Wredne okienko -> http://ad.adserverplus.com

StupidDream · 11 Marzec 2007 10:34

Witajcie!

Mam kłopoty z nieznośnym okienkiem (zapewne dobrze już dla niektórych znanym) IExplorera http://ad.adserverplus.com. Proszę o pomoc.

Wklejam log z Hijacka.

Logfile of HijackThis v1.99.1 Scan saved at 11:31:58, on 2007-03-11 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\WINDOWS\System32\drivers\CDAC11BA.EXE C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\PAStiSvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\eMule\emule.exe c:\progra~1\intern~1\iexplore.exe C:\Program Files\Opera\Opera.exe C:\Documents and Settings\EMILJUSZ\Moje dokumenty\Specjalne\Hijack\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.eu.microsoft.com/poland/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [Ashampoo FireWall] “C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe” -TRAY O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart O4 - HKCU…\Run: [bagspart] C:\DOCUME~1\EMILJUSZ\DANEAP~1\BALLOP~1\BOLT DOWNLOAD.exe O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint – Dodaj do listy drukowania - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint – Drukuj - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint – Drukuj z dużą szybkością - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint – Podgląd - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files\ashampoo\ashampoo firewall\spi.dll O10 - Unknown file in Winsock LSP: c:\program files\ashampoo\ashampoo firewall\spi.dll O10 - Unknown file in Winsock LSP: c:\program files\ashampoo\ashampoo firewall\spi.dll O10 - Unknown file in Winsock LSP: c:\program files\ashampoo\ashampoo firewall\spi.dll O10 - Unknown file in Winsock LSP: c:\program files\ashampoo\ashampoo firewall\spi.dll O10 - Unknown file in Winsock LSP: c:\program files\ashampoo\ashampoo firewall\spi.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne … nicode.cab O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

Z góry wielkie dzieNki za pomoc

adam9870 · 11 Marzec 2007 10:38

Folder usuń ręcznie będąc w trybie awaryjnym natomiast wpis HijackThis.

Użyj narzędzia NoLop.

Po wykonaniu pokaż nowy log z HijackThis, SilentRunners oraz zawartość pliku C:\NoLop.log

StupidDream · 11 Marzec 2007 11:13

Proszę bardzo:

NoLop! :

Hijack This :

Logfile of HijackThis v1.99.1 Scan saved at 11:58:26, on 2007-03-11 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\WINDOWS\System32\drivers\CDAC11BA.EXE C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\PAStiSvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\eMule\emule.exe C:\Program Files\Opera\Opera.exe C:\Documents and Settings\EMILJUSZ\Moje dokumenty\Specjalne\Hijack\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.eu.microsoft.com/poland/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [Ashampoo FireWall] “C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe” -TRAY O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [bagspart] C:\DOCUME~1\EMILJUSZ\DANEAP~1\BALLOP~1\BOLT DOWNLOAD.exe O4 - HKCU…\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint – Dodaj do listy drukowania - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint – Drukuj - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint – Drukuj z dużą szybkością - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint – Podgląd - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files\ashampoo\ashampoo firewall\spi.dll O10 - Unknown file in Winsock LSP: c:\program files\ashampoo\ashampoo firewall\spi.dll O10 - Unknown file in Winsock LSP: c:\program files\ashampoo\ashampoo firewall\spi.dll O10 - Unknown file in Winsock LSP: c:\program files\ashampoo\ashampoo firewall\spi.dll O10 - Unknown file in Winsock LSP: c:\program files\ashampoo\ashampoo firewall\spi.dll O10 - Unknown file in Winsock LSP: c:\program files\ashampoo\ashampoo firewall\spi.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne … nicode.cab O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

Silent :

“Silent Runners.vbs”, revision R50, http://www.silentrunners.org/ Operating System: Windows XP Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “Gadu-Gadu” = ““C:\Program Files\Gadu-Gadu\gg.exe” /tray” [“Gadu-Gadu S.A.”] “bagspart” = “C:\DOCUME~1\EMILJUSZ\DANEAP~1\BALLOP~1\BOLT DOWNLOAD.exe” [file not found] “eMuleAutoStart” = “C:\Program Files\eMule\emule.exe -AutoStart” [“http://www.emule-project.net”] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “avast!” = “C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [null data] “QuickTime Task” = ““C:\Program Files\QuickTime\qttask.exe” -atboottime” [“Apple Computer, Inc.”] “NvCplDaemon” = “RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup” [MS] “nwiz” = “nwiz.exe /install” [“NVIDIA Corporation”] “NvMediaCenter” = “RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit” [MS] “Ashampoo FireWall” = ““C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe” -TRAY” [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM…CLSID} = “AcroIEHlprObj Class” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx” [empty string] {22BF413B-C6D2-4d91-82A9-A0F997BA588C}(Default) = “Skype add-on (mastermind)” -> {HKLM…CLSID} = “Skype add-on (mastermind)” \InProcServer32(Default) = “C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL” [“Skype Technologies S.A.”] {68F9551E-0411-48E4-9AAF-4BC42A6A46BE}(Default) = “Canon Easy Web Print Helper” -> {HKLM…CLSID} = “EWPBrowseObject Class” \InProcServer32(Default) = “C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll” [null data] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided) -> {HKLM…CLSID} = “SSVHelper Class” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll” [“Sun Microsystems, Inc.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\System32\hticons.dll” [“Hilgraeve, Inc.”] “{5b4dae26-b807-11d0-9815-00c04fd91972}” = “Menu Band” -> {HKLM…CLSID} = “Menu Band” \InProcServer32(Default) = “C:\WINDOWS\system32\SHELL32.dll” [MS] “{8278F931-2A3E-11d2-838F-00C04FD918D0}” = “Tracking Shell Menu” -> {HKLM…CLSID} = “Tracking Shell Menu” \InProcServer32(Default) = “C:\WINDOWS\system32\SHELL32.dll” [MS] “{E13EF4E4-D2F2-11d0-9816-00C04FD91972}” = “Menu Site” -> {HKLM…CLSID} = “Menu Site” \InProcServer32(Default) = “C:\WINDOWS\system32\SHELL32.dll” [MS] “{ECD4FC4F-521C-11D0-B792-00A0C90312E1}” = “Menu Desk Bar” -> {HKLM…CLSID} = “Menu Desk Bar” \InProcServer32(Default) = “C:\WINDOWS\system32\SHELL32.dll” [MS] “{D82BE2B0-5764-11D0-A96E-00C04FD705A2}” = “IShellFolderBand” -> {HKLM…CLSID} = “IShellFolderBand” \InProcServer32(Default) = “C:\WINDOWS\system32\SHELL32.dll” [MS] “{0E5CBF21-D15F-11d0-8301-00AA005B4383}” = “Łą&cza” -> {HKLM…CLSID} = “Łą&cza” \InProcServer32(Default) = “C:\WINDOWS\system32\SHELL32.dll” [MS] “{7487cd30-f71a-11d0-9ea7-00805f714772}” = “Thumbnail Image” -> {HKLM…CLSID} = “Thumbnail Image” \InProcServer32(Default) = “C:\WINDOWS\system32\SHELL32.dll” [MS] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] “{cc86590a-b60a-48e6-996b-41d25ed39a1e}” = “Portable Media Devices Menu” -> {HKLM…CLSID} = “Portable Media Devices Menu” \InProcServer32(Default) = “C:\WINDOWS\System32\Audiodev.dll” [MS] “{A5110426-177D-4e08-AB3F-785F10B4439C}” = “Sony Ericsson File Manager” -> {HKLM…CLSID} = “Sony Ericsson File Manager” \InProcServer32(Default) = “C:\Program Files\Sony Ericsson\Mobile2\File Manager\fmgrgui.dll” [“Sony Ericsson Mobile Communications AB”] “{472083B0-C522-11CF-8763-00608CC02F24}” = “avast” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] “{A70C977A-BF00-412C-90B7-034C51DA2439}” = “NvCpl DesktopContext Class” -> {HKLM…CLSID} = “DesktopContext Class” \InProcServer32(Default) = “C:\WINDOWS\System32\nvcpl.dll” [“NVIDIA Corporation”] “{FFB699E0-306A-11d3-8BD1-00104B6F7516}” = “Play on my TV helper” -> {HKLM…CLSID} = “NVIDIA CPL Extension” \InProcServer32(Default) = “C:\WINDOWS\System32\nvcpl.dll” [“NVIDIA Corporation”] “{1CDB2949-8F65-4355-8456-263E7C208A5D}” = “Desktop Explorer” -> {HKLM…CLSID} = “Desktop Explorer” \InProcServer32(Default) = “C:\WINDOWS\System32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A47}” = “Desktop Explorer Menu” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\System32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A48}” = “nView Desktop Context Menu” -> {HKLM…CLSID} = “nView Desktop Context Menu” \InProcServer32(Default) = “C:\WINDOWS\System32\nvshell.dll” [“NVIDIA Corporation”] “{00020D75-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Desktop Icon Handler” -> {HKLM…CLSID} = “Microsoft Office Outlook” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL” [MS] “{0006F045-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Custom Icon Handler” -> {HKLM…CLSID} = “Rozszerzenie ikon plików programu Outlook” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL” [MS] “{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Microsoft Office\OFFICE11\msohev.dll” [MS] HKLM\Software\Classes\PROTOCOLS\Filter\ <> text/xml\CLSID = “{807553E5-5146-11D5-A672-00B0D022E945}” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL” [MS] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} “undockwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be enabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ “Wallpaper” = “C:\Documents and Settings\EMILJUSZ\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\Documents and Settings\EMILJUSZ\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ “SCRNSAVE.EXE” = “C:\WINDOWS\System32\logon.scr” [MS] Enabled Scheduled Tasks: ------------------------ “Rozpoczęcie aplikacji dostrajania” -> launches: “walign” [file not found] “AppleSoftwareUpdate” -> launches: “C:\Program Files\Apple Software Update\SoftwareUpdate.exe -Task” [“Apple Computer, Inc.”] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: C:\Program Files\Ashampoo\Ashampoo FireWall\spi.dll [null data], 01 - 05, 16 %SystemRoot%\system32\mswsock.dll [MS], 06 - 15, 17 - 19 %SystemRoot%\system32\rsvpsp.dll [MS], 20 - 21 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKLM\Software\Microsoft\Internet Explorer\Toolbar\ “{327C2873-E90D-4C37-AA9D-10AC9BABA46C}” = “Easy-WebPrint” -> {HKLM…CLSID} = “Easy-WebPrint” \InProcServer32(Default) = “C:\Program Files\Canon\Easy-WebPrint\Toolband.dll” [null data] Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ HKLM\Software\Classes\CLSID{03C1C47F-0538-4645-8372-D3109B9FC636}(Default) = “Easy-WebPrint” Implemented Categories{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32(Default) = “C:\Program Files\Canon\Easy-WebPrint\Toolband.dll” [null data] HKLM\Software\Classes\CLSID{FF059E31-CC5A-4E2E-BF3B-96E929D65503}(Default) = “&Badanie” Implemented Categories{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL” [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ “MenuText” = “Sun Java Console” “CLSIDExtension” = “{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}” -> {HKCU…CLSID} = “Java Plug-in 1.5.0_10” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll” [“Sun Microsystems, Inc.”] -> {HKLM…CLSID} = “Java Plug-in 1.5.0_10” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll” [“Sun Microsystems, Inc.”] {77BF5300-1474-4EC7-9980-D32B190E9B07}\ “ButtonText” = “Skype” “CLSIDExtension” = “{77BF5300-1474-4EC7-9980-D32B190E9B07}” -> {HKLM…CLSID} = “Skype add-on (button)” \InProcServer32(Default) = “C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL” [“Skype Technologies S.A.”] {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ “ButtonText” = “Badanie” Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ avast! Antivirus, avast! Antivirus, ““C:\Program Files\Alwil Software\Avast4\ashServ.exe”” [null data] avast! iAVS4 Control Service, aswUpdSv, ““C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe”” [null data] avast! Mail Scanner, avast! Mail Scanner, ““C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe” /service” [“ALWIL Software”] avast! Web Scanner, avast! Web Scanner, ““C:\Program Files\Alwil Software\Avast4\ashWebSv.exe” /service” [“ALWIL Software”] BlueSoleil Hid Service, BlueSoleil Hid Service, “C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe” [null data] C-DillaCdaC11BA, C-DillaCdaC11BA, “C:\WINDOWS\System32\drivers\CDAC11BA.EXE” [“C-Dilla Ltd”] NVIDIA Display Driver Service, NVSvc, “C:\WINDOWS\System32\nvsvc32.exe” [“NVIDIA Corporation”] STI Simulator, STI Simulator, “C:\WINDOWS\System32\PAStiSvc.exe” [null data] Windows User Mode Driver Framework, UMWdf, “C:\WINDOWS\System32\wdfmgr.exe” [MS] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ Canon BJ Language Monitor iP4300\Driver = “CNMLM86.DLL” [“CANON INC.”] Microsoft Document Imaging Writer Monitor\Driver = “mdimon.dll” [MS] ---------- <>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer “No” at the first message box and “Yes” at the second message box. ---------- (total run time: 721 seconds, including 18 seconds for message boxes)

adam9870 · 11 Marzec 2007 11:16

Otwórz Notatnik i wklej w nim to:

Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.REG >>> kliknij dwa razy na utworzony plik FIX.REG i potwierdź dodanie do rejestru >>> restart.

Usuń wpis HJT jeśli będzie.

Po wykonaniu możesz wkleić nowe logi.

StupidDream · 11 Marzec 2007 11:22

Nie chce się dodać… :shock:

Gutek · 11 Marzec 2007 11:25

Poporaw tytuł tematu.

Nie używaj przy pisaniu Caps Locka, nie krzyczymy na forum

Pozdrawiam Gutek2222

adam9870 · 11 Marzec 2007 11:25

Wklej log z ComboScan i log z Gmer’a wykonany przy takim ustawieniu:

Zakładka Rootkit >>> zaznaczone tylko Usługi i Pokazuj wszystko >>> kliknij Szukaj >>> czekaj cierpliwie aż skończy >>> Kopiuj >>> wklej do posta

StupidDream · 11 Marzec 2007 11:34

Combofix :

ComboFix 07-01-21 - Running from: “C:\Documents and Settings\EMILJUSZ\Moje dokumenty\Specjalne\Combofix” (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\hosts ((((((((((((((((((((((((((((((( Files Created from 2007-02-11 to 2007-03-11 )))))))))))))))))))))))))))))))))) 2007-03-11 11:51 2007-03-11 11:51 2007-03-10 23:52 2007-03-10 23:06 2007-03-10 22:59 2007-03-10 22:58 2007-03-10 22:58 2007-03-10 13:39 2007-03-10 13:27 2007-03-10 13:26 2007-03-09 19:32 2007-03-09 19:21 2007-03-09 09:19 2007-03-06 21:22 17,920 --a------ C:\WINDOWS\SYSTEM32\mdimon.dll 2007-03-06 21:20 2007-03-06 21:15 2007-03-06 20:08 2007-03-06 20:04 180,224 --a------ C:\WINDOWS\SYSTEM32\NVUNINST.EXE 2007-03-06 20:04 180,224 --a------ C:\WINDOWS\SYSTEM32\nvudisp.exe 2007-03-06 20:04 2007-03-06 20:03 2007-03-06 18:51 2007-03-06 18:50 182,880 --a------ C:\WINDOWS\SYSTEM32\iuengine.dll 2007-03-05 22:31 2007-03-05 16:56 2007-03-05 16:19 2007-03-05 16:18 2007-03-05 14:39 2007-03-05 14:36 2007-03-05 13:32 2007-03-05 13:11 2007-03-05 12:53 2007-03-05 12:46 229,376 -ra------ C:\WINDOWS\SYSTEM32\atiiiexx.dll 2007-03-05 12:46 2007-03-04 14:48 2007-03-04 14:21 2007-03-03 20:50 2007-03-03 18:48 2007-03-03 18:48 2007-03-03 15:05 2007-03-03 14:09 94,424 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aswmon2.sys 2007-03-03 14:09 90,112 --a------ C:\WINDOWS\SYSTEM32\AVASTSS.scr 2007-03-03 14:09 85,952 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aswmon.sys 2007-03-03 14:09 689,280 --a------ C:\WINDOWS\SYSTEM32\aswBoot.exe 2007-03-03 14:09 43,176 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aswTdi.sys 2007-03-03 14:09 31,560 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aavmker4.sys 2007-03-03 14:09 23,352 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aswRdr.sys 2007-03-03 14:09 2007-03-02 16:40 2007-02-24 20:46 2007-02-24 19:57 2007-02-23 15:34 2007-02-23 12:56 2007-02-23 12:53 19,456 --a------ C:\WINDOWS\SYSTEM32\asapi.dll 2007-02-23 12:53 10,240 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\asapi.sys 2007-02-23 12:53 2007-02-23 12:53 2007-02-23 12:52 2007-02-23 12:51 1,052,672 --a------ C:\WINDOWS\SYSTEM32\CDDBControl.dll 2007-02-23 10:27 2007-02-22 17:34 33,664 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\disk.sys 2007-02-22 17:32 87,824 -ra------ C:\WINDOWS\SYSTEM32\DRIVERS\w300mgmt.sys 2007-02-22 17:32 85,696 -ra------ C:\WINDOWS\SYSTEM32\DRIVERS\w300obex.sys 2007-02-22 17:24 24,960 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\usbccgp.sys 2007-02-22 17:20 96,352 -ra------ C:\WINDOWS\SYSTEM32\DRIVERS\w300mdm.sys 2007-02-22 17:20 9,264 -ra------ C:\WINDOWS\SYSTEM32\DRIVERS\w300mdfl.sys 2007-02-22 17:20 60,800 -ra------ C:\WINDOWS\SYSTEM32\DRIVERS\w300bus.sys 2007-02-22 17:20 6,208 -ra------ C:\WINDOWS\SYSTEM32\DRIVERS\w300cmnt.sys 2007-02-22 17:20 6,208 -ra------ C:\WINDOWS\SYSTEM32\DRIVERS\w300cm.sys 2007-02-22 17:20 5,840 -ra------ C:\WINDOWS\SYSTEM32\DRIVERS\w300whnt.sys 2007-02-22 17:20 5,840 -ra------ C:\WINDOWS\SYSTEM32\DRIVERS\w300wh.sys 2007-02-22 17:17 2007-02-22 17:15 2007-02-22 17:15 2007-02-22 17:15 2007-02-22 17:14 2007-02-22 17:14 2007-02-22 17:14 2007-02-21 23:42 2007-02-20 18:17 2007-02-17 19:29 2007-02-16 13:14 2007-02-15 22:50 2007-02-15 21:20 2007-02-15 21:20 2007-02-15 20:24 2007-02-15 14:27 8,464 --a------ C:\WINDOWS\SYSTEM32\sporder.dll 2007-02-15 14:18 2007-02-15 12:57 2007-02-15 12:57 2007-02-15 12:52 87,040 --a------ C:\WINDOWS\SYSTEM32\ra32sipr.dll 2007-02-15 12:52 85,504 --a------ C:\WINDOWS\SYSTEM32\encdnet.dll 2007-02-15 12:52 81,920 --a------ C:\WINDOWS\SYSTEM32\ra3214_4.dll 2007-02-15 12:52 72,704 --a------ C:\WINDOWS\SYSTEM32\ra3228_8.dll 2007-02-15 12:52 61,952 --a------ C:\WINDOWS\SYSTEM32\decdnet.dll 2007-02-15 12:52 487,936 --a------ C:\WINDOWS\SYSTEM32\rmbe3260.dll 2007-02-15 12:52 487,424 --a------ C:\WINDOWS\SYSTEM32\msvcp70.dll 2007-02-15 12:52 352,768 --a------ C:\WINDOWS\SYSTEM32\pngu3263.dll 2007-02-15 12:52 344,064 --a------ C:\WINDOWS\SYSTEM32\msvcr70.dll 2007-02-15 12:52 21,504 --a------ C:\WINDOWS\SYSTEM32\ra32dnet.dll 2007-02-15 12:52 131,072 --a------ C:\WINDOWS\SYSTEM32\pneng50.dll 2007-02-15 12:52 130,560 --a------ C:\WINDOWS\SYSTEM32\pnc3250.dll 2007-02-15 12:51 2007-02-15 12:50 700,416 --a------ C:\WINDOWS\SYSTEM32\SYNSOACC.dll 2007-02-15 12:50 45,056 --a------ C:\WINDOWS\SYSTEM32\Synsopos.exe 2007-02-15 12:50 33,792 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\cledx.sys 2007-02-15 12:50 17,784 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\NSynas32.sys 2007-02-15 12:50 16,896 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\synasUSB.sys 2007-02-15 12:50 147,456 --a------ C:\WINDOWS\SYSTEM32\SynsoLChk.dll 2007-02-15 12:50 2007-02-15 11:04 2007-02-15 09:51 2007-02-14 22:03 2007-02-14 15:47 2007-02-11 19:07 2007-02-11 17:18 2007-02-11 13:21 (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-03-08 10:26 14848 --ahs---- C:\Program Files\thumbs.db 2007-02-11 19:16 12400 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\secdrv.sys 2007-02-07 13:23 -------- d-------- C:\Program Files\deluxe ski jump 3 2007-01-27 23:52 -------- d-------- C:\DOCUME~1\EMILJUSZ\Dane aplikacji\shareaza 2007-01-27 14:40 8864 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\CDAC15BA.SYS 2007-01-27 14:40 30720 -r-h----- C:\WINDOWS\cdac13ba.exe 2007-01-27 14:40 112128 -r-h----- C:\WINDOWS\cdac14ba.dll 2007-01-26 14:56 43520 --a------ C:\WINDOWS\SYSTEM32\cmdlineext03.dll 2007-01-22 13:52 -------- d-------- C:\Program Files\interactive vision 2007-01-22 13:18 -------- d-------- C:\Program Files\midtown 2007-01-21 17:45 -------- d-------- C:\Program Files\microsoft reader 2007-01-20 21:03 -------- d-------- C:\Program Files\spyware doctor 2007-01-20 21:03 -------- d-------- C:\DOCUME~1\EMILJUSZ\Dane aplikacji\pc tools 2007-01-20 20:29 -------- d-------- C:\Program Files\roguescanfix 2007-01-19 13:35 719088 --a------ C:\WINDOWS\SYSTEM32\skaneronline.dll 2007-01-19 09:40 89088 --a------ C:\WINDOWS\SYSTEM32\skaneronlineuninstall.exe 2007-01-16 18:09 -------- d-------- C:\Program Files\ivt corporation 2007-01-16 13:08 -------- d-------- C:\Program Files\jowood 2007-01-16 12:19 -------- d-------- C:\Program Files\paragon software 2007-01-14 12:05 535040 --a------ C:\WINDOWS\flashax.exe 2007-01-14 12:05 491520 --a------ C:\WINDOWS\mobuzak screensaver.scr 2007-01-14 12:05 12288 --a------ C:\WINDOWS\impborl.dll 2007-01-12 20:42 -------- d-------- C:\Program Files\gt interactive 2007-01-12 17:37 -------- d-------- C:\DOCUME~1\EMILJUSZ\Dane aplikacji\sun 2007-01-11 16:05 -------- d-------- C:\Program Files\gimnazjum klasa 1 - biologia 2007-01-05 14:57 499712 --a------ C:\WINDOWS\SYSTEM32\msvcp71.dll 2007-01-05 14:57 348160 --a------ C:\WINDOWS\SYSTEM32\msvcr71.dll 2007-01-05 14:46 107008 --a------ C:\WINDOWS\SYSTEM32\migicons.exe 2007-01-05 14:37 62 --ahs---- C:\DOCUME~1\EMILJUSZ\Dane aplikacji\desktop.ini 2007-01-05 14:23 266 —hs---- C:\Program Files\desktop.ini 2007-01-05 14:23 133 --a------ C:\AUTOEXEC.BAT 2007-01-05 14:23 11232 —h----- C:\Program Files\folder.htt 2007-01-05 14:23 100 --a------ C:\CONFIG.SYS 2007-01-05 14:21 1676 -r-hs---- C:\MSDOS.SYS 2007-01-05 14:16 19131 --a------ C:\WINDOWS\setver.exe (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] “Gadu-Gadu”="“C:\Program Files\Gadu-Gadu\gg.exe” /tray" “eMuleAutoStart”=“C:\Program Files\eMule\emule.exe -AutoStart” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] “avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” “QuickTime Task”="“C:\Program Files\QuickTime\qttask.exe” -atboottime" “NvCplDaemon”=“RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup” “nwiz”=“nwiz.exe /install” “NvMediaCenter”=“RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit” “Ashampoo FireWall”="“C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe” -TRAY" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] “Installed”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] “NoChange”=“1” “Installed”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] “Installed”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys] “LoadPowerProfile”=“Rundll32.exe powrprof.dll,LoadCurrentPwrScheme” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^BlueSoleil.lnk] “path”=“C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\BlueSoleil.lnk” “backup”=“C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup” “location”=“Common Startup” “command”=“C:\PROGRA~1\IVTCOR~1\BLUESO~1\BLUESO~1.EXE " “item”=“BlueSoleil” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk] “path”=“C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk” “backup”=“C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup” “location”=“Common Startup” “command”=“C:\PROGRA~1\MICROS~2\Office\OSA9.EXE -b -l” “item”=“Microsoft Office” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=”" “hkey”=“HKLM” “command”="" “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“bittorrent” “hkey”=“HKCU” “command”="“C:\Program Files\BitTorrent\bittorrent.exe” --force_start_minimized" “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“BJPSMAIN” “hkey”=“HKLM” “command”=“C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMuleAutoStart] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“emule” “hkey”=“HKCU” “command”=“C:\Program Files\eMule\emule.exe -AutoStart” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H2O] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“cledx” “hkey”=“HKLM” “command”=“C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“ISUSPM” “hkey”=“HKLM” “command”=“C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“issch” “hkey”=“HKLM” “command”="“C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe” -start" “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“msmsgs” “hkey”=“HKCU” “command”="“C:\Program Files\Messenger\msmsgs.exe” /background" “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“NeroCheck” “hkey”=“HKLM” “command”=“C:\WINDOWS\System32\\NeroCheck.exe” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“Application Launcher” “hkey”=“HKLM” “command”="“C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe” /startoptions" “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“jusched” “hkey”=“HKLM” “command”="“C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe”" “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemTray] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“SysTray” “hkey”=“HKLM” “command”=“SysTray.Exe” “inimapping”=“0” [HKEY_USERS.default\software\microsoft\windows\currentversion\run] “Spyware Doctor”="" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] “Spyware Doctor”="" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] “SecurityProviders”=“msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll” [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2{d51361c4-9cc1-11db-8cb8-806d6172696f}] Shell\AutoRun\command E:\RunGame.exe Contents of the ‘Scheduled Tasks’ folder C:\WINDOWS\tasks\Rozpocz©cie aplikacji dostrajania.job C:\WINDOWS\tasks\AppleSoftwareUpdate.job Completion time: 07-03-11 12:31:44

Gmer :

GMER 1.0.12.12086 - http://www.gmer.net Rootkit scan 2007-03-11 12:41:50 Windows 5.1.2600 ---- Services - GMER 1.0.12 ---- Service [sYSTEM] Aavmker4 Service [DISABLED] Abiosdsk Service [DISABLED] abp480n5 Service [DISABLED] ACPI Service [DISABLED] ACPIEC Service [DISABLED] adpu160m Service C:\WINDOWS\system32\drivers\aec.sys [MANUAL] aec Service C:\WINDOWS\System32\drivers\afd.sys [AUTO] AFD Service C:\WINDOWS\System32\DRIVERS\agp440.sys [bOOT] agp440 Service [DISABLED] Aha154x Service [DISABLED] aic78u2 Service [DISABLED] aic78xx Service C:\WINDOWS\System32\svchost.exe [MANUAL] Alerter Service C:\WINDOWS\System32\alg.exe [MANUAL] ALG Service [DISABLED] AliIde Service [DISABLED] amsint Service C:\WINDOWS\system32\svchost.exe [MANUAL] AppMgmt Service [sYSTEM] Asapi Service [DISABLED] asc Service [DISABLED] asc3350p Service [DISABLED] asc3550 Service C:\Documents and Settings\Marek\Ustawienia lokalne\Temp\ASFWHide [MANUAL] ASFWHide Service [AUTO] aswMon2 Service [MANUAL] aswRdr Service [sYSTEM] aswTdi Service C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [AUTO] aswUpdSv Service C:\WINDOWS\System32\DRIVERS\asyncmac.sys [MANUAL] AsyncMac Service C:\WINDOWS\System32\DRIVERS\atapi.sys [bOOT] atapi Service [DISABLED] Atdisk Service C:\WINDOWS\System32\DRIVERS\atmarpc.sys [MANUAL] Atmarpc Service C:\WINDOWS\System32\svchost.exe [AUTO] AudioSrv Service C:\WINDOWS\System32\DRIVERS\audstub.sys [MANUAL] audstub Service C:\Program Files\Alwil Software\Avast4\ashServ.exe [AUTO] avast! Antivirus Service C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [MANUAL] avast! Mail Scanner Service C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [MANUAL] avast! Web Scanner Service BattC Service [sYSTEM] Beep Service C:\WINDOWS\System32\svchost.exe [MANUAL] BITS Service C:\WINDOWS\System32\DRIVERS\blueletaudio.sys [MANUAL] BlueletAudio Service C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe [AUTO] BlueSoleil Hid Service Service C:\WINDOWS\System32\svchost.exe [AUTO] Browser Service C:\WINDOWS\System32\DRIVERS\btnetdrv.sys [MANUAL] BT Service C:\WINDOWS\System32\Drivers\btcusb.sys [MANUAL] Btcsrusb Service C:\WINDOWS\System32\DRIVERS\vbtenum.sys [MANUAL] BTHidEnum Service C:\WINDOWS\System32\Drivers\BTHidMgr.sys [bOOT] BTHidMgr Service C:\WINDOWS\System32\drivers\CDAC11BA.EXE [AUTO] C-DillaCdaC11BA Service [DISABLED] cbidf2k Service C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [MANUAL] CCDECODE Service [DISABLED] cd20xrnt Service C:\WINDOWS\System32\drivers\CDAC15BA.SYS [MANUAL] CdaC15BA Service [sYSTEM] Cdaudio Service [DISABLED] Cdfs Service C:\WINDOWS\System32\DRIVERS\cdrom.sys [sYSTEM] Cdrom Service [sYSTEM] Changer Service C:\WINDOWS\system32\cisvc.exe [MANUAL] cisvc Service C:\WINDOWS\System32\DRIVERS\cledx.sys [MANUAL] CLEDX Service C:\WINDOWS\system32\clipsrv.exe [MANUAL] ClipSrv Service [DISABLED] CmdIde Service C:\WINDOWS\System32\dllhost.exe [MANUAL] COMSysApp Service ContentFilter Service ContentIndex Service [DISABLED] Cpqarray Service C:\WINDOWS\system32\svchost.exe [AUTO] CryptSvc Service [DISABLED] dac2w2k Service [DISABLED] dac960nt Service C:\WINDOWS\System32\svchost.exe [AUTO] Dhcp Service C:\WINDOWS\System32\DRIVERS\disk.sys [bOOT] Disk Service C:\WINDOWS\System32\dmadmin.exe [MANUAL] dmadmin Service C:\WINDOWS\System32\drivers\dmboot.sys [DISABLED] dmboot Service C:\WINDOWS\System32\drivers\dmio.sys [bOOT] dmio Service C:\WINDOWS\System32\drivers\dmload.sys [bOOT] dmload Service C:\WINDOWS\System32\svchost.exe [AUTO] dmserver Service C:\WINDOWS\system32\drivers\DMusic.sys [MANUAL] DMusic Service C:\WINDOWS\System32\svchost.exe [AUTO] Dnscache Service [DISABLED] dpti2o Service C:\WINDOWS\system32\drivers\drmkaud.sys [MANUAL] drmkaud Service C:\WINDOWS\System32\svchost.exe [AUTO] ERSvc Service C:\WINDOWS\system32\drivers\es1969.sys [MANUAL] es1969 Service C:\WINDOWS\system32\services.exe [AUTO] Eventlog Service C:\WINDOWS\System32\svchost.exe [MANUAL] EventSystem Service [DISABLED] Fastfat Service C:\WINDOWS\System32\svchost.exe [MANUAL] FastUserSwitchingCompatibility Service C:\WINDOWS\System32\DRIVERS\fdc.sys [MANUAL] Fdc Service [sYSTEM] Fips Service C:\WINDOWS\System32\DRIVERS\flpydisk.sys [MANUAL] Flpydisk Service [sYSTEM] Fs_Rec Service C:\WINDOWS\System32\DRIVERS\ftdisk.sys [bOOT] Ftdisk Service C:\WINDOWS\System32\DRIVERS\gameenum.sys [MANUAL] gameenum Service C:\WINDOWS\System32\DRIVERS\gmer.sys [MANUAL] gmer Service C:\WINDOWS\System32\DRIVERS\msgpc.sys [MANUAL] Gpc Service C:\WINDOWS\System32\svchost.exe [AUTO] helpsvc Service C:\WINDOWS\System32\svchost.exe [AUTO] HidServ Service C:\WINDOWS\System32\DRIVERS\hidusb.sys [MANUAL] HidUsb Service [DISABLED] hpn Service [DISABLED] hpt3xx Service [sYSTEM] i2omgmt Service [DISABLED] i2omp Service C:\WINDOWS\System32\DRIVERS\i8042prt.sys [sYSTEM] i8042prt Service system32\drivers\ikhfile.sys [sYSTEM] ikhfile Service system32\drivers\ikhlayer.sys [sYSTEM] ikhlayer Service [sYSTEM] Imapi Service C:\WINDOWS\System32\imapi.exe [MANUAL] ImapiService Service inetaccs Service [DISABLED] ini910u Service Inport Service C:\WINDOWS\System32\DRIVERS\intelide.sys [bOOT] IntelIde Service C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys [MANUAL] IpFilterDriver Service C:\WINDOWS\System32\DRIVERS\ipinip.sys [MANUAL] IpInIp Service C:\WINDOWS\System32\DRIVERS\ipnat.sys [MANUAL] IpNat Service C:\WINDOWS\System32\DRIVERS\ipsec.sys [sYSTEM] IPSec Service C:\WINDOWS\System32\DRIVERS\irenum.sys [MANUAL] IRENUM Service ISAPISearch Service C:\WINDOWS\System32\DRIVERS\isapnp.sys [bOOT] isapnp Service C:\WINDOWS\System32\DRIVERS\kbdclass.sys [sYSTEM] Kbdclass Service C:\WINDOWS\System32\DRIVERS\kbdhid.sys [sYSTEM] kbdhid Service C:\WINDOWS\system32\drivers\kmixer.sys [MANUAL] kmixer Service [bOOT] KSecDD Service C:\WINDOWS\System32\svchost.exe [AUTO] lanmanserver Service C:\WINDOWS\System32\svchost.exe [AUTO] lanmanworkstation Service [sYSTEM] lbrtfdc Service ldap Service LicenseService Service C:\WINDOWS\System32\svchost.exe [AUTO] LmHosts Service C:\WINDOWS\System32\svchost.exe [DISABLED] Messenger Service [sYSTEM] mnmdd Service C:\WINDOWS\System32\mnmsrvc.exe [MANUAL] mnmsrvc Service [MANUAL] Modem Service C:\WINDOWS\System32\DRIVERS\mouclass.sys [sYSTEM] Mouclass Service C:\WINDOWS\System32\DRIVERS\mouhid.sys [MANUAL] mouhid Service [bOOT] MountMgr Service [DISABLED] mraid35x Service C:\WINDOWS\System32\DRIVERS\mrxdav.sys [MANUAL] MRxDAV Service C:\WINDOWS\System32\DRIVERS\mrxsmb.sys [sYSTEM] MRxSmb Service C:\WINDOWS\System32\msdtc.exe [MANUAL] MSDTC Service [sYSTEM] Msfs Service C:\WINDOWS\System32\msiexec.exe [MANUAL] MSIServer Service C:\WINDOWS\system32\drivers\MSKSSRV.sys [MANUAL] MSKSSRV Service C:\WINDOWS\system32\drivers\MSPCLOCK.sys [MANUAL] MSPCLOCK Service C:\WINDOWS\system32\drivers\MSPQM.sys [MANUAL] MSPQM Service C:\WINDOWS\system32\drivers\MSTEE.sys [MANUAL] MSTEE Service [bOOT] Mup Service C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [MANUAL] NABTSFEC Service [bOOT] NDIS Service C:\WINDOWS\System32\DRIVERS\NdisIP.sys [MANUAL] NdisIP Service C:\WINDOWS\System32\DRIVERS\ndistapi.sys [MANUAL] NdisTapi Service C:\WINDOWS\System32\DRIVERS\ndisuio.sys [MANUAL] Ndisuio Service C:\WINDOWS\System32\DRIVERS\ndiswan.sys [MANUAL] NdisWan Service [MANUAL] NDProxy Service C:\WINDOWS\System32\DRIVERS\netbios.sys [sYSTEM] NetBIOS Service C:\WINDOWS\System32\DRIVERS\netbt.sys [sYSTEM] NetBT Service C:\WINDOWS\system32\netdde.exe [MANUAL] NetDDE Service C:\WINDOWS\system32\netdde.exe [MANUAL] NetDDEdsdm Service C:\WINDOWS\System32\lsass.exe [MANUAL] Netlogon Service C:\WINDOWS\System32\svchost.exe [MANUAL] Netman Service C:\WINDOWS\System32\svchost.exe [MANUAL] Nla Service [sYSTEM] Npfs Service [AUTO] Nsynas32 Service C:\WINDOWS\System32\DRIVERS\NtApm.sys [MANUAL] NtApm Service [DISABLED] Ntfs Service C:\WINDOWS\System32\lsass.exe [MANUAL] NtLmSsp Service C:\WINDOWS\system32\svchost.exe [MANUAL] NtmsSvc Service [sYSTEM] Null Service C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [MANUAL] nv Service C:\WINDOWS\System32\DRIVERS\nv4.sys [MANUAL] nv4 Service C:\WINDOWS\System32\nvsvc32.exe [AUTO] NVSvc Service C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys [MANUAL] NwlnkFlt Service C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys [MANUAL] NwlnkFwd Service C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [MANUAL] ose Service Outlook Service C:\WINDOWS\System32\DRIVERS\pfc027.sys [MANUAL] PAC207 Service C:\WINDOWS\System32\DRIVERS\parport.sys [MANUAL] Parport Service [bOOT] PartMgr Service [AUTO] ParVdm Service C:\WINDOWS\System32\DRIVERS\pci.sys [bOOT] PCI Service [sYSTEM] PCIDump Service [DISABLED] PCIIde Service [DISABLED] Pcmcia Service [MANUAL] PDCOMP Service [MANUAL] PDFRAME Service [MANUAL] PDRELI Service [MANUAL] PDRFRAME Service [DISABLED] perc2 Service [DISABLED] perc2hib Service PerfDisk Service PerfNet Service PerfOS Service PerfProc Service C:\WINDOWS\system32\drivers\pfc.sys [MANUAL] pfc Service C:\WINDOWS\system32\services.exe [AUTO] PlugPlay Service C:\WINDOWS\System32\lsass.exe [AUTO] PolicyAgent Service C:\WINDOWS\System32\DRIVERS\raspptp.sys [MANUAL] PptpMiniport Service C:\WINDOWS\system32\lsass.exe [AUTO] ProtectedStorage Service C:\WINDOWS\System32\DRIVERS\ptilink.sys [MANUAL] Ptilink Service [DISABLED] ql1080 Service [DISABLED] Ql10wnt Service [DISABLED] ql12160 Service [DISABLED] ql1240 Service [DISABLED] ql1280 Service C:\WINDOWS\System32\DRIVERS\rasacd.sys [sYSTEM] RasAcd Service C:\WINDOWS\System32\svchost.exe [MANUAL] RasAuto Service C:\WINDOWS\System32\DRIVERS\rasl2tp.sys [MANUAL] Rasl2tp Service C:\WINDOWS\System32\svchost.exe [MANUAL] RasMan Service C:\WINDOWS\System32\DRIVERS\raspppoe.sys [MANUAL] RasPppoe Service C:\WINDOWS\System32\DRIVERS\raspti.sys [MANUAL] Raspti Service C:\WINDOWS\System32\DRIVERS\rdbss.sys [sYSTEM] Rdbss Service C:\WINDOWS\System32\DRIVERS\RDPCDD.sys [sYSTEM] RDPCDD Service RDPDD Service C:\WINDOWS\System32\DRIVERS\rdpdr.sys [MANUAL] rdpdr Service RDPNP Service [MANUAL] RDPWD Service C:\WINDOWS\system32\sessmgr.exe [MANUAL] RDSessMgr Service C:\WINDOWS\System32\DRIVERS\redbook.sys [sYSTEM] redbook Service C:\WINDOWS\System32\svchost.exe [DISABLED] RemoteAccess Service C:\WINDOWS\system32\svchost.exe [AUTO] RemoteRegistry Service C:\WINDOWS\System32\Drivers\RootMdm.sys [MANUAL] ROOTMODEM Service C:\WINDOWS\System32\locator.exe [MANUAL] RpcLocator Service C:\WINDOWS\system32\svchost.exe [AUTO] RpcSs Service C:\WINDOWS\System32\rsvp.exe [MANUAL] RSVP Service C:\WINDOWS\System32\runtime.sys [MANUAL] Runtime Service C:\WINDOWS\system32\lsass.exe [AUTO] SamSs Service C:\WINDOWS\System32\Drivers\SBKUPNT.SYS [AUTO] SBKUPNT Service C:\WINDOWS\System32\SCardSvr.exe [MANUAL] SCardDrv Service C:\WINDOWS\System32\SCardSvr.exe [MANUAL] SCardSvr Service C:\WINDOWS\System32\svchost.exe [AUTO] Schedule Service C:\WINDOWS\System32\DRIVERS\secdrv.sys [AUTO] Secdrv Service C:\WINDOWS\System32\svchost.exe [AUTO] seclogon Service C:\WINDOWS\system32\svchost.exe [AUTO] SENS Service C:\WINDOWS\System32\DRIVERS\serenum.sys [MANUAL] serenum Service C:\WINDOWS\System32\DRIVERS\serial.sys [sYSTEM] Serial Service C:\WINDOWS\System32\DRIVERS\sermouse.sys [MANUAL] sermouse Service [sYSTEM] Sfloppy Service C:\WINDOWS\System32\svchost.exe [MANUAL] SharedAccess Service C:\WINDOWS\System32\svchost.exe [AUTO] ShellHWDetection Service [DISABLED] Simbad Service C:\WINDOWS\System32\DRIVERS\SLIP.sys [MANUAL] SLIP Service [DISABLED] Sparrow Service C:\WINDOWS\system32\drivers\splitter.sys [MANUAL] splitter Service C:\WINDOWS\system32\spoolsv.exe [AUTO] Spooler Service C:\WINDOWS\System32\DRIVERS\sr.sys [bOOT] sr Service C:\WINDOWS\System32\svchost.exe [AUTO] srservice Service C:\WINDOWS\System32\DRIVERS\srv.sys [MANUAL] Srv Service C:\WINDOWS\System32\svchost.exe [MANUAL] SSDPSRV Service C:\WINDOWS\System32\PAStiSvc.exe [AUTO] STI Simulator Service C:\WINDOWS\System32\svchost.exe [AUTO] stisvc Service C:\WINDOWS\System32\DRIVERS\StreamIP.sys [MANUAL] streamip Service C:\WINDOWS\System32\DRIVERS\swenum.sys [MANUAL] swenum Service C:\WINDOWS\system32\drivers\swmidi.sys [MANUAL] swmidi Service C:\WINDOWS\System32\dllhost.exe [MANUAL] SwPrv Service [DISABLED] symc810 Service [DISABLED] symc8xx Service [DISABLED] sym_hi Service [DISABLED] sym_u3 Service C:\WINDOWS\system32\drivers\sysaudio.sys [MANUAL] sysaudio Service C:\WINDOWS\system32\smlogsvc.exe [MANUAL] SysmonLog Service C:\WINDOWS\System32\svchost.exe [MANUAL] TapiSrv Service C:\WINDOWS\System32\DRIVERS\tcpip.sys [sYSTEM] Tcpip Service [MANUAL] TDPIPE Service [MANUAL] TDTCP Service C:\WINDOWS\System32\DRIVERS\termdd.sys [sYSTEM] TermDD Service C:\WINDOWS\System32\svchost.exe [MANUAL] TermService Service C:\WINDOWS\System32\svchost.exe [AUTO] Themes Service C:\WINDOWS\System32\DRIVERS\tj2knd5.sys [MANUAL] tj2knd5 Service C:\WINDOWS\System32\DRIVERS\tj2kunic.sys [MANUAL] tj2kunic Service C:\WINDOWS\System32\tlntsvr.exe [MANUAL] TlntSvr Service [DISABLED] TosIde Service C:\WINDOWS\system32\svchost.exe [AUTO] TrkWks Service TSDDD Service [DISABLED] Udfs Service [DISABLED] ultra Service C:\WINDOWS\System32\wdfmgr.exe [AUTO] UMWdf Service C:\WINDOWS\System32\DRIVERS\update.sys [MANUAL] Update Service C:\WINDOWS\System32\svchost.exe [AUTO] uploadmgr Service C:\WINDOWS\System32\svchost.exe [AUTO] upnphost Service C:\WINDOWS\System32\ups.exe [MANUAL] UPS Service C:\WINDOWS\System32\DRIVERS\usbccgp.sys [MANUAL] usbccgp Service C:\WINDOWS\System32\DRIVERS\usbhub.sys [MANUAL] usbhub Service C:\WINDOWS\System32\DRIVERS\usbprint.sys [MANUAL] usbprint Service C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [MANUAL] USBSTOR Service C:\WINDOWS\System32\DRIVERS\usbuhci.sys [MANUAL] usbuhci Service C:\WINDOWS\System32\DRIVERS\VComm.sys [MANUAL] VComm Service C:\WINDOWS\System32\Drivers\VcommMgr.sys [MANUAL] VcommMgr Service C:\WINDOWS\System32\drivers\vga.sys [sYSTEM] VgaSave Service [DISABLED] ViaIde Service [bOOT] VolSnap Service C:\WINDOWS\System32\vssvc.exe [MANUAL] VSS Service C:\WINDOWS\System32\DRIVERS\w300bus.sys [MANUAL] w300bus Service C:\WINDOWS\System32\DRIVERS\w300mdfl.sys [MANUAL] w300mdfl Service C:\WINDOWS\System32\DRIVERS\w300mdm.sys [MANUAL] w300mdm Service C:\WINDOWS\System32\DRIVERS\w300mgmt.sys [MANUAL] w300mgmt Service C:\WINDOWS\System32\DRIVERS\w300obex.sys [MANUAL] w300obex Service C:\WINDOWS\System32\svchost.exe [AUTO] W32Time Service W3SVC Service C:\WINDOWS\System32\DRIVERS\wanarp.sys [MANUAL] Wanarp Service [MANUAL] WDICA Service C:\WINDOWS\system32\drivers\wdmaud.sys [MANUAL] wdmaud Service C:\WINDOWS\System32\svchost.exe [AUTO] WebClient Service C:\WINDOWS\system32\svchost.exe [AUTO] winmgmt Service [MANUAL] Winsock Service WinSock2 Service WinTrust Service C:\WINDOWS\System32\svchost.exe [MANUAL] WmdmPmSN Service C:\WINDOWS\System32\svchost.exe [MANUAL] Wmi Service WmiApRpl Service C:\WINDOWS\System32\wbem\wmiapsrv.exe [MANUAL] WmiApSrv Service C:\WINDOWS\System32\drivers\ws2ifsl.sys [MANUAL] WS2IFSL Service C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [MANUAL] WSTCODEC Service C:\WINDOWS\system32\svchost.exe [AUTO] wuauserv Service C:\WINDOWS\System32\svchost.exe [AUTO] WZCSVC Service {32EABDDD-9F2B-4DCE-BE4D-5FC981F45F7D} Service {401F1AEE-89B1-4E08-A891-42528C2CB8C3} Service {5446E958-F31F-4A86-BB64-E98C69BFD6A1} ---- EOF - GMER 1.0.12 ----

adam9870 · 11 Marzec 2007 11:55

W logach:

Teraz czynności będziesz wykonywał w Gmerze więc uruchom go, poczekaj chwilkę, kliknij na zakładkę >>> w celu otworzenia pozostałych.

W zakładce CMD z zaznaczoną opcją CMD.EXE wklej:

W zakładce Procesy wybierz Zabij wszystko. Teraz poczekaj cierpliwie aż zniknie pulpit etc. - zostanie tylko okienko Gmer’a.
Wróć do zakładki CMD i kliknij Uruchom.

Teraz reset i pokaż nowy log z Combo.

Gutek · 11 Marzec 2007 12:04

Skoro jest migicons.exe to po TitanShield Antispyware / Antispywarebox

Użyj SmitFraudFix wybierz opcji nr 2 , oczywiście w trybie awaryjnym i po tym nowe logi z HJT i Silenta

StupidDream · 11 Marzec 2007 12:10

ComboFix 07-01-21 - Running from: “C:\Documents and Settings\EMILJUSZ\Moje dokumenty\Specjalne\Combofix” ((((((((((((((((((((((((((((((( Files Created from 2007-02-11 to 2007-03-11 )))))))))))))))))))))))))))))))))) 2007-03-11 12:31 80 --a------ C:\WINDOWS\gmer_uninstall.cmd 2007-03-11 11:51 2007-03-10 23:52 2007-03-10 23:06 2007-03-10 22:59 2007-03-10 22:58 2007-03-10 22:58 2007-03-10 13:39 2007-03-10 13:27 2007-03-10 13:26 2007-03-09 19:32 2007-03-09 19:21 2007-03-09 09:19 2007-03-06 21:22 17,920 --a------ C:\WINDOWS\SYSTEM32\mdimon.dll 2007-03-06 21:20 2007-03-06 21:15 2007-03-06 20:08 2007-03-06 20:04 180,224 --a------ C:\WINDOWS\SYSTEM32\NVUNINST.EXE 2007-03-06 20:04 180,224 --a------ C:\WINDOWS\SYSTEM32\nvudisp.exe 2007-03-06 20:04 2007-03-06 20:03 2007-03-06 18:51 2007-03-06 18:50 182,880 --a------ C:\WINDOWS\SYSTEM32\iuengine.dll 2007-03-05 22:31 2007-03-05 16:56 2007-03-05 16:19 2007-03-05 16:18 2007-03-05 14:39 2007-03-05 14:36 2007-03-05 13:32 2007-03-05 13:11 2007-03-05 12:53 2007-03-05 12:46 229,376 -ra------ C:\WINDOWS\SYSTEM32\atiiiexx.dll 2007-03-05 12:46 2007-03-04 14:48 2007-03-04 14:21 2007-03-03 20:50 2007-03-03 18:48 2007-03-03 18:48 2007-03-03 15:05 2007-03-03 14:09 94,424 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aswmon2.sys 2007-03-03 14:09 90,112 --a------ C:\WINDOWS\SYSTEM32\AVASTSS.scr 2007-03-03 14:09 85,952 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aswmon.sys 2007-03-03 14:09 689,280 --a------ C:\WINDOWS\SYSTEM32\aswBoot.exe 2007-03-03 14:09 43,176 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aswTdi.sys 2007-03-03 14:09 31,560 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aavmker4.sys 2007-03-03 14:09 23,352 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aswRdr.sys 2007-03-03 14:09 2007-03-02 16:40 2007-02-24 20:46 2007-02-24 19:57 2007-02-23 15:34 2007-02-23 12:56 2007-02-23 12:53 19,456 --a------ C:\WINDOWS\SYSTEM32\asapi.dll 2007-02-23 12:53 10,240 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\asapi.sys 2007-02-23 12:53 2007-02-23 12:53 2007-02-23 12:52 2007-02-23 12:51 1,052,672 --a------ C:\WINDOWS\SYSTEM32\CDDBControl.dll 2007-02-23 10:27 2007-02-22 17:34 33,664 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\disk.sys 2007-02-22 17:32 87,824 -ra------ C:\WINDOWS\SYSTEM32\DRIVERS\w300mgmt.sys 2007-02-22 17:32 85,696 -ra------ C:\WINDOWS\SYSTEM32\DRIVERS\w300obex.sys 2007-02-22 17:24 24,960 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\usbccgp.sys 2007-02-22 17:20 96,352 -ra------ C:\WINDOWS\SYSTEM32\DRIVERS\w300mdm.sys 2007-02-22 17:20 9,264 -ra------ C:\WINDOWS\SYSTEM32\DRIVERS\w300mdfl.sys 2007-02-22 17:20 60,800 -ra------ C:\WINDOWS\SYSTEM32\DRIVERS\w300bus.sys 2007-02-22 17:20 6,208 -ra------ C:\WINDOWS\SYSTEM32\DRIVERS\w300cmnt.sys 2007-02-22 17:20 6,208 -ra------ C:\WINDOWS\SYSTEM32\DRIVERS\w300cm.sys 2007-02-22 17:20 5,840 -ra------ C:\WINDOWS\SYSTEM32\DRIVERS\w300whnt.sys 2007-02-22 17:20 5,840 -ra------ C:\WINDOWS\SYSTEM32\DRIVERS\w300wh.sys 2007-02-22 17:17 2007-02-22 17:15 2007-02-22 17:15 2007-02-22 17:15 2007-02-22 17:14 2007-02-22 17:14 2007-02-22 17:14 2007-02-21 23:42 2007-02-20 18:17 2007-02-17 19:29 2007-02-16 13:14 2007-02-15 22:50 2007-02-15 21:20 2007-02-15 21:20 2007-02-15 20:24 2007-02-15 14:27 8,464 --a------ C:\WINDOWS\SYSTEM32\sporder.dll 2007-02-15 14:18 2007-02-15 12:57 2007-02-15 12:57 2007-02-15 12:52 87,040 --a------ C:\WINDOWS\SYSTEM32\ra32sipr.dll 2007-02-15 12:52 85,504 --a------ C:\WINDOWS\SYSTEM32\encdnet.dll 2007-02-15 12:52 81,920 --a------ C:\WINDOWS\SYSTEM32\ra3214_4.dll 2007-02-15 12:52 72,704 --a------ C:\WINDOWS\SYSTEM32\ra3228_8.dll 2007-02-15 12:52 61,952 --a------ C:\WINDOWS\SYSTEM32\decdnet.dll 2007-02-15 12:52 487,936 --a------ C:\WINDOWS\SYSTEM32\rmbe3260.dll 2007-02-15 12:52 487,424 --a------ C:\WINDOWS\SYSTEM32\msvcp70.dll 2007-02-15 12:52 352,768 --a------ C:\WINDOWS\SYSTEM32\pngu3263.dll 2007-02-15 12:52 344,064 --a------ C:\WINDOWS\SYSTEM32\msvcr70.dll 2007-02-15 12:52 21,504 --a------ C:\WINDOWS\SYSTEM32\ra32dnet.dll 2007-02-15 12:52 131,072 --a------ C:\WINDOWS\SYSTEM32\pneng50.dll 2007-02-15 12:52 130,560 --a------ C:\WINDOWS\SYSTEM32\pnc3250.dll 2007-02-15 12:51 2007-02-15 12:50 700,416 --a------ C:\WINDOWS\SYSTEM32\SYNSOACC.dll 2007-02-15 12:50 45,056 --a------ C:\WINDOWS\SYSTEM32\Synsopos.exe 2007-02-15 12:50 33,792 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\cledx.sys 2007-02-15 12:50 17,784 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\NSynas32.sys 2007-02-15 12:50 16,896 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\synasUSB.sys 2007-02-15 12:50 147,456 --a------ C:\WINDOWS\SYSTEM32\SynsoLChk.dll 2007-02-15 12:50 2007-02-15 11:04 2007-02-15 09:51 2007-02-14 22:03 2007-02-14 15:47 2007-02-11 19:07 2007-02-11 17:18 2007-02-11 13:21 (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-03-08 10:26 14848 --ahs---- C:\Program Files\thumbs.db 2007-02-11 19:16 12400 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\secdrv.sys 2007-02-07 13:23 -------- d-------- C:\Program Files\deluxe ski jump 3 2007-01-27 23:52 -------- d-------- C:\DOCUME~1\EMILJUSZ\Dane aplikacji\shareaza 2007-01-27 14:40 8864 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\CDAC15BA.SYS 2007-01-27 14:40 30720 -r-h----- C:\WINDOWS\cdac13ba.exe 2007-01-27 14:40 112128 -r-h----- C:\WINDOWS\cdac14ba.dll 2007-01-26 14:56 43520 --a------ C:\WINDOWS\SYSTEM32\cmdlineext03.dll 2007-01-22 13:52 -------- d-------- C:\Program Files\interactive vision 2007-01-22 13:18 -------- d-------- C:\Program Files\midtown 2007-01-21 17:45 -------- d-------- C:\Program Files\microsoft reader 2007-01-20 21:03 -------- d-------- C:\Program Files\spyware doctor 2007-01-20 21:03 -------- d-------- C:\DOCUME~1\EMILJUSZ\Dane aplikacji\pc tools 2007-01-20 20:29 -------- d-------- C:\Program Files\roguescanfix 2007-01-19 13:35 719088 --a------ C:\WINDOWS\SYSTEM32\skaneronline.dll 2007-01-19 09:40 89088 --a------ C:\WINDOWS\SYSTEM32\skaneronlineuninstall.exe 2007-01-16 18:09 -------- d-------- C:\Program Files\ivt corporation 2007-01-16 13:08 -------- d-------- C:\Program Files\jowood 2007-01-16 12:19 -------- d-------- C:\Program Files\paragon software 2007-01-14 12:05 535040 --a------ C:\WINDOWS\flashax.exe 2007-01-14 12:05 491520 --a------ C:\WINDOWS\mobuzak screensaver.scr 2007-01-14 12:05 12288 --a------ C:\WINDOWS\impborl.dll 2007-01-12 20:42 -------- d-------- C:\Program Files\gt interactive 2007-01-12 17:37 -------- d-------- C:\DOCUME~1\EMILJUSZ\Dane aplikacji\sun 2007-01-11 16:05 -------- d-------- C:\Program Files\gimnazjum klasa 1 - biologia 2007-01-05 14:57 499712 --a------ C:\WINDOWS\SYSTEM32\msvcp71.dll 2007-01-05 14:57 348160 --a------ C:\WINDOWS\SYSTEM32\msvcr71.dll 2007-01-05 14:37 62 --ahs---- C:\DOCUME~1\EMILJUSZ\Dane aplikacji\desktop.ini 2007-01-05 14:23 266 —hs---- C:\Program Files\desktop.ini 2007-01-05 14:23 133 --a------ C:\AUTOEXEC.BAT 2007-01-05 14:23 11232 —h----- C:\Program Files\folder.htt 2007-01-05 14:23 100 --a------ C:\CONFIG.SYS 2007-01-05 14:21 1676 -r-hs---- C:\MSDOS.SYS 2007-01-05 14:16 19131 --a------ C:\WINDOWS\setver.exe (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] “Gadu-Gadu”="“C:\Program Files\Gadu-Gadu\gg.exe” /tray" “eMuleAutoStart”=“C:\Program Files\eMule\emule.exe -AutoStart” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] “avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” “QuickTime Task”="“C:\Program Files\QuickTime\qttask.exe” -atboottime" “NvCplDaemon”=“RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup” “nwiz”=“nwiz.exe /install” “NvMediaCenter”=“RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit” “Ashampoo FireWall”="“C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe” -TRAY" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] “Installed”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] “NoChange”=“1” “Installed”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] “Installed”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys] “LoadPowerProfile”=“Rundll32.exe powrprof.dll,LoadCurrentPwrScheme” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^BlueSoleil.lnk] “path”=“C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\BlueSoleil.lnk” “backup”=“C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup” “location”=“Common Startup” “command”=“C:\PROGRA~1\IVTCOR~1\BLUESO~1\BLUESO~1.EXE " “item”=“BlueSoleil” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk] “path”=“C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk” “backup”=“C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup” “location”=“Common Startup” “command”=“C:\PROGRA~1\MICROS~2\Office\OSA9.EXE -b -l” “item”=“Microsoft Office” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=”" “hkey”=“HKLM” “command”="" “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“bittorrent” “hkey”=“HKCU” “command”="“C:\Program Files\BitTorrent\bittorrent.exe” --force_start_minimized" “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“BJPSMAIN” “hkey”=“HKLM” “command”=“C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMuleAutoStart] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“emule” “hkey”=“HKCU” “command”=“C:\Program Files\eMule\emule.exe -AutoStart” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H2O] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“cledx” “hkey”=“HKLM” “command”=“C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“ISUSPM” “hkey”=“HKLM” “command”=“C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“issch” “hkey”=“HKLM” “command”="“C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe” -start" “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“msmsgs” “hkey”=“HKCU” “command”="“C:\Program Files\Messenger\msmsgs.exe” /background" “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“NeroCheck” “hkey”=“HKLM” “command”=“C:\WINDOWS\System32\\NeroCheck.exe” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“Application Launcher” “hkey”=“HKLM” “command”="“C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe” /startoptions" “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“jusched” “hkey”=“HKLM” “command”="“C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe”" “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemTray] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“SysTray” “hkey”=“HKLM” “command”=“SysTray.Exe” “inimapping”=“0” [HKEY_USERS.default\software\microsoft\windows\currentversion\run] “Spyware Doctor”="" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] “Spyware Doctor”="" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] “SecurityProviders”=“msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll” [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 Contents of the ‘Scheduled Tasks’ folder C:\WINDOWS\tasks\Rozpocz©cie aplikacji dostrajania.job C:\WINDOWS\tasks\AppleSoftwareUpdate.job Completion time: 07-03-11 13:10:39 C:\ComboFix2.txt … 07-03-11 12:31

SmitFraudFix v2.148 Scan done at 13:13:45,56, 2007-03-11 Run from C:\Documents and Settings\EMILJUSZ\Moje dokumenty\Specjalne\SmitfraudFix\SmitfraudFix OS: Microsoft Windows XP [Wersja 5.1.2600] - Windows_NT The filesystem type is FAT32 Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» hosts hosts file corrupted ! # [MICROSOFT.COM] 127.0.0.1 microsoft.com.org 127.0.0.1 http://www.www.microsoft.com.org »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\EMILJUSZ »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\EMILJUSZ\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\EMILJUSZ\Ulubione »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !Attention, following keys are not inevitably infected! SrchSTS.exe by S!Ri Search SharedTaskScheduler’s .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !Attention, following keys are not inevitably infected! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] “AppInit_DLLs”="" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !Attention, following keys are not inevitably infected! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] “System”="" »»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32 »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End

Gutek · 11 Marzec 2007 12:16

Już Ok