bardzo proszę o sprawdzenie logów.

**Posty:** 262 · przez **kubucza** 14 Lut 2008, 11:06

Niestety konto o wartości 300zł już straciłem. Teraz zależy mi na tym by znaleźć przyczyne :roll:

. Najpierw proszę o sprawdzenie logów na tym kompie jeśli będzie ok, to dam z drugiego.
Hijack

Kod: Zaznacz wszystko: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 09:46:27, on 2008-02-14 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Eset\nod32kui.exe C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\DAEMON Tools Pro\DTProAgent.exe C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Opera\Opera.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.17\AsRunHelp.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 4009 bytes

Silent Runners

Kod: Zaznacz wszystko: "Silent Runners.vbs", revision 55, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = ""C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"" ["Nero AG"] "DAEMON Tools Pro Agent" = ""C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"" ["DT Soft Ltd."] "ares" = ""C:\Program Files\Ares\Ares.exe" -h" [file not found] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."] "SkyTel" = "SkyTel.EXE" ["Realtek Semiconductor Corp."] "nod32kui" = ""C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE" ["Eset "] "GhostStartTrayApp" = "C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe" ["Symantec Corporation"] "NeroFilterCheck" = "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" ["Nero AG"] "NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS] "nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"] "NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS] "AsusStartupHelp" = "C:\Program Files\ASUS\AASP\1.00.17\AsRunHelp.exe" [null data] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "AcroIEHlprObj Class" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania" -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] "{ABC70703-32AF-11d4-90C4-D483A70F4825}" = "CMenuExtender" -> {HKLM...CLSID} = "CMenuExtender" \InProcServer32\(Default) = "C:\WINDOWS\BricoPacks\Vista Inspirat\iColorFolder\CMExt.dll" ["Revenger inc."] "{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler" -> {HKLM...CLSID} = "Microsoft Office Outlook" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS] "{B089FE88-FB52-11D3-BDF1-0050DA34150D}" = "NOD32 Context Menu Shell Extension" -> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data] "{57C51AF9-DEF7-11D3-A801-00C04F163490}" = "Ghost Shell Extension" -> {HKLM...CLSID} = "PropPage Class" \InProcServer32\(Default) = "C:\Program Files\Symantec\Norton Ghost 2003\GhoShExt.dll" ["Symantec Corporation"] "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class" -> {HKLM...CLSID} = "DesktopContext Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper" -> {HKLM...CLSID} = "NVIDIA CPL Extension" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer" -> {HKLM...CLSID} = "Desktop Explorer" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu" -> {HKLM...CLSID} = "nView Desktop Context Menu" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\ <<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS] HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ DaemonShellExtImage\(Default) = "{40966797-8FFE-46C8-9EF8-7003F33CCF0F}" -> {HKLM...CLSID} = "DaemonShellExtImage Class" \InProcServer32\(Default) = "C:\Program Files\DAEMON Tools Pro\imgshl32.dll" ["DT Soft Ltd."] NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}" -> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ CMenuExtender\(Default) = "{ABC70703-32AF-11d4-90C4-D483A70F4825}" -> {HKLM...CLSID} = "CMenuExtender" \InProcServer32\(Default) = "C:\WINDOWS\BricoPacks\Vista Inspirat\iColorFolder\CMExt.dll" ["Revenger inc."] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\ NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}" -> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] Default executables: -------------------- <<!>> HKLM\SOFTWARE\Classes\.hta\(Default) = "pnphtafile" <<!>> HKLM\SOFTWARE\Classes\pnphtafile\shell\open\command\(Default) = ""C:\Program Files\A Tech Group\Professional Notepad\notepad.exe" "%1"" ["A Tech Group"] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ "shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "C:\WINDOWS\web\wallpaper\Idylla.bmp" Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\WINDOWS\BricoPack Wallpaper.bmp" Startup items in "Kubucza" & "All Users" startup folders: --------------------------------------------------------- C:\Documents and Settings\Kubucza\Menu Start\Programy\Autostart "Stardock ObjectDock" -> shortcut to: "C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe" ["Stardock"] "Y'z ToolBar" -> shortcut to: "C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe" ["Y'z@Home"] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: C:\WINDOWS\system32\imon.dll ["Eset "], 01 - 05, 19 %SystemRoot%\system32\mswsock.dll [MS], 06 - 08, 11 - 18 %SystemRoot%\system32\rsvpsp.dll [MS], 09 - 10 Toolbars, Explorer Bars, Extensions: ------------------------------------ Explorer Bars HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Badanie" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\ {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ "ButtonText" = "Badanie" Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ GhostStartService, GhostStartService, "C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe" ["Symantec Corporation"] NOD32 Kernel Service, NOD32krn, ""C:\Program Files\Eset\nod32krn.exe"" ["Eset "] NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"] Print Monitors: --------------- HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\ Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS] ---------- (launch time: 2008-02-14 09:45:02) <<!>>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 31 seconds. ---------- (total run time: 53 seconds)

SDfix

Kod: Zaznacz wszystko: SDFix: Version 1.133 Run by Kubucza on 2008-02-14 at 09:59 Microsoft Windows XP [Wersja 5.1.2600] Running From: C:\sdfix\SDFix Safe Mode: Checking Services: Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting... Normal Mode: Checking Files: No Trojan Files Found Removing Temp Files... ADS Check: Final Check: catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-14 10:01:40 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch] "Epoch"=dword:000005b6 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] "s1"=dword:2df9c43f "s2"=dword:110480d0 "h0"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC] "h0"=dword:00000000 "hdf12"=hex:2b,b9,79,39,62,03,2b,72,4a,92,3c,7c,3e,85,f9,d0,19,23,d3,9e,27,.. "p0"="C:\Program Files\DAEMON Tools Pro\" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001] "a0"=hex:20,01,00,00,d7,67,eb,63,36,3f,8c,fa,6b,66,22,8e,89,d2,73,b1,89,.. "hdf12"=hex:0d,7f,da,0e,ef,c7,28,e1,19,69,8c,9a,78,d4,27,a1,ed,11,37,7e,94,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0] "hdf12"=hex:de,65,c9,ce,07,51,96,80,5e,c7,79,9f,d2,61,8f,af,87,dd,1a,2c,05,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1] "hdf12"=hex:de,65,c9,ce,07,51,96,80,5e,c7,79,9f,d2,61,8f,af,87,dd,1a,2c,05,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002] "a0"=hex:20,01,00,00,0c,32,72,7b,3d,b4,cf,6a,2c,99,7b,24,11,5a,4a,43,01,.. "hdf12"=hex:45,2c,db,52,bf,a7,68,2f,84,29,74,09,3f,19,5b,65,4e,bb,15,af,20,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0] "hdf12"=hex:ad,cc,03,20,ef,af,1d,e6,57,01,ba,af,e6,fc,a3,39,e6,c0,59,a0,40,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC] "h0"=dword:00000000 "hdf12"=hex:2b,b9,79,39,62,03,2b,72,4a,92,3c,7c,3e,85,f9,d0,19,23,d3,9e,27,.. "p0"="C:\Program Files\DAEMON Tools Pro\" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001] "a0"=hex:20,01,00,00,d7,67,eb,63,36,3f,8c,fa,6b,66,22,8e,89,d2,73,b1,89,.. "hdf12"=hex:0d,7f,da,0e,ef,c7,28,e1,19,69,8c,9a,78,d4,27,a1,ed,11,37,7e,94,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0] "hdf12"=hex:de,65,c9,ce,07,51,96,80,5e,c7,79,9f,d2,61,8f,af,87,dd,1a,2c,05,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1] "hdf12"=hex:de,65,c9,ce,07,51,96,80,5e,c7,79,9f,d2,61,8f,af,87,dd,1a,2c,05,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002] "a0"=hex:20,01,00,00,0c,32,72,7b,3d,b4,cf,6a,2c,99,7b,24,11,5a,4a,43,01,.. "hdf12"=hex:45,2c,db,52,bf,a7,68,2f,84,29,74,09,3f,19,5b,65,4e,bb,15,af,20,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0] "hdf12"=hex:ad,cc,03,20,ef,af,1d,e6,57,01,ba,af,e6,fc,a3,39,e6,c0,59,a0,40,.. scanning hidden registry entries ... [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A\1\5\1c] "Order"=hex:08,00,00,00,02,00,00,00,b8,01,00,00,01,00,00,00,04,00,00,00,8c,.. scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\\Program Files\\Gadu-Gadu\\gg.exe"="C:\\Program Files\\Gadu-Gadu\\gg.exe:*:Enabled:Gadu-Gadu - program główny" "C:\\Program Files\\Counter-Strike 1.6\\hl.exe"="C:\\Program Files\\Counter-Strike 1.6\\hl.exe:*:Enabled:Half-Life Launcher" "C:\\Program Files\\Counter-Strike 1.6\\hlds.exe"="C:\\Program Files\\Counter-Strike 1.6\\hlds.exe:*:Enabled:HLDS Launcher" "C:\\Program Files\\Xfire\\xfire.exe"="C:\\Program Files\\Xfire\\xfire.exe:*:Enabled:Xfire" "C:\\Documents and Settings\\Kubucza\\Pulpit\\ventrilo_srv-2.1.2-Windows-i386\\ventrilo_srv.exe"="C:\\Documents and Settings\\Kubucza\\Pulpit\\ventrilo_srv-2.1.2-Windows-i386\\ventrilo_srv.exe:*:Enabled:ventrilo_srv" "C:\\Program Files\\WebServ\\mysql\\bin\\WebServ(mysqld-max-nt).exe"="C:\\Program Files\\WebServ\\mysql\\bin\\WebServ(mysqld-max-nt).exe:*:Enabled:WebServ(mysqld-max-nt)" "C:\\Program Files\\WebServ\\apache2\\bin\\WebServ(apache).exe"="C:\\Program Files\\WebServ\\apache2\\bin\\WebServ(apache).exe:*:Enabled:Apache HTTP Server" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] Remaining Files: --------------- Files with Hidden Attributes: Tue 18 Mar 2003 1,060,864 A.SH. --- "C:\Program Files\Infogrames Interactive\RollerCoaster Tycoon 2\MegaTrainer XL\mfc71.dll" Tue 18 Mar 2003 1,047,552 A.SH. --- "C:\Program Files\Infogrames Interactive\RollerCoaster Tycoon 2\MegaTrainer XL\mfc71u.dll" Fri 21 Feb 2003 348,160 A.SH. --- "C:\Program Files\Infogrames Interactive\RollerCoaster Tycoon 2\MegaTrainer XL\msvcr71.dll" Wed 26 Dec 2007 859 ...HR --- "C:\Documents and Settings\Kubucza\Dane aplikacji\SecuROM\UserData\securom_v7_01.bak" Wed 14 Aug 2002 65,088 A..H. --- "C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\3COM 3c556 Packet\3C556.COM" Wed 14 Aug 2002 12,732 A..H. --- "C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\3COM 3c509 Packet\3C5X9PD.COM" Wed 14 Aug 2002 26,424 A..H. --- "C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\3COM 3c59x Packet\3C59XPD.COM" Wed 14 Aug 2002 28,062 A..H. --- "C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\ACCTON EN1207F Packet\EN5251PD.COM" Wed 14 Aug 2002 10,710 A..H. --- "C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\ACCTON EN1207C Packet\PCIPD.COM" Wed 14 Aug 2002 10,083 A..H. --- "C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\ACCTON EN1207D Packet\ACCPKT.COM" Wed 14 Aug 2002 10,257 A..H. --- "C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\ACCTON EN1207TX Packet\PCIPD.COM" Wed 14 Aug 2002 29,499 A..H. --- "C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\ACCTON EN1203 Packet\PCIPD.COM" Wed 14 Aug 2002 12,660 A..H. --- "C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\ACCTON EN1204 Packet\VLNWPD.COM" Wed 14 Aug 2002 11,031 A..H. --- "C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\ACCTON EN1207 Packet\PCIPD.COM" Wed 14 Aug 2002 17,952 A..H. --- "C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\ACCTON EN1200 Packet\EC32PD.COM" Wed 14 Aug 2002 9,424 A..H. --- "C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\ACCTON EN1208 Packet\1208PD.COM" Wed 14 Aug 2002 7,825 A..H. --- "C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\ACCTON EN1650 Packet\NWPD.COM" Wed 14 Aug 2002 13,673 A..H. --- "C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\ACCTON EN1640 Packet\NWPD.COM" Wed 14 Aug 2002 14,438 A..H. --- "C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\ACCTON EN1658 Packet\NWPD.COM" Wed 14 Aug 2002 7,825 A..H. --- "C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\ACCTON EN166X Packet\NWPD.COM" Wed 14 Aug 2002 7,825 A..H. --- "C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\ACCTON EN1651 Packet\NWPD.COM" Wed 14 Aug 2002 7,825 A..H. --- "C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\ACCTON EN1652 Packet\NWPD.COM" Wed 14 Aug 2002 7,243 A..H. --- "C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\ACCTON EN1653 Packet\NE2PD.COM" Wed 14 Aug 2002 24,767 A..H. --- "C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\ACCTON EN2216 Packet\PCMPD.COM" Wed 14 Aug 2002 7,463 A..H. --- "C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\ACCTON EN1625 Packet\NEPD.COM" Wed 14 Aug 2002 7,825 A..H. --- "C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\ACCTON EN1656 Packet\NWPD.COM" Wed 14 Aug 2002 10,286 A..H. --- "C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\ACCTON EN2228 Packet\PCMPD.COM" Wed 14 Aug 2002 25,460 A..H. --- "C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\ACCTON EN2218 Packet\PCMPD.COM" Wed 14 Aug 2002 28,866 A..H. --- "C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\ACCTON EN2320 Packet\EN5251PD.COM" Wed 14 Aug 2002 14,438 A..H. --- "C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\ACCTON EN1657 Packet\NWPD.COM" Wed 14 Aug 2002 8,544 A..H. --- "C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\CATC USB Ethernet\Elndis.sys" Wed 14 Aug 2002 33,149 A..H. --- "C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\CATC USB Ethernet\Usbd.sys" Wed 14 Aug 2002 47,826 A..H. --- "C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\common\ASPI1394.SYS" Wed 14 Aug 2002 35,340 A..H. --- "C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\common\ASPI2DOS.SYS" Wed 14 Aug 2002 14,378 A..H. --- "C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\common\ASPI4DOS.SYS" Wed 14 Aug 2002 37,984 A..H. --- "C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\common\ASPI8DOS.SYS" Wed 14 Aug 2002 44,828 A..H. --- "C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\common\ASPI8U2.SYS" Wed 14 Aug 2002 29,628 A..H. --- "C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\common\ASPICD.SYS" Wed 14 Aug 2002 49,750 A..H. --- "C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\common\ASPIEHCI.SYS" Wed 14 Aug 2002 49,242 A..H. --- "C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\common\ASPIOHCI.SYS" Wed 14 Aug 2002 50,606 A..H. --- "C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\common\ASPIUHCI.SYS" Wed 14 Aug 2002 161,792 A..H. --- "C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\common\BOOTSRV.SYS" Wed 14 Aug 2002 174,080 A..H. --- "C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\common\bootsrv16.sys" Wed 14 Aug 2002 21,971 A..H. --- "C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\common\BTCDROM.SYS" Wed 14 Aug 2002 30,955 A..H. --- "C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\common\BTDOSM.SYS" Wed 14 Aug 2002 202,517 A..H. --- "C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\common\CMDS.EXE" Wed 14 Aug 2002 374,038 A..H. --- "C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\common\CMDS16.EXE" Wed 14 Aug 2002 22,158 A..H. --- "C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\common\COUNTRY.SYS" Wed 14 Aug 2002 1,608 A..H. --- "C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\common\DEVICE.COM" Wed 14 Aug 2002 15,345 A..H. --- "C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\common\DISPLAY.SYS" Wed 14 Aug 2002 7,840 A..H. --- "C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\common\DLSHELP.SYS" Wed 14 Aug 2002 56,821 A..H. --- "C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\common\E.EXE" Wed 14 Aug 2002 64,425 A..H. --- "C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\common\FLASHPT.SYS" Wed 14 Aug 2002 32,396 A..H. --- "C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\common\GUEST.EXE" Wed 14 Aug 2002 14,160 A..H. --- "C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\common\HIMEM.SYS" Wed 14 Aug 2002 10,898 A..H. --- "C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\common\KEYB.COM" Wed 14 Aug 2002 53,556 A..H. --- "C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\common\KEYBOARD.SYS" Wed 14 Aug 2002 15,777 A..H. --- "C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\common\MODE.COM" Wed 14 Aug 2002 37,681 A..H. --- "C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\common\MOUSE.COM" Wed 14 Aug 2002 354,304 A..H. --- "C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\common\msbootsrv16.sys" Wed 14 Aug 2002 21,180 A..H. --- "C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\common\MSCDEX.EXE" Wed 14 Aug 2002 354,263 A..H. --- "C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\common\Net.exe" Wed 14 Aug 2002 8,513 A..H. --- "C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\common\NETBIND.COM" Wed 14 Aug 2002 41,302 A..H. --- "C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\common\OAKCDROM.SYS" Wed 14 Aug 2002 129,240 A..H. --- "C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\common\OHCI.EXE" Wed 14 Aug 2002 28,439 A..H. --- "C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\common\Paralink.com" Wed 14 Aug 2002 13,770 A..H. --- "C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\common\PROTMAN.EXE" Wed 14 Aug 2002 130,980 A..H. --- "C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\common\UHCI.EXE" Wed 14 Aug 2002 11,854 A..H. --- "C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\DEC EtherWorks ISA (DE305) Packet\DE305.COM" Wed 14 Aug 2002 52,715 A..H. --- "C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\DEC EtherWORKS DE450 Packet\DE450.COM" Wed 14 Aug 2002 62,391 A..H. --- "C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\DEC EtherWORKS DE500 Packet\DE500.COM" Wed 14 Aug 2002 11,491 A..H. --- "C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\DLink DMF560-TX Packet\Lmpd.com" Wed 14 Aug 2002 17,791 A..H. --- "C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\DLink DT620 Packet\Dt620pd.com" Wed 14 Aug 2002 17,043 A..H. --- "C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\DLink DE400 Packet\De400pd.com" Wed 14 Aug 2002 11,786 A..H. --- "C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\IBM Crystal LAN Packet\Epktisa.com" Wed 14 Aug 2002 18,300 A..H. --- "C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\Kingston EtheRx KNE110TX Packet\Ktc110p.com" Wed 14 Aug 2002 48,224 A..H. --- "C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\Laneed LD 10-100AL Packet\L100al.com" Wed 14 Aug 2002 13,360 A..H. --- "C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\Laneed LD-CDF Packet\Ldcdt.com" Wed 14 Aug 2002 9,190 A..H. --- "C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\Laneed LD-PCI2TL Packet\Ldpcil.com" Wed 14 Aug 2002 12,567 A..H. --- "C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\Melco LPC2-T\Lpchkat2.com" Wed 14 Aug 2002 44,640 A..H. --- "C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\Planex FW-100TX Fast Ethernet Packet\FETPKT.COM" Wed 14 Aug 2002 56,896 A..H. --- "C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\Planex FW-100TX Fast Ethernet Packet\Rtspkt.com" Wed 14 Aug 2002 44,640 A..H. --- "C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\Planex FNW9x00T - ENW8300T Packet\fetpkt.com" Wed 14 Aug 2002 9,692 A..H. --- "C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\PXE Packet Driver\Undipd.com" Wed 14 Aug 2002 9,537 A..H. --- "C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\SN 2000p Packet\PNPPD.COM" Wed 14 Aug 2002 32,484 A..H. --- "C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\WaveLAN Packet\Wvlan42.com" Wed 14 Aug 2002 52,225 A..H. --- "C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\Xircom Ethernet 10-100 + Modem\Cbendis.exe" Wed 14 Aug 2002 48,491 A..H. --- "C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\Xircom RE10BT\Ce3ndis.exe" Wed 14 Aug 2002 50,405 A..H. --- "C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\Xircom RE10 - RE100 Packet\Ce3pd.com" Wed 14 Aug 2002 33,860 A..H. --- "C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\Xircom PE3-10Bx\Pe3ndis.exe" Wed 14 Aug 2002 50,175 A..H. --- "C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\Xircom Re-100Btx + Ce3B-100Btx\Ce3ndis.exe" Wed 14 Aug 2002 50,795 A..H. --- "C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\Xircom CBE10-100BTX\Cbendis.exe" Wed 14 Aug 2002 48,223 A..H. --- "C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\Xircom CBE10-100BTX Packet\Cbepd.com" Wed 14 Aug 2002 48,641 A..H. --- "C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\Xircom Ethernet II PS\Xpsndis.exe" Wed 14 Aug 2002 49,015 A..H. --- "C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\Xircom Ethernet II PS Packet\Xpspd.com" Wed 14 Aug 2002 53,786 A..H. --- "C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\common\pcdos\command.com" Wed 14 Aug 2002 44,240 A..H. --- "C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\common\pcdos\IBMBIO.COM" Wed 14 Aug 2002 42,550 A..H. --- "C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\common\pcdos\IBMDOS.COM" Finished!

ComboFix

Kod: Zaznacz wszystko: ComboFix 08-02-14.1 - Kubucza 2008-02-14 10:04:18.2 - NTFSx86 Running from: C:\Documents and Settings\Kubucza\Pulpit\ComboFix.exe [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . ((((((((((((((((((((((((( Files Created from 2008-01-14 to 2008-02-14 ))))))))))))))))))))))))))))))) . 2008-02-09 22:20 . 2008-02-09 22:42 <DIR> d-------- C:\Documents and Settings\Kubucza\Dane aplikacji\Ventrilo 2008-02-09 22:18 . 2008-02-09 22:18 <DIR> d-------- C:\Program Files\Ventrilo 2008-02-09 22:18 . 2008-02-09 22:18 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-02-09 20:50 . 2008-02-09 20:50 0 --a------ C:\WINDOWS\PowerReg.dat 2008-02-09 20:49 . 2008-02-09 20:49 <DIR> d-------- C:\Program Files\Infogrames Interactive 2008-02-09 18:03 . 2008-02-09 18:03 <DIR> d-------- C:\Program Files\Real Alternative 2008-02-08 17:17 . 2008-02-08 17:17 <DIR> d-------- C:\Documents and Settings\LocalService\Dane aplikacji\Xfire 2008-02-08 16:49 . 2008-02-08 16:49 <DIR> d-------- C:\Documents and Settings\NetworkService\Dane aplikacji\Xfire 2008-02-08 16:43 . 2008-02-08 16:49 <DIR> d-------- C:\Program Files\Xfire 2008-02-08 16:43 . 2008-02-11 16:30 <DIR> d-------- C:\Documents and Settings\Kubucza\Dane aplikacji\Xfire 2008-02-05 16:32 . 2008-02-05 16:32 <DIR> d-------- C:\Program Files\Gadu-Gadu 2008-01-31 14:21 . 2008-01-31 14:21 <DIR> d-------- C:\Program Files\ASUS 2008-01-31 14:21 . 2006-01-10 09:50 24,576 -ra------ C:\WINDOWS\system32\AsIO.dll 2008-01-31 14:21 . 2006-10-18 20:12 12,664 -ra------ C:\WINDOWS\system32\drivers\AsIO.sys 2008-01-31 14:21 . 2006-10-19 03:11 12,096 --a------ C:\WINDOWS\system32\drivers\AsInsHelp64.sys 2008-01-31 14:21 . 2006-10-19 03:11 10,304 --a------ C:\WINDOWS\system32\drivers\AsInsHelp32.sys 2008-01-31 14:14 . 2008-01-31 14:14 <DIR> d-------- C:\Documents and Settings\Kubucza\WINDOWS 2008-01-31 14:14 . 1996-11-05 16:13 299,008 --a------ C:\WINDOWS\uninst.exe 2008-01-31 14:14 . 2004-06-24 11:00 6,656 --a------ C:\WINDOWS\system32\drivers\AsProbe.sys 2008-01-31 14:14 . 1997-04-22 10:16 6,272 --a------ C:\WINDOWS\system32\drivers\ASLM75.SYS 2008-01-31 03:03 . 2008-01-31 03:03 54,608 --a------ C:\WINDOWS\system32\xfcodec.dll 2008-01-29 20:09 . 2008-01-29 20:09 <DIR> d-------- C:\WINDOWS\ERUNT 2008-01-29 20:08 . 2008-01-29 20:23 <DIR> d--h----- C:\Documents and Settings\Administrator\Ustawienia lokalne 2008-01-29 20:08 . 2007-07-26 19:35 <DIR> d-------- C:\Documents and Settings\Administrator\Ulubione 2008-01-29 20:08 . 2007-07-26 18:38 <DIR> d--h----- C:\Documents and Settings\Administrator\Szablony 2008-01-29 20:08 . 2008-01-29 20:13 <DIR> d-------- C:\Documents and Settings\Administrator\Pulpit 2008-01-29 20:08 . 2007-07-26 19:35 <DIR> d-------- C:\Documents and Settings\Administrator\Moje dokumenty 2008-01-29 20:08 . 2007-07-26 19:35 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Start 2008-01-29 20:08 . 2008-01-29 20:11 <DIR> dr-h----- C:\Documents and Settings\Administrator\Dane aplikacji 2008-01-29 20:06 . 2008-01-29 20:06 <DIR> d-------- C:\sdfix 2008-01-29 17:46 . 2008-01-29 17:46 <DIR> d-------- C:\Program Files\Trend Micro 2008-01-29 09:43 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe 2008-01-26 13:01 . 2008-02-11 19:53 <DIR> d-------- C:\Program Files\No-IP 2008-01-24 14:06 . 2008-01-24 14:06 754 --a------ C:\WINDOWS\WORDPAD.INI 2008-01-24 13:02 . 2008-01-24 13:02 <DIR> d-------- C:\Program Files\A Tech Group 2008-01-23 21:31 . 2008-01-23 21:31 <DIR> d-------- C:\Program Files\GIMP-2.0 2008-01-23 21:31 . 2008-01-23 21:31 <DIR> d-------- C:\Documents and Settings\Kubucza\.thumbnails 2008-01-23 21:31 . 2008-01-23 21:44 <DIR> d-------- C:\Documents and Settings\Kubucza\.gimp-2.2 2008-01-23 21:30 . 2008-01-23 21:30 <DIR> d-------- C:\Program Files\Common Files\GTK 2008-01-23 20:55 . 2008-01-23 21:20 132 --a------ C:\WINDOWS\HandySnap.INI 2008-01-23 20:52 . 2008-01-23 20:52 <DIR> d-------- C:\Program Files\WisePixel Multimedia 2008-01-18 22:23 . 2004-08-04 00:38 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys 2008-01-18 22:23 . 2004-08-04 00:38 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys 2008-01-18 18:20 . 2008-01-18 18:20 <DIR> d-------- C:\Program Files\Logitech 2008-01-18 18:20 . 2008-01-18 18:20 <DIR> d-------- C:\Program Files\Common Files\Logitech 2008-01-18 18:20 . 2004-05-13 23:40 167,936 --a------ C:\WINDOWS\system32\WmJoyFrc.dll 2008-01-18 18:20 . 2004-05-13 23:54 44,384 --a------ C:\WINDOWS\system32\drivers\WmXlCore.sys 2008-01-18 18:20 . 2004-05-13 23:54 21,440 --a------ C:\WINDOWS\system32\drivers\WmFilter.sys 2008-01-18 18:20 . 2004-05-13 23:54 14,720 --a------ C:\WINDOWS\system32\drivers\WmHidLo.sys 2008-01-18 18:20 . 2004-05-13 23:54 10,144 --a------ C:\WINDOWS\system32\drivers\WmBEnum.sys 2008-01-18 18:20 . 2004-05-13 23:54 5,600 --a------ C:\WINDOWS\system32\drivers\WmVirHid.sys 2008-01-16 12:53 . 2008-01-16 12:56 <DIR> d-------- C:\Program Files\Tibia4 2008-01-14 16:11 . 2008-01-14 18:05 <DIR> d-------- C:\Program Files\eMule 2008-01-14 15:11 . 2008-01-14 17:12 <DIR> d-------- C:\Program Files\BitComet 2008-01-14 14:44 . 2008-01-14 14:49 <DIR> d-------- C:\Program Files\UltraStar . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-13 17:54 --------- d-----w C:\Documents and Settings\Kubucza\Dane aplikacji\Tibia 2008-02-09 19:49 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-02-08 13:14 --------- d-----w C:\Program Files\ESET 2008-02-07 13:46 --------- d-----w C:\Program Files\Counter-Strike 1.6 2008-02-03 11:30 --------- d-----w C:\Program Files\Tibia 2008-02-03 11:29 --------- d-----w C:\Program Files\Opera 2008-01-31 13:21 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-01-26 13:59 2,238,016 ----a-w C:\WINDOWS\inf\isprnt.exe 2008-01-26 09:36 --------- d-----w C:\Program Files\Tibia2 2008-01-19 19:16 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Test Drive Unlimited 2008-01-18 21:39 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP 2008-01-05 11:24 --------- d-----w C:\Documents and Settings\Kubucza\Dane aplikacji\Gadu-Gadu 2008-01-05 10:19 --------- d-----w C:\Program Files\Diablo II 2008-01-05 10:13 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll 2008-01-04 15:26 21,840 ----a-w C:\WINDOWS\system32\SIntfNT.dll 2008-01-04 15:26 17,212 ----a-w C:\WINDOWS\system32\SIntf32.dll 2008-01-04 15:26 12,067 ----a-w C:\WINDOWS\system32\SIntf16.dll 2008-01-04 15:14 106,496 ----a-w C:\WINDOWS\DIIUnin.exe 2007-12-29 20:42 --------- d-----w C:\Documents and Settings\Kubucza\Dane aplikacji\Media Player Classic 2007-12-28 15:06 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\NFS Underground 2007-12-27 11:13 12,400 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-12-27 11:11 --------- d-----w C:\Program Files\EA GAMES 2007-12-26 12:47 --------- d-----w C:\Program Files\Common Files\DirectX 2007-12-26 10:18 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2007-12-26 10:18 --------- d--h--r C:\Documents and Settings\Kubucza\Dane aplikacji\SecuROM 2007-12-26 09:52 --------- d-----w C:\Program Files\Atari 2007-12-24 12:15 --------- d-----w C:\Documents and Settings\Kubucza\Dane aplikacji\sqlitestudio 2007-12-24 12:01 --------- d-----w C:\Program Files\Asprate 2007-12-24 11:48 --------- d-----w C:\Program Files\WebServ 2007-12-24 11:43 --------- d-----w C:\Program Files\Wiedźmin 2007-12-24 11:03 --------- d-----w C:\Program Files\DAEMON Tools Pro 2007-12-24 11:02 278,984 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys 2007-12-24 11:02 25,416 ----a-w C:\WINDOWS\system32\drivers\lirsgt.sys 2007-12-19 20:01 --------- d-----w C:\Program Files\CapCom 2007-12-19 17:02 --------- d-----w C:\Documents and Settings\Kubucza\Dane aplikacji\DAEMON Tools Pro 2007-12-19 17:02 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Pro 2007-12-19 16:52 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2007-12-19 13:15 --------- d-----w C:\Program Files\microsoft frontpage 2007-11-21 18:23 81,920 ----a-w C:\WINDOWS\system32\frapsvid.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:44 15360] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-09-13 10:12 139264] "DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 14:08 136136] "ares"="C:\Program Files\Ares\Ares.exe" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2006-11-14 10:21 16270848 C:\WINDOWS\RTHDCPL.exe] "SkyTel"="SkyTel.EXE" [2006-05-16 11:04 2879488 C:\WINDOWS\SkyTel.exe] "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-07-26 19:49 921600] "GhostStartTrayApp"="C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe" [2002-08-14 14:21 94208] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-29 00:43 8466432] "nwiz"="nwiz.exe" [2007-06-29 00:43 1626112 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-29 00:43 81920] "AsusStartupHelp"="C:\Program Files\ASUS\AASP\1.00.17\AsRunHelp.exe" [2006-11-14 07:25 363008] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-03 23:44 15360] . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-14 10:04:43 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180] -> C:\Program Files\Eset\pr_imon.dll PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.2180] -> C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\DockShellHook.dll . Completion time: 2008-02-14 10:04:59 ComboFix-quarantined-files.txt 2008-02-14 09:04:51 ComboFix2.txt 2008-01-29 19:23:04

Jeszcze jedno pytanko czy ComboFix wydaje dźwięki przez pc speaker?

**Posty:** 3854 · przez **Dzi@dek** 14 Lut 2008, 14:27

Czysto.

kubucza napisał(a):czy ComboFix wydaje dźwięki

Tak, beka i puszcza bąki <rotfl>

Żartowałem, wydaje bodajże jeden.

**Posty:** 262 · przez **kubucza** 14 Lut 2008, 19:36

Jeszcze drugi komp, na którym działy się dziwne rzeczy(zawiechy, samorzutne włączanie IE). Zrobiłem format, ale dam jeszcze profilkatycznie logi. Byłbym wdzięczny za sprawdzenie

Kod: Zaznacz wszystko: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:15:35, on 2008-02-14 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Eset\nod32kui.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone - szybkie uruchamianie.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O17 - HKLM\System\CCS\Services\Tcpip\..\{9F21F299-A50F-450F-9D66-21DCC65A3809}: NameServer = 192.168.2.1 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe -- End of file - 4683 bytes

Kod: Zaznacz wszystko: "Silent Runners.vbs", revision 55, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = ""C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"" ["Nero AG"] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS] "nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"] "NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit" [MS] "nod32kui" = ""C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE" ["Eset "] "RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."] "Alcmtr" = "ALCMTR.EXE" ["Realtek Semiconductor Corp."] "NeroFilterCheck" = "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" ["Nero AG"] "GrooveMonitor" = ""C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"" [MS] "HP Software Update" = ""C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"" ["Hewlett-Packard Company"] "HP Component Manager" = ""C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"" ["Hewlett-Packard Company"] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "AcroIEHlprObj Class" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {72853161-30C5-4D22-B7F9-0BBC1D38A37E}\(Default) = (no title provided) -> {HKLM...CLSID} = "Groove GFS Browser Helper" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania" -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."] "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class" -> {HKLM...CLSID} = "DesktopContext Class" \InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"] "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper" -> {HKLM...CLSID} = "NVIDIA CPL Extension" \InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"] "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer" -> {HKLM...CLSID} = "Desktop Explorer" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu" -> {HKLM...CLSID} = "nView Desktop Context Menu" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] "{B089FE88-FB52-11D3-BDF1-0050DA34150D}" = "NOD32 Context Menu Shell Extension" -> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data] "{ABC70703-32AF-11d4-90C4-D483A70F4825}" = "CMenuExtender" -> {HKLM...CLSID} = "CMenuExtender" \InProcServer32\(Default) = "C:\WINDOWS\BricoPacks\Vista Inspirat\iColorFolder\CMExt.dll" ["Revenger inc."] "{72853161-30C5-4D22-B7F9-0BBC1D38A37E}" = "Groove GFS Browser Helper" -> {HKLM...CLSID} = "Groove GFS Browser Helper" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] "{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}" = "Groove GFS Explorer Bar" -> {HKLM...CLSID} = "Groove Folder Synchronization" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] "{A449600E-1DC6-4232-B948-9BD794D62056}" = "Groove GFS Stub Icon Handler" -> {HKLM...CLSID} = "Groove GFS Stub Icon Handler" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" = "Groove GFS Stub Execution Hook" -> {HKLM...CLSID} = "Groove GFS Stub Execution Hook" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] "{6C467336-8281-4E60-8204-430CED96822D}" = "Groove GFS Context Menu Handler" -> {HKLM...CLSID} = "Groove GFS Context Menu Handler" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] "{387E725D-DC16-4D76-B310-2C93ED4752A0}" = "Groove XML Icon Handler" -> {HKLM...CLSID} = "Groove XML Icon Handler" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] "{16F3DD56-1AF5-4347-846D-7C10C4192619}" = "Groove Explorer Icon Overlay 3 (GFS Folder)" -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 3 (GFS Folder)" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] "{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}" = "Groove Explorer Icon Overlay 2 (GFS Stub)" -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2 (GFS Stub)" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] "{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}" = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] "{99FD978C-D287-4F50-827F-B2C658EDA8E7}" = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] "{920E6DB1-9907-4370-B3A0-BAFC03D81399}" = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Outlook File Icon Extension" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL" [MS] "{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler" -> {HKLM...CLSID} = "Microsoft Office Outlook" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL" [MS] "{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C}" = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" -> {HKLM...CLSID} = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL" [MS] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\msohevi.dll" [MS] "{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler" -> {HKLM...CLSID} = "Microsoft Office Metadata Handler" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS] "{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler" -> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ <<!>> "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" = "Groove GFS Stub Execution Hook" -> {HKLM...CLSID} = "Groove GFS Stub Execution Hook" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\ <<!>> text/xml\CLSID = "{807563E5-5146-11D5-A672-00B0D022E945}" -> {HKLM...CLSID} = "Microsoft Office InfoPath XML Mime Filter" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL" [MS] HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}" -> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}" -> {HKLM...CLSID} = "Groove GFS Context Menu Handler" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ CMenuExtender\(Default) = "{ABC70703-32AF-11d4-90C4-D483A70F4825}" -> {HKLM...CLSID} = "CMenuExtender" \InProcServer32\(Default) = "C:\WINDOWS\BricoPacks\Vista Inspirat\iColorFolder\CMExt.dll" ["Revenger inc."] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}" -> {HKLM...CLSID} = "Groove GFS Context Menu Handler" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\ NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}" -> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}" -> {HKLM...CLSID} = "Groove GFS Context Menu Handler" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\ XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}" -> {HKLM...CLSID} = "Groove GFS Context Menu Handler" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ "shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "C:\WINDOWS\web\wallpaper\Idylla.bmp" Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\WINDOWS\BricoPack Wallpaper.bmp" Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ "SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS] Startup items in "Admin" & "All Users" startup folders: ------------------------------------------------------- C:\Documents and Settings\Admin\Menu Start\Programy\Autostart "Stardock ObjectDock" -> shortcut to: "C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe" ["Stardock"] "Y'z ToolBar" -> shortcut to: "C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe" ["Y'z@Home"] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart "HP Digital Imaging Monitor" -> shortcut to: "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" ["Hewlett-Packard Co."] "HP Image Zone - szybkie uruchamianie" -> shortcut to: "C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe -s" [null data] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: C:\WINDOWS\system32\imon.dll ["Eset "], 01 - 05, 11 %SystemRoot%\system32\mswsock.dll [MS], 06 - 08, 12 - 17 %SystemRoot%\system32\rsvpsp.dll [MS], 09 - 10 Toolbars, Explorer Bars, Extensions: ------------------------------------ Explorer Bars HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ HKLM\SOFTWARE\Classes\CLSID\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}\(Default) = "Groove Folder Synchronization" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Poszukaj" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL" [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\ {2670000A-7350-4F3C-8081-5663EE0C6C49}\ "ButtonText" = "Wyślij do programu OneNote" "MenuText" = "Wyślij &do programu OneNote" "CLSIDExtension" = "{48E73304-E1D6-4330-914C-F5F514E3486C}" -> {HKLM...CLSID} = "Send to OneNote from Internet Explorer button" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll" [MS] {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ "ButtonText" = "Research" Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ NOD32 Kernel Service, NOD32krn, ""C:\Program Files\Eset\nod32krn.exe"" ["Eset "] NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"] Print Monitors: --------------- HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\ hpzsnt10\Driver = "hpzsnt10.dll" ["HP"] Send To Microsoft OneNote Monitor\Driver = "msonpmon.dll" [MS] ---------- (launch time: 2008-02-14 18:19:54) <<!>>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 13 seconds. ---------- (total run time: 35 seconds)

**Posty:** 18165 · przez **wojtas** 14 Lut 2008, 19:49

skasuj tylko ten wpis:

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

**Posty:** 262 · przez **kubucza** 16 Lut 2008, 22:57

Mam jeszcze jedno pytanko. Czy ten proces jest normalny:

Kod: Zaznacz wszystko: O4 - HKLM\..\Run: [Interner Exploler] C:\Windows\System32\IE.exe

Troszke się zdziwiłem jak pod koniec dnia było takich 17. Dam reszte loga. Niestety już po resecie.

Kod: Zaznacz wszystko: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:56:25, on 2008-02-16 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Eset\nod32kui.exe C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Windows\System32\IE.exe C:\Program Files\Unlocker\UnlockerAssistant.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\DAEMON Tools Pro\DTProAgent.exe C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\Opera\Opera.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.17\AsRunHelp.exe O4 - HKLM\..\Run: [Interner Exploler] C:\Windows\System32\IE.exe O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 4239 bytes

**Posty:** 3854 · przez **Dzi@dek** 17 Lut 2008, 00:00

O4 - HKLM\..\Run: [Interner Exploler] C:\Windows\System32\IE.exe

Usuń wpis w hijackthis.

Otwórz notatnik i wklej:

File::
C:\Windows\System32\IE.exe

Plik

Zapisz jako... :arrow:

CFScript - najlepiej jeśli zapiszesz w
takiej lokalizacji, by ikona CFScript.txt znalazła się obok ikony ComboFix.exe
Przeciągnij i upuść plik CFScript.txt na plik :arrow:

ComboFix.exe

Potwierdz

zresetuje sie komputer.

Jeśli pojawi się pytanie "1 or 2" - to wpisz 1 i naciśnij ENTER. Rozpocznie się proces usuwania.

Daj nowe logi z Combofix oraz Hijackthis.

**Posty:** 262 · przez **kubucza** 17 Lut 2008, 09:59

Kod: Zaznacz wszystko: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 08:58:05, on 2008-02-17 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Eset\nod32kui.exe C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Unlocker\UnlockerAssistant.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\DAEMON Tools Pro\DTProAgent.exe C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.17\AsRunHelp.exe O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 4078 bytes

Kod: Zaznacz wszystko: ComboFix 08-02-14.1 - Kubucza 2008-02-17 9:00:02.4 - NTFSx86 Running from: C:\Documents and Settings\Kubucza\Pulpit\ComboFix.exe [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . ((((((((((((((((((((((((( Files Created from 2008-01-17 to 2008-02-17 ))))))))))))))))))))))))))))))) . 2008-02-16 21:44 . 2008-02-16 21:45 <DIR> d-------- C:\Program Files\Unlocker 2008-02-14 10:19 . 2008-02-14 10:28 <DIR> d-------- C:\Program Files\Tibia5 2008-02-09 22:20 . 2008-02-09 22:42 <DIR> d-------- C:\Documents and Settings\Kubucza\Dane aplikacji\Ventrilo 2008-02-09 22:18 . 2008-02-09 22:18 <DIR> d-------- C:\Program Files\Ventrilo 2008-02-09 22:18 . 2008-02-09 22:18 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-02-09 20:50 . 2008-02-09 20:50 0 --a------ C:\WINDOWS\PowerReg.dat 2008-02-09 20:49 . 2008-02-09 20:49 <DIR> d-------- C:\Program Files\Infogrames Interactive 2008-02-09 18:03 . 2008-02-09 18:03 <DIR> d-------- C:\Program Files\Real Alternative 2008-02-08 17:17 . 2008-02-08 17:17 <DIR> d-------- C:\Documents and Settings\LocalService\Dane aplikacji\Xfire 2008-02-08 16:49 . 2008-02-08 16:49 <DIR> d-------- C:\Documents and Settings\NetworkService\Dane aplikacji\Xfire 2008-02-08 16:43 . 2008-02-08 16:49 <DIR> d-------- C:\Program Files\Xfire 2008-02-08 16:43 . 2008-02-11 16:30 <DIR> d-------- C:\Documents and Settings\Kubucza\Dane aplikacji\Xfire 2008-02-05 16:32 . 2008-02-05 16:32 <DIR> d-------- C:\Program Files\Gadu-Gadu 2008-01-31 14:21 . 2008-01-31 14:21 <DIR> d-------- C:\Program Files\ASUS 2008-01-31 14:21 . 2006-01-10 09:50 24,576 -ra------ C:\WINDOWS\system32\AsIO.dll 2008-01-31 14:21 . 2006-10-18 20:12 12,664 -ra------ C:\WINDOWS\system32\drivers\AsIO.sys 2008-01-31 14:21 . 2006-10-19 03:11 12,096 --a------ C:\WINDOWS\system32\drivers\AsInsHelp64.sys 2008-01-31 14:21 . 2006-10-19 03:11 10,304 --a------ C:\WINDOWS\system32\drivers\AsInsHelp32.sys 2008-01-31 14:14 . 2008-01-31 14:14 <DIR> d-------- C:\Documents and Settings\Kubucza\WINDOWS 2008-01-31 14:14 . 1996-11-05 16:13 299,008 --a------ C:\WINDOWS\uninst.exe 2008-01-31 14:14 . 2004-06-24 11:00 6,656 --a------ C:\WINDOWS\system32\drivers\AsProbe.sys 2008-01-31 14:14 . 1997-04-22 10:16 6,272 --a------ C:\WINDOWS\system32\drivers\ASLM75.SYS 2008-01-31 03:03 . 2008-01-31 03:03 54,608 --a------ C:\WINDOWS\system32\xfcodec.dll 2008-01-29 20:09 . 2008-01-29 20:09 <DIR> d-------- C:\WINDOWS\ERUNT 2008-01-29 20:08 . 2008-02-17 08:55 <DIR> d--h----- C:\Documents and Settings\Administrator\Ustawienia lokalne 2008-01-29 20:08 . 2007-07-26 19:35 <DIR> d-------- C:\Documents and Settings\Administrator\Ulubione 2008-01-29 20:08 . 2007-07-26 18:38 <DIR> d--h----- C:\Documents and Settings\Administrator\Szablony 2008-01-29 20:08 . 2008-01-29 20:13 <DIR> d-------- C:\Documents and Settings\Administrator\Pulpit 2008-01-29 20:08 . 2007-07-26 19:35 <DIR> d-------- C:\Documents and Settings\Administrator\Moje dokumenty 2008-01-29 20:08 . 2007-07-26 19:35 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Start 2008-01-29 20:08 . 2008-01-29 20:11 <DIR> dr-h----- C:\Documents and Settings\Administrator\Dane aplikacji 2008-01-29 20:06 . 2008-01-29 20:06 <DIR> d-------- C:\sdfix 2008-01-29 17:46 . 2008-01-29 17:46 <DIR> d-------- C:\Program Files\Trend Micro 2008-01-29 09:43 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe 2008-01-26 13:01 . 2008-02-11 19:53 <DIR> d-------- C:\Program Files\No-IP 2008-01-24 14:06 . 2008-02-15 17:52 754 --a------ C:\WINDOWS\WORDPAD.INI 2008-01-24 13:02 . 2008-01-24 13:02 <DIR> d-------- C:\Program Files\A Tech Group 2008-01-23 21:31 . 2008-01-23 21:31 <DIR> d-------- C:\Program Files\GIMP-2.0 2008-01-23 21:31 . 2008-01-23 21:31 <DIR> d-------- C:\Documents and Settings\Kubucza\.thumbnails 2008-01-23 21:31 . 2008-02-16 16:46 <DIR> d-------- C:\Documents and Settings\Kubucza\.gimp-2.2 2008-01-23 21:30 . 2008-01-23 21:30 <DIR> d-------- C:\Program Files\Common Files\GTK 2008-01-23 20:55 . 2008-02-16 16:44 132 --a------ C:\WINDOWS\HandySnap.INI 2008-01-23 20:52 . 2008-01-23 20:52 <DIR> d-------- C:\Program Files\WisePixel Multimedia 2008-01-18 22:23 . 2004-08-04 00:38 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys 2008-01-18 22:23 . 2004-08-04 00:38 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys 2008-01-18 18:20 . 2008-01-18 18:20 <DIR> d-------- C:\Program Files\Logitech 2008-01-18 18:20 . 2008-01-18 18:20 <DIR> d-------- C:\Program Files\Common Files\Logitech 2008-01-18 18:20 . 2004-05-13 23:40 167,936 --a------ C:\WINDOWS\system32\WmJoyFrc.dll 2008-01-18 18:20 . 2004-05-13 23:54 44,384 --a------ C:\WINDOWS\system32\drivers\WmXlCore.sys 2008-01-18 18:20 . 2004-05-13 23:54 21,440 --a------ C:\WINDOWS\system32\drivers\WmFilter.sys 2008-01-18 18:20 . 2004-05-13 23:54 14,720 --a------ C:\WINDOWS\system32\drivers\WmHidLo.sys 2008-01-18 18:20 . 2004-05-13 23:54 10,144 --a------ C:\WINDOWS\system32\drivers\WmBEnum.sys 2008-01-18 18:20 . 2004-05-13 23:54 5,600 --a------ C:\WINDOWS\system32\drivers\WmVirHid.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-16 19:26 --------- d-----w C:\Documents and Settings\Kubucza\Dane aplikacji\Tibia 2008-02-14 09:24 --------- d-----w C:\Program Files\Opera 2008-02-09 19:49 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-02-08 13:14 --------- d-----w C:\Program Files\ESET 2008-02-07 13:46 --------- d-----w C:\Program Files\Counter-Strike 1.6 2008-02-03 11:30 --------- d-----w C:\Program Files\Tibia 2008-01-31 13:21 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-01-26 13:59 2,238,016 ----a-w C:\WINDOWS\inf\isprnt.exe 2008-01-26 09:36 --------- d-----w C:\Program Files\Tibia2 2008-01-19 19:16 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Test Drive Unlimited 2008-01-18 21:39 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP 2008-01-16 11:56 --------- d-----w C:\Program Files\Tibia4 2008-01-14 17:05 --------- d-----w C:\Program Files\eMule 2008-01-14 16:12 --------- d-----w C:\Program Files\BitComet 2008-01-14 13:49 --------- d-----w C:\Program Files\UltraStar 2008-01-05 11:24 --------- d-----w C:\Documents and Settings\Kubucza\Dane aplikacji\Gadu-Gadu 2008-01-05 10:19 --------- d-----w C:\Program Files\Diablo II 2008-01-05 10:13 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll 2008-01-04 15:26 21,840 ----a-w C:\WINDOWS\system32\SIntfNT.dll 2008-01-04 15:26 17,212 ----a-w C:\WINDOWS\system32\SIntf32.dll 2008-01-04 15:26 12,067 ----a-w C:\WINDOWS\system32\SIntf16.dll 2008-01-04 15:14 106,496 ----a-w C:\WINDOWS\DIIUnin.exe 2007-12-29 20:42 --------- d-----w C:\Documents and Settings\Kubucza\Dane aplikacji\Media Player Classic 2007-12-28 15:06 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\NFS Underground 2007-12-27 11:13 12,400 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-12-27 11:11 --------- d-----w C:\Program Files\EA GAMES 2007-12-26 12:47 --------- d-----w C:\Program Files\Common Files\DirectX 2007-12-26 10:18 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2007-12-26 10:18 --------- d--h--r C:\Documents and Settings\Kubucza\Dane aplikacji\SecuROM 2007-12-26 09:52 --------- d-----w C:\Program Files\Atari 2007-12-24 12:15 --------- d-----w C:\Documents and Settings\Kubucza\Dane aplikacji\sqlitestudio 2007-12-24 12:01 --------- d-----w C:\Program Files\Asprate 2007-12-24 11:48 --------- d-----w C:\Program Files\WebServ 2007-12-24 11:43 --------- d-----w C:\Program Files\Wiedźmin 2007-12-24 11:03 --------- d-----w C:\Program Files\DAEMON Tools Pro 2007-12-24 11:02 278,984 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys 2007-12-24 11:02 25,416 ----a-w C:\WINDOWS\system32\drivers\lirsgt.sys 2007-12-19 20:01 --------- d-----w C:\Program Files\CapCom 2007-12-19 17:02 --------- d-----w C:\Documents and Settings\Kubucza\Dane aplikacji\DAEMON Tools Pro 2007-12-19 17:02 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Pro 2007-12-19 16:52 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2007-12-19 13:15 --------- d-----w C:\Program Files\microsoft frontpage 2007-11-21 18:23 81,920 ----a-w C:\WINDOWS\system32\frapsvid.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entras & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:44 15360] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-09-13 10:12 139264] "DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 14:08 136136] "ares"="C:\Program Files\Ares\Ares.exe" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2006-11-14 10:21 16270848 C:\WINDOWS\RTHDCPL.exe] "SkyTel"="SkyTel.EXE" [2006-05-16 11:04 2879488 C:\WINDOWS\SkyTel.exe] "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-07-26 19:49 921600] "GhostStartTrayApp"="C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe" [2002-08-14 14:21 94208] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-29 00:43 8466432] "nwiz"="nwiz.exe" [2007-06-29 00:43 1626112 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-29 00:43 81920] "AsusStartupHelp"="C:\Program Files\ASUS\AASP\1.00.17\AsRunHelp.exe" [2006-11-14 07:25 363008] "UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-09-07 18:19 15872] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-03 23:44 15360] . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-17 09:01:07 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180] -> C:\Program Files\Eset\pr_imon.dll PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.2180] -> C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\DockShellHook.dll -> C:\Program Files\Unlocker\UnlockerHook.dll . Completion time: 2008-02-17 9:01:23 ComboFix-quarantined-files.txt 2008-02-17 08:01:15 ComboFix2.txt 2008-02-17 07:55:08 ComboFix3.txt 2008-02-14 09:05:00 ComboFix4.txt 2008-01-29 19:23:04

**Posty:** 18165 · przez **wojtas** 17 Lut 2008, 11:39

przeskanuj ten plik:

C:\WINDOWS\inf\isprnt.exe

na tych stronach :

http://virusscan.jotti.org/
http://www.virustotal.com/

i daj raporty

**Posty:** 262 · przez **kubucza** 17 Lut 2008, 22:02

Kod: Zaznacz wszystko: Antywirus Wersja Ostatnia aktualizacja Wynik AhnLab-V3 2008.2.16.10 2008.02.15 Win-Trojan/Xema.variant AntiVir 7.6.0.67 2008.02.15 - Authentium 4.93.8 2008.02.17 - Avast 4.7.1098.0 2008.02.16 - AVG 7.5.0.516 2008.02.17 - BitDefender 7.2 2008.02.17 - CAT-QuickHeal None 2008.02.16 - ClamAV 0.92.1 2008.02.17 - DrWeb 4.44.0.09170 2008.02.17 - eSafe 7.0.15.0 2008.02.17 - eTrust-Vet 31.3.5541 2008.02.15 - Ewido 4.0 2008.02.17 - FileAdvisor 1 2008.02.17 - Fortinet 3.14.0.0 2008.02.17 - F-Prot 4.4.2.54 2008.02.17 - F-Secure 6.70.13260.0 2008.02.17 - Ikarus T3.1.1.20 2008.02.17 Virus.Win32.Delf.FUM Kaspersky 7.0.0.125 2008.02.17 - McAfee 5231 2008.02.15 - Microsoft 1.3204 2008.02.17 - NOD32v2 2881 2008.02.17 - Norman 5.80.02 2008.02.15 - Panda 9.0.0.4 2008.02.17 - Prevx1 V2 2008.02.17 - Rising 20.31.50.00 2008.02.16 - Sophos 4.26.0 2008.02.17 - Sunbelt 2.2.907.0 2008.02.16 - Symantec 10 2008.02.17 - TheHacker 6.2.9.222 2008.02.16 - VBA32 3.12.6.1 2008.02.17 - VirusBuster 4.3.26:9 2008.02.17 - Webwasher-Gateway 6.6.2 2008.02.15 - Dodatkowe informacje File size: 2238016 bytes MD5: 533e1f16fb7457a833ebd0e49c7541d4 SHA1: 4f70e38a5ca6ffec85e8cac5b019e7418c226e23 PEiD: Dev-C++ 4.9.9.2 -> Bloodshed Software

Kod: Zaznacz wszystko: Scan taken on 17 Feb 2008 19:55:33 (GMT) A-Squared Found nothing AntiVir Found nothing ArcaVir Found nothing Avast Found nothing AVG Antivirus Found nothing BitDefender Found nothing ClamAV Found nothing CPsecure Found nothing Dr.Web Found nothing F-Prot Antivirus Found nothing F-Secure Anti-Virus Found nothing Fortinet Found nothing Ikarus Found Virus.Win32.Delf.FUM Kaspersky Anti-Virus Found nothing NOD32 Found nothing Norman Virus Control Found nothing Panda Antivirus Found nothing Rising Antivirus Found nothing Sophos Antivirus Found nothing VirusBuster Found nothing VBA32 Found nothing

**Posty:** 18165 · przez **wojtas** 17 Lut 2008, 22:35

czyli ok

bardzo proszę o sprawdzenie logów.

Bardzo proszę o sprawdzenie logów.

Kto jest na forum