Zainfekowana pamięć i ataki z sieci


(Krzysztof217) #1

proszę o pomoc

w nodzie pokazuje mi

a w kerio

załączam logi


(adam9870) #2

Użyj Windows Worms Doors Cleanera zmień znaczki z disable na enable (wszystkie znaczki maja być na zielono, jeżeli któryś z nich będzie na żółto to go zostaw). Po użyciu narzędzia wymagany jest restart.

Pobierz Gmer'a.

Teraz czynności będziesz wykonywał w Gmerze więc uruchom go, poczekaj chwilkę, kliknij na zakładkę >>> w celu otworzenia pozostałych.

 • W zakładce Procesy wybierz Gmer awaryjny. Komputer się zrestartuje i zostanie samo okienko Gmer'a

 • W zakładce Procesy kliknij Pliki i usuń:

 • Zrestartuj komputer ręcznie przyciskiem na obudowie

 • Po resecie otwórz Gmer'a i w zakładce CMD z zaznaczoną opcją REGEDIT.EXE wklej:

 • Kliknij Uruchom i reset.

Usuń wpisy HJT jeśli będą.

Użyj VundoFix + FixVundo + VirtumundoBeGone. Wszystkie narzędzia należy uruchomić będąc w trybie awaryjnym.

Po wykonaniu wklej nowy log z Silenta i ComboScana oraz zawartość pliku c:\rapport.txt.


(Krzysztof217) #3

UF zrobione wklejam logi do sprawdzenia

ComboScan v20070306.20 run by Administrator on 2007-03-24 at 20:29:51

Computer is in Normal Mode.

--------------------------------------------------------------------------------


-- System Restore --------------------------------------------------------------


System Restore is disabled; attempting to re-enable...success.-- Last 1 Restore Point(s) --

1: 2007-03-24 19:29:52 UTC - RP1 - Punkt kontrolny systemuPerformed disk cleanup.-- HijackThis (run as Administrator.exe) ---------------------------------------


Logfile of HijackThis v1.99.1

Scan saved at 20:30:11, on 2007-03-24

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Eset\nod32kui.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Java\jre1.6.0\bin\jusched.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe

C:\Program Files\BitSpirit\BitSpirit.exe

D:\programy\Gadu-Gadu\gg.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\Program Files\Eset\nod32krn.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\taskmgr.exe

C:\Program Files\DAP\DAP.EXE

C:\Documents and Settings\Administrator\Moje dokumenty\My Completed Downloads\comboscan.exe

E:\HIJACK~1\Administrator.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/pl/

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.pctools.com/spyware-doctor/install/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe

O4 - HKLM\..\Run: [CBitSpirit] "C:\Program Files\BitSpirit\BitSpirit.exe" /start

O4 - HKCU\..\Run: [Gadu-Gadu] "D:\programy\Gadu-Gadu\gg.exe" /tray

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm

O8 - Extra context menu item: Pobierz z &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (file missing)

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (file missing)

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe-- HijackThis Fixed Entries (E:\HIJACK~1\backups\) -----------------------------


backup-20070222-200245-529 O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

backup-20070324-194350-440 O2 - BHO: (no name) - {73AD2D19-2BF9-4F99-A70D-E6F5415DD7EE} - C:\WINDOWS\system32\ssqqr.dll (file missing)

backup-20070324-194350-461 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\programy\adobe\ActiveX\AcroIEHelper.dll

backup-20070324-194350-689 O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll


-- File Associations -----------------------------------------------------------


.bat - batfile - "%1" %*

.chm - chm.file - "C:\WINDOWS\hh.exe" %1

.cmd - cmdfile - "%1" %*

.com - comfile - "%1" %*

.exe - exefile - "%1" %*

.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1

.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1

.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1

.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*

.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}

.pif - piffile - "%1" %*

.reg - regfile - regedit.exe "%1"

.scr - scrfile - "%1" /S

.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1

.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------


3R ALCXWDM (Service for Avance AC97 Audio (WDM)) - C:\WINDOWS\system32\drivers\ALCXWDM.SYS

2R AMON - C:\WINDOWS\system32\drivers\amon.sys

3R axsaki - C:\WINDOWS\system32\drivers\axsaki.sys

3R axskbus - C:\WINDOWS\system32\drivers\axskbus.sys

1R cdrbsdrv - C:\WINDOWS\system32\drivers\CDRBSDRV.SYS

3R FETNDIS (Sterownik NT karty VIA PCI 10/100Mb Fast Ethernet) - C:\WINDOWS\system32\drivers\fetnd5.sys

1R fwdrv (Firewall Driver) - C:\WINDOWS\system32\drivers\fwdrv.sys

3S gmer - C:\WINDOWS\system32\drivers\gmer.sys

1R intelppm (Sterownik procesora Intel) - C:\WINDOWS\system32\drivers\intelppm.sys

1R khips (Kerio HIPS Driver) - C:\WINDOWS\system32\drivers\khips.sys

3R ms_mpu401 (Sterownik portu MIDI UART Microsoft MPU-401) - C:\WINDOWS\system32\drivers\msmpu401.sys

3R nv - C:\WINDOWS\system32\drivers\nv4_mini.sys

2S NwlnkIpx (Protokół transportowy zgodny z NWLink IPX/SPX/NetBIOS) - C:\WINDOWS\system32\drivers\nwlnkipx.sys

2R NwlnkNb (System NetBIOS NWLink) - C:\WINDOWS\system32\drivers\nwlnknb.sys

3S NWRDR (NetWare Rdr) - C:\WINDOWS\system32\drivers\nwrdr.sys

0R PxHelp20 - C:\WINDOWS\system32\drivers\PxHelp20.sys

3R usbehci (Sterownik Miniport rozszerzonego kontrolera hosta USB 2.0 Microsoft) - C:\WINDOWS\system32\drivers\usbehci.sys

3R usbprint (Klasa PRINTER USB Microsoft) - C:\WINDOWS\system32\drivers\usbprint.sys

3S usbscan (Sterownik skanera USB) - C:\WINDOWS\system32\drivers\usbscan.sys

3S USBSTOR (Sterownik magazynu masowego USB) - C:\WINDOWS\system32\drivers\USBSTOR.SYS

0R viaagp (Filtr magistrali AGP VIA) - C:\WINDOWS\system32\drivers\VIAAGP.SYS

1R WS2IFSL (Środowisko wspomagające dostawcę usług innych niż IFS - Windows Socket 2.0) - C:\WINDOWS\system32\drivers\ws2ifsl.sys-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------


3S Adobe LM Service - "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"

2S KPF4 (Sunbelt Kerio Personal Firewall 4) - "C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe"

3S NBService - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

2R NOD32krn (NOD32 Kernel Service) - "C:\Program Files\Eset\nod32krn.exe"

2R NVSvc (NVIDIA Display Driver Service) - C:\WINDOWS\system32\nvsvc32.exe

2S NWCWorkstation (Usługa klienta dla systemu NetWare) - C:\WINDOWS\system32\svchost.exe -k netsvcs

2R UMWdf (Windows User Mode Driver Framework) - C:\WINDOWS\system32\wdfmgr.exe-- Files created between 2007-02-24 and 2007-03-24 -----------------------------


2007-03-24 18:19:02 938 --a------ C:\WINDOWS\gmer.reg

2007-03-24 18:02:05 280676 ---hs---- C:\WINDOWS\system32\xxwvu.dll

2007-03-24 17:45:56 80 --a------ C:\WINDOWS\gmer_uninstall.cmd

2007-03-24 16:51:34 280676 ---hs---- C:\WINDOWS\system32\urspp.dll

2007-03-23 21:05:36 465869 ---hs---- C:\WINDOWS\system32\rqqss.bak1

2007-03-23 20:48:13 0 d-a------ C:\Program Files\MyGlobalSearch

2007-03-23 20:26:32 0 d-------- C:\WINDOWS\wb

2007-03-23 20:20:27 0 d-------- C:\Program1

2007-03-22 18:44:24 0 d-------- C:\WINDOWS\ShellNew

2007-03-21 14:43:23 0 d-------- C:\Program Files\WinISO

2007-03-20 08:00:17 0 d-------- C:\Games

2007-03-19 16:40:07 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll

2007-03-19 10:56:16 122884 --a------ C:\WINDOWS\UnGins.exe

2007-03-18 18:41:17 0 d-------- C:\Program Files\Microsoft FrontPage

2007-03-18 17:34:44 112640 --a------ C:\WINDOWS\lsb_un20.exe

2007-03-13 07:27:43 188960 --a------ C:\WINDOWS\system32\WINGDE.DLL

2007-03-13 07:27:43 12800 --a------ C:\WINDOWS\system32\WING32.DLL

2007-03-13 07:27:43 92208 --a------ C:\WINDOWS\system32\WING.DLL

2007-03-13 07:27:43 188960 --a------ C:\WINDOWS\system\WINGDE.DLL

2007-03-13 07:27:43 12800 --a------ C:\WINDOWS\system\WING32.DLL

2007-03-13 07:27:43 92208 --a------ C:\WINDOWS\system\WING.DLL

2007-03-13 07:27:42 50016 --a------ C:\WINDOWS\system32\IYVU9.DLL

2007-03-13 07:27:42 151056 --a------ C:\WINDOWS\system32\IR32.DLL

2007-03-13 07:27:42 77664 --a------ C:\WINDOWS\system32\IR21.DLL

2007-03-13 07:27:42 7168 --a------ C:\WINDOWS\system32\DISPDIB.DLL

2007-03-13 07:27:42 14208 --a------ C:\WINDOWS\system32\CTL3D.DLL

2007-03-13 07:27:42 12800 --a------ C:\WINDOWS\system32\ACMCMPRS.DLL

2007-03-13 07:27:42 49616 --a------ C:\WINDOWS\system\MSACM.DLL

2007-03-13 07:27:42 50016 --a------ C:\WINDOWS\system\IYVU9.DLL

2007-03-13 07:27:42 151056 --a------ C:\WINDOWS\system\IR32.DLL

2007-03-13 07:27:42 77664 --a------ C:\WINDOWS\system\IR21.DLL

2007-03-13 07:27:42 7168 --a------ C:\WINDOWS\system\DISPDIB.DLL

2007-03-13 07:27:42 14208 --a------ C:\WINDOWS\system\CTL3D.DLL

2007-03-13 07:27:42 12800 --a------ C:\WINDOWS\system\ACMCMPRS.DLL

2007-03-13 07:27:33 0 d-------- C:\Program Files\Atlas świata

2007-03-12 08:16:36 0 d-------- C:\Program Files\GameSpy Arcade

2007-03-12 08:15:59 0 --a------ C:\WINDOWS\PowerReg.dat

2007-03-07 18:41:46 0 d-------- C:\Program Files\Fujifilm

2007-03-05 18:27:57 15104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys

2007-03-05 18:25:59 0 d-------- C:\Program Files\Canon

2007-03-05 18:21:46 0 d-------- C:\Program Files\ScanSoft

2007-03-05 18:21:46 0 d-------- C:\Program Files\Common Files\ScanSoft Shared

2007-03-05 18:18:43 212480 --a------ C:\WINDOWS\PCDLIB32.DLL

2007-03-05 18:18:43 0 d-------- C:\Program Files\ArcSoft

2007-03-05 18:16:58 57344 --a------ C:\WINDOWS\system32\CNQU111.DLL

2007-03-05 18:16:58 274432 --a------ C:\WINDOWS\system32\CNQL1212.dll

2007-03-05 18:16:58 0 d--h----- C:\CanoScan

2007-03-05 17:54:54 25856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys

2007-03-05 17:53:53 0 d-------- C:\Program Files\Hewlett-Packard

2007-03-04 17:28:26 0 d-------- C:\Program Files\MarBit

2007-03-04 09:00:10 2432 -----n--- C:\WINDOWS\system32\drivers\cdr4_xp.sys

2007-03-04 09:00:09 115880 -----n--- C:\WINDOWS\system32\pxinsi64.exe

2007-03-04 09:00:09 129784 -----n--- C:\WINDOWS\system32\pxafs.dll

2007-03-04 09:00:09 36528 -----n--- C:\WINDOWS\system32\drivers\PxHelp20.sys

2007-03-04 09:00:09 2560 -----n--- C:\WINDOWS\system32\drivers\cdralw2k.sys

2007-03-04 08:58:46 0 d-------- C:\WINDOWS\RegisteredPackages

2007-03-04 08:51:15 0 d-------- C:\Program Files\Winamp

2007-02-28 07:17:53 208896 --a------ C:\WINDOWS\system32\nvudisp.exe

2007-02-28 07:17:53 0 d-------- C:\WINDOWS\nview

2007-02-28 07:17:14 208896 --a------ C:\WINDOWS\system32\NVUNINST.EXE

2007-02-28 07:16:44 0 d-------- C:\NVIDIA

2007-02-27 21:06:05 0 d-------- C:\WINDOWS\Sun

2007-02-26 21:46:04 0 d-------- C:\Program Files\Driver Cleaner

2007-02-26 18:21:35 0 d-------- C:\Program Files\MozBackup

2007-02-24 16:46:42 221184 --a------ C:\WINDOWS\system32\wmpns.dll

2007-02-24 15:51:42 5 --ahs---- C:\WINDOWS\system32\baefacf_s.dll

2007-02-24 15:51:31 0 d-------- C:\Program Files\jv16 PowerTools 2006

2007-02-24 15:50:40 0 d-------- C:\Program Files\Lavasoft

2007-02-24 15:50:26 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard

2007-02-24 06:59:55 0 d-------- C:\WINDOWS\pss-- Find3M Report ---------------------------------------------------------------


2007-03-24 19:56:46 0 d-------- C:\Program Files\Mozilla Firefox

2007-03-23 19:52:28 0 d-------- C:\Program Files\Mozilla Thunderbird

2007-03-20 20:36:08 0 d---s---- C:\Documents and Settings\Administrator\Dane aplikacji\Microsoft

2007-03-19 19:06:31 0 d--h----- C:\Program Files\InstallShield Installation Information

2007-03-18 18:39:20 0 d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Microsoft Web Folders

2007-03-13 19:57:21 0 d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Adobe

2007-03-05 19:00:31 0 d-------- C:\Program Files\FinePixViewer

2007-03-05 18:37:01 0 d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Canon

2007-03-05 18:22:40 0 d-------- C:\Documents and Settings\Administrator\Dane aplikacji\ScanSoft

2007-03-05 06:38:35 0 d-------- C:\Program Files\ffdshow

2007-03-03 18:22:37 0 d-------- C:\Program Files\Common Files\Adobe

2007-02-27 19:48:11 0 d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Help

2007-02-24 19:27:07 0 d-------- C:\Program Files\BitSpirit

2007-02-24 15:50:52 0 d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Lavasoft

2007-02-21 15:31:09 0 d-------- C:\Documents and Settings\Administrator\Dane aplikacji\AdobeUM

2007-02-19 19:34:03 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared

2007-02-18 19:28:31 0 d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Media Player Classic

2007-02-18 19:24:33 0 d-------- C:\Program Files\QuickTime Alternative

2007-02-18 19:24:17 0 d-------- C:\Program Files\Media Player Classic

2007-02-18 15:56:10 0 d-------- C:\Program Files\DAP

2007-02-18 15:52:17 50688 --a------ C:\WINDOWS\system32\wbhelp2.dll

2007-02-18 15:11:51 355830 --a------ C:\WINDOWS\system32\perfh015.dat

2007-02-18 15:11:51 49712 --a------ C:\WINDOWS\system32\perfc015.dat

2007-02-18 13:09:07 0 d-------- C:\Program Files\Java

2007-02-18 13:09:07 0 d-------- C:\Program Files\Common Files\Java

2007-02-18 13:07:30 0 d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Sun

2007-02-18 13:03:53 0 d-------- C:\Program Files\Common Files\GTK

2007-02-18 11:34:58 0 d-------- C:\Documents and Settings\Administrator\Dane aplikacji\FUJIFILM

2007-02-18 11:19:55 0 d-------- C:\Program Files\PIXELA

2007-02-18 11:19:31 0 d-------- C:\Program Files\Common Files\InstallShield

2007-02-18 11:17:26 0 d-------- C:\Program Files\REGSHAVE

2007-02-17 08:02:45 0 d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Ahead

2007-02-16 21:59:43 0 d-------- C:\Program Files\Common Files\Ahead

2007-02-16 21:58:32 0 d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Macromedia

2007-02-16 21:58:02 4100 --a------ C:\WINDOWS\mozver.dat

2007-02-16 21:54:30 0 d-------- C:\Program Files\Nero

2007-02-16 19:48:40 0 d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Talkback

2007-02-16 19:48:34 0 d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla

2007-02-16 19:48:31 0 d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Thunderbird

2007-02-16 19:29:20 0 --a------ C:\WINDOWS\nsreg.dat

2007-02-16 18:55:10 0 d-------- C:\Program Files\Common Files\ODBC

2007-02-16 18:55:03 0 d-------- C:\Program Files\Common Files\SpeechEngines

2007-02-16 18:54:08 62 --ahs---- C:\Documents and Settings\Administrator\Dane aplikacji\desktop.ini

2007-02-16 18:43:24 0 d-------- C:\Program Files\Sunbelt Software

2007-02-16 18:36:29 274432 --a------ C:\WINDOWS\system32\imon.dll

2007-02-16 18:12:18 0 d-------- C:\Documents and Settings\Administrator\Dane aplikacji\PC Tools

2007-02-16 18:08:49 0 d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Identities

2007-02-16 18:06:30 0 -rahs---- C:\MSDOS.SYS

2007-02-16 18:06:30 0 -rahs---- C:\IO.SYS

2007-02-16 18:06:30 0 --a------ C:\CONFIG.SYS

2007-02-16 18:06:30 0 --a------ C:\AUTOEXEC.BAT

2007-02-16 18:04:37 0 d--h----- C:\Program Files\WindowsUpdate

2007-02-16 18:04:32 0 d-------- C:\Program Files\Usługi online

2007-02-16 18:03:47 0 d-------- C:\Program Files\Common Files\MSSoap

2007-02-16 18:02:33 21856 --a------ C:\WINDOWS\system32\emptyregdb.dat

2007-02-07 22:14:38 10752 --a------ C:\WINDOWS\system32\ff_vfw.dll

2007-01-29 09:58:06 60416 -----n--- C:\WINDOWS\system32\tzchange.exe-- Registry Dump ---------------------------------------------------------------[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]

"Gadu-Gadu"="\"D:\\programy\\Gadu-Gadu\\gg.exe\" /tray"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]

"nod32kui"="\"C:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE"

"SoundMan"="SOUNDMAN.EXE"

"REGSHAVE"="C:\\Program Files\\REGSHAVE\\REGSHAVE.EXE /AUTORUN"

"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0\\bin\\jusched.exe\""

"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"

"nwiz"="nwiz.exe /install"

"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"

"HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb08.exe"

"CBitSpirit"="\"C:\\Program Files\\BitSpirit\\BitSpirit.exe\" /start"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]

"Installed"="1"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]

"NoChange"="1"

"Installed"="1"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]

"Installed"="1"


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^Menu Start^Programy^Autostart^Adobe Gamma.lnk]

"path"="C:\\Documents and Settings\\Administrator\\Menu Start\\Programy\\Autostart\\Adobe Gamma.lnk"

"backup"="C:\\WINDOWS\\pss\\Adobe Gamma.lnkStartup"

"location"="Startup"

"command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "

"item"="Adobe Gamma"


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]

"path"="C:\\Documents and Settings\\All Users\\Menu Start\\Programy\\Autostart\\Adobe Reader Speed Launch.lnk"

"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"

"location"="Common Startup"

"command"="D:\\programy\\adobe\\Reader\\READER~1.EXE "

"item"="Adobe Reader Speed Launch"


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Exif Launcher.lnk]

"path"="C:\\Documents and Settings\\All Users\\Menu Start\\Programy\\Autostart\\Exif Launcher.lnk"

"backup"="C:\\WINDOWS\\pss\\Exif Launcher.lnkCommon Startup"

"location"="Common Startup"

"command"="C:\\PROGRA~1\\FINEPI~1\\QuickDCF.exe "

"item"="Exif Launcher"


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="DAP"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\DAP\\DAP.EXE\" /STARTUP"

"inimapping"="0"


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="gg"

"hkey"="HKCU"

"command"="\"D:\\programy\\Gadu-Gadu\\gg.exe\" /tray"

"inimapping"="0"


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="HPWuSchd"

"hkey"="HKLM"

"command"="C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWuSchd.exe"

"inimapping"="0"


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="NeroCheck"

"hkey"="HKLM"

"command"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"

"inimapping"="0"


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OPSE reminder]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="ereg"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\ScanSoft\\OmniPageSE2.0\\EregEng\\Ereg.exe\" -r \"C:\\Program Files\\ScanSoft\\OmniPageSE2.0\\EregEng\\ereg.ini\""

"inimapping"="0"


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="OpwareSE2"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\ScanSoft\\OmniPageSE2.0\\OpwareSE2.exe\""

"inimapping"="0"


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="winampa"

"hkey"="HKLM"

"command"="d:\\Programy\\Winamp\\winampa.exe"

"inimapping"="0"


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"UPS"=dword:00000003[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{4D7C8A39-430F-4091-B9BF-3173DFA06DA0}"=""


[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"


[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]

"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"


[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]

HTTPFilter	REG_MULTI_SZ HTTPFilter\0\0

LocalService	REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0

NetworkService	REG_MULTI_SZ DnsCache\0\0

DcomLaunch	REG_MULTI_SZ DcomLaunch\0TermService\0\0

rpcss	REG_MULTI_SZ RpcSs\0\0

imgsvc	REG_MULTI_SZ StiSvc\0\0

termsvcs	REG_MULTI_SZ TermService\0\0
-- End of ComboScan: finished at 2007-03-24 at 20:31:26 ------------------------

"Silent Runners.vbs", revision 49, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"Startup items buried in registry:

---------------------------------


HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"Gadu-Gadu" = ""D:\programy\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu S.A."]


HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"nod32kui" = ""C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE" ["Eset "]

"SoundMan" = "SOUNDMAN.EXE" ["Avance Logic, Inc."]

"REGSHAVE" = "C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN" ["FUJI PHOTO FILM CO., LTD."]

"SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.6.0\bin\jusched.exe"" ["Sun Microsystems, Inc."]

"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]

"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]

"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]

"HPDJ Taskbar Utility" = "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe" ["HP"]

"CBitSpirit" = ""C:\Program Files\BitSpirit\BitSpirit.exe" /start" ["LANSPIRIT.NET"]


HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"

 -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"

          \InProcServer32\(Default) = "deskpan.dll" [file not found]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

 -> {HKLM...CLSID} = "WinRAR"

          \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

"{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"

 -> {HKLM...CLSID} = "WinZip"

          \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]

"{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"

 -> {HKLM...CLSID} = "WinZip"

          \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]

"{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"

 -> {HKLM...CLSID} = "WinZip"

          \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]

"{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip"

 -> {HKLM...CLSID} = "WinZip"

          \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]

"{B089FE88-FB52-11D3-BDF1-0050DA34150D}" = "NOD32 Context Menu Shell Extension"

 -> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"

          \InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]

"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"

 -> {HKLM...CLSID} = "NeroDigitalIconHandler Class"

          \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]

"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"

 -> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"

          \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]

"{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx"

 -> {HKLM...CLSID} = "AlcoholShellEx"

          \InProcServer32\(Default) = "D:\Programy\ALCOHO~1\ALCOHO~1\AXShlEx.dll" ["Alcohol Soft Development Team"]

"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"

 -> {HKLM...CLSID} = "DesktopContext Class"

          \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]

"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"

 -> {HKLM...CLSID} = "NVIDIA CPL Extension"

          \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]

"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"

 -> {HKLM...CLSID} = "Desktop Explorer"

          \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"

 -> {HKLM...CLSID} = (no title provided)

          \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"

 -> {HKLM...CLSID} = "nView Desktop Context Menu"

          \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{4A1DAE80-7EB1-11D8-9569-000244437016}" = "Fuji drop handler"

 -> {HKLM...CLSID} = "Fuji drop handler"

          \InProcServer32\(Default) = "C:\PROGRA~1\Fujifilm\fujidh.dll" [null data]

"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"

 -> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook"

          \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~1\Office\OLKFSTUB.DLL" [MS]


HKLM\Software\Classes\Folder\shellex\ColumnHandlers\

{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"

 -> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"

          \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]

{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"

 -> {HKLM...CLSID} = "PDF Shell Extension"

          \InProcServer32\(Default) = "D:\programy\adobe\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]


HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

DAP_Menu\(Default) = "{BED4C38B-F765-45AC-8C56-613F76BBF43E}"

 -> {HKLM...CLSID} = "DAPMenuShellExt Class"

          \InProcServer32\(Default) = "C:\PROGRA~1\DAP\PRIVAC~1\DAPCTX~1.DLL" ["Speedbit Ltd."]

DAP_ShredMenu\(Default) = "{BED4C38B-F765-45AC-8C56-613F76BBF43E}"

 -> {HKLM...CLSID} = "DAPMenuShellExt Class"

          \InProcServer32\(Default) = "C:\PROGRA~1\DAP\PRIVAC~1\DAPCTX~1.DLL" ["Speedbit Ltd."]

NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"

 -> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"

          \InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

 -> {HKLM...CLSID} = "WinRAR"

          \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"

 -> {HKLM...CLSID} = "WinZip"

          \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]


HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

DAP_ShredMenu\(Default) = "{BED4C38B-F765-45AC-8C56-613F76BBF43E}"

 -> {HKLM...CLSID} = "DAPMenuShellExt Class"

          \InProcServer32\(Default) = "C:\PROGRA~1\DAP\PRIVAC~1\DAPCTX~1.DLL" ["Speedbit Ltd."]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

 -> {HKLM...CLSID} = "WinRAR"

          \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"

 -> {HKLM...CLSID} = "WinZip"

          \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]


HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"

 -> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"

          \InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

 -> {HKLM...CLSID} = "WinRAR"

          \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"

 -> {HKLM...CLSID} = "WinZip"

          \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]Group Policies {GPedit.msc branch and setting}:

-----------------------------------------------


Note: detected settings may not have any effect.


HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\


"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Shutdown: Allow system to be shut down without having to log on}


"undockwithoutlogon" = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Devices: Allow undock without having to log on}Active Desktop and Wallpaper:

-----------------------------


Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState


Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

"Wallpaper" = "C:\WINDOWS\web\wallpaper\Idylla.bmp"


Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\WINDOWS\web\wallpaper\Idylla.bmp"Enabled Screen Saver:

---------------------


HKCU\Control Panel\Desktop\

"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]Startup items in "Administrator" & "All Users" startup folders:

---------------------------------------------------------------


C:\Documents and Settings\All Users\Menu Start\Programy\Autostart

"Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l" [MS]

"WinZip Quick Pick" -> shortcut to: "C:\Program Files\WinZip\WZQKPICK.EXE" ["WinZip Computing LP"]Winsock2 Service Provider DLLs:

-------------------------------


Namespace Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000004\LibraryPath = "%SystemRoot%\System32\nwprovau.dll" [MS]


Transport Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

C:\WINDOWS\system32\imon.dll ["Eset "], 01 - 05, 17

%SystemRoot%\system32\mswsock.dll [MS], 06 - 08, 11 - 16, 18

%SystemRoot%\system32\rsvpsp.dll [MS], 09 - 10Toolbars, Explorer Bars, Extensions:

------------------------------------


Extensions (Tools menu items, main toolbar menu buttons)


HKLM\Software\Microsoft\Internet Explorer\Extensions\

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\

"MenuText" = "Sun Java Console"

"CLSIDExtension" = "{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}"

 -> {HKCU...CLSID} = "Java Plug-in 1.6.0"

          \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0\bin\ssv.dll" [file not found]

 -> {HKLM...CLSID} = "Java Plug-in 1.6.0"

          \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll" ["Sun Microsystems, Inc."]Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------


NOD32 Kernel Service, NOD32krn, ""C:\Program Files\Eset\nod32krn.exe"" ["Eset "]

NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]

Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]Print Monitors:

---------------


HKLM\System\CurrentControlSet\Control\Print\Monitors\

hpzsnt08\Driver = "hpzsnt08.dll" ["HP"]----------

+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

 launch it from a command prompt or a shortcut with the -all parameter.

+ To search all directories of local fixed drives for DESKTOP.INI

 DLL launch points, use the -supp parameter or answer "No" at the

 first message box and "Yes" at the second message box.

---------- (total run time: 115 seconds, including 9 seconds for message boxes)

a pliku c:\raport nie moge znaleźć


(adam9870) #4

Korzystając z opcji backupów w hijacku przywróć prawidłowe wpisy, które skasowałeś:

Teraz czynności będziesz wykonywał w Gmerze więc uruchom go, poczekaj chwilkę, kliknij na zakładkę >>> w celu otworzenia pozostałych.

 • W zakładce Procesy wybierz Gmer awaryjny. Komputer się zrestartuje i zostanie samo okienko Gmer'a

 • W zakładce Procesy kliknij Pliki i usuń:

 • Zrestartuj komputer ręcznie przyciskiem na obudowie

Po wykonaniu wklej nowy log z Combo.


(Krzysztof217) #5

Mam nadzieje że wszystko zrobiłem jak trzeba

Pytanko jesteś czy mieszkasz w kleszczelach?

ComboScan v20070306.20 run by Administrator on 2007-03-25 at 12:37:09

Computer is in Normal Mode.

--------------------------------------------------------------------------------
-- HijackThis (run as Administrator.exe) ---------------------------------------


Logfile of HijackThis v1.99.1

Scan saved at 12:37:14, on 2007-03-25

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Eset\nod32kui.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Java\jre1.6.0\bin\jusched.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe

C:\Program Files\BitSpirit\BitSpirit.exe

D:\programy\Gadu-Gadu\gg.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Eset\nod32krn.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Administrator\Moje dokumenty\My Completed Downloads\comboscan.exe

E:\HIJACK~1\ADMINI~1.EXE


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/pl/

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.pctools.com/spyware-doctor/install/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe

O4 - HKLM\..\Run: [CBitSpirit] "C:\Program Files\BitSpirit\BitSpirit.exe" /start

O4 - HKCU\..\Run: [Gadu-Gadu] "D:\programy\Gadu-Gadu\gg.exe" /tray

O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm

O8 - Extra context menu item: Pobierz z &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (file missing)

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (file missing)

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe-- Files created between 2007-02-25 and 2007-03-25 -----------------------------


2007-03-25 08:54:01 38160 --a------ C:\WINDOWS\system32\LMRTREND.dll

2007-03-25 08:53:56 182032 --a------ C:\WINDOWS\system32\dxtmsft3.dll

2007-03-25 08:53:47 63488 --a------ C:\WINDOWS\system32\unam4ie.exe

2007-03-25 08:53:47 56320 -ra------ C:\WINDOWS\system32\Iyvu9_32.dll

2007-03-25 08:53:38 10240 --a------ C:\WINDOWS\system32\vidx16.dll

2007-03-25 08:53:38 194320 --a------ C:\WINDOWS\system32\qcut.dll

2007-03-25 08:53:36 4608 --a------ C:\WINDOWS\system32\w95inf32.dll

2007-03-25 08:53:36 2272 --a------ C:\WINDOWS\system32\w95inf16.dll

2007-03-24 19:19:02 938 --a------ C:\WINDOWS\gmer.reg

2007-03-24 18:45:56 80 --a------ C:\WINDOWS\gmer_uninstall.cmd

2007-03-23 21:48:13 0 d-a------ C:\Program Files\MyGlobalSearch

2007-03-23 21:26:32 0 d-------- C:\WINDOWS\wb

2007-03-23 21:20:27 0 d-------- C:\Program1

2007-03-22 19:44:24 0 d-------- C:\WINDOWS\ShellNew

2007-03-21 15:43:23 0 d-------- C:\Program Files\WinISO

2007-03-20 09:00:17 0 d-------- C:\Games

2007-03-19 17:40:07 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll

2007-03-19 11:56:16 122884 --a------ C:\WINDOWS\UnGins.exe

2007-03-18 19:41:17 0 d-------- C:\Program Files\Microsoft FrontPage

2007-03-18 18:34:44 112640 --a------ C:\WINDOWS\lsb_un20.exe

2007-03-13 08:27:43 188960 --a------ C:\WINDOWS\system32\WINGDE.DLL

2007-03-13 08:27:43 12800 --a------ C:\WINDOWS\system32\WING32.DLL

2007-03-13 08:27:43 92208 --a------ C:\WINDOWS\system32\WING.DLL

2007-03-13 08:27:43 188960 --a------ C:\WINDOWS\system\WINGDE.DLL

2007-03-13 08:27:43 12800 --a------ C:\WINDOWS\system\WING32.DLL

2007-03-13 08:27:43 92208 --a------ C:\WINDOWS\system\WING.DLL

2007-03-13 08:27:42 50016 --a------ C:\WINDOWS\system32\IYVU9.DLL

2007-03-13 08:27:42 151056 --a------ C:\WINDOWS\system32\IR32.DLL

2007-03-13 08:27:42 77664 --a------ C:\WINDOWS\system32\IR21.DLL

2007-03-13 08:27:42 7168 --a------ C:\WINDOWS\system32\DISPDIB.DLL

2007-03-13 08:27:42 14208 --a------ C:\WINDOWS\system32\CTL3D.DLL

2007-03-13 08:27:42 12800 --a------ C:\WINDOWS\system32\ACMCMPRS.DLL

2007-03-13 08:27:42 49616 --a------ C:\WINDOWS\system\MSACM.DLL

2007-03-13 08:27:42 50016 --a------ C:\WINDOWS\system\IYVU9.DLL

2007-03-13 08:27:42 151056 --a------ C:\WINDOWS\system\IR32.DLL

2007-03-13 08:27:42 77664 --a------ C:\WINDOWS\system\IR21.DLL

2007-03-13 08:27:42 7168 --a------ C:\WINDOWS\system\DISPDIB.DLL

2007-03-13 08:27:42 14208 --a------ C:\WINDOWS\system\CTL3D.DLL

2007-03-13 08:27:42 12800 --a------ C:\WINDOWS\system\ACMCMPRS.DLL

2007-03-13 08:27:33 0 d-------- C:\Program Files\Atlas świata

2007-03-12 09:16:36 0 d-------- C:\Program Files\GameSpy Arcade

2007-03-12 09:15:59 0 --a------ C:\WINDOWS\PowerReg.dat

2007-03-07 19:41:46 0 d-------- C:\Program Files\Fujifilm

2007-03-05 19:27:57 15104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys

2007-03-05 19:25:59 0 d-------- C:\Program Files\Canon

2007-03-05 19:21:46 0 d-------- C:\Program Files\ScanSoft

2007-03-05 19:21:46 0 d-------- C:\Program Files\Common Files\ScanSoft Shared

2007-03-05 19:18:43 212480 --a------ C:\WINDOWS\PCDLIB32.DLL

2007-03-05 19:18:43 0 d-------- C:\Program Files\ArcSoft

2007-03-05 19:16:58 57344 --a------ C:\WINDOWS\system32\CNQU111.DLL

2007-03-05 19:16:58 274432 --a------ C:\WINDOWS\system32\CNQL1212.dll

2007-03-05 19:16:58 0 d--h----- C:\CanoScan

2007-03-05 18:54:54 25856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys

2007-03-05 18:53:53 0 d-------- C:\Program Files\Hewlett-Packard

2007-03-04 18:28:26 0 d-------- C:\Program Files\MarBit

2007-03-04 10:00:10 2432 -----n--- C:\WINDOWS\system32\drivers\cdr4_xp.sys

2007-03-04 10:00:09 115880 -----n--- C:\WINDOWS\system32\pxinsi64.exe

2007-03-04 10:00:09 129784 -----n--- C:\WINDOWS\system32\pxafs.dll

2007-03-04 10:00:09 36528 -----n--- C:\WINDOWS\system32\drivers\PxHelp20.sys

2007-03-04 10:00:09 2560 -----n--- C:\WINDOWS\system32\drivers\cdralw2k.sys

2007-03-04 09:58:46 0 d-------- C:\WINDOWS\RegisteredPackages

2007-03-04 09:51:15 0 d-------- C:\Program Files\Winamp

2007-02-28 08:17:53 208896 --a------ C:\WINDOWS\system32\nvudisp.exe

2007-02-28 08:17:53 0 d-------- C:\WINDOWS\nview

2007-02-28 08:17:14 208896 --a------ C:\WINDOWS\system32\NVUNINST.EXE

2007-02-28 08:16:44 0 d-------- C:\NVIDIA

2007-02-27 22:06:05 0 d-------- C:\WINDOWS\Sun

2007-02-26 22:46:04 0 d-------- C:\Program Files\Driver Cleaner

2007-02-26 19:21:35 0 d-------- C:\Program Files\MozBackup-- Find3M Report ---------------------------------------------------------------


2007-03-25 08:51:24 355830 --a------ C:\WINDOWS\system32\perfh015.dat

2007-03-25 08:51:24 49712 --a------ C:\WINDOWS\system32\perfc015.dat

2007-03-24 20:56:46 0 d-------- C:\Program Files\Mozilla Firefox

2007-03-23 20:52:28 0 d-------- C:\Program Files\Mozilla Thunderbird

2007-03-20 21:36:08 0 d---s---- C:\Documents and Settings\Administrator\Dane aplikacji\Microsoft

2007-03-19 20:06:31 0 d--h----- C:\Program Files\InstallShield Installation Information

2007-03-18 19:39:20 0 d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Microsoft Web Folders

2007-03-13 20:57:21 0 d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Adobe

2007-03-05 20:00:31 0 d-------- C:\Program Files\FinePixViewer

2007-03-05 19:37:01 0 d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Canon

2007-03-05 19:22:40 0 d-------- C:\Documents and Settings\Administrator\Dane aplikacji\ScanSoft

2007-03-05 07:38:35 0 d-------- C:\Program Files\ffdshow

2007-03-03 19:22:37 0 d-------- C:\Program Files\Common Files\Adobe

2007-02-27 20:48:11 0 d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Help

2007-02-24 20:27:07 0 d-------- C:\Program Files\BitSpirit

2007-02-24 16:51:41 0 d-------- C:\Program Files\jv16 PowerTools 2006

2007-02-24 16:50:52 0 d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Lavasoft

2007-02-24 16:50:40 0 d-------- C:\Program Files\Lavasoft

2007-02-24 16:50:26 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard

2007-02-21 16:31:09 0 d-------- C:\Documents and Settings\Administrator\Dane aplikacji\AdobeUM

2007-02-19 20:34:03 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared

2007-02-18 20:28:31 0 d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Media Player Classic

2007-02-18 20:24:33 0 d-------- C:\Program Files\QuickTime Alternative

2007-02-18 20:24:17 0 d-------- C:\Program Files\Media Player Classic

2007-02-18 16:56:10 0 d-------- C:\Program Files\DAP

2007-02-18 16:52:17 50688 --a------ C:\WINDOWS\system32\wbhelp2.dll

2007-02-18 14:09:07 0 d-------- C:\Program Files\Java

2007-02-18 14:09:07 0 d-------- C:\Program Files\Common Files\Java

2007-02-18 14:07:30 0 d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Sun

2007-02-18 14:03:53 0 d-------- C:\Program Files\Common Files\GTK

2007-02-18 12:34:58 0 d-------- C:\Documents and Settings\Administrator\Dane aplikacji\FUJIFILM

2007-02-18 12:19:55 0 d-------- C:\Program Files\PIXELA

2007-02-18 12:19:31 0 d-------- C:\Program Files\Common Files\InstallShield

2007-02-18 12:17:26 0 d-------- C:\Program Files\REGSHAVE

2007-02-17 09:02:45 0 d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Ahead

2007-02-16 22:59:43 0 d-------- C:\Program Files\Common Files\Ahead

2007-02-16 22:58:32 0 d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Macromedia

2007-02-16 22:58:02 4100 --a------ C:\WINDOWS\mozver.dat

2007-02-16 22:54:30 0 d-------- C:\Program Files\Nero

2007-02-16 20:48:40 0 d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Talkback

2007-02-16 20:48:34 0 d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla

2007-02-16 20:48:31 0 d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Thunderbird

2007-02-16 20:29:20 0 --a------ C:\WINDOWS\nsreg.dat

2007-02-16 19:55:10 0 d-------- C:\Program Files\Common Files\ODBC

2007-02-16 19:55:03 0 d-------- C:\Program Files\Common Files\SpeechEngines

2007-02-16 19:54:08 62 --ahs---- C:\Documents and Settings\Administrator\Dane aplikacji\desktop.ini

2007-02-16 19:43:24 0 d-------- C:\Program Files\Sunbelt Software

2007-02-16 19:36:29 274432 --a------ C:\WINDOWS\system32\imon.dll

2007-02-16 19:12:18 0 d-------- C:\Documents and Settings\Administrator\Dane aplikacji\PC Tools

2007-02-16 19:08:49 0 d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Identities

2007-02-16 19:06:30 0 -rahs---- C:\MSDOS.SYS

2007-02-16 19:06:30 0 -rahs---- C:\IO.SYS

2007-02-16 19:06:30 0 --a------ C:\CONFIG.SYS

2007-02-16 19:06:30 0 --a------ C:\AUTOEXEC.BAT

2007-02-16 19:04:37 0 d--h----- C:\Program Files\WindowsUpdate

2007-02-16 19:04:32 0 d-------- C:\Program Files\Usługi online

2007-02-16 19:03:47 0 d-------- C:\Program Files\Common Files\MSSoap

2007-02-16 19:02:33 21856 --a------ C:\WINDOWS\system32\emptyregdb.dat

2007-02-07 23:14:38 10752 --a------ C:\WINDOWS\system32\ff_vfw.dll

2007-01-29 10:58:06 60416 -----n--- C:\WINDOWS\system32\tzchange.exe-- Registry Dump ---------------------------------------------------------------[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]

"Gadu-Gadu"="\"D:\\programy\\Gadu-Gadu\\gg.exe\" /tray"

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]

"nod32kui"="\"C:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE"

"SoundMan"="SOUNDMAN.EXE"

"REGSHAVE"="C:\\Program Files\\REGSHAVE\\REGSHAVE.EXE /AUTORUN"

"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0\\bin\\jusched.exe\""

"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"

"nwiz"="nwiz.exe /install"

"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"

"HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb08.exe"

"CBitSpirit"="\"C:\\Program Files\\BitSpirit\\BitSpirit.exe\" /start"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]

"Installed"="1"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]

"NoChange"="1"

"Installed"="1"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]

"Installed"="1"


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^Menu Start^Programy^Autostart^Adobe Gamma.lnk]

"path"="C:\\Documents and Settings\\Administrator\\Menu Start\\Programy\\Autostart\\Adobe Gamma.lnk"

"backup"="C:\\WINDOWS\\pss\\Adobe Gamma.lnkStartup"

"location"="Startup"

"command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "

"item"="Adobe Gamma"


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]

"path"="C:\\Documents and Settings\\All Users\\Menu Start\\Programy\\Autostart\\Adobe Reader Speed Launch.lnk"

"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"

"location"="Common Startup"

"command"="D:\\programy\\adobe\\Reader\\READER~1.EXE "

"item"="Adobe Reader Speed Launch"


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Exif Launcher.lnk]

"path"="C:\\Documents and Settings\\All Users\\Menu Start\\Programy\\Autostart\\Exif Launcher.lnk"

"backup"="C:\\WINDOWS\\pss\\Exif Launcher.lnkCommon Startup"

"location"="Common Startup"

"command"="C:\\PROGRA~1\\FINEPI~1\\QuickDCF.exe "

"item"="Exif Launcher"


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="DAP"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\DAP\\DAP.EXE\" /STARTUP"

"inimapping"="0"


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="gg"

"hkey"="HKCU"

"command"="\"D:\\programy\\Gadu-Gadu\\gg.exe\" /tray"

"inimapping"="0"


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="HPWuSchd"

"hkey"="HKLM"

"command"="C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWuSchd.exe"

"inimapping"="0"


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="NeroCheck"

"hkey"="HKLM"

"command"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"

"inimapping"="0"


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OPSE reminder]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="ereg"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\ScanSoft\\OmniPageSE2.0\\EregEng\\Ereg.exe\" -r \"C:\\Program Files\\ScanSoft\\OmniPageSE2.0\\EregEng\\ereg.ini\""

"inimapping"="0"


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="OpwareSE2"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\ScanSoft\\OmniPageSE2.0\\OpwareSE2.exe\""

"inimapping"="0"


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="winampa"

"hkey"="HKLM"

"command"="d:\\Programy\\Winamp\\winampa.exe"

"inimapping"="0"


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"UPS"=dword:00000003[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{4D7C8A39-430F-4091-B9BF-3173DFA06DA0}"=""


[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"


[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]

"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"


[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]

HTTPFilter	REG_MULTI_SZ HTTPFilter\0\0

LocalService	REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0

NetworkService	REG_MULTI_SZ DnsCache\0\0

DcomLaunch	REG_MULTI_SZ DcomLaunch\0TermService\0\0

rpcss	REG_MULTI_SZ RpcSs\0\0

imgsvc	REG_MULTI_SZ StiSvc\0\0

termsvcs	REG_MULTI_SZ TermService\0\0
-- End of ComboScan: finished at 2007-03-25 at 12:38:29 ------------------------

(adam9870) #6

Usuń folder ręcznie będąc w trybie awaryjnym.

Przeskanuj http://www.ewido.net/en/

Proponuję przeczyścić rejestr ponieważ masz kilka pustych kluczy, opis.