Zboczone reklamy, log z hijackthis

mateuszek · 23 Grudzień 2007 22:49

wyskakuja mi zboczone reklamy, strony otwieraja sie bardzo wolno (mimo predkosci lacza 1,5 mega), czasem mozilla calkiem mi sie zawiesza. wklejam loga z hijachthis:

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:38:12, on 2007-12-23 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\Program Files\CA\eTrust Antivirus\InoRpc.exe C:\Program Files\CA\eTrust Antivirus\InoRT.exe C:\Program Files\CA\eTrust Antivirus\InoTask.exe C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Raxco\PerfectDisk\PDAgent.exe C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE C:\WINDOWS\system32\bbutameu.exe C:\PROGRA~1\CA\ETRUST~1\realmon.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\DAP\DAP.EXE C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\eMule\emule.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\System32\svchost.exe C:\Documents and Settings\Mateusz\Dane aplikacji\SopCast\adv\SopAdver.exe C:\WINDOWS\system32\winlogon.exe C:\PROGRA~1\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL F2 - REG:system.ini: Shell= O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.0.25\ShoppingReport.dll O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll O2 - BHO: speed-bit Toolbar - {2ba521ac-b9b9-4433-ba45-dba2f02cba5a} - C:\Program Files\speed-bit\tbspe0.dll O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - C:\Program Files\securedie\tbsec0.dll O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - C:\Program Files\securedie\tbsec0.dll O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL O3 - Toolbar: speed-bit Toolbar - {2ba521ac-b9b9-4433-ba45-dba2f02cba5a} - C:\Program Files\speed-bit\tbspe0.dll O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe O4 - HKLM…\Run: [Camera Detector] C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE -autorun O4 - HKLM…\Run: [bbutameu] C:\WINDOWS\system32\bbutameu.exe O4 - HKLM…\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s O4 - HKLM…\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe” O4 - HKLM…\Run: [DownloadAccelerator] “C:\Program Files\DAP\DAP.EXE” /STARTUP O4 - HKLM…\Run: [speedBitVideoAccelerator] “C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe” O4 - HKLM…\Run: [securDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [AQ3HelperStartUp] C:\PROGRA~1\AQUATI~1\AQ3HEL~1.EXE /partner AQ3 O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [WinMode] C:\DOCUME~1\Mateusz\DANEAP~1\DELETE~1\bike play.exe O4 - HKCU…\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU…\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart O4 - HKUS\S-1-5-19…\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe (User ‘USŁUGA LOKALNA’) O4 - HKUS\S-1-5-20…\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe (User ‘USŁUGA SIECIOWA’) O4 - HKUS\S-1-5-21-861567501-842925246-1343024091-1007…\Run: [Dzieńdobry!] C:\Program Files\VSD Software\Dzieńdobry!\dziendobry.exe /auto (User ‘Michał’) O4 - HKUS\S-1-5-21-861567501-842925246-1343024091-1007…\Run: [WinMode] C:\DOCUME~1\MICHA~1\DANEAP~1\DELETE~1\bike play.exe (User ‘Michał’) O4 - HKUS\S-1-5-21-861567501-842925246-1343024091-1007…\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe” (User ‘Michał’) O4 - HKUS\S-1-5-21-861567501-842925246-1343024091-1007…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized (User ‘Michał’) O4 - HKUS\S-1-5-21-861567501-842925246-1343024091-1007…\Run: [Orb] “C:\Program Files\Winamp Remote\bin\OrbTray.exe” /background (User ‘Michał’) O4 - HKUS\S-1-5-21-861567501-842925246-1343024091-1007…\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart (User ‘Michał’) O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm O8 - Extra context menu item: &Szukaj w NetSprint.pl - res://C:\Program Files\IEToolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.0.25\ShoppingReport.dll O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.0.25\ShoppingReport.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra ‘Tools’ menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: komentator - http://sport.onet.pl/komentator.cab O16 - DPF: {37A49D66-2735-4BB9-8503-82BA5E2333D0} (MailCfg Control) - http://poczta.wp.pl/autoryzacja/mailcfg.ocx O16 - DPF: {5F874A6F-8B34-433D-BA4B-47AC91C0567F} (MailCfg Control) - https://poczta.wp.pl/autoryzacja/mailcfg2.ocx O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v … 5403872799 O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://217.113.232.40/activex/AxisCamControl.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan … asinst.cab O16 - DPF: {B94B4225-E02E-4D3F-BADB-026F1E2F3AD7} (HttpDownloader Control) - O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/pl/billard8_2_0_0_24.cab O17 - HKLM\System\CCS\Services\Tcpip…{6280CEA1-410C-4272-9691-39648A3274BC}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe O23 - Service: VideoAcceleratorEngine - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe O24 - Desktop Component AutorunsDisabled: (no name) - (no file) – End of file - 12584 bytes

z gory dzieki za pomoc pozdrawiam

5uck · 23 Grudzień 2007 23:18

wez przeskanuj i wyczysc kompa AdAware i SS&D bo troche syfu masz w tym logu

Gutek · 23 Grudzień 2007 23:19

Użyj SmitFraudFix wybierz opcji nr 2 , oczywiście w trybie awaryjnym i po tym - Daj log z ComboFix

mateuszek · 24 Grudzień 2007 00:17

AdAware i SS&D skanowalem dziesiatki razy i nic nie pomaga zapomnialem jeszcze dodac ze system dosc dlugo sie otwiera. I jeszcze pytanko: mam eTrust Antivirus ale nie jestem do niego przekonany, co uwazacie o tym programie?

ComboFix 07-12-21.4 - Mateusz 2007-12-24 1:05:25.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.76 [GMT 1:00] Running from: C:\Documents and Settings\Mateusz\Pulpit\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\GINA\Dane aplikacji\ShoppingReport C:\Documents and Settings\GINA\Dane aplikacji\ShoppingReport\cs\Config.xml C:\Documents and Settings\GINA\Dane aplikacji\ShoppingReport\cs\dwld\WhiteList.xip C:\Documents and Settings\GINA\Dane aplikacji\ShoppingReport\cs\report\aggr_storage.xml C:\Documents and Settings\GINA\Dane aplikacji\ShoppingReport\cs\report\send_storage.xml C:\Documents and Settings\GINA\Dane aplikacji\ShoppingReport\cs\res1\WhiteList.dbs C:\Documents and Settings\Mariusz\Dane aplikacji\macromedia\Flash Player#SharedObjects\5RYJFPYP\www.broadcaster.com C:\Documents and Settings\Mariusz\Dane aplikacji\macromedia\Flash Player#SharedObjects\5RYJFPYP\www.broadcaster.com\played_list.sol C:\Documents and Settings\Mariusz\Dane aplikacji\macromedia\Flash Player#SharedObjects\5RYJFPYP\www.broadcaster.com\video_queue.sol C:\Documents and Settings\Mariusz\Dane aplikacji\macromedia\Flash Player\macromedia.com\support\flashplayer\sys#www.broadcaster.com C:\Documents and Settings\Mariusz\Dane aplikacji\macromedia\Flash Player\macromedia.com\support\flashplayer\sys#www.broadcaster.com\settings.sol C:\Documents and Settings\Mariusz\Dane aplikacji\ShoppingReport C:\Documents and Settings\Mariusz\Dane aplikacji\ShoppingReport\cs\Config.xml C:\Documents and Settings\Mariusz\Dane aplikacji\ShoppingReport\cs\db\Aliases.dbs C:\Documents and Settings\Mariusz\Dane aplikacji\ShoppingReport\cs\db\Sites.dbs C:\Documents and Settings\Mariusz\Dane aplikacji\ShoppingReport\cs\dwld\WhiteList.xip C:\Documents and Settings\Mariusz\Dane aplikacji\ShoppingReport\cs\report\aggr_storage.xml C:\Documents and Settings\Mariusz\Dane aplikacji\ShoppingReport\cs\report\send_storage.xml C:\Documents and Settings\Mariusz\Dane aplikacji\ShoppingReport\cs\res1\WhiteList.dbs C:\Documents and Settings\Mateusz\Dane aplikacji\ShoppingReport C:\Documents and Settings\Mateusz\Dane aplikacji\ShoppingReport\cs\Config.xml C:\Documents and Settings\Mateusz\Dane aplikacji\ShoppingReport\cs\db\Aliases.dbs C:\Documents and Settings\Mateusz\Dane aplikacji\ShoppingReport\cs\db\Sites.dbs C:\Documents and Settings\Mateusz\Dane aplikacji\ShoppingReport\cs\dwld\WhiteList.xip C:\Documents and Settings\Mateusz\Dane aplikacji\ShoppingReport\cs\report\aggr_storage.xml C:\Documents and Settings\Mateusz\Dane aplikacji\ShoppingReport\cs\report\send_storage.xml C:\Documents and Settings\Mateusz\Dane aplikacji\ShoppingReport\cs\res1\WhiteList.dbs C:\Documents and Settings\Michał\Dane aplikacji\ShoppingReport C:\Documents and Settings\Michał\Dane aplikacji\ShoppingReport\cs\Config.xml C:\Documents and Settings\Michał\Dane aplikacji\ShoppingReport\cs\db\Aliases.dbs C:\Documents and Settings\Michał\Dane aplikacji\ShoppingReport\cs\db\Sites.dbs C:\Documents and Settings\Michał\Dane aplikacji\ShoppingReport\cs\dwld\WhiteList.xip C:\Documents and Settings\Michał\Dane aplikacji\ShoppingReport\cs\report\aggr_storage.xml C:\Documents and Settings\Michał\Dane aplikacji\ShoppingReport\cs\report\send_storage.xml C:\Documents and Settings\Michał\Dane aplikacji\ShoppingReport\cs\res1\WhiteList.dbs C:\Program Files\ShoppingReport C:\Program Files\ShoppingReport\Bin\2.0.25\ShoppingReport.dll C:\Program Files\ShoppingReport\Uninst.exe C:\WINDOWS\system32\system C:\WINDOWS\system32\system\msxml4.dll C:\WINDOWS\system32\system\msxml4r.dll C:\WINDOWS\system32\uninstall.exe . ((((((((((((((((((((((((( Files Created from 2007-11-24 to 2007-12-24 ))))))))))))))))))))))))))))))) . 2007-12-24 00:51 . 2004-09-16 15:29 2007-12-24 00:51 . 2004-09-16 15:29 2007-12-24 00:51 . 2004-09-16 14:39 2007-12-24 00:51 . 2004-09-16 15:29 2007-12-24 00:51 . 2004-09-16 15:29 2007-12-24 00:51 . 2004-09-16 15:29 2007-12-24 00:51 . 2004-09-16 15:29 2007-12-24 00:40 . 2007-12-24 00:53 3,162 --a------ C:\WINDOWS\system32\tmp.reg 2007-12-23 23:37 . 2007-12-23 23:37 2007-12-23 00:41 . 2007-12-23 00:41 2007-12-22 23:50 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS 2007-12-22 23:33 . 2007-12-23 17:59 2007-12-22 23:33 . 2007-12-23 15:59 30,590 --a------ C:\WINDOWS\system32\pavas.ico 2007-12-22 23:33 . 2007-12-23 15:59 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico 2007-12-22 23:33 . 2007-12-23 15:59 1,406 --a------ C:\WINDOWS\system32\Help.ico 2007-12-21 23:49 . 2007-12-21 23:49 2007-12-21 15:47 . 2007-12-21 15:47 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2007-12-21 15:47 . 2007-12-21 15:47 1,409 --a------ C:\WINDOWS\QTFont.for 2007-12-19 21:23 . 2007-12-19 21:23 2007-12-19 21:23 . 2007-12-19 21:23 2007-12-19 21:17 . 2007-12-20 09:25 2007-12-16 19:20 . 2007-12-17 14:39 2007-12-13 16:36 . 2007-12-13 16:36 2007-12-10 17:22 . 2007-12-10 17:22 2007-12-05 14:09 . 2007-12-23 17:42 2007-12-05 14:09 . 2007-12-05 14:09 2007-12-05 14:09 . 2007-12-05 14:14 2007-12-05 14:08 . 2007-12-23 21:05 2007-12-05 14:06 . 2007-03-08 00:51 129,784 --------- C:\WINDOWS\system32\pxafs.dll 2007-12-02 20:41 . 2007-12-24 00:05 2007-12-02 18:37 . 2007-12-02 18:37 2007-11-29 18:38 . 2007-11-29 18:38 2007-11-29 16:24 . 2007-12-22 12:56 2007-11-29 14:05 . 2007-12-08 14:36 2007-11-29 14:05 . 2007-11-29 14:05 32 --a------ C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat 2007-11-29 13:59 . 2007-11-29 13:59 2007-11-24 14:35 . 2007-11-24 14:35 81,528 --a------ C:\info.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-24 00:01 --------- d-----w C:\Program Files\eMule 2007-12-23 23:59 --------- d—a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP 2007-12-23 23:04 --------- d-----w C:\Documents and Settings\Michał\Dane aplikacji\Skype 2007-12-23 21:18 --------- d-----w C:\Program Files\Kazaa 2007-12-23 21:03 --------- d-----w C:\Documents and Settings\Michał\Dane aplikacji\MEGAUPLOADTOOLBAR 2007-12-23 16:29 --------- d-----w C:\Program Files\SpeedBit Video Accelerator 2007-12-23 16:29 --------- d-----w C:\Program Files\speed-bit 2007-12-23 16:29 --------- d-----w C:\Program Files\SopCast 2007-12-23 16:27 --------- d-----w C:\Program Files\securedie 2007-12-23 16:21 --------- d-----w C:\Program Files\MegauploadToolbar 2007-12-23 16:14 --------- d-----w C:\Program Files\Google 2007-12-23 16:14 --------- d-----w C:\Program Files\Gadu-Gadu 2007-12-23 16:13 --------- d-----w C:\Program Files\FolderSizes 2007-12-23 16:13 --------- d-----w C:\Program Files\ffdshow 2007-12-23 16:09 --------- d-----w C:\Program Files\DAP 2007-12-23 15:07 --------- d-----w C:\Program Files\TVAnts 2007-12-23 15:02 --------- d-----w C:\Documents and Settings\Mateusz\Dane aplikacji\MegauploadToolbar 2007-12-23 13:53 --------- d—a-w C:\Documents and Settings\Mateusz\Dane aplikacji\SopCast 2007-12-23 11:44 --------- d-----w C:\Documents and Settings\Michał\Dane aplikacji\delete bold mess 2007-12-23 11:39 --------- d-----w C:\Documents and Settings\Mateusz\Dane aplikacji\delete bold mess 2007-12-23 11:28 --------- d-----w C:\Documents and Settings\Mariusz\Dane aplikacji\delete bold mess 2007-12-23 09:07 --------- d-----w C:\Program Files\Windows SyncroAd 2007-12-22 23:41 --------- d-----w C:\Program Files\Lavasoft 2007-12-22 23:40 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2007-12-22 12:00 --------- d-----w C:\Documents and Settings\Mateusz\Dane aplikacji\Skype 2007-12-21 09:43 --------- d-----w C:\Documents and Settings\Mariusz\Dane aplikacji\MEGAUPLOADTOOLBAR 2007-12-20 17:07 --------- d-----w C:\Program Files\Weather Watcher 2007-12-10 16:23 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\That size part chin 2007-12-08 13:49 --------- d-----w C:\Documents and Settings\Mariusz\Dane aplikacji\Skype 2007-12-07 17:25 --------- d-----w C:\Program Files\GemsNet 2007-12-05 13:09 --------- d-----w C:\Program Files\Winamp 2007-12-03 22:25 --------- d-----w C:\Program Files\English Translator 3 2007-11-29 12:59 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Skype 2007-11-23 13:26 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\DVD Shrink 2007-11-21 10:13 --------- d-----w C:\Documents and Settings\GINA\Dane aplikacji\MEGAUPLOADTOOLBAR 2007-11-20 20:04 --------- d-----w C:\Program Files\eurobarre 2007-11-20 09:44 --------- d-----w C:\Program Files\AskSBar 2007-11-15 16:03 --------- d-----w C:\Program Files\X-Trader 4 XTB PLN 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-11-11 17:48 --------- d-----w C:\Program Files\DVD Shrink 2007-11-11 17:46 --------- d-----w C:\Program Files\VirtualDubMod1 2007-11-11 17:43 --------- d-----w C:\Program Files\VirtualDubMod 2007-11-06 09:43 --------- d-----w C:\Program Files\SS Demo 2007-11-05 13:43 --------- d-----w C:\Program Files\NoAdware5.0 2007-10-29 22:44 1,291,264 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-29 12:22 --------- d-----w C:\Program Files\DeadLine 2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll 2007-10-20 13:04 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2007-10-18 22:41 43,698 ----a-w C:\WINDOWS\system32\xvid-uninstall.exe 2007-05-06 11:52 536 -c–a-w C:\Program Files\INSTALL.LOG 2007-03-19 18:13 6,422,611 ----a-w C:\Program Files\frostwire-4.13.1.6.windows.exe 2007-01-30 16:07 87,608 ----a-w C:\Documents and Settings\Mateusz\Dane aplikacji\ezpinst.exe 2007-01-30 16:07 47,360 ----a-w C:\Documents and Settings\Mateusz\Dane aplikacji\pcouffin.sys 2005-11-20 13:31 2,171,136 ----a-w C:\Program Files\WW561SETUP.EXE 1997-05-29 17:43 1,442 -c–a-r C:\Program Files\convert.bat 1997-05-29 17:25 55,296 -c–a-r C:\Program Files\oljrnl.fae 1997-05-29 17:25 50,176 -c–a-r C:\Program Files\olmail.fae 1997-05-29 17:25 39,424 -c–a-r C:\Program Files\olnote.fae 1997-05-29 17:17 74,752 -c–a-r C:\Program Files\sidekick.sam 1997-05-29 17:17 64,512 -c–a-r C:\Program Files\act.sam 1997-05-29 17:17 54,272 -c–a-r C:\Program Files\ecco.sam 2005-05-04 17:34 56 --sha-r C:\WINDOWS\system32\9D918E7724.sys 2005-05-04 17:34 10,856 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE~\Browser Helper Objects{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}] 2007-11-20 10:44 66912 --a------ C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL [HKEY_LOCAL_MACHINE~\Browser Helper Objects{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}] 2007-10-04 21:06 1135968 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll [HKEY_LOCAL_MACHINE~\Browser Helper Objects{2ba521ac-b9b9-4433-ba45-dba2f02cba5a}] 2007-12-07 13:19 1502232 --a------ C:\Program Files\speed-bit\tbspe0.dll [HKEY_LOCAL_MACHINE~\Browser Helper Objects{cd36797a-70f3-4acd-8825-623d3b896881}] 2007-11-13 13:36 1502232 --a------ C:\Program Files\securedie\tbsec0.dll [HKEY_LOCAL_MACHINE~\Browser Helper Objects{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}] 2007-11-20 10:44 262144 --a------ C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} {2318C2B1-4965-11D4-9B18-009027A5CD4F} {CD36797A-70F3-4ACD-8825-623D3B896881} {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} {2BA521AC-B9B9-4433-BA45-DBA2F02CBA5A} {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} [HKEY_CLASSES_ROOT\clsid{cd36797a-70f3-4acd-8825-623d3b896881}] [HKEY_CLASSES_ROOT\clsid{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}] [HKEY_CLASSES_ROOT\clsid{2ba521ac-b9b9-4433-ba45-dba2f02cba5a}] [HKEY_CLASSES_ROOT\clsid{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1] [HKEY_CLASSES_ROOT\TypeLib{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] “{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}”= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 21:06 1135968] “{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}”= C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [2007-11-20 10:44 262144] [HKEY_CLASSES_ROOT\clsid{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1] [HKEY_CLASSES_ROOT\TypeLib{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand] [HKEY_CLASSES_ROOT\clsid{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-05-10 15:36] “WinMode”=“C:\DOCUME~1\Mateusz\DANEAP~1\DELETE~1\bike play.exe” [2007-12-10 04:05] “SpybotSD TeaTimer”=“C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe” [2007-08-31 15:46] “eMuleAutoStart”=“C:\Program Files\eMule\emule.exe” [2007-05-13 15:57] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “NvCplDaemon”=“RUNDLL32.exe” [2004-08-03 23:44 C:\WINDOWS\system32\rundll32.exe] “NvMediaCenter”=“RUNDLL32.exe” [2004-08-03 23:44 C:\WINDOWS\system32\rundll32.exe] “HPDJ Taskbar Utility”=“C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe” [2002-04-29 20:49] “Camera Detector”=“C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.exe” [2003-06-17 14:43] “bbutameu”=“C:\WINDOWS\system32\bbutameu.exe” [2007-04-26 15:06] “Realtime Monitor”=“C:\PROGRA~1\CA\ETRUST~1\realmon.exe” [2003-02-13 09:25] “TkBellExe”=“C:\Program Files\Common Files\Real\Update_OB\realsched.exe” [2004-11-09 22:45] “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe” [2007-07-12 03:00] “DownloadAccelerator”=“C:\Program Files\DAP\DAP.exe” [2007-11-22 11:34] “SpeedBitVideoAccelerator”=“C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe” [2007-11-20 10:44] “SecurDisc”=“C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe” [2007-02-12 11:23] “nwiz”=“nwiz.exe” [2004-07-15 10:42 C:\WINDOWS\system32\nwiz.exe] “AQ3HelperStartUp”=“C:\PROGRA~1\AQUATI~1\AQ3HEL~1.exe” [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk] backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Mariusz^Menu Start^Programy^Autostart^Picture Motion Browser Media Check Tool.lnk] backup=C:\WINDOWS\pss\Picture Motion Browser Media Check Tool.lnkStartup C:\Program Files\Gadu-Gadu\gg.exe /tray [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer] Mixer.exe /startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dzieńdobry!] C:\Program Files\VSD Software\Dzieńdobry!\dziendobry.exe /auto [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD] 2007-02-12 11:19 1050112 --a------ C:\Program Files\Nero\Nero 7\InCD\InCD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2006-01-12 14:40 155648 --a------ C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\part chin math idol] 2007-12-24 00:00 628224 --a------ C:\Documents and Settings\All Users\Dane aplikacji\That size part chin\second comp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector] 2007-10-23 22:18 443968 --a------ C:\Program Files\Picasa2\PicasaMediaDetector.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\qttask.exe -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] C:\Program Files\Skype\Phone\Skype.exe /nosplash /minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe /startoptions [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2007-06-14 21:36 68856 --a------ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Registry Repair Pro] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinMode] 2007-12-10 04:05 450048 --a------ C:\DOCUME~1\Mariusz\DANEAP~1\DELETE~1\bike play.exe R0 AFPAnsi;G-DATA Ukrywacz Ansi;C:\WINDOWS\system32\Drivers\AFPAnsi.sys [2002-10-09 13:53] R0 FO_PAnt;FotoOffice VirtualDisc Driver;C:\WINDOWS\system32\Drivers\FO_PAnt.sys [2003-07-17 12:56] R2 LogWatch;Event Log Watch;“C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe” [2002-09-19 20:29] R2 sbbotdi;sbbotdi;C:\PROGRA~1\SPEEDB~1\sbbotdi.sys [2007-11-20 10:44] S2 VideoAcceleratorService;VideoAcceleratorService;C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm [] S3 CA_LIC_CLNT;CA License Client;“C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe” [2002-09-19 20:27] S3 CA_LIC_SRVR;CA License Server;“C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe” [2002-09-19 20:41] S3 SDTHOOK;SDTHOOK;C:\WINDOWS\system32\DRIVERS\SDTHOOK.sys [2007-06-05 10:56] S3 StMp3Rec;Player Recovery Device Control Driver;C:\WINDOWS\system32\Drivers\StMp3Rec.sys [2005-08-16 10:23] *Newly Created Service* - CATCHME *Newly Created Service* - PROCEXP90 . Contents of the ‘Scheduled Tasks’ folder “2007-12-24 00:00:00 C:\WINDOWS\Tasks\A2D1C357918A790F.job” - c:\docume~1\mariusz\daneap~1\delete~1\Four Ante Peak.exe “2007-12-24 00:00:00 C:\WINDOWS\Tasks\AA1D286C918ADE94.job” - c:\docume~1\micha~1\daneap~1\delete~1\Four Ante Peak.exe “2007-12-17 16:19:11 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job” - C:\Program Files\Apple Software Update\SoftwareUpdate.exe “2007-12-24 00:00:07 C:\WINDOWS\Tasks\B9F7C0839310702B.job” - c:\docume~1\mateusz\daneap~1\delete~1\Four Ante Peak.exe . ************************************************************************** catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-24 01:12:59 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-12-24 1:14:20 . 2007-12-21 06:07:29 — E O F —

Gutek · 25 Grudzień 2007 23:37

Wklej do Notatnika:

File::

C:\WINDOWS\system32\bbutameu.exe

C:\DOCUME~1\Mariusz\DANEAP~1\DELETE~1\bike play.exe

C:\WINDOWS\Tasks\A2D1C357918A790F.job

C:\WINDOWS\Tasks\AA1D286C918ADE94.job

C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

C:\WINDOWS\Tasks\B9F7C0839310702B.job


Folder::

C:\Program Files\AskSBar

C:\PROGRA~1\AQUATI~1

C:\Program Files\delete bold mess

C:\Documents and Settings\Mariusz\Dane aplikacji\delete bold mess

C:\Documents and Settings\All Users\Dane aplikacji\That size part chin


Registry::

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"=-

[-HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"=-

[-HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"bbutameu"=-

"AQ3HelperStartUp"=-

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinMode]

>>Plik>>Zapisz jako… >>> CFScript (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe )

Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe (czyli ikonkę CFScript.txt na ikonkę ComboFix.exe )

– podobnie jak na tym obrazku –>

(jeśli pojawi się pytanie " 1 or 2" - to wpisz 1 i naciśnij ENTER) Ma się rozpocząć usuwanie. (i powstanie log)

Po restarcie usuń ręcznie folder C: ** Qoobox**.

Po tym nowy log z Combo

mateuszek · 26 Grudzień 2007 11:58

ComboFix 07-12-21.4 - Mateusz 2007-12-26 12:50:23.4 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.185 [GMT 1:00] Running from: C:\Documents and Settings\Mateusz\Pulpit\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2007-11-26 to 2007-12-26 ))))))))))))))))))))))))))))))) . 2007-12-24 00:51 . 2007-12-26 12:35 2007-12-24 00:51 . 2004-09-16 15:29 2007-12-24 00:51 . 2004-09-16 14:39 2007-12-24 00:51 . 2004-09-16 15:29 2007-12-24 00:51 . 2004-09-16 15:29 2007-12-24 00:51 . 2004-09-16 15:29 2007-12-24 00:51 . 2004-09-16 15:29 2007-12-24 00:40 . 2007-12-24 00:53 3,162 --a------ C:\WINDOWS\system32\tmp.reg 2007-12-23 23:37 . 2007-12-23 23:37 2007-12-23 00:41 . 2007-12-23 00:41 2007-12-22 23:50 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS 2007-12-22 23:33 . 2007-12-24 03:12 2007-12-22 23:33 . 2007-12-24 02:02 30,590 --a------ C:\WINDOWS\system32\pavas.ico 2007-12-22 23:33 . 2007-12-24 02:02 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico 2007-12-22 23:33 . 2007-12-24 02:02 1,406 --a------ C:\WINDOWS\system32\Help.ico 2007-12-21 23:49 . 2007-12-21 23:49 2007-12-21 15:47 . 2007-12-25 22:54 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2007-12-21 15:47 . 2007-12-21 15:47 1,409 --a------ C:\WINDOWS\QTFont.for 2007-12-19 21:23 . 2007-12-19 21:23 2007-12-19 21:23 . 2007-12-19 21:23 2007-12-19 21:17 . 2007-12-20 09:25 2007-12-16 19:20 . 2007-12-17 14:39 2007-12-13 16:36 . 2007-12-13 16:36 2007-12-05 14:09 . 2007-12-24 02:57 2007-12-05 14:09 . 2007-12-05 14:09 2007-12-05 14:09 . 2007-12-05 14:14 2007-12-05 14:08 . 2007-12-26 10:52 2007-12-05 14:06 . 2007-03-08 00:51 129,784 --------- C:\WINDOWS\system32\pxafs.dll 2007-12-02 20:41 . 2007-12-26 10:53 2007-12-02 18:37 . 2007-12-02 18:37 2007-11-29 18:38 . 2007-11-29 18:38 2007-11-29 16:24 . 2007-12-22 12:56 2007-11-29 14:05 . 2007-12-08 14:36 2007-11-29 14:05 . 2007-11-29 14:05 32 --a------ C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat 2007-11-29 13:59 . 2007-11-29 13:59 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-26 11:50 --------- d-----w C:\Program Files\eMule 2007-12-26 11:48 --------- d—a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP 2007-12-26 11:25 --------- d-----w C:\Documents and Settings\Michał\Dane aplikacji\Skype 2007-12-26 10:40 --------- d-----w C:\Documents and Settings\Michał\Dane aplikacji\MEGAUPLOADTOOLBAR 2007-12-24 13:52 --------- d-----w C:\Program Files\Weather Watcher 2007-12-24 01:46 --------- d-----w C:\Program Files\SpeedBit Video Accelerator 2007-12-24 01:46 --------- d-----w C:\Program Files\speed-bit 2007-12-24 01:45 --------- d-----w C:\Program Files\securedie 2007-12-24 01:41 --------- d-----w C:\Program Files\MegauploadToolbar 2007-12-24 01:36 --------- d-----w C:\Program Files\Google 2007-12-24 01:36 --------- d-----w C:\Program Files\Gadu-Gadu 2007-12-24 01:35 --------- d-----w C:\Program Files\FolderSizes 2007-12-24 01:34 --------- d-----w C:\Program Files\DAP 2007-12-24 01:02 --------- d-----w C:\Documents and Settings\Mateusz\Dane aplikacji\MegauploadToolbar 2007-12-23 21:18 --------- d-----w C:\Program Files\Kazaa 2007-12-23 16:29 --------- d-----w C:\Program Files\SopCast 2007-12-23 16:13 --------- d-----w C:\Program Files\ffdshow 2007-12-23 15:07 --------- d-----w C:\Program Files\TVAnts 2007-12-23 13:53 --------- d—a-w C:\Documents and Settings\Mateusz\Dane aplikacji\SopCast 2007-12-23 11:44 --------- d-----w C:\Documents and Settings\Michał\Dane aplikacji\delete bold mess 2007-12-23 11:39 --------- d-----w C:\Documents and Settings\Mateusz\Dane aplikacji\delete bold mess 2007-12-23 09:07 --------- d-----w C:\Program Files\Windows SyncroAd 2007-12-22 23:41 --------- d-----w C:\Program Files\Lavasoft 2007-12-22 23:40 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2007-12-22 12:00 --------- d-----w C:\Documents and Settings\Mateusz\Dane aplikacji\Skype 2007-12-21 09:43 --------- d-----w C:\Documents and Settings\Mariusz\Dane aplikacji\MEGAUPLOADTOOLBAR 2007-12-08 13:49 --------- d-----w C:\Documents and Settings\Mariusz\Dane aplikacji\Skype 2007-12-07 17:25 --------- d-----w C:\Program Files\GemsNet 2007-12-05 13:09 --------- d-----w C:\Program Files\Winamp 2007-12-03 22:25 --------- d-----w C:\Program Files\English Translator 3 2007-11-29 12:59 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Skype 2007-11-24 13:35 81,528 ----a-w C:\info.exe 2007-11-23 13:26 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\DVD Shrink 2007-11-21 10:13 --------- d-----w C:\Documents and Settings\GINA\Dane aplikacji\MEGAUPLOADTOOLBAR 2007-11-20 20:04 --------- d-----w C:\Program Files\eurobarre 2007-11-15 16:03 --------- d-----w C:\Program Files\X-Trader 4 XTB PLN 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-11-11 17:48 --------- d-----w C:\Program Files\DVD Shrink 2007-11-11 17:46 --------- d-----w C:\Program Files\VirtualDubMod1 2007-11-11 17:43 --------- d-----w C:\Program Files\VirtualDubMod 2007-11-06 09:43 --------- d-----w C:\Program Files\SS Demo 2007-11-05 13:43 --------- d-----w C:\Program Files\NoAdware5.0 2007-10-29 22:44 1,291,264 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-29 12:22 --------- d-----w C:\Program Files\DeadLine 2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll 2007-10-20 13:04 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2007-10-18 22:41 43,698 ----a-w C:\WINDOWS\system32\xvid-uninstall.exe 2007-05-06 11:52 536 -c–a-w C:\Program Files\INSTALL.LOG 2007-03-19 18:13 6,422,611 ----a-w C:\Program Files\frostwire-4.13.1.6.windows.exe 2007-01-30 16:07 87,608 ----a-w C:\Documents and Settings\Mateusz\Dane aplikacji\ezpinst.exe 2007-01-30 16:07 47,360 ----a-w C:\Documents and Settings\Mateusz\Dane aplikacji\pcouffin.sys 2005-11-20 13:31 2,171,136 ----a-w C:\Program Files\WW561SETUP.EXE 1997-05-29 17:43 1,442 -c–a-r C:\Program Files\convert.bat 1997-05-29 17:25 55,296 -c–a-r C:\Program Files\oljrnl.fae 1997-05-29 17:25 50,176 -c–a-r C:\Program Files\olmail.fae 1997-05-29 17:25 39,424 -c–a-r C:\Program Files\olnote.fae 1997-05-29 17:17 74,752 -c–a-r C:\Program Files\sidekick.sam 1997-05-29 17:17 64,512 -c–a-r C:\Program Files\act.sam 1997-05-29 17:17 54,272 -c–a-r C:\Program Files\ecco.sam 2005-05-04 17:34 56 --sha-r C:\WINDOWS\system32\9D918E7724.sys 2005-05-04 17:34 10,856 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE~\Browser Helper Objects{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}] 2007-10-04 21:06 1135968 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll [HKEY_LOCAL_MACHINE~\Browser Helper Objects{2ba521ac-b9b9-4433-ba45-dba2f02cba5a}] 2007-12-07 13:19 1502232 --a------ C:\Program Files\speed-bit\tbspe0.dll [HKEY_LOCAL_MACHINE~\Browser Helper Objects{cd36797a-70f3-4acd-8825-623d3b896881}] 2007-11-13 13:36 1502232 --a------ C:\Program Files\securedie\tbsec0.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} {2318C2B1-4965-11D4-9B18-009027A5CD4F} {CD36797A-70F3-4ACD-8825-623D3B896881} {2BA521AC-B9B9-4433-BA45-DBA2F02CBA5A} {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} [HKEY_CLASSES_ROOT\clsid{cd36797a-70f3-4acd-8825-623d3b896881}] [HKEY_CLASSES_ROOT\clsid{2ba521ac-b9b9-4433-ba45-dba2f02cba5a}] [HKEY_CLASSES_ROOT\clsid{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1] [HKEY_CLASSES_ROOT\TypeLib{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] “{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}”= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 21:06 1135968] [HKEY_CLASSES_ROOT\clsid{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1] [HKEY_CLASSES_ROOT\TypeLib{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-05-10 15:36] “WinMode”=“C:\DOCUME~1\Mateusz\DANEAP~1\DELETE~1\bike play.exe” [2007-12-10 04:05] “SpybotSD TeaTimer”=“C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe” [2007-08-31 15:46] “eMuleAutoStart”=“C:\Program Files\eMule\emule.exe” [2007-05-13 15:57] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “NvCplDaemon”=“RUNDLL32.exe” [2004-08-03 23:44 C:\WINDOWS\system32\rundll32.exe] “NvMediaCenter”=“RUNDLL32.exe” [2004-08-03 23:44 C:\WINDOWS\system32\rundll32.exe] “HPDJ Taskbar Utility”=“C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe” [2002-04-29 20:49] “Camera Detector”=“C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.exe” [2003-06-17 14:43] “Realtime Monitor”=“C:\PROGRA~1\CA\ETRUST~1\realmon.exe” [2003-02-13 09:25] “TkBellExe”=“C:\Program Files\Common Files\Real\Update_OB\realsched.exe” [2004-11-09 22:45] “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe” [2007-07-12 03:00] “DownloadAccelerator”=“C:\Program Files\DAP\DAP.exe” [2007-11-22 11:34] “SpeedBitVideoAccelerator”=“C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe” [2007-11-20 10:44] “SecurDisc”=“C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe” [2007-02-12 11:23] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk] backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Mariusz^Menu Start^Programy^Autostart^Picture Motion Browser Media Check Tool.lnk] backup=C:\WINDOWS\pss\Picture Motion Browser Media Check Tool.lnkStartup C:\Program Files\Gadu-Gadu\gg.exe /tray [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer] Mixer.exe /startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dzieńdobry!] C:\Program Files\VSD Software\Dzieńdobry!\dziendobry.exe /auto [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD] 2007-02-12 11:19 1050112 --a------ C:\Program Files\Nero\Nero 7\InCD\InCD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2006-01-12 14:40 155648 --a------ C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] nwiz.exe /install [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\part chin math idol] C:\Documents and Settings\All Users\Dane aplikacji\That size part chin\second comp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector] 2007-10-23 22:18 443968 --a------ C:\Program Files\Picasa2\PicasaMediaDetector.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\qttask.exe -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] C:\Program Files\Skype\Phone\Skype.exe /nosplash /minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe /startoptions [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2007-06-14 21:36 68856 --a------ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Registry Repair Pro] R0 AFPAnsi;G-DATA Ukrywacz Ansi;C:\WINDOWS\system32\Drivers\AFPAnsi.sys [2002-10-09 13:53] R0 FO_PAnt;FotoOffice VirtualDisc Driver;C:\WINDOWS\system32\Drivers\FO_PAnt.sys [2003-07-17 12:56] R2 LogWatch;Event Log Watch;“C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe” [2002-09-19 20:29] R2 sbbotdi;sbbotdi;C:\PROGRA~1\SPEEDB~1\sbbotdi.sys [2007-11-20 10:44] R2 VideoAcceleratorService;VideoAcceleratorService;C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm [] S3 CA_LIC_CLNT;CA License Client;“C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe” [2002-09-19 20:27] S3 CA_LIC_SRVR;CA License Server;“C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe” [2002-09-19 20:41] S3 SDTHOOK;SDTHOOK;C:\WINDOWS\system32\DRIVERS\SDTHOOK.sys [2007-06-05 10:56] S3 StMp3Rec;Player Recovery Device Control Driver;C:\WINDOWS\system32\Drivers\StMp3Rec.sys [2005-08-16 10:23] . ************************************************************************** catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-26 12:55:12 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-12-26 12:56:28 C:\ComboFix2.txt … 2007-12-26 12:35 C:\ComboFix3.txt … 2007-12-24 01:14 . 2007-12-21 06:07:29 — E O F —

mateuszek · 26 Grudzień 2007 14:47

Niby wszystko lepiej chodzi ale przeskanowalem sobie teraz panda on-line i i mi wyskoczylo 61 syfow szpiegujacych oraz 10 hakerskich i rootkitow nie wiem co o tym myslec…

Gutek · 27 Grudzień 2007 00:35

Skan AVG Anti-Spyware 7.5 po update

Po tym nowy log z Combo

mateuszek · 27 Grudzień 2007 13:05

ComboFix 07-12-21.4 - Mateusz 2007-12-27 13:54:00.6 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.163 [GMT 1:00] Running from: C:\Documents and Settings\Mateusz\Pulpit\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2007-11-27 to 2007-12-27 ))))))))))))))))))))))))))))))) . 2007-12-27 10:16 . 2007-12-27 10:16 2007-12-27 10:15 . 2007-12-27 10:15 2007-12-27 10:15 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-12-24 00:51 . 2007-12-26 12:56 2007-12-24 00:51 . 2004-09-16 15:29 2007-12-24 00:51 . 2004-09-16 14:39 2007-12-24 00:51 . 2004-09-16 15:29 2007-12-24 00:51 . 2004-09-16 15:29 2007-12-24 00:51 . 2004-09-16 15:29 2007-12-24 00:51 . 2004-09-16 15:29 2007-12-24 00:40 . 2007-12-24 00:53 3,162 --a------ C:\WINDOWS\system32\tmp.reg 2007-12-23 23:37 . 2007-12-23 23:37 2007-12-23 00:41 . 2007-12-23 00:41 2007-12-22 23:50 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS 2007-12-22 23:33 . 2007-12-26 15:02 2007-12-22 23:33 . 2007-12-26 14:24 30,590 --a------ C:\WINDOWS\system32\pavas.ico 2007-12-22 23:33 . 2007-12-26 14:24 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico 2007-12-22 23:33 . 2007-12-26 14:24 1,406 --a------ C:\WINDOWS\system32\Help.ico 2007-12-21 23:49 . 2007-12-21 23:49 2007-12-21 15:47 . 2007-12-25 22:54 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2007-12-21 15:47 . 2007-12-21 15:47 1,409 --a------ C:\WINDOWS\QTFont.for 2007-12-19 21:23 . 2007-12-19 21:23 2007-12-19 21:23 . 2007-12-19 21:23 2007-12-19 21:17 . 2007-12-20 09:25 2007-12-16 19:20 . 2007-12-17 14:39 2007-12-13 16:36 . 2007-12-13 16:36 2007-12-05 14:09 . 2007-12-26 15:55 2007-12-05 14:09 . 2007-12-05 14:09 2007-12-05 14:09 . 2007-12-05 14:14 2007-12-05 14:08 . 2007-12-26 10:52 2007-12-05 14:06 . 2007-03-08 00:51 129,784 --------- C:\WINDOWS\system32\pxafs.dll 2007-12-02 20:41 . 2007-12-27 00:01 2007-12-02 18:37 . 2007-12-02 18:37 2007-11-29 18:38 . 2007-11-29 18:38 2007-11-29 16:24 . 2007-12-22 12:56 2007-11-29 14:05 . 2007-12-08 14:36 2007-11-29 14:05 . 2007-11-29 14:05 32 --a------ C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat 2007-11-29 13:59 . 2007-11-29 13:59 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-27 12:52 --------- d-----w C:\Program Files\eMule 2007-12-27 12:50 --------- d—a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP 2007-12-26 23:12 --------- d-----w C:\Documents and Settings\Michał\Dane aplikacji\Skype 2007-12-26 21:40 --------- d-----w C:\Documents and Settings\Michał\Dane aplikacji\MEGAUPLOADTOOLBAR 2007-12-26 14:43 --------- d-----w C:\Program Files\SpeedBit Video Accelerator 2007-12-26 14:43 --------- d-----w C:\Program Files\speed-bit 2007-12-26 14:41 --------- d-----w C:\Program Files\securedie 2007-12-26 14:36 --------- d-----w C:\Program Files\MegauploadToolbar 2007-12-26 14:30 --------- d-----w C:\Program Files\Google 2007-12-26 14:30 --------- d-----w C:\Program Files\Gadu-Gadu 2007-12-26 14:29 --------- d-----w C:\Program Files\FolderSizes 2007-12-26 14:27 --------- d-----w C:\Program Files\DAP 2007-12-26 13:27 --------- d-----w C:\Documents and Settings\Mateusz\Dane aplikacji\MegauploadToolbar 2007-12-24 13:52 --------- d-----w C:\Program Files\Weather Watcher 2007-12-23 21:18 --------- d-----w C:\Program Files\Kazaa 2007-12-23 16:29 --------- d-----w C:\Program Files\SopCast 2007-12-23 16:13 --------- d-----w C:\Program Files\ffdshow 2007-12-23 15:07 --------- d-----w C:\Program Files\TVAnts 2007-12-23 13:53 --------- d—a-w C:\Documents and Settings\Mateusz\Dane aplikacji\SopCast 2007-12-23 11:44 --------- d-----w C:\Documents and Settings\Michał\Dane aplikacji\delete bold mess 2007-12-23 11:39 --------- d-----w C:\Documents and Settings\Mateusz\Dane aplikacji\delete bold mess 2007-12-23 09:07 --------- d-----w C:\Program Files\Windows SyncroAd 2007-12-22 23:41 --------- d-----w C:\Program Files\Lavasoft 2007-12-22 23:40 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2007-12-22 12:00 --------- d-----w C:\Documents and Settings\Mateusz\Dane aplikacji\Skype 2007-12-21 09:43 --------- d-----w C:\Documents and Settings\Mariusz\Dane aplikacji\MEGAUPLOADTOOLBAR 2007-12-08 13:49 --------- d-----w C:\Documents and Settings\Mariusz\Dane aplikacji\Skype 2007-12-07 17:25 --------- d-----w C:\Program Files\GemsNet 2007-12-05 13:09 --------- d-----w C:\Program Files\Winamp 2007-12-03 22:25 --------- d-----w C:\Program Files\English Translator 3 2007-11-29 12:59 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Skype 2007-11-24 13:35 81,528 ----a-w C:\info.exe 2007-11-23 13:26 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\DVD Shrink 2007-11-21 10:13 --------- d-----w C:\Documents and Settings\GINA\Dane aplikacji\MEGAUPLOADTOOLBAR 2007-11-20 20:04 --------- d-----w C:\Program Files\eurobarre 2007-11-15 16:03 --------- d-----w C:\Program Files\X-Trader 4 XTB PLN 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-11-11 17:48 --------- d-----w C:\Program Files\DVD Shrink 2007-11-11 17:46 --------- d-----w C:\Program Files\VirtualDubMod1 2007-11-11 17:43 --------- d-----w C:\Program Files\VirtualDubMod 2007-11-06 09:43 --------- d-----w C:\Program Files\SS Demo 2007-11-05 13:43 --------- d-----w C:\Program Files\NoAdware5.0 2007-10-29 22:44 1,291,264 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-29 12:22 --------- d-----w C:\Program Files\DeadLine 2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll 2007-10-20 13:04 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2007-10-18 22:41 43,698 ----a-w C:\WINDOWS\system32\xvid-uninstall.exe 2007-05-06 11:52 536 -c–a-w C:\Program Files\INSTALL.LOG 2007-03-19 18:13 6,422,611 ----a-w C:\Program Files\frostwire-4.13.1.6.windows.exe 2007-01-30 16:07 87,608 ----a-w C:\Documents and Settings\Mateusz\Dane aplikacji\ezpinst.exe 2007-01-30 16:07 47,360 ----a-w C:\Documents and Settings\Mateusz\Dane aplikacji\pcouffin.sys 2005-11-20 13:31 2,171,136 ----a-w C:\Program Files\WW561SETUP.EXE 1997-05-29 17:43 1,442 -c–a-r C:\Program Files\convert.bat 1997-05-29 17:25 55,296 -c–a-r C:\Program Files\oljrnl.fae 1997-05-29 17:25 50,176 -c–a-r C:\Program Files\olmail.fae 1997-05-29 17:25 39,424 -c–a-r C:\Program Files\olnote.fae 1997-05-29 17:17 74,752 -c–a-r C:\Program Files\sidekick.sam 1997-05-29 17:17 64,512 -c–a-r C:\Program Files\act.sam 1997-05-29 17:17 54,272 -c–a-r C:\Program Files\ecco.sam 2005-05-04 17:34 56 --sha-r C:\WINDOWS\system32\9D918E7724.sys 2005-05-04 17:34 10,856 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((( snapshot@2007-12-26_12.55.22.70 ))))))))))))))))))))))))))))))))))))))))) . + 2007-12-27 12:38:28 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_738.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE~\Browser Helper Objects{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}] 2007-10-04 21:06 1135968 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll [HKEY_LOCAL_MACHINE~\Browser Helper Objects{2ba521ac-b9b9-4433-ba45-dba2f02cba5a}] 2007-12-07 13:19 1502232 --a------ C:\Program Files\speed-bit\tbspe0.dll [HKEY_LOCAL_MACHINE~\Browser Helper Objects{cd36797a-70f3-4acd-8825-623d3b896881}] 2007-11-13 13:36 1502232 --a------ C:\Program Files\securedie\tbsec0.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} {2318C2B1-4965-11D4-9B18-009027A5CD4F} {CD36797A-70F3-4ACD-8825-623D3B896881} {2BA521AC-B9B9-4433-BA45-DBA2F02CBA5A} {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} [HKEY_CLASSES_ROOT\clsid{cd36797a-70f3-4acd-8825-623d3b896881}] [HKEY_CLASSES_ROOT\clsid{2ba521ac-b9b9-4433-ba45-dba2f02cba5a}] [HKEY_CLASSES_ROOT\clsid{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1] [HKEY_CLASSES_ROOT\TypeLib{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] “{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}”= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 21:06 1135968] [HKEY_CLASSES_ROOT\clsid{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1] [HKEY_CLASSES_ROOT\TypeLib{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-05-10 15:36] “WinMode”=“C:\DOCUME~1\Mateusz\DANEAP~1\DELETE~1\bike play.exe” [2007-12-10 04:05] “SpybotSD TeaTimer”=“C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe” [2007-08-31 15:46] “eMuleAutoStart”=“C:\Program Files\eMule\emule.exe” [2007-05-13 15:57] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “NvCplDaemon”=“RUNDLL32.exe” [2004-08-03 23:44 C:\WINDOWS\system32\rundll32.exe] “NvMediaCenter”=“RUNDLL32.exe” [2004-08-03 23:44 C:\WINDOWS\system32\rundll32.exe] “HPDJ Taskbar Utility”=“C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe” [2002-04-29 20:49] “Camera Detector”=“C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.exe” [2003-06-17 14:43] “Realtime Monitor”=“C:\PROGRA~1\CA\ETRUST~1\realmon.exe” [2003-02-13 09:25] “TkBellExe”=“C:\Program Files\Common Files\Real\Update_OB\realsched.exe” [2004-11-09 22:45] “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe” [2007-07-12 03:00] “DownloadAccelerator”=“C:\Program Files\DAP\DAP.exe” [2007-11-22 11:34] “SpeedBitVideoAccelerator”=“C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe” [2007-11-20 10:44] “SecurDisc”=“C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe” [2007-02-12 11:23] “!AVG Anti-Spyware”=“C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” [2007-06-11 10:25] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk] backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Mariusz^Menu Start^Programy^Autostart^Picture Motion Browser Media Check Tool.lnk] backup=C:\WINDOWS\pss\Picture Motion Browser Media Check Tool.lnkStartup C:\Program Files\Gadu-Gadu\gg.exe /tray [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer] Mixer.exe /startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dzieńdobry!] C:\Program Files\VSD Software\Dzieńdobry!\dziendobry.exe /auto [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD] 2007-02-12 11:19 1050112 --a------ C:\Program Files\Nero\Nero 7\InCD\InCD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2006-01-12 14:40 155648 --a------ C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] nwiz.exe /install [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\part chin math idol] C:\Documents and Settings\All Users\Dane aplikacji\That size part chin\second comp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector] 2007-10-23 22:18 443968 --a------ C:\Program Files\Picasa2\PicasaMediaDetector.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\qttask.exe -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] C:\Program Files\Skype\Phone\Skype.exe /nosplash /minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe /startoptions [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2007-06-14 21:36 68856 --a------ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Registry Repair Pro] R0 AFPAnsi;G-DATA Ukrywacz Ansi;C:\WINDOWS\system32\Drivers\AFPAnsi.sys [2002-10-09 13:53] R0 FO_PAnt;FotoOffice VirtualDisc Driver;C:\WINDOWS\system32\Drivers\FO_PAnt.sys [2003-07-17 12:56] R2 LogWatch;Event Log Watch;“C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe” [2002-09-19 20:29] R2 sbbotdi;sbbotdi;C:\PROGRA~1\SPEEDB~1\sbbotdi.sys [2007-11-20 10:44] S2 VideoAcceleratorService;VideoAcceleratorService;C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm [] S3 CA_LIC_CLNT;CA License Client;“C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe” [2002-09-19 20:27] S3 CA_LIC_SRVR;CA License Server;“C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe” [2002-09-19 20:41] S3 SDTHOOK;SDTHOOK;C:\WINDOWS\system32\DRIVERS\SDTHOOK.sys [2007-06-05 10:56] S3 StMp3Rec;Player Recovery Device Control Driver;C:\WINDOWS\system32\Drivers\StMp3Rec.sys [2005-08-16 10:23] . ************************************************************************** catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-27 14:00:16 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-12-27 14:02:10 C:\ComboFix2.txt … 2007-12-26 12:56 C:\ComboFix3.txt … 2007-12-26 12:35 . 2007-12-21 06:07:29 — E O F —

Gutek · 28 Grudzień 2007 18:18

C:\DOCUME~1\Mateusz\DANEAP~1\DELETE~1\bike play.exe plik usunąć

mateuszek · 29 Grudzień 2007 16:25

Czysto juz? i jeszcze raz co sadzisz o tym eTrust?

ComboFix 07-12-21.4 - Mateusz 2007-12-29 17:08:41.7 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1250.48.1045.18.97 [GMT 1:00]Running from: C:\Documents and Settings\Mateusz\Pulpit\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2007-11-28 to 2007-12-29 ))))))))))))))))))))))))))))))) . 2007-12-28 15:10 . 2007-12-28 15:10 2007-12-27 15:58 . 2007-12-27 15:58 2007-12-27 10:16 . 2007-12-27 10:16 2007-12-27 10:15 . 2007-12-27 10:15 2007-12-27 10:15 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-12-24 00:51 . 2007-12-27 14:02 2007-12-24 00:51 . 2004-09-16 15:29 2007-12-24 00:51 . 2004-09-16 14:39 2007-12-24 00:51 . 2004-09-16 15:29 2007-12-24 00:51 . 2004-09-16 15:29 2007-12-24 00:51 . 2004-09-16 15:29 2007-12-24 00:51 . 2004-09-16 15:29 2007-12-24 00:40 . 2007-12-24 00:53 3,162 --a------ C:\WINDOWS\system32\tmp.reg 2007-12-23 23:37 . 2007-12-23 23:37 2007-12-23 00:41 . 2007-12-23 00:41 2007-12-22 23:50 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS 2007-12-22 23:33 . 2007-12-27 15:53 2007-12-22 23:33 . 2007-12-27 14:10 30,590 --a------ C:\WINDOWS\system32\pavas.ico 2007-12-22 23:33 . 2007-12-27 14:10 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico 2007-12-22 23:33 . 2007-12-27 14:10 1,406 --a------ C:\WINDOWS\system32\Help.ico 2007-12-21 23:49 . 2007-12-21 23:49 2007-12-19 21:23 . 2007-12-19 21:23 2007-12-19 21:23 . 2007-12-19 21:23 2007-12-19 21:17 . 2007-12-20 09:25 2007-12-16 19:20 . 2007-12-17 14:39 2007-12-13 16:36 . 2007-12-13 16:36 2007-12-05 14:09 . 2007-12-27 15:36 2007-12-05 14:09 . 2007-12-05 14:09 2007-12-05 14:09 . 2007-12-05 14:14 2007-12-05 14:08 . 2007-12-29 10:29 2007-12-05 14:06 . 2007-03-08 00:51 129,784 --------- C:\WINDOWS\system32\pxafs.dll 2007-12-02 20:41 . 2007-12-29 16:00 2007-12-02 18:37 . 2007-12-02 18:37 2007-11-29 18:38 . 2007-11-29 18:38 2007-11-29 16:24 . 2007-12-22 12:56 2007-11-29 14:05 . 2007-12-08 14:36 2007-11-29 14:05 . 2007-11-29 14:05 32 --a------ C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat 2007-11-29 13:59 . 2007-11-29 13:59 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-29 15:45 --------- d-----w C:\Program Files\eMule 2007-12-29 15:02 --------- d—a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP 2007-12-29 14:54 --------- d-----w C:\Documents and Settings\Michał\Dane aplikacji\Skype 2007-12-29 13:21 --------- d-----w C:\Documents and Settings\Michał\Dane aplikacji\MEGAUPLOADTOOLBAR 2007-12-28 22:55 --------- d-----w C:\Documents and Settings\Mateusz\Dane aplikacji\delete bold mess 2007-12-27 14:26 --------- d-----w C:\Program Files\SpeedBit Video Accelerator 2007-12-27 14:26 --------- d-----w C:\Program Files\speed-bit 2007-12-27 14:24 --------- d-----w C:\Program Files\securedie 2007-12-27 14:19 --------- d-----w C:\Program Files\MegauploadToolbar 2007-12-27 14:11 --------- d-----w C:\Program Files\Google 2007-12-27 14:11 --------- d-----w C:\Program Files\Gadu-Gadu 2007-12-27 14:08 --------- d-----w C:\Program Files\DAP 2007-12-27 13:15 --------- d-----w C:\Documents and Settings\Mateusz\Dane aplikacji\MegauploadToolbar 2007-12-26 14:29 --------- d-----w C:\Program Files\FolderSizes 2007-12-24 13:52 --------- d-----w C:\Program Files\Weather Watcher 2007-12-23 21:18 --------- d-----w C:\Program Files\Kazaa 2007-12-23 16:29 --------- d-----w C:\Program Files\SopCast 2007-12-23 16:13 --------- d-----w C:\Program Files\ffdshow 2007-12-23 15:07 --------- d-----w C:\Program Files\TVAnts 2007-12-23 13:53 --------- d—a-w C:\Documents and Settings\Mateusz\Dane aplikacji\SopCast 2007-12-23 11:44 --------- d-----w C:\Documents and Settings\Michał\Dane aplikacji\delete bold mess 2007-12-23 09:07 --------- d-----w C:\Program Files\Windows SyncroAd 2007-12-22 23:41 --------- d-----w C:\Program Files\Lavasoft 2007-12-22 23:40 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2007-12-22 12:00 --------- d-----w C:\Documents and Settings\Mateusz\Dane aplikacji\Skype 2007-12-21 09:43 --------- d-----w C:\Documents and Settings\Mariusz\Dane aplikacji\MEGAUPLOADTOOLBAR 2007-12-08 13:49 --------- d-----w C:\Documents and Settings\Mariusz\Dane aplikacji\Skype 2007-12-07 17:25 --------- d-----w C:\Program Files\GemsNet 2007-12-05 13:09 --------- d-----w C:\Program Files\Winamp 2007-12-03 22:25 --------- d-----w C:\Program Files\English Translator 3 2007-11-29 12:59 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Skype 2007-11-24 13:35 81,528 ----a-w C:\info.exe 2007-11-23 13:26 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\DVD Shrink 2007-11-21 10:13 --------- d-----w C:\Documents and Settings\GINA\Dane aplikacji\MEGAUPLOADTOOLBAR 2007-11-20 20:04 --------- d-----w C:\Program Files\eurobarre 2007-11-15 16:03 --------- d-----w C:\Program Files\X-Trader 4 XTB PLN 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-11-11 17:48 --------- d-----w C:\Program Files\DVD Shrink 2007-11-11 17:46 --------- d-----w C:\Program Files\VirtualDubMod1 2007-11-11 17:43 --------- d-----w C:\Program Files\VirtualDubMod 2007-11-06 09:43 --------- d-----w C:\Program Files\SS Demo 2007-11-05 13:43 --------- d-----w C:\Program Files\NoAdware5.0 2007-10-29 22:44 1,291,264 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-29 12:22 --------- d-----w C:\Program Files\DeadLine 2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll 2007-10-20 13:04 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2007-10-18 22:41 43,698 ----a-w C:\WINDOWS\system32\xvid-uninstall.exe 2007-05-06 11:52 536 -c–a-w C:\Program Files\INSTALL.LOG 2007-03-19 18:13 6,422,611 ----a-w C:\Program Files\frostwire-4.13.1.6.windows.exe 2007-01-30 16:07 87,608 ----a-w C:\Documents and Settings\Mateusz\Dane aplikacji\ezpinst.exe 2007-01-30 16:07 47,360 ----a-w C:\Documents and Settings\Mateusz\Dane aplikacji\pcouffin.sys 2005-11-20 13:31 2,171,136 ----a-w C:\Program Files\WW561SETUP.EXE 1997-05-29 17:43 1,442 -c–a-r C:\Program Files\convert.bat 1997-05-29 17:25 55,296 -c–a-r C:\Program Files\oljrnl.fae 1997-05-29 17:25 50,176 -c–a-r C:\Program Files\olmail.fae 1997-05-29 17:25 39,424 -c–a-r C:\Program Files\olnote.fae 1997-05-29 17:17 74,752 -c–a-r C:\Program Files\sidekick.sam 1997-05-29 17:17 64,512 -c–a-r C:\Program Files\act.sam 1997-05-29 17:17 54,272 -c–a-r C:\Program Files\ecco.sam 2005-05-04 17:34 56 --sha-r C:\WINDOWS\system32\9D918E7724.sys 2005-05-04 17:34 10,856 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((( snapshot@2007-12-26_12.55.22.70 ))))))))))))))))))))))))))))))))))))))))) . + 2007-12-27 12:38:28 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_738.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE~\Browser Helper Objects{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}] 2007-10-04 21:06 1135968 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll [HKEY_LOCAL_MACHINE~\Browser Helper Objects{2ba521ac-b9b9-4433-ba45-dba2f02cba5a}] 2007-12-07 13:19 1502232 --a------ C:\Program Files\speed-bit\tbspe0.dll [HKEY_LOCAL_MACHINE~\Browser Helper Objects{cd36797a-70f3-4acd-8825-623d3b896881}] 2007-11-13 13:36 1502232 --a------ C:\Program Files\securedie\tbsec0.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} {2318C2B1-4965-11D4-9B18-009027A5CD4F} {CD36797A-70F3-4ACD-8825-623D3B896881} {2BA521AC-B9B9-4433-BA45-DBA2F02CBA5A} {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} [HKEY_CLASSES_ROOT\clsid{cd36797a-70f3-4acd-8825-623d3b896881}] [HKEY_CLASSES_ROOT\clsid{2ba521ac-b9b9-4433-ba45-dba2f02cba5a}] [HKEY_CLASSES_ROOT\clsid{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1] [HKEY_CLASSES_ROOT\TypeLib{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] “{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}”= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 21:06 1135968] [HKEY_CLASSES_ROOT\clsid{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1] [HKEY_CLASSES_ROOT\TypeLib{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-05-10 15:36] “WinMode”=“C:\DOCUME~1\Mateusz\DANEAP~1\DELETE~1\bike play.exe” [] “SpybotSD TeaTimer”=“C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe” [2007-08-31 15:46] “eMuleAutoStart”=“C:\Program Files\eMule\emule.exe” [2007-05-13 15:57] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “NvCplDaemon”=“RUNDLL32.exe” [2004-08-03 23:44 C:\WINDOWS\system32\rundll32.exe] “NvMediaCenter”=“RUNDLL32.exe” [2004-08-03 23:44 C:\WINDOWS\system32\rundll32.exe] “HPDJ Taskbar Utility”=“C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe” [2002-04-29 20:49] “Camera Detector”=“C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.exe” [2003-06-17 14:43] “Realtime Monitor”=“C:\PROGRA~1\CA\ETRUST~1\realmon.exe” [2003-02-13 09:25] “TkBellExe”=“C:\Program Files\Common Files\Real\Update_OB\realsched.exe” [2004-11-09 22:45] “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe” [2007-07-12 03:00] “DownloadAccelerator”=“C:\Program Files\DAP\DAP.exe” [2007-11-22 11:34] “SpeedBitVideoAccelerator”=“C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe” [2007-11-20 10:44] “SecurDisc”=“C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe” [2007-02-12 11:23] “!AVG Anti-Spyware”=“C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” [2007-06-11 10:25] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk] backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Mariusz^Menu Start^Programy^Autostart^Picture Motion Browser Media Check Tool.lnk] backup=C:\WINDOWS\pss\Picture Motion Browser Media Check Tool.lnkStartup C:\Program Files\Gadu-Gadu\gg.exe /tray [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer] Mixer.exe /startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dzieńdobry!] C:\Program Files\VSD Software\Dzieńdobry!\dziendobry.exe /auto [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD] 2007-02-12 11:19 1050112 --a------ C:\Program Files\Nero\Nero 7\InCD\InCD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2006-01-12 14:40 155648 --a------ C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] nwiz.exe /install [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\part chin math idol] C:\Documents and Settings\All Users\Dane aplikacji\That size part chin\second comp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector] 2007-10-23 22:18 443968 --a------ C:\Program Files\Picasa2\PicasaMediaDetector.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\qttask.exe -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] C:\Program Files\Skype\Phone\Skype.exe /nosplash /minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe /startoptions [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2007-06-14 21:36 68856 --a------ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Registry Repair Pro] R0 AFPAnsi;G-DATA Ukrywacz Ansi;C:\WINDOWS\system32\Drivers\AFPAnsi.sys [2002-10-09 13:53] R0 FO_PAnt;FotoOffice VirtualDisc Driver;C:\WINDOWS\system32\Drivers\FO_PAnt.sys [2003-07-17 12:56] R2 LogWatch;Event Log Watch;“C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe” [2002-09-19 20:29] R2 sbbotdi;sbbotdi;C:\PROGRA~1\SPEEDB~1\sbbotdi.sys [2007-11-20 10:44] S2 VideoAcceleratorService;VideoAcceleratorService;C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm [] S3 CA_LIC_CLNT;CA License Client;“C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe” [2002-09-19 20:27] S3 CA_LIC_SRVR;CA License Server;“C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe” [2002-09-19 20:41] S3 SDTHOOK;SDTHOOK;C:\WINDOWS\system32\DRIVERS\SDTHOOK.sys [2007-06-05 10:56] S3 StMp3Rec;Player Recovery Device Control Driver;C:\WINDOWS\system32\Drivers\StMp3Rec.sys [2005-08-16 10:23] . ************************************************************************** catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-29 17:15:26 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-12-29 17:18:05 C:\ComboFix2.txt … 2007-12-27 14:02 C:\ComboFix3.txt … 2007-12-26 12:56 . 2007-12-21 06:07:29 — E O F —

Gutek · 29 Grudzień 2007 16:35

Wklej do Notatnika:

Registry::

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WinMode"=-

>>Plik>>Zapisz jako… >>> CFScript (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe )

Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe (czyli ikonkę CFScript.txt na ikonkę ComboFix.exe )

– podobnie jak na tym obrazku –>

(jeśli pojawi się pytanie " 1 or 2" - to wpisz 1 i naciśnij ENTER) Ma się rozpocząć usuwanie. (i powstanie log)

Po restarcie usuń ręcznie folder C: ** Qoobox**.

I powinno być Ok

mateuszek · 29 Grudzień 2007 17:13

Wklejam jeszcze loga do sprawdzenia. Mam nadzieje ze juz wszystko Ok. Wielkie dzieki Gutek

ComboFix 07-12-21.4 - Mateusz 2007-12-29 18:03:07.9 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.145 [GMT 1:00] Running from: C:\Documents and Settings\Mateusz\Pulpit\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2007-11-28 to 2007-12-29 ))))))))))))))))))))))))))))))) . 2007-12-28 15:10 . 2007-12-28 15:10 2007-12-27 15:58 . 2007-12-27 15:58 2007-12-27 10:16 . 2007-12-27 10:16 2007-12-27 10:15 . 2007-12-27 10:15 2007-12-27 10:15 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-12-24 00:51 . 2007-12-29 17:51 2007-12-24 00:51 . 2004-09-16 15:29 2007-12-24 00:51 . 2004-09-16 14:39 2007-12-24 00:51 . 2004-09-16 15:29 2007-12-24 00:51 . 2004-09-16 15:29 2007-12-24 00:51 . 2004-09-16 15:29 2007-12-24 00:51 . 2004-09-16 15:29 2007-12-24 00:40 . 2007-12-24 00:53 3,162 --a------ C:\WINDOWS\system32\tmp.reg 2007-12-23 23:37 . 2007-12-23 23:37 2007-12-23 00:41 . 2007-12-23 00:41 2007-12-22 23:50 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS 2007-12-22 23:33 . 2007-12-27 15:53 2007-12-22 23:33 . 2007-12-27 14:10 30,590 --a------ C:\WINDOWS\system32\pavas.ico 2007-12-22 23:33 . 2007-12-27 14:10 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico 2007-12-22 23:33 . 2007-12-27 14:10 1,406 --a------ C:\WINDOWS\system32\Help.ico 2007-12-21 23:49 . 2007-12-21 23:49 2007-12-19 21:23 . 2007-12-19 21:23 2007-12-19 21:23 . 2007-12-19 21:23 2007-12-19 21:17 . 2007-12-20 09:25 2007-12-16 19:20 . 2007-12-17 14:39 2007-12-13 16:36 . 2007-12-13 16:36 2007-12-05 14:09 . 2007-12-27 15:36 2007-12-05 14:09 . 2007-12-05 14:09 2007-12-05 14:09 . 2007-12-05 14:14 2007-12-05 14:08 . 2007-12-29 10:29 2007-12-05 14:06 . 2007-03-08 00:51 129,784 --------- C:\WINDOWS\system32\pxafs.dll 2007-12-02 20:41 . 2007-12-29 16:00 2007-12-02 18:37 . 2007-12-02 18:37 2007-11-29 18:38 . 2007-11-29 18:38 2007-11-29 16:24 . 2007-12-22 12:56 2007-11-29 14:05 . 2007-12-08 14:36 2007-11-29 14:05 . 2007-11-29 14:05 32 --a------ C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat 2007-11-29 13:59 . 2007-11-29 13:59 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-29 16:57 --------- d-----w C:\Program Files\eMule 2007-12-29 16:55 --------- d—a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP 2007-12-29 14:54 --------- d-----w C:\Documents and Settings\Michał\Dane aplikacji\Skype 2007-12-29 13:21 --------- d-----w C:\Documents and Settings\Michał\Dane aplikacji\MEGAUPLOADTOOLBAR 2007-12-28 22:55 --------- d-----w C:\Documents and Settings\Mateusz\Dane aplikacji\delete bold mess 2007-12-27 14:26 --------- d-----w C:\Program Files\SpeedBit Video Accelerator 2007-12-27 14:26 --------- d-----w C:\Program Files\speed-bit 2007-12-27 14:24 --------- d-----w C:\Program Files\securedie 2007-12-27 14:19 --------- d-----w C:\Program Files\MegauploadToolbar 2007-12-27 14:11 --------- d-----w C:\Program Files\Google 2007-12-27 14:11 --------- d-----w C:\Program Files\Gadu-Gadu 2007-12-27 14:08 --------- d-----w C:\Program Files\DAP 2007-12-27 13:15 --------- d-----w C:\Documents and Settings\Mateusz\Dane aplikacji\MegauploadToolbar 2007-12-26 14:29 --------- d-----w C:\Program Files\FolderSizes 2007-12-24 13:52 --------- d-----w C:\Program Files\Weather Watcher 2007-12-23 21:18 --------- d-----w C:\Program Files\Kazaa 2007-12-23 16:29 --------- d-----w C:\Program Files\SopCast 2007-12-23 16:13 --------- d-----w C:\Program Files\ffdshow 2007-12-23 15:07 --------- d-----w C:\Program Files\TVAnts 2007-12-23 13:53 --------- d—a-w C:\Documents and Settings\Mateusz\Dane aplikacji\SopCast 2007-12-23 11:44 --------- d-----w C:\Documents and Settings\Michał\Dane aplikacji\delete bold mess 2007-12-23 09:07 --------- d-----w C:\Program Files\Windows SyncroAd 2007-12-22 23:41 --------- d-----w C:\Program Files\Lavasoft 2007-12-22 23:40 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2007-12-22 12:00 --------- d-----w C:\Documents and Settings\Mateusz\Dane aplikacji\Skype 2007-12-21 09:43 --------- d-----w C:\Documents and Settings\Mariusz\Dane aplikacji\MEGAUPLOADTOOLBAR 2007-12-08 13:49 --------- d-----w C:\Documents and Settings\Mariusz\Dane aplikacji\Skype 2007-12-07 17:25 --------- d-----w C:\Program Files\GemsNet 2007-12-05 13:09 --------- d-----w C:\Program Files\Winamp 2007-12-03 22:25 --------- d-----w C:\Program Files\English Translator 3 2007-11-29 12:59 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Skype 2007-11-24 13:35 81,528 ----a-w C:\info.exe 2007-11-23 13:26 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\DVD Shrink 2007-11-21 10:13 --------- d-----w C:\Documents and Settings\GINA\Dane aplikacji\MEGAUPLOADTOOLBAR 2007-11-20 20:04 --------- d-----w C:\Program Files\eurobarre 2007-11-15 16:03 --------- d-----w C:\Program Files\X-Trader 4 XTB PLN 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-11-11 17:48 --------- d-----w C:\Program Files\DVD Shrink 2007-11-11 17:46 --------- d-----w C:\Program Files\VirtualDubMod1 2007-11-11 17:43 --------- d-----w C:\Program Files\VirtualDubMod 2007-11-06 09:43 --------- d-----w C:\Program Files\SS Demo 2007-11-05 13:43 --------- d-----w C:\Program Files\NoAdware5.0 2007-10-29 22:44 1,291,264 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-29 12:22 --------- d-----w C:\Program Files\DeadLine 2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll 2007-10-20 13:04 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2007-10-18 22:41 43,698 ----a-w C:\WINDOWS\system32\xvid-uninstall.exe 2007-05-06 11:52 536 -c–a-w C:\Program Files\INSTALL.LOG 2007-03-19 18:13 6,422,611 ----a-w C:\Program Files\frostwire-4.13.1.6.windows.exe 2007-01-30 16:07 87,608 ----a-w C:\Documents and Settings\Mateusz\Dane aplikacji\ezpinst.exe 2007-01-30 16:07 47,360 ----a-w C:\Documents and Settings\Mateusz\Dane aplikacji\pcouffin.sys 2005-11-20 13:31 2,171,136 ----a-w C:\Program Files\WW561SETUP.EXE 1997-05-29 17:43 1,442 -c–a-r C:\Program Files\convert.bat 1997-05-29 17:25 55,296 -c–a-r C:\Program Files\oljrnl.fae 1997-05-29 17:25 50,176 -c–a-r C:\Program Files\olmail.fae 1997-05-29 17:25 39,424 -c–a-r C:\Program Files\olnote.fae 1997-05-29 17:17 74,752 -c–a-r C:\Program Files\sidekick.sam 1997-05-29 17:17 64,512 -c–a-r C:\Program Files\act.sam 1997-05-29 17:17 54,272 -c–a-r C:\Program Files\ecco.sam 2005-05-04 17:34 56 --sha-r C:\WINDOWS\system32\9D918E7724.sys 2005-05-04 17:34 10,856 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE~\Browser Helper Objects{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}] 2007-10-04 21:06 1135968 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll [HKEY_LOCAL_MACHINE~\Browser Helper Objects{2ba521ac-b9b9-4433-ba45-dba2f02cba5a}] 2007-12-07 13:19 1502232 --a------ C:\Program Files\speed-bit\tbspe0.dll [HKEY_LOCAL_MACHINE~\Browser Helper Objects{cd36797a-70f3-4acd-8825-623d3b896881}] 2007-11-13 13:36 1502232 --a------ C:\Program Files\securedie\tbsec0.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} {2318C2B1-4965-11D4-9B18-009027A5CD4F} {CD36797A-70F3-4ACD-8825-623D3B896881} {2BA521AC-B9B9-4433-BA45-DBA2F02CBA5A} {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} [HKEY_CLASSES_ROOT\clsid{cd36797a-70f3-4acd-8825-623d3b896881}] [HKEY_CLASSES_ROOT\clsid{2ba521ac-b9b9-4433-ba45-dba2f02cba5a}] [HKEY_CLASSES_ROOT\clsid{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1] [HKEY_CLASSES_ROOT\TypeLib{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] “{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}”= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 21:06 1135968] [HKEY_CLASSES_ROOT\clsid{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1] [HKEY_CLASSES_ROOT\TypeLib{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-05-10 15:36] “SpybotSD TeaTimer”=“C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe” [2007-08-31 15:46] “eMuleAutoStart”=“C:\Program Files\eMule\emule.exe” [2007-05-13 15:57] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “NvCplDaemon”=“RUNDLL32.exe” [2004-08-03 23:44 C:\WINDOWS\system32\rundll32.exe] “NvMediaCenter”=“RUNDLL32.exe” [2004-08-03 23:44 C:\WINDOWS\system32\rundll32.exe] “HPDJ Taskbar Utility”=“C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe” [2002-04-29 20:49] “Camera Detector”=“C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.exe” [2003-06-17 14:43] “Realtime Monitor”=“C:\PROGRA~1\CA\ETRUST~1\realmon.exe” [2003-02-13 09:25] “TkBellExe”=“C:\Program Files\Common Files\Real\Update_OB\realsched.exe” [2004-11-09 22:45] “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe” [2007-07-12 03:00] “DownloadAccelerator”=“C:\Program Files\DAP\DAP.exe” [2007-11-22 11:34] “SpeedBitVideoAccelerator”=“C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe” [2007-11-20 10:44] “SecurDisc”=“C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe” [2007-02-12 11:23] “!AVG Anti-Spyware”=“C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” [2007-06-11 10:25] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk] backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Mariusz^Menu Start^Programy^Autostart^Picture Motion Browser Media Check Tool.lnk] backup=C:\WINDOWS\pss\Picture Motion Browser Media Check Tool.lnkStartup C:\Program Files\Gadu-Gadu\gg.exe /tray [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer] Mixer.exe /startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dzieńdobry!] C:\Program Files\VSD Software\Dzieńdobry!\dziendobry.exe /auto [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD] 2007-02-12 11:19 1050112 --a------ C:\Program Files\Nero\Nero 7\InCD\InCD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2006-01-12 14:40 155648 --a------ C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] nwiz.exe /install [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\part chin math idol] C:\Documents and Settings\All Users\Dane aplikacji\That size part chin\second comp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector] 2007-10-23 22:18 443968 --a------ C:\Program Files\Picasa2\PicasaMediaDetector.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\qttask.exe -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] C:\Program Files\Skype\Phone\Skype.exe /nosplash /minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe /startoptions [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2007-06-14 21:36 68856 --a------ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Registry Repair Pro] R0 AFPAnsi;G-DATA Ukrywacz Ansi;C:\WINDOWS\system32\Drivers\AFPAnsi.sys [2002-10-09 13:53] R0 FO_PAnt;FotoOffice VirtualDisc Driver;C:\WINDOWS\system32\Drivers\FO_PAnt.sys [2003-07-17 12:56] R2 LogWatch;Event Log Watch;“C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe” [2002-09-19 20:29] R2 sbbotdi;sbbotdi;C:\PROGRA~1\SPEEDB~1\sbbotdi.sys [2007-11-20 10:44] R2 VideoAcceleratorService;VideoAcceleratorService;C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm [] S3 CA_LIC_CLNT;CA License Client;“C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe” [2002-09-19 20:27] S3 CA_LIC_SRVR;CA License Server;“C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe” [2002-09-19 20:41] S3 SDTHOOK;SDTHOOK;C:\WINDOWS\system32\DRIVERS\SDTHOOK.sys [2007-06-05 10:56] S3 StMp3Rec;Player Recovery Device Control Driver;C:\WINDOWS\system32\Drivers\StMp3Rec.sys [2005-08-16 10:23] . ************************************************************************** catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-29 18:08:43 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-12-29 18:10:47 C:\ComboFix2.txt … 2007-12-29 17:51 C:\ComboFix3.txt … 2007-12-29 17:18 . 2007-12-21 06:07:29 — E O F —

Gutek · 29 Grudzień 2007 18:16

Powinno być Ok, możesz zobaczyć - Optymalizacja XP: viewtopic.php?t=76580

system · 29 Grudzień 2007 18:57

Przeczytaj co inni sądzą o programie TVAnts.

Gutek · 29 Grudzień 2007 20:11

Ja to widziałem już Barnaba, tylko, że jak zauważyłeś to się działo 9 m-c temu już jest lepiej, część została poprawiona.