log, proszę o sprawdzenie loga

[dariadesou]

Mam przeglądarkę Mozilla Firefox. Od wczoraj wyskakiwało mi okienko z Internet Explorer z jakąś amerykańską stronką o Hollywoodzie. Dzisiaj wysoczył mi komunikat o błędach w rejestrze i że mam zainstalować jakiś Errorsafe. Kliknęłam w link ale mi się pojawiło, że nie można wyświetlić strony. Potem przeglądnęłam google i wystraszyłam się bo piszą tam o jakichś trojanach... Ściągnęłam Hijackthis i wstawiam loga. Od razu mówię, że jestem ciemna z tego wszystkiego i proszę o pomoc.

Kod: Zaznacz wszystko

Logfile of HijackThis v1.99.1
Scan saved at 17:34:39, on 2007-03-28
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
D:\Program Files\Browser MOUSE\mouse32a.exe
D:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
D:\WINDOWS\system32\rundll32.exe
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\system32\RaConfig.exe
D:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\DOCUME~1\Daria\USTAWI~1\Temp\Rar$EX02.332\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant =

http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dziennik.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O3 - Toolbar: Alcohol Toolbar - {4C4E7CDB-5BFC-4D74-83E2-8AE659B7EDA2} - D:\Program

Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RemoteControl] "D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] D:\Program Files\Browser MOUSE\mouse32a.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinFlyer32.dll] "rundll32.exe" D:\WINDOWS\system32\WinFlyer32.dll,Run
O4 - HKLM\..\Run: [SoundService] rundll32.exe "D:\WINDOWS\system32\itemtbdy.dll",setvm
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital

Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone - szybkie uruchamianie.lnk = D:\Program Files\HP\Digital

Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft

Office\Office\OSA9.EXE
O4 - Global Startup: RaConfig.lnk = D:\WINDOWS\system32\RaConfig.exe
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = D:\Program Files\Microsoft

Office\Office\1045\OLFSNT40.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program

Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

D:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

D:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -

D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Program

Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - D:\Program Files\Alwil

Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Program Files\Alwil

Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files\Alwil

Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software -

D:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe

[wojtas]

Pobierz i uruchom narzędzie : The Avenger
http://swandog46.geekstogo.com/avenger.zip
Zaznacz opcję Input script manually i kliknij na Lupkę z prawej strony. W okienku, które się otworzy wklejasz:

Files to delete:

D:\WINDOWS\system32\itemtbdy.dll
D:\WINDOWS\system32\WinFlyer32.dll

Klikasz Done, a następnie zielone światełko i zgadzasz się na restart klikając OK.
Po restarcie w HijackThis usuwasz wpis/y

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant =http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://search.bearshare.com/sidebar.html?src=ssb
O4 - HKLM\..\Run: [WinFlyer32.dll] "rundll32.exe" D:\WINDOWS\system32\WinFlyer32.dll,Run
O4 - HKLM\..\Run: [SoundService] rundll32.exe "D:\WINDOWS\system32\itemtbdy.dll",setvm

Kasujesz ręcznie z dysku plik: C:\Avenger\backup.zip i wklejasz na forum raport: C:\avenger.txt + log z HijackThis + log z Silent Runners.

[dariadesou]

a jest to konieczne? czy te pliki są dużym zagrożeniem dla mojego komputera?

[wojtas]

a jest to konieczne? czy te pliki są dużym zagrożeniem dla mojego komputera?

tak bo to trojany

zrob tak:

zastosuj:

Vunfofix
http://www.atribune.org/ccount/click.php?id=4

Trojan.Vundo Removal Tool
http://securityresponse.symantec.com/avcenter/FixVundo.exe

VirtumundoBeGone
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

i potem nowe logi daj

[dariadesou]

Po zastosowaniu VundoFix oraz FixVundo. Tego VirtumundoBeGone jeszcze nie robiłam.



Logfile of HijackThis v1.99.1
Scan saved at 23:49:40, on 2007-03-28
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
D:\Program Files\Browser MOUSE\mouse32a.exe
D:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
D:\WINDOWS\system32\rundll32.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
D:\WINDOWS\system32\RaConfig.exe
D:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
D:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
D:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\DOCUME~1\Daria\USTAWI~1\Temp\Rar$EX01.695\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dziennik.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: (no name) - {3CFDA4F6-94BD-4908-A2C5-EB9F0524C83a} - D:\WINDOWS\system32\cafebmlg.dll (file missing)
O2 - BHO: Alcohol Toolbar Helper - {52D06F97-5511-43FA-8FDA-C481864FD26E} - D:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O2 - BHO: (no name) - {57E218E6-5A80-4f0c-AB25-83598F25D7E9} - D:\WINDOWS\system32\wdsgvken.dll (file missing)
O2 - BHO: (no name) - {733FD72F-103E-4B9E-BCB9-A76064AF3C72} - D:\WINDOWS\system32\urqqnom.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7AABE467-7E83-4DB4-896F-7E4CD490DF8D} - D:\WINDOWS\system32\tuvsr.dll (file missing)
O3 - Toolbar: Alcohol Toolbar - {4C4E7CDB-5BFC-4D74-83E2-8AE659B7EDA2} - D:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RemoteControl] "D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] D:\Program Files\Browser MOUSE\mouse32a.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinFlyer32.dll] "rundll32.exe" D:\WINDOWS\system32\WinFlyer32.dll,Run
O4 - HKLM\..\Run: [SoundService] rundll32.exe "D:\WINDOWS\system32\itemtbdy.dll",setvm
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone - szybkie uruchamianie.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: RaConfig.lnk = D:\WINDOWS\system32\RaConfig.exe
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = D:\Program Files\Microsoft Office\Office\1045\OLFSNT40.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe

[ Dodano: Dzisiaj o 23:00 ]
Sorki, nie zrobiłam Code. Teraz:

Kod: Zaznacz wszystko

Logfile of HijackThis v1.99.1
Scan saved at 23:49:40, on 2007-03-28
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
D:\Program Files\Browser MOUSE\mouse32a.exe
D:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
D:\WINDOWS\system32\rundll32.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
D:\WINDOWS\system32\RaConfig.exe
D:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
D:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
D:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\DOCUME~1\Daria\USTAWI~1\Temp\Rar$EX01.695\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dziennik.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: (no name) - {3CFDA4F6-94BD-4908-A2C5-EB9F0524C83a} - D:\WINDOWS\system32\cafebmlg.dll (file missing)
O2 - BHO: Alcohol Toolbar Helper - {52D06F97-5511-43FA-8FDA-C481864FD26E} - D:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O2 - BHO: (no name) - {57E218E6-5A80-4f0c-AB25-83598F25D7E9} - D:\WINDOWS\system32\wdsgvken.dll (file missing)
O2 - BHO: (no name) - {733FD72F-103E-4B9E-BCB9-A76064AF3C72} - D:\WINDOWS\system32\urqqnom.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7AABE467-7E83-4DB4-896F-7E4CD490DF8D} - D:\WINDOWS\system32\tuvsr.dll (file missing)
O3 - Toolbar: Alcohol Toolbar - {4C4E7CDB-5BFC-4D74-83E2-8AE659B7EDA2} - D:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RemoteControl] "D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] D:\Program Files\Browser MOUSE\mouse32a.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinFlyer32.dll] "rundll32.exe" D:\WINDOWS\system32\WinFlyer32.dll,Run
O4 - HKLM\..\Run: [SoundService] rundll32.exe "D:\WINDOWS\system32\itemtbdy.dll",setvm
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone - szybkie uruchamianie.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: RaConfig.lnk = D:\WINDOWS\system32\RaConfig.exe
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = D:\Program Files\Microsoft Office\Office\1045\OLFSNT40.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe



[ Dodano: Dzisiaj o 6:56 ]
Ten log jest po skanowaniu VirtumundoBeGone.

Kod: Zaznacz wszystko

Logfile of HijackThis v1.99.1
Scan saved at 07:45:16, on 2007-03-29
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
D:\Program Files\Browser MOUSE\mouse32a.exe
D:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
D:\WINDOWS\system32\rundll32.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
D:\WINDOWS\system32\RaConfig.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
D:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
D:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\DOCUME~1\Daria\USTAWI~1\Temp\Rar$EX00.604\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dziennik.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: (no name) - {3CFDA4F6-94BD-4908-A2C5-EB9F0524C83a} - D:\WINDOWS\system32\cafebmlg.dll (file missing)
O2 - BHO: Alcohol Toolbar Helper - {52D06F97-5511-43FA-8FDA-C481864FD26E} - D:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O2 - BHO: (no name) - {57E218E6-5A80-4f0c-AB25-83598F25D7E9} - D:\WINDOWS\system32\wdsgvken.dll (file missing)
O2 - BHO: (no name) - {733FD72F-103E-4B9E-BCB9-A76064AF3C72} - D:\WINDOWS\system32\urqqnom.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7AABE467-7E83-4DB4-896F-7E4CD490DF8D} - D:\WINDOWS\system32\tuvsr.dll (file missing)
O3 - Toolbar: Alcohol Toolbar - {4C4E7CDB-5BFC-4D74-83E2-8AE659B7EDA2} - D:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RemoteControl] "D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] D:\Program Files\Browser MOUSE\mouse32a.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinFlyer32.dll] "rundll32.exe" D:\WINDOWS\system32\WinFlyer32.dll,Run
O4 - HKLM\..\Run: [SoundService] rundll32.exe "D:\WINDOWS\system32\itemtbdy.dll",setvm
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone - szybkie uruchamianie.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: RaConfig.lnk = D:\WINDOWS\system32\RaConfig.exe
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = D:\Program Files\Microsoft Office\Office\1045\OLFSNT40.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe



[Red]

usun jeszcze hijack:

O2 - BHO: (no name) - {3CFDA4F6-94BD-4908-A2C5-EB9F0524C83a} - D:\WINDOWS\system32\cafebmlg.dll (file missing)
O2 - BHO: (no name) - {57E218E6-5A80-4f0c-AB25-83598F25D7E9} - D:\WINDOWS\system32\wdsgvken.dll (file missing)
O2 - BHO: (no name) - {733FD72F-103E-4B9E-BCB9-A76064AF3C72} - D:\WINDOWS\system32\urqqnom.dll (file missing)
O2 - BHO: (no name) - {7AABE467-7E83-4DB4-896F-7E4CD490DF8D} - D:\WINDOWS\system32\tuvsr.dll (file missing)

a to recznie w trybie awaryjnym :

D:\WINDOWS\system32\itemtbdy.dll

[dariadesou]

usunęłam te 4 wpisy a tego itemtbdy.dll nie ma w tym system32 ale jest za to w D:\VundoFix Backups

co mam zrobić?

[ Dodano: Dzisiaj o 21:26 ]
aha i dodane jest do tej nazwy bad czyli cała nazwa tego pliku to itemtbdy.dll.bad

[wojtas]

skasuj caly folder:

D:\VundoFix Backups

daj nowe logi z silent runners i comboscan:

http://forum.programosy.pl/hijackthis-amp-silent-runners-gtobsuga-i-umieszczanie-vt9452.html
http://forum.programosy.pl/dodatkowe-narzedzia-do-usuwania-i-ochrony-vt42021.html

[dariadesou]

aha i wyświetla mi sie zaraz po uruchomieniu kompa jakiś błąd, że w D:\Windows\system32\iitemtbdy.dll cośtam, coś tam, że nie można odnaleźć modułu czy coś

[ Dodano: Dzisiaj o 21:59 ]
logi dam jutro

[ Dodano: Dzisiaj o 16:36 ]
Wczoraj jak zamykałam system to wyskoczyło mi okienko że mam zainstalować Errorsafe ale kliknęłam anuluj.

Kod: Zaznacz wszystko

Logfile of HijackThis v1.99.1
Scan saved at 17:26:50, on 2007-03-30
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\WINDOWS\system32\wuauclt.exe
D:\WINDOWS\Explorer.EXE
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
D:\Program Files\Browser MOUSE\mouse32a.exe
D:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
D:\WINDOWS\system32\rundll32.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
D:\WINDOWS\system32\RaConfig.exe
D:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
D:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
D:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\DOCUME~1\Daria\USTAWI~1\Temp\Rar$EX02.923\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dziennik.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Alcohol Toolbar Helper - {52D06F97-5511-43FA-8FDA-C481864FD26E} - D:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O3 - Toolbar: Alcohol Toolbar - {4C4E7CDB-5BFC-4D74-83E2-8AE659B7EDA2} - D:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RemoteControl] "D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] D:\Program Files\Browser MOUSE\mouse32a.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinFlyer32.dll] "rundll32.exe" D:\WINDOWS\system32\WinFlyer32.dll,Run
O4 - HKLM\..\Run: [SoundService] rundll32.exe "D:\WINDOWS\system32\itemtbdy.dll",setvm
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone - szybkie uruchamianie.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: RaConfig.lnk = D:\WINDOWS\system32\RaConfig.exe
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = D:\Program Files\Microsoft Office\Office\1045\OLFSNT40.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe



[wojtas]

Użyj WWDC :
http://www.firewallleaktester.com/wwdc.htm
Zmień opcje z disable na enable. Uruchom ponownie komputer.
Tak powinny wyglądać porty (NetBIOS może być żółty) :
http://www.firewallleaktester.com/images_site/wwdc.jpg


Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach)
Start do awaryjnego ( F8 ) przy starcie komputera

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
O4 - HKLM\..\Run: [WinFlyer32.dll] "rundll32.exe" D:\WINDOWS\system32\WinFlyer32.dll,Run
O4 - HKLM\..\Run: [SoundService] rundll32.exe "D:\WINDOWS\system32\itemtbdy.dll,setvm

Odpalasz hijackthis i zaznaczasz ptaszkami powyższe wpisy i dajesz Fix checked.
Pogrubione pliki usuwasz ręcznie z dysku
potem nowe logi comboscana oraz Silent runners

combo:

http://forum.programosy.pl/dodatkowe-narzedzia-do-usuwania-i-ochrony-vt42021.html

[dariadesou]

log z comboscana:

Kod: Zaznacz wszystko

ComboScan v20070306.20 run by Daria on 2007-03-30 at 22:56:07
Supplementary logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: Polish

CPU 0: Procesor Intel Celeron
Percentage of Memory in Use: 77%
Physical Memory (total/avail): 255.48 MiB / 56.86 MiB
Pagefile Memory (total/avail): 3615.8 MiB / 3314.31 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1993.23 MiB

A: is Removable (Unformatted)
C: is Fixed (NTFS) - 19.53 GiB total, 7.3 GiB free.
D: is Fixed (NTFS) - 37.74 GiB total, 5.13 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)
G: is CDROM (Unformatted)
H: is CDROM (CDFS)
I: is CDROM (No Media)
J: is CDROM (CDFS)
K: is CDROM (Unformatted)
L: is CDROM (No Media)


-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=D:\Documents and Settings\All Users
APPDATA=D:\Documents and Settings\Daria\Dane aplikacji
CLIENTNAME=Console
CommonProgramFiles=D:\Program Files\Common Files
COMPUTERNAME=DOMEK
ComSpec=D:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=D:
HOMEPATH=\Documents and Settings\Daria
LANG=pl
LOGONSERVER=\\DOMEK
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=D:\WINDOWS\system32;D:\WINDOWS;D:\WINDOWS\System32\Wbem;D:\Program Files\Common Files\GTK\2.0\bin
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 10, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=080a
ProgramFiles=D:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=D:
SystemRoot=D:\WINDOWS
TEMP=D:\DOCUME~1\Daria\USTAWI~1\Temp
TMP=D:\DOCUME~1\Daria\USTAWI~1\Temp
USERDOMAIN=DOMEK
USERNAME=Daria
USERPROFILE=D:\Documents and Settings\Daria
windir=D:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Daria [I](admin)[/I]
Janusz [I](admin)[/I]


-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 D:\WINDOWS\INF\PCHealth.inf
Ad-Aware SE Personal --> MsiExec.exe /X{78CC3BAB-DE2A-4FB4-8FBB-E4DADDC26747}
Adobe Acrobat 4.0 --> D:\WINDOWS\ISUNINST.EXE -f"D:\Program Files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.isu" -c"D:\Program Files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.dll"
Adobe Flash Player 9 ActiveX --> D:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Aktualizacja dla systemu Windows XP (KB894391) --> "D:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Aktualizacja dla systemu Windows XP (KB898461) --> "D:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Aktualizacja dla systemu Windows XP (KB900485) --> "D:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Aktualizacja dla systemu Windows XP (KB908531) --> "D:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Aktualizacja dla systemu Windows XP (KB910437) --> "D:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Aktualizacja dla systemu Windows XP (KB911164) -->
Aktualizacja dla systemu Windows XP (KB911280) --> "D:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Aktualizacja dla systemu Windows XP (KB916595) --> "D:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Aktualizacja dla systemu Windows XP (KB920872) --> "D:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Aktualizacja dla systemu Windows XP (KB922582) --> "D:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Aktualizacja dla systemu Windows XP (KB929338) --> "D:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
Aktualizacja dla systemu Windows XP (KB931836) --> "D:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB893756) --> "D:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB896358) --> "D:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB896423) --> "D:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB896424) --> "D:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB896428) --> "D:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB899587) --> "D:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB899591) --> "D:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB900725) --> "D:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB901017) --> "D:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB901214) --> "D:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB902400) --> "D:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB904706) --> "D:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB905414) --> "D:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB905749) --> "D:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB908519) --> "D:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB911562) --> "D:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB911567) --> "D:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB911927) --> "D:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB912919) --> "D:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB913580) --> "D:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB914388) --> "D:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB914389) --> "D:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB917344) --> "D:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB917422) --> "D:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB917953) --> "D:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB918118) --> "D:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB918439) --> "D:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB919007) --> "D:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB920213) --> "D:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB920214) --> "D:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB920670) --> "D:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB920683) --> "D:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB920685) --> "D:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB921398) --> "D:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB922616) --> "D:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB922760) --> "D:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB922819) --> "D:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB923191) --> "D:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB923414) --> "D:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB923694) --> "D:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB923789) --> D:\WINDOWS\system32\MacroMed\Flash\genuinst.exe D:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Aktualizacja zabezpieczeń dla systemu Windows XP (KB923980) --> "D:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB924191) --> "D:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB924270) --> "D:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB924496) --> "D:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB924667) --> "D:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB925454) --> "D:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB925486) --> "D:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB926255) --> "D:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB926436) --> "D:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB927779) --> "D:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB927802) --> "D:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB928255) --> "D:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB928843) --> "D:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla Windows XP (KB923689) --> "D:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Alcohol Toolbar --> "D:\WINDOWS\Alcohol_Toolbar_Uninstaller_6972.exe"  _?=D:\Program Files\Alcohol Toolbar
ALLPlayer V2.4 --> "D:\Program Files\MarBit\ALLPlayer\unins000.exe"
Archiwizator WinRAR --> D:\Program Files\WinRAR\uninstall.exe
Audacity 1.2.6 --> "D:\Program Files\Audacity\unins000.exe"
avast! Antivirus --> rundll32 D:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
AVG Anti-Spyware 7.5 --> D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
Browser MOUSE --> D:\Program Files\Browser MOUSE\uninst00.exe
DAEMON Tools --> MsiExec.exe /I{0EF160D7-B9C3-4778-93CC-B2379BA59FE5}
Domowe Karaoke --> "D:\Program Files\Avalon\Domowe Karaoke\Uninstall.exe"
Gadu-Gadu 7.6 --> D:\Program Files\Gadu-Gadu\Setup.exe
Google Earth --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9  -removeonly
GTK+ 2.8.18-1 runtime environment --> "D:\Program Files\Common Files\GTK\2.0\unins000.exe"
HijackThis 1.99.1 --> D:\DOCUME~1\Daria\USTAWI~1\Temp\Rar$EX02.332\HijackThis.exe /uninstall
HP Document Viewer 5.3 --> D:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat
HP Image Zone 5.3 --> D:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Imaging Device Functions 5.3 --> D:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP PSC & OfficeJet 5.3.B --> "D:\Program Files\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\setup\hpzscr01.exe" -datfile hposcr07.dat
HP Software Update --> MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
HP Solution Center & Imaging Support Tools 5.3 --> D:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Jupiter 2006 Standard --> D:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{15D3622A-ACAA-45E1-8652-D2C915CE94ED}
K-Lite Codec Pack 2.82 Full --> "D:\Program Files\K-Lite Codec Pack\unins000.exe"
Knights and Merchants TPR --> D:\PROGRA~1\KMTPR~1\UNWISE.EXE D:\PROGRA~1\KMTPR~1\INSTALL.LOG
LG GSM PC Components --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{CB8251EE-C86B-410D-83B2-1E28E9DE2C2B}\Setup.exe"
Microsoft Office 2000 Premium --> MsiExec.exe /I{00000415-78E1-11D2-B60F-006097C998E7}
Microsoft Windows Media Video 9 VCM --> RunDll32 advpack.dll,LaunchINFSection D:\WINDOWS\INF\wmv9vcm.inf, Uninstall
Mozilla Firefox (2.0.0.2) --> D:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe
Mozilla Firefox (2.0.0.3) --> D:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (1.5.0.10) --> D:\PROGRA~1\MOZILL~2\uninstall\uninstall.exe /ua "1.5.0.10 (pl)"
Nero Media Player --> D:\WINDOWS\UNNMP.exe /UNINSTALL
Nero OEM --> D:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NeroVision Express 2 --> D:\WINDOWS\UNNeroVision.exe /UNINSTALL
Onet.pl - Skype 3.0 --> "D:\Program Files\Skype\Phone\unins000.exe"
OpenOffice.org 2.0 --> MsiExec.exe /I{5F5395DD-76CD-4EB0-BB69-269A9F12C193}
PhotoFiltre --> "D:\Program Files\PhotoFiltre\Uninst.exe"
Poprawka systemu Windows XP - KB873339 --> D:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Poprawka systemu Windows XP - KB885836 --> D:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Poprawka systemu Windows XP - KB886185 --> D:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Poprawka systemu Windows XP - KB887472 --> D:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Poprawka systemu Windows XP - KB888302 --> D:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Poprawka systemu Windows XP - KB890859 --> "D:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Poprawka systemu Windows XP - KB891781 --> D:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
PowerDVD --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe"  -uninstall
Pytacz Master --> "D:\Program Files\Pytacz Master\Odinstaluj.exe"
RT2400 Wireless LAN Card --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{9198A23F-C33C-4907-9715-96DE7D4AF27D}\Setup.exe" -l0x9
Runaway a Road Adventure PL --> D:\PROGRA~1\RUNAWA~1\UNWISE.EXE D:\PROGRA~1\RUNAWA~1\INSTALL.LOG
Shareaza wersja 2.2.5.0 --> "D:\Program Files\Shareaza\Uninstall\unins000.exe"
Skype Plugin Manager --> MsiExec.exe /I{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}
The GIMP 2.2.13 --> "D:\Program Files\GIMP-2.0\unins000.exe"
The Partners PL --> D:\PROGRA~1\THEPAR~1\UNWISE.EXE D:\PROGRA~1\THEPAR~1\INSTALL.LOG
The Sims 2 --> D:\Program Files\EA GAMES\The Sims 2\EAUninstall.exe
The Sims 2 Body Shop --> D:\Program Files\EA GAMES\The Sims 2 Body Shop\EAUninstall.exe
The Sims 2 Nocne życie --> D:\Program Files\EA GAMES\The Sims 2 Nocne życie\EAUninstall.exe
Tlumacz Komputerowy - Niemiecki --> D:\Program Files\Tlumacz Komputerowy - Niemiecki\setup.exe -uninstall
USB to Serial Cable Driver --> D:\WINDOWS\unvise32.exe D:\Program Files\ArkMicro\uninstal.log
WapSter AQQ --> D:\Program Files\Wapster\AQQ\uninstall.exe
Webmajster3 --> D:\PROGRA~1\Onet\WEBMAJ~1\UNWISE.EXE D:\PROGRA~1\Onet\WEBMAJ~1\INSTALL.LOG
Winamp (remove only) --> "D:\Program Files\Winamp\UninstWA.exe"
WinFlyer --> "rundll32.exe" D:\WINDOWS\system32\WinFlyer32.dll,UnInstall
Zajączek 4.1 --> D:\Program Files\Zajaczek 4.1\Uninstal.exe


-- End of ComboScan: finished at 2007-03-30 at 23:03:38 ------------------------


[ Dodano: Dzisiaj o 22:13 ]
i coś takiego (2 notatniki mi się pojawiły)

Kod: Zaznacz wszystko

ComboScan v20070306.20 run by Daria on 2007-03-30 at 22:56:07
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created ComboScan Restore Point.


-- Last 5 Restore Point(s) --
76: 2007-03-30 20:57:37 UTC - RP99 - ComboScan Restore Point
75: 2007-03-30 15:54:47 UTC - RP98 - Punkt kontrolny systemu
74: 2007-03-28 18:01:49 UTC - RP97 - Punkt kontrolny systemu
73: 2007-03-27 17:01:56 UTC - RP96 - Installed DAEMON Tools
72: 2007-03-25 16:19:56 UTC - RP95 - Punkt kontrolny systemu


-- First Restore Point --
1: 2006-12-29 19:19:18 UTC - RP24 - Punkt kontrolny systemu


Performed disk cleanup.


-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-03-30 23:02:01
Platform: Windows XP Dodatek Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.0.5730.11)

Running processes:
D:\WINDOWS\system32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\explorer.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Program Files\Alwil Software\Avast4\ashDisp.exe
D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
D:\Program Files\HP\HP Software Update\hpwuSchd2.exe
D:\Program Files\Browser MOUSE\mouse32a.exe
D:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
D:\WINDOWS\system32\RaConfig.exe
D:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
D:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
D:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
D:\Documents and Settings\Daria\Pulpit\comboscan.exe
D:\Program Files\Mozilla Firefox\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dziennik.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Alcohol Toolbar Helper - {52D06F97-5511-43FA-8FDA-C481864FD26E} - D:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O3 - Toolbar: Alcohol Toolbar - {4C4E7CDB-5BFC-4D74-83E2-8AE659B7EDA2} - D:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RemoteControl] "D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] D:\Program Files\Browser MOUSE\mouse32a.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone - szybkie uruchamianie.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: RaConfig.lnk = D:\WINDOWS\system32\RaConfig.exe
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = D:\Program Files\Microsoft Office\Office\1045\OLFSNT40.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\Program Files\Common Files\Skype\Skype4COM.dll
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\system32\WgaLogon.dll
O23 - Service: Urządzenie alarmowe (Alerter) - D:\WINDOWS\system32\svchost.exe -k LocalService
O23 - Service: Usługa bramy warstwy aplikacji (ALG) - D:\WINDOWS\system32\alg.exe
O23 - Service: Zarządzanie aplikacjami (AppMgmt) - D:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: ASP.NET State Service (aspnet_state) - D:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - "D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"
O23 - Service: Windows Audio (AudioSrv) - D:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: avast! Antivirus - "D:\Program Files\Alwil Software\Avast4\ashServ.exe"
O23 - Service: avast! Mail Scanner - "D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service
O23 - Service: avast! Web Scanner - "D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service
O23 - Service: AVG Anti-Spyware Guard - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Usługa inteligentnego transferu w tle (BITS) - D:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Przeglądarka komputera (Browser) - D:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Usługa indeksowania (CiSvc) - D:\WINDOWS\system32\cisvc.exe
O23 - Service: ClipBook (ClipSrv) - D:\WINDOWS\system32\clipsrv.exe
O23 - Service: Aplikacja systemowa modelu COM+ (COMSysApp) - D:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
O23 - Service: Usługi kryptograficzne (CryptSvc) - D:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Program uruchamiający proces serwera DCOM (DcomLaunch) - D:\WINDOWS\system32\svchost -k DcomLaunch
O23 - Service: Klient DHCP (Dhcp) - D:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Usługa administracyjna Menedżera dysków logicznych (dmadmin) - D:\WINDOWS\System32\dmadmin.exe /com
O23 - Service: Menedżer dysków logicznych (dmserver) - D:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Klient DNS (Dnscache) - D:\WINDOWS\system32\svchost.exe -k NetworkService
O23 - Service: Usługa raportowania błędów (ERSvc) - D:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Dziennik zdarzeń (Eventlog) - D:\WINDOWS\system32\services.exe
O23 - Service: System zdarzeń COM+ (EventSystem) - D:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Zgodność szybkiego przełączania użytkowników (FastUserSwitchingCompatibility) - D:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Pomoc i obsługa techniczna (helpsvc) - D:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Dostęp do urządzeń interfejsu HID (HidServ) - D:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: HTTP SSL (HTTPFilter) - D:\WINDOWS\System32\svchost.exe -k HTTPFilter
O23 - Service: Usługa COM nagrywania dysków CD IMAPI (ImapiService) - D:\WINDOWS\system32\imapi.exe
O23 - Service: Serwer (lanmanserver) - D:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Stacja robocza (lanmanworkstation) - D:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Pomoc TCP/IP NetBIOS (LmHosts) - D:\WINDOWS\system32\svchost.exe -k LocalService
O23 - Service: Posłaniec (Messenger) - D:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: NetMeeting Remote Desktop Sharing (mnmsrvc) - D:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Distributed Transaction Coordinator (MSDTC) - D:\WINDOWS\system32\msdtc.exe
O23 - Service: Instalator Windows (MSIServer) - D:\WINDOWS\system32\msiexec.exe /V
O23 - Service: DDE sieci (NetDDE) - D:\WINDOWS\system32\netdde.exe
O23 - Service: DSDM DDE sieci (NetDDEdsdm) - D:\WINDOWS\system32\netdde.exe
O23 - Service: Logowanie do sieci (Netlogon) - D:\WINDOWS\system32\lsass.exe
O23 - Service: Połączenia sieciowe (Netman) - D:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Rozpoznawanie lokalizacji w sieci (NLA) (Nla) - D:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Usługa NT LM Security Support Provider (NtLmSsp) - D:\WINDOWS\system32\lsass.exe
O23 - Service: Magazyn wymienny (NtmsSvc) - D:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Plug and Play (PlugPlay) - D:\WINDOWS\system32\services.exe
O23 - Service: Pml Driver HPZ12 - D:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Usługi IPSEC (PolicyAgent) - D:\WINDOWS\system32\lsass.exe
O23 - Service: Magazyn chroniony (ProtectedStorage) - D:\WINDOWS\system32\lsass.exe
O23 - Service: Menedżer autopołączenia dostępu zdalnego (RasAuto) - D:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Menedżer połączeń usługi Dostęp zdalny (RasMan) - D:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Menedżer sesji pomocy pulpitu zdalnego (RDSessMgr) - D:\WINDOWS\system32\sessmgr.exe
O23 - Service: Routing i dostęp zdalny (RemoteAccess) - D:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Lokalizator usługi zdalnego wywołania procedury (RPC) (RpcLocator) - D:\WINDOWS\system32\locator.exe
O23 - Service: Zdalne wywoływanie procedur (RPC) (RpcSs) - D:\WINDOWS\system32\svchost -k rpcss
O23 - Service: QoS RSVP (RSVP) - D:\WINDOWS\system32\rsvp.exe
O23 - Service: Menedżer kont zabezpieczeń (SamSs) - D:\WINDOWS\system32\lsass.exe
O23 - Service: Karta inteligentna (SCardSvr) - D:\WINDOWS\system32\scardsvr.exe
O23 - Service: Harmonogram zadań (Schedule) - D:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Logowanie pomocnicze (seclogon) - D:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Zawiadomienie o zdarzeniu systemowym (SENS) - D:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Zapora systemu Windows/Udostępnianie połączenia internetowego (SharedAccess) - D:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Wykrywanie sprzętu powłoki (ShellHWDetection) - D:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Bufor wydruku (Spooler) - D:\WINDOWS\system32\spoolsv.exe
O23 - Service: Usługa przywracania systemu (srservice) - D:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Usługa odnajdywania SSDP (SSDPSRV) - D:\WINDOWS\system32\svchost.exe -k LocalService
O23 - Service: StarWind iSCSI Service (StarWindService) - D:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
O23 - Service: Windows Image Acquisition (WIA) (stisvc) - D:\WINDOWS\system32\svchost.exe -k imgsvc
O23 - Service: MS Software Shadow Copy Provider (SwPrv) - D:\WINDOWS\system32\dllhost.exe /Processid:{68A4657F-AA5E-4CC8-A04D-B13FAB7EEBCF}
O23 - Service: Dzienniki wydajności i alerty (SysmonLog) - D:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Telefonia (TapiSrv) - D:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Usługi terminalowe (TermService) - D:\WINDOWS\System32\svchost -k DComLaunch
O23 - Service: Kompozycje (Themes) - D:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Klient śledzenia łączy rozproszonych (TrkWks) - D:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Windows User Mode Driver Framework (UMWdf) - D:\WINDOWS\system32\wdfmgr.exe
O23 - Service: Host uniwersalnego urządzenia Plug and Play (upnphost) - D:\WINDOWS\system32\svchost.exe -k LocalService
O23 - Service: Zasilacz awaryjny (UPS) (UPS) - D:\WINDOWS\system32\ups.exe
O23 - Service: Kopiowanie woluminów w tle (VSS) - D:\WINDOWS\system32\vssvc.exe
O23 - Service: Usługa Czas systemu Windows (W32Time) - D:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: WebClient - D:\WINDOWS\system32\svchost.exe -k LocalService
O23 - Service: Instrumentacja zarządzania Windows (winmgmt) - D:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Usługa numeru seryjnego multimediów przenośnych (WmdmPmSN) - D:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Karta wydajności WMI (WmiApSrv) - D:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Centrum zabezpieczeń (wscsvc) - D:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Aktualizacje automatyczne (wuauserv) - D:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Konfiguracja zerowej sieci bezprzewodowej (WZCSVC) - D:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Usługa dostarczania sieci (xmlprov) - D:\WINDOWS\System32\svchost.exe -k netsvcs


-- File Associations -----------------------------------------------------------

.bat - batfile - "%1" %*
.chm - chm.file - "D:\WINDOWS\hh.exe" %1
.cmd - cmdfile - "%1" %*
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1"
.scr - scrfile - "%1" /S
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

1R Aavmker4 (avast! Asynchronous Virus Monitor) - D:\WINDOWS\system32\drivers\aavmker4.sys
3R ac97intc (Usługa instalacyjna sterownika audio Intel(r) 82801 (WDM)) - D:\WINDOWS\system32\drivers\ac97intc.sys
3S AIRPLUS (D-Link AirPlus Wireless Adapter) - D:\WINDOWS\system32\drivers\AIRPLUS.sys
2R aswMon2 (avast! Standard Shield Support) - D:\WINDOWS\system32\drivers\aswmon2.sys
3R aswRdr - D:\WINDOWS\system32\drivers\aswRdr.sys
1R aswTdi (avast! Network Shield Support) - D:\WINDOWS\system32\drivers\aswTdi.sys
1R AVG Anti-Spyware Driver - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
1R AvgAsCln (AVG Anti-Spyware Clean Driver) - D:\WINDOWS\system32\drivers\AvgAsCln.sys
0R d343bus - D:\WINDOWS\system32\drivers\d343bus.sys
0R d343port - D:\WINDOWS\system32\drivers\d343port.sys
3S HPZid412 (IEEE-1284.4 Driver HPZid412) - D:\WINDOWS\system32\drivers\HPZid412.sys
3S HPZipr12 (Print Class Driver for IEEE-1284.4 HPZipr12) - D:\WINDOWS\system32\drivers\HPZipr12.sys
3S HPZius12 (USB to IEEE-1284.4 Translation Driver HPZius12) - D:\WINDOWS\system32\drivers\HPZius12.sys
3R ms_mpu401 (Sterownik portu MIDI UART Microsoft MPU-401) - D:\WINDOWS\system32\drivers\msmpu401.sys
3R nv - D:\WINDOWS\system32\drivers\nv4_mini.sys
1R P3 (Sterownik procesora Intel PentiumIII) - D:\WINDOWS\system32\drivers\p3.sys
0R PxHelp20 - D:\WINDOWS\system32\drivers\PxHelp20.sys
3R RT2400 (RT2400 Wireless Driver) - D:\WINDOWS\system32\drivers\RT2400.sys
0R sptd - D:\WINDOWS\system32\drivers\sptd.sys
3R usb2vcom (USB to Serial Bridge Controller) - D:\WINDOWS\system32\drivers\usb2vcom.sys
3S usbccgp (Rodzajowy sterownik nadrzędny USB Microsoft) - D:\WINDOWS\system32\drivers\usbccgp.sys
3S usbprint (Klasa PRINTER USB Microsoft) - D:\WINDOWS\system32\drivers\usbprint.sys
3S usbscan (Sterownik skanera USB) - D:\WINDOWS\system32\drivers\usbscan.sys
3S USBSTOR (Sterownik magazynu masowego USB) - D:\WINDOWS\system32\drivers\USBSTOR.SYS


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

3S aspnet_state (ASP.NET State Service) - D:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
2R aswUpdSv (avast! iAVS4 Control Service) - "D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"
2R avast! Antivirus - "D:\Program Files\Alwil Software\Avast4\ashServ.exe"
3R avast! Mail Scanner - "D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service
3R avast! Web Scanner - "D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service
2R AVG Anti-Spyware Guard - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
2S Pml Driver HPZ12 - D:\WINDOWS\system32\HPZipm12.exe
2R StarWindService (StarWind iSCSI Service) - D:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
2R UMWdf (Windows User Mode Driver Framework) - D:\WINDOWS\system32\wdfmgr.exe


-- Files created between 2007-02-28 and 2007-03-30 -----------------------------

2007-03-29 22:09:01         0 d-------- D:\WINDOWS\pss
2007-03-28 18:18:51      3968 --a------ D:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-03-28 18:18:15         0 d-------- D:\Program Files\Grisoft
2007-03-27 19:06:11         0 d-------- D:\WINDOWS\system32\ReinstallBackups<REINST~1>
2007-03-27 19:02:49      5632 --a------ D:\WINDOWS\system32\drivers\d343port.sys
2007-03-27 19:02:49    136704 --a------ D:\WINDOWS\system32\drivers\d343bus.sys
2007-03-27 19:02:07         0 d-------- D:\Program Files\D-Tools
2007-03-27 18:59:15         0 d-------- D:\WINDOWS\Downloaded Installations<DOWNLO~2>
2007-03-23 20:40:57      5688 --a------ D:\WINDOWS\system32\bassenc.dll
2007-03-23 20:40:57     25688 --a------ D:\WINDOWS\system32\bass_fx.dll
2007-03-23 20:40:56     92216 --a------ D:\WINDOWS\system32\bass.dll
2007-03-23 20:40:27         0 d-------- D:\Program Files\Audio4You<AUDIO4~1>
2007-03-20 16:58:33         0 d-------- D:\Program Files\Lavasoft
2007-03-20 16:54:48         0 d-------- D:\Program Files\Sygate
2007-03-20 16:53:38         0 d-------- D:\Program Files\Common Files\Wise Installation Wizard<WISEIN~1>
2007-03-19 19:45:16         0 d-------- D:\Program Files\Zajaczek 4.1<ZAJACZ~1.1>
2007-03-19 19:33:34         0 d-------- D:\Program Files\Onet
2007-03-18 19:26:00         0 d-------- D:\Program Files\Km TPR<KMTPR~1>
2007-03-03 13:54:16         0 d-------- D:\Program Files\Tlumacz Komputerowy - Niemiecki<TLUMAC~1>
2007-03-03 13:42:26         0 d-------- D:\WINDOWS\system32\Viewers
2007-03-03 13:41:15         0 d-------- D:\WINDOWS\ShellNew
2007-03-03 13:40:32         0 d-------- D:\Program Files\Przeglądarka migawek<PRZEGL~1>
2007-03-03 13:38:35         0 d-------- D:\WINDOWS\Twain32
2007-03-01 22:00:05         0 d-------- D:\Program Files\Google
2007-03-01 21:33:07         0 d-------- D:\Program Files\Pytacz Master<PYTACZ~1>


-- Find3M Report ---------------------------------------------------------------

2007-03-30 22:59:54         0 d-------- D:\Program Files\Mozilla Thunderbird<MOZILL~2>
2007-03-29 23:06:00         0 d-------- D:\Program Files\Mozilla Firefox<MOZILL~1>
2007-03-25 15:34:07         0 d-------- D:\Program Files\EA GAMES<EAGAME~1>
2007-03-25 09:52:59    436322 --a------ D:\WINDOWS\system32\perfh015.dat
2007-03-25 09:52:59     67298 --a------ D:\WINDOWS\system32\perfc015.dat
2007-03-24 13:32:23         0 d-------- D:\Documents and Settings\Daria\Dane aplikacji\Skype
2007-03-20 16:59:26         0 d-------- D:\Documents and Settings\Daria\Dane aplikacji\Lavasoft
2007-03-20 16:40:20         0 d--h----- D:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-03-11 18:13:37         0 d-------- D:\Program Files\Shareaza
2007-03-05 17:54:38         0 d---s---- D:\Documents and Settings\Daria\Dane aplikacji\Microsoft<MICROS~1>
2007-03-05 16:06:43    113072 --a------ D:\WINDOWS\hpoins07.dat
2007-03-03 13:38:35         0 d-------- D:\Documents and Settings\Daria\Dane aplikacji\Microsoft Web Folders<MICROS~2>
2007-03-03 13:36:06         0 d-------- D:\Program Files\microsoft frontpage<MICROS~1>
2007-03-01 22:02:18         0 d-------- D:\Documents and Settings\Daria\Dane aplikacji\Google
2007-03-01 19:43:46         0 d-------- D:\Documents and Settings\Daria\Dane aplikacji\OpenOffice.org2<OPENOF~1.ORG>
2007-02-16 15:07:02         0 d-------- D:\Program Files\WMV9_VCM
2007-02-16 14:45:55         0 d-------- D:\Program Files\Avalon
2007-02-15 20:18:04         0 d-------- D:\Program Files\Elfin
2007-02-15 20:16:33         0 d-------- D:\Program Files\Common Files\InstallShield<INSTAL~1>
2007-02-15 16:08:42         0 d-------- D:\Program Files\GIMP-2.0
2007-02-14 19:09:52         0 d-------- D:\Program Files\Java
2007-02-13 10:00:03         0 d-------- D:\Documents and Settings\Daria\Dane aplikacji\Ahead
2007-02-13 09:54:17         0 d-------- D:\Program Files\Ahead
2007-02-13 09:47:22         0 d-------- D:\Program Files\Common Files\Ahead
2007-02-12 19:55:46         0 d-------- D:\Program Files\Runaway PL<RUNAWA~1>
2007-02-02 17:59:21    249347 --a------ D:\WINDOWS\Alcohol_Toolbar_Uninstaller_6972.exe<ALCOHO~1.EXE>
2007-02-02 17:59:21         0 d-------- D:\Program Files\Alcohol Toolbar<ALCOHO~2>
2007-02-02 17:58:15         0 d-------- D:\Program Files\Alcohol Soft<ALCOHO~1>
2007-01-29 10:58:06     60416 -----n--- D:\WINDOWS\system32\tzchange.exe
2007-01-15 19:32:07    689280 --a------ D:\WINDOWS\system32\aswBoot.exe
2007-01-13 20:53:06     90112 --a------ D:\WINDOWS\system32\AVASTSS.scr
2007-01-12 10:27:42    232960 --a------ D:\WINDOWS\system32\webcheck.dll
2007-01-12 10:27:42     51712 -----n--- D:\WINDOWS\system32\msfeedsbs.dll<MSFEED~1.DLL>
2007-01-12 10:27:42    458752 -----n--- D:\WINDOWS\system32\msfeeds.dll
2007-01-12 10:27:42   6054400 --a------ D:\WINDOWS\system32\ieframe.dll
2007-01-08 20:04:54    105984 --a------ D:\WINDOWS\system32\url.dll
2007-01-08 20:04:08    102400 --a------ D:\WINDOWS\system32\occache.dll
2007-01-08 20:02:04    266752 --a------ D:\WINDOWS\system32\iertutil.dll
2007-01-08 20:02:04     44544 --a------ D:\WINDOWS\system32\iernonce.dll
2007-01-08 20:02:02    384000 --a------ D:\WINDOWS\system32\iedkcs32.dll
2007-01-08 20:02:02    383488 -----n--- D:\WINDOWS\system32\ieapfltr.dll
2007-01-08 20:02:02    161792 --a------ D:\WINDOWS\system32\ieakui.dll
2007-01-08 20:02:02    230400 --a------ D:\WINDOWS\system32\ieaksie.dll
2007-01-08 20:02:02    153088 --a------ D:\WINDOWS\system32\ieakeng.dll
2007-01-08 20:01:14     17408 --a------ D:\WINDOWS\system32\corpol.dll
2007-01-08 20:00:48    124928 --a------ D:\WINDOWS\system32\advpack.dll
2007-01-08 19:08:14     56832 --a------ D:\WINDOWS\system32\ie4uinit.exe
2007-01-08 19:08:10     13824 --a------ D:\WINDOWS\system32\ieudinit.exe
2007-01-02 17:55:19      4224 --a------ D:\WINDOWS\mozver.dat


-- Registry Dump ---------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="D:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"avast!"="D:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"RemoteControl"="\"D:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"HP Software Update"="D:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"FLMOFFICE4DMOUSE"="D:\\Program Files\\Browser MOUSE\\mouse32a.exe"
"SunJavaUpdateSched"="\"D:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"NeroFilterCheck"="D:\\WINDOWS\\system32\\NeroCheck.exe"
"!AVG Anti-Spyware"="\"D:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
   

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{733FD72F-103E-4B9E-BCB9-A76064AF3C72}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="D:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="D:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter   REG_MULTI_SZ      HTTPFilter\0\0
LocalService   REG_MULTI_SZ      Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService   REG_MULTI_SZ      DnsCache\0\0
DcomLaunch   REG_MULTI_SZ      DcomLaunch\0TermService\0\0
rpcss   REG_MULTI_SZ      RpcSs\0\0
imgsvc   REG_MULTI_SZ      StiSvc\0\0
termsvcs   REG_MULTI_SZ      TermService\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H]
Shell\AutoRun\command   H:\Autorun.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\J]
Shell\AutoRun\command   J:\Autorun.exe


-- End of ComboScan: finished at 2007-03-30 at 23:03:38 ------------------------



[dariadesou]

a tu z Silent Runners:

Kod: Zaznacz wszystko

"Silent Runners.vbs", revision R50, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "D:\WINDOWS\system32\ctfmon.exe" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"avast!" = "D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [null data]
"RemoteControl" = ""D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"" ["Cyberlink Corp."]
"HP Software Update" = "D:\Program Files\HP\HP Software Update\HPWuSchd2.exe" ["Hewlett-Packard Co."]
"FLMOFFICE4DMOUSE" = "D:\Program Files\Browser MOUSE\mouse32a.exe" [empty string]
"SunJavaUpdateSched" = ""D:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"" ["Sun Microsystems, Inc."]
"NeroFilterCheck" = "D:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"!AVG Anti-Spyware" = ""D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized" ["Anti-Malware Development a.s."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{52D06F97-5511-43FA-8FDA-C481864FD26E}\(Default) = (no title provided)
  -> {HKLM...CLSID} = "Alcohol Toolbar Helper"
                   \InProcServer32\(Default) = "D:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll" [null data]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
  -> {HKLM...CLSID} = "SSVHelper Class"
                   \InProcServer32\(Default) = "D:\Program Files\Java\jre1.5.0_11\bin\ssv.dll" ["Sun Microsystems, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
  -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
                   \InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"
                   \InProcServer32\(Default) = "D:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]


[wojtas]

wklej do notatnika:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{733FD72F-103E-4B9E-BCB9-A76064AF3C72}"=-

w notatniku u góry>>>plik zapisz jako>>>Zmien rozszerzenie z TXT na Wszystkie pliki *.* >>> Zapisz pod nazwą FIX.REG

Klikasz dwa razy na powstały plik fix i dodajesz go do rejestru....

potem nowy log z silenta oraz z comboscana :ComboScan.txt

[dariadesou]

ComboScan v20070306.20 run by Daria on 2007-03-30 at 23:17:28
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-03-30 23:17:31
Platform: Windows XP Dodatek Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.0.5730.11)

Running processes:
D:\WINDOWS\system32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\explorer.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Program Files\Alwil Software\Avast4\ashDisp.exe
D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
D:\Program Files\HP\HP Software Update\hpwuSchd2.exe
D:\Program Files\Browser MOUSE\mouse32a.exe
D:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
D:\WINDOWS\system32\RaConfig.exe
D:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
D:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
D:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Documents and Settings\Daria\Pulpit\comboscan.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dziennik.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Alcohol Toolbar Helper - {52D06F97-5511-43FA-8FDA-C481864FD26E} - D:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O3 - Toolbar: Alcohol Toolbar - {4C4E7CDB-5BFC-4D74-83E2-8AE659B7EDA2} - D:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RemoteControl] "D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] D:\Program Files\Browser MOUSE\mouse32a.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone - szybkie uruchamianie.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: RaConfig.lnk = D:\WINDOWS\system32\RaConfig.exe
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = D:\Program Files\Microsoft Office\Office\1045\OLFSNT40.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\Program Files\Common Files\Skype\Skype4COM.dll
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\system32\WgaLogon.dll
O23 - Service: Urządzenie alarmowe (Alerter) - D:\WINDOWS\system32\svchost.exe -k LocalService
O23 - Service: Usługa bramy warstwy aplikacji (ALG) - D:\WINDOWS\system32\alg.exe
O23 - Service: Zarządzanie aplikacjami (AppMgmt) - D:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: ASP.NET State Service (aspnet_state) - D:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - "D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"
O23 - Service: Windows Audio (AudioSrv) - D:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: avast! Antivirus - "D:\Program Files\Alwil Software\Avast4\ashServ.exe"
O23 - Service: avast! Mail Scanner - "D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service
O23 - Service: avast! Web Scanner - "D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service
O23 - Service: AVG Anti-Spyware Guard - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Usługa inteligentnego transferu w tle (BITS) - D:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Przeglądarka komputera (Browser) - D:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Usługa indeksowania (CiSvc) - D:\WINDOWS\system32\cisvc.exe
O23 - Service: ClipBook (ClipSrv) - D:\WINDOWS\system32\clipsrv.exe
O23 - Service: Aplikacja systemowa modelu COM+ (COMSysApp) - D:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
O23 - Service: Usługi kryptograficzne (CryptSvc) - D:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Program uruchamiający proces serwera DCOM (DcomLaunch) - D:\WINDOWS\system32\svchost -k DcomLaunch
O23 - Service: Klient DHCP (Dhcp) - D:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Usługa administracyjna Menedżera dysków logicznych (dmadmin) - D:\WINDOWS\System32\dmadmin.exe /com
O23 - Service: Menedżer dysków logicznych (dmserver) - D:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Klient DNS (Dnscache) - D:\WINDOWS\system32\svchost.exe -k NetworkService
O23 - Service: Usługa raportowania błędów (ERSvc) - D:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Dziennik zdarzeń (Eventlog) - D:\WINDOWS\system32\services.exe
O23 - Service: System zdarzeń COM+ (EventSystem) - D:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Zgodność szybkiego przełączania użytkowników (FastUserSwitchingCompatibility) - D:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Pomoc i obsługa techniczna (helpsvc) - D:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Dostęp do urządzeń interfejsu HID (HidServ) - D:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: HTTP SSL (HTTPFilter) - D:\WINDOWS\System32\svchost.exe -k HTTPFilter
O23 - Service: Usługa COM nagrywania dysków CD IMAPI (ImapiService) - D:\WINDOWS\system32\imapi.exe
O23 - Service: Serwer (lanmanserver) - D:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Stacja robocza (lanmanworkstation) - D:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Pomoc TCP/IP NetBIOS (LmHosts) - D:\WINDOWS\system32\svchost.exe -k LocalService
O23 - Service: Posłaniec (Messenger) - D:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: NetMeeting Remote Desktop Sharing (mnmsrvc) - D:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Distributed Transaction Coordinator (MSDTC) - D:\WINDOWS\system32\msdtc.exe
O23 - Service: Instalator Windows (MSIServer) - D:\WINDOWS\system32\msiexec.exe /V
O23 - Service: DDE sieci (NetDDE) - D:\WINDOWS\system32\netdde.exe
O23 - Service: DSDM DDE sieci (NetDDEdsdm) - D:\WINDOWS\system32\netdde.exe
O23 - Service: Logowanie do sieci (Netlogon) - D:\WINDOWS\system32\lsass.exe
O23 - Service: Połączenia sieciowe (Netman) - D:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Rozpoznawanie lokalizacji w sieci (NLA) (Nla) - D:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Usługa NT LM Security Support Provider (NtLmSsp) - D:\WINDOWS\system32\lsass.exe
O23 - Service: Magazyn wymienny (NtmsSvc) - D:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Plug and Play (PlugPlay) - D:\WINDOWS\system32\services.exe
O23 - Service: Pml Driver HPZ12 - D:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Usługi IPSEC (PolicyAgent) - D:\WINDOWS\system32\lsass.exe
O23 - Service: Magazyn chroniony (ProtectedStorage) - D:\WINDOWS\system32\lsass.exe
O23 - Service: Menedżer autopołączenia dostępu zdalnego (RasAuto) - D:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Menedżer połączeń usługi Dostęp zdalny (RasMan) - D:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Menedżer sesji pomocy pulpitu zdalnego (RDSessMgr) - D:\WINDOWS\system32\sessmgr.exe
O23 - Service: Routing i dostęp zdalny (RemoteAccess) - D:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Lokalizator usługi zdalnego wywołania procedury (RPC) (RpcLocator) - D:\WINDOWS\system32\locator.exe
O23 - Service: Zdalne wywoływanie procedur (RPC) (RpcSs) - D:\WINDOWS\system32\svchost -k rpcss
O23 - Service: QoS RSVP (RSVP) - D:\WINDOWS\system32\rsvp.exe
O23 - Service: Menedżer kont zabezpieczeń (SamSs) - D:\WINDOWS\system32\lsass.exe
O23 - Service: Karta inteligentna (SCardSvr) - D:\WINDOWS\system32\scardsvr.exe
O23 - Service: Harmonogram zadań (Schedule) - D:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Logowanie pomocnicze (seclogon) - D:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Zawiadomienie o zdarzeniu systemowym (SENS) - D:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Zapora systemu Windows/Udostępnianie połączenia internetowego (SharedAccess) - D:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Wykrywanie sprzętu powłoki (ShellHWDetection) - D:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Bufor wydruku (Spooler) - D:\WINDOWS\system32\spoolsv.exe
O23 - Service: Usługa przywracania systemu (srservice) - D:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Usługa odnajdywania SSDP (SSDPSRV) - D:\WINDOWS\system32\svchost.exe -k LocalService
O23 - Service: StarWind iSCSI Service (StarWindService) - D:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
O23 - Service: Windows Image Acquisition (WIA) (stisvc) - D:\WINDOWS\system32\svchost.exe -k imgsvc
O23 - Service: MS Software Shadow Copy Provider (SwPrv) - D:\WINDOWS\system32\dllhost.exe /Processid:{68A4657F-AA5E-4CC8-A04D-B13FAB7EEBCF}
O23 - Service: Dzienniki wydajności i alerty (SysmonLog) - D:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Telefonia (TapiSrv) - D:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Usługi terminalowe (TermService) - D:\WINDOWS\System32\svchost -k DComLaunch
O23 - Service: Kompozycje (Themes) - D:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Klient śledzenia łączy rozproszonych (TrkWks) - D:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Windows User Mode Driver Framework (UMWdf) - D:\WINDOWS\system32\wdfmgr.exe
O23 - Service: Host uniwersalnego urządzenia Plug and Play (upnphost) - D:\WINDOWS\system32\svchost.exe -k LocalService
O23 - Service: Zasilacz awaryjny (UPS) (UPS) - D:\WINDOWS\system32\ups.exe
O23 - Service: Kopiowanie woluminów w tle (VSS) - D:\WINDOWS\system32\vssvc.exe
O23 - Service: Usługa Czas systemu Windows (W32Time) - D:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: WebClient - D:\WINDOWS\system32\svchost.exe -k LocalService
O23 - Service: Instrumentacja zarządzania Windows (winmgmt) - D:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Usługa numeru seryjnego multimediów przenośnych (WmdmPmSN) - D:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Karta wydajności WMI (WmiApSrv) - D:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Centrum zabezpieczeń (wscsvc) - D:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Aktualizacje automatyczne (wuauserv) - D:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Konfiguracja zerowej sieci bezprzewodowej (WZCSVC) - D:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Usługa dostarczania sieci (xmlprov) - D:\WINDOWS\System32\svchost.exe -k netsvcs


-- Files created between 2007-02-28 and 2007-03-30 -----------------------------

2007-03-29 22:09:01 0 d-------- D:\WINDOWS\pss
2007-03-28 18:18:51 3968 --a------ D:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-03-28 18:18:15 0 d-------- D:\Program Files\Grisoft
2007-03-27 19:06:11 0 d-------- D:\WINDOWS\system32\ReinstallBackups<REINST~1>
2007-03-27 19:02:49 5632 --a------ D:\WINDOWS\system32\drivers\d343port.sys
2007-03-27 19:02:49 136704 --a------ D:\WINDOWS\system32\drivers\d343bus.sys
2007-03-27 19:02:07 0 d-------- D:\Program Files\D-Tools
2007-03-27 18:59:15 0 d-------- D:\WINDOWS\Downloaded Installations<DOWNLO~2>
2007-03-23 20:40:57 5688 --a------ D:\WINDOWS\system32\bassenc.dll
2007-03-23 20:40:57 25688 --a------ D:\WINDOWS\system32\bass_fx.dll
2007-03-23 20:40:56 92216 --a------ D:\WINDOWS\system32\bass.dll
2007-03-23 20:40:27 0 d-------- D:\Program Files\Audio4You<AUDIO4~1>
2007-03-20 16:58:33 0 d-------- D:\Program Files\Lavasoft
2007-03-20 16:54:48 0 d-------- D:\Program Files\Sygate
2007-03-20 16:53:38 0 d-------- D:\Program Files\Common Files\Wise Installation Wizard<WISEIN~1>
2007-03-19 19:45:16 0 d-------- D:\Program Files\Zajaczek 4.1<ZAJACZ~1.1>
2007-03-19 19:33:34 0 d-------- D:\Program Files\Onet
2007-03-18 19:26:00 0 d-------- D:\Program Files\Km TPR<KMTPR~1>
2007-03-03 13:54:16 0 d-------- D:\Program Files\Tlumacz Komputerowy - Niemiecki<TLUMAC~1>
2007-03-03 13:42:26 0 d-------- D:\WINDOWS\system32\Viewers
2007-03-03 13:41:15 0 d-------- D:\WINDOWS\ShellNew
2007-03-03 13:40:32 0 d-------- D:\Program Files\Przeglądarka migawek<PRZEGL~1>
2007-03-03 13:38:35 0 d-------- D:\WINDOWS\Twain32
2007-03-01 22:00:05 0 d-------- D:\Program Files\Google
2007-03-01 21:33:07 0 d-------- D:\Program Files\Pytacz Master<PYTACZ~1>


-- Find3M Report ---------------------------------------------------------------

2007-03-30 22:59:54 0 d-------- D:\Program Files\Mozilla Thunderbird<MOZILL~2>
2007-03-29 23:06:00 0 d-------- D:\Program Files\Mozilla Firefox<MOZILL~1>
2007-03-25 15:34:07 0 d-------- D:\Program Files\EA GAMES<EAGAME~1>
2007-03-25 09:52:59 436322 --a------ D:\WINDOWS\system32\perfh015.dat
2007-03-25 09:52:59 67298 --a------ D:\WINDOWS\system32\perfc015.dat
2007-03-24 13:32:23 0 d-------- D:\Documents and Settings\Daria\Dane aplikacji\Skype
2007-03-20 16:59:26 0 d-------- D:\Documents and Settings\Daria\Dane aplikacji\Lavasoft
2007-03-20 16:40:20 0 d--h----- D:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-03-11 18:13:37 0 d-------- D:\Program Files\Shareaza
2007-03-05 17:54:38 0 d---s---- D:\Documents and Settings\Daria\Dane aplikacji\Microsoft<MICROS~1>
2007-03-05 16:06:43 113072 --a------ D:\WINDOWS\hpoins07.dat
2007-03-03 13:38:35 0 d-------- D:\Documents and Settings\Daria\Dane aplikacji\Microsoft Web Folders<MICROS~2>
2007-03-03 13:36:06 0 d-------- D:\Program Files\microsoft frontpage<MICROS~1>
2007-03-01 22:02:18 0 d-------- D:\Documents and Settings\Daria\Dane aplikacji\Google
2007-03-01 19:43:46 0 d-------- D:\Documents and Settings\Daria\Dane aplikacji\OpenOffice.org2<OPENOF~1.ORG>
2007-02-16 15:07:02 0 d-------- D:\Program Files\WMV9_VCM
2007-02-16 14:45:55 0 d-------- D:\Program Files\Avalon
2007-02-15 20:18:04 0 d-------- D:\Program Files\Elfin
2007-02-15 20:16:33 0 d-------- D:\Program Files\Common Files\InstallShield<INSTAL~1>
2007-02-15 16:08:42 0 d-------- D:\Program Files\GIMP-2.0
2007-02-14 19:09:52 0 d-------- D:\Program Files\Java
2007-02-13 10:00:03 0 d-------- D:\Documents and Settings\Daria\Dane aplikacji\Ahead
2007-02-13 09:54:17 0 d-------- D:\Program Files\Ahead
2007-02-13 09:47:22 0 d-------- D:\Program Files\Common Files\Ahead
2007-02-12 19:55:46 0 d-------- D:\Program Files\Runaway PL<RUNAWA~1>
2007-02-02 17:59:21 249347 --a------ D:\WINDOWS\Alcohol_Toolbar_Uninstaller_6972.exe<ALCOHO~1.EXE>
2007-02-02 17:59:21 0 d-------- D:\Program Files\Alcohol Toolbar<ALCOHO~2>
2007-02-02 17:58:15 0 d-------- D:\Program Files\Alcohol Soft<ALCOHO~1>
2007-01-29 10:58:06 60416 -----n--- D:\WINDOWS\system32\tzchange.exe
2007-01-15 19:32:07 689280 --a------ D:\WINDOWS\system32\aswBoot.exe
2007-01-13 20:53:06 90112 --a------ D:\WINDOWS\system32\AVASTSS.scr
2007-01-12 10:27:42 232960 --a------ D:\WINDOWS\system32\webcheck.dll
2007-01-12 10:27:42 51712 -----n--- D:\WINDOWS\system32\msfeedsbs.dll<MSFEED~1.DLL>
2007-01-12 10:27:42 458752 -----n--- D:\WINDOWS\system32\msfeeds.dll
2007-01-12 10:27:42 6054400 --a------ D:\WINDOWS\system32\ieframe.dll
2007-01-08 20:04:54 105984 --a------ D:\WINDOWS\system32\url.dll
2007-01-08 20:04:08 102400 --a------ D:\WINDOWS\system32\occache.dll
2007-01-08 20:02:04 266752 --a------ D:\WINDOWS\system32\iertutil.dll
2007-01-08 20:02:04 44544 --a------ D:\WINDOWS\system32\iernonce.dll
2007-01-08 20:02:02 384000 --a------ D:\WINDOWS\system32\iedkcs32.dll
2007-01-08 20:02:02 383488 -----n--- D:\WINDOWS\system32\ieapfltr.dll
2007-01-08 20:02:02 161792 --a------ D:\WINDOWS\system32\ieakui.dll
2007-01-08 20:02:02 230400 --a------ D:\WINDOWS\system32\ieaksie.dll
2007-01-08 20:02:02 153088 --a------ D:\WINDOWS\system32\ieakeng.dll
2007-01-08 20:01:14 17408 --a------ D:\WINDOWS\system32\corpol.dll
2007-01-08 20:00:48 124928 --a------ D:\WINDOWS\system32\advpack.dll
2007-01-08 19:08:14 56832 --a------ D:\WINDOWS\system32\ie4uinit.exe
2007-01-08 19:08:10 13824 --a------ D:\WINDOWS\system32\ieudinit.exe
2007-01-02 17:55:19 4224 --a------ D:\WINDOWS\mozver.dat


-- Registry Dump ---------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="D:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"avast!"="D:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"RemoteControl"="\"D:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"HP Software Update"="D:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"FLMOFFICE4DMOUSE"="D:\\Program Files\\Browser MOUSE\\mouse32a.exe"
"SunJavaUpdateSched"="\"D:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"NeroFilterCheck"="D:\\WINDOWS\\system32\\NeroCheck.exe"
"!AVG Anti-Spyware"="\"D:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="D:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="D:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H]
Shell\AutoRun\command H:\Autorun.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\J]
Shell\AutoRun\command J:\Autorun.exe


-- End of ComboScan: finished at 2007-03-30 at 23:19:34 ------------------------

[ Dodano: Dzisiaj o 22:28 ]
EEEEEE, PRZEPRASZAM, ZAPOMNIAŁAM CODE...

Kod: Zaznacz wszystko

ComboScan v20070306.20 run by Daria on 2007-03-30 at 23:17:28
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-03-30 23:17:31
Platform: Windows XP Dodatek Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.0.5730.11)

Running processes:
D:\WINDOWS\system32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\explorer.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Program Files\Alwil Software\Avast4\ashDisp.exe
D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
D:\Program Files\HP\HP Software Update\hpwuSchd2.exe
D:\Program Files\Browser MOUSE\mouse32a.exe
D:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
D:\WINDOWS\system32\RaConfig.exe
D:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
D:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
D:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Documents and Settings\Daria\Pulpit\comboscan.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dziennik.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Alcohol Toolbar Helper - {52D06F97-5511-43FA-8FDA-C481864FD26E} - D:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O3 - Toolbar: Alcohol Toolbar - {4C4E7CDB-5BFC-4D74-83E2-8AE659B7EDA2} - D:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RemoteControl] "D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] D:\Program Files\Browser MOUSE\mouse32a.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone - szybkie uruchamianie.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: RaConfig.lnk = D:\WINDOWS\system32\RaConfig.exe
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = D:\Program Files\Microsoft Office\Office\1045\OLFSNT40.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\Program Files\Common Files\Skype\Skype4COM.dll
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\system32\WgaLogon.dll
O23 - Service: Urządzenie alarmowe (Alerter) - D:\WINDOWS\system32\svchost.exe -k LocalService
O23 - Service: Usługa bramy warstwy aplikacji (ALG) - D:\WINDOWS\system32\alg.exe
O23 - Service: Zarządzanie aplikacjami (AppMgmt) - D:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: ASP.NET State Service (aspnet_state) - D:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - "D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"
O23 - Service: Windows Audio (AudioSrv) - D:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: avast! Antivirus - "D:\Program Files\Alwil Software\Avast4\ashServ.exe"
O23 - Service: avast! Mail Scanner - "D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service
O23 - Service: avast! Web Scanner - "D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service
O23 - Service: AVG Anti-Spyware Guard - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Usługa inteligentnego transferu w tle (BITS) - D:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Przeglądarka komputera (Browser) - D:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Usługa indeksowania (CiSvc) - D:\WINDOWS\system32\cisvc.exe
O23 - Service: ClipBook (ClipSrv) - D:\WINDOWS\system32\clipsrv.exe
O23 - Service: Aplikacja systemowa modelu COM+ (COMSysApp) - D:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
O23 - Service: Usługi kryptograficzne (CryptSvc) - D:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Program uruchamiający proces serwera DCOM (DcomLaunch) - D:\WINDOWS\system32\svchost -k DcomLaunch
O23 - Service: Klient DHCP (Dhcp) - D:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Usługa administracyjna Menedżera dysków logicznych (dmadmin) - D:\WINDOWS\System32\dmadmin.exe /com
O23 - Service: Menedżer dysków logicznych (dmserver) - D:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Klient DNS (Dnscache) - D:\WINDOWS\system32\svchost.exe -k NetworkService
O23 - Service: Usługa raportowania błędów (ERSvc) - D:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Dziennik zdarzeń (Eventlog) - D:\WINDOWS\system32\services.exe
O23 - Service: System zdarzeń COM+ (EventSystem) - D:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Zgodność szybkiego przełączania użytkowników (FastUserSwitchingCompatibility) - D:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Pomoc i obsługa techniczna (helpsvc) - D:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Dostęp do urządzeń interfejsu HID (HidServ) - D:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: HTTP SSL (HTTPFilter) - D:\WINDOWS\System32\svchost.exe -k HTTPFilter
O23 - Service: Usługa COM nagrywania dysków CD IMAPI (ImapiService) - D:\WINDOWS\system32\imapi.exe
O23 - Service: Serwer (lanmanserver) - D:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Stacja robocza (lanmanworkstation) - D:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Pomoc TCP/IP NetBIOS (LmHosts) - D:\WINDOWS\system32\svchost.exe -k LocalService
O23 - Service: Posłaniec (Messenger) - D:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: NetMeeting Remote Desktop Sharing (mnmsrvc) - D:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Distributed Transaction Coordinator (MSDTC) - D:\WINDOWS\system32\msdtc.exe
O23 - Service: Instalator Windows (MSIServer) - D:\WINDOWS\system32\msiexec.exe /V
O23 - Service: DDE sieci (NetDDE) - D:\WINDOWS\system32\netdde.exe
O23 - Service: DSDM DDE sieci (NetDDEdsdm) - D:\WINDOWS\system32\netdde.exe
O23 - Service: Logowanie do sieci (Netlogon) - D:\WINDOWS\system32\lsass.exe
O23 - Service: Połączenia sieciowe (Netman) - D:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Rozpoznawanie lokalizacji w sieci (NLA) (Nla) - D:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Usługa NT LM Security Support Provider (NtLmSsp) - D:\WINDOWS\system32\lsass.exe
O23 - Service: Magazyn wymienny (NtmsSvc) - D:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Plug and Play (PlugPlay) - D:\WINDOWS\system32\services.exe
O23 - Service: Pml Driver HPZ12 - D:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Usługi IPSEC (PolicyAgent) - D:\WINDOWS\system32\lsass.exe
O23 - Service: Magazyn chroniony (ProtectedStorage) - D:\WINDOWS\system32\lsass.exe
O23 - Service: Menedżer autopołączenia dostępu zdalnego (RasAuto) - D:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Menedżer połączeń usługi Dostęp zdalny (RasMan) - D:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Menedżer sesji pomocy pulpitu zdalnego (RDSessMgr) - D:\WINDOWS\system32\sessmgr.exe
O23 - Service: Routing i dostęp zdalny (RemoteAccess) - D:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Lokalizator usługi zdalnego wywołania procedury (RPC) (RpcLocator) - D:\WINDOWS\system32\locator.exe
O23 - Service: Zdalne wywoływanie procedur (RPC) (RpcSs) - D:\WINDOWS\system32\svchost -k rpcss
O23 - Service: QoS RSVP (RSVP) - D:\WINDOWS\system32\rsvp.exe
O23 - Service: Menedżer kont zabezpieczeń (SamSs) - D:\WINDOWS\system32\lsass.exe
O23 - Service: Karta inteligentna (SCardSvr) - D:\WINDOWS\system32\scardsvr.exe
O23 - Service: Harmonogram zadań (Schedule) - D:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Logowanie pomocnicze (seclogon) - D:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Zawiadomienie o zdarzeniu systemowym (SENS) - D:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Zapora systemu Windows/Udostępnianie połączenia internetowego (SharedAccess) - D:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Wykrywanie sprzętu powłoki (ShellHWDetection) - D:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Bufor wydruku (Spooler) - D:\WINDOWS\system32\spoolsv.exe
O23 - Service: Usługa przywracania systemu (srservice) - D:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Usługa odnajdywania SSDP (SSDPSRV) - D:\WINDOWS\system32\svchost.exe -k LocalService
O23 - Service: StarWind iSCSI Service (StarWindService) - D:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
O23 - Service: Windows Image Acquisition (WIA) (stisvc) - D:\WINDOWS\system32\svchost.exe -k imgsvc
O23 - Service: MS Software Shadow Copy Provider (SwPrv) - D:\WINDOWS\system32\dllhost.exe /Processid:{68A4657F-AA5E-4CC8-A04D-B13FAB7EEBCF}
O23 - Service: Dzienniki wydajności i alerty (SysmonLog) - D:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Telefonia (TapiSrv) - D:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Usługi terminalowe (TermService) - D:\WINDOWS\System32\svchost -k DComLaunch
O23 - Service: Kompozycje (Themes) - D:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Klient śledzenia łączy rozproszonych (TrkWks) - D:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Windows User Mode Driver Framework (UMWdf) - D:\WINDOWS\system32\wdfmgr.exe
O23 - Service: Host uniwersalnego urządzenia Plug and Play (upnphost) - D:\WINDOWS\system32\svchost.exe -k LocalService
O23 - Service: Zasilacz awaryjny (UPS) (UPS) - D:\WINDOWS\system32\ups.exe
O23 - Service: Kopiowanie woluminów w tle (VSS) - D:\WINDOWS\system32\vssvc.exe
O23 - Service: Usługa Czas systemu Windows (W32Time) - D:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: WebClient - D:\WINDOWS\system32\svchost.exe -k LocalService
O23 - Service: Instrumentacja zarządzania Windows (winmgmt) - D:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Usługa numeru seryjnego multimediów przenośnych (WmdmPmSN) - D:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Karta wydajności WMI (WmiApSrv) - D:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Centrum zabezpieczeń (wscsvc) - D:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Aktualizacje automatyczne (wuauserv) - D:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Konfiguracja zerowej sieci bezprzewodowej (WZCSVC) - D:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Usługa dostarczania sieci (xmlprov) - D:\WINDOWS\System32\svchost.exe -k netsvcs


-- Files created between 2007-02-28 and 2007-03-30 -----------------------------

2007-03-29 22:09:01         0 d-------- D:\WINDOWS\pss
2007-03-28 18:18:51      3968 --a------ D:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-03-28 18:18:15         0 d-------- D:\Program Files\Grisoft
2007-03-27 19:06:11         0 d-------- D:\WINDOWS\system32\ReinstallBackups<REINST~1>
2007-03-27 19:02:49      5632 --a------ D:\WINDOWS\system32\drivers\d343port.sys
2007-03-27 19:02:49    136704 --a------ D:\WINDOWS\system32\drivers\d343bus.sys
2007-03-27 19:02:07         0 d-------- D:\Program Files\D-Tools
2007-03-27 18:59:15         0 d-------- D:\WINDOWS\Downloaded Installations<DOWNLO~2>
2007-03-23 20:40:57      5688 --a------ D:\WINDOWS\system32\bassenc.dll
2007-03-23 20:40:57     25688 --a------ D:\WINDOWS\system32\bass_fx.dll
2007-03-23 20:40:56     92216 --a------ D:\WINDOWS\system32\bass.dll
2007-03-23 20:40:27         0 d-------- D:\Program Files\Audio4You<AUDIO4~1>
2007-03-20 16:58:33         0 d-------- D:\Program Files\Lavasoft
2007-03-20 16:54:48         0 d-------- D:\Program Files\Sygate
2007-03-20 16:53:38         0 d-------- D:\Program Files\Common Files\Wise Installation Wizard<WISEIN~1>
2007-03-19 19:45:16         0 d-------- D:\Program Files\Zajaczek 4.1<ZAJACZ~1.1>
2007-03-19 19:33:34         0 d-------- D:\Program Files\Onet
2007-03-18 19:26:00         0 d-------- D:\Program Files\Km TPR<KMTPR~1>
2007-03-03 13:54:16         0 d-------- D:\Program Files\Tlumacz Komputerowy - Niemiecki<TLUMAC~1>
2007-03-03 13:42:26         0 d-------- D:\WINDOWS\system32\Viewers
2007-03-03 13:41:15         0 d-------- D:\WINDOWS\ShellNew
2007-03-03 13:40:32         0 d-------- D:\Program Files\Przeglądarka migawek<PRZEGL~1>
2007-03-03 13:38:35         0 d-------- D:\WINDOWS\Twain32
2007-03-01 22:00:05         0 d-------- D:\Program Files\Google
2007-03-01 21:33:07         0 d-------- D:\Program Files\Pytacz Master<PYTACZ~1>


-- Find3M Report ---------------------------------------------------------------

2007-03-30 22:59:54         0 d-------- D:\Program Files\Mozilla Thunderbird<MOZILL~2>
2007-03-29 23:06:00         0 d-------- D:\Program Files\Mozilla Firefox<MOZILL~1>
2007-03-25 15:34:07         0 d-------- D:\Program Files\EA GAMES<EAGAME~1>
2007-03-25 09:52:59    436322 --a------ D:\WINDOWS\system32\perfh015.dat
2007-03-25 09:52:59     67298 --a------ D:\WINDOWS\system32\perfc015.dat
2007-03-24 13:32:23         0 d-------- D:\Documents and Settings\Daria\Dane aplikacji\Skype
2007-03-20 16:59:26         0 d-------- D:\Documents and Settings\Daria\Dane aplikacji\Lavasoft
2007-03-20 16:40:20         0 d--h----- D:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-03-11 18:13:37         0 d-------- D:\Program Files\Shareaza
2007-03-05 17:54:38         0 d---s---- D:\Documents and Settings\Daria\Dane aplikacji\Microsoft<MICROS~1>
2007-03-05 16:06:43    113072 --a------ D:\WINDOWS\hpoins07.dat
2007-03-03 13:38:35         0 d-------- D:\Documents and Settings\Daria\Dane aplikacji\Microsoft Web Folders<MICROS~2>
2007-03-03 13:36:06         0 d-------- D:\Program Files\microsoft frontpage<MICROS~1>
2007-03-01 22:02:18         0 d-------- D:\Documents and Settings\Daria\Dane aplikacji\Google
2007-03-01 19:43:46         0 d-------- D:\Documents and Settings\Daria\Dane aplikacji\OpenOffice.org2<OPENOF~1.ORG>
2007-02-16 15:07:02         0 d-------- D:\Program Files\WMV9_VCM
2007-02-16 14:45:55         0 d-------- D:\Program Files\Avalon
2007-02-15 20:18:04         0 d-------- D:\Program Files\Elfin
2007-02-15 20:16:33         0 d-------- D:\Program Files\Common Files\InstallShield<INSTAL~1>
2007-02-15 16:08:42         0 d-------- D:\Program Files\GIMP-2.0
2007-02-14 19:09:52         0 d-------- D:\Program Files\Java
2007-02-13 10:00:03         0 d-------- D:\Documents and Settings\Daria\Dane aplikacji\Ahead
2007-02-13 09:54:17         0 d-------- D:\Program Files\Ahead
2007-02-13 09:47:22         0 d-------- D:\Program Files\Common Files\Ahead
2007-02-12 19:55:46         0 d-------- D:\Program Files\Runaway PL<RUNAWA~1>
2007-02-02 17:59:21    249347 --a------ D:\WINDOWS\Alcohol_Toolbar_Uninstaller_6972.exe<ALCOHO~1.EXE>
2007-02-02 17:59:21         0 d-------- D:\Program Files\Alcohol Toolbar<ALCOHO~2>
2007-02-02 17:58:15         0 d-------- D:\Program Files\Alcohol Soft<ALCOHO~1>
2007-01-29 10:58:06     60416 -----n--- D:\WINDOWS\system32\tzchange.exe
2007-01-15 19:32:07    689280 --a------ D:\WINDOWS\system32\aswBoot.exe
2007-01-13 20:53:06     90112 --a------ D:\WINDOWS\system32\AVASTSS.scr
2007-01-12 10:27:42    232960 --a------ D:\WINDOWS\system32\webcheck.dll
2007-01-12 10:27:42     51712 -----n--- D:\WINDOWS\system32\msfeedsbs.dll<MSFEED~1.DLL>
2007-01-12 10:27:42    458752 -----n--- D:\WINDOWS\system32\msfeeds.dll
2007-01-12 10:27:42   6054400 --a------ D:\WINDOWS\system32\ieframe.dll
2007-01-08 20:04:54    105984 --a------ D:\WINDOWS\system32\url.dll
2007-01-08 20:04:08    102400 --a------ D:\WINDOWS\system32\occache.dll
2007-01-08 20:02:04    266752 --a------ D:\WINDOWS\system32\iertutil.dll
2007-01-08 20:02:04     44544 --a------ D:\WINDOWS\system32\iernonce.dll
2007-01-08 20:02:02    384000 --a------ D:\WINDOWS\system32\iedkcs32.dll
2007-01-08 20:02:02    383488 -----n--- D:\WINDOWS\system32\ieapfltr.dll
2007-01-08 20:02:02    161792 --a------ D:\WINDOWS\system32\ieakui.dll
2007-01-08 20:02:02    230400 --a------ D:\WINDOWS\system32\ieaksie.dll
2007-01-08 20:02:02    153088 --a------ D:\WINDOWS\system32\ieakeng.dll
2007-01-08 20:01:14     17408 --a------ D:\WINDOWS\system32\corpol.dll
2007-01-08 20:00:48    124928 --a------ D:\WINDOWS\system32\advpack.dll
2007-01-08 19:08:14     56832 --a------ D:\WINDOWS\system32\ie4uinit.exe
2007-01-08 19:08:10     13824 --a------ D:\WINDOWS\system32\ieudinit.exe
2007-01-02 17:55:19      4224 --a------ D:\WINDOWS\mozver.dat


-- Registry Dump ---------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="D:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"avast!"="D:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"RemoteControl"="\"D:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"HP Software Update"="D:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"FLMOFFICE4DMOUSE"="D:\\Program Files\\Browser MOUSE\\mouse32a.exe"
"SunJavaUpdateSched"="\"D:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"NeroFilterCheck"="D:\\WINDOWS\\system32\\NeroCheck.exe"
"!AVG Anti-Spyware"="\"D:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
   

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="D:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="D:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter   REG_MULTI_SZ      HTTPFilter\0\0
LocalService   REG_MULTI_SZ      Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService   REG_MULTI_SZ      DnsCache\0\0
DcomLaunch   REG_MULTI_SZ      DcomLaunch\0TermService\0\0
rpcss   REG_MULTI_SZ      RpcSs\0\0
imgsvc   REG_MULTI_SZ      StiSvc\0\0
termsvcs   REG_MULTI_SZ      TermService\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H]
Shell\AutoRun\command   H:\Autorun.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\J]
Shell\AutoRun\command   J:\Autorun.exe


-- End of ComboScan: finished at 2007-03-30 at 23:19:34 ------------------------


[wojtas]

w logu nic nie widac juz

[dariadesou]

dzięki bardzo!!!