prosba o sprawdzenie loga

**Posty:** 84 · przez **zooo** 26 Kwi 2007, 20:49

Witam!!!
Bardzo prosze o sprawdzenie loga poniewaz interenet stal sie jakis powolny i jak go odpalam to mi wyskakuje okno i nie moge z nim nic zrobic ani zmniejszyc ani zwiekszyc i wyskakuja jakies gupie komunikaty typu "czy chce przeskanowac kompa jakims programem za free". Z gory dzieki za pomoc.
Tu sa logi

1. HijackThis:

Kod: Zaznacz wszystko: Logfile of HijackThis v1.99.1 Scan saved at 20:31:12, on 2007-04-26 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\system32\CTHELPER.EXE C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe C:\WINDOWS\system32\RunDLL32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\SAGEM WiFi manager\WLANUTL.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\System32\WScript.exe E:\dodatki\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.onet.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O1 - Hosts: 69.80.225.31 nprotect.ryl.com.my O1 - Hosts: 72.52.163.100 nprotect.battlelands.net O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: (no name) - {f9181014-3dc0-4094-af4b-29b7e13fc512} - C:\WINDOWS\system32\finduk.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\yaaxwx.dll",realset O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk = ? O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - http://go.microsoft.com/fwlink/?linkid=58813 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1173383578687 O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MainControl Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: finduk - C:\WINDOWS\SYSTEM32\finduk.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

2. SR

Kod: Zaznacz wszystko: "Silent Runners.vbs", revision 46, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS] "DAEMON Tools" = ""C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033" ["DT Soft Ltd."] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "WINDVDPatch" = "CTHELPER.EXE" ["Creative Technology Ltd"] "Jet Detection" = ""C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"" [null data] "CTStartup" = "C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run" [null data] "NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS] "nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"] "NvMediaCenter" = "RunDLL32.exe NvMCTray.dll,NvTaskbarInit" [MS] "NAV Agent" = "C:\PROGRA~1\NORTON~1\navapw32.exe" [null data] "SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"" [null data] "RemoteControl" = ""C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"" [null data] "CloneCDTray" = ""C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s" [file not found] "NWEReboot" = (empty string) "QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" [null data] "InfoData" = "rundll32.exe "C:\WINDOWS\yaaxwx.dll",realset" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "AcroIEHlprObj Class" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = "SSVHelper Class" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll" ["Sun Microsystems, Inc."] {9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided) -> {HKLM...CLSID} = "Windows Live Sign-in Helper" \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS] {BDF3E430-B101-42AD-A544-FADC6B084872}\(Default) = "NAV Helper" -> {HKLM...CLSID} = "CNavExtBho Class" \InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"] {f9181014-3dc0-4094-af4b-29b7e13fc512}\(Default) = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\finduk.dll" [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania" -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."] "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class" -> {HKLM...CLSID} = "DesktopContext Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper" -> {HKLM...CLSID} = "NVIDIA CPL Extension" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer" -> {HKLM...CLSID} = "Desktop Explorer" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu" -> {HKLM...CLSID} = "nView Desktop Context Menu" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"] "{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"] "{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"] "{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] "{721A1B24-EC8B-4eda-9CCE-39720B9FA747}" = "WipeExt" -> {HKLM...CLSID} = "WipeExt" \InProcServer32\(Default) = "C:\Program Files\Ace Utilities\wipext.dll" [null data] "{73B24247-042E-4EF5-ADC2-42F62E6FD654}" = "ICQ Lite Shell Extension" -> {HKLM...CLSID} = "MCLiteShellExt Class" \InProcServer32\(Default) = "C:\Program Files\ICQLite\ICQLiteShell.dll" [empty string] "{e82a2d71-5b2f-43a0-97b8-81be15854de8}" = "ShellLink for Application References" -> {HKLM...CLSID} = "ShellLink for Application References" \InProcServer32\(Default) = "C:\WINDOWS\system32\dfshim.dll" [MS] "{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}" = "Shell Icon Handler for Application References" -> {HKLM...CLSID} = "Shell Icon Handler for Application References" \InProcServer32\(Default) = "C:\WINDOWS\system32\dfshim.dll" [MS] "{45670FA8-ED97-4F44-BC93-305082590BFB}" = "Microsoft.XPS.Shell.Metadata.1" -> {HKLM...CLSID} = "Windows XPS Document Metadata Handler" \InProcServer32\(Default) = "C:\WINDOWS\System32\XPSSHHDR.DLL" [MS] "{44121072-A222-48f2-A58A-6D9AD51EBBE9}" = "Microsoft.XPS.Shell.Thumbnail.1" -> {HKLM...CLSID} = "Windows XPS Document Thumbnail Handler" \InProcServer32\(Default) = "C:\WINDOWS\System32\XPSSHHDR.DLL" [MS] "{63AFBDFB-5EF8-4791-AF79-9A3C0DE48974}" = "EditPlus Context Menu Handler" -> {HKLM...CLSID} = "EditPlus Context Menu Handler" \InProcServer32\(Default) = "C:\Program Files\EditPlus 2\eppshell.dll" [null data] "{B95713CD-06FF-4D35-A9DA-4DBDFE5FD7F4}" = "Hex Editor Shell Extension" -> {HKLM...CLSID} = "ShellExt Class" \InProcServer32\(Default) = "C:\Program Files\HHD Software\Hex Editor 3.x\heshell.dll" ["HHD Software"] "{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders" -> {HKLM...CLSID} = "Moje foldery udostępniania" \InProcServer32\(Default) = "C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll" [MS] "{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices" -> {HKLM...CLSID} = "Portable Media Devices" \InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS] "{35786D3C-B075-49b9-88DD-029876E11C01}" = "Portable Devices" -> {HKLM...CLSID} = "Portable Devices" \InProcServer32\(Default) = "C:\WINDOWS\system32\wpdshext.dll" [MS] "{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8}" = "Portable Devices Menu" -> {HKLM...CLSID} = "Portable Devices Menu" \InProcServer32\(Default) = "C:\WINDOWS\system32\wpdshext.dll" [MS] "{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler" -> {HKLM...CLSID} = "Microsoft Office Outlook" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\OFFICE11\MLSHEXT.DLL" [MS] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\OFFICE11\OLKFSTUB.DLL" [MS] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS] "{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler" -> {HKLM...CLSID} = "Microsoft Office Metadata Handler" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS] "{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler" -> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ "WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" -> {HKLM...CLSID} = "WPDShServiceObj Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ INFECTION WARNING! finduk\DLLName = "finduk.dll" [null data] HKLM\Software\Classes\PROTOCOLS\Filter\ INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ EditPlus\(Default) = "{63AFBDFB-5EF8-4791-AF79-9A3C0DE48974}" -> {HKLM...CLSID} = "EditPlus Context Menu Handler" \InProcServer32\(Default) = "C:\Program Files\EditPlus 2\eppshell.dll" [null data] Hex Editor 3\(Default) = "{B95713CD-06FF-4D35-A9DA-4DBDFE5FD7F4}" -> {HKLM...CLSID} = "ShellExt Class" \InProcServer32\(Default) = "C:\Program Files\HHD Software\Hex Editor 3.x\heshell.dll" ["HHD Software"] ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}" -> {HKLM...CLSID} = "MCLiteShellExt Class" \InProcServer32\(Default) = "C:\Program Files\ICQLite\ICQLiteShell.dll" [empty string] Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}" -> {HKLM...CLSID} = "IEContextMenu Class" \InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"] WipeExt\(Default) = "{721A1B24-EC8B-4eda-9CCE-39720B9FA747}" -> {HKLM...CLSID} = "WipeExt" \InProcServer32\(Default) = "C:\Program Files\Ace Utilities\wipext.dll" [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}" -> {HKLM...CLSID} = "MCLiteShellExt Class" \InProcServer32\(Default) = "C:\Program Files\ICQLite\ICQLiteShell.dll" [empty string] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}" -> {HKLM...CLSID} = "IEContextMenu Class" \InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"] WipeExt\(Default) = "{721A1B24-EC8B-4eda-9CCE-39720B9FA747}" -> {HKLM...CLSID} = "WipeExt" \InProcServer32\(Default) = "C:\Program Files\Ace Utilities\wipext.dll" [null data] Active Desktop and Wallpaper: ----------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Documents and Settings\SZEWCO\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp" Startup items in "SZEWCO" & "All Users" startup folders: -------------------------------------------------------- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart "Adobe Reader Speed Launch" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"] "Program sieciowy dla SAGEM Wi-Fi 11g USB adapter" -> shortcut to: "C:\Program Files\SAGEM WiFi manager\WLANUTL.exe" [" "] Enabled Scheduled Tasks: ------------------------ "Norton AntiVirus - Scan my computer" -> launches: "C:\PROGRA~1\NORTON~1\NAVW32.exe /task:C:\DOCUME~1\ALLUSE~1\DANEAP~1\Symantec\NORTON~1\Tasks\mycomp.sca" ["Symantec Corporation"] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ "{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" -> {HKLM...CLSID} = "Norton AntiVirus" \InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ "{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus" -> {HKLM...CLSID} = "Norton AntiVirus" \InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ "MenuText" = "Sun Java Console" "CLSIDExtension" = "{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}" -> {HKCU...CLSID} = "Java Plug-in 1.5.0_11" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll" ["Sun Microsystems, Inc."] -> {HKLM...CLSID} = "Java Plug-in 1.5.0_11" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll" ["Sun Microsystems, Inc."] {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ "ButtonText" = "Badanie" {B863453A-26C3-4E1F-A54D-A2CD196348E9}\ "ButtonText" = "ICQ Lite" "MenuText" = "ICQ Lite" "Exec" = "C:\Program Files\ICQLite\ICQLite.exe" ["ICQ Ltd."] {FB5F1910-F110-11D2-BB9E-00C04F795683}\ "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS] HOSTS file ---------- C:\WINDOWS\System32\drivers\etc\HOSTS maps: 3 domain names to IP addresses, 2 of the IP addresses are *not* localhost! Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Automatic LiveUpdate Scheduler, Automatic LiveUpdate Scheduler, ""C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"" ["Symantec Corporation"] Creative Service for CDROM Access, Creative Service for CDROM Access, "C:\WINDOWS\system32\CTsvcCDA.exe" ["Creative Technology Ltd"] Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS] Norton AntiVirus Auto Protect Service, navapsvc, "C:\Program Files\Norton AntiVirus\navapsvc.exe" ["Symantec Corporation"] NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"] WMDM PMSP Service, WMDM PMSP Service, "C:\WINDOWS\system32\MsPMSPSv.exe" [MS] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points and all Registry CLSIDs for dormant Explorer Bars, use the -supp parameter or answer "No" at the first message box. ---------- (total run time: 47 seconds, including 5 seconds for message boxes)

**Posty:** 18165 · przez **wojtas** 26 Kwi 2007, 20:54

witaj:

Użyj WWDC :
http://www.firewallleaktester.com/wwdc.htm
Zmień opcje z disable na enable. Uruchom ponownie komputer.
Tak powinny wyglądać porty (NetBIOS może być żółty) :
http://www.firewallleaktester.com/images_site/wwdc.jpg

potem zastosuj:

smitfraudfix z opcji 2:

http://siri.urz.free.fr/Fix/SmitfraudFix_En.php

potem te 3 skanery po kilka razy w awaryjnym

VundoFix
http://www.atribune.org/ccount/click.php?id=4

VirtumundoBeGone
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

FixVundo
http://securityresponse.symantec.com/avcenter/FixVundo.exe

potem nowe logi

**Posty:** 84 · przez **zooo** 26 Kwi 2007, 22:25

Okej przeskanowalem po 3 razy kazdym i nic tu sa logi:

1.HijackThis:

Kod: Zaznacz wszystko: Logfile of HijackThis v1.99.1 Scan saved at 22:03:45, on 2007-04-26 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\system32\CTHELPER.EXE C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe C:\WINDOWS\system32\RunDLL32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\SAGEM WiFi manager\WLANUTL.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\System32\WScript.exe E:\dodatki\HijackThis.exe c:\program files\internet explorer\iexplore.exe C:\Program Files\nsp\Notatnik SP.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.onet.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O1 - Hosts: 69.80.225.31 nprotect.ryl.com.my O1 - Hosts: 72.52.163.100 nprotect.battlelands.net O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\yaaxwx.dll",realset O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk = ? O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - http://go.microsoft.com/fwlink/?linkid=58813 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1173383578687 O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MainControl Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

2. SR

Kod: Zaznacz wszystko: "Silent Runners.vbs", revision 46, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS] "DAEMON Tools" = ""C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033" ["DT Soft Ltd."] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "WINDVDPatch" = "CTHELPER.EXE" ["Creative Technology Ltd"] "Jet Detection" = ""C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"" [null data] "CTStartup" = "C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run" [null data] "NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS] "nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"] "NvMediaCenter" = "RunDLL32.exe NvMCTray.dll,NvTaskbarInit" [MS] "NAV Agent" = "C:\PROGRA~1\NORTON~1\navapw32.exe" [null data] "SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"" [null data] "RemoteControl" = ""C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"" [null data] "CloneCDTray" = ""C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s" [file not found] "NWEReboot" = (empty string) "QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" [null data] "InfoData" = "rundll32.exe "C:\WINDOWS\yaaxwx.dll",realset" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "AcroIEHlprObj Class" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = "SSVHelper Class" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll" ["Sun Microsystems, Inc."] {9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided) -> {HKLM...CLSID} = "Windows Live Sign-in Helper" \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS] {BDF3E430-B101-42AD-A544-FADC6B084872}\(Default) = "NAV Helper" -> {HKLM...CLSID} = "CNavExtBho Class" \InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania" -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."] "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class" -> {HKLM...CLSID} = "DesktopContext Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper" -> {HKLM...CLSID} = "NVIDIA CPL Extension" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer" -> {HKLM...CLSID} = "Desktop Explorer" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu" -> {HKLM...CLSID} = "nView Desktop Context Menu" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"] "{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"] "{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"] "{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] "{721A1B24-EC8B-4eda-9CCE-39720B9FA747}" = "WipeExt" -> {HKLM...CLSID} = "WipeExt" \InProcServer32\(Default) = "C:\Program Files\Ace Utilities\wipext.dll" [null data] "{73B24247-042E-4EF5-ADC2-42F62E6FD654}" = "ICQ Lite Shell Extension" -> {HKLM...CLSID} = "MCLiteShellExt Class" \InProcServer32\(Default) = "C:\Program Files\ICQLite\ICQLiteShell.dll" [empty string] "{e82a2d71-5b2f-43a0-97b8-81be15854de8}" = "ShellLink for Application References" -> {HKLM...CLSID} = "ShellLink for Application References" \InProcServer32\(Default) = "C:\WINDOWS\system32\dfshim.dll" [MS] "{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}" = "Shell Icon Handler for Application References" -> {HKLM...CLSID} = "Shell Icon Handler for Application References" \InProcServer32\(Default) = "C:\WINDOWS\system32\dfshim.dll" [MS] "{45670FA8-ED97-4F44-BC93-305082590BFB}" = "Microsoft.XPS.Shell.Metadata.1" -> {HKLM...CLSID} = "Windows XPS Document Metadata Handler" \InProcServer32\(Default) = "C:\WINDOWS\System32\XPSSHHDR.DLL" [MS] "{44121072-A222-48f2-A58A-6D9AD51EBBE9}" = "Microsoft.XPS.Shell.Thumbnail.1" -> {HKLM...CLSID} = "Windows XPS Document Thumbnail Handler" \InProcServer32\(Default) = "C:\WINDOWS\System32\XPSSHHDR.DLL" [MS] "{63AFBDFB-5EF8-4791-AF79-9A3C0DE48974}" = "EditPlus Context Menu Handler" -> {HKLM...CLSID} = "EditPlus Context Menu Handler" \InProcServer32\(Default) = "C:\Program Files\EditPlus 2\eppshell.dll" [null data] "{B95713CD-06FF-4D35-A9DA-4DBDFE5FD7F4}" = "Hex Editor Shell Extension" -> {HKLM...CLSID} = "ShellExt Class" \InProcServer32\(Default) = "C:\Program Files\HHD Software\Hex Editor 3.x\heshell.dll" ["HHD Software"] "{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders" -> {HKLM...CLSID} = "Moje foldery udostępniania" \InProcServer32\(Default) = "C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll" [MS] "{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices" -> {HKLM...CLSID} = "Portable Media Devices" \InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS] "{35786D3C-B075-49b9-88DD-029876E11C01}" = "Portable Devices" -> {HKLM...CLSID} = "Portable Devices" \InProcServer32\(Default) = "C:\WINDOWS\system32\wpdshext.dll" [MS] "{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8}" = "Portable Devices Menu" -> {HKLM...CLSID} = "Portable Devices Menu" \InProcServer32\(Default) = "C:\WINDOWS\system32\wpdshext.dll" [MS] "{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler" -> {HKLM...CLSID} = "Microsoft Office Outlook" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\OFFICE11\MLSHEXT.DLL" [MS] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\OFFICE11\OLKFSTUB.DLL" [MS] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS] "{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler" -> {HKLM...CLSID} = "Microsoft Office Metadata Handler" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS] "{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler" -> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ "WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" -> {HKLM...CLSID} = "WPDShServiceObj Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS] HKLM\Software\Classes\PROTOCOLS\Filter\ INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ EditPlus\(Default) = "{63AFBDFB-5EF8-4791-AF79-9A3C0DE48974}" -> {HKLM...CLSID} = "EditPlus Context Menu Handler" \InProcServer32\(Default) = "C:\Program Files\EditPlus 2\eppshell.dll" [null data] Hex Editor 3\(Default) = "{B95713CD-06FF-4D35-A9DA-4DBDFE5FD7F4}" -> {HKLM...CLSID} = "ShellExt Class" \InProcServer32\(Default) = "C:\Program Files\HHD Software\Hex Editor 3.x\heshell.dll" ["HHD Software"] ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}" -> {HKLM...CLSID} = "MCLiteShellExt Class" \InProcServer32\(Default) = "C:\Program Files\ICQLite\ICQLiteShell.dll" [empty string] Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}" -> {HKLM...CLSID} = "IEContextMenu Class" \InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"] WipeExt\(Default) = "{721A1B24-EC8B-4eda-9CCE-39720B9FA747}" -> {HKLM...CLSID} = "WipeExt" \InProcServer32\(Default) = "C:\Program Files\Ace Utilities\wipext.dll" [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}" -> {HKLM...CLSID} = "MCLiteShellExt Class" \InProcServer32\(Default) = "C:\Program Files\ICQLite\ICQLiteShell.dll" [empty string] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}" -> {HKLM...CLSID} = "IEContextMenu Class" \InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"] WipeExt\(Default) = "{721A1B24-EC8B-4eda-9CCE-39720B9FA747}" -> {HKLM...CLSID} = "WipeExt" \InProcServer32\(Default) = "C:\Program Files\Ace Utilities\wipext.dll" [null data] Active Desktop and Wallpaper: ----------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Documents and Settings\SZEWCO\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp" Startup items in "SZEWCO" & "All Users" startup folders: -------------------------------------------------------- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart "Adobe Reader Speed Launch" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"] "Program sieciowy dla SAGEM Wi-Fi 11g USB adapter" -> shortcut to: "C:\Program Files\SAGEM WiFi manager\WLANUTL.exe" [" "] Enabled Scheduled Tasks: ------------------------ "Norton AntiVirus - Scan my computer" -> launches: "C:\PROGRA~1\NORTON~1\NAVW32.exe /task:C:\DOCUME~1\ALLUSE~1\DANEAP~1\Symantec\NORTON~1\Tasks\mycomp.sca" ["Symantec Corporation"] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ "{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" -> {HKLM...CLSID} = "Norton AntiVirus" \InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ "{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus" -> {HKLM...CLSID} = "Norton AntiVirus" \InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ "MenuText" = "Sun Java Console" "CLSIDExtension" = "{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}" -> {HKCU...CLSID} = "Java Plug-in 1.5.0_11" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll" ["Sun Microsystems, Inc."] -> {HKLM...CLSID} = "Java Plug-in 1.5.0_11" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll" ["Sun Microsystems, Inc."] {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ "ButtonText" = "Badanie" {B863453A-26C3-4E1F-A54D-A2CD196348E9}\ "ButtonText" = "ICQ Lite" "MenuText" = "ICQ Lite" "Exec" = "C:\Program Files\ICQLite\ICQLite.exe" ["ICQ Ltd."] {FB5F1910-F110-11D2-BB9E-00C04F795683}\ "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS] HOSTS file ---------- C:\WINDOWS\System32\drivers\etc\HOSTS maps: 3 domain names to IP addresses, 2 of the IP addresses are *not* localhost! Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Automatic LiveUpdate Scheduler, Automatic LiveUpdate Scheduler, ""C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"" ["Symantec Corporation"] Creative Service for CDROM Access, Creative Service for CDROM Access, "C:\WINDOWS\system32\CTsvcCDA.exe" ["Creative Technology Ltd"] Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS] Norton AntiVirus Auto Protect Service, navapsvc, "C:\Program Files\Norton AntiVirus\navapsvc.exe" ["Symantec Corporation"] NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"] WMDM PMSP Service, WMDM PMSP Service, "C:\WINDOWS\system32\MsPMSPSv.exe" [MS] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points and all Registry CLSIDs for dormant Explorer Bars, use the -supp parameter or answer "No" at the first message box. ---------- (total run time: 51 seconds, including 5 seconds for message boxes)

I tu jeszcze VBG log:

Kod: Zaznacz wszystko: [04/26/2007, 21:09:26] - VirtumundoBeGone v1.5 ( "E:\dodatki\Skanery\VirtumundoBeGone.exe" ) [04/26/2007, 21:32:11] - Detected System Information: [04/26/2007, 21:32:11] - Windows Version: 5.1.2600, Dodatek Service Pack 2 [04/26/2007, 21:32:11] - Current Username: SZEWCO (Admin) [04/26/2007, 21:32:11] - Windows is in SAFE mode with Networking. [04/26/2007, 21:32:11] - Searching for Browser Helper Objects: [04/26/2007, 21:32:11] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class) [04/26/2007, 21:32:11] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} () [04/26/2007, 21:32:11] - WARNING: BHO has no default name. Checking for Winlogon reference. [04/26/2007, 21:32:11] - Checking for HKLM\...\Winlogon\Notify\SDHelper [04/26/2007, 21:32:11] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing. [04/26/2007, 21:32:11] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class) [04/26/2007, 21:32:11] - BHO 4: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper) [04/26/2007, 21:32:11] - BHO 5: {BDF3E430-B101-42AD-A544-FADC6B084872} (CNavExtBho Class) [04/26/2007, 21:32:11] - BHO 6: {f9181014-3dc0-4094-af4b-29b7e13fc512} () [04/26/2007, 21:32:11] - WARNING: BHO has no default name. Checking for Winlogon reference. [04/26/2007, 21:32:11] - Checking for HKLM\...\Winlogon\Notify\finduk [04/26/2007, 21:32:11] - Found: HKLM\...\Winlogon\Notify\finduk - This is probably Virtumundo. [04/26/2007, 21:32:11] - Assigning {f9181014-3dc0-4094-af4b-29b7e13fc512} MSEvents Object [04/26/2007, 21:32:11] - BHO list has been changed! Starting over... [04/26/2007, 21:32:11] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class) [04/26/2007, 21:32:11] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} () [04/26/2007, 21:32:11] - WARNING: BHO has no default name. Checking for Winlogon reference. [04/26/2007, 21:32:11] - Checking for HKLM\...\Winlogon\Notify\SDHelper [04/26/2007, 21:32:11] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing. [04/26/2007, 21:32:11] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class) [04/26/2007, 21:32:11] - BHO 4: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper) [04/26/2007, 21:32:11] - BHO 5: {BDF3E430-B101-42AD-A544-FADC6B084872} (CNavExtBho Class) [04/26/2007, 21:32:11] - BHO 6: {f9181014-3dc0-4094-af4b-29b7e13fc512} (MSEvents Object) [04/26/2007, 21:32:11] - ALERT: Found MSEvents Object! [04/26/2007, 21:32:11] - Finished Searching Browser Helper Objects [04/26/2007, 21:32:11] - *** Detected MSEvents Object [04/26/2007, 21:32:11] - Trying to remove MSEvents Object... [04/26/2007, 21:32:12] - Terminating Process: IEXPLORE.EXE [04/26/2007, 21:32:13] - Terminating Process: RUNDLL32.EXE [04/26/2007, 21:32:13] - Disabling Automatic Shell Restart [04/26/2007, 21:32:13] - Terminating Process: EXPLORER.EXE [04/26/2007, 21:32:14] - Suspending the NT Session Manager System Service [04/26/2007, 21:32:14] - Terminating Windows NT Logon/Logoff Manager [04/26/2007, 21:32:14] - Re-enabling Automatic Shell Restart [04/26/2007, 21:32:14] - File to disable: C:\WINDOWS\system32\finduk.dll [04/26/2007, 21:32:14] - Renaming C:\WINDOWS\system32\finduk.dll -> C:\WINDOWS\system32\finduk.dll.vir [04/26/2007, 21:32:14] - File successfully renamed! [04/26/2007, 21:32:14] - Removing HKLM\...\Browser Helper Objects\{f9181014-3dc0-4094-af4b-29b7e13fc512} [04/26/2007, 21:32:14] - Removing HKCR\CLSID\{f9181014-3dc0-4094-af4b-29b7e13fc512} [04/26/2007, 21:32:14] - Adding Kill Bit for ActiveX for GUID: {f9181014-3dc0-4094-af4b-29b7e13fc512} [04/26/2007, 21:32:14] - Deleting ATLEvents/MSEvents Registry entries [04/26/2007, 21:32:14] - Removing HKLM\...\Winlogon\Notify\finduk [04/26/2007, 21:32:14] - Searching for Browser Helper Objects: [04/26/2007, 21:32:14] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class) [04/26/2007, 21:32:14] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} () [04/26/2007, 21:32:14] - WARNING: BHO has no default name. Checking for Winlogon reference. [04/26/2007, 21:32:14] - Checking for HKLM\...\Winlogon\Notify\SDHelper [04/26/2007, 21:32:14] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing. [04/26/2007, 21:32:14] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class) [04/26/2007, 21:32:14] - BHO 4: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper) [04/26/2007, 21:32:14] - BHO 5: {BDF3E430-B101-42AD-A544-FADC6B084872} (CNavExtBho Class) [04/26/2007, 21:32:14] - Finished Searching Browser Helper Objects [04/26/2007, 21:32:14] - Finishing up... [04/26/2007, 21:32:14] - A restart is needed. [04/26/2007, 21:32:19] - Attempting to Restart via STOP error (Blue Screen!) [04/26/2007, 21:34:09] - VirtumundoBeGone v1.5 ( "E:\dodatki\Skanery\VirtumundoBeGone.exe" ) [04/26/2007, 21:34:20] - Detected System Information: [04/26/2007, 21:34:20] - Windows Version: 5.1.2600, Dodatek Service Pack 2 [04/26/2007, 21:34:20] - Current Username: SZEWCO (Admin) [04/26/2007, 21:34:20] - Windows is in SAFE mode with Networking. [04/26/2007, 21:34:20] - Searching for Browser Helper Objects: [04/26/2007, 21:34:20] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class) [04/26/2007, 21:34:20] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} () [04/26/2007, 21:34:20] - WARNING: BHO has no default name. Checking for Winlogon reference. [04/26/2007, 21:34:20] - Checking for HKLM\...\Winlogon\Notify\SDHelper [04/26/2007, 21:34:20] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing. [04/26/2007, 21:34:20] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class) [04/26/2007, 21:34:20] - BHO 4: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper) [04/26/2007, 21:34:20] - BHO 5: {BDF3E430-B101-42AD-A544-FADC6B084872} (CNavExtBho Class) [04/26/2007, 21:34:20] - Finished Searching Browser Helper Objects [04/26/2007, 21:34:20] - Finishing up... [04/26/2007, 21:34:20] - Nothing found! Exiting...

I jak to wyglada??

**Posty:** 18165 · przez **wojtas** 26 Kwi 2007, 22:32

Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach)
Start do awaryjnego ( F8 ) przy starcie komputera.

O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\yaaxwx.dll",realset

Odpalasz hijackthis i zaznaczasz ptaszkami powyższe wpisy i dajesz Fix checked.
Pogrubione pliki usuwasz ręcznie z dysku

potem log z comboscana i silenta

http://www.techsupportforum.com/sectools/Deckard/comboscan.exe

**Posty:** 84 · przez **zooo** 26 Kwi 2007, 22:45

ComboScan:

Kod: Zaznacz wszystko: ComboScan v20070306.20 run by SZEWCO on 2007-04-26 at 22:27:49 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- HijackThis (run as SZEWCO.exe) ---------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 22:27:52, on 2007-04-26 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\system32\CTHELPER.EXE C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe C:\WINDOWS\system32\RunDLL32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\SAGEM WiFi manager\WLANUTL.exe C:\WINDOWS\system32\rundll32.exe c:\program files\internet explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\wuauclt.exe E:\dodatki\comboscan.exe E:\dodatki\SZEWCO.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.onet.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O1 - Hosts: 69.80.225.31 nprotect.ryl.com.my O1 - Hosts: 72.52.163.100 nprotect.battlelands.net O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk = ? O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - http://go.microsoft.com/fwlink/?linkid=58813 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1173383578687 O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MainControl Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- Files created between 2007-03-26 and 2007-04-26 ----------------------------- 2007-04-26 21:08:25 0 d-------- C:\VundoFix Backups<VUNDOF~1> 2007-04-25 15:26:27 2676 --a------ C:\WINDOWS\system32\tmp.reg 2007-04-25 15:07:01 0 d-------- C:\WINDOWS\Prefetch 2007-04-25 15:04:32 10752 -----n--- C:\WINDOWS\system32\smtpapi.dll 2007-04-25 15:04:32 9728 -----n--- C:\WINDOWS\system32\rwnh.dll 2007-04-25 15:04:32 40832 -----n--- C:\WINDOWS\system32\drivers\irbus.sys 2007-04-25 15:04:32 9728 -----n--- C:\WINDOWS\system32\comsdupd.exe 2007-04-25 15:04:29 36463 -----n--- C:\WINDOWS\system32\drivers\ati1tuxx.sys 2007-04-25 15:04:29 21343 -----n--- C:\WINDOWS\system32\drivers\ati1ttxx.sys 2007-04-25 15:04:29 26367 -----n--- C:\WINDOWS\system32\drivers\ati1snxx.sys 2007-04-25 15:04:29 63663 -----n--- C:\WINDOWS\system32\drivers\ati1rvxx.sys 2007-04-25 15:04:29 30671 -----n--- C:\WINDOWS\system32\drivers\ati1raxx.sys 2007-04-25 15:04:29 12047 -----n--- C:\WINDOWS\system32\drivers\ati1pdxx.sys 2007-04-25 15:04:29 11615 -----n--- C:\WINDOWS\system32\drivers\ati1mdxx.sys 2007-04-25 15:04:29 56623 -----n--- C:\WINDOWS\system32\drivers\ati1btxx.sys 2007-04-25 15:04:29 43008 -----n--- C:\WINDOWS\system32\drivers\amdagp.sys 2007-04-25 15:04:29 42752 -----n--- C:\WINDOWS\system32\drivers\alim1541.sys 2007-04-25 15:04:29 44928 -----n--- C:\WINDOWS\system32\drivers\agpcpq.sys 2007-04-25 15:04:29 42368 -----n--- C:\WINDOWS\system32\drivers\agp440.sys 2007-04-25 15:04:29 3775 -----n--- C:\WINDOWS\system32\drivers\adv11nt5.dll 2007-04-25 15:04:29 3711 -----n--- C:\WINDOWS\system32\drivers\adv09nt5.dll 2007-04-25 15:04:29 3135 -----n--- C:\WINDOWS\system32\drivers\adv08nt5.dll 2007-04-25 15:04:29 3647 -----n--- C:\WINDOWS\system32\drivers\adv07nt5.dll 2007-04-25 15:04:29 3615 -----n--- C:\WINDOWS\system32\drivers\adv05nt5.dll 2007-04-25 15:04:29 3967 -----n--- C:\WINDOWS\system32\drivers\adv02nt5.dll 2007-04-25 15:04:29 4255 -----n--- C:\WINDOWS\system32\drivers\adv01nt5.dll 2007-04-25 15:04:28 31744 -----n--- C:\WINDOWS\system32\drivers\atinxbxx.sys 2007-04-25 15:04:28 73216 -----n--- C:\WINDOWS\system32\drivers\atintuxx.sys 2007-04-25 15:04:28 13824 -----n--- C:\WINDOWS\system32\drivers\atinttxx.sys 2007-04-25 15:04:28 28672 -----n--- C:\WINDOWS\system32\drivers\atinsnxx.sys 2007-04-25 15:04:28 104960 -----n--- C:\WINDOWS\system32\drivers\atinrvxx.sys 2007-04-25 15:04:28 52224 -----n--- C:\WINDOWS\system32\drivers\atinraxx.sys 2007-04-25 15:04:28 14336 -----n--- C:\WINDOWS\system32\drivers\atinpdxx.sys 2007-04-25 15:04:28 13824 -----n--- C:\WINDOWS\system32\drivers\atinmdxx.sys 2007-04-25 15:04:28 57856 -----n--- C:\WINDOWS\system32\drivers\atinbtxx.sys 2007-04-25 15:04:28 701440 -----n--- C:\WINDOWS\system32\drivers\ati2mtag.sys 2007-04-25 15:04:28 327040 -----n--- C:\WINDOWS\system32\drivers\ati2mtaa.sys 2007-04-25 15:04:28 34735 -----n--- C:\WINDOWS\system32\drivers\ati1xsxx.sys 2007-04-25 15:04:28 29455 -----n--- C:\WINDOWS\system32\drivers\ati1xbxx.sys 2007-04-25 15:04:27 15423 -----n--- C:\WINDOWS\system32\drivers\ch7xxnt5.dll 2007-04-25 15:04:27 18944 -----n--- C:\WINDOWS\system32\drivers\bthusb.sys 2007-04-25 15:04:27 35456 -----n--- C:\WINDOWS\system32\drivers\bthprint.sys 2007-04-25 15:04:27 275200 -----n--- C:\WINDOWS\system32\drivers\bthport.sys 2007-04-25 15:04:27 100992 -----n--- C:\WINDOWS\system32\drivers\bthpan.sys 2007-04-25 15:04:27 38016 -----n--- C:\WINDOWS\system32\drivers\bthmodem.sys 2007-04-25 15:04:27 17024 -----n--- C:\WINDOWS\system32\drivers\bthenum.sys 2007-04-25 15:04:27 17279 -----n--- C:\WINDOWS\system32\drivers\atv10nt5.dll 2007-04-25 15:04:27 14143 -----n--- C:\WINDOWS\system32\drivers\atv06nt5.dll 2007-04-25 15:04:27 25471 -----n--- C:\WINDOWS\system32\drivers\atv04nt5.dll 2007-04-25 15:04:27 11359 -----n--- C:\WINDOWS\system32\drivers\atv02nt5.dll 2007-04-25 15:04:27 21183 -----n--- C:\WINDOWS\system32\drivers\atv01nt5.dll 2007-04-25 15:04:27 63488 -----n--- C:\WINDOWS\system32\drivers\atinxsxx.sys 2007-04-25 15:04:26 1309184 -----n--- C:\WINDOWS\system32\drivers\mtlstrm.sys 2007-04-25 15:04:26 126686 -----n--- C:\WINDOWS\system32\drivers\mtlmnt5.sys 2007-04-25 15:04:26 11868 -----n--- C:\WINDOWS\system32\drivers\mdmxsdk.sys 2007-04-25 15:04:26 1041536 -----n--- C:\WINDOWS\system32\drivers\hsfdpsp2.sys 2007-04-25 15:04:26 685056 -----n--- C:\WINDOWS\system32\drivers\hsfcxts2.sys 2007-04-25 15:04:26 220032 -----n--- C:\WINDOWS\system32\drivers\hsfbs2s2.sys 2007-04-25 15:04:26 15104 -----n--- C:\WINDOWS\system32\drivers\hidir.sys 2007-04-25 15:04:26 25728 -----n--- C:\WINDOWS\system32\drivers\hidbth.sys 2007-04-25 15:04:26 46464 -----n--- C:\WINDOWS\system32\drivers\gagp30kx.sys 2007-04-25 15:04:25 6016 -----n--- C:\WINDOWS\system32\drivers\smbali.sys 2007-04-25 15:04:25 13240 -----n--- C:\WINDOWS\system32\drivers\slwdmsup.sys 2007-04-25 15:04:25 95424 -----n--- C:\WINDOWS\system32\drivers\slnthal.sys 2007-04-25 15:04:25 404990 -----n--- C:\WINDOWS\system32\drivers\slntamr.sys 2007-04-25 15:04:25 129535 -----n--- C:\WINDOWS\system32\drivers\slnt7554.sys 2007-04-25 15:04:25 41088 -----n--- C:\WINDOWS\system32\drivers\sisagp.sys 2007-04-25 15:04:25 3901 -----n--- C:\WINDOWS\system32\drivers\siint5.dll 2007-04-25 15:04:25 166912 -----n--- C:\WINDOWS\system32\drivers\s3gnbm.sys 2007-04-25 15:04:25 30080 -----n--- C:\WINDOWS\system32\drivers\rndismpx.sys 2007-04-25 15:04:25 59648 -----n--- C:\WINDOWS\system32\drivers\rfcomm.sys 2007-04-25 15:04:25 13776 -----n--- C:\WINDOWS\system32\drivers\recagent.sys 2007-04-25 15:04:25 180360 -----n--- C:\WINDOWS\system32\drivers\ntmtlfax.sys 2007-04-25 15:04:25 12672 -----n--- C:\WINDOWS\system32\drivers\mutohpen.sys 2007-04-25 15:04:25 452736 -----n--- C:\WINDOWS\system32\drivers\mtxparhm.sys 2007-04-25 15:04:24 25471 -----n--- C:\WINDOWS\system32\drivers\watv10nt.sys 2007-04-25 15:04:24 22271 -----n--- C:\WINDOWS\system32\drivers\watv06nt.sys 2007-04-25 15:04:24 11935 -----n--- C:\WINDOWS\system32\drivers\wadv11nt.sys 2007-04-25 15:04:24 11871 -----n--- C:\WINDOWS\system32\drivers\wadv09nt.sys 2007-04-25 15:04:24 11295 -----n--- C:\WINDOWS\system32\drivers\wadv08nt.sys 2007-04-25 15:04:24 11807 -----n--- C:\WINDOWS\system32\drivers\wadv07nt.sys 2007-04-25 15:04:24 13568 -----n--- C:\WINDOWS\system32\drivers\wacompen.sys 2007-04-25 15:04:24 42240 -----n--- C:\WINDOWS\system32\drivers\viaagp.sys 2007-04-25 15:04:24 11325 -----n--- C:\WINDOWS\system32\drivers\vchnt5.dll 2007-04-25 15:04:24 78464 -----n--- C:\WINDOWS\system32\drivers\usbvideo.sys 2007-04-25 15:04:24 12672 -----n--- C:\WINDOWS\system32\drivers\usb8023x.sys 2007-04-25 15:04:24 44672 -----n--- C:\WINDOWS\system32\drivers\uagp35.sys 2007-04-25 15:04:24 201728 -----n--- C:\WINDOWS\system32\ati2dvag.dll 2007-04-25 15:04:24 377984 -----n--- C:\WINDOWS\system32\ati2dvaa.dll 2007-04-25 15:04:24 229376 -----n--- C:\WINDOWS\system32\ati2cqag.dll 2007-04-25 15:04:23 1737856 -----n--- C:\WINDOWS\system32\mtxparhd.dll 2007-04-25 15:04:23 86016 -----n--- C:\WINDOWS\system32\mdmxsdk.dll 2007-04-25 15:04:23 32285 -----n--- C:\WINDOWS\system32\hsfcisp2.dll 2007-04-25 15:04:23 516768 -----n--- C:\WINDOWS\system32\ativvaxx.dll 2007-04-25 15:04:23 32768 -----n--- C:\WINDOWS\system32\ativtmxx.dll 2007-04-25 15:04:23 1888992 -----n--- C:\WINDOWS\system32\ati3duag.dll 2007-04-25 15:04:23 870784 -----n--- C:\WINDOWS\system32\ati3d1ag.dll 2007-04-25 15:04:22 73796 -----n--- C:\WINDOWS\system32\slserv.exe 2007-04-25 15:04:22 32866 -----n--- C:\WINDOWS\system32\slrundll.exe 2007-04-25 15:04:22 188508 -----n--- C:\WINDOWS\system32\slgen.dll 2007-04-25 15:04:22 286792 -----n--- C:\WINDOWS\system32\slextspk.dll 2007-04-25 15:04:22 73832 -----n--- C:\WINDOWS\system32\slcoinst.dll 2007-04-25 15:04:22 397056 -----n--- C:\WINDOWS\system32\s3gnb.dll 2007-04-25 15:04:22 32866 -----n--- C:\WINDOWS\slrundll.exe 2007-04-25 15:00:54 0 d-------- C:\WINDOWS\ServicePackFiles<SERVIC~1> 2007-04-24 14:29:44 60273 --a------ C:\WINDOWS\system32\pthreadGC2.dll<PTHREA~1.DLL> 2007-04-22 21:29:46 31744 --a------ C:\WINDOWS\system32\drivers\ZDPSp50a64.sys<ZDPSP5~1.SYS> 2007-04-22 21:29:46 17664 --a------ C:\WINDOWS\system32\drivers\ZDPSp50.sys 2007-04-22 21:29:46 29184 --a------ C:\WINDOWS\system32\drivers\BRGSp50a64.sys<BRGSP5~1.SYS> 2007-04-22 21:29:46 20608 --a------ C:\WINDOWS\system32\drivers\BRGSp50.sys 2007-04-22 21:29:46 0 d-------- C:\Program Files\SAGEM WiFi manager<SAGEMW~1> 2007-04-22 21:29:37 0 d-------- C:\Program Files\SAGEM 2007-04-22 21:28:36 402432 --a------ C:\WINDOWS\system32\drivers\WlanBZXP.sys 2007-04-22 21:28:36 493440 --a------ C:\WINDOWS\system32\drivers\WlanBZ64.SYS 2007-04-22 08:28:54 0 d-------- C:\Program Files\Global Graphics<GLOBAL~1> 2007-04-21 21:46:01 74752 --a------ C:\WINDOWS\cadkasdeinst01e.exe<CADKAS~1.EXE> 2007-04-21 21:46:01 0 d-------- C:\Program Files\PDF Editor 2<PDFEDI~1> 2007-04-13 14:39:08 0 d-------- C:\Program Files\Common Files\Skype 2007-04-11 21:47:58 0 d-------- C:\Program Files\MSECache 2007-04-11 21:43:25 0 dr-h----- C:\MSOCache 2007-04-11 21:23:44 0 d-------- C:\Program Files\Microsoft Works<MIF2B0~1> 2007-04-11 21:23:16 0 d-------- C:\WINDOWS\SHELLNEW 2007-04-11 21:23:01 0 d-------- C:\Program Files\Microsoft.NET<MICROS~1.NET> 2007-04-07 23:26:27 0 d-------- C:\Program Files\The All-Seeing Eye<THEALL~1> 2007-03-26 20:38:13 0 d-------- C:\Program Files\QuickTime<QUICKT~1> -- Find3M Report --------------------------------------------------------------- 2007-04-26 22:21:41 24 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000001-00000000-00000008-00001102-00000002-80651102}.dat<DVCSTA~2.DAT> 2007-04-26 22:21:41 24 --a------ C:\WINDOWS\system32\DVCState-{00000001-00000000-00000008-00001102-00000002-80651102}.dat<DVCSTA~1.DAT> 2007-04-24 21:17:40 8651776 --a------ C:\Documents and Settings\SZEWCO\Dane aplikacji\Outlook.pst 2007-04-24 21:17:40 271360 --a------ C:\Documents and Settings\SZEWCO\Dane aplikacji\archive.pst 2007-04-24 14:41:55 0 d-------- C:\Program Files\Winamp 2007-04-24 14:29:44 0 d-------- C:\Program Files\ffdshow 2007-04-24 07:56:36 10752 --a------ C:\WINDOWS\system32\ff_vfw.dll 2007-04-22 21:29:45 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1> 2007-04-22 08:44:38 0 d-------- C:\Documents and Settings\SZEWCO\Dane aplikacji\Azureus 2007-04-22 08:44:37 0 d-------- C:\Program Files\Replay Converter<REPLAY~1> 2007-04-22 08:44:37 0 d-------- C:\Program Files\Norton AntiVirus<NORTON~1> 2007-04-22 08:31:23 0 d-------- C:\Documents and Settings\SZEWCO\Dane aplikacji\PDFEditorSDK<PDFEDI~1> 2007-04-18 23:13:14 0 d-------- C:\Program Files\Azureus 2007-04-18 23:09:48 0 d-------- C:\Documents and Settings\SZEWCO\Dane aplikacji\Kingston 2007-04-17 20:52:46 0 d-------- C:\Documents and Settings\SZEWCO\Dane aplikacji\Gadu-Gadu<GADU-G~1> 2007-04-17 20:51:22 0 d-------- C:\Program Files\Gadu-Gadu<GADU-G~1> 2007-04-16 22:47:40 10 --ah----- C:\WINDOWS\popcinfo.dat 2007-04-15 22:29:42 0 d-------- C:\Program Files\mIRC 2007-04-15 02:51:22 0 d-------- C:\Documents and Settings\SZEWCO\Dane aplikacji\Skype 2007-04-15 00:54:26 0 d-------- C:\Program Files\DAEMON Tools<DAEMON~1> 2007-04-13 14:39:11 0 d-------- C:\Program Files\Skype 2007-04-12 19:44:36 0 d-------- C:\Program Files\SnadBoy's Revelation v2<SNADBO~1> 2007-04-11 21:48:35 497524 --a------ C:\WINDOWS\system32\perfh015.dat 2007-04-11 21:48:35 88224 --a------ C:\WINDOWS\system32\perfc015.dat 2007-04-11 21:42:22 0 d-------- C:\Documents and Settings\SZEWCO\Dane aplikacji\OfficeUpdate12<OFFICE~1> 2007-04-08 01:37:54 0 d-------- C:\Program Files\Motorola Phone Tools<MOTORO~1> 2007-04-08 01:16:53 0 d-------- C:\Program Files\SkanerOnline<SKANER~1> 2007-04-06 23:28:14 0 d-------- C:\Documents and Settings\SZEWCO\Dane aplikacji\MusicIP 2007-04-06 12:13:24 0 d---s---- C:\Documents and Settings\SZEWCO\Dane aplikacji\Microsoft<MICROS~1> 2007-04-05 15:56:13 0 d-------- C:\Documents and Settings\SZEWCO\Dane aplikacji\BinarySense<BINARY~1> 2007-03-29 15:21:52 0 d-------- C:\Documents and Settings\SZEWCO\Dane aplikacji\nHancer 2007-03-26 23:48:13 0 d-------- C:\Program Files\AC3Filter<AC3FIL~1> 2007-03-19 19:59:25 0 d-------- C:\Program Files\Mozilla Firefox 2 Beta 1<MOZILL~1> 2007-03-16 01:27:15 0 d-------- C:\Program Files\Windows Media Connect 2<WINDOW~4> 2007-03-14 19:38:24 524288 --a------ C:\WINDOWS\opuc.dll 2007-03-08 01:51:00 129784 -----n--- C:\WINDOWS\system32\pxafs.dll 2007-03-05 20:54:39 0 d-------- C:\Program Files\MSN Messenger<MSNMES~1> 2007-03-05 14:34:28 676224 --a------ C:\WINDOWS\system32\OGACheckControl.DLL<OGACHE~1.DLL> 2007-03-04 21:54:13 0 d-------- C:\Program Files\HHD Software<HHDSOF~1> 2007-03-04 19:09:58 0 d-------- C:\Documents and Settings\SZEWCO\Dane aplikacji\EditPlus 2<EDITPL~1> 2007-03-04 19:01:50 0 d-------- C:\Program Files\EditPlus 2<EDITPL~1> 2007-02-19 23:49:35 4 --a------ C:\WINDOWS\info147.sys 2007-02-14 15:27:18 1415680 --a------ C:\WINDOWS\system32\WMV9VCM.dll 2007-02-14 15:27:09 245760 --a------ C:\WINDOWS\system32\mplvpx.dll 2007-02-14 15:27:08 9216 --a------ C:\WINDOWS\system32\cpuinf32.dll 2007-02-10 17:43:57 737280 --a------ C:\WINDOWS\iun6002.exe 2007-02-01 06:56:06 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll<DIVX_X~2.DLL> 2007-02-01 06:56:05 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll<DIVX_X~3.DLL> 2007-02-01 06:56:05 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll<DIVX_X~1.DLL> 2007-01-31 23:27:01 524288 --a------ C:\WINDOWS\system32\DivXsm.exe 2007-01-31 01:15:10 118784 --a------ C:\WINDOWS\system32\DivXCodecUpdateChecker.exe<DIVXCO~1.EXE> 2007-01-30 07:03:40 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2007-01-30 07:03:26 200704 --a------ C:\WINDOWS\system32\ssldivx.dll 2007-01-30 07:03:26 1044480 --a------ C:\WINDOWS\system32\libdivx.dll 2007-01-30 06:56:56 196608 --a------ C:\WINDOWS\system32\dtu100.dll 2007-01-30 06:56:56 73728 --a------ C:\WINDOWS\system32\dpl100.dll 2007-01-30 06:56:54 53248 --a------ C:\WINDOWS\system32\dpuGUI10.dll 2007-01-30 06:56:52 57344 --a------ C:\WINDOWS\system32\dpv11.dll 2007-01-30 06:56:52 344064 --a------ C:\WINDOWS\system32\dpus11.dll 2007-01-30 06:56:52 593920 --a------ C:\WINDOWS\system32\dpuGUI11.dll 2007-01-30 06:56:52 294912 --a------ C:\WINDOWS\system32\dpu11.dll 2007-01-30 06:56:52 294912 --a------ C:\WINDOWS\system32\dpu10.dll 2007-01-26 03:19:00 118520 -----n--- C:\WINDOWS\system32\pxinsi64.exe 2007-01-26 03:19:00 116472 -----n--- C:\WINDOWS\system32\pxcpyi64.exe -- Registry Dump --------------------------------------------------------------- [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe" "DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce\CTStartup] "CTStartup"="\"C:\\Program Files\\Creative\\Splash Screen\\CTEaxSpl.EXE\" /play" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "WINDVDPatch"="CTHELPER.EXE" "Jet Detection"="\"C:\\Program Files\\Creative\\SBLive\\PROGRAM\\ADGJDet.exe\"" "CTStartup"="C:\\Program Files\\Creative\\Splash Screen\\CTEaxSpl.EXE /run" "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup" "nwiz"="nwiz.exe /install" "NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit" "NAV Agent"="C:\\PROGRA~1\\NORTON~1\\navapw32.exe" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\"" "RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\"" "CloneCDTray"="\"C:\\Program Files\\SlySoft\\CloneCD\\CloneCDTray.exe\" /s" "NWEReboot"="" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] @="" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0 [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{00d18c3a-c931-11db-83b3-0060b342dc4c}] Shell\AutoRun\command G:\SETUP.EXE [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bbde3380-c97a-11db-83b4-0060b342dc4c}] Shell\AutoRun\command H:\SETUP.EXE [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bbde3381-c97a-11db-83b4-0060b342dc4c}] Shell\AutoRun\command I:\PlayD2.EXE [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bbde3382-c97a-11db-83b4-0060b342dc4c}] Shell\AutoRun\command J:\SETUP.EXE -- End of ComboScan: finished at 2007-04-26 at 22:28:11 ------------------------

2.SR

Kod: Zaznacz wszystko: "Silent Runners.vbs", revision 46, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS] "DAEMON Tools" = ""C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033" ["DT Soft Ltd."] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "WINDVDPatch" = "CTHELPER.EXE" ["Creative Technology Ltd"] "Jet Detection" = ""C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"" [null data] "CTStartup" = "C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run" [null data] "NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS] "nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"] "NvMediaCenter" = "RunDLL32.exe NvMCTray.dll,NvTaskbarInit" [MS] "NAV Agent" = "C:\PROGRA~1\NORTON~1\navapw32.exe" [null data] "SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"" [null data] "RemoteControl" = ""C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"" [null data] "CloneCDTray" = ""C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s" [file not found] "NWEReboot" = (empty string) "QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "AcroIEHlprObj Class" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = "SSVHelper Class" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll" ["Sun Microsystems, Inc."] {9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided) -> {HKLM...CLSID} = "Windows Live Sign-in Helper" \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS] {BDF3E430-B101-42AD-A544-FADC6B084872}\(Default) = "NAV Helper" -> {HKLM...CLSID} = "CNavExtBho Class" \InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania" -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."] "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class" -> {HKLM...CLSID} = "DesktopContext Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper" -> {HKLM...CLSID} = "NVIDIA CPL Extension" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer" -> {HKLM...CLSID} = "Desktop Explorer" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu" -> {HKLM...CLSID} = "nView Desktop Context Menu" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"] "{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"] "{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"] "{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] "{721A1B24-EC8B-4eda-9CCE-39720B9FA747}" = "WipeExt" -> {HKLM...CLSID} = "WipeExt" \InProcServer32\(Default) = "C:\Program Files\Ace Utilities\wipext.dll" [null data] "{73B24247-042E-4EF5-ADC2-42F62E6FD654}" = "ICQ Lite Shell Extension" -> {HKLM...CLSID} = "MCLiteShellExt Class" \InProcServer32\(Default) = "C:\Program Files\ICQLite\ICQLiteShell.dll" [empty string] "{e82a2d71-5b2f-43a0-97b8-81be15854de8}" = "ShellLink for Application References" -> {HKLM...CLSID} = "ShellLink for Application References" \InProcServer32\(Default) = "C:\WINDOWS\system32\dfshim.dll" [MS] "{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}" = "Shell Icon Handler for Application References" -> {HKLM...CLSID} = "Shell Icon Handler for Application References" \InProcServer32\(Default) = "C:\WINDOWS\system32\dfshim.dll" [MS] "{45670FA8-ED97-4F44-BC93-305082590BFB}" = "Microsoft.XPS.Shell.Metadata.1" -> {HKLM...CLSID} = "Windows XPS Document Metadata Handler" \InProcServer32\(Default) = "C:\WINDOWS\System32\XPSSHHDR.DLL" [MS] "{44121072-A222-48f2-A58A-6D9AD51EBBE9}" = "Microsoft.XPS.Shell.Thumbnail.1" -> {HKLM...CLSID} = "Windows XPS Document Thumbnail Handler" \InProcServer32\(Default) = "C:\WINDOWS\System32\XPSSHHDR.DLL" [MS] "{63AFBDFB-5EF8-4791-AF79-9A3C0DE48974}" = "EditPlus Context Menu Handler" -> {HKLM...CLSID} = "EditPlus Context Menu Handler" \InProcServer32\(Default) = "C:\Program Files\EditPlus 2\eppshell.dll" [null data] "{B95713CD-06FF-4D35-A9DA-4DBDFE5FD7F4}" = "Hex Editor Shell Extension" -> {HKLM...CLSID} = "ShellExt Class" \InProcServer32\(Default) = "C:\Program Files\HHD Software\Hex Editor 3.x\heshell.dll" ["HHD Software"] "{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders" -> {HKLM...CLSID} = "Moje foldery udostępniania" \InProcServer32\(Default) = "C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll" [MS] "{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices" -> {HKLM...CLSID} = "Portable Media Devices" \InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS] "{35786D3C-B075-49b9-88DD-029876E11C01}" = "Portable Devices" -> {HKLM...CLSID} = "Portable Devices" \InProcServer32\(Default) = "C:\WINDOWS\system32\wpdshext.dll" [MS] "{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8}" = "Portable Devices Menu" -> {HKLM...CLSID} = "Portable Devices Menu" \InProcServer32\(Default) = "C:\WINDOWS\system32\wpdshext.dll" [MS] "{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler" -> {HKLM...CLSID} = "Microsoft Office Outlook" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\OFFICE11\MLSHEXT.DLL" [MS] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\OFFICE11\OLKFSTUB.DLL" [MS] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS] "{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler" -> {HKLM...CLSID} = "Microsoft Office Metadata Handler" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS] "{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler" -> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ "WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" -> {HKLM...CLSID} = "WPDShServiceObj Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS] HKLM\Software\Classes\PROTOCOLS\Filter\ INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ EditPlus\(Default) = "{63AFBDFB-5EF8-4791-AF79-9A3C0DE48974}" -> {HKLM...CLSID} = "EditPlus Context Menu Handler" \InProcServer32\(Default) = "C:\Program Files\EditPlus 2\eppshell.dll" [null data] Hex Editor 3\(Default) = "{B95713CD-06FF-4D35-A9DA-4DBDFE5FD7F4}" -> {HKLM...CLSID} = "ShellExt Class" \InProcServer32\(Default) = "C:\Program Files\HHD Software\Hex Editor 3.x\heshell.dll" ["HHD Software"] ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}" -> {HKLM...CLSID} = "MCLiteShellExt Class" \InProcServer32\(Default) = "C:\Program Files\ICQLite\ICQLiteShell.dll" [empty string] Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}" -> {HKLM...CLSID} = "IEContextMenu Class" \InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"] WipeExt\(Default) = "{721A1B24-EC8B-4eda-9CCE-39720B9FA747}" -> {HKLM...CLSID} = "WipeExt" \InProcServer32\(Default) = "C:\Program Files\Ace Utilities\wipext.dll" [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}" -> {HKLM...CLSID} = "MCLiteShellExt Class" \InProcServer32\(Default) = "C:\Program Files\ICQLite\ICQLiteShell.dll" [empty string] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}" -> {HKLM...CLSID} = "IEContextMenu Class" \InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"] WipeExt\(Default) = "{721A1B24-EC8B-4eda-9CCE-39720B9FA747}" -> {HKLM...CLSID} = "WipeExt" \InProcServer32\(Default) = "C:\Program Files\Ace Utilities\wipext.dll" [null data] Active Desktop and Wallpaper: ----------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Documents and Settings\SZEWCO\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp" Startup items in "SZEWCO" & "All Users" startup folders: -------------------------------------------------------- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart "Adobe Reader Speed Launch" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"] "Program sieciowy dla SAGEM Wi-Fi 11g USB adapter" -> shortcut to: "C:\Program Files\SAGEM WiFi manager\WLANUTL.exe" [" "] Enabled Scheduled Tasks: ------------------------ "Norton AntiVirus - Scan my computer" -> launches: "C:\PROGRA~1\NORTON~1\NAVW32.exe /task:C:\DOCUME~1\ALLUSE~1\DANEAP~1\Symantec\NORTON~1\Tasks\mycomp.sca" ["Symantec Corporation"] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ "{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" -> {HKLM...CLSID} = "Norton AntiVirus" \InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ "{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus" -> {HKLM...CLSID} = "Norton AntiVirus" \InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ "MenuText" = "Sun Java Console" "CLSIDExtension" = "{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}" -> {HKCU...CLSID} = "Java Plug-in 1.5.0_11" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll" ["Sun Microsystems, Inc."] -> {HKLM...CLSID} = "Java Plug-in 1.5.0_11" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll" ["Sun Microsystems, Inc."] {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ "ButtonText" = "Badanie" {B863453A-26C3-4E1F-A54D-A2CD196348E9}\ "ButtonText" = "ICQ Lite" "MenuText" = "ICQ Lite" "Exec" = "C:\Program Files\ICQLite\ICQLite.exe" ["ICQ Ltd."] {FB5F1910-F110-11D2-BB9E-00C04F795683}\ "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS] HOSTS file ---------- C:\WINDOWS\System32\drivers\etc\HOSTS maps: 3 domain names to IP addresses, 2 of the IP addresses are *not* localhost! Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Automatic LiveUpdate Scheduler, Automatic LiveUpdate Scheduler, ""C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"" ["Symantec Corporation"] Creative Service for CDROM Access, Creative Service for CDROM Access, "C:\WINDOWS\system32\CTsvcCDA.exe" ["Creative Technology Ltd"] Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS] Norton AntiVirus Auto Protect Service, navapsvc, "C:\Program Files\Norton AntiVirus\navapsvc.exe" ["Symantec Corporation"] NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"] WMDM PMSP Service, WMDM PMSP Service, "C:\WINDOWS\system32\MsPMSPSv.exe" [MS] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points and all Registry CLSIDs for dormant Explorer Bars, use the -supp parameter or answer "No" at the first message box. ---------- (total run time: 30 seconds, including 7 seconds for message boxes)

**Posty:** 18165 · przez **wojtas** 26 Kwi 2007, 23:04

skasuj:

C:\VundoFix Backups
C:\WINDOWS\system32\tmp.reg

i bedzie ok

**Posty:** 84 · przez **zooo** 27 Kwi 2007, 10:16

Usunolem wszystko tak jak mowiles teraz to wyglada tak

1. ComboScan

Kod: Zaznacz wszystko: ComboScan v20070306.20 run by SZEWCO on 2007-04-27 at 09:59:57 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- HijackThis (run as SZEWCO.exe) ---------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 09:59:59, on 2007-04-27 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\CTHELPER.EXE C:\WINDOWS\system32\RunDLL32.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\SAGEM WiFi manager\WLANUTL.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Gadu-Gadu\gg.exe E:\dodatki\comboscan.exe E:\dodatki\SZEWCO.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.onet.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O1 - Hosts: 69.80.225.31 nprotect.ryl.com.my O1 - Hosts: 72.52.163.100 nprotect.battlelands.net O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk = ? O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - http://go.microsoft.com/fwlink/?linkid=58813 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1173383578687 O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MainControl Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- Files created between 2007-03-27 and 2007-04-27 ----------------------------- 2007-04-25 15:07:01 0 d-------- C:\WINDOWS\Prefetch 2007-04-25 15:04:32 10752 -----n--- C:\WINDOWS\system32\smtpapi.dll 2007-04-25 15:04:32 9728 -----n--- C:\WINDOWS\system32\rwnh.dll 2007-04-25 15:04:32 40832 -----n--- C:\WINDOWS\system32\drivers\irbus.sys 2007-04-25 15:04:32 9728 -----n--- C:\WINDOWS\system32\comsdupd.exe 2007-04-25 15:04:29 36463 -----n--- C:\WINDOWS\system32\drivers\ati1tuxx.sys 2007-04-25 15:04:29 21343 -----n--- C:\WINDOWS\system32\drivers\ati1ttxx.sys 2007-04-25 15:04:29 26367 -----n--- C:\WINDOWS\system32\drivers\ati1snxx.sys 2007-04-25 15:04:29 63663 -----n--- C:\WINDOWS\system32\drivers\ati1rvxx.sys 2007-04-25 15:04:29 30671 -----n--- C:\WINDOWS\system32\drivers\ati1raxx.sys 2007-04-25 15:04:29 12047 -----n--- C:\WINDOWS\system32\drivers\ati1pdxx.sys 2007-04-25 15:04:29 11615 -----n--- C:\WINDOWS\system32\drivers\ati1mdxx.sys 2007-04-25 15:04:29 56623 -----n--- C:\WINDOWS\system32\drivers\ati1btxx.sys 2007-04-25 15:04:29 43008 -----n--- C:\WINDOWS\system32\drivers\amdagp.sys 2007-04-25 15:04:29 42752 -----n--- C:\WINDOWS\system32\drivers\alim1541.sys 2007-04-25 15:04:29 44928 -----n--- C:\WINDOWS\system32\drivers\agpcpq.sys 2007-04-25 15:04:29 42368 -----n--- C:\WINDOWS\system32\drivers\agp440.sys 2007-04-25 15:04:29 3775 -----n--- C:\WINDOWS\system32\drivers\adv11nt5.dll 2007-04-25 15:04:29 3711 -----n--- C:\WINDOWS\system32\drivers\adv09nt5.dll 2007-04-25 15:04:29 3135 -----n--- C:\WINDOWS\system32\drivers\adv08nt5.dll 2007-04-25 15:04:29 3647 -----n--- C:\WINDOWS\system32\drivers\adv07nt5.dll 2007-04-25 15:04:29 3615 -----n--- C:\WINDOWS\system32\drivers\adv05nt5.dll 2007-04-25 15:04:29 3967 -----n--- C:\WINDOWS\system32\drivers\adv02nt5.dll 2007-04-25 15:04:29 4255 -----n--- C:\WINDOWS\system32\drivers\adv01nt5.dll 2007-04-25 15:04:28 31744 -----n--- C:\WINDOWS\system32\drivers\atinxbxx.sys 2007-04-25 15:04:28 73216 -----n--- C:\WINDOWS\system32\drivers\atintuxx.sys 2007-04-25 15:04:28 13824 -----n--- C:\WINDOWS\system32\drivers\atinttxx.sys 2007-04-25 15:04:28 28672 -----n--- C:\WINDOWS\system32\drivers\atinsnxx.sys 2007-04-25 15:04:28 104960 -----n--- C:\WINDOWS\system32\drivers\atinrvxx.sys 2007-04-25 15:04:28 52224 -----n--- C:\WINDOWS\system32\drivers\atinraxx.sys 2007-04-25 15:04:28 14336 -----n--- C:\WINDOWS\system32\drivers\atinpdxx.sys 2007-04-25 15:04:28 13824 -----n--- C:\WINDOWS\system32\drivers\atinmdxx.sys 2007-04-25 15:04:28 57856 -----n--- C:\WINDOWS\system32\drivers\atinbtxx.sys 2007-04-25 15:04:28 701440 -----n--- C:\WINDOWS\system32\drivers\ati2mtag.sys 2007-04-25 15:04:28 327040 -----n--- C:\WINDOWS\system32\drivers\ati2mtaa.sys 2007-04-25 15:04:28 34735 -----n--- C:\WINDOWS\system32\drivers\ati1xsxx.sys 2007-04-25 15:04:28 29455 -----n--- C:\WINDOWS\system32\drivers\ati1xbxx.sys 2007-04-25 15:04:27 15423 -----n--- C:\WINDOWS\system32\drivers\ch7xxnt5.dll 2007-04-25 15:04:27 18944 -----n--- C:\WINDOWS\system32\drivers\bthusb.sys 2007-04-25 15:04:27 35456 -----n--- C:\WINDOWS\system32\drivers\bthprint.sys 2007-04-25 15:04:27 275200 -----n--- C:\WINDOWS\system32\drivers\bthport.sys 2007-04-25 15:04:27 100992 -----n--- C:\WINDOWS\system32\drivers\bthpan.sys 2007-04-25 15:04:27 38016 -----n--- C:\WINDOWS\system32\drivers\bthmodem.sys 2007-04-25 15:04:27 17024 -----n--- C:\WINDOWS\system32\drivers\bthenum.sys 2007-04-25 15:04:27 17279 -----n--- C:\WINDOWS\system32\drivers\atv10nt5.dll 2007-04-25 15:04:27 14143 -----n--- C:\WINDOWS\system32\drivers\atv06nt5.dll 2007-04-25 15:04:27 25471 -----n--- C:\WINDOWS\system32\drivers\atv04nt5.dll 2007-04-25 15:04:27 11359 -----n--- C:\WINDOWS\system32\drivers\atv02nt5.dll 2007-04-25 15:04:27 21183 -----n--- C:\WINDOWS\system32\drivers\atv01nt5.dll 2007-04-25 15:04:27 63488 -----n--- C:\WINDOWS\system32\drivers\atinxsxx.sys 2007-04-25 15:04:26 1309184 -----n--- C:\WINDOWS\system32\drivers\mtlstrm.sys 2007-04-25 15:04:26 126686 -----n--- C:\WINDOWS\system32\drivers\mtlmnt5.sys 2007-04-25 15:04:26 11868 -----n--- C:\WINDOWS\system32\drivers\mdmxsdk.sys 2007-04-25 15:04:26 1041536 -----n--- C:\WINDOWS\system32\drivers\hsfdpsp2.sys 2007-04-25 15:04:26 685056 -----n--- C:\WINDOWS\system32\drivers\hsfcxts2.sys 2007-04-25 15:04:26 220032 -----n--- C:\WINDOWS\system32\drivers\hsfbs2s2.sys 2007-04-25 15:04:26 15104 -----n--- C:\WINDOWS\system32\drivers\hidir.sys 2007-04-25 15:04:26 25728 -----n--- C:\WINDOWS\system32\drivers\hidbth.sys 2007-04-25 15:04:26 46464 -----n--- C:\WINDOWS\system32\drivers\gagp30kx.sys 2007-04-25 15:04:25 6016 -----n--- C:\WINDOWS\system32\drivers\smbali.sys 2007-04-25 15:04:25 13240 -----n--- C:\WINDOWS\system32\drivers\slwdmsup.sys 2007-04-25 15:04:25 95424 -----n--- C:\WINDOWS\system32\drivers\slnthal.sys 2007-04-25 15:04:25 404990 -----n--- C:\WINDOWS\system32\drivers\slntamr.sys 2007-04-25 15:04:25 129535 -----n--- C:\WINDOWS\system32\drivers\slnt7554.sys 2007-04-25 15:04:25 41088 -----n--- C:\WINDOWS\system32\drivers\sisagp.sys 2007-04-25 15:04:25 3901 -----n--- C:\WINDOWS\system32\drivers\siint5.dll 2007-04-25 15:04:25 166912 -----n--- C:\WINDOWS\system32\drivers\s3gnbm.sys 2007-04-25 15:04:25 30080 -----n--- C:\WINDOWS\system32\drivers\rndismpx.sys 2007-04-25 15:04:25 59648 -----n--- C:\WINDOWS\system32\drivers\rfcomm.sys 2007-04-25 15:04:25 13776 -----n--- C:\WINDOWS\system32\drivers\recagent.sys 2007-04-25 15:04:25 180360 -----n--- C:\WINDOWS\system32\drivers\ntmtlfax.sys 2007-04-25 15:04:25 12672 -----n--- C:\WINDOWS\system32\drivers\mutohpen.sys 2007-04-25 15:04:25 452736 -----n--- C:\WINDOWS\system32\drivers\mtxparhm.sys 2007-04-25 15:04:24 25471 -----n--- C:\WINDOWS\system32\drivers\watv10nt.sys 2007-04-25 15:04:24 22271 -----n--- C:\WINDOWS\system32\drivers\watv06nt.sys 2007-04-25 15:04:24 11935 -----n--- C:\WINDOWS\system32\drivers\wadv11nt.sys 2007-04-25 15:04:24 11871 -----n--- C:\WINDOWS\system32\drivers\wadv09nt.sys 2007-04-25 15:04:24 11295 -----n--- C:\WINDOWS\system32\drivers\wadv08nt.sys 2007-04-25 15:04:24 11807 -----n--- C:\WINDOWS\system32\drivers\wadv07nt.sys 2007-04-25 15:04:24 13568 -----n--- C:\WINDOWS\system32\drivers\wacompen.sys 2007-04-25 15:04:24 42240 -----n--- C:\WINDOWS\system32\drivers\viaagp.sys 2007-04-25 15:04:24 11325 -----n--- C:\WINDOWS\system32\drivers\vchnt5.dll 2007-04-25 15:04:24 78464 -----n--- C:\WINDOWS\system32\drivers\usbvideo.sys 2007-04-25 15:04:24 12672 -----n--- C:\WINDOWS\system32\drivers\usb8023x.sys 2007-04-25 15:04:24 44672 -----n--- C:\WINDOWS\system32\drivers\uagp35.sys 2007-04-25 15:04:24 201728 -----n--- C:\WINDOWS\system32\ati2dvag.dll 2007-04-25 15:04:24 377984 -----n--- C:\WINDOWS\system32\ati2dvaa.dll 2007-04-25 15:04:24 229376 -----n--- C:\WINDOWS\system32\ati2cqag.dll 2007-04-25 15:04:23 1737856 -----n--- C:\WINDOWS\system32\mtxparhd.dll 2007-04-25 15:04:23 86016 -----n--- C:\WINDOWS\system32\mdmxsdk.dll 2007-04-25 15:04:23 32285 -----n--- C:\WINDOWS\system32\hsfcisp2.dll 2007-04-25 15:04:23 516768 -----n--- C:\WINDOWS\system32\ativvaxx.dll 2007-04-25 15:04:23 32768 -----n--- C:\WINDOWS\system32\ativtmxx.dll 2007-04-25 15:04:23 1888992 -----n--- C:\WINDOWS\system32\ati3duag.dll 2007-04-25 15:04:23 870784 -----n--- C:\WINDOWS\system32\ati3d1ag.dll 2007-04-25 15:04:22 73796 -----n--- C:\WINDOWS\system32\slserv.exe 2007-04-25 15:04:22 32866 -----n--- C:\WINDOWS\system32\slrundll.exe 2007-04-25 15:04:22 188508 -----n--- C:\WINDOWS\system32\slgen.dll 2007-04-25 15:04:22 286792 -----n--- C:\WINDOWS\system32\slextspk.dll 2007-04-25 15:04:22 73832 -----n--- C:\WINDOWS\system32\slcoinst.dll 2007-04-25 15:04:22 397056 -----n--- C:\WINDOWS\system32\s3gnb.dll 2007-04-25 15:04:22 32866 -----n--- C:\WINDOWS\slrundll.exe 2007-04-25 15:00:54 0 d-------- C:\WINDOWS\ServicePackFiles<SERVIC~1> 2007-04-24 14:29:44 60273 --a------ C:\WINDOWS\system32\pthreadGC2.dll<PTHREA~1.DLL> 2007-04-22 21:29:46 31744 --a------ C:\WINDOWS\system32\drivers\ZDPSp50a64.sys<ZDPSP5~1.SYS> 2007-04-22 21:29:46 17664 --a------ C:\WINDOWS\system32\drivers\ZDPSp50.sys 2007-04-22 21:29:46 29184 --a------ C:\WINDOWS\system32\drivers\BRGSp50a64.sys<BRGSP5~1.SYS> 2007-04-22 21:29:46 20608 --a------ C:\WINDOWS\system32\drivers\BRGSp50.sys 2007-04-22 21:29:46 0 d-------- C:\Program Files\SAGEM WiFi manager<SAGEMW~1> 2007-04-22 21:29:37 0 d-------- C:\Program Files\SAGEM 2007-04-22 21:28:36 402432 --a------ C:\WINDOWS\system32\drivers\WlanBZXP.sys 2007-04-22 21:28:36 493440 --a------ C:\WINDOWS\system32\drivers\WlanBZ64.SYS 2007-04-22 08:28:54 0 d-------- C:\Program Files\Global Graphics<GLOBAL~1> 2007-04-21 21:46:01 74752 --a------ C:\WINDOWS\cadkasdeinst01e.exe<CADKAS~1.EXE> 2007-04-21 21:46:01 0 d-------- C:\Program Files\PDF Editor 2<PDFEDI~1> 2007-04-13 14:39:08 0 d-------- C:\Program Files\Common Files\Skype 2007-04-11 21:47:58 0 d-------- C:\Program Files\MSECache 2007-04-11 21:43:25 0 dr-h----- C:\MSOCache 2007-04-11 21:23:44 0 d-------- C:\Program Files\Microsoft Works<MIF2B0~1> 2007-04-11 21:23:16 0 d-------- C:\WINDOWS\SHELLNEW 2007-04-11 21:23:01 0 d-------- C:\Program Files\Microsoft.NET<MICROS~1.NET> 2007-04-07 23:26:27 0 d-------- C:\Program Files\The All-Seeing Eye<THEALL~1> -- Find3M Report --------------------------------------------------------------- 2007-04-26 23:19:26 24 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000001-00000000-00000008-00001102-00000002-80651102}.dat<DVCSTA~2.DAT> 2007-04-26 23:19:26 24 --a------ C:\WINDOWS\system32\DVCState-{00000001-00000000-00000008-00001102-00000002-80651102}.dat<DVCSTA~1.DAT> 2007-04-26 23:04:15 8905728 --a------ C:\Documents and Settings\SZEWCO\Dane aplikacji\Outlook.pst 2007-04-26 23:04:14 271360 --a------ C:\Documents and Settings\SZEWCO\Dane aplikacji\archive.pst 2007-04-26 22:45:04 0 d-------- C:\Program Files\Gadu-Gadu<GADU-G~1> 2007-04-24 14:41:55 0 d-------- C:\Program Files\Winamp 2007-04-24 14:29:44 0 d-------- C:\Program Files\ffdshow 2007-04-24 07:56:36 10752 --a------ C:\WINDOWS\system32\ff_vfw.dll 2007-04-22 21:29:45 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1> 2007-04-22 08:44:38 0 d-------- C:\Documents and Settings\SZEWCO\Dane aplikacji\Azureus 2007-04-22 08:44:37 0 d-------- C:\Program Files\Replay Converter<REPLAY~1> 2007-04-22 08:44:37 0 d-------- C:\Program Files\Norton AntiVirus<NORTON~1> 2007-04-22 08:31:23 0 d-------- C:\Documents and Settings\SZEWCO\Dane aplikacji\PDFEditorSDK<PDFEDI~1> 2007-04-18 23:13:14 0 d-------- C:\Program Files\Azureus 2007-04-18 23:09:48 0 d-------- C:\Documents and Settings\SZEWCO\Dane aplikacji\Kingston 2007-04-17 20:52:46 0 d-------- C:\Documents and Settings\SZEWCO\Dane aplikacji\Gadu-Gadu<GADU-G~1> 2007-04-16 22:47:40 10 --ah----- C:\WINDOWS\popcinfo.dat 2007-04-15 22:29:42 0 d-------- C:\Program Files\mIRC 2007-04-15 02:51:22 0 d-------- C:\Documents and Settings\SZEWCO\Dane aplikacji\Skype 2007-04-15 00:54:26 0 d-------- C:\Program Files\DAEMON Tools<DAEMON~1> 2007-04-13 14:39:11 0 d-------- C:\Program Files\Skype 2007-04-12 19:44:36 0 d-------- C:\Program Files\SnadBoy's Revelation v2<SNADBO~1> 2007-04-11 21:48:35 497524 --a------ C:\WINDOWS\system32\perfh015.dat 2007-04-11 21:48:35 88224 --a------ C:\WINDOWS\system32\perfc015.dat 2007-04-11 21:42:22 0 d-------- C:\Documents and Settings\SZEWCO\Dane aplikacji\OfficeUpdate12<OFFICE~1> 2007-04-08 01:37:54 0 d-------- C:\Program Files\Motorola Phone Tools<MOTORO~1> 2007-04-08 01:16:53 0 d-------- C:\Program Files\SkanerOnline<SKANER~1> 2007-04-07 19:04:23 0 d-------- C:\Program Files\QuickTime<QUICKT~1> 2007-04-06 23:28:14 0 d-------- C:\Documents and Settings\SZEWCO\Dane aplikacji\MusicIP 2007-04-06 12:13:24 0 d---s---- C:\Documents and Settings\SZEWCO\Dane aplikacji\Microsoft<MICROS~1> 2007-04-05 15:56:13 0 d-------- C:\Documents and Settings\SZEWCO\Dane aplikacji\BinarySense<BINARY~1> 2007-03-29 15:21:52 0 d-------- C:\Documents and Settings\SZEWCO\Dane aplikacji\nHancer 2007-03-26 23:48:13 0 d-------- C:\Program Files\AC3Filter<AC3FIL~1> 2007-03-19 19:59:25 0 d-------- C:\Program Files\Mozilla Firefox 2 Beta 1<MOZILL~1> 2007-03-16 01:27:15 0 d-------- C:\Program Files\Windows Media Connect 2<WINDOW~4> 2007-03-14 19:38:24 524288 --a------ C:\WINDOWS\opuc.dll 2007-03-08 01:51:00 129784 -----n--- C:\WINDOWS\system32\pxafs.dll 2007-03-05 20:54:39 0 d-------- C:\Program Files\MSN Messenger<MSNMES~1> 2007-03-05 14:34:28 676224 --a------ C:\WINDOWS\system32\OGACheckControl.DLL<OGACHE~1.DLL> 2007-03-04 21:54:13 0 d-------- C:\Program Files\HHD Software<HHDSOF~1> 2007-03-04 19:09:58 0 d-------- C:\Documents and Settings\SZEWCO\Dane aplikacji\EditPlus 2<EDITPL~1> 2007-03-04 19:01:50 0 d-------- C:\Program Files\EditPlus 2<EDITPL~1> 2007-02-19 23:49:35 4 --a------ C:\WINDOWS\info147.sys 2007-02-14 15:27:18 1415680 --a------ C:\WINDOWS\system32\WMV9VCM.dll 2007-02-14 15:27:09 245760 --a------ C:\WINDOWS\system32\mplvpx.dll 2007-02-14 15:27:08 9216 --a------ C:\WINDOWS\system32\cpuinf32.dll 2007-02-10 17:43:57 737280 --a------ C:\WINDOWS\iun6002.exe 2007-02-01 06:56:06 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll<DIVX_X~2.DLL> 2007-02-01 06:56:05 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll<DIVX_X~3.DLL> 2007-02-01 06:56:05 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll<DIVX_X~1.DLL> 2007-01-31 23:27:01 524288 --a------ C:\WINDOWS\system32\DivXsm.exe 2007-01-31 01:15:10 118784 --a------ C:\WINDOWS\system32\DivXCodecUpdateChecker.exe<DIVXCO~1.EXE> 2007-01-30 07:03:40 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2007-01-30 07:03:26 200704 --a------ C:\WINDOWS\system32\ssldivx.dll 2007-01-30 07:03:26 1044480 --a------ C:\WINDOWS\system32\libdivx.dll 2007-01-30 06:56:56 196608 --a------ C:\WINDOWS\system32\dtu100.dll 2007-01-30 06:56:56 73728 --a------ C:\WINDOWS\system32\dpl100.dll 2007-01-30 06:56:54 53248 --a------ C:\WINDOWS\system32\dpuGUI10.dll 2007-01-30 06:56:52 57344 --a------ C:\WINDOWS\system32\dpv11.dll 2007-01-30 06:56:52 344064 --a------ C:\WINDOWS\system32\dpus11.dll 2007-01-30 06:56:52 593920 --a------ C:\WINDOWS\system32\dpuGUI11.dll 2007-01-30 06:56:52 294912 --a------ C:\WINDOWS\system32\dpu11.dll 2007-01-30 06:56:52 294912 --a------ C:\WINDOWS\system32\dpu10.dll -- Registry Dump --------------------------------------------------------------- [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe" "DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce\CTStartup] "CTStartup"="\"C:\\Program Files\\Creative\\Splash Screen\\CTEaxSpl.EXE\" /play" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "WINDVDPatch"="CTHELPER.EXE" "Jet Detection"="\"C:\\Program Files\\Creative\\SBLive\\PROGRAM\\ADGJDet.exe\"" "CTStartup"="C:\\Program Files\\Creative\\Splash Screen\\CTEaxSpl.EXE /run" "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup" "nwiz"="nwiz.exe /install" "NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit" "NAV Agent"="C:\\PROGRA~1\\NORTON~1\\navapw32.exe" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\"" "RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\"" "CloneCDTray"="\"C:\\Program Files\\SlySoft\\CloneCD\\CloneCDTray.exe\" /s" "NWEReboot"="" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] @="" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0 [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{00d18c3a-c931-11db-83b3-0060b342dc4c}] Shell\AutoRun\command G:\SETUP.EXE [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bbde3380-c97a-11db-83b4-0060b342dc4c}] Shell\AutoRun\command H:\SETUP.EXE [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bbde3381-c97a-11db-83b4-0060b342dc4c}] Shell\AutoRun\command I:\PlayD2.EXE [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bbde3382-c97a-11db-83b4-0060b342dc4c}] Shell\AutoRun\command J:\SETUP.EXE -- End of ComboScan: finished at 2007-04-27 at 10:00:21 ------------------------

2. SR

Kod: Zaznacz wszystko: "Silent Runners.vbs", revision 46, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS] "DAEMON Tools" = ""C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033" ["DT Soft Ltd."] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "WINDVDPatch" = "CTHELPER.EXE" ["Creative Technology Ltd"] "Jet Detection" = ""C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"" [null data] "CTStartup" = "C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run" [null data] "NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS] "nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"] "NvMediaCenter" = "RunDLL32.exe NvMCTray.dll,NvTaskbarInit" [MS] "NAV Agent" = "C:\PROGRA~1\NORTON~1\navapw32.exe" [null data] "SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"" [null data] "RemoteControl" = ""C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"" [null data] "CloneCDTray" = ""C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s" [file not found] "NWEReboot" = (empty string) "QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "AcroIEHlprObj Class" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = "SSVHelper Class" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll" ["Sun Microsystems, Inc."] {9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided) -> {HKLM...CLSID} = "Windows Live Sign-in Helper" \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS] {BDF3E430-B101-42AD-A544-FADC6B084872}\(Default) = "NAV Helper" -> {HKLM...CLSID} = "CNavExtBho Class" \InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania" -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."] "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class" -> {HKLM...CLSID} = "DesktopContext Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper" -> {HKLM...CLSID} = "NVIDIA CPL Extension" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer" -> {HKLM...CLSID} = "Desktop Explorer" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu" -> {HKLM...CLSID} = "nView Desktop Context Menu" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"] "{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"] "{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"] "{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] "{721A1B24-EC8B-4eda-9CCE-39720B9FA747}" = "WipeExt" -> {HKLM...CLSID} = "WipeExt" \InProcServer32\(Default) = "C:\Program Files\Ace Utilities\wipext.dll" [null data] "{73B24247-042E-4EF5-ADC2-42F62E6FD654}" = "ICQ Lite Shell Extension" -> {HKLM...CLSID} = "MCLiteShellExt Class" \InProcServer32\(Default) = "C:\Program Files\ICQLite\ICQLiteShell.dll" [empty string] "{e82a2d71-5b2f-43a0-97b8-81be15854de8}" = "ShellLink for Application References" -> {HKLM...CLSID} = "ShellLink for Application References" \InProcServer32\(Default) = "C:\WINDOWS\system32\dfshim.dll" [MS] "{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}" = "Shell Icon Handler for Application References" -> {HKLM...CLSID} = "Shell Icon Handler for Application References" \InProcServer32\(Default) = "C:\WINDOWS\system32\dfshim.dll" [MS] "{45670FA8-ED97-4F44-BC93-305082590BFB}" = "Microsoft.XPS.Shell.Metadata.1" -> {HKLM...CLSID} = "Windows XPS Document Metadata Handler" \InProcServer32\(Default) = "C:\WINDOWS\System32\XPSSHHDR.DLL" [MS] "{44121072-A222-48f2-A58A-6D9AD51EBBE9}" = "Microsoft.XPS.Shell.Thumbnail.1" -> {HKLM...CLSID} = "Windows XPS Document Thumbnail Handler" \InProcServer32\(Default) = "C:\WINDOWS\System32\XPSSHHDR.DLL" [MS] "{63AFBDFB-5EF8-4791-AF79-9A3C0DE48974}" = "EditPlus Context Menu Handler" -> {HKLM...CLSID} = "EditPlus Context Menu Handler" \InProcServer32\(Default) = "C:\Program Files\EditPlus 2\eppshell.dll" [null data] "{B95713CD-06FF-4D35-A9DA-4DBDFE5FD7F4}" = "Hex Editor Shell Extension" -> {HKLM...CLSID} = "ShellExt Class" \InProcServer32\(Default) = "C:\Program Files\HHD Software\Hex Editor 3.x\heshell.dll" ["HHD Software"] "{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders" -> {HKLM...CLSID} = "Moje foldery udostępniania" \InProcServer32\(Default) = "C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll" [MS] "{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices" -> {HKLM...CLSID} = "Portable Media Devices" \InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS] "{35786D3C-B075-49b9-88DD-029876E11C01}" = "Portable Devices" -> {HKLM...CLSID} = "Portable Devices" \InProcServer32\(Default) = "C:\WINDOWS\system32\wpdshext.dll" [MS] "{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8}" = "Portable Devices Menu" -> {HKLM...CLSID} = "Portable Devices Menu" \InProcServer32\(Default) = "C:\WINDOWS\system32\wpdshext.dll" [MS] "{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler" -> {HKLM...CLSID} = "Microsoft Office Outlook" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\OFFICE11\MLSHEXT.DLL" [MS] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\OFFICE11\OLKFSTUB.DLL" [MS] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS] "{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler" -> {HKLM...CLSID} = "Microsoft Office Metadata Handler" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS] "{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler" -> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ "WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" -> {HKLM...CLSID} = "WPDShServiceObj Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS] HKLM\Software\Classes\PROTOCOLS\Filter\ INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ EditPlus\(Default) = "{63AFBDFB-5EF8-4791-AF79-9A3C0DE48974}" -> {HKLM...CLSID} = "EditPlus Context Menu Handler" \InProcServer32\(Default) = "C:\Program Files\EditPlus 2\eppshell.dll" [null data] Hex Editor 3\(Default) = "{B95713CD-06FF-4D35-A9DA-4DBDFE5FD7F4}" -> {HKLM...CLSID} = "ShellExt Class" \InProcServer32\(Default) = "C:\Program Files\HHD Software\Hex Editor 3.x\heshell.dll" ["HHD Software"] ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}" -> {HKLM...CLSID} = "MCLiteShellExt Class" \InProcServer32\(Default) = "C:\Program Files\ICQLite\ICQLiteShell.dll" [empty string] Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}" -> {HKLM...CLSID} = "IEContextMenu Class" \InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"] WipeExt\(Default) = "{721A1B24-EC8B-4eda-9CCE-39720B9FA747}" -> {HKLM...CLSID} = "WipeExt" \InProcServer32\(Default) = "C:\Program Files\Ace Utilities\wipext.dll" [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}" -> {HKLM...CLSID} = "MCLiteShellExt Class" \InProcServer32\(Default) = "C:\Program Files\ICQLite\ICQLiteShell.dll" [empty string] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}" -> {HKLM...CLSID} = "IEContextMenu Class" \InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"] WipeExt\(Default) = "{721A1B24-EC8B-4eda-9CCE-39720B9FA747}" -> {HKLM...CLSID} = "WipeExt" \InProcServer32\(Default) = "C:\Program Files\Ace Utilities\wipext.dll" [null data] Active Desktop and Wallpaper: ----------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Documents and Settings\SZEWCO\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp" Startup items in "SZEWCO" & "All Users" startup folders: -------------------------------------------------------- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart "Adobe Reader Speed Launch" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"] "Program sieciowy dla SAGEM Wi-Fi 11g USB adapter" -> shortcut to: "C:\Program Files\SAGEM WiFi manager\WLANUTL.exe" [" "] Enabled Scheduled Tasks: ------------------------ "Norton AntiVirus - Scan my computer" -> launches: "C:\PROGRA~1\NORTON~1\NAVW32.exe /task:C:\DOCUME~1\ALLUSE~1\DANEAP~1\Symantec\NORTON~1\Tasks\mycomp.sca" ["Symantec Corporation"] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ "{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" -> {HKLM...CLSID} = "Norton AntiVirus" \InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ "{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus" -> {HKLM...CLSID} = "Norton AntiVirus" \InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ "MenuText" = "Sun Java Console" "CLSIDExtension" = "{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}" -> {HKCU...CLSID} = "Java Plug-in 1.5.0_11" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll" ["Sun Microsystems, Inc."] -> {HKLM...CLSID} = "Java Plug-in 1.5.0_11" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll" ["Sun Microsystems, Inc."] {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ "ButtonText" = "Badanie" {B863453A-26C3-4E1F-A54D-A2CD196348E9}\ "ButtonText" = "ICQ Lite" "MenuText" = "ICQ Lite" "Exec" = "C:\Program Files\ICQLite\ICQLite.exe" ["ICQ Ltd."] {FB5F1910-F110-11D2-BB9E-00C04F795683}\ "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS] HOSTS file ---------- C:\WINDOWS\System32\drivers\etc\HOSTS maps: 3 domain names to IP addresses, 2 of the IP addresses are *not* localhost! Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Automatic LiveUpdate Scheduler, Automatic LiveUpdate Scheduler, ""C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"" ["Symantec Corporation"] Creative Service for CDROM Access, Creative Service for CDROM Access, "C:\WINDOWS\system32\CTsvcCDA.exe" ["Creative Technology Ltd"] Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS] Norton AntiVirus Auto Protect Service, navapsvc, "C:\Program Files\Norton AntiVirus\navapsvc.exe" ["Symantec Corporation"] NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"] WMDM PMSP Service, WMDM PMSP Service, "C:\WINDOWS\system32\MsPMSPSv.exe" [MS] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points and all Registry CLSIDs for dormant Explorer Bars, use the -supp parameter or answer "No" at the first message box. ---------- (total run time: 43 seconds, including 4 seconds for message boxes)

**Posty:** 4043 · przez **prog** 27 Kwi 2007, 10:51

Okej.

**Posty:** 8694 · przez **Red** 27 Kwi 2007, 11:20

to jest twoje:

E:\dodatki\SZEWCO.exe

Przeskanuj jeszcze system tym:

http://www.kaspersky.pl/virusscanner.html

i wklej wynik akcji na forum.

**Posty:** 84 · przez **zooo** 27 Kwi 2007, 19:37

Kod: Zaznacz wszystko: KASPERSKY ONLINE SCANNER REPORT 27 kwiecień 2007 18:53:48 System operacyjny: Microsoft Windows XP Professional, Dodatek Service Pack 2 (Build 2600) Kaspersky Online Scanner wersja: 5.0.83.0 Ostatnia aktualizacja Kaspersky Anti-Virus27/04/2007 Liczba wpisów w bazie danych Kaspersky Anti-Virus285928 Ustawienia skanowania Skanowanie przy użyciu następujących baz danych standardowe Skanuj archiwa tak Skanuj pocztowe bazy danych tak Obszar skanowania Mój komputer C:\ D:\ E:\ F:\ Statystyki skanowania Liczba skanowanych obiektów 111018 Liczba wykrytych wirusów 6 Liczba zainfekowanych obiektów 13 / 0 Liczba podejrzanych obiektów 0 Czas trwania skanowania 02:43:32 Nazwa zainfekowanego obiektu Nazwa wirusa Ostatnie działanie C:\Documents and Settings\All Users\Dane aplikacji\Symantec\LiveUpdate\2007-04-27_Log.ALUSchedulerSvc.LiveUpdate Object is locked pominięty C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked pominięty C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked pominięty C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked pominięty C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat Object is locked pominięty C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG Object is locked pominięty C:\Documents and Settings\LocalService\Ustawienia lokalne\Historia\History.IE5\index.dat Object is locked pominięty C:\Documents and Settings\LocalService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat Object is locked pominięty C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked pominięty C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked pominięty C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat Object is locked pominięty C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG Object is locked pominięty C:\Documents and Settings\SZEWCO\Cookies\index.dat Object is locked pominięty C:\Documents and Settings\SZEWCO\NTUSER.DAT Object is locked pominięty C:\Documents and Settings\SZEWCO\ntuser.dat.LOG Object is locked pominięty C:\Documents and Settings\SZEWCO\Ustawienia lokalne\Dane aplikacji\Microsoft\Media Player\CurrentDatabase_219.wmdb Object is locked pominięty C:\Documents and Settings\SZEWCO\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat Object is locked pominięty C:\Documents and Settings\SZEWCO\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG Object is locked pominięty C:\Documents and Settings\SZEWCO\Ustawienia lokalne\Historia\History.IE5\index.dat Object is locked pominięty C:\Documents and Settings\SZEWCO\Ustawienia lokalne\Historia\History.IE5\MSHist012007042720070428\index.dat Object is locked pominięty C:\Documents and Settings\SZEWCO\Ustawienia lokalne\Temp\~ROMFN_00000C04 Object is locked pominięty C:\Documents and Settings\SZEWCO\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat Object is locked pominięty C:\Program Files\Creative\SBLive\Program\ADGJDet.exe Object is locked pominięty C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE Object is locked pominięty C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe Object is locked pominięty C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe Object is locked pominięty C:\Program Files\Norton AntiVirus\navapw32.exe Object is locked pominięty C:\Program Files\Norton AntiVirus\Quarantine\4F7A5542.exe Zainfekowanych: Trojan-Downloader.Win32.Agent.awf pominięty C:\Program Files\Norton AntiVirus\Quarantine\636E0BA5.exe Zainfekowanych: Trojan-Downloader.Win32.Agent.awf pominięty C:\Program Files\QuickTime\qttask.exe Zainfekowanych: Trojan-Clicker.Win32.Agent.jh pominięty C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked pominięty C:\WINDOWS\CSC\00000001 Object is locked pominięty C:\WINDOWS\Debug\PASSWD.LOG Object is locked pominięty C:\WINDOWS\SchedLgU.Txt Object is locked pominięty C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked pominięty C:\WINDOWS\system32\CatRoot2\edb.log Object is locked pominięty C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked pominięty C:\WINDOWS\system32\config\AppEvent.Evt Object is locked pominięty C:\WINDOWS\system32\config\default Object is locked pominięty C:\WINDOWS\system32\config\default.LOG Object is locked pominięty C:\WINDOWS\system32\config\SAM Object is locked pominięty C:\WINDOWS\system32\config\SAM.LOG Object is locked pominięty C:\WINDOWS\system32\config\SecEvent.Evt Object is locked pominięty C:\WINDOWS\system32\config\SECURITY Object is locked pominięty C:\WINDOWS\system32\config\SECURITY.LOG Object is locked pominięty C:\WINDOWS\system32\config\software Object is locked pominięty C:\WINDOWS\system32\config\software.LOG Object is locked pominięty C:\WINDOWS\system32\config\SysEvent.Evt Object is locked pominięty C:\WINDOWS\system32\config\system Object is locked pominięty C:\WINDOWS\system32\config\system.LOG Object is locked pominięty C:\WINDOWS\system32\drivers\sptd.sys Object is locked pominięty C:\WINDOWS\system32\finduk.dll.vir Zainfekowanych: Packed.Win32.Klone.k pominięty C:\WINDOWS\system32\h323log.txt Object is locked pominięty C:\WINDOWS\system32\secure32.html Zainfekowanych: Trojan.Win32.Harnig.k pominięty C:\WINDOWS\system32\tmp1.tmp.dll Zainfekowanych: Trojan.Win32.BHO.g pominięty C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked pominięty C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked pominięty C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked pominięty C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked pominięty C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked pominięty C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked pominięty C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked pominięty C:\WINDOWS\WindowsUpdate.log Object is locked pominięty D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked pominięty E:\dodatki\backups\backup-20070424-223033-800.dll Zainfekowanych: Trojan.Win32.BHO.g pominięty E:\dodatki\backups\backup-20070424-223055-459.dll Zainfekowanych: Packed.Win32.Klone.k pominięty E:\Norton Antivirus\Symantec.Norton.Antivirus.2007.Full\NortonAntivirus2007.iso/NAV071400.exe Zainfekowanych: Trojan-Downloader.Win32.Agent.ayi pominięty E:\Norton Antivirus\Symantec.Norton.Antivirus.2007.Full\NortonAntivirus2007.iso ISO image: zainfekowany - 1 pominięty E:\Norton Antivirus\Symantec.Norton.Antivirus.2007.Full\Symantec.Norton.Antivirus.2007.Full.with.Serials.zip/Symantec.Norton.Antivirus.2007.Full.with.Serials.zip/NAV071400.exe Zainfekowanych: Trojan-Downloader.Win32.Agent.ayi pominięty E:\Norton Antivirus\Symantec.Norton.Antivirus.2007.Full\Symantec.Norton.Antivirus.2007.Full.with.Serials.zip/Symantec.Norton.Antivirus.2007.Full.with.Serials.zip Zainfekowanych: Trojan-Downloader.Win32.Agent.ayi pominięty E:\Norton Antivirus\Symantec.Norton.Antivirus.2007.Full\Symantec.Norton.Antivirus.2007.Full.with.Serials.zip ZIP: zainfekowany - 2 pominięty Proces skanowania został zakończony.

Nie wiem czy o to chodzilo ale wkeilem

**Posty:** 18165 · przez **wojtas** 27 Kwi 2007, 22:38

wywal te pliki:

C:\WINDOWS\system32\finduk.dll.vir
C:\WINDOWS\system32\tmp1.tmp.dll
E:\dodatki\backups\backup-20070424-223033-800.dll

oraz pliki z kwarantanny nortona

C:\Program Files\Norton AntiVirus\Quarantine\636E0BA5.exe

**Posty:** 84 · przez **zooo** 05 Maj 2007, 02:28

Sorki ze tak dlugo ale bylem na malym wolnym tu sa logi:

1. CS

Kod: Zaznacz wszystko: ComboScan v20070306.20 run by SZEWCO on 2007-05-05 at 02:04:21 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- HijackThis (run as SZEWCO.exe) ---------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 02:04:22, on 2007-05-05 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\system32\CTHELPER.EXE C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe C:\WINDOWS\system32\RunDLL32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\SAGEM WiFi manager\WLANUTL.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\WINDOWS\explorer.exe E:\dodatki\comboscan.exe E:\dodatki\SZEWCO.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.onet.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O1 - Hosts: 69.80.225.31 nprotect.ryl.com.my O1 - Hosts: 72.52.163.100 nprotect.battlelands.net O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: (no name) - {f9181014-3dc0-4094-af4b-29b7e13fc512} - C:\WINDOWS\system32\jupect.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Logitech SetPoint.lnk = ? O4 - Global Startup: Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk = ? O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - http://go.microsoft.com/fwlink/?linkid=58813 O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virusscanner/kavwebscan_unicode.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1173383578687 O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MainControl Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: jupect - C:\WINDOWS\SYSTEM32\jupect.dll O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- Files created between 2007-04-05 and 2007-05-05 ----------------------------- 2007-05-05 01:54:06 2770 --a------ C:\WINDOWS\system32\tmp.reg 2007-05-04 12:56:33 69632 --a------ C:\WINDOWS\system32\KemXML.dll 2007-05-04 12:56:33 110592 --a------ C:\WINDOWS\system32\KemWnd.dll 2007-05-04 12:56:33 135168 --a------ C:\WINDOWS\system32\KemUtil.dll 2007-05-04 12:56:33 163840 --a------ C:\WINDOWS\system32\kemutb.dll 2007-05-04 12:56:19 0 d-------- C:\Program Files\Logitech 2007-05-04 02:46:23 21895 -----n--- C:\WINDOWS\system32\jupect.dll 2007-05-02 14:13:01 78864 --a------ C:\WINDOWS\system32\drivers\LMouKE.Sys 2007-05-02 14:13:01 62992 --a------ C:\WINDOWS\system32\drivers\L8042mou.Sys 2007-05-02 14:13:00 33296 --a------ C:\WINDOWS\system32\drivers\LMouFilt.Sys 2007-05-02 14:13:00 34576 --a------ C:\WINDOWS\system32\drivers\LHidFilt.Sys 2007-05-02 14:13:00 20496 --a------ C:\WINDOWS\system32\drivers\L8042Kbd.sys 2007-05-02 14:13:00 101136 --a------ C:\WINDOWS\KHALMNPR.Exe 2007-05-02 14:12:59 1419024 --a------ C:\WINDOWS\system32\WdfCoInstaller01005.dll<WDFCOI~1.DLL> 2007-05-02 14:12:59 28176 --a------ C:\WINDOWS\system32\drivers\LUsbFilt.sys 2007-05-02 14:12:39 0 d-------- C:\Program Files\Common Files\Logitech 2007-04-27 14:57:58 0 d-------- C:\36 2007-04-27 13:28:53 0 d-------- C:\WINDOWS\system32\Kaspersky Lab<KASPER~1> 2007-04-27 10:36:07 0 d-------- C:\WINDOWS\system32\windows media<WINDOW~1> 2007-04-27 10:36:03 0 d--h----- C:\WINDOWS\msdownld.tmp 2007-04-27 10:36:00 0 d-------- C:\Program Files\Windows Media Components<WI15DA~1> 2007-04-27 10:35:27 131072 --a------ C:\WINDOWS\system32\dzip32.dll 2007-04-27 10:35:27 110592 --a------ C:\WINDOWS\system32\dunzip32.dll 2007-04-27 10:35:23 0 d-------- C:\Program Files\Windows Media Bonus Pack for Windows XP<WI12E0~1> 2007-04-25 15:07:01 0 d-------- C:\WINDOWS\Prefetch 2007-04-25 15:04:32 10752 -----n--- C:\WINDOWS\system32\smtpapi.dll 2007-04-25 15:04:32 9728 -----n--- C:\WINDOWS\system32\rwnh.dll 2007-04-25 15:04:32 40832 -----n--- C:\WINDOWS\system32\drivers\irbus.sys 2007-04-25 15:04:32 9728 -----n--- C:\WINDOWS\system32\comsdupd.exe 2007-04-25 15:04:29 36463 -----n--- C:\WINDOWS\system32\drivers\ati1tuxx.sys 2007-04-25 15:04:29 21343 -----n--- C:\WINDOWS\system32\drivers\ati1ttxx.sys 2007-04-25 15:04:29 26367 -----n--- C:\WINDOWS\system32\drivers\ati1snxx.sys 2007-04-25 15:04:29 63663 -----n--- C:\WINDOWS\system32\drivers\ati1rvxx.sys 2007-04-25 15:04:29 30671 -----n--- C:\WINDOWS\system32\drivers\ati1raxx.sys 2007-04-25 15:04:29 12047 -----n--- C:\WINDOWS\system32\drivers\ati1pdxx.sys 2007-04-25 15:04:29 11615 -----n--- C:\WINDOWS\system32\drivers\ati1mdxx.sys 2007-04-25 15:04:29 56623 -----n--- C:\WINDOWS\system32\drivers\ati1btxx.sys 2007-04-25 15:04:29 43008 -----n--- C:\WINDOWS\system32\drivers\amdagp.sys 2007-04-25 15:04:29 42752 -----n--- C:\WINDOWS\system32\drivers\alim1541.sys 2007-04-25 15:04:29 44928 -----n--- C:\WINDOWS\system32\drivers\agpcpq.sys 2007-04-25 15:04:29 42368 -----n--- C:\WINDOWS\system32\drivers\agp440.sys 2007-04-25 15:04:29 3775 -----n--- C:\WINDOWS\system32\drivers\adv11nt5.dll 2007-04-25 15:04:29 3711 -----n--- C:\WINDOWS\system32\drivers\adv09nt5.dll 2007-04-25 15:04:29 3135 -----n--- C:\WINDOWS\system32\drivers\adv08nt5.dll 2007-04-25 15:04:29 3647 -----n--- C:\WINDOWS\system32\drivers\adv07nt5.dll 2007-04-25 15:04:29 3615 -----n--- C:\WINDOWS\system32\drivers\adv05nt5.dll 2007-04-25 15:04:29 3967 -----n--- C:\WINDOWS\system32\drivers\adv02nt5.dll 2007-04-25 15:04:29 4255 -----n--- C:\WINDOWS\system32\drivers\adv01nt5.dll 2007-04-25 15:04:28 31744 -----n--- C:\WINDOWS\system32\drivers\atinxbxx.sys 2007-04-25 15:04:28 73216 -----n--- C:\WINDOWS\system32\drivers\atintuxx.sys 2007-04-25 15:04:28 13824 -----n--- C:\WINDOWS\system32\drivers\atinttxx.sys 2007-04-25 15:04:28 28672 -----n--- C:\WINDOWS\system32\drivers\atinsnxx.sys 2007-04-25 15:04:28 104960 -----n--- C:\WINDOWS\system32\drivers\atinrvxx.sys 2007-04-25 15:04:28 52224 -----n--- C:\WINDOWS\system32\drivers\atinraxx.sys 2007-04-25 15:04:28 14336 -----n--- C:\WINDOWS\system32\drivers\atinpdxx.sys 2007-04-25 15:04:28 13824 -----n--- C:\WINDOWS\system32\drivers\atinmdxx.sys 2007-04-25 15:04:28 57856 -----n--- C:\WINDOWS\system32\drivers\atinbtxx.sys 2007-04-25 15:04:28 701440 -----n--- C:\WINDOWS\system32\drivers\ati2mtag.sys 2007-04-25 15:04:28 327040 -----n--- C:\WINDOWS\system32\drivers\ati2mtaa.sys 2007-04-25 15:04:28 34735 -----n--- C:\WINDOWS\system32\drivers\ati1xsxx.sys 2007-04-25 15:04:28 29455 -----n--- C:\WINDOWS\system32\drivers\ati1xbxx.sys 2007-04-25 15:04:27 15423 -----n--- C:\WINDOWS\system32\drivers\ch7xxnt5.dll 2007-04-25 15:04:27 18944 -----n--- C:\WINDOWS\system32\drivers\bthusb.sys 2007-04-25 15:04:27 35456 -----n--- C:\WINDOWS\system32\drivers\bthprint.sys 2007-04-25 15:04:27 275200 -----n--- C:\WINDOWS\system32\drivers\bthport.sys 2007-04-25 15:04:27 100992 -----n--- C:\WINDOWS\system32\drivers\bthpan.sys 2007-04-25 15:04:27 38016 -----n--- C:\WINDOWS\system32\drivers\bthmodem.sys 2007-04-25 15:04:27 17024 -----n--- C:\WINDOWS\system32\drivers\bthenum.sys 2007-04-25 15:04:27 17279 -----n--- C:\WINDOWS\system32\drivers\atv10nt5.dll 2007-04-25 15:04:27 14143 -----n--- C:\WINDOWS\system32\drivers\atv06nt5.dll 2007-04-25 15:04:27 25471 -----n--- C:\WINDOWS\system32\drivers\atv04nt5.dll 2007-04-25 15:04:27 11359 -----n--- C:\WINDOWS\system32\drivers\atv02nt5.dll 2007-04-25 15:04:27 21183 -----n--- C:\WINDOWS\system32\drivers\atv01nt5.dll 2007-04-25 15:04:27 63488 -----n--- C:\WINDOWS\system32\drivers\atinxsxx.sys 2007-04-25 15:04:26 1309184 -----n--- C:\WINDOWS\system32\drivers\mtlstrm.sys 2007-04-25 15:04:26 126686 -----n--- C:\WINDOWS\system32\drivers\mtlmnt5.sys 2007-04-25 15:04:26 11868 -----n--- C:\WINDOWS\system32\drivers\mdmxsdk.sys 2007-04-25 15:04:26 1041536 -----n--- C:\WINDOWS\system32\drivers\hsfdpsp2.sys 2007-04-25 15:04:26 685056 -----n--- C:\WINDOWS\system32\drivers\hsfcxts2.sys 2007-04-25 15:04:26 220032 -----n--- C:\WINDOWS\system32\drivers\hsfbs2s2.sys 2007-04-25 15:04:26 15104 -----n--- C:\WINDOWS\system32\drivers\hidir.sys 2007-04-25 15:04:26 25728 -----n--- C:\WINDOWS\system32\drivers\hidbth.sys 2007-04-25 15:04:26 46464 -----n--- C:\WINDOWS\system32\drivers\gagp30kx.sys 2007-04-25 15:04:25 6016 -----n--- C:\WINDOWS\system32\drivers\smbali.sys 2007-04-25 15:04:25 13240 -----n--- C:\WINDOWS\system32\drivers\slwdmsup.sys 2007-04-25 15:04:25 95424 -----n--- C:\WINDOWS\system32\drivers\slnthal.sys 2007-04-25 15:04:25 404990 -----n--- C:\WINDOWS\system32\drivers\slntamr.sys 2007-04-25 15:04:25 129535 -----n--- C:\WINDOWS\system32\drivers\slnt7554.sys 2007-04-25 15:04:25 41088 -----n--- C:\WINDOWS\system32\drivers\sisagp.sys 2007-04-25 15:04:25 3901 -----n--- C:\WINDOWS\system32\drivers\siint5.dll 2007-04-25 15:04:25 166912 -----n--- C:\WINDOWS\system32\drivers\s3gnbm.sys 2007-04-25 15:04:25 30080 -----n--- C:\WINDOWS\system32\drivers\rndismpx.sys 2007-04-25 15:04:25 59648 -----n--- C:\WINDOWS\system32\drivers\rfcomm.sys 2007-04-25 15:04:25 13776 -----n--- C:\WINDOWS\system32\drivers\recagent.sys 2007-04-25 15:04:25 180360 -----n--- C:\WINDOWS\system32\drivers\ntmtlfax.sys 2007-04-25 15:04:25 12672 -----n--- C:\WINDOWS\system32\drivers\mutohpen.sys 2007-04-25 15:04:25 452736 -----n--- C:\WINDOWS\system32\drivers\mtxparhm.sys 2007-04-25 15:04:24 25471 -----n--- C:\WINDOWS\system32\drivers\watv10nt.sys 2007-04-25 15:04:24 22271 -----n--- C:\WINDOWS\system32\drivers\watv06nt.sys 2007-04-25 15:04:24 11935 -----n--- C:\WINDOWS\system32\drivers\wadv11nt.sys 2007-04-25 15:04:24 11871 -----n--- C:\WINDOWS\system32\drivers\wadv09nt.sys 2007-04-25 15:04:24 11295 -----n--- C:\WINDOWS\system32\drivers\wadv08nt.sys 2007-04-25 15:04:24 11807 -----n--- C:\WINDOWS\system32\drivers\wadv07nt.sys 2007-04-25 15:04:24 13568 -----n--- C:\WINDOWS\system32\drivers\wacompen.sys 2007-04-25 15:04:24 42240 -----n--- C:\WINDOWS\system32\drivers\viaagp.sys 2007-04-25 15:04:24 11325 -----n--- C:\WINDOWS\system32\drivers\vchnt5.dll 2007-04-25 15:04:24 78464 -----n--- C:\WINDOWS\system32\drivers\usbvideo.sys 2007-04-25 15:04:24 12672 -----n--- C:\WINDOWS\system32\drivers\usb8023x.sys 2007-04-25 15:04:24 44672 -----n--- C:\WINDOWS\system32\drivers\uagp35.sys 2007-04-25 15:04:24 201728 -----n--- C:\WINDOWS\system32\ati2dvag.dll 2007-04-25 15:04:24 377984 -----n--- C:\WINDOWS\system32\ati2dvaa.dll 2007-04-25 15:04:24 229376 -----n--- C:\WINDOWS\system32\ati2cqag.dll 2007-04-25 15:04:23 1737856 -----n--- C:\WINDOWS\system32\mtxparhd.dll 2007-04-25 15:04:23 86016 -----n--- C:\WINDOWS\system32\mdmxsdk.dll 2007-04-25 15:04:23 32285 -----n--- C:\WINDOWS\system32\hsfcisp2.dll 2007-04-25 15:04:23 516768 -----n--- C:\WINDOWS\system32\ativvaxx.dll 2007-04-25 15:04:23 32768 -----n--- C:\WINDOWS\system32\ativtmxx.dll 2007-04-25 15:04:23 1888992 -----n--- C:\WINDOWS\system32\ati3duag.dll 2007-04-25 15:04:23 870784 -----n--- C:\WINDOWS\system32\ati3d1ag.dll 2007-04-25 15:04:22 73796 -----n--- C:\WINDOWS\system32\slserv.exe 2007-04-25 15:04:22 32866 -----n--- C:\WINDOWS\system32\slrundll.exe 2007-04-25 15:04:22 188508 -----n--- C:\WINDOWS\system32\slgen.dll 2007-04-25 15:04:22 286792 -----n--- C:\WINDOWS\system32\slextspk.dll 2007-04-25 15:04:22 73832 -----n--- C:\WINDOWS\system32\slcoinst.dll 2007-04-25 15:04:22 397056 -----n--- C:\WINDOWS\system32\s3gnb.dll 2007-04-25 15:04:22 32866 -----n--- C:\WINDOWS\slrundll.exe 2007-04-25 15:00:54 0 d-------- C:\WINDOWS\ServicePackFiles<SERVIC~1> 2007-04-24 14:29:44 60273 --a------ C:\WINDOWS\system32\pthreadGC2.dll<PTHREA~1.DLL> 2007-04-22 21:29:46 31744 --a------ C:\WINDOWS\system32\drivers\ZDPSp50a64.sys<ZDPSP5~1.SYS> 2007-04-22 21:29:46 17664 --a------ C:\WINDOWS\system32\drivers\ZDPSp50.sys 2007-04-22 21:29:46 29184 --a------ C:\WINDOWS\system32\drivers\BRGSp50a64.sys<BRGSP5~1.SYS> 2007-04-22 21:29:46 20608 --a------ C:\WINDOWS\system32\drivers\BRGSp50.sys 2007-04-22 21:29:46 0 d-------- C:\Program Files\SAGEM WiFi manager<SAGEMW~1> 2007-04-22 21:29:37 0 d-------- C:\Program Files\SAGEM 2007-04-22 21:28:36 402432 --a------ C:\WINDOWS\system32\drivers\WlanBZXP.sys 2007-04-22 21:28:36 493440 --a------ C:\WINDOWS\system32\drivers\WlanBZ64.SYS 2007-04-22 08:28:54 0 d-------- C:\Program Files\Global Graphics<GLOBAL~1> 2007-04-21 21:46:01 74752 --a------ C:\WINDOWS\cadkasdeinst01e.exe<CADKAS~1.EXE> 2007-04-21 21:46:01 0 d-------- C:\Program Files\PDF Editor 2<PDFEDI~1> 2007-04-13 14:39:08 0 d-------- C:\Program Files\Common Files\Skype 2007-04-11 21:47:58 0 d-------- C:\Program Files\MSECache 2007-04-11 21:43:25 0 dr-h----- C:\MSOCache 2007-04-11 21:23:44 0 d-------- C:\Program Files\Microsoft Works<MIF2B0~1> 2007-04-11 21:23:16 0 d-------- C:\WINDOWS\SHELLNEW 2007-04-11 21:23:01 0 d-------- C:\Program Files\Microsoft.NET<MICROS~1.NET> 2007-04-07 23:26:27 0 d-------- C:\Program Files\The All-Seeing Eye<THEALL~1> -- Find3M Report --------------------------------------------------------------- 2007-05-05 01:49:06 24 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000001-00000000-00000008-00001102-00000002-80651102}.dat<DVCSTA~2.DAT> 2007-05-05 01:49:06 24 --a------ C:\WINDOWS\system32\DVCState-{00000001-00000000-00000008-00001102-00000002-80651102}.dat<DVCSTA~1.DAT> 2007-05-04 23:00:51 11445248 --a------ C:\Documents and Settings\SZEWCO\Dane aplikacji\Outlook.pst 2007-05-04 23:00:51 271360 --a------ C:\Documents and Settings\SZEWCO\Dane aplikacji\archive.pst 2007-05-04 20:10:41 0 d-------- C:\Documents and Settings\SZEWCO\Dane aplikacji\teamspeak2<TEAMSP~1> 2007-05-04 15:04:34 0 d-------- C:\Documents and Settings\SZEWCO\Dane aplikacji\Azureus 2007-05-04 12:56:19 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1> 2007-05-02 19:52:17 10 --ah----- C:\WINDOWS\popcinfo.dat 2007-05-02 14:14:11 0 d-------- C:\Documents and Settings\SZEWCO\Dane aplikacji\Logitech 2007-04-28 00:53:24 0 d-------- C:\Program Files\Norton AntiVirus<NORTON~1> 2007-04-27 10:52:12 0 d-------- C:\Program Files\Gadu-Gadu<GADU-G~1> 2007-04-27 10:28:36 0 d-------- C:\Program Files\Windows Media Connect 2<WINDOW~4> 2007-04-24 14:41:55 0 d-------- C:\Program Files\Winamp 2007-04-24 14:29:44 0 d-------- C:\Program Files\ffdshow 2007-04-24 07:56:36 10752 --a------ C:\WINDOWS\system32\ff_vfw.dll 2007-04-22 08:44:37 0 d-------- C:\Program Files\Replay Converter<REPLAY~1> 2007-04-22 08:31:23 0 d-------- C:\Documents and Settings\SZEWCO\Dane aplikacji\PDFEditorSDK<PDFEDI~1> 2007-04-18 23:13:14 0 d-------- C:\Program Files\Azureus 2007-04-18 23:09:48 0 d-------- C:\Documents and Settings\SZEWCO\Dane aplikacji\Kingston 2007-04-17 20:52:46 0 d-------- C:\Documents and Settings\SZEWCO\Dane aplikacji\Gadu-Gadu<GADU-G~1> 2007-04-15 22:29:42 0 d-------- C:\Program Files\mIRC 2007-04-15 02:51:22 0 d-------- C:\Documents and Settings\SZEWCO\Dane aplikacji\Skype 2007-04-15 00:54:26 0 d-------- C:\Program Files\DAEMON Tools<DAEMON~1> 2007-04-13 14:39:11 0 d-------- C:\Program Files\Skype 2007-04-12 19:44:36 0 d-------- C:\Program Files\SnadBoy's Revelation v2<SNADBO~1> 2007-04-11 21:48:35 497524 --a------ C:\WINDOWS\system32\perfh015.dat 2007-04-11 21:48:35 88224 --a------ C:\WINDOWS\system32\perfc015.dat 2007-04-11 21:42:22 0 d-------- C:\Documents and Settings\SZEWCO\Dane aplikacji\OfficeUpdate12<OFFICE~1> 2007-04-08 01:37:54 0 d-------- C:\Program Files\Motorola Phone Tools<MOTORO~1> 2007-04-08 01:16:53 0 d-------- C:\Program Files\SkanerOnline<SKANER~1> 2007-04-07 19:04:23 0 d-------- C:\Program Files\QuickTime<QUICKT~1> 2007-04-06 23:28:14 0 d-------- C:\Documents and Settings\SZEWCO\Dane aplikacji\MusicIP 2007-04-06 12:13:24 0 d---s---- C:\Documents and Settings\SZEWCO\Dane aplikacji\Microsoft<MICROS~1> 2007-04-05 15:56:13 0 d-------- C:\Documents and Settings\SZEWCO\Dane aplikacji\BinarySense<BINARY~1> 2007-03-29 15:21:52 0 d-------- C:\Documents and Settings\SZEWCO\Dane aplikacji\nHancer 2007-03-26 23:48:13 0 d-------- C:\Program Files\AC3Filter<AC3FIL~1> 2007-03-19 19:59:25 0 d-------- C:\Program Files\Mozilla Firefox 2 Beta 1<MOZILL~1> 2007-03-14 19:38:24 524288 --a------ C:\WINDOWS\opuc.dll 2007-03-08 01:51:00 129784 -----n--- C:\WINDOWS\system32\pxafs.dll 2007-03-05 20:54:39 0 d-------- C:\Program Files\MSN Messenger<MSNMES~1> 2007-03-05 14:34:28 676224 --a------ C:\WINDOWS\system32\OGACheckControl.DLL<OGACHE~1.DLL> 2007-02-19 23:49:35 4 --a------ C:\WINDOWS\info147.sys 2007-02-14 15:27:18 1415680 --a------ C:\WINDOWS\system32\WMV9VCM.dll 2007-02-14 15:27:09 245760 --a------ C:\WINDOWS\system32\mplvpx.dll 2007-02-14 15:27:08 9216 --a------ C:\WINDOWS\system32\cpuinf32.dll 2007-02-10 17:43:57 737280 --a------ C:\WINDOWS\iun6002.exe -- Registry Dump --------------------------------------------------------------- [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe" "DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce\CTStartup] "CTStartup"="\"C:\\Program Files\\Creative\\Splash Screen\\CTEaxSpl.EXE\" /play" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "WINDVDPatch"="CTHELPER.EXE" "Jet Detection"="\"C:\\Program Files\\Creative\\SBLive\\PROGRAM\\ADGJDet.exe\"" "CTStartup"="C:\\Program Files\\Creative\\Splash Screen\\CTEaxSpl.EXE /run" "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup" "nwiz"="nwiz.exe /install" "NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit" "NAV Agent"="C:\\PROGRA~1\\NORTON~1\\navapw32.exe" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\"" "RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\"" "CloneCDTray"="\"C:\\Program Files\\SlySoft\\CloneCD\\CloneCDTray.exe\" /s" "NWEReboot"="" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] @="" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run] HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jupect [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WdfLoadGroup [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0 [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{00d18c3a-c931-11db-83b3-0060b342dc4c}] Shell\AutoRun\command G:\SETUP.EXE [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bbde3380-c97a-11db-83b4-0060b342dc4c}] Shell\AutoRun\command H:\SETUP.EXE [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bbde3381-c97a-11db-83b4-0060b342dc4c}] Shell\AutoRun\command I:\PlayD2.EXE [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bbde3382-c97a-11db-83b4-0060b342dc4c}] Shell\AutoRun\command J:\SETUP.EXE -- End of ComboScan: finished at 2007-05-05 at 02:04:44 ------------------------

2. SR

Kod: Zaznacz wszystko: "Silent Runners.vbs", revision 46, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS] "DAEMON Tools" = ""C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033" ["DT Soft Ltd."] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "WINDVDPatch" = "CTHELPER.EXE" ["Creative Technology Ltd"] "Jet Detection" = ""C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"" [null data] "CTStartup" = "C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run" [null data] "NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS] "nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"] "NvMediaCenter" = "RunDLL32.exe NvMCTray.dll,NvTaskbarInit" [MS] "NAV Agent" = "C:\PROGRA~1\NORTON~1\navapw32.exe" [null data] "SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"" [null data] "RemoteControl" = ""C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"" [null data] "CloneCDTray" = ""C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s" [file not found] "NWEReboot" = (empty string) "QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" [null data] "Kernel and Hardware Abstraction Layer" = "KHALMNPR.EXE" ["Logitech Inc."] "Logitech Hardware Abstraction Layer" = "KHALMNPR.EXE" ["Logitech Inc."] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "AcroIEHlprObj Class" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = "SSVHelper Class" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll" ["Sun Microsystems, Inc."] {9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided) -> {HKLM...CLSID} = "Windows Live Sign-in Helper" \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS] {BDF3E430-B101-42AD-A544-FADC6B084872}\(Default) = "NAV Helper" -> {HKLM...CLSID} = "CNavExtBho Class" \InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"] {f9181014-3dc0-4094-af4b-29b7e13fc512}\(Default) = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\jupect.dll" [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania" -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."] "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class" -> {HKLM...CLSID} = "DesktopContext Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper" -> {HKLM...CLSID} = "NVIDIA CPL Extension" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer" -> {HKLM...CLSID} = "Desktop Explorer" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu" -> {HKLM...CLSID} = "nView Desktop Context Menu" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"] "{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"] "{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"] "{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] "{721A1B24-EC8B-4eda-9CCE-39720B9FA747}" = "WipeExt" -> {HKLM...CLSID} = "WipeExt" \InProcServer32\(Default) = "C:\Program Files\Ace Utilities\wipext.dll" [null data] "{73B24247-042E-4EF5-ADC2-42F62E6FD654}" = "ICQ Lite Shell Extension" -> {HKLM...CLSID} = "MCLiteShellExt Class" \InProcServer32\(Default) = "C:\Program Files\ICQLite\ICQLiteShell.dll" [empty string] "{e82a2d71-5b2f-43a0-97b8-81be15854de8}" = "ShellLink for Application References" -> {HKLM...CLSID} = "ShellLink for Application References" \InProcServer32\(Default) = "C:\WINDOWS\system32\dfshim.dll" [MS] "{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}" = "Shell Icon Handler for Application References" -> {HKLM...CLSID} = "Shell Icon Handler for Application References" \InProcServer32\(Default) = "C:\WINDOWS\system32\dfshim.dll" [MS] "{45670FA8-ED97-4F44-BC93-305082590BFB}" = "Microsoft.XPS.Shell.Metadata.1" -> {HKLM...CLSID} = "Windows XPS Document Metadata Handler" \InProcServer32\(Default) = "C:\WINDOWS\System32\XPSSHHDR.DLL" [MS] "{44121072-A222-48f2-A58A-6D9AD51EBBE9}" = "Microsoft.XPS.Shell.Thumbnail.1" -> {HKLM...CLSID} = "Windows XPS Document Thumbnail Handler" \InProcServer32\(Default) = "C:\WINDOWS\System32\XPSSHHDR.DLL" [MS] "{63AFBDFB-5EF8-4791-AF79-9A3C0DE48974}" = "EditPlus Context Menu Handler" -> {HKLM...CLSID} = "EditPlus Context Menu Handler" \InProcServer32\(Default) = "C:\Program Files\EditPlus 2\eppshell.dll" [null data] "{B95713CD-06FF-4D35-A9DA-4DBDFE5FD7F4}" = "Hex Editor Shell Extension" -> {HKLM...CLSID} = "ShellExt Class" \InProcServer32\(Default) = "C:\Program Files\HHD Software\Hex Editor 3.x\heshell.dll" ["HHD Software"] "{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders" -> {HKLM...CLSID} = "Moje foldery udostępniania" \InProcServer32\(Default) = "C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll" [MS] "{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler" -> {HKLM...CLSID} = "Microsoft Office Outlook" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\OFFICE11\MLSHEXT.DLL" [MS] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\OFFICE11\OLKFSTUB.DLL" [MS] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS] "{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler" -> {HKLM...CLSID} = "Microsoft Office Metadata Handler" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS] "{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler" -> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS] "{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices" -> {HKLM...CLSID} = "Portable Media Devices" \InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS] "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu" -> {HKLM...CLSID} = "Portable Media Devices Menu" \InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS] "{DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C}" = "Logitech Setpoint Extension" -> {HKLM...CLSID} = "KbLogiExt Class" \InProcServer32\(Default) = "C:\Program Files\Logitech\SetPoint\kbcplext.dll" ["Logitech Inc."] "{B9B9F083-2B04-452A-8691-83694AC1037B}" = "Logitech Setpoint Extension" -> {HKLM...CLSID} = "LogiExt Class" \InProcServer32\(Default) = "C:\Program Files\Logitech\SetPoint\mcplext.dll" ["Logitech Inc."] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ INFECTION WARNING! jupect\DLLName = "jupect.dll" [null data] HKLM\Software\Classes\PROTOCOLS\Filter\ INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ EditPlus\(Default) = "{63AFBDFB-5EF8-4791-AF79-9A3C0DE48974}" -> {HKLM...CLSID} = "EditPlus Context Menu Handler" \InProcServer32\(Default) = "C:\Program Files\EditPlus 2\eppshell.dll" [null data] Hex Editor 3\(Default) = "{B95713CD-06FF-4D35-A9DA-4DBDFE5FD7F4}" -> {HKLM...CLSID} = "ShellExt Class" \InProcServer32\(Default) = "C:\Program Files\HHD Software\Hex Editor 3.x\heshell.dll" ["HHD Software"] ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}" -> {HKLM...CLSID} = "MCLiteShellExt Class" \InProcServer32\(Default) = "C:\Program Files\ICQLite\ICQLiteShell.dll" [empty string] Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}" -> {HKLM...CLSID} = "IEContextMenu Class" \InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"] WipeExt\(Default) = "{721A1B24-EC8B-4eda-9CCE-39720B9FA747}" -> {HKLM...CLSID} = "WipeExt" \InProcServer32\(Default) = "C:\Program Files\Ace Utilities\wipext.dll" [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}" -> {HKLM...CLSID} = "MCLiteShellExt Class" \InProcServer32\(Default) = "C:\Program Files\ICQLite\ICQLiteShell.dll" [empty string] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}" -> {HKLM...CLSID} = "IEContextMenu Class" \InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"] WipeExt\(Default) = "{721A1B24-EC8B-4eda-9CCE-39720B9FA747}" -> {HKLM...CLSID} = "WipeExt" \InProcServer32\(Default) = "C:\Program Files\Ace Utilities\wipext.dll" [null data] Active Desktop and Wallpaper: ----------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Documents and Settings\SZEWCO\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp" Startup items in "SZEWCO" & "All Users" startup folders: -------------------------------------------------------- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart "Adobe Reader Speed Launch" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"] "Logitech SetPoint" -> shortcut to: "C:\Program Files\Logitech\SetPoint\SetPoint.exe" ["Logitech Inc."] "Program sieciowy dla SAGEM Wi-Fi 11g USB adapter" -> shortcut to: "C:\Program Files\SAGEM WiFi manager\WLANUTL.exe" [" "] Enabled Scheduled Tasks: ------------------------ "Norton AntiVirus - Scan my computer" -> launches: "C:\PROGRA~1\NORTON~1\NAVW32.exe /task:C:\DOCUME~1\ALLUSE~1\DANEAP~1\Symantec\NORTON~1\Tasks\mycomp.sca" ["Symantec Corporation"] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ "{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" -> {HKLM...CLSID} = "Norton AntiVirus" \InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ "{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus" -> {HKLM...CLSID} = "Norton AntiVirus" \InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ "MenuText" = "Sun Java Console" "CLSIDExtension" = "{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}" -> {HKCU...CLSID} = "Java Plug-in 1.5.0_11" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll" ["Sun Microsystems, Inc."] -> {HKLM...CLSID} = "Java Plug-in 1.5.0_11" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll" ["Sun Microsystems, Inc."] {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ "ButtonText" = "Badanie" {B863453A-26C3-4E1F-A54D-A2CD196348E9}\ "ButtonText" = "ICQ Lite" "MenuText" = "ICQ Lite" "Exec" = "C:\Program Files\ICQLite\ICQLite.exe" ["ICQ Ltd."] {FB5F1910-F110-11D2-BB9E-00C04F795683}\ "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS] HOSTS file ---------- C:\WINDOWS\System32\drivers\etc\HOSTS maps: 3 domain names to IP addresses, 2 of the IP addresses are *not* localhost! Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Automatic LiveUpdate Scheduler, Automatic LiveUpdate Scheduler, ""C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"" ["Symantec Corporation"] Creative Service for CDROM Access, Creative Service for CDROM Access, "C:\WINDOWS\system32\CTsvcCDA.exe" ["Creative Technology Ltd"] Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS] Norton AntiVirus Auto Protect Service, navapsvc, "C:\Program Files\Norton AntiVirus\navapsvc.exe" ["Symantec Corporation"] NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"] Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS] WMDM PMSP Service, WMDM PMSP Service, "C:\WINDOWS\system32\MsPMSPSv.exe" [MS] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points and all Registry CLSIDs for dormant Explorer Bars, use the -supp parameter or answer "No" at the first message box. ---------- (total run time: 25 seconds, including 5 seconds for message boxes)

I jak to teraz wyglada?

**Posty:** 18165 · przez **wojtas** 05 Maj 2007, 19:52

skasuj te pliki/foldery w awaryjnym z wylaczonym przywracaniem systemu:

C:\WINDOWS\SYSTEM32\jupect.dll
C:\36
C:\WINDOWS\system32\tmp.reg

skasuj wpisy:

O2 - BHO: (no name) - {f9181014-3dc0-4094-af4b-29b7e13fc512} - C:\WINDOWS\system32\jupect.dll
O20 - Winlogon Notify: jupect - C:\WINDOWS\SYSTEM32\jupect.dll

**Posty:** 84 · przez **zooo** 07 Maj 2007, 15:04

Teraz logi wygladaja tak:

1. ComboScan

Kod: Zaznacz wszystko: ComboScan v20070306.20 run by SZEWCO on 2007-05-07 at 14:42:22 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- HijackThis (run as SZEWCO.exe) ---------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 14:42:24, on 2007-05-07 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\system32\CTHELPER.EXE C:\WINDOWS\system32\RunDLL32.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DAEMON Tools\daemon.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\SAGEM WiFi manager\WLANUTL.exe c:\program files\internet explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\System32\WScript.exe E:\dodatki\comboscan.exe E:\dodatki\SZEWCO.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.onet.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O1 - Hosts: 69.80.225.31 nprotect.ryl.com.my O1 - Hosts: 72.52.163.100 nprotect.battlelands.net O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Logitech SetPoint.lnk = ? O4 - Global Startup: Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk = ? O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - http://go.microsoft.com/fwlink/?linkid=58813 O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virusscanner/kavwebscan_unicode.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1173383578687 O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MainControl Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- Files created between 2007-04-07 and 2007-05-07 ----------------------------- 2007-05-04 12:56:33 69632 --a------ C:\WINDOWS\system32\KemXML.dll 2007-05-04 12:56:33 110592 --a------ C:\WINDOWS\system32\KemWnd.dll 2007-05-04 12:56:33 135168 --a------ C:\WINDOWS\system32\KemUtil.dll 2007-05-04 12:56:33 163840 --a------ C:\WINDOWS\system32\kemutb.dll 2007-05-04 12:56:19 0 d-------- C:\Program Files\Logitech 2007-05-02 14:13:01 78864 --a------ C:\WINDOWS\system32\drivers\LMouKE.Sys 2007-05-02 14:13:01 62992 --a------ C:\WINDOWS\system32\drivers\L8042mou.Sys 2007-05-02 14:13:00 33296 --a------ C:\WINDOWS\system32\drivers\LMouFilt.Sys 2007-05-02 14:13:00 34576 --a------ C:\WINDOWS\system32\drivers\LHidFilt.Sys 2007-05-02 14:13:00 20496 --a------ C:\WINDOWS\system32\drivers\L8042Kbd.sys 2007-05-02 14:13:00 101136 --a------ C:\WINDOWS\KHALMNPR.Exe 2007-05-02 14:12:59 1419024 --a------ C:\WINDOWS\system32\WdfCoInstaller01005.dll<WDFCOI~1.DLL> 2007-05-02 14:12:59 28176 --a------ C:\WINDOWS\system32\drivers\LUsbFilt.sys 2007-05-02 14:12:39 0 d-------- C:\Program Files\Common Files\Logitech 2007-04-27 13:28:53 0 d-------- C:\WINDOWS\system32\Kaspersky Lab<KASPER~1> 2007-04-27 10:36:07 0 d-------- C:\WINDOWS\system32\windows media<WINDOW~1> 2007-04-27 10:36:03 0 d--h----- C:\WINDOWS\msdownld.tmp 2007-04-27 10:36:00 0 d-------- C:\Program Files\Windows Media Components<WI15DA~1> 2007-04-27 10:35:27 131072 --a------ C:\WINDOWS\system32\dzip32.dll 2007-04-27 10:35:27 110592 --a------ C:\WINDOWS\system32\dunzip32.dll 2007-04-27 10:35:23 0 d-------- C:\Program Files\Windows Media Bonus Pack for Windows XP<WI12E0~1> 2007-04-25 15:07:01 0 d-------- C:\WINDOWS\Prefetch 2007-04-25 15:04:32 10752 -----n--- C:\WINDOWS\system32\smtpapi.dll 2007-04-25 15:04:32 9728 -----n--- C:\WINDOWS\system32\rwnh.dll 2007-04-25 15:04:32 40832 -----n--- C:\WINDOWS\system32\drivers\irbus.sys 2007-04-25 15:04:32 9728 -----n--- C:\WINDOWS\system32\comsdupd.exe 2007-04-25 15:04:29 36463 -----n--- C:\WINDOWS\system32\drivers\ati1tuxx.sys 2007-04-25 15:04:29 21343 -----n--- C:\WINDOWS\system32\drivers\ati1ttxx.sys 2007-04-25 15:04:29 26367 -----n--- C:\WINDOWS\system32\drivers\ati1snxx.sys 2007-04-25 15:04:29 63663 -----n--- C:\WINDOWS\system32\drivers\ati1rvxx.sys 2007-04-25 15:04:29 30671 -----n--- C:\WINDOWS\system32\drivers\ati1raxx.sys 2007-04-25 15:04:29 12047 -----n--- C:\WINDOWS\system32\drivers\ati1pdxx.sys 2007-04-25 15:04:29 11615 -----n--- C:\WINDOWS\system32\drivers\ati1mdxx.sys 2007-04-25 15:04:29 56623 -----n--- C:\WINDOWS\system32\drivers\ati1btxx.sys 2007-04-25 15:04:29 43008 -----n--- C:\WINDOWS\system32\drivers\amdagp.sys 2007-04-25 15:04:29 42752 -----n--- C:\WINDOWS\system32\drivers\alim1541.sys 2007-04-25 15:04:29 44928 -----n--- C:\WINDOWS\system32\drivers\agpcpq.sys 2007-04-25 15:04:29 42368 -----n--- C:\WINDOWS\system32\drivers\agp440.sys 2007-04-25 15:04:29 3775 -----n--- C:\WINDOWS\system32\drivers\adv11nt5.dll 2007-04-25 15:04:29 3711 -----n--- C:\WINDOWS\system32\drivers\adv09nt5.dll 2007-04-25 15:04:29 3135 -----n--- C:\WINDOWS\system32\drivers\adv08nt5.dll 2007-04-25 15:04:29 3647 -----n--- C:\WINDOWS\system32\drivers\adv07nt5.dll 2007-04-25 15:04:29 3615 -----n--- C:\WINDOWS\system32\drivers\adv05nt5.dll 2007-04-25 15:04:29 3967 -----n--- C:\WINDOWS\system32\drivers\adv02nt5.dll 2007-04-25 15:04:29 4255 -----n--- C:\WINDOWS\system32\drivers\adv01nt5.dll 2007-04-25 15:04:28 31744 -----n--- C:\WINDOWS\system32\drivers\atinxbxx.sys 2007-04-25 15:04:28 73216 -----n--- C:\WINDOWS\system32\drivers\atintuxx.sys 2007-04-25 15:04:28 13824 -----n--- C:\WINDOWS\system32\drivers\atinttxx.sys 2007-04-25 15:04:28 28672 -----n--- C:\WINDOWS\system32\drivers\atinsnxx.sys 2007-04-25 15:04:28 104960 -----n--- C:\WINDOWS\system32\drivers\atinrvxx.sys 2007-04-25 15:04:28 52224 -----n--- C:\WINDOWS\system32\drivers\atinraxx.sys 2007-04-25 15:04:28 14336 -----n--- C:\WINDOWS\system32\drivers\atinpdxx.sys 2007-04-25 15:04:28 13824 -----n--- C:\WINDOWS\system32\drivers\atinmdxx.sys 2007-04-25 15:04:28 57856 -----n--- C:\WINDOWS\system32\drivers\atinbtxx.sys 2007-04-25 15:04:28 701440 -----n--- C:\WINDOWS\system32\drivers\ati2mtag.sys 2007-04-25 15:04:28 327040 -----n--- C:\WINDOWS\system32\drivers\ati2mtaa.sys 2007-04-25 15:04:28 34735 -----n--- C:\WINDOWS\system32\drivers\ati1xsxx.sys 2007-04-25 15:04:28 29455 -----n--- C:\WINDOWS\system32\drivers\ati1xbxx.sys 2007-04-25 15:04:27 15423 -----n--- C:\WINDOWS\system32\drivers\ch7xxnt5.dll 2007-04-25 15:04:27 18944 -----n--- C:\WINDOWS\system32\drivers\bthusb.sys 2007-04-25 15:04:27 35456 -----n--- C:\WINDOWS\system32\drivers\bthprint.sys 2007-04-25 15:04:27 275200 -----n--- C:\WINDOWS\system32\drivers\bthport.sys 2007-04-25 15:04:27 100992 -----n--- C:\WINDOWS\system32\drivers\bthpan.sys 2007-04-25 15:04:27 38016 -----n--- C:\WINDOWS\system32\drivers\bthmodem.sys 2007-04-25 15:04:27 17024 -----n--- C:\WINDOWS\system32\drivers\bthenum.sys 2007-04-25 15:04:27 17279 -----n--- C:\WINDOWS\system32\drivers\atv10nt5.dll 2007-04-25 15:04:27 14143 -----n--- C:\WINDOWS\system32\drivers\atv06nt5.dll 2007-04-25 15:04:27 25471 -----n--- C:\WINDOWS\system32\drivers\atv04nt5.dll 2007-04-25 15:04:27 11359 -----n--- C:\WINDOWS\system32\drivers\atv02nt5.dll 2007-04-25 15:04:27 21183 -----n--- C:\WINDOWS\system32\drivers\atv01nt5.dll 2007-04-25 15:04:27 63488 -----n--- C:\WINDOWS\system32\drivers\atinxsxx.sys 2007-04-25 15:04:26 1309184 -----n--- C:\WINDOWS\system32\drivers\mtlstrm.sys 2007-04-25 15:04:26 126686 -----n--- C:\WINDOWS\system32\drivers\mtlmnt5.sys 2007-04-25 15:04:26 11868 -----n--- C:\WINDOWS\system32\drivers\mdmxsdk.sys 2007-04-25 15:04:26 1041536 -----n--- C:\WINDOWS\system32\drivers\hsfdpsp2.sys 2007-04-25 15:04:26 685056 -----n--- C:\WINDOWS\system32\drivers\hsfcxts2.sys 2007-04-25 15:04:26 220032 -----n--- C:\WINDOWS\system32\drivers\hsfbs2s2.sys 2007-04-25 15:04:26 15104 -----n--- C:\WINDOWS\system32\drivers\hidir.sys 2007-04-25 15:04:26 25728 -----n--- C:\WINDOWS\system32\drivers\hidbth.sys 2007-04-25 15:04:26 46464 -----n--- C:\WINDOWS\system32\drivers\gagp30kx.sys 2007-04-25 15:04:25 6016 -----n--- C:\WINDOWS\system32\drivers\smbali.sys 2007-04-25 15:04:25 13240 -----n--- C:\WINDOWS\system32\drivers\slwdmsup.sys 2007-04-25 15:04:25 95424 -----n--- C:\WINDOWS\system32\drivers\slnthal.sys 2007-04-25 15:04:25 404990 -----n--- C:\WINDOWS\system32\drivers\slntamr.sys 2007-04-25 15:04:25 129535 -----n--- C:\WINDOWS\system32\drivers\slnt7554.sys 2007-04-25 15:04:25 41088 -----n--- C:\WINDOWS\system32\drivers\sisagp.sys 2007-04-25 15:04:25 3901 -----n--- C:\WINDOWS\system32\drivers\siint5.dll 2007-04-25 15:04:25 166912 -----n--- C:\WINDOWS\system32\drivers\s3gnbm.sys 2007-04-25 15:04:25 30080 -----n--- C:\WINDOWS\system32\drivers\rndismpx.sys 2007-04-25 15:04:25 59648 -----n--- C:\WINDOWS\system32\drivers\rfcomm.sys 2007-04-25 15:04:25 13776 -----n--- C:\WINDOWS\system32\drivers\recagent.sys 2007-04-25 15:04:25 180360 -----n--- C:\WINDOWS\system32\drivers\ntmtlfax.sys 2007-04-25 15:04:25 12672 -----n--- C:\WINDOWS\system32\drivers\mutohpen.sys 2007-04-25 15:04:25 452736 -----n--- C:\WINDOWS\system32\drivers\mtxparhm.sys 2007-04-25 15:04:24 25471 -----n--- C:\WINDOWS\system32\drivers\watv10nt.sys 2007-04-25 15:04:24 22271 -----n--- C:\WINDOWS\system32\drivers\watv06nt.sys 2007-04-25 15:04:24 11935 -----n--- C:\WINDOWS\system32\drivers\wadv11nt.sys 2007-04-25 15:04:24 11871 -----n--- C:\WINDOWS\system32\drivers\wadv09nt.sys 2007-04-25 15:04:24 11295 -----n--- C:\WINDOWS\system32\drivers\wadv08nt.sys 2007-04-25 15:04:24 11807 -----n--- C:\WINDOWS\system32\drivers\wadv07nt.sys 2007-04-25 15:04:24 13568 -----n--- C:\WINDOWS\system32\drivers\wacompen.sys 2007-04-25 15:04:24 42240 -----n--- C:\WINDOWS\system32\drivers\viaagp.sys 2007-04-25 15:04:24 11325 -----n--- C:\WINDOWS\system32\drivers\vchnt5.dll 2007-04-25 15:04:24 78464 -----n--- C:\WINDOWS\system32\drivers\usbvideo.sys 2007-04-25 15:04:24 12672 -----n--- C:\WINDOWS\system32\drivers\usb8023x.sys 2007-04-25 15:04:24 44672 -----n--- C:\WINDOWS\system32\drivers\uagp35.sys 2007-04-25 15:04:24 201728 -----n--- C:\WINDOWS\system32\ati2dvag.dll 2007-04-25 15:04:24 377984 -----n--- C:\WINDOWS\system32\ati2dvaa.dll 2007-04-25 15:04:24 229376 -----n--- C:\WINDOWS\system32\ati2cqag.dll 2007-04-25 15:04:23 1737856 -----n--- C:\WINDOWS\system32\mtxparhd.dll 2007-04-25 15:04:23 86016 -----n--- C:\WINDOWS\system32\mdmxsdk.dll 2007-04-25 15:04:23 32285 -----n--- C:\WINDOWS\system32\hsfcisp2.dll 2007-04-25 15:04:23 516768 -----n--- C:\WINDOWS\system32\ativvaxx.dll 2007-04-25 15:04:23 32768 -----n--- C:\WINDOWS\system32\ativtmxx.dll 2007-04-25 15:04:23 1888992 -----n--- C:\WINDOWS\system32\ati3duag.dll 2007-04-25 15:04:23 870784 -----n--- C:\WINDOWS\system32\ati3d1ag.dll 2007-04-25 15:04:22 73796 -----n--- C:\WINDOWS\system32\slserv.exe 2007-04-25 15:04:22 32866 -----n--- C:\WINDOWS\system32\slrundll.exe 2007-04-25 15:04:22 188508 -----n--- C:\WINDOWS\system32\slgen.dll 2007-04-25 15:04:22 286792 -----n--- C:\WINDOWS\system32\slextspk.dll 2007-04-25 15:04:22 73832 -----n--- C:\WINDOWS\system32\slcoinst.dll 2007-04-25 15:04:22 397056 -----n--- C:\WINDOWS\system32\s3gnb.dll 2007-04-25 15:04:22 32866 -----n--- C:\WINDOWS\slrundll.exe 2007-04-25 15:00:54 0 d-------- C:\WINDOWS\ServicePackFiles<SERVIC~1> 2007-04-24 14:29:44 60273 --a------ C:\WINDOWS\system32\pthreadGC2.dll<PTHREA~1.DLL> 2007-04-22 21:29:46 31744 --a------ C:\WINDOWS\system32\drivers\ZDPSp50a64.sys<ZDPSP5~1.SYS> 2007-04-22 21:29:46 17664 --a------ C:\WINDOWS\system32\drivers\ZDPSp50.sys 2007-04-22 21:29:46 29184 --a------ C:\WINDOWS\system32\drivers\BRGSp50a64.sys<BRGSP5~1.SYS> 2007-04-22 21:29:46 20608 --a------ C:\WINDOWS\system32\drivers\BRGSp50.sys 2007-04-22 21:29:46 0 d-------- C:\Program Files\SAGEM WiFi manager<SAGEMW~1> 2007-04-22 21:29:37 0 d-------- C:\Program Files\SAGEM 2007-04-22 21:28:36 402432 --a------ C:\WINDOWS\system32\drivers\WlanBZXP.sys 2007-04-22 21:28:36 493440 --a------ C:\WINDOWS\system32\drivers\WlanBZ64.SYS 2007-04-22 08:28:54 0 d-------- C:\Program Files\Global Graphics<GLOBAL~1> 2007-04-21 21:46:01 74752 --a------ C:\WINDOWS\cadkasdeinst01e.exe<CADKAS~1.EXE> 2007-04-21 21:46:01 0 d-------- C:\Program Files\PDF Editor 2<PDFEDI~1> 2007-04-13 14:39:08 0 d-------- C:\Program Files\Common Files\Skype 2007-04-11 21:47:58 0 d-------- C:\Program Files\MSECache 2007-04-11 21:43:25 0 dr-h----- C:\MSOCache 2007-04-11 21:23:44 0 d-------- C:\Program Files\Microsoft Works<MIF2B0~1> 2007-04-11 21:23:16 0 d-------- C:\WINDOWS\SHELLNEW 2007-04-11 21:23:01 0 d-------- C:\Program Files\Microsoft.NET<MICROS~1.NET> 2007-04-07 23:26:27 0 d-------- C:\Program Files\The All-Seeing Eye<THEALL~1> -- Find3M Report --------------------------------------------------------------- 2007-05-07 14:38:01 24 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000001-00000000-00000008-00001102-00000002-80651102}.dat<DVCSTA~2.DAT> 2007-05-07 14:38:01 24 --a------ C:\WINDOWS\system32\DVCState-{00000001-00000000-00000008-00001102-00000002-80651102}.dat<DVCSTA~1.DAT> 2007-05-04 23:00:51 11445248 --a------ C:\Documents and Settings\SZEWCO\Dane aplikacji\Outlook.pst 2007-05-04 23:00:51 271360 --a------ C:\Documents and Settings\SZEWCO\Dane aplikacji\archive.pst 2007-05-04 20:10:41 0 d-------- C:\Documents and Settings\SZEWCO\Dane aplikacji\teamspeak2<TEAMSP~1> 2007-05-04 15:04:34 0 d-------- C:\Documents and Settings\SZEWCO\Dane aplikacji\Azureus 2007-05-04 12:56:19 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1> 2007-05-02 19:52:17 10 --ah----- C:\WINDOWS\popcinfo.dat 2007-05-02 14:14:11 0 d-------- C:\Documents and Settings\SZEWCO\Dane aplikacji\Logitech 2007-04-28 00:53:24 0 d-------- C:\Program Files\Norton AntiVirus<NORTON~1> 2007-04-27 10:52:12 0 d-------- C:\Program Files\Gadu-Gadu<GADU-G~1> 2007-04-27 10:28:36 0 d-------- C:\Program Files\Windows Media Connect 2<WINDOW~4> 2007-04-24 14:41:55 0 d-------- C:\Program Files\Winamp 2007-04-24 14:29:44 0 d-------- C:\Program Files\ffdshow 2007-04-24 07:56:36 10752 --a------ C:\WINDOWS\system32\ff_vfw.dll 2007-04-22 08:44:37 0 d-------- C:\Program Files\Replay Converter<REPLAY~1> 2007-04-22 08:31:23 0 d-------- C:\Documents and Settings\SZEWCO\Dane aplikacji\PDFEditorSDK<PDFEDI~1> 2007-04-18 23:13:14 0 d-------- C:\Program Files\Azureus 2007-04-18 23:09:48 0 d-------- C:\Documents and Settings\SZEWCO\Dane aplikacji\Kingston 2007-04-17 20:52:46 0 d-------- C:\Documents and Settings\SZEWCO\Dane aplikacji\Gadu-Gadu<GADU-G~1> 2007-04-15 22:29:42 0 d-------- C:\Program Files\mIRC 2007-04-15 02:51:22 0 d-------- C:\Documents and Settings\SZEWCO\Dane aplikacji\Skype 2007-04-15 00:54:26 0 d-------- C:\Program Files\DAEMON Tools<DAEMON~1> 2007-04-13 14:39:11 0 d-------- C:\Program Files\Skype 2007-04-12 19:44:36 0 d-------- C:\Program Files\SnadBoy's Revelation v2<SNADBO~1> 2007-04-11 21:48:35 497524 --a------ C:\WINDOWS\system32\perfh015.dat 2007-04-11 21:48:35 88224 --a------ C:\WINDOWS\system32\perfc015.dat 2007-04-11 21:42:22 0 d-------- C:\Documents and Settings\SZEWCO\Dane aplikacji\OfficeUpdate12<OFFICE~1> 2007-04-08 01:37:54 0 d-------- C:\Program Files\Motorola Phone Tools<MOTORO~1> 2007-04-08 01:16:53 0 d-------- C:\Program Files\SkanerOnline<SKANER~1> 2007-04-07 19:04:23 0 d-------- C:\Program Files\QuickTime<QUICKT~1> 2007-04-06 23:28:14 0 d-------- C:\Documents and Settings\SZEWCO\Dane aplikacji\MusicIP 2007-04-06 12:13:24 0 d---s---- C:\Documents and Settings\SZEWCO\Dane aplikacji\Microsoft<MICROS~1> 2007-04-05 15:56:13 0 d-------- C:\Documents and Settings\SZEWCO\Dane aplikacji\BinarySense<BINARY~1> 2007-03-29 15:21:52 0 d-------- C:\Documents and Settings\SZEWCO\Dane aplikacji\nHancer 2007-03-26 23:48:13 0 d-------- C:\Program Files\AC3Filter<AC3FIL~1> 2007-03-19 19:59:25 0 d-------- C:\Program Files\Mozilla Firefox 2 Beta 1<MOZILL~1> 2007-03-14 19:38:24 524288 --a------ C:\WINDOWS\opuc.dll 2007-03-08 01:51:00 129784 -----n--- C:\WINDOWS\system32\pxafs.dll 2007-03-05 14:34:28 676224 --a------ C:\WINDOWS\system32\OGACheckControl.DLL<OGACHE~1.DLL> 2007-02-19 23:49:35 4 --a------ C:\WINDOWS\info147.sys 2007-02-14 15:27:18 1415680 --a------ C:\WINDOWS\system32\WMV9VCM.dll 2007-02-14 15:27:09 245760 --a------ C:\WINDOWS\system32\mplvpx.dll 2007-02-14 15:27:08 9216 --a------ C:\WINDOWS\system32\cpuinf32.dll 2007-02-10 17:43:57 737280 --a------ C:\WINDOWS\iun6002.exe -- Registry Dump --------------------------------------------------------------- [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe" "DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce\CTStartup] "CTStartup"="\"C:\\Program Files\\Creative\\Splash Screen\\CTEaxSpl.EXE\" /play" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "WINDVDPatch"="CTHELPER.EXE" "Jet Detection"="\"C:\\Program Files\\Creative\\SBLive\\PROGRAM\\ADGJDet.exe\"" "CTStartup"="C:\\Program Files\\Creative\\Splash Screen\\CTEaxSpl.EXE /run" "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup" "nwiz"="nwiz.exe /install" "NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit" "NAV Agent"="C:\\PROGRA~1\\NORTON~1\\navapw32.exe" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\"" "RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\"" "CloneCDTray"="\"C:\\Program Files\\SlySoft\\CloneCD\\CloneCDTray.exe\" /s" "NWEReboot"="" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] @="" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WdfLoadGroup [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0 [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{00d18c3a-c931-11db-83b3-0060b342dc4c}] Shell\AutoRun\command G:\SETUP.EXE [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bbde3380-c97a-11db-83b4-0060b342dc4c}] Shell\AutoRun\command H:\SETUP.EXE [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bbde3381-c97a-11db-83b4-0060b342dc4c}] Shell\AutoRun\command I:\PlayD2.EXE [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bbde3382-c97a-11db-83b4-0060b342dc4c}] Shell\AutoRun\command J:\SETUP.EXE -- End of ComboScan: finished at 2007-05-07 at 14:42:59 ------------------------

2. SR

Kod: Zaznacz wszystko: "Silent Runners.vbs", revision 46, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS] "DAEMON Tools" = ""C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033" ["DT Soft Ltd."] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "WINDVDPatch" = "CTHELPER.EXE" ["Creative Technology Ltd"] "Jet Detection" = ""C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"" [null data] "CTStartup" = "C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run" [null data] "NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS] "nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"] "NvMediaCenter" = "RunDLL32.exe NvMCTray.dll,NvTaskbarInit" [MS] "NAV Agent" = "C:\PROGRA~1\NORTON~1\navapw32.exe" [null data] "SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"" [null data] "RemoteControl" = ""C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"" [null data] "CloneCDTray" = ""C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s" [file not found] "NWEReboot" = (empty string) "QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" [null data] "Kernel and Hardware Abstraction Layer" = "KHALMNPR.EXE" ["Logitech Inc."] "Logitech Hardware Abstraction Layer" = "KHALMNPR.EXE" ["Logitech Inc."] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "AcroIEHlprObj Class" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = "SSVHelper Class" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll" ["Sun Microsystems, Inc."] {9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided) -> {HKLM...CLSID} = "Windows Live Sign-in Helper" \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS] {BDF3E430-B101-42AD-A544-FADC6B084872}\(Default) = "NAV Helper" -> {HKLM...CLSID} = "CNavExtBho Class" \InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania" -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."] "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class" -> {HKLM...CLSID} = "DesktopContext Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper" -> {HKLM...CLSID} = "NVIDIA CPL Extension" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer" -> {HKLM...CLSID} = "Desktop Explorer" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu" -> {HKLM...CLSID} = "nView Desktop Context Menu" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"] "{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"] "{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"] "{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] "{721A1B24-EC8B-4eda-9CCE-39720B9FA747}" = "WipeExt" -> {HKLM...CLSID} = "WipeExt" \InProcServer32\(Default) = "C:\Program Files\Ace Utilities\wipext.dll" [null data] "{73B24247-042E-4EF5-ADC2-42F62E6FD654}" = "ICQ Lite Shell Extension" -> {HKLM...CLSID} = "MCLiteShellExt Class" \InProcServer32\(Default) = "C:\Program Files\ICQLite\ICQLiteShell.dll" [empty string] "{e82a2d71-5b2f-43a0-97b8-81be15854de8}" = "ShellLink for Application References" -> {HKLM...CLSID} = "ShellLink for Application References" \InProcServer32\(Default) = "C:\WINDOWS\system32\dfshim.dll" [MS] "{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}" = "Shell Icon Handler for Application References" -> {HKLM...CLSID} = "Shell Icon Handler for Application References" \InProcServer32\(Default) = "C:\WINDOWS\system32\dfshim.dll" [MS] "{45670FA8-ED97-4F44-BC93-305082590BFB}" = "Microsoft.XPS.Shell.Metadata.1" -> {HKLM...CLSID} = "Windows XPS Document Metadata Handler" \InProcServer32\(Default) = "C:\WINDOWS\System32\XPSSHHDR.DLL" [MS] "{44121072-A222-48f2-A58A-6D9AD51EBBE9}" = "Microsoft.XPS.Shell.Thumbnail.1" -> {HKLM...CLSID} = "Windows XPS Document Thumbnail Handler" \InProcServer32\(Default) = "C:\WINDOWS\System32\XPSSHHDR.DLL" [MS] "{63AFBDFB-5EF8-4791-AF79-9A3C0DE48974}" = "EditPlus Context Menu Handler" -> {HKLM...CLSID} = "EditPlus Context Menu Handler" \InProcServer32\(Default) = "C:\Program Files\EditPlus 2\eppshell.dll" [null data] "{B95713CD-06FF-4D35-A9DA-4DBDFE5FD7F4}" = "Hex Editor Shell Extension" -> {HKLM...CLSID} = "ShellExt Class" \InProcServer32\(Default) = "C:\Program Files\HHD Software\Hex Editor 3.x\heshell.dll" ["HHD Software"] "{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders" -> {HKLM...CLSID} = "Moje foldery udostępniania" \InProcServer32\(Default) = "C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll" [MS] "{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler" -> {HKLM...CLSID} = "Microsoft Office Outlook" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\OFFICE11\MLSHEXT.DLL" [MS] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\OFFICE11\OLKFSTUB.DLL" [MS] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS] "{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler" -> {HKLM...CLSID} = "Microsoft Office Metadata Handler" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS] "{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler" -> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS] "{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices" -> {HKLM...CLSID} = "Portable Media Devices" \InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS] "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu" -> {HKLM...CLSID} = "Portable Media Devices Menu" \InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS] "{DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C}" = "Logitech Setpoint Extension" -> {HKLM...CLSID} = "KbLogiExt Class" \InProcServer32\(Default) = "C:\Program Files\Logitech\SetPoint\kbcplext.dll" ["Logitech Inc."] "{B9B9F083-2B04-452A-8691-83694AC1037B}" = "Logitech Setpoint Extension" -> {HKLM...CLSID} = "LogiExt Class" \InProcServer32\(Default) = "C:\Program Files\Logitech\SetPoint\mcplext.dll" ["Logitech Inc."] HKLM\Software\Classes\PROTOCOLS\Filter\ INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ EditPlus\(Default) = "{63AFBDFB-5EF8-4791-AF79-9A3C0DE48974}" -> {HKLM...CLSID} = "EditPlus Context Menu Handler" \InProcServer32\(Default) = "C:\Program Files\EditPlus 2\eppshell.dll" [null data] Hex Editor 3\(Default) = "{B95713CD-06FF-4D35-A9DA-4DBDFE5FD7F4}" -> {HKLM...CLSID} = "ShellExt Class" \InProcServer32\(Default) = "C:\Program Files\HHD Software\Hex Editor 3.x\heshell.dll" ["HHD Software"] ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}" -> {HKLM...CLSID} = "MCLiteShellExt Class" \InProcServer32\(Default) = "C:\Program Files\ICQLite\ICQLiteShell.dll" [empty string] Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}" -> {HKLM...CLSID} = "IEContextMenu Class" \InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"] WipeExt\(Default) = "{721A1B24-EC8B-4eda-9CCE-39720B9FA747}" -> {HKLM...CLSID} = "WipeExt" \InProcServer32\(Default) = "C:\Program Files\Ace Utilities\wipext.dll" [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}" -> {HKLM...CLSID} = "MCLiteShellExt Class" \InProcServer32\(Default) = "C:\Program Files\ICQLite\ICQLiteShell.dll" [empty string] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}" -> {HKLM...CLSID} = "IEContextMenu Class" \InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"] WipeExt\(Default) = "{721A1B24-EC8B-4eda-9CCE-39720B9FA747}" -> {HKLM...CLSID} = "WipeExt" \InProcServer32\(Default) = "C:\Program Files\Ace Utilities\wipext.dll" [null data] Active Desktop and Wallpaper: ----------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Documents and Settings\SZEWCO\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp" Startup items in "SZEWCO" & "All Users" startup folders: -------------------------------------------------------- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart "Adobe Reader Speed Launch" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"] "Logitech SetPoint" -> shortcut to: "C:\Program Files\Logitech\SetPoint\SetPoint.exe" ["Logitech Inc."] "Program sieciowy dla SAGEM Wi-Fi 11g USB adapter" -> shortcut to: "C:\Program Files\SAGEM WiFi manager\WLANUTL.exe" [" "] Enabled Scheduled Tasks: ------------------------ "Norton AntiVirus - Scan my computer" -> launches: "C:\PROGRA~1\NORTON~1\NAVW32.exe /task:C:\DOCUME~1\ALLUSE~1\DANEAP~1\Symantec\NORTON~1\Tasks\mycomp.sca" ["Symantec Corporation"] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ "{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" -> {HKLM...CLSID} = "Norton AntiVirus" \InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ "{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus" -> {HKLM...CLSID} = "Norton AntiVirus" \InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ "MenuText" = "Sun Java Console" "CLSIDExtension" = "{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}" -> {HKCU...CLSID} = "Java Plug-in 1.5.0_11" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll" ["Sun Microsystems, Inc."] -> {HKLM...CLSID} = "Java Plug-in 1.5.0_11" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll" ["Sun Microsystems, Inc."] {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ "ButtonText" = "Badanie" {B863453A-26C3-4E1F-A54D-A2CD196348E9}\ "ButtonText" = "ICQ Lite" "MenuText" = "ICQ Lite" "Exec" = "C:\Program Files\ICQLite\ICQLite.exe" ["ICQ Ltd."] {FB5F1910-F110-11D2-BB9E-00C04F795683}\ "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS] HOSTS file ---------- C:\WINDOWS\System32\drivers\etc\HOSTS maps: 3 domain names to IP addresses, 2 of the IP addresses are *not* localhost! Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Automatic LiveUpdate Scheduler, Automatic LiveUpdate Scheduler, ""C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"" ["Symantec Corporation"] Creative Service for CDROM Access, Creative Service for CDROM Access, "C:\WINDOWS\system32\CTsvcCDA.exe" ["Creative Technology Ltd"] Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS] Norton AntiVirus Auto Protect Service, navapsvc, "C:\Program Files\Norton AntiVirus\navapsvc.exe" ["Symantec Corporation"] NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"] Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS] WMDM PMSP Service, WMDM PMSP Service, "C:\WINDOWS\system32\MsPMSPSv.exe" [MS] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points and all Registry CLSIDs for dormant Explorer Bars, use the -supp parameter or answer "No" at the first message box. ---------- (total run time: 73 seconds, including 5 seconds for message boxes)

**Posty:** 18165 · przez **wojtas** 07 Maj 2007, 16:16

skasuj wpis:

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

i bedzie czysto

**Posty:** 84 · przez **zooo** 08 Maj 2007, 14:31

Pokasowalem co trzeba teraz to wyglada tak:

1.ComboScan

Kod: Zaznacz wszystko: ComboScan v20070306.20 run by SZEWCO on 2007-05-08 at 14:10:52 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- HijackThis (run as SZEWCO.exe) ---------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 14:10:54, on 2007-05-08 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\CTHELPER.EXE C:\WINDOWS\system32\RunDLL32.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\SAGEM WiFi manager\WLANUTL.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Winamp\winamp.exe C:\WINDOWS\System32\WScript.exe c:\program files\internet explorer\iexplore.exe E:\dodatki\comboscan.exe E:\dodatki\SZEWCO.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.onet.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O1 - Hosts: 69.80.225.31 nprotect.ryl.com.my O1 - Hosts: 72.52.163.100 nprotect.battlelands.net O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Logitech SetPoint.lnk = ? O4 - Global Startup: Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk = ? O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - http://go.microsoft.com/fwlink/?linkid=58813 O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virusscanner/kavwebscan_unicode.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1173383578687 O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MainControl Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- Files created between 2007-04-08 and 2007-05-08 ----------------------------- 2007-05-04 12:56:33 69632 --a------ C:\WINDOWS\system32\KemXML.dll 2007-05-04 12:56:33 110592 --a------ C:\WINDOWS\system32\KemWnd.dll 2007-05-04 12:56:33 135168 --a------ C:\WINDOWS\system32\KemUtil.dll 2007-05-04 12:56:33 163840 --a------ C:\WINDOWS\system32\kemutb.dll 2007-05-04 12:56:19 0 d-------- C:\Program Files\Logitech 2007-05-02 20:04:23 524288 --a------ C:\WINDOWS\system32\DivXsm.exe 2007-05-02 20:04:19 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2007-05-02 20:04:06 1044480 --a------ C:\WINDOWS\system32\libdivx.dll 2007-05-02 20:04:05 200704 --a------ C:\WINDOWS\system32\ssldivx.dll 2007-05-02 20:02:06 196608 --a------ C:\WINDOWS\system32\dtu100.dll 2007-05-02 20:02:06 73728 --a------ C:\WINDOWS\system32\dpl100.dll 2007-05-02 20:02:04 53248 --a------ C:\WINDOWS\system32\dpuGUI10.dll 2007-05-02 20:02:02 57344 --a------ C:\WINDOWS\system32\dpv11.dll 2007-05-02 20:02:02 344064 --a------ C:\WINDOWS\system32\dpus11.dll 2007-05-02 20:02:02 593920 --a------ C:\WINDOWS\system32\dpuGUI11.dll 2007-05-02 20:02:02 294912 --a------ C:\WINDOWS\system32\dpu11.dll 2007-05-02 20:02:02 294912 --a------ C:\WINDOWS\system32\dpu10.dll 2007-05-02 20:01:56 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll<DIVX_X~3.DLL> 2007-05-02 20:01:56 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll<DIVX_X~1.DLL> 2007-05-02 20:01:56 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll<DIVX_X~2.DLL> 2007-05-02 20:01:56 740442 --a------ C:\WINDOWS\system32\DivX.dll 2007-05-02 14:13:01 78864 --a------ C:\WINDOWS\system32\drivers\LMouKE.Sys 2007-05-02 14:13:01 62992 --a------ C:\WINDOWS\system32\drivers\L8042mou.Sys 2007-05-02 14:13:00 33296 --a------ C:\WINDOWS\system32\drivers\LMouFilt.Sys 2007-05-02 14:13:00 34576 --a------ C:\WINDOWS\system32\drivers\LHidFilt.Sys 2007-05-02 14:13:00 20496 --a------ C:\WINDOWS\system32\drivers\L8042Kbd.sys 2007-05-02 14:13:00 101136 --a------ C:\WINDOWS\KHALMNPR.Exe 2007-05-02 14:12:59 1419024 --a------ C:\WINDOWS\system32\WdfCoInstaller01005.dll<WDFCOI~1.DLL> 2007-05-02 14:12:59 28176 --a------ C:\WINDOWS\system32\drivers\LUsbFilt.sys 2007-05-02 14:12:39 0 d-------- C:\Program Files\Common Files\Logitech 2007-05-02 04:33:57 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll<DIVXWM~1.DLL> 2007-05-02 04:33:56 124472 --a------ C:\WINDOWS\system32\DivXCodecUpdateChecker.exe<DIVXCO~1.EXE> 2007-04-27 13:28:53 0 d-------- C:\WINDOWS\system32\Kaspersky Lab<KASPER~1> 2007-04-27 10:36:07 0 d-------- C:\WINDOWS\system32\windows media<WINDOW~1> 2007-04-27 10:36:03 0 d--h----- C:\WINDOWS\msdownld.tmp 2007-04-27 10:36:00 0 d-------- C:\Program Files\Windows Media Components<WI15DA~1> 2007-04-27 10:35:27 131072 --a------ C:\WINDOWS\system32\dzip32.dll 2007-04-27 10:35:27 110592 --a------ C:\WINDOWS\system32\dunzip32.dll 2007-04-27 10:35:23 0 d-------- C:\Program Files\Windows Media Bonus Pack for Windows XP<WI12E0~1> 2007-04-25 15:07:01 0 d-------- C:\WINDOWS\Prefetch 2007-04-25 15:04:32 10752 -----n--- C:\WINDOWS\system32\smtpapi.dll 2007-04-25 15:04:32 9728 -----n--- C:\WINDOWS\system32\rwnh.dll 2007-04-25 15:04:32 40832 -----n--- C:\WINDOWS\system32\drivers\irbus.sys 2007-04-25 15:04:32 9728 -----n--- C:\WINDOWS\system32\comsdupd.exe 2007-04-25 15:04:29 36463 -----n--- C:\WINDOWS\system32\drivers\ati1tuxx.sys 2007-04-25 15:04:29 21343 -----n--- C:\WINDOWS\system32\drivers\ati1ttxx.sys 2007-04-25 15:04:29 26367 -----n--- C:\WINDOWS\system32\drivers\ati1snxx.sys 2007-04-25 15:04:29 63663 -----n--- C:\WINDOWS\system32\drivers\ati1rvxx.sys 2007-04-25 15:04:29 30671 -----n--- C:\WINDOWS\system32\drivers\ati1raxx.sys 2007-04-25 15:04:29 12047 -----n--- C:\WINDOWS\system32\drivers\ati1pdxx.sys 2007-04-25 15:04:29 11615 -----n--- C:\WINDOWS\system32\drivers\ati1mdxx.sys 2007-04-25 15:04:29 56623 -----n--- C:\WINDOWS\system32\drivers\ati1btxx.sys 2007-04-25 15:04:29 43008 -----n--- C:\WINDOWS\system32\drivers\amdagp.sys 2007-04-25 15:04:29 42752 -----n--- C:\WINDOWS\system32\drivers\alim1541.sys 2007-04-25 15:04:29 44928 -----n--- C:\WINDOWS\system32\drivers\agpcpq.sys 2007-04-25 15:04:29 42368 -----n--- C:\WINDOWS\system32\drivers\agp440.sys 2007-04-25 15:04:29 3775 -----n--- C:\WINDOWS\system32\drivers\adv11nt5.dll 2007-04-25 15:04:29 3711 -----n--- C:\WINDOWS\system32\drivers\adv09nt5.dll 2007-04-25 15:04:29 3135 -----n--- C:\WINDOWS\system32\drivers\adv08nt5.dll 2007-04-25 15:04:29 3647 -----n--- C:\WINDOWS\system32\drivers\adv07nt5.dll 2007-04-25 15:04:29 3615 -----n--- C:\WINDOWS\system32\drivers\adv05nt5.dll 2007-04-25 15:04:29 3967 -----n--- C:\WINDOWS\system32\drivers\adv02nt5.dll 2007-04-25 15:04:29 4255 -----n--- C:\WINDOWS\system32\drivers\adv01nt5.dll 2007-04-25 15:04:28 31744 -----n--- C:\WINDOWS\system32\drivers\atinxbxx.sys 2007-04-25 15:04:28 73216 -----n--- C:\WINDOWS\system32\drivers\atintuxx.sys 2007-04-25 15:04:28 13824 -----n--- C:\WINDOWS\system32\drivers\atinttxx.sys 2007-04-25 15:04:28 28672 -----n--- C:\WINDOWS\system32\drivers\atinsnxx.sys 2007-04-25 15:04:28 104960 -----n--- C:\WINDOWS\system32\drivers\atinrvxx.sys 2007-04-25 15:04:28 52224 -----n--- C:\WINDOWS\system32\drivers\atinraxx.sys 2007-04-25 15:04:28 14336 -----n--- C:\WINDOWS\system32\drivers\atinpdxx.sys 2007-04-25 15:04:28 13824 -----n--- C:\WINDOWS\system32\drivers\atinmdxx.sys 2007-04-25 15:04:28 57856 -----n--- C:\WINDOWS\system32\drivers\atinbtxx.sys 2007-04-25 15:04:28 701440 -----n--- C:\WINDOWS\system32\drivers\ati2mtag.sys 2007-04-25 15:04:28 327040 -----n--- C:\WINDOWS\system32\drivers\ati2mtaa.sys 2007-04-25 15:04:28 34735 -----n--- C:\WINDOWS\system32\drivers\ati1xsxx.sys 2007-04-25 15:04:28 29455 -----n--- C:\WINDOWS\system32\drivers\ati1xbxx.sys 2007-04-25 15:04:27 15423 -----n--- C:\WINDOWS\system32\drivers\ch7xxnt5.dll 2007-04-25 15:04:27 18944 -----n--- C:\WINDOWS\system32\drivers\bthusb.sys 2007-04-25 15:04:27 35456 -----n--- C:\WINDOWS\system32\drivers\bthprint.sys 2007-04-25 15:04:27 275200 -----n--- C:\WINDOWS\system32\drivers\bthport.sys 2007-04-25 15:04:27 100992 -----n--- C:\WINDOWS\system32\drivers\bthpan.sys 2007-04-25 15:04:27 38016 -----n--- C:\WINDOWS\system32\drivers\bthmodem.sys 2007-04-25 15:04:27 17024 -----n--- C:\WINDOWS\system32\drivers\bthenum.sys 2007-04-25 15:04:27 17279 -----n--- C:\WINDOWS\system32\drivers\atv10nt5.dll 2007-04-25 15:04:27 14143 -----n--- C:\WINDOWS\system32\drivers\atv06nt5.dll 2007-04-25 15:04:27 25471 -----n--- C:\WINDOWS\system32\drivers\atv04nt5.dll 2007-04-25 15:04:27 11359 -----n--- C:\WINDOWS\system32\drivers\atv02nt5.dll 2007-04-25 15:04:27 21183 -----n--- C:\WINDOWS\system32\drivers\atv01nt5.dll 2007-04-25 15:04:27 63488 -----n--- C:\WINDOWS\system32\drivers\atinxsxx.sys 2007-04-25 15:04:26 1309184 -----n--- C:\WINDOWS\system32\drivers\mtlstrm.sys 2007-04-25 15:04:26 126686 -----n--- C:\WINDOWS\system32\drivers\mtlmnt5.sys 2007-04-25 15:04:26 11868 -----n--- C:\WINDOWS\system32\drivers\mdmxsdk.sys 2007-04-25 15:04:26 1041536 -----n--- C:\WINDOWS\system32\drivers\hsfdpsp2.sys 2007-04-25 15:04:26 685056 -----n--- C:\WINDOWS\system32\drivers\hsfcxts2.sys 2007-04-25 15:04:26 220032 -----n--- C:\WINDOWS\system32\drivers\hsfbs2s2.sys 2007-04-25 15:04:26 15104 -----n--- C:\WINDOWS\system32\drivers\hidir.sys 2007-04-25 15:04:26 25728 -----n--- C:\WINDOWS\system32\drivers\hidbth.sys 2007-04-25 15:04:26 46464 -----n--- C:\WINDOWS\system32\drivers\gagp30kx.sys 2007-04-25 15:04:25 6016 -----n--- C:\WINDOWS\system32\drivers\smbali.sys 2007-04-25 15:04:25 13240 -----n--- C:\WINDOWS\system32\drivers\slwdmsup.sys 2007-04-25 15:04:25 95424 -----n--- C:\WINDOWS\system32\drivers\slnthal.sys 2007-04-25 15:04:25 404990 -----n--- C:\WINDOWS\system32\drivers\slntamr.sys 2007-04-25 15:04:25 129535 -----n--- C:\WINDOWS\system32\drivers\slnt7554.sys 2007-04-25 15:04:25 41088 -----n--- C:\WINDOWS\system32\drivers\sisagp.sys 2007-04-25 15:04:25 3901 -----n--- C:\WINDOWS\system32\drivers\siint5.dll 2007-04-25 15:04:25 166912 -----n--- C:\WINDOWS\system32\drivers\s3gnbm.sys 2007-04-25 15:04:25 30080 -----n--- C:\WINDOWS\system32\drivers\rndismpx.sys 2007-04-25 15:04:25 59648 -----n--- C:\WINDOWS\system32\drivers\rfcomm.sys 2007-04-25 15:04:25 13776 -----n--- C:\WINDOWS\system32\drivers\recagent.sys 2007-04-25 15:04:25 180360 -----n--- C:\WINDOWS\system32\drivers\ntmtlfax.sys 2007-04-25 15:04:25 12672 -----n--- C:\WINDOWS\system32\drivers\mutohpen.sys 2007-04-25 15:04:25 452736 -----n--- C:\WINDOWS\system32\drivers\mtxparhm.sys 2007-04-25 15:04:24 25471 -----n--- C:\WINDOWS\system32\drivers\watv10nt.sys 2007-04-25 15:04:24 22271 -----n--- C:\WINDOWS\system32\drivers\watv06nt.sys 2007-04-25 15:04:24 11935 -----n--- C:\WINDOWS\system32\drivers\wadv11nt.sys 2007-04-25 15:04:24 11871 -----n--- C:\WINDOWS\system32\drivers\wadv09nt.sys 2007-04-25 15:04:24 11295 -----n--- C:\WINDOWS\system32\drivers\wadv08nt.sys 2007-04-25 15:04:24 11807 -----n--- C:\WINDOWS\system32\drivers\wadv07nt.sys 2007-04-25 15:04:24 13568 -----n--- C:\WINDOWS\system32\drivers\wacompen.sys 2007-04-25 15:04:24 42240 -----n--- C:\WINDOWS\system32\drivers\viaagp.sys 2007-04-25 15:04:24 11325 -----n--- C:\WINDOWS\system32\drivers\vchnt5.dll 2007-04-25 15:04:24 78464 -----n--- C:\WINDOWS\system32\drivers\usbvideo.sys 2007-04-25 15:04:24 12672 -----n--- C:\WINDOWS\system32\drivers\usb8023x.sys 2007-04-25 15:04:24 44672 -----n--- C:\WINDOWS\system32\drivers\uagp35.sys 2007-04-25 15:04:24 201728 -----n--- C:\WINDOWS\system32\ati2dvag.dll 2007-04-25 15:04:24 377984 -----n--- C:\WINDOWS\system32\ati2dvaa.dll 2007-04-25 15:04:24 229376 -----n--- C:\WINDOWS\system32\ati2cqag.dll 2007-04-25 15:04:23 1737856 -----n--- C:\WINDOWS\system32\mtxparhd.dll 2007-04-25 15:04:23 86016 -----n--- C:\WINDOWS\system32\mdmxsdk.dll 2007-04-25 15:04:23 32285 -----n--- C:\WINDOWS\system32\hsfcisp2.dll 2007-04-25 15:04:23 516768 -----n--- C:\WINDOWS\system32\ativvaxx.dll 2007-04-25 15:04:23 32768 -----n--- C:\WINDOWS\system32\ativtmxx.dll 2007-04-25 15:04:23 1888992 -----n--- C:\WINDOWS\system32\ati3duag.dll 2007-04-25 15:04:23 870784 -----n--- C:\WINDOWS\system32\ati3d1ag.dll 2007-04-25 15:04:22 73796 -----n--- C:\WINDOWS\system32\slserv.exe 2007-04-25 15:04:22 32866 -----n--- C:\WINDOWS\system32\slrundll.exe 2007-04-25 15:04:22 188508 -----n--- C:\WINDOWS\system32\slgen.dll 2007-04-25 15:04:22 286792 -----n--- C:\WINDOWS\system32\slextspk.dll 2007-04-25 15:04:22 73832 -----n--- C:\WINDOWS\system32\slcoinst.dll 2007-04-25 15:04:22 397056 -----n--- C:\WINDOWS\system32\s3gnb.dll 2007-04-25 15:04:22 32866 -----n--- C:\WINDOWS\slrundll.exe 2007-04-25 15:00:54 0 d-------- C:\WINDOWS\ServicePackFiles<SERVIC~1> 2007-04-24 14:29:44 60273 --a------ C:\WINDOWS\system32\pthreadGC2.dll<PTHREA~1.DLL> 2007-04-22 21:29:46 31744 --a------ C:\WINDOWS\system32\drivers\ZDPSp50a64.sys<ZDPSP5~1.SYS> 2007-04-22 21:29:46 17664 --a------ C:\WINDOWS\system32\drivers\ZDPSp50.sys 2007-04-22 21:29:46 29184 --a------ C:\WINDOWS\system32\drivers\BRGSp50a64.sys<BRGSP5~1.SYS> 2007-04-22 21:29:46 20608 --a------ C:\WINDOWS\system32\drivers\BRGSp50.sys 2007-04-22 21:29:46 0 d-------- C:\Program Files\SAGEM WiFi manager<SAGEMW~1> 2007-04-22 21:29:37 0 d-------- C:\Program Files\SAGEM 2007-04-22 21:28:36 402432 --a------ C:\WINDOWS\system32\drivers\WlanBZXP.sys 2007-04-22 21:28:36 493440 --a------ C:\WINDOWS\system32\drivers\WlanBZ64.SYS 2007-04-22 08:28:54 0 d-------- C:\Program Files\Global Graphics<GLOBAL~1> 2007-04-21 21:46:01 74752 --a------ C:\WINDOWS\cadkasdeinst01e.exe<CADKAS~1.EXE> 2007-04-21 21:46:01 0 d-------- C:\Program Files\PDF Editor 2<PDFEDI~1> 2007-04-13 14:39:08 0 d-------- C:\Program Files\Common Files\Skype 2007-04-11 21:47:58 0 d-------- C:\Program Files\MSECache 2007-04-11 21:43:25 0 dr-h----- C:\MSOCache 2007-04-11 21:23:44 0 d-------- C:\Program Files\Microsoft Works<MIF2B0~1> 2007-04-11 21:23:16 0 d-------- C:\WINDOWS\SHELLNEW 2007-04-11 21:23:01 0 d-------- C:\Program Files\Microsoft.NET<MICROS~1.NET> -- Find3M Report --------------------------------------------------------------- 2007-05-08 00:07:47 24 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000001-00000000-00000008-00001102-00000002-80651102}.dat<DVCSTA~2.DAT> 2007-05-08 00:07:47 24 --a------ C:\WINDOWS\system32\DVCState-{00000001-00000000-00000008-00001102-00000002-80651102}.dat<DVCSTA~1.DAT> 2007-05-07 20:40:28 11699200 --a------ C:\Documents and Settings\SZEWCO\Dane aplikacji\Outlook.pst 2007-05-07 20:40:28 271360 --a------ C:\Documents and Settings\SZEWCO\Dane aplikacji\archive.pst 2007-05-07 17:55:56 10 --ah----- C:\WINDOWS\popcinfo.dat 2007-05-07 14:53:34 0 d-------- C:\Program Files\DivX 2007-05-04 20:10:41 0 d-------- C:\Documents and Settings\SZEWCO\Dane aplikacji\teamspeak2<TEAMSP~1> 2007-05-04 15:04:34 0 d-------- C:\Documents and Settings\SZEWCO\Dane aplikacji\Azureus 2007-05-04 12:56:19 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1> 2007-05-02 14:14:11 0 d-------- C:\Documents and Settings\SZEWCO\Dane aplikacji\Logitech 2007-04-28 00:53:24 0 d-------- C:\Program Files\Norton AntiVirus<NORTON~1> 2007-04-27 10:52:12 0 d-------- C:\Program Files\Gadu-Gadu<GADU-G~1> 2007-04-27 10:28:36 0 d-------- C:\Program Files\Windows Media Connect 2<WINDOW~4> 2007-04-24 14:41:55 0 d-------- C:\Program Files\Winamp 2007-04-24 14:29:44 0 d-------- C:\Program Files\ffdshow 2007-04-24 07:56:36 10752 --a------ C:\WINDOWS\system32\ff_vfw.dll 2007-04-22 08:44:37 0 d-------- C:\Program Files\Replay Converter<REPLAY~1> 2007-04-22 08:31:23 0 d-------- C:\Documents and Settings\SZEWCO\Dane aplikacji\PDFEditorSDK<PDFEDI~1> 2007-04-18 23:13:14 0 d-------- C:\Program Files\Azureus 2007-04-18 23:09:48 0 d-------- C:\Documents and Settings\SZEWCO\Dane aplikacji\Kingston 2007-04-17 20:52:46 0 d-------- C:\Documents and Settings\SZEWCO\Dane aplikacji\Gadu-Gadu<GADU-G~1> 2007-04-15 22:29:42 0 d-------- C:\Program Files\mIRC 2007-04-15 02:51:22 0 d-------- C:\Documents and Settings\SZEWCO\Dane aplikacji\Skype 2007-04-15 00:54:26 0 d-------- C:\Program Files\DAEMON Tools<DAEMON~1> 2007-04-13 14:39:11 0 d-------- C:\Program Files\Skype 2007-04-12 19:44:36 0 d-------- C:\Program Files\SnadBoy's Revelation v2<SNADBO~1> 2007-04-11 21:48:35 497524 --a------ C:\WINDOWS\system32\perfh015.dat 2007-04-11 21:48:35 88224 --a------ C:\WINDOWS\system32\perfc015.dat 2007-04-11 21:42:22 0 d-------- C:\Documents and Settings\SZEWCO\Dane aplikacji\OfficeUpdate12<OFFICE~1> 2007-04-08 01:37:54 0 d-------- C:\Program Files\Motorola Phone Tools<MOTORO~1> 2007-04-08 01:16:53 0 d-------- C:\Program Files\SkanerOnline<SKANER~1> 2007-04-07 23:39:33 0 d-------- C:\Program Files\The All-Seeing Eye<THEALL~1> 2007-04-07 19:04:23 0 d-------- C:\Program Files\QuickTime<QUICKT~1> 2007-04-06 23:28:14 0 d-------- C:\Documents and Settings\SZEWCO\Dane aplikacji\MusicIP 2007-04-06 12:13:24 0 d---s---- C:\Documents and Settings\SZEWCO\Dane aplikacji\Microsoft<MICROS~1> 2007-04-05 15:56:13 0 d-------- C:\Documents and Settings\SZEWCO\Dane aplikacji\BinarySense<BINARY~1> 2007-03-29 15:21:52 0 d-------- C:\Documents and Settings\SZEWCO\Dane aplikacji\nHancer 2007-03-26 23:48:13 0 d-------- C:\Program Files\AC3Filter<AC3FIL~1> 2007-03-19 19:59:25 0 d-------- C:\Program Files\Mozilla Firefox 2 Beta 1<MOZILL~1> 2007-03-14 19:38:24 524288 --a------ C:\WINDOWS\opuc.dll 2007-03-08 01:51:00 129784 -----n--- C:\WINDOWS\system32\pxafs.dll 2007-03-05 14:34:28 676224 --a------ C:\WINDOWS\system32\OGACheckControl.DLL<OGACHE~1.DLL> 2007-02-19 23:49:35 4 --a------ C:\WINDOWS\info147.sys 2007-02-14 15:27:18 1415680 --a------ C:\WINDOWS\system32\WMV9VCM.dll 2007-02-14 15:27:09 245760 --a------ C:\WINDOWS\system32\mplvpx.dll 2007-02-14 15:27:08 9216 --a------ C:\WINDOWS\system32\cpuinf32.dll 2007-02-10 17:43:57 737280 --a------ C:\WINDOWS\iun6002.exe -- Registry Dump --------------------------------------------------------------- [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe" "DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce\CTStartup] "CTStartup"="\"C:\\Program Files\\Creative\\Splash Screen\\CTEaxSpl.EXE\" /play" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "WINDVDPatch"="CTHELPER.EXE" "Jet Detection"="\"C:\\Program Files\\Creative\\SBLive\\PROGRAM\\ADGJDet.exe\"" "CTStartup"="C:\\Program Files\\Creative\\Splash Screen\\CTEaxSpl.EXE /run" "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup" "nwiz"="nwiz.exe /install" "NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit" "NAV Agent"="C:\\PROGRA~1\\NORTON~1\\navapw32.exe" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\"" "RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\"" "CloneCDTray"="\"C:\\Program Files\\SlySoft\\CloneCD\\CloneCDTray.exe\" /s" "NWEReboot"="" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] @="" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WdfLoadGroup [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0 [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{00d18c3a-c931-11db-83b3-0060b342dc4c}] Shell\AutoRun\command G:\SETUP.EXE [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bbde3380-c97a-11db-83b4-0060b342dc4c}] Shell\AutoRun\command H:\SETUP.EXE [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bbde3381-c97a-11db-83b4-0060b342dc4c}] Shell\AutoRun\command I:\PlayD2.EXE [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bbde3382-c97a-11db-83b4-0060b342dc4c}] Shell\AutoRun\command J:\SETUP.EXE -- End of ComboScan: finished at 2007-05-08 at 14:11:30 ------------------------

2. SR

Kod: Zaznacz wszystko: "Silent Runners.vbs", revision 46, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS] "DAEMON Tools" = ""C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033" ["DT Soft Ltd."] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "WINDVDPatch" = "CTHELPER.EXE" ["Creative Technology Ltd"] "Jet Detection" = ""C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"" [null data] "CTStartup" = "C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run" [null data] "NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS] "nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"] "NvMediaCenter" = "RunDLL32.exe NvMCTray.dll,NvTaskbarInit" [MS] "NAV Agent" = "C:\PROGRA~1\NORTON~1\navapw32.exe" [null data] "SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"" [null data] "RemoteControl" = ""C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"" [null data] "CloneCDTray" = ""C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s" [file not found] "NWEReboot" = (empty string) "QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" [null data] "Kernel and Hardware Abstraction Layer" = "KHALMNPR.EXE" ["Logitech Inc."] "Logitech Hardware Abstraction Layer" = "KHALMNPR.EXE" ["Logitech Inc."] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "AcroIEHlprObj Class" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = "SSVHelper Class" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll" ["Sun Microsystems, Inc."] {9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided) -> {HKLM...CLSID} = "Windows Live Sign-in Helper" \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS] {BDF3E430-B101-42AD-A544-FADC6B084872}\(Default) = "NAV Helper" -> {HKLM...CLSID} = "CNavExtBho Class" \InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania" -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."] "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class" -> {HKLM...CLSID} = "DesktopContext Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper" -> {HKLM...CLSID} = "NVIDIA CPL Extension" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer" -> {HKLM...CLSID} = "Desktop Explorer" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu" -> {HKLM...CLSID} = "nView Desktop Context Menu" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"] "{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"] "{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"] "{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] "{721A1B24-EC8B-4eda-9CCE-39720B9FA747}" = "WipeExt" -> {HKLM...CLSID} = "WipeExt" \InProcServer32\(Default) = "C:\Program Files\Ace Utilities\wipext.dll" [null data] "{73B24247-042E-4EF5-ADC2-42F62E6FD654}" = "ICQ Lite Shell Extension" -> {HKLM...CLSID} = "MCLiteShellExt Class" \InProcServer32\(Default) = "C:\Program Files\ICQLite\ICQLiteShell.dll" [empty string] "{e82a2d71-5b2f-43a0-97b8-81be15854de8}" = "ShellLink for Application References" -> {HKLM...CLSID} = "ShellLink for Application References" \InProcServer32\(Default) = "C:\WINDOWS\system32\dfshim.dll" [MS] "{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}" = "Shell Icon Handler for Application References" -> {HKLM...CLSID} = "Shell Icon Handler for Application References" \InProcServer32\(Default) = "C:\WINDOWS\system32\dfshim.dll" [MS] "{45670FA8-ED97-4F44-BC93-305082590BFB}" = "Microsoft.XPS.Shell.Metadata.1" -> {HKLM...CLSID} = "Windows XPS Document Metadata Handler" \InProcServer32\(Default) = "C:\WINDOWS\System32\XPSSHHDR.DLL" [MS] "{44121072-A222-48f2-A58A-6D9AD51EBBE9}" = "Microsoft.XPS.Shell.Thumbnail.1" -> {HKLM...CLSID} = "Windows XPS Document Thumbnail Handler" \InProcServer32\(Default) = "C:\WINDOWS\System32\XPSSHHDR.DLL" [MS] "{63AFBDFB-5EF8-4791-AF79-9A3C0DE48974}" = "EditPlus Context Menu Handler" -> {HKLM...CLSID} = "EditPlus Context Menu Handler" \InProcServer32\(Default) = "C:\Program Files\EditPlus 2\eppshell.dll" [null data] "{B95713CD-06FF-4D35-A9DA-4DBDFE5FD7F4}" = "Hex Editor Shell Extension" -> {HKLM...CLSID} = "ShellExt Class" \InProcServer32\(Default) = "C:\Program Files\HHD Software\Hex Editor 3.x\heshell.dll" ["HHD Software"] "{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders" -> {HKLM...CLSID} = "Moje foldery udostępniania" \InProcServer32\(Default) = "C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll" [MS] "{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler" -> {HKLM...CLSID} = "Microsoft Office Outlook" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\OFFICE11\MLSHEXT.DLL" [MS] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\OFFICE11\OLKFSTUB.DLL" [MS] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS] "{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler" -> {HKLM...CLSID} = "Microsoft Office Metadata Handler" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS] "{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler" -> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS] "{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices" -> {HKLM...CLSID} = "Portable Media Devices" \InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS] "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu" -> {HKLM...CLSID} = "Portable Media Devices Menu" \InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS] "{DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C}" = "Logitech Setpoint Extension" -> {HKLM...CLSID} = "KbLogiExt Class" \InProcServer32\(Default) = "C:\Program Files\Logitech\SetPoint\kbcplext.dll" ["Logitech Inc."] "{B9B9F083-2B04-452A-8691-83694AC1037B}" = "Logitech Setpoint Extension" -> {HKLM...CLSID} = "LogiExt Class" \InProcServer32\(Default) = "C:\Program Files\Logitech\SetPoint\mcplext.dll" ["Logitech Inc."] HKLM\Software\Classes\PROTOCOLS\Filter\ INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ EditPlus\(Default) = "{63AFBDFB-5EF8-4791-AF79-9A3C0DE48974}" -> {HKLM...CLSID} = "EditPlus Context Menu Handler" \InProcServer32\(Default) = "C:\Program Files\EditPlus 2\eppshell.dll" [null data] Hex Editor 3\(Default) = "{B95713CD-06FF-4D35-A9DA-4DBDFE5FD7F4}" -> {HKLM...CLSID} = "ShellExt Class" \InProcServer32\(Default) = "C:\Program Files\HHD Software\Hex Editor 3.x\heshell.dll" ["HHD Software"] ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}" -> {HKLM...CLSID} = "MCLiteShellExt Class" \InProcServer32\(Default) = "C:\Program Files\ICQLite\ICQLiteShell.dll" [empty string] Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}" -> {HKLM...CLSID} = "IEContextMenu Class" \InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"] WipeExt\(Default) = "{721A1B24-EC8B-4eda-9CCE-39720B9FA747}" -> {HKLM...CLSID} = "WipeExt" \InProcServer32\(Default) = "C:\Program Files\Ace Utilities\wipext.dll" [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}" -> {HKLM...CLSID} = "MCLiteShellExt Class" \InProcServer32\(Default) = "C:\Program Files\ICQLite\ICQLiteShell.dll" [empty string] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}" -> {HKLM...CLSID} = "IEContextMenu Class" \InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"] WipeExt\(Default) = "{721A1B24-EC8B-4eda-9CCE-39720B9FA747}" -> {HKLM...CLSID} = "WipeExt" \InProcServer32\(Default) = "C:\Program Files\Ace Utilities\wipext.dll" [null data] Active Desktop and Wallpaper: ----------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Documents and Settings\SZEWCO\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp" Startup items in "SZEWCO" & "All Users" startup folders: -------------------------------------------------------- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart "Adobe Reader Speed Launch" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"] "Logitech SetPoint" -> shortcut to: "C:\Program Files\Logitech\SetPoint\SetPoint.exe" ["Logitech Inc."] "Program sieciowy dla SAGEM Wi-Fi 11g USB adapter" -> shortcut to: "C:\Program Files\SAGEM WiFi manager\WLANUTL.exe" [" "] Enabled Scheduled Tasks: ------------------------ "Norton AntiVirus - Scan my computer" -> launches: "C:\PROGRA~1\NORTON~1\NAVW32.exe /task:C:\DOCUME~1\ALLUSE~1\DANEAP~1\Symantec\NORTON~1\Tasks\mycomp.sca" ["Symantec Corporation"] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ "{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" -> {HKLM...CLSID} = "Norton AntiVirus" \InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ "{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus" -> {HKLM...CLSID} = "Norton AntiVirus" \InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ "MenuText" = "Sun Java Console" "CLSIDExtension" = "{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}" -> {HKCU...CLSID} = "Java Plug-in 1.5.0_11" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll" ["Sun Microsystems, Inc."] -> {HKLM...CLSID} = "Java Plug-in 1.5.0_11" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll" ["Sun Microsystems, Inc."] {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ "ButtonText" = "Badanie" {B863453A-26C3-4E1F-A54D-A2CD196348E9}\ "ButtonText" = "ICQ Lite" "MenuText" = "ICQ Lite" "Exec" = "C:\Program Files\ICQLite\ICQLite.exe" ["ICQ Ltd."] {FB5F1910-F110-11D2-BB9E-00C04F795683}\ "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS] HOSTS file ---------- C:\WINDOWS\System32\drivers\etc\HOSTS maps: 3 domain names to IP addresses, 2 of the IP addresses are *not* localhost! Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Automatic LiveUpdate Scheduler, Automatic LiveUpdate Scheduler, ""C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"" ["Symantec Corporation"] Creative Service for CDROM Access, Creative Service for CDROM Access, "C:\WINDOWS\system32\CTsvcCDA.exe" ["Creative Technology Ltd"] Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS] Norton AntiVirus Auto Protect Service, navapsvc, "C:\Program Files\Norton AntiVirus\navapsvc.exe" ["Symantec Corporation"] NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"] Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS] WMDM PMSP Service, WMDM PMSP Service, "C:\WINDOWS\system32\MsPMSPSv.exe" [MS] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points and all Registry CLSIDs for dormant Explorer Bars, use the -supp parameter or answer "No" at the first message box. ---------- (total run time: 79 seconds, including 4 seconds for message boxes)

**Posty:** 18165 · przez **wojtas** 08 Maj 2007, 16:13

jest ok

prosba o sprawdzenie loga

Prosba o sprawdzenie loga

Kto jest na forum