:20 90112 --a------ C:\WINDOWS\system32\AVASTSS.scr – Registry Dump --------------------------------------------------------------- [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] “Gadu-Gadu”="“C:\Program Files\Gadu-Gadu\gg.exe” /tray" “MSMSGS”="“C:\Program Files\Messenger\msmsgs.exe” /background" “Skype”="“C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized" “Creative Live! Cam Manager”="“C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe”" “Firewall auto setup”=“C:\DOCUME~1\top1\USTAWI~1\Temp\winlogon.exe” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] “WinampAgent”="“C:\Program Files\Winamp\winampa.exe”" “avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” “SunJavaUpdateSched”="“C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe”" “NeroFilterCheck”="“C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe”" “Acrobat Assistant 7.0”="“C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe”" @="" “AVFX Engine”="“C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe”" “QuickTime Task”="“C:\Program Files\QuickTime\qttask.exe” -atboottime" “V0230Mon.exe”=“C:\WINDOWS\system32\V0230Mon.exe” “iTunesHelper”="“C:\Program Files\iTunes\iTunesHelper.exe”" “CloneCDTray”="“C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe” /s" “SpySweeper”="“C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe” /startintray" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] “Installed”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] “Installed”=“1” “NoChange”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] “Installed”=“1” [HKEY_USERS.default\software\microsoft\windows\currentversion\run] “CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] “ClearRecentDocsOnExit”=dword:00000001 [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] “SecurityProviders”=“msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll” HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 – End of Deckard’s System Scanner: finished at 2007-04-07 at 16:38:27 ---------

adam9870 · 7 Kwiecień 2007 14:55

W trybie awaryjnym wybierz start => uruchom => wpisz cmd i kliknij OK => w konsoli, która się otworzy wpisz:

Otwórz Notatnik i wklej w nim to:

Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.REG >>> kliknij dwa razy na utworzony plik FIX.REG i potwierdź dodanie do rejestru >>> restart.

Usuń wpis HJT jeśli będzie.

Po wykonaniu wklej nowe logi.

t_1 · 7 Kwiecień 2007 16:49

Problem jest w tym, ze jak wybieram tryb awaryjny - to laduje do pewnego momentu, a potem tylko czarny ekran…

Oprocz tego, to gdy wybiore w panelu Sterowania -> Narzedzia administracyjne -> Zarzadzanie komputerem

dostaje komunikat: “Nie mozna zainicjowac przystawki”

adam9870 · 7 Kwiecień 2007 18:43

W takim razie zamiast pozycji Tryb awaryjny na liście wyboru systemu wybierz pozycję Tryb awaryjny z obsługą linii komend i wydaj następujące komendy:

Zajrzyj tutaj:

http://www.searchengines.pl/phpbb203/in … opic=50556