Internet explorer

**Posty:** 20 · przez **janek9972** 22 Sie 2008, 10:40

Sam włancza mi sie internet explorer co parę minut i caly czas kieruje mnie na te same strony miedzyinnymi na strone gdzie jest internet antyvirus security 2009 cos takiego i sam chce sie instalowac albo jakies porno sie wlancza.Kaspersky nic nie znalazł ani spybot.Przywracanie tez.Pomóżcie.

**Posty:** 7838 · przez **Lukesh** 22 Sie 2008, 11:33

Zastosuj sie do wskazowek z tematu: bad-generic-host-process-for-win32-services-vt79489.html
:arrow:

Zrob skan on-line http://www.ewido.com
:arrow:

Zastosuj SDFix . Po pobraniu uruchom go a rozpakuje się do C:\SDFix. Uruchom komputer w trybie awaryjnym (F8 przy stracie systemu). Będąc w awaryjnym uruchom plik RunThis.bat z folderu SDFixa. Zatwierdź czyszczenie przez Y. Poczekaj aż ukończy i komputer zresetuje

zastosuj:
SDFix

Potem wejdz do folderu C:\SDFix wrzuc zawartość pliku Report.txt

:arrow:

Pokaz log z ComboFix: http://www.programosy.pl/program,combofix.html
:arrow:

na sam koniec wstaw logi z HJ: hijackthis-amp-silent-runners-gtobsuga-i-umieszczanie-vt9452.html

**Posty:** 20 · przez **janek9972** 22 Sie 2008, 15:42

dobra ale ja nie moge w trybie awaryjnym bo mam 2 systemy i mnie siem pyta ktory system i opcje mam tylko do visty a do XP sie nie pokazuje.

Dodano 22.08.2008 15:56:54:
tym avg tez robilem skana tylko zapomnialem napisa

Dodano 22.08.2008 15:59:00:
ale nie rozumiem wchodze na ta stronke http://www.ewido.com/en/ i co mam dalej robic

Dodano 22.08.2008 16:00:42:
a i ten sfdix to mi pkazuje na dysk h XP mam na h a na c to vista jest wiec co mam zrobic

Dodano 22.08.2008 19:12:44:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:10:39, on 2008-08-22
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\system32\LEXBCES.EXE
H:\WINDOWS\system32\LEXPPS.EXE
H:\WINDOWS\system32\spoolsv.exe
H:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
H:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
H:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
H:\WINDOWS\system32\SearchIndexer.exe
H:\Program Files\Applications\wcs.exe
H:\WINDOWS\system32\rundll32.exe
H:\WINDOWS\system32\LXSUPMON.EXE
J:\xp\Microsoft Word\Office12\GrooveMonitor.exe
H:\WINDOWS\RTHDCPL.EXE
H:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
H:\Program Files\Search Settings\SearchSettings.exe
H:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
H:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
H:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
H:\WINDOWS\system32\ctfmon.exe
J:\xp\Spybot - Search & Destroy\TeaTimer.exe
H:\WINDOWS\explorer.exe
J:\xp\Mozilla\firefox.exe
H:\PROGRA~1\Crawler\CToolbar.exe
H:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66017
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66017
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66017
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - H:\PROGRA~1\Crawler\ctbr.dll
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - H:\Program Files\Search Settings\kb127\SearchSettings.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - H:\PROGRA~1\Crawler\ctbr.dll
O2 - BHO: (no name) - {2174636A-C8DB-475A-90CE-AE6192A2BB58} - (no file)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - H:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - J:\xp\SPYBOT~1\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - H:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: (no name) - {67D57809-C4D3-4998-813F-C8661A856984} - (no file)
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - H:\Program Files\Dealio\kb127\Dealio.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - J:\xp\Microsoft Word\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {853AD6F2-F9B1-4A1C-ADD1-F30180DD671D} - (no file)
O2 - BHO: (no name) - {8B3C5988-FCCA-430C-924F-2BC90F9602C3} - (no file)
O2 - BHO: (no name) - {D0DC2547-DF58-4CF2-8FA2-25DEE29426F6} - (no file)
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - H:\Program Files\Search Settings\kb127\SearchSettings.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - H:\Program Files\free-downloads.net\tbfre1.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - H:\Program Files\free-downloads.net\tbfre1.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - H:\PROGRA~1\Crawler\ctbr.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - H:\Program Files\Dealio\kb127\Dealio.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - H:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: (no name) - {FB3486FF-2A37-4536-B847-D999BA4E7776} - (no file)
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [LXSUPMON] H:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [GrooveMonitor] "J:\xp\Microsoft Word\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [au] H:\Program Files\Dealio\DealioAU.exe
O4 - HKLM\..\Run: [SearchSettings] H:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [NeroFilterCheck] H:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVP] "H:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "H:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Gadu-Gadu] "J:\xp\GG\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [BitComet] "H:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "H:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] J:\xp\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKLM\..\Policies\Explorer\Run: [this] H:\Program Files\Applications\wcs.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &D&ownload &with BitComet - res://H:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://H:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://H:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Compare Prices with &Dealio - H:\Documents and Settings\Michał- PC\Dane aplikacji\Dealio\kb127\res\DealioSearch.html
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: Dodaj do listy blokowanych banerów - H:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Download Video - http://www.viloader.net/addon.htm
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://J:\xp\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - H:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - J:\xp\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - J:\xp\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - J:\xp\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://H:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - J:\xp\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - J:\xp\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - H:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - H:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1210010149625
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0E5AD348-A33A-4025-8DBC-3B6C3EAB2738}: NameServer = 85.255.113.206 85.255.112.153
O17 - HKLM\System\CCS\Services\Tcpip\..\{D77C53C3-91F9-4332-8CC0-BA25D2FE8861}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - J:\xp\Microsoft Word\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - H:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - H:\PROGRA~1\Crawler\ctbr.dll
O20 - AppInit_DLLs: H:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,H:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,H:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O20 - Winlogon Notify: mlJCUljH - mlJCUljH.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - H:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - H:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - H:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - H:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - H:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - H:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - H:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 13142 bytes

Kod: Zaznacz wszystko

Dodano 22.08.2008 21:04:48:
to jest z sfdix

Kod: Zaznacz wszystko

SDFix: Version 1.218
Run by Micha- PC on 2008-08-22 at 20:50

Microsoft Windows XP [Wersja 5.1.2600]
Running From: H:\SDFix

Checking Services :

Restoring Default Security Values
Restoring Default Hosts File

Rebooting

Checking Files :

No Trojan Files Found

Folder H:\WINDOWS\system32\734914 - Removed

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-22 20:55:23
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="J:\xp\Alcohol 120\"
"h0"=dword:00000001
"ujdew"=hex:02,d2,47,f3,f6,45,68,0b,ab,7b,13,58,fa,74,ec,17,08,32,17,b0,61,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:2e,0c,5c,a3,4a,38,3a,fb,bb,fc,d7,62,06,b3,ca,d6,71,65,ec,60,ac,..
"p0"="J:\xp\DAEMON Tools Lite\"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,64,25,d3,e3,04,37,99,22,4c,99,19,bf,58,af,21,f5,2a,..
"khjeh"=hex:04,a1,46,76,bd,44,dc,53,8c,8d,96,84,76,d6,18,a0,c4,63,f6,95,12,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:24,23,a5,20,e4,b8,86,83,ba,8f,e5,63,ba,83,af,a5,e1,4a,81,db,41,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:ab,ab,fb,6d,49,1d,ed,da,37,96,8c,b7,b5,d4,1c,38,a3,f5,47,1b,85,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:ab,ab,fb,6d,49,1d,ed,da,37,96,8c,b7,b5,d4,1c,38,a3,f5,47,1b,85,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
"khjeh"=hex:78,2f,1b,18,7a,95,48,48,44,52,e0,63,c8,2c,66,97,13,29,e2,c1,53,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="J:\xp\Alcohol 120\"
"h0"=dword:00000001
"ujdew"=hex:02,d2,47,f3,f6,45,68,0b,ab,7b,13,58,fa,74,ec,17,08,32,17,b0,61,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:2e,0c,5c,a3,4a,38,3a,fb,bb,fc,d7,62,06,b3,ca,d6,71,65,ec,60,ac,..
"p0"="J:\xp\DAEMON Tools Lite\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,64,25,d3,e3,04,37,99,22,4c,99,19,bf,58,af,21,f5,2a,..
"khjeh"=hex:04,a1,46,76,bd,44,dc,53,8c,8d,96,84,76,d6,18,a0,c4,63,f6,95,12,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:24,23,a5,20,e4,b8,86,83,ba,8f,e5,63,ba,83,af,a5,e1,4a,81,db,41,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:ab,ab,fb,6d,49,1d,ed,da,37,96,8c,b7,b5,d4,1c,38,a3,f5,47,1b,85,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:ab,ab,fb,6d,49,1d,ed,da,37,96,8c,b7,b5,d4,1c,38,a3,f5,47,1b,85,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
"khjeh"=hex:78,2f,1b,18,7a,95,48,48,44,52,e0,63,c8,2c,66,97,13,29,e2,c1,53,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:000000a5
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710
"appinit_dlls"=""

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"I:\\vista\\GRY\\Metin2\\Metin\\metin2.bin"="I:\\vista\\GRY\\Metin2\\Metin\\metin2.bin:*:Enabled:metin2"
"J:\\xp\\Microsoft Word\\Office12\\OUTLOOK.EXE"="J:\\xp\\Microsoft Word\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"J:\\xp\\Microsoft Word\\Office12\\GROOVE.EXE"="J:\\xp\\Microsoft Word\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"J:\\xp\\Microsoft Word\\Office12\\ONENOTE.EXE"="J:\\xp\\Microsoft Word\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"J:\\xp\\Opera\\opera.exe"="J:\\xp\\Opera\\opera.exe:*:Enabled:Opera Internet Browser"
"H:\\Program Files\\BitComet\\BitComet.exe"="H:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"J:\\xp\\GRY\\Battle\\BF2.exe"="J:\\xp\\GRY\\Battle\\BF2.exe:*:Enabled:Battlefield 2"
"H:\\WINDOWS\\system32\\LEXPPS.EXE"="H:\\WINDOWS\\system32\\LEXPPS.EXE:*:Enabled:LEXPPS.EXE"
"H:\\Program Files\\Winamp Remote\\bin\\Orb.exe"="H:\\Program Files\\Winamp Remote\\bin\\Orb.exe:*:Enabled:Orb"
"H:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"="H:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe:*:Enabled:OrbTray"
"H:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"="H:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"J:\\xp\\Programs\\RM.exe"="J:\\xp\\Programs\\RM.exe:*:Enabled:Render Manager"
"J:\\xp\\Programs\\Studio.exe"="J:\\xp\\Programs\\Studio.exe:*:Enabled:Studio"
"J:\\xp\\Programs\\umi.exe"="J:\\xp\\Programs\\umi.exe:*:Enabled:umi"
"H:\\Program Files\\Skype\\Phone\\Skype.exe"="H:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files :

Files with Hidden Attributes :

Thu 14 Aug 2008 4,348 A.SH. --- "H:\RECYCLER\S-1-5-21-1614895754-1229272821-725345543-1003\Dh199.bak"
Thu 10 Jul 2008 0 A.SH. --- "H:\RECYCLER\S-1-5-21-1614895754-1229272821-725345543-1003\Dh232.tmp"
Sun 3 Feb 2008 195,072 A..H. --- "H:\Program Files\Intermedia Design\Helium 2007\UserDataRemove.exe"
Sun 3 Feb 2008 824,832 A..H. --- "H:\Documents and Settings\All Users\Dane aplikacji\Data\LicenseManager2007.dll"
Wed 16 Apr 2008 789 A.SHR --- "H:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\hosts.bak"

Finished!

Dodano 22.08.2008 21:05:46:
tamto bylo zle

Kod: Zaznacz wszystko: [b]SDFix: Version 1.218 [/b] Run by Micha- PC on 2008-08-22 at 20:50 Microsoft Windows XP [Wersja 5.1.2600] Running From: H:\SDFix [b]Checking Services [/b]: Restoring Default Security Values Restoring Default Hosts File Rebooting [b]Checking Files [/b]: No Trojan Files Found Folder H:\WINDOWS\system32\734914 - Removed Removing Temp Files [b]ADS Check [/b]: [b]Final Check [/b]: catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-22 20:55:23 Windows 5.1.2600 Dodatek Service Pack 3 NTFS scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] "s1"=dword:2df9c43f "s2"=dword:110480d0 "h0"=dword:00000002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04] "p0"="J:\xp\Alcohol 120\" "h0"=dword:00000001 "ujdew"=hex:02,d2,47,f3,f6,45,68,0b,ab,7b,13,58,fa,74,ec,17,08,32,17,b0,61,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "h0"=dword:00000000 "khjeh"=hex:2e,0c,5c,a3,4a,38,3a,fb,bb,fc,d7,62,06,b3,ca,d6,71,65,ec,60,ac,.. "p0"="J:\xp\DAEMON Tools Lite\" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,64,25,d3,e3,04,37,99,22,4c,99,19,bf,58,af,21,f5,2a,.. "khjeh"=hex:04,a1,46,76,bd,44,dc,53,8c,8d,96,84,76,d6,18,a0,c4,63,f6,95,12,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:24,23,a5,20,e4,b8,86,83,ba,8f,e5,63,ba,83,af,a5,e1,4a,81,db,41,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41] "khjeh"=hex:ab,ab,fb,6d,49,1d,ed,da,37,96,8c,b7,b5,d4,1c,38,a3,f5,47,1b,85,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42] "khjeh"=hex:ab,ab,fb,6d,49,1d,ed,da,37,96,8c,b7,b5,d4,1c,38,a3,f5,47,1b,85,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43] "khjeh"=hex:78,2f,1b,18,7a,95,48,48,44,52,e0,63,c8,2c,66,97,13,29,e2,c1,53,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04] "p0"="J:\xp\Alcohol 120\" "h0"=dword:00000001 "ujdew"=hex:02,d2,47,f3,f6,45,68,0b,ab,7b,13,58,fa,74,ec,17,08,32,17,b0,61,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "h0"=dword:00000000 "khjeh"=hex:2e,0c,5c,a3,4a,38,3a,fb,bb,fc,d7,62,06,b3,ca,d6,71,65,ec,60,ac,.. "p0"="J:\xp\DAEMON Tools Lite\" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,64,25,d3,e3,04,37,99,22,4c,99,19,bf,58,af,21,f5,2a,.. "khjeh"=hex:04,a1,46,76,bd,44,dc,53,8c,8d,96,84,76,d6,18,a0,c4,63,f6,95,12,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:24,23,a5,20,e4,b8,86,83,ba,8f,e5,63,ba,83,af,a5,e1,4a,81,db,41,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41] "khjeh"=hex:ab,ab,fb,6d,49,1d,ed,da,37,96,8c,b7,b5,d4,1c,38,a3,f5,47,1b,85,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42] "khjeh"=hex:ab,ab,fb,6d,49,1d,ed,da,37,96,8c,b7,b5,d4,1c,38,a3,f5,47,1b,85,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43] "khjeh"=hex:78,2f,1b,18,7a,95,48,48,44,52,e0,63,c8,2c,66,97,13,29,e2,c1,53,.. scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher] "TracesProcessed"=dword:000000a5 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "DeviceNotSelectedTimeout"="15" "GDIProcessHandleQuota"=dword:00002710 "Spooler"="yes" "swapdisk"="" "TransmissionRetryTimeout"="90" "USERProcessHandleQuota"=dword:00002710 "appinit_dlls"="" scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 [b]Remaining Services [/b]: Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "I:\\vista\\GRY\\Metin2\\Metin\\metin2.bin"="I:\\vista\\GRY\\Metin2\\Metin\\metin2.bin:*:Enabled:metin2" "J:\\xp\\Microsoft Word\\Office12\\OUTLOOK.EXE"="J:\\xp\\Microsoft Word\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "J:\\xp\\Microsoft Word\\Office12\\GROOVE.EXE"="J:\\xp\\Microsoft Word\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove" "J:\\xp\\Microsoft Word\\Office12\\ONENOTE.EXE"="J:\\xp\\Microsoft Word\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "J:\\xp\\Opera\\opera.exe"="J:\\xp\\Opera\\opera.exe:*:Enabled:Opera Internet Browser" "H:\\Program Files\\BitComet\\BitComet.exe"="H:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client" "J:\\xp\\GRY\\Battle\\BF2.exe"="J:\\xp\\GRY\\Battle\\BF2.exe:*:Enabled:Battlefield 2" "H:\\WINDOWS\\system32\\LEXPPS.EXE"="H:\\WINDOWS\\system32\\LEXPPS.EXE:*:Enabled:LEXPPS.EXE" "H:\\Program Files\\Winamp Remote\\bin\\Orb.exe"="H:\\Program Files\\Winamp Remote\\bin\\Orb.exe:*:Enabled:Orb" "H:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"="H:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe:*:Enabled:OrbTray" "H:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"="H:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe:*:Enabled:Orb Stream Client" "J:\\xp\\Programs\\RM.exe"="J:\\xp\\Programs\\RM.exe:*:Enabled:Render Manager" "J:\\xp\\Programs\\Studio.exe"="J:\\xp\\Programs\\Studio.exe:*:Enabled:Studio" "J:\\xp\\Programs\\umi.exe"="J:\\xp\\Programs\\umi.exe:*:Enabled:umi" "H:\\Program Files\\Skype\\Phone\\Skype.exe"="H:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" [b]Remaining Files [/b]: [b]Files with Hidden Attributes [/b]: Thu 14 Aug 2008 4,348 A.SH. --- "H:\RECYCLER\S-1-5-21-1614895754-1229272821-725345543-1003\Dh199.bak" Thu 10 Jul 2008 0 A.SH. --- "H:\RECYCLER\S-1-5-21-1614895754-1229272821-725345543-1003\Dh232.tmp" Sun 3 Feb 2008 195,072 A..H. --- "H:\Program Files\Intermedia Design\Helium 2007\UserDataRemove.exe" Sun 3 Feb 2008 824,832 A..H. --- "H:\Documents and Settings\All Users\Dane aplikacji\Data\LicenseManager2007.dll" Wed 16 Apr 2008 789 A.SHR --- "H:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\hosts.bak" [b]Finished![/b]

Dodano 22.08.2008 21:06:54:

Kod: Zaznacz wszystko: ComboFix 08-08-21.02 - Michał- PC 2008-08-22 20:59:40.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.1374 [GMT 2:00] Running from: H:\Documents and Settings\Michał- PC\Pulpit\ComboFix.exe [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . H:\Documents and Settings\Michał- PC\Dane aplikacji\inst.exe H:\Program Files\PCHealthCenter H:\Program Files\PCHealthCenter\[u]0[/u].exe H:\Program Files\PCHealthCenter\[u]0[/u].gif H:\Program Files\PCHealthCenter\1.exe H:\Program Files\PCHealthCenter\1.gif H:\Program Files\PCHealthCenter\2.exe H:\Program Files\PCHealthCenter\2.gif H:\Program Files\PCHealthCenter\3.exe H:\Program Files\PCHealthCenter\3.gif H:\Program Files\PCHealthCenter\5.exe H:\WINDOWS\BMa3db042a.txt H:\WINDOWS\system32\evdahllv.ini H:\WINDOWS\system32\JmWHgMoq.ini H:\WINDOWS\system32\JmWHgMoq.ini2 H:\WINDOWS\system32\setup.ini . ((((((((((((((((((((((((( Files Created from 2008-07-22 to 2008-08-22 ))))))))))))))))))))))))))))))) . 2008-08-22 20:39 . 2008-08-22 20:39 580,096 --a--c--- H:\WINDOWS\system32\dllcache\user32.dll 2008-08-22 20:38 . 2008-08-22 20:38 <DIR> d-------- H:\WINDOWS\ERUNT 2008-08-22 16:57 . 2008-08-22 16:57 <DIR> d-------- H:\Program Files\Trend Micro 2008-08-22 16:00 . 2008-08-22 20:56 <DIR> d-------- H:\SDFix 2008-08-22 10:24 . 2008-08-22 10:24 34 --a------ H:\WINDOWS\system32\oeminfo.ini 2008-08-22 10:06 . 2008-08-22 10:06 <DIR> d-------- H:\Program Files\Ashampoo 2008-08-22 09:51 . 2008-08-22 10:05 <DIR> d-a------ H:\Documents and Settings\All Users\Dane aplikacji\TEMP 2008-08-22 09:50 . 2008-08-22 09:53 <DIR> d-------- H:\Program Files\SpywareBlaster 2008-08-22 09:39 . 2008-08-22 09:39 <DIR> d-------- H:\Documents and Settings\Michał- PC\Dane aplikacji\Grisoft 2008-08-22 09:39 . 2008-08-22 09:39 <DIR> d-------- H:\Documents and Settings\All Users\Dane aplikacji\Grisoft 2008-08-22 09:39 . 2007-05-30 14:10 10,872 --a------ H:\WINDOWS\system32\drivers\AvgAsCln.sys 2008-08-21 21:59 . 2008-08-21 21:59 <DIR> d--h----- H:\WINDOWS\PIF 2008-08-21 19:51 . 2008-08-22 14:06 <DIR> d-------- H:\Program Files\Applications 2008-08-16 09:58 . 2008-08-16 09:58 <DIR> dr-h----- H:\Documents and Settings\Michał- PC\Dane aplikacji\SecuROM 2008-08-02 14:36 . 2008-08-02 14:33 737,280 --a------ H:\WINDOWS\iun6002.exe 2008-08-01 22:46 . 2008-08-15 09:27 151 --a------ H:\WINDOWS\PhotoSnapViewer.INI 2008-07-30 14:16 . 2008-07-30 14:16 560 --a------ H:\WINDOWS\eReg.dat 2008-07-30 13:09 . 2008-07-30 13:09 <DIR> d-------- H:\Program Files\Electronic Arts 2008-07-30 13:09 . 1999-04-02 16:37 33,792 -ra------ H:\WINDOWS\NPSExec.exe 2008-07-30 12:11 . 2008-07-30 12:11 <DIR> d-------- H:\Program Files\DAEMON Tools Toolbar 2008-07-26 17:02 . 2008-07-26 17:02 <DIR> d-------- H:\Documents and Settings\Michał- PC\Dane aplikacji\TuneUp Software 2008-07-26 17:02 . 2008-07-26 17:02 306,432 --a------ H:\WINDOWS\system32\TuneUpDefragService.exe 2008-07-26 17:02 . 2007-12-20 10:41 29,440 --a------ H:\WINDOWS\system32\uxtuneup.dll 2008-07-26 08:49 . 2008-07-27 17:37 <DIR> d-------- H:\My Recordings 2008-07-24 12:35 . 2008-07-24 12:35 <DIR> d-------- H:\Documents and Settings\Michał- PC\Dane aplikacji\Windows Search 2008-07-23 17:46 . 2008-07-23 17:46 <DIR> d-------- H:\Documents and Settings\Michał- PC\Dane aplikacji\Windows Desktop Search 2008-07-23 17:45 . 2008-07-23 17:45 <DIR> d-------- H:\WINDOWS\system32\GroupPolicy 2008-07-23 17:45 . 2008-07-23 17:45 <DIR> d-------- H:\Program Files\Windows Desktop Search 2008-07-23 17:44 . 2008-03-07 19:02 192,000 -----c--- H:\WINDOWS\system32\dllcache\offfilt.dll 2008-07-23 17:44 . 2008-03-07 19:02 98,304 -----c--- H:\WINDOWS\system32\dllcache\nlhtml.dll 2008-07-23 17:44 . 2008-03-07 19:02 29,696 -----c--- H:\WINDOWS\system32\dllcache\mimefilt.dll 2008-07-23 09:59 . 2008-08-06 20:12 96,976 --a------ H:\WINDOWS\system32\drivers\klin.dat 2008-07-23 09:59 . 2008-07-24 12:20 87,855 --a------ H:\WINDOWS\system32\drivers\klick.dat 2008-07-23 09:41 . 2008-07-23 09:41 <DIR> d-------- H:\Program Files\Kaspersky Lab 2008-07-23 09:41 . 2008-08-22 20:56 <DIR> d-------- H:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab 2008-07-23 09:31 . 2008-08-22 20:35 7,404,576 --ahs---- H:\WINDOWS\system32\drivers\fidbox.dat 2008-07-23 09:31 . 2008-08-22 20:35 761,888 --ahs---- H:\WINDOWS\system32\drivers\fidbox2.dat 2008-07-23 09:31 . 2008-08-22 20:35 62,072 --ahs---- H:\WINDOWS\system32\drivers\fidbox.idx 2008-07-23 09:31 . 2008-08-22 20:35 6,828 --ahs---- H:\WINDOWS\system32\drivers\fidbox2.idx 2008-07-23 09:10 . 2008-04-25 18:22 206,088 --a------ H:\WINDOWS\system32\klogon.dll 2008-07-22 23:32 . 2008-07-22 23:32 0 --a------ H:\WINDOWS\BMa3db042a.xml 2008-07-22 22:19 . 2008-07-24 21:34 <DIR> d-------- H:\Program Files\Common Files\Adobe 2008-07-22 22:18 . 2008-07-24 12:32 8,388,608 --a------ H:\WINDOWS\system32\RO1047.bac 2008-07-22 18:55 . 2008-07-22 18:55 95 --a------ H:\WINDOWS\wininit.ini 2008-07-22 17:10 . 2008-07-22 17:10 <DIR> d-------- H:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files 2008-07-22 09:05 . 2008-08-22 10:48 <DIR> d-------- H:\Documents and Settings\Michał- PC\Dane aplikacji\Skype 2008-07-22 08:49 . 2008-07-22 08:49 <DIR> d-------- H:\Program Files\Skype 2008-07-22 08:49 . 2008-07-22 08:49 <DIR> d-------- H:\Program Files\Common Files\Skype . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-22 18:34 --------- d-----w H:\Program Files\Crawler 2008-08-22 11:29 --------- d-----w H:\Program Files\BitComet 2008-08-22 09:05 --------- d-----w H:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy 2008-08-22 07:04 --------- d-----w H:\Documents and Settings\Michał- PC\Dane aplikacji\Hamachi 2008-08-22 07:03 --------- d-----w H:\Program Files\Steam 2008-08-21 19:19 --------- d-----w H:\Documents and Settings\Michał- PC\Dane aplikacji\skypePM 2008-08-19 21:51 --------- d-----w H:\Program Files\Opera 2008-08-03 14:24 --------- d--h--w H:\Program Files\InstallShield Installation Information 2008-07-22 06:49 --------- d-----w H:\Documents and Settings\All Users\Dane aplikacji\Skype 2008-07-19 05:23 --------- d-----w H:\Documents and Settings\Michał- PC\Dane aplikacji\Vso 2008-07-19 05:15 47,360 ----a-w H:\WINDOWS\system32\drivers\pcouffin.sys 2008-07-19 05:15 47,360 ----a-w H:\Documents and Settings\Michał- PC\Dane aplikacji\pcouffin.sys 2008-07-19 05:15 --------- d-----w H:\Program Files\VSO 2008-07-18 17:49 --------- d-----w H:\Program Files\proDAD 2008-07-18 17:49 --------- d-----w H:\Program Files\LooksBuilderSE 2008-07-18 17:49 --------- d-----w H:\Program Files\Boris FX, Inc 2008-07-18 17:49 --------- d-----w H:\Documents and Settings\Michał- PC\Dane aplikacji\proDAD 2008-07-18 17:48 --------- d-----w H:\Program Files\Pinnacle 2008-07-18 17:44 --------- d-----w H:\Documents and Settings\All Users\Dane aplikacji\vsosdk 2008-07-18 12:40 --------- d-----w H:\Documents and Settings\Michał- PC\Dane aplikacji\DivX 2008-07-18 12:39 --------- d-----w H:\Program Files\Common Files\Pinnacle 2008-07-18 12:38 --------- d-----w H:\Documents and Settings\All Users\Dane aplikacji\Pinnacle Studio Ultimate 2008-07-18 12:35 --------- d-----w H:\Program Files\Common Files\Yahoo! 2008-07-18 12:35 --------- d-----w H:\Documents and Settings\All Users\Dane aplikacji\Studio 12 2008-07-18 12:35 --------- d-----w H:\Documents and Settings\All Users\Dane aplikacji\Pinnacle Studio Plus 2008-07-18 12:35 --------- d-----w H:\Documents and Settings\All Users\Dane aplikacji\Pinnacle 2008-07-17 19:20 --------- d-----w H:\Documents and Settings\Michał- PC\Dane aplikacji\Ahead 2008-07-17 15:44 --------- d-----w H:\Documents and Settings\All Users\Dane aplikacji\Yahoo! Companion 2008-07-17 13:54 --------- d-----w H:\Program Files\Common Files\Ahead 2008-07-17 13:51 --------- d-----w H:\Program Files\Yahoo! 2008-07-15 21:05 --------- d-----w H:\Documents and Settings\Michał- PC\Dane aplikacji\Dealio 2008-07-15 07:05 --------- d-----w H:\Program Files\Panda Security 2008-07-15 06:16 --------- d-----w H:\Program Files\Intermedia Design 2008-07-15 06:07 --------- d-----w H:\Program Files\Winamp 2008-07-15 04:16 --------- d-----w H:\Program Files\Common Files\Panda Software 2008-07-15 04:12 0 ----a-w H:\WINDOWS\system32\drivers\wnmsav.dat 2008-07-14 09:22 25,280 ----a-w H:\WINDOWS\system32\drivers\hamachi.sys 2008-07-14 09:22 --------- d-----w H:\Program Files\Hamachi 2008-07-14 07:35 --------- d-----w H:\Documents and Settings\Michał- PC\Dane aplikacji\foobar2000 2008-07-14 06:51 --------- d-----w H:\Documents and Settings\Michał- PC\Dane aplikacji\Search Settings 2008-07-13 21:31 --------- d-----w H:\Program Files\Search Settings 2008-07-13 21:31 --------- d-----w H:\Program Files\Dealio 2008-07-13 21:01 --------- d-----w H:\Program Files\ImTOO 2008-07-13 18:04 --------- d-----w H:\Documents and Settings\All Users\Dane aplikacji\sentinel 2008-07-13 17:52 --------- d-----w H:\Documents and Settings\All Users\Dane aplikacji\Backup 2008-07-12 21:24 45,768 ----a-w H:\WINDOWS\system32\drivers\MiniIcpt.sys 2008-07-11 21:07 --------- d-----w H:\Program Files\ESTsoft 2008-07-11 21:07 --------- d-----w H:\Documents and Settings\Michał- PC\Dane aplikacji\ESTSoft 2008-07-11 16:50 --------- d-----w H:\Program Files\AVIcodec 2008-07-11 00:06 --------- d-----w H:\Program Files\Common Files\Adobe AIR 2008-07-10 23:46 --------- d-----w H:\Program Files\NOS 2008-07-10 23:46 --------- d-----w H:\Documents and Settings\All Users\Dane aplikacji\NOS 2008-07-10 23:40 --------- d-----w H:\Program Files\Java 2008-07-10 23:39 --------- d-----w H:\Program Files\Common Files\Java 2008-07-10 21:48 --------- d-----w H:\Program Files\Windows Media Connect 2 2008-07-10 21:48 --------- d-----w H:\Program Files\Microsoft Silverlight 2008-07-09 10:48 --------- d-----w H:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help 2008-07-08 01:00 --------- d-----w H:\Program Files\MSXML 4.0 2008-07-06 16:27 --------- d-----w H:\Documents and Settings\Michał- PC\Dane aplikacji\Intermedia Design 2008-07-06 16:26 --------- d-----w H:\Documents and Settings\All Users\Dane aplikacji\Intermedia Design 2008-07-06 16:26 --------- d-----w H:\Documents and Settings\All Users\Dane aplikacji\Data 2008-07-05 12:14 98,304 ----a-w H:\WINDOWS\system32\CmdLineExt.dll 2008-07-04 15:10 --------- d-----w H:\Program Files\Pet Soccer 2008-06-29 08:41 2,560 ----a-w H:\WINDOWS\system32\bitcometres.dll 2008-06-28 18:58 --------- d-----w H:\Documents and Settings\Michał- PC\Dane aplikacji\Media Player Classic 2008-06-28 12:24 78,048,408 ----a-w H:\Program Files\N360S200.exe 2008-06-28 11:45 1,495,112 ----a-w H:\Program Files\install_flash_player.exe 2008-06-28 08:12 --------- d-----w H:\Documents and Settings\Michał- PC\Dane aplikacji\Gadu-Gadu 2008-06-27 08:50 --------- d-----w H:\Documents and Settings\Michał- PC\Dane aplikacji\Ubisoft 2008-06-27 08:40 --------- d-----w H:\Program Files\free-downloads.net 2008-06-26 20:03 --------- d-----w H:\Program Files\Conduit 2008-06-26 20:03 --------- d-----w H:\Program Files\Alcohol Soft 2008-06-26 19:40 --------- d-----w H:\Program Files\Realtek 2008-06-26 19:39 315,392 ----a-w H:\WINDOWS\HideWin.exe 2008-06-24 16:21 --------- d-----w H:\Documents and Settings\All Users\Dane aplikacji\Ubisoft 2008-06-24 16:15 --------- d-----w H:\Documents and Settings\Michał- PC\Dane aplikacji\InstallShield 2008-06-24 16:08 717,296 ----a-w H:\WINDOWS\system32\drivers\sptd.sys 2008-06-24 16:03 --------- d-----w H:\Documents and Settings\Michał- PC\Dane aplikacji\DAEMON Tools 2008-06-20 17:48 246,784 ----a-w H:\WINDOWS\system32\mswsock.dll 2008-06-18 20:37 2,045,459 ----a-w H:\WINDOWS\system32\x264vfw.dll 2008-06-12 18:36 7,680 ----a-w H:\WINDOWS\system32\ff_vfw.dll 2008-05-30 23:22 683,520 ----a-w H:\WINDOWS\system32\divx.dll 2008-05-26 20:33 60,273 ----a-w H:\WINDOWS\system32\pthreadGC2.dll 2008-05-26 20:21 1,582,592 ------w H:\WINDOWS\system32\tquery.dll 2008-05-26 20:21 1,418,240 ------w H:\WINDOWS\system32\mssrch.dll 2008-05-26 20:19 97,792 ------w H:\WINDOWS\system32\UncCplExt.dll 2008-05-26 20:19 273,408 ------w H:\WINDOWS\system32\oeph.dll 2008-05-26 20:19 2,048 ------w H:\WINDOWS\system32\UncRes.dll 2008-05-26 20:19 143,872 ------w H:\WINDOWS\system32\UncDMS.dll 2008-05-26 20:19 131,072 ------w H:\WINDOWS\system32\UncPH.dll 2008-05-26 20:19 11,264 ------w H:\WINDOWS\system32\oephRes.dll 2008-05-26 20:19 108,032 ------w H:\WINDOWS\system32\UncNE.dll 2008-05-26 20:18 71,680 ------w H:\WINDOWS\system32\propdefs.dll 2008-05-26 20:18 56,320 ------w H:\WINDOWS\system32\xmlfilter.dll 2008-05-26 20:18 44,032 ------w H:\WINDOWS\system32\msstrc.dll 2008-05-26 20:18 439,808 ------w H:\WINDOWS\system32\searchindexer.exe 2008-05-26 20:18 38,400 ------w H:\WINDOWS\system32\rtffilt.dll 2008-05-26 20:18 350,208 ------w H:\WINDOWS\system32\mssph.dll 2008-05-26 20:18 231,936 ------w H:\WINDOWS\system32\msshsq.dll 2008-05-26 20:18 203,776 ------w H:\WINDOWS\system32\mssphtb.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}] 2008-07-04 14:53 1569304 --a------ H:\Program Files\free-downloads.net\tbfre1.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{ecdee021-0d17-467f-a1ff-c7a115230949}"= "H:\Program Files\free-downloads.net\tbfre1.dll" [2008-07-04 14:53 1569304] [HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "H:\Program Files\free-downloads.net\tbfre1.dll" [2008-07-04 14:53 1569304] [HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Gadu-Gadu"="J:\xp\GG\Gadu-Gadu\gg.exe" [2008-03-20 12:04 2127296] "BitComet"="H:\Program Files\BitComet\BitComet.exe" [2008-06-03 05:42 2596152] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="H:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-10-28 16:25 94208] "ctfmon.exe"="H:\WINDOWS\system32\ctfmon.exe" [2008-04-14 19:21 15360] "SpybotSD TeaTimer"="J:\xp\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 18:41 1832272] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LXSUPMON"="H:\WINDOWS\system32\LXSUPMON.EXE" [2001-10-09 18:10 819200] "GrooveMonitor"="J:\xp\Microsoft Word\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648] "SunJavaUpdateSched"="H:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784] "au"="H:\Program Files\Dealio\DealioAU.exe" [2008-05-26 19:50 595296] "SearchSettings"="H:\Program Files\Search Settings\SearchSettings.exe" [2008-06-12 16:57 991584] "NeroFilterCheck"="H:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648] "Adobe Reader Speed Launcher"="H:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 02:38 34672] "!AVG Anti-Spyware"="H:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312] "AVP"="H:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-04-25 18:21 201992] "AdslTaskBar"="stmctrl.dll" [2007-02-06 17:47 167936 H:\WINDOWS\system32\stmctrl.dll] "RTHDCPL"="RTHDCPL.EXE" [2008-05-07 15:39 16862208 H:\WINDOWS\RTHDCPL.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="H:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 19:21 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) "NoFileAssociate"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "H:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 22:19 304128] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.iv32"= ir32.dll "msacm.ac3filter"= ac3filter.acm "vidc.IV45"= Ir41_qc.dll "msacm.l3fhg"= mp3fhg.acm "msacm.divxa32"= divxa32.acm "VIDC.X264"= x264vfw.dll "VIDC.HFYU"= huffyuv.dll "vidc.i263"= i263_32.drv "VIDC.YV12"= yv12vfw.dll "vidc.mjpg"= pvmjpg30.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "I:\\vista\\GRY\\Metin2\\Metin\\metin2.bin"= "J:\\xp\\Microsoft Word\\Office12\\OUTLOOK.EXE"= "J:\\xp\\Microsoft Word\\Office12\\GROOVE.EXE"= "J:\\xp\\Microsoft Word\\Office12\\ONENOTE.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "H:\\Program Files\\BitComet\\BitComet.exe"= "J:\\xp\\GRY\\Battle\\BF2.exe"= "H:\\WINDOWS\\system32\\LEXPPS.EXE"= "J:\\xp\\Programs\\RM.exe"= "J:\\xp\\Programs\\Studio.exe"= "J:\\xp\\Programs\\umi.exe"= "H:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "16858:TCP"= 16858:TCP:BitComet 16858 TCP "16858:UDP"= 16858:UDP:BitComet 16858 UDP R0 klbg;Kaspersky Lab Boot Guard Driver;H:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 18:29] R2 UxTuneUp;TuneUp Theme Extension;H:\WINDOWS\System32\svchost.exe [2008-04-14 19:21] R3 KLFLTDEV;Kaspersky Lab KLFltDev;H:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 19:02] R3 klim5;Kaspersky Anti-Virus NDIS Filter;H:\WINDOWS\system32\DRIVERS\klim5.sys [2008-03-25 20:07] R3 Stmatm;ATM/ADSL miniport;H:\WINDOWS\system32\DRIVERS\stmatm.sys [2007-01-22 12:52] R3 TaurusUsb;ADSL Modem USB Service;H:\WINDOWS\system32\DRIVERS\torususb.sys [2007-02-06 17:08] S3 atidgllk;atidgllk;H:\DOCUME~1\MICHA-~1\USTAWI~1\Temp\~Af01604\Upgrade\atidgllk.sys [] S3 getPlus(R) Helper;getPlus(R) Helper;H:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-06-26 10:24] S3 TuneUp.Defrag;TuneUp Drive Defrag Service;H:\WINDOWS\System32\TuneUpDefragService.exe [2008-07-26 17:02] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Contents of the 'Scheduled Tasks' folder 2008-08-22 H:\WINDOWS\Tasks\1-Click Maintenance.job - J:\xp\OneClick.exe [] 2008-08-22 H:\WINDOWS\Tasks\SpybotSD.job - J:\xp\Spybot - Search & Destroy\SpybotSD.exe [2008-07-07 09:42] . - - - - ORPHANS REMOVED - - - - BHO-{2174636A-C8DB-475A-90CE-AE6192A2BB58} - (no file) BHO-{67D57809-C4D3-4998-813F-C8661A856984} - (no file) BHO-{853AD6F2-F9B1-4A1C-ADD1-F30180DD671D} - (no file) BHO-{8B3C5988-FCCA-430C-924F-2BC90F9602C3} - (no file) Notify-avldr - avldr.dll Notify-mlJCUljH - mlJCUljH.dll . ------- Supplementary Scan ------- . FireFox -: Profile - H:\Documents and Settings\Michał- PC\Dane aplikacji\Mozilla\Firefox\Profiles\71yj9914.default\ FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query= FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.daemon-search.com/startpage FF -: plugin - J:\xp\Mozilla\plugins\npnul32.dll FF -: plugin - J:\xp\Mozilla\plugins\nppdf32.dll FF -: plugin - J:\xp\Opera\program\plugins\npdsplay.dll FF -: plugin - J:\xp\Opera\program\plugins\nppl3260.dll FF -: plugin - J:\xp\Opera\program\plugins\nprpjplug.dll FF -: plugin - J:\xp\Opera\program\plugins\npwmsdrm.dll . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-22 21:00:58 Windows 5.1.2600 Dodatek Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-08-22 21:01:43 ComboFix-quarantined-files.txt 2008-08-22 19:01:29 Pre-Run: 6,002,708,480 bajtów wolnych Post-Run: 5,987,688,448 bajtów wolnych 304 --- E O F --- 2008-07-11 06:24:43

Dodano 22.08.2008 22:22:50:
DOBRA TEMAT DO SKASOWANIA PO ZROBIENIU WASZYCH PO WYSZSZYCH RAD JAK UDAŁO MI SIĘ URUCHOMIĆ KOMPA AWARYJNIE PROBLEM ZNIKNĄŁ DZIĘKI :mrgreen: