Teraz mi się udało i wyniki są troche niepokojące dla mnie:
http://www.virustotal.com/pl/analisis/a0852c4552219af16eb538a1136818e5
Tym bardziej, że w kwarantannie AVG jest plik C:\WINDOWS\system32\dsdm.3 z oznaczeniem "Koń trojański BHO.J"
tak profilaktycznie daję do sprawdzenia logi
z ComboFix'a:
- Kod: Zaznacz wszystko
ComboFix 08-12-06.06 - Administrator 2008-12-07 18:19:56.7 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.147 [GMT 1:00]
Uruchomiony z: c:\abc\antywirusy\combofix\ComboFix.exe
* Utworzono nowy punkt przywracania
[COLOR=RED][B]UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !![/B][/COLOR]
.
((((((((((((((((((((((((( Pliki utworzone od 2008-11-07 do 2008-12-07 )))))))))))))))))))))))))))))))
.
2008-12-05 23:23 . 2008-12-06 18:54 <DIR> d-------- c:\documents and settings\Administrator\Dane aplikacji\skypePM
2008-12-05 23:23 . 2008-12-05 23:23 48 --ah----- c:\windows\system32\ezsidmv.dat
2008-12-05 23:05 . 2008-12-06 23:58 <DIR> d-------- c:\documents and settings\Administrator\Dane aplikacji\Skype
2008-12-05 23:03 . 2008-12-05 23:03 <DIR> d-------- c:\program files\Skype
2008-12-05 23:03 . 2008-12-05 23:03 <DIR> d-------- c:\program files\Common Files\Skype
2008-12-05 23:02 . 2008-12-05 23:03 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Skype
2008-11-30 23:51 . 2008-11-30 23:51 <DIR> d-------- c:\documents and settings\Administrator\WapSter
2008-11-30 23:49 . 2008-11-30 23:49 <DIR> d-------- c:\program files\WapSter
2008-11-21 21:06 . 2008-11-21 21:06 90,632 --a------ c:\windows\system32\drivers\avgtdix.sys
2008-11-21 21:06 . 2008-11-21 21:06 12,936 --a------ c:\windows\system32\drivers\avgrkx86.sys
2008-11-21 21:06 . 2008-11-21 21:06 10,520 --a------ c:\windows\system32\avgrsstx.dll
2008-11-21 21:05 . 2008-12-06 22:02 <DIR> d-------- c:\windows\system32\drivers\Avg
2008-11-21 21:05 . 2008-11-21 21:05 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\avg8
2008-11-21 21:05 . 2008-11-21 21:05 98,440 --a------ c:\windows\system32\drivers\avgldx86.sys
2008-11-21 20:59 . 2008-11-21 20:59 262,144 --a------ c:\documents and settings\WIE1AC~9
2008-11-21 20:56 . 2008-11-21 20:56 262,144 --a------ c:\documents and settings\WIE1AC~8
2008-11-21 20:39 . 2008-11-21 20:42 8,192 --a------ c:\documents and settings\WIE1AC~7
2008-11-21 20:29 . 2008-11-21 20:32 8,192 --a------ c:\documents and settings\WIE1AC~6
2008-11-21 18:41 . 2008-11-21 18:41 10,520 --------- c:\windows\system32\avgrsstx.dll.install_backup
2008-11-21 18:32 . 2008-11-21 18:32 262,144 --a------ c:\documents and settings\WIE1AC~4
2008-11-21 18:29 . 2008-11-21 18:32 8,192 --a------ c:\documents and settings\WIE1AC~3
2008-11-21 18:28 . 2008-11-21 18:28 262,144 --a------ c:\documents and settings\WIE1AC~2
2008-11-21 17:50 . 2008-11-21 17:50 262,144 --a------ c:\documents and settings\WIE1AC~1
2008-11-21 16:32 . 2008-11-21 16:35 8,192 --a------ c:\documents and settings\WIKTOR~4
2008-11-21 16:20 . 2008-11-21 16:25 8,192 --a------ c:\documents and settings\WIKTOR~3
2008-11-21 16:07 . 2008-11-21 16:10 8,192 --a------ c:\documents and settings\WIKTOR~2
2008-11-21 16:05 . 2008-11-21 16:05 262,144 --a------ c:\documents and settings\WIKTOR~1
2008-11-21 16:04 . 2008-11-21 16:04 262,144 --a------ c:\documents and settings\ROBERT~1
2008-11-21 16:04 . 2008-11-21 16:04 262,144 --a------ c:\documents and settings\PIOTRS~1
2008-11-21 16:04 . 2008-11-21 16:04 262,144 --a------ c:\documents and settings\MATEUS~2
2008-11-21 16:04 . 2008-11-21 16:04 262,144 --a------ c:\documents and settings\MATEUS~1
2008-11-21 16:04 . 2008-11-21 16:05 262,144 --a------ c:\documents and settings\MARCIN~1
2008-11-21 16:04 . 2008-11-21 16:04 262,144 --a------ c:\documents and settings\KATARZ~1
2008-11-21 16:04 . 2008-11-21 16:04 262,144 --a------ c:\documents and settings\IZATRM~1
2008-11-21 16:04 . 2008-11-21 16:04 262,144 --a------ c:\documents and settings\GABRIE~1
2008-11-21 16:04 . 2008-11-21 16:04 262,144 --a------ c:\documents and settings\EWELIN~1
2008-11-21 16:04 . 2008-11-21 16:04 262,144 --a------ c:\documents and settings\DAWIDS~1
2008-11-21 16:04 . 2008-11-21 16:04 262,144 --a------ c:\documents and settings\DAMIAN~1
2008-11-21 16:04 . 2008-11-21 16:04 262,144 --a------ c:\documents and settings\ANNAMC~1
2008-11-21 16:04 . 2008-11-21 16:04 262,144 --a------ c:\documents and settings\ADAMGS~1
2008-11-14 22:31 . 2008-10-16 14:08 27,672 --a------ c:\windows\system32\wuapi.dll.mui
2008-11-14 21:08 . 2008-11-14 21:08 <DIR> d-------- c:\documents and settings\Administrator\Dane aplikacji\Canneverbe_Limited
2008-11-14 21:07 . 2008-11-14 21:07 <DIR> d-------- c:\program files\CDBurnerXP
2008-11-14 19:26 . 2008-11-14 21:28 <DIR> d-------- c:\windows\system32\CatRoot_bak
2008-11-12 18:31 . 2008-10-24 12:10 453,632 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-12 18:30 . 2008-06-14 19:01 273,024 --------- c:\windows\system32\drivers\bthport.sys
2008-11-12 18:30 . 2008-06-14 19:01 273,024 -----c--- c:\windows\system32\dllcache\bthport.sys
2008-11-12 18:27 . 2008-08-14 14:46 2,181,632 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-11-12 18:27 . 2008-08-14 14:46 2,137,600 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-11-12 18:27 . 2008-08-14 14:46 2,059,008 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-11-12 18:27 . 2008-08-14 14:46 2,017,280 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-11-12 00:12 . 2008-11-13 00:15 <DIR> d--h----- c:\windows\$hf_mig$
2008-11-11 15:57 . 2008-06-19 17:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys
2008-11-11 15:47 . 2008-11-11 15:47 <DIR> d-------- c:\program files\Panda Security
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-15 18:09 --------- d-----w c:\documents and settings\Administrator\Dane aplikacji\uTorrent
2008-11-05 16:56 --------- d-----w c:\documents and settings\Administrator\Dane aplikacji\Pionek
2008-11-05 16:55 --------- d-----w c:\program files\Pionek
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-08 09:45 --------- d-----w c:\program files\SIO
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 15:40 1,846,272 ----a-w c:\windows\system32\win32k.sys
2008-04-03 18:10 20 ---h--w c:\documents and settings\All Users\Dane aplikacji\PKP_DLec.DAT
2007-08-07 19:58 291,888 ----a-w c:\program files\DevalVR_installer.exe
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D64DB10-DC7E-44FF-8B5E-441EE8ED668F}]
2004-08-04 13:00 105984 --a------ c:\windows\system32\dsdm.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-10-08 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-10-08 126976]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-04-02 98304]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
c:\documents and settings\All Users\Menu Start\Programy\Autostart\
Microsoft Firewall Client Management.lnk - c:\windows\Installer\{199B7F78-69B7-47C5-8D4B-A3ED1391FB6B}\NewShortcut1_8C7A59A89ABE459A9A9308C281A4A264.exe [2005-11-14 53248]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-05-03 81920]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
"NoMSAppLogo5ChannelNotify"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"vidc.3ivx"= 3ivxVfWCodec.dll
"vidc.3iv2"= 3ivxVfWCodec.dll
"msacm.divxa32"= divxa32.acm
"VIDC.HFYU"= huffyuv.dll
"VIDC.i263"= i263_32.drv
"msacm.imc"= imc32.acm
"VIDC.VP31"= vp31vfw.dll
"VIDC.X264"= x264vfw.dll
"msacm.l3fhg"= mp3fhg.acm
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\[u]0[/u]\[u]0[/u]]
"Script"=ISACLI.CMD
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\[u]0[/u]\1]
"Script"=r:\software\opiekun.cmd
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Menu Start^Programy^Autostart^Adobe Gamma.lnk]
path=c:\documents and settings\Administrator\Menu Start\Programy\Autostart\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Image Zone - szybkie uruchamianie.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\HP Image Zone - szybkie uruchamianie.lnk
backup=c:\windows\pss\HP Image Zone - szybkie uruchamianie.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^NkbMonitor.exe.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\NkbMonitor.exe.lnk
backup=c:\windows\pss\NkbMonitor.exe.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 21:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
-ra------ 2007-03-01 09:37 2321600 c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AQQ]
--a------ 2008-09-18 12:56 1674736 c:\progra~1\WapSter\WAPSTE~1\AQQ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2004-11-02 19:24 32768 c:\program files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-08-11 17:46 21741864 c:\program files\Skype\Phone\Skype.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Novalogic\\Delta Force Helikopter w Ogniu\\DFBHD.EXE"=
"c:\\erozrywka-gry\\Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\BearShare applications\\BearShare\\BearShare.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2244:UDP"= 2244:UDP:Windows Media Format SDK (wmplayer.exe)
"2245:UDP"= 2245:UDP:Windows Media Format SDK (wmplayer.exe)
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\Drivers\avgrkx86.sys [2008-11-21 12936]
R0 ilcffezs;ilcffezs;c:\windows\system32\drivers\lmkcjuoo.dat []
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-11-11 28544]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-11-21 98440]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-11-21 90632]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2008-09-17 269736]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [2008-06-21 66600]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-11-21 231704]
R2 FwcAgent;Firewall Client Agent;"c:\program files\Microsoft Firewall Client 2004\FwcAgent.exe" [2005-02-10 124176]
R2 OpSrv;Opiekun;c:\windows\system32\opsrv.exe /startedbyscm:BB66DA22-40E2A281-OpiekunService [2005-11-14 770560]
R2 SbPF.Launcher;SbPF.Launcher;"c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe" [2008-07-30 95528]
R2 SPF4;Sunbelt Personal Firewall 4;"c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe" [2008-07-30 1361192]
R3 CONAN;CONAN;c:\windows\system32\drivers\o2mmb.sys [2005-10-13 191092]
R3 MbxStby;MbxStby;c:\windows\system32\drivers\MbxStby.sys [2005-10-13 6100]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\sbfwim.sys [2008-09-17 65576]
S3 kvpndev;Kerio VPN adapter;c:\windows\system32\DRIVERS\kvpndrv.sys [2008-01-16 65024]
S3 kwflower;Kerio WinRoute Firewall Driver - Lower Layer;c:\windows\system32\DRIVERS\kwflower.sys []
S3 siusbmod;siusbmod;c:\windows\system32\DRIVERS\siusbmod.sys []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{98baef09-9b4e-11dd-95d2-00030d3b4114}]
\Shell\AutoRun\command - fooool.exe
\Shell\explore\Command - fooool.exe
\Shell\open\Command - fooool.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9e13ffd2-a229-11db-8f7a-0013d36a8016}]
\Shell\AutoRun\command - fooool.exe
\Shell\explore\Command - fooool.exe
\Shell\open\Command - fooool.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bdc6d65e-6a7b-11dc-927a-00030d3b4114}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(&0)\command - Recycled\ctfmon.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bdc6d65f-6a7b-11dc-927a-00030d3b4114}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(&0)\command - Recycled\ctfmon.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d23301bf-ae51-11dd-95fe-00030d3b4114}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(&0)\command - Recycled\ctfmon.exe
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.google.pl/
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = <local>
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\OPLSP.DLL
LSP: c:\program files\Microsoft Firewall Client 2004\FwcWsp.dll
TCP: {9F9050B7-53C1-4CEF-9D83-781BEBC29E1C} = 194.204.159.1,194.204.152.34
FireFox -: Profile - c:\documents and settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\rv5xgt7h.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.pl/
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-07 18:33:13
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\OpSrv]
"ImagePath"="c:\windows\system32\opsrv.exe /startedbyscm:BB66DA22-40E2A281-OpiekunService"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ilcffezs]
"ImagePath"="system32\drivers\lmkcjuoo.dat"
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
- - - - - - - > 'lsass.exe'(852)
c:\windows\system32\OPLSP.DLL
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\windows\system32\OpSrv.exe
c:\windows\system32\CTSVCCDA.EXE
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
c:\progra~1\AVG\AVG8\avgam.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\Sunbelt Software\Personal Firewall\SbPFCl.exe
c:\program files\Opiekun\OpTray.exe
c:\program files\Microsoft Firewall Client 2004\FwcMgmt.exe
.
**************************************************************************
.
Czas ukończenia: 2008-12-07 18:42:42 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2008-12-07 17:42:30
Przed: 18 082 557 952 bajtów wolnych
Po: 18,074,447,872 bajtów wolnych
251 --- E O F --- 2008-11-18 17:24:18
i z HiJackThis'a:
- Kod: Zaznacz wszystko
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:44:56, on 2008-12-07
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\opsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Microsoft Firewall Client 2004\FwcAgent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\Program Files\Opiekun\optray.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\explorer.exe
C:\abc\antywirusy\HiJackThis\hijackthis.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0D64DB10-DC7E-44FF-8B5E-441EE8ED668F} - C:\WINDOWS\system32\dsdm.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Firewall Client Management.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\oplsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\oplsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\oplsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\oplsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\oplsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\oplsp.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.pcworld.pl
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = sbsmenis.edu.pl
O17 - HKLM\Software\..\Telephony: DomainName = sbsmenis.edu.pl
O17 - HKLM\System\CCS\Services\Tcpip\..\{9F9050B7-53C1-4CEF-9D83-781BEBC29E1C}: NameServer = 194.204.159.1,194.204.152.34
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = sbsmenis.edu.pl
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Opiekun (OpSrv) - SoftStory - C:\WINDOWS\system32\opsrv.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
--
End of file - 6528 bytes
. Także nie jest to niebezpieczne
a co do logow wydaja sie byc ok