Zwolnił mi komp dołanczam logi prosze o pomoc

“Silent Runners.vbs”, revision R50, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by “{++}”

jestem nowy forum niewiem zgóry dziekóje

w jeden dzien komp się zmienił jak by niemój był.

Startup items buried in registry:


HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

“MsnMsgr” = ““C:\Program Files\MSN Messenger\MsnMsgr.Exe” /background” [file not found]

“Gadu-Gadu” = ““C:\Program Files\Gadu-Gadu\gg.exe” /tray” [“Gadu-Gadu S.A.”]

“CTFMON.EXE” = “C:\WINDOWS\system32\ctfmon.exe” [MS]

“ares” = ““C:\Program Files\Ares\Ares.exe” -h” [“Ares Development Group”]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

“SunJavaUpdateSched” = ““C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe”” [“Sun Microsystems, Inc.”]

“osCheck” = ““C:\Program Files\Norton Internet Security\osCheck.exe”” [“Symantec Corporation”]

“NeroFilterCheck” = “C:\WINDOWS\system32\NeroCheck.exe” [“Ahead Software Gmbh”]

“lxccmon.exe” = ““C:\Program Files\Lexmark 3300 Series\lxccmon.exe”” [“Lexmark International, Inc.”]

“IgfxTray” = “C:\WINDOWS\system32\igfxtray.exe” [“Intel Corporation”]

“HotKeysCmds” = “C:\WINDOWS\system32\hkcmd.exe” [“Intel Corporation”]

“FaxCenterServer” = ““C:\Program Files\Lexmark Fax Solutions\fm3032.exe” /s” [null data]

“dvd43” = “C:\Program Files\dvd43\dvd43_tray.exe” [“Captain Red”]

“ccApp” = ““C:\Program Files\Common Files\Symantec Shared\ccApp.exe”” [“Symantec Corporation”]

“LXCCCATS” = “rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16” [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{1E8A6170-7264-4D0F-BEAE-D42A53123C75}(Default) = (no title provided)

-> {HKLM…CLSID} = (no title provided)

\InProcServer32(Default) = “C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll” [“Symantec Corporation”]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided)

-> {HKLM…CLSID} = “SSVHelper Class”

\InProcServer32(Default) = “C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll” [“Sun Microsystems, Inc.”]

{9030D464-4C02-4ABF-8ECC-5164760863C6}(Default) = (no title provided)

-> {HKLM…CLSID} = “Windows Live Sign-in Helper”

\InProcServer32(Default) = “C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll” [MS]

{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}(Default) = (no title provided)

-> {HKLM…CLSID} = “Windows Live Toolbar Helper”

\InProcServer32(Default) = “C:\Program Files\Windows Live Toolbar\msntb.dll” [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

“{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu”

-> {HKLM…CLSID} = “HyperTerminal Icon Ext”

\InProcServer32(Default) = “C:\WINDOWS\system32\hticons.dll” [“Hilgraeve, Inc.”]

“{8e9d6600-f84a-11ce-8daa-00aa004a5691}” = “Shell extensions for NetWare”

-> {HKLM…CLSID} = “NetWare Objects”

\InProcServer32(Default) = “nwprovau.dll” [MS]

“{e3f2bac0-099f-11cf-8daa-00aa004a5691}” = “Shell extensions for NetWare”

-> {HKLM…CLSID} = “NetWare UNC Folder Menu”

\InProcServer32(Default) = “nwprovau.dll” [MS]

“{52c68510-09a0-11cf-8daa-00aa004a5691}” = “Shell extensions for NetWare”

-> {HKLM…CLSID} = “NetWare Hood Verbs”

\InProcServer32(Default) = “nwprovau.dll” [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\

“WPDShServiceObj” = “{AAA288BA-9A4C-45B0-95D7-94D524869DB5}”

-> {HKLM…CLSID} = “WPDShServiceObj Class”

\InProcServer32(Default) = “C:\WINDOWS\system32\WPDShServiceObj.dll” [MS]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\

<> igfxcui\DLLName = “igfxsrvc.dll” [“Intel Corporation”]

HKLM\Software\Classes*\shellex\ContextMenuHandlers\

Symantec.Norton.Antivirus.IEContextMenu(Default) = “{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}”

-> {HKLM…CLSID} = “IEContextMenu Class”

\InProcServer32(Default) = “C:\PROGRA~1\NORTON~1\NORTON~1\NavShExt.dll” [“Symantec Corporation”]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

NetWareUNCMenu(Default) = “{e3f2bac0-099f-11cf-8daa-00aa004a5691}”

-> {HKLM…CLSID} = “NetWare UNC Folder Menu”

\InProcServer32(Default) = “nwprovau.dll” [MS]

Symantec.Norton.Antivirus.IEContextMenu(Default) = “{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}”

-> {HKLM…CLSID} = “IEContextMenu Class”

\InProcServer32(Default) = “C:\PROGRA~1\NORTON~1\NORTON~1\NavShExt.dll” [“Symantec Corporation”]

Group Policies {GPedit.msc branch and setting}:


Note: detected settings may not have any effect.

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

“shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Shutdown: Allow system to be shut down without having to log on}

“undockwithoutlogon” = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Devices: Allow undock without having to log on}

Active Desktop and Wallpaper:


Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

“Wallpaper” = “C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp”

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCU\Control Panel\Desktop\

“Wallpaper” = “C:\Documents and Settings\piotr\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp”

Enabled Screen Saver:


HKCU\Control Panel\Desktop\

“SCRNSAVE.EXE” = “C:\WINDOWS\system32\logon.scr” [MS]

Enabled Scheduled Tasks:


“User_Feed_Synchronization-{03F06B3A-2E9D-45AB-AF4C-F66DF4FFDEFE}” -> launches: “C:\WINDOWS\system32\msfeedssync.exe sync” [MS]

Winsock2 Service Provider DLLs:


Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS]

000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS]

000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS]

000000000004\LibraryPath = “%SystemRoot%\System32\nwprovau.dll” [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 20

%SystemRoot%\system32\rsvpsp.dll [MS], 21 - 22

Toolbars, Explorer Bars, Extensions:


Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

“{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}”

-> {HKLM…CLSID} = “Windows Live Toolbar”

\InProcServer32(Default) = “C:\Program Files\Windows Live Toolbar\msntb.dll” [MS]

“{F2CF5485-4E02-4F68-819C-B92DE9277049}”

-> {HKLM…CLSID} = “&Links”

\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\

“{90222687-F593-4738-B738-FBEE9C7B26DF}” = “NCO Toolbar”

-> {HKLM…CLSID} = “Show Norton Toolbar”

\InProcServer32(Default) = “C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll” [“Symantec Corporation”]

“{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}” = (no title provided)

-> {HKLM…CLSID} = “Windows Live Toolbar”

\InProcServer32(Default) = “C:\Program Files\Windows Live Toolbar\msntb.dll” [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\

“MenuText” = “Sun Java Console”

“CLSIDExtension” = “{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}”

-> {HKCU…CLSID} = “Java Plug-in 1.6.0_01”

\InProcServer32(Default) = “C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll” [“Sun Microsystems, Inc.”]

-> {HKLM…CLSID} = “Java Plug-in 1.6.0_01”

\InProcServer32(Default) = “C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll” [“Sun Microsystems, Inc.”]

{E2E2DD38-D088-4134-82B7-F2BA38496583}\

“MenuText” = “@xpsp3res.dll,-20001”

“Exec” = “%windir%\Network Diagnostic\xpnetdiag.exe” [MS]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\

“ButtonText” = “Messenger”

“MenuText” = “Windows Messenger”

“Exec” = “C:\Program Files\Messenger\msmsgs.exe” [MS]

All Non-Disabled Services (Display Name, Service Name, Path {Service DLL}):


.NET Runtime Optimization Service v2.0.50727_X86, clr_optimization_v2.0.50727_32, “C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe” [MS]

Ares Chatroom server, AresChatServer, “C:\Program Files\Ares\chatServer.exe” [“Ares Development Group”]

COM Host, comHost, ““C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe”” [“Symantec Corporation”]

Harmonogram automatycznej usługi LiveUpdate, Harmonogram automatycznej usługi LiveUpdate, ““C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe”” [“Symantec Corporation”]

Karta wydajności WMI, WmiApSrv, “C:\WINDOWS\system32\wbem\wmiapsrv.exe” [MS]

LiveUpdate, LiveUpdate, ““C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE”” [“Symantec Corporation”]

lxcc_device, lxcc_device, “C:\WINDOWS\system32\lxcccoms.exe -service” [“Lexmark International, Inc.”]

SmartLinkService, SLService, “slserv.exe” [" "]

Symantec AppCore Service, SymAppCore, ““C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe”” [“Symantec Corporation”]

Symantec Core LC, Symantec Core LC, ““C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe”” [“Symantec Corporation”]

Symantec Event Manager, ccEvtMgr, ““C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe” /h ccCommon” [“Symantec Corporation”]

Symantec IS Password Validation, ISPwdSvc, ““C:\Program Files\Norton Internet Security\isPwdSvc.exe”” [“Symantec Corporation”]

Symantec Lic NetConnect service, CLTNetCnService, ““C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe” /h cltCommon” [“Symantec Corporation”]

Symantec Network Proxy, ccProxy, ““C:\Program Files\Common Files\Symantec Shared\ccProxy.exe”” [“Symantec Corporation”]

Symantec Settings Manager, ccSetMgr, ““C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe” /h ccCommon” [“Symantec Corporation”]

Usługa administracyjna Menedżera dysków logicznych, dmadmin, “C:\WINDOWS\System32\dmadmin.exe /com” [“Microsoft Corp., Veritas Software”]

Usługa dostarczania sieci, xmlprov, “C:\WINDOWS\System32\svchost.exe -k netsvcs” {“C:\WINDOWS\System32\xmlprov.dll” [MS]}

Usługa klienta dla systemu NetWare, NWCWorkstation, “C:\WINDOWS\system32\svchost.exe -k netsvcs” {“C:\WINDOWS\System32\nwwks.dll” [MS]}

Usługa numeru seryjnego multimediów przenośnych, WmdmPmSN, “C:\WINDOWS\System32\svchost.exe -k netsvcs” {“C:\WINDOWS\system32\MsPMSNSv.dll” [MS]}

Usługa udostępniania w sieci programu Windows Media Player, WMPNetworkSvc, ““C:\Program Files\Windows Media Player\WMPNetwk.exe”” [MS]

Windows CardSpace, idsvc, ““C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe”” [MS]

Windows Driver Foundation - User-mode Driver Framework, WudfSvc, “C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup” {“C:\WINDOWS\System32\WUDFSvc.dll” [MS]}

Windows Presentation Foundation Font Cache 3.0.0.0, FontCache3.0.0.0, “c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe” [MS]

„Usługa stanu ASP.NET, aspnet_state, “C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe” [MS]

Print Monitors:


HKLM\System\CurrentControlSet\Control\Print\Monitors\

3300 Series Port\Driver = “lxcclmpm.DLL” [“Lexmark International, Inc.”]


<>: Suspicious data at a malware launch point.

  • This report excludes default entries except where indicated.

  • To see *everywhere* the script checks and *everything* it finds,

launch it from a command prompt or a shortcut with the -all parameter.

  • To search all directories of local fixed drives for DESKTOP.INI

DLL launch points, use the -supp parameter or answer “No” at the

first message box and “Yes” at the second message box.

---------- (total run time: 37 seconds, including 5 seconds for message boxes)

:shock:

Uwaga: Jak wklejasz loga to obejmuj go znacznikiem (tagiem) CODE lub QUOTE - popraw

Daj log z Combofix

“piotr” - 2007-05-30 0:25:05 Dodatek Service Pack 2

ComboFix 07-05.27.V - Running from: “C:\Documents and Settings\piotr\Moje dokumenty”

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

“C:\DOCUME~1\piotr\Pulpit\internet.lnk”

((((((((((((((((((((((((((((((( Files Created from 2007-04-28 to 2007-05-30 ))))))))))))))))))))))))))))))))))

2007-05-29 23:11

2007-05-29 04:32

2007-05-29 04:31 1,048,576 --ah----- C:\DOCUME~1\gemba\NTUSER.DAT

2007-05-29 04:31

2007-05-29 04:31

2007-05-29 04:31

2007-05-29 04:31

2007-05-29 04:31

2007-05-29 04:31

2007-05-29 04:31

2007-05-29 04:27

2007-05-29 04:26 786,432 --ah----- C:\DOCUME~1\GO37F2~1.XXX\NTUSER.DAT

2007-05-29 04:26

2007-05-29 04:26

2007-05-29 04:26

2007-05-29 04:26

2007-05-29 04:26

2007-05-29 04:26

2007-05-29 04:26

2007-05-29 03:38

2007-05-29 03:38

2007-05-29 03:38

2007-05-29 03:31

2007-05-29 03:30

2007-05-29 03:30

2007-05-29 03:30

2007-05-29 03:30

2007-05-29 03:30

2007-05-29 01:41

2007-05-26 19:26 456 --a------ C:\WINDOWS\system32\pthsp.dat

2007-05-26 18:58

2007-05-26 18:57 786,432 --ah----- C:\DOCUME~1\Elunia\NTUSER.DAT

2007-05-26 18:57

2007-05-26 18:57

2007-05-26 18:57

2007-05-26 18:57

2007-05-26 18:57

2007-05-26 18:55

2007-05-26 18:54 786,432 --ah----- C:\DOCUME~1\GOEBFF~1\NTUSER.DAT

2007-05-26 18:54

2007-05-26 18:54

2007-05-26 18:54

2007-05-26 18:54

2007-05-26 10:40 270,848 --a------ C:\WINDOWS\system32\mscoree.dll

2007-05-20 13:09 233,472 --a------ C:\DOCUME~1\LOCALS~1\ntuser.dat

2007-05-20 13:09 2,977,792 --a------ C:\Documents and Settings\piotr\ntuser.dat

2007-05-20 13:09 2,977,792 --a------ C:\DOCUME~1\piotr\ntuser.dat

2007-05-13 09:47

2007-05-10 23:38

2007-04-23 20:51

2007-04-23 20:50 14,048 --------- C:\WINDOWS\system32\spmsg2.dll

2007-04-23 20:49

2007-04-23 15:29

2007-04-23 15:29

2007-04-23 15:25

2007-04-23 15:25

2007-04-23 15:22

2007-04-22 23:23

2007-04-22 23:21 48,776 --a------ C:\WINDOWS\system32\S32EVNT1.DLL

2007-04-22 23:21 115,000 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS

2007-04-22 23:20

2007-04-19 19:03

2007-04-17 23:44

2007-04-17 23:37 221,184 --a------ C:\WINDOWS\system32\wmpns.dll

2007-04-17 23:37 1,310,720 --ah----- C:\DOCUME~1\lemur\ntuser.dat

2007-04-17 23:03 22,112 -ra------ C:\WINDOWS\system32\drivers\COH_Mon.sys

2007-04-06 04:53

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-05-29 02:11:00 -------- d-----w C:\Program Files\Elaborate Bytes

2007-05-29 01:44:34 -------- d-----w C:\Program Files\Lx_cats

2007-05-26 08:40:42 65,056 ----a-w C:\WINDOWS\system32\perfc015.dat

2007-05-26 08:40:42 383,476 ----a-w C:\WINDOWS\system32\perfh015.dat

2007-05-26 08:01:56 -------- d-----w C:\Program Files\Windows Media Connect 2

2007-05-18 21:18:39 -------- d-----w C:\DOCUME~1\piotr\DANEAP~1\Help

2007-04-22 21:29:12 -------- d-----w C:\Program Files\Symantec

2007-04-18 16:14:32 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll

2007-04-18 16:14:32 2,854,400 ----a-w C:\WINDOWS\system32\msi(2)(2).dll

2007-04-17 21:48:25 -------- d-----w C:\Program Files\Google

2007-04-17 18:47:59 -------- d–h--w C:\Program Files\WindowsUpdate

2007-03-23 04:07:56 1,683,280 ------w C:\WINDOWS\system32\XpsSvcs.dll

2007-03-23 04:07:54 583,504 ------w C:\WINDOWS\system32\XPSSHHDR.dll

2007-03-22 18:25:02 124,928 ------w C:\WINDOWS\system32\prntvpt.dll

2007-03-17 13:45:36 293,376 ----a-w C:\WINDOWS\system32\winsrv.dll

2007-03-08 15:38:47 579,072 ----a-w C:\WINDOWS\system32\user32.dll

2007-03-08 15:38:47 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll

2007-03-08 15:38:47 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll

2007-03-08 15:37:33 1,843,840 ----a-w C:\WINDOWS\system32\win32k.sys

2007-03-05 11:34:28 676,224 ----a-w C:\WINDOWS\system32\OGACheckControl.DLL

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

{1E8A6170-7264-4D0F-BEAE-D42A53123C75}=C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll [2007-01-12 01:04]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]

{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 20:33]

{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}=C:\Program Files\Windows Live Toolbar\msntb.dll [2007-02-12 15:56]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe” [2007-03-14 03:43]

“osCheck”=“C:\Program Files\Norton Internet Security\osCheck.exe” [2007-01-14 01:11]

“lxccmon.exe”=“C:\Program Files\Lexmark 3300 Series\lxccmon.exe” [2005-02-21 13:23]

“FaxCenterServer”=“C:\Program Files\Lexmark Fax Solutions\fm3032.exe” [2005-01-20 04:19]

“dvd43”=“C:\Program Files\dvd43\dvd43_tray.exe” [2005-04-27 19:23]

“ccApp”=“C:\Program Files\Common Files\Symantec Shared\ccApp.exe” [2007-03-14 20:10]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“MsnMsgr”=“C:\Program Files\MSN Messenger\MsnMsgr.exe” []

“Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-01-30 16:58]

“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 14:00]

“ares”=“C:\Program Files\Ares\Ares.exe” [2007-02-02 18:14]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages msv1_0 nwprovau

*Newly Created Service* -COMHOST

*Newly Created Service* -PROCEXP90

Contents of the ‘Scheduled Tasks’ folder

2007-05-29 22:28:46 C:\WINDOWS\tasks\Norton Internet Security - pit - piotr.job

2007-05-29 02:02:14 C:\WINDOWS\tasks\User_Feed_Synchronization-{03F06B3A-2E9D-45AB-AF4C-F66DF4FFDEFE}.job

********************************************************************

catchme 0.3.681 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-05-30 00:28:49

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully

hidden files: 0

********************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\H a r m o n o g r a m a u t o m a t y c z n e j u s Bu g i L i v e U p d a t e]

“ImagePath”="“C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe”"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\helpsvc]

“ServiceDll”="%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\HidServ]

“ServiceDll”="%SystemRoot%\System32\hidserv.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\hidusb]

“ImagePath”=“system32\DRIVERS\hidusb.sys”

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\hpn]

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\HTTP]

“ImagePath”=“System32\Drivers\HTTP.sys”

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\HTTPFilter]

“ServiceDll”="%SystemRoot%\System32\w3ssl.dll"

Completion time: 2007-05-30 0:29:50

C:\ComboFix-quarantined-files.txt … 2007-05-30 00:29

— E O F —

Optymalizacja XP: http://forum.dobreprogramy.pl/viewtopic.php?t=76580