prośba o sprawdzenie loga

**Posty:** 2042 · przez **Wojtaz** 22 Lis 2007, 16:52

Temat odświeżony :!:

Silent Runners

Kod: Zaznacz wszystko: "Silent Runners.vbs", revision 52, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = ""C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"" ["Nero AG"] "Creative Live! Cam Manager" = ""D:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"" ["Creative Technology Ltd."] "DAEMON Tools" = ""D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033" ["DT Soft Ltd."] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS] "nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"] "NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS] "RemoteControl" = ""D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"" ["Cyberlink Corp."] "High Definition Audio Property Page Shortcut" = "HDAShCut.exe" ["Windows (R) Server 2003 DDK provider"] "SoundMAXPnP" = "C:\Program Files\Analog Devices\Core\smax4pnp.exe" ["Analog Devices, Inc."] "SoundMAX" = ""C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray" ["Analog Devices, Inc."] "avast!" = "D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [file not found] "NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"] "NBKeyScan" = ""D:\Program Files\Nero 8\Nero 8\Nero BackItUp\NBKeyScan.exe"" ["Nero AG"] "AVFX Engine" = "D:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" ["Creative Technology Ltd."] "V0230Mon.exe" = "C:\WINDOWS\system32\V0230Mon.exe" ["Creative Technology Ltd."] "WinampAgent" = "D:\Program Files\Winamp\winampa.exe" [null data] "WOOWATCH" = "C:\PROGRA~1\NEOSTR~1\Watch.exe" ["France Télécom R&D"] "WOOTASKBARICON" = "C:\PROGRA~1\NEOSTR~1\GestMaj.exe TaskBarIcon.exe" ["France Télécom R&D"] "srchost" = "C:\WINDOWS\system32\SRCHOST.SCR" [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "Adobe PDF Reader Link Helper" \InProcServer32\(Default) = "D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {0D39A900-0F3A-4C29-A254-3E65244FDC34}\(Default) = "Media Holding Enterprises, LLC" -> {HKLM...CLSID} = "ContextHelper" \InProcServer32\(Default) = "C:\Program Files\ContextTool\ContextTool-2.dll" ["Media Holding Enterprises, LLC"] {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}\(Default) = "Winamp Toolbar BHO" -> {HKLM...CLSID} = "Winamp Toolbar BHO" \InProcServer32\(Default) = "C:\Program Files\Winamp Toolbar\winamptb.dll" ["AOL LLC"] {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}\(Default) = "BitComet ClickCapture" -> {HKLM...CLSID} = "BitComet Helper" \InProcServer32\(Default) = "D:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll" ["BitComet"] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania" -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."] "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class" -> {HKLM...CLSID} = "DesktopContext Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper" -> {HKLM...CLSID} = "NVIDIA CPL Extension" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer" -> {HKLM...CLSID} = "Desktop Explorer" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu" -> {HKLM...CLSID} = "nView Desktop Context Menu" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data] "{472083B0-C522-11CF-8763-00608CC02F24}" = "avast" -> {HKLM...CLSID} = "avast" \InProcServer32\(Default) = "D:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"] "{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler" -> {HKLM...CLSID} = "Microsoft Office Outlook" \InProcServer32\(Default) = "D:\PROGRA~1\MICROS~1\OFFICE11\MLSHEXT.DLL" [MS] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook" \InProcServer32\(Default) = "D:\PROGRA~1\MICROS~1\OFFICE11\OLKFSTUB.DLL" [MS] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "D:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS] "{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx" -> {HKLM...CLSID} = "AlcoholShellEx" \InProcServer32\(Default) = "D:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll" ["Alcohol Soft Development Team"] "{D7B7A5AE-9D19-4F9E-9C6F-46C82D22D71C}" = "Wyślij na Fotosik.pl" -> {HKLM...CLSID} = "Wyślij na Fotosik.pl" \InProcServer32\(Default) = "D:\PROGRA~1\FOTOSI~1\FOTOSI~1.DLL" [null data] "{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2}" = "NeroCoverEd Live Icons" -> {HKLM...CLSID} = "NeroCoverEdLiveIcons Class" \InProcServer32\(Default) = "D:\Program Files\Nero 8\Nero 8\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"] "{A5110426-177D-4e08-AB3F-785F10B4439C}" = "Sony Ericsson File Manager" -> {HKLM...CLSID} = "Sony Ericsson File Manager" \InProcServer32\(Default) = "D:\Program Files\Sony Ericsson\Mobile2\File Manager\fmgrgui.dll" ["Sony Ericsson Mobile Communications AB"] "{AD392E40-428C-459F-961E-9B147782D099}" = "UltraISO" -> {HKLM...CLSID} = "UIContextMenu Class" \InProcServer32\(Default) = "D:\Program Files\UltraISO\isoshell.dll" ["EZB Systems, Inc."] HKLM\Software\Classes\PROTOCOLS\Filter\ <<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "D:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}" -> {HKLM...CLSID} = "avast" \InProcServer32\(Default) = "D:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"] Cover Designer\(Default) = "{73FCA462-9BD5-4065-A73F-A8E5F6904EF7}" -> {HKLM...CLSID} = "NeroCoverEdContextMenu Class" \InProcServer32\(Default) = "D:\Program Files\Nero 8\Nero 8\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ UltraISO\(Default) = "{AD392E40-428C-459F-961E-9B147782D099}" -> {HKLM...CLSID} = "UIContextMenu Class" \InProcServer32\(Default) = "D:\Program Files\UltraISO\isoshell.dll" ["EZB Systems, Inc."] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data] {D7B7A5AE-9D19-4F9E-9C6F-46C82D22D71C}\(Default) = "{D7B7A5AE-9D19-4F9E-9C6F-46C82D22D71C}" -> {HKLM...CLSID} = "Wyślij na Fotosik.pl" \InProcServer32\(Default) = "D:\PROGRA~1\FOTOSI~1\FOTOSI~1.DLL" [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}" -> {HKLM...CLSID} = "avast" \InProcServer32\(Default) = "D:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"] UltraISO\(Default) = "{AD392E40-428C-459F-961E-9B147782D099}" -> {HKLM...CLSID} = "UIContextMenu Class" \InProcServer32\(Default) = "D:\Program Files\UltraISO\isoshell.dll" ["EZB Systems, Inc."] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ "shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp" Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Documents and Settings\Wojtaz\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"

HijackThis:

Kod: Zaznacz wszystko: Logfile of HijackThis v1.99.1 Scan saved at 16:14, on 2007-11-22 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\WINDOWS\System32\FTRTSVC.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE D:\Program Files\Nero 8\Nero 8\Nero BackItUp\NBService.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\nvsvc32.exe D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\RUNDLL32.EXE D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe D:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe C:\WINDOWS\system32\V0230Mon.exe D:\Program Files\Winamp\winampa.exe C:\WINDOWS\system32\SRCHOST.SCR D:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe D:\Program Files\DAEMON Tools\daemon.exe D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe D:\Program Files\CiDial\CiDial.exe C:\PROGRA~1\NEOSTR~1\TaskBarIcon.exe D:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe D:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\WScript.exe C:\DOCUME~1\Wojtaz\USTAWI~1\Temp\Rar$EX00.281\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - C:\Program Files\ContextTool\ContextTool-2.dll O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (file missing) O3 - Toolbar: Mirar - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB58.dll (file missing) O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RemoteControl] "D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "D:\Program Files\Nero 8\Nero 8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [AVFX Engine] D:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe O4 - HKLM\..\Run: [V0230Mon.exe] C:\WINDOWS\system32\V0230Mon.exe O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\GestMaj.exe TaskBarIcon.exe O4 - HKLM\..\Run: [srchost] C:\WINDOWS\system32\SRCHOST.SCR O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [Creative Live! Cam Manager] "D:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" O4 - HKCU\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - Startup: CiDial 2.3.lnk = D:\Program Files\CiDial\CiDial.exe O4 - Startup: Yahoo! Widget Engine.lnk = D:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - D:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O15 - Trusted Zone: http://click.getmirar.com (HKLM) O15 - Trusted Zone: http://click.mirarsearch.com (HKLM) O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM) O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM) O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{EB064C20-B4EA-47FC-A262-30161D39858B}: NameServer = 194.204.159.1 217.98.63.164 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: BlueSoleil Hid Service - Unknown owner - D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\Program Files\Nero 8\Nero 8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

ComboFix:

Kod: Zaznacz wszystko: ComboFix 07-11-19.3 - Wojtaz 2006-11-22 16:14:58.3 - [color=red][b]FAT32[/b][/color]x86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.249 [GMT 1:00] Running from: C:\Documents and Settings\Wojtaz\Pulpit\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2007-10-19 to 2007-11-19 ))))))))))))))))))))))))))))))) . 2007-11-22 15:58 312 --a------ C:\WINDOWS\system32\send.txt 2007-11-22 15:48 625 --a------ C:\WINDOWS\system32\send2.txt 2007-11-22 15:29 363,132 --ah----- C:\WINDOWS\system32\srchost.scr 2007-11-22 15:29 195,072 --a------ C:\WINDOWS\system32\SENDER.EXE 2007-11-22 15:07 4,945 --a------ C:\WINDOWS\system32\ban_list.txt 2007-11-20 19:20 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\TEMP 2007-11-18 19:28 <DIR> d--h----- C:\WINDOWS\PIF 2007-11-18 13:12 <DIR> d-------- C:\Program Files\Common Files\EZB Systems 2007-11-14 16:05 <DIR> d-------- C:\Documents and Settings\Wojtaz\Dane aplikacji\AdobeUM 2007-11-13 20:21 <DIR> d-------- C:\Program Files\MSBuild 2007-11-13 20:16 <DIR> d-------- C:\Program Files\Reference Assemblies 2007-11-13 20:16 14,048 --------- C:\WINDOWS\system32\spmsg2.dll 2007-11-12 15:32 <DIR> d-------- C:\Program Files\ContextTool 2007-11-12 14:00 <DIR> d-------- C:\Documents and Settings\Wojtaz\Dane aplikacji\THQ 2007-11-11 14:54 <DIR> d-------- C:\Program Files\SAGEM 2007-11-11 14:54 176,128 --a------ C:\WINDOWS\autoclk.exe 2007-11-11 14:54 155,648 --a------ C:\WINDOWS\system32\adadix32.dll 2007-11-11 14:54 143,360 --a------ C:\WINDOWS\adiras.exe 2007-11-11 14:54 135,168 --a------ C:\WINDOWS\system32\unaddrv.exe 2007-11-11 14:54 127,456 --a------ C:\WINDOWS\system32\IPDETECT.EXE 2007-11-11 14:54 126,976 --a------ C:\WINDOWS\system32\coclassfast.dll 2007-11-11 14:54 46,892 --a------ C:\WINDOWS\system32\ADADIX16.DLL 2007-11-11 14:54 24,576 --a------ C:\WINDOWS\enddisk32.exe 2007-11-11 14:54 4,981 --a------ C:\WINDOWS\system32\ADADIX2K.DLL 2007-11-11 14:53 40,960 --a------ C:\WINDOWS\system32\FTRTSVC.exe 2007-11-11 14:53 36,864 --a------ C:\WINDOWS\system32\IfHelper.dll 2007-11-11 14:52 <DIR> d-------- C:\Program Files\neostrada tp 2007-11-10 17:08 <DIR> d-------- C:\Documents and Settings\Wojtaz\Dane aplikacji\XnView 2007-11-09 21:27 <DIR> d-------- C:\Program Files\Winamp 2007-11-09 21:17 <DIR> d-------- C:\Program Files\Winamp Toolbar 2007-11-09 21:17 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar 2007-11-09 14:12 363,980 --a------ C:\WINDOWS\1-fe5e180d56ed9c233080898276c260cc.exe 2007-11-09 14:12 102,400 --a------ C:\WINDOWS\MBDownloader_876932.exe 2007-11-08 14:37 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys 2007-11-08 14:37 31,616 --a------ C:\WINDOWS\system32\dllcache\usbccgp.sys 2007-11-07 18:18 <DIR> d-------- C:\Documents and Settings\Wojtaz\Dane aplikacji\muvee Technologies 2007-11-07 18:11 498,464 -ra------ C:\WINDOWS\system32\drivers\V0230VID.sys 2007-11-07 18:11 91,136 --a------ C:\WINDOWS\system32\dllcache\kswdmcap.ax 2007-11-07 18:11 86,016 -ra------ C:\WINDOWS\CtDrvIns.exe 2007-11-07 18:11 61,952 --a------ C:\WINDOWS\system32\dllcache\kstvtune.ax 2007-11-07 18:11 41,984 --------- C:\WINDOWS\Ctregrun.exe 2007-11-07 18:11 28,672 --a------ C:\WINDOWS\system32\vidcap.ax 2007-11-07 18:11 28,672 --a------ C:\WINDOWS\system32\dllcache\vidcap.ax 2007-11-07 18:11 9,216 -ra------ C:\WINDOWS\V0230Cfg.exe 2007-11-07 18:11 6,272 -ra------ C:\WINDOWS\system32\drivers\V0230Vfx.sys 2007-11-07 18:11 3,716 -ra------ C:\WINDOWS\system32\drivers\V0230FwH.bin 2007-11-07 18:11 3,716 -ra------ C:\WINDOWS\system32\drivers\V0230FwF.bin 2007-11-07 18:10 <DIR> d-------- C:\Program Files\Common Files\muvee Technologies 2007-11-07 18:10 <DIR> d-------- C:\Documents and Settings\Wojtaz\Dane aplikacji\Creative 2007-11-07 18:10 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Creative 2007-11-07 18:09 <DIR> d-------- C:\Program Files\SightSpeed 2007-11-07 18:09 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\muvee Technologies 2007-11-07 18:08 306,688 --a------ C:\WINDOWS\IsUninst.exe 2007-11-07 18:06 <DIR> d-------- C:\Program Files\Creative 2007-11-07 13:59 13,352 --a------ C:\WINDOWS\system32\drivers\ggflt.sys 2007-11-04 20:08 <DIR> d-------- C:\Documents and Settings\Wojtaz\Dane aplikacji\Skype 2007-11-04 20:07 <DIR> d-------- C:\Program Files\Skype 2007-11-04 20:07 <DIR> d-------- C:\Program Files\Common Files\Skype 2007-11-04 20:07 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Skype 2007-11-04 07:26 <DIR> d--hs---- C:\FOUND.007 2007-11-03 21:06 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll 2007-11-03 21:06 20,520 --a------ C:\WINDOWS\system32\drivers\ggsemc.sys 2007-11-03 21:02 <DIR> d---s---- C:\Documents and Settings\Wojtaz\UserData 2007-11-03 09:55 <DIR> d--hs---- C:\FOUND.006 2007-11-03 06:37 <DIR> d-------- C:\Program Files\Yahoo! 2007-11-02 22:45 <DIR> d-------- C:\Documents and Settings\Wojtaz\Dane aplikacji\Bluefive software 2007-10-31 08:03 <DIR> d-------- C:\Program Files\Sony Ericsson 2007-10-29 22:30 <DIR> d-------- C:\Documents and Settings\Wojtaz\Dane aplikacji\Teleca 2007-10-29 22:29 <DIR> d-------- C:\Program Files\Common Files\Teleca Shared 2007-10-29 22:29 <DIR> d-------- C:\Documents and Settings\All Users\Documents 2007-10-29 22:29 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Teleca 2007-10-29 22:29 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Sony Ericsson 2007-10-29 22:27 <DIR> d-------- C:\WINDOWS\Downloaded Installations 2007-10-29 22:22 368,912 --a------ C:\WINDOWS\system32\VBAR332.DLL 2007-10-29 22:21 42,213 --a------ C:\WINDOWS\system32\PCSuiteP80x.txt 2007-10-29 20:56 <DIR> d--hs---- C:\FOUND.005 2007-10-29 20:06 <DIR> d--hs---- C:\FOUND.004 2007-10-29 19:34 <DIR> d--hs---- C:\FOUND.003 2007-10-24 12:43 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\DVD Shrink 2007-10-24 12:41 <DIR> d-------- C:\Documents and Settings\Wojtaz\Dane aplikacji\CyberLink 2007-10-23 17:04 2,916,352 --------- C:\WINDOWS\UNNMP.exe 2007-10-23 17:02 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe 2007-10-23 17:01 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll 2007-10-23 17:01 38,912 --------- C:\WINDOWS\system32\picn20.dll 2007-10-23 17:00 <DIR> d-------- C:\Program Files\Common Files\Ahead 2007-10-19 19:49 545 --a------ C:\WINDOWS\UC.PIF 2007-10-19 19:49 545 --a------ C:\WINDOWS\RAR.PIF 2007-10-19 19:49 545 --a------ C:\WINDOWS\PKZIP.PIF 2007-10-19 19:49 545 --a------ C:\WINDOWS\PKUNZIP.PIF 2007-10-19 19:49 545 --a------ C:\WINDOWS\NOCLOSE.PIF 2007-10-19 19:49 545 --a------ C:\WINDOWS\LHA.PIF 2007-10-19 19:49 545 --a------ C:\WINDOWS\ARJ.PIF . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-11 13:54 33 ----a-w C:\WINDOWS\system32\drivers\adidsl.cfg 2007-11-03 20:10 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2007-11-03 20:10 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_ggsemc_01005.Wdf 2007-10-29 21:27 94,064 ----a-w C:\WINDOWS\system32\drivers\k510mdm.sys 2007-10-29 21:27 8,336 ----a-w C:\WINDOWS\system32\drivers\k510mdfl.sys 2007-10-29 21:27 6,176 ----a-w C:\WINDOWS\system32\drivers\k510cmnt.sys 2007-10-29 21:27 6,176 ----a-w C:\WINDOWS\system32\drivers\k510cm.sys 2007-10-29 21:27 6,144 ----a-w C:\WINDOWS\system32\drivers\w800cm.sys 2007-10-29 21:27 6,144 ----a-w C:\WINDOWS\system32\drivers\k750cm.sys 2007-10-29 21:27 58,288 ----a-w C:\WINDOWS\system32\drivers\k510bus.sys 2007-10-29 21:27 5,808 ----a-w C:\WINDOWS\system32\drivers\k510whnt.sys 2007-10-29 21:27 5,808 ----a-w C:\WINDOWS\system32\drivers\k510wh.sys 2007-10-29 21:27 5,744 ----a-w C:\WINDOWS\system32\drivers\w800wh.sys 2007-10-29 21:27 5,744 ----a-w C:\WINDOWS\system32\drivers\k750wh.sys 2007-10-17 13:39 --------- d-----w C:\Documents and Settings\Wojtaz\Dane aplikacji\Ahead 2007-10-17 13:33 --------- d-----w C:\Documents and Settings\Wojtaz\Dane aplikacji\Nero 2007-10-17 13:29 --------- d-----w C:\Program Files\Common Files\Nero 2007-10-17 13:29 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Nero 2007-10-17 13:14 --------- d-----w C:\Program Files\The Weather Channel FW 2007-10-16 20:53 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-10-14 18:34 --------- d-----w C:\Documents and Settings\Wojtaz\Dane aplikacji\Winamp 2007-10-12 12:52 --------- d-----w C:\Documents and Settings\Wojtaz\Dane aplikacji\Media Player Classic 2007-10-11 17:24 --------- d-----w C:\Documents and Settings\Wojtaz\Dane aplikacji\ViStart 2007-10-10 14:54 --------- d-----w C:\Program Files\Common Files\Real 2007-10-10 14:11 --------- d-----w C:\Program Files\Common Files\DirectX 2007-10-10 13:58 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE 2007-10-10 13:58 286,720 ------w C:\WINDOWS\Setup1.exe 2007-10-10 11:38 --------- d-----w C:\Documents and Settings\Wojtaz\Dane aplikacji\eMule 2007-10-09 20:58 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2007-10-09 20:08 --------- d-----w C:\Program Files\Microsoft.NET 2007-10-09 20:07 --------- d-----w C:\Program Files\Microsoft Works 2007-10-09 18:37 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Ahead 2007-10-09 13:40 --------- d-----w C:\Documents and Settings\Wojtaz\Dane aplikacji\Tlen.pl 2007-10-07 13:04 --------- d--h--w C:\Documents and Settings\All Users\Dane aplikacji\CanonBJ 2007-10-07 13:03 --------- d--h--w C:\Program Files\CanonBJ 2007-10-07 13:03 --------- d-----w C:\Program Files\Canon 2007-10-07 12:45 --------- d-----w C:\Program Files\Common Files\Adobe 2007-10-07 09:05 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll 2007-10-07 09:05 219,648 ----a-w C:\WINDOWS\system32\dllcache\uxtheme.dll 2007-10-07 08:01 --------- d-----w C:\Documents and Settings\Wojtaz\Dane aplikacji\Gadu-Gadu 2007-10-07 07:41 --------- d-----w C:\Documents and Settings\Wojtaz\Dane aplikacji\Talkback 2007-10-07 07:28 --------- d-----w C:\Program Files\Java 2007-10-06 21:23 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Bluetooth 2007-10-06 21:21 --------- d-----w C:\Program Files\Analog Devices 2007-10-06 21:18 --------- d-----w C:\Program Files\AMD 2007-10-06 21:04 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\CyberLink 2007-10-06 21:03 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-10-06 21:01 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\nView_Profiles 2007-10-06 21:00 --------- d-----w C:\Program Files\Common Files\InstallShield 2007-10-06 20:44 --------- d-----w C:\Program Files\microsoft frontpage 2007-10-06 20:43 --------- d-----w C:\Program Files\Usługi online 2007-09-24 08:05 132,904 ----a-w C:\WINDOWS\system32\drivers\imagesrv.sys 2007-09-24 08:05 11,304 ----a-w C:\WINDOWS\system32\drivers\imagedrv.sys 2007-09-20 08:59 972,072 ----a-w C:\WINDOWS\UNRecode.exe 2007-09-20 08:55 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe 2007-09-20 08:55 95,600 ----a-w C:\WINDOWS\system32\NeroCo.dll 2007-09-06 11:09 801,144 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-09-06 11:00 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D39A900-0F3A-4C29-A254-3E65244FDC34}] 2007-06-27 21:27 1044480 --a------ C:\Program Files\ContextTool\ContextTool-2.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}] 2007-10-04 21:06 1135968 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}"= C:\WINDOWS\system32\WinNB58.dll [ ] "{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 21:06 1135968] [HKEY_CLASSES_ROOT\clsid\{9a9c9b68-f908-4aab-8d0c-10ea8997f37e}] [HKEY_CLASSES_ROOT\TypeLib\{566DEDE9-9ED8-45DA-9BE6-9B2EEAB17F49}] [HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1] [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}"= C:\WINDOWS\system32\WinNB58.dll [ ] "{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 21:06 1135968] [HKEY_CLASSES_ROOT\clsid\{9a9c9b68-f908-4aab-8d0c-10ea8997f37e}] [HKEY_CLASSES_ROOT\TypeLib\{566DEDE9-9ED8-45DA-9BE6-9B2EEAB17F49}] [HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1] [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 15:35] "Creative Live! Cam Manager"="D:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" [2006-05-31 16:00] "DAEMON Tools"="D:\Program Files\DAEMON Tools\daemon.exe" [2007-08-16 12:24] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="RUNDLL32.exe" [2004-08-03 22:44 C:\WINDOWS\system32\rundll32.exe] "nwiz"="nwiz.exe" [2005-06-15 11:20 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="RUNDLL32.exe" [2004-08-03 22:44 C:\WINDOWS\system32\rundll32.exe] "RemoteControl"="D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 19:24] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 15:21 C:\WINDOWS\system32\HdAShCut.exe] "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 19:11] "SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2005-09-07 15:35] "avast!"="D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50] "NBKeyScan"="D:\Program Files\Nero 8\Nero 8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 08:51] "AVFX Engine"="D:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-06-09 01:11] "V0230Mon.exe"="C:\WINDOWS\system32\V0230Mon.exe" [2006-07-19 18:00] "WinampAgent"="D:\Program Files\Winamp\winampa.exe" [2007-05-14 23:22] "WOOWATCH"="C:\PROGRA~1\NEOSTR~1\Watch.exe" [2004-08-23 14:49] "WOOTASKBARICON"="C:\PROGRA~1\NEOSTR~1\GestMaj.exe" [2004-10-14 16:55] "srchost"="C:\WINDOWS\system32\SRCHOST.SCR" [2007-11-22 15:29] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 22:44] C:\Documents and Settings\Wojtaz\Menu Start\Programy\Autostart\ CiDial 2.3.lnk - D:\Program Files\CiDial\CiDial.exe [2007-10-06 21:38:04] Yahoo! Widget Engine.lnk - D:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe [2007-07-20 18:57:16] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-10-07 13:46:57] Adobe Reader Speed Launch.lnk - D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26] [color=red]SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system] @="Driver Group" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}] @="DiskDrive" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}] @="Hdc" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}] @="Keyboard" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}] @="Mouse" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}] @="System" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] @="Volume" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^DSLMON.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\DSLMON.lnk backup=C:\WINDOWS\pss\DSLMON.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] C:\Program Files\Skype\Phone\Skype.exe /nosplash /minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite] D:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe /startoptions [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TV Watcher] D:\Program Files\TV Watcher\TV Watcher.exe /a R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3;D:\Program Files\Nero 8\Nero 8\Nero BackItUp\NBService.exe R2 SVKP;SVKP;\??\C:\WINDOWS\system32\SVKP.sys R3 AEAudioService;AEAudio Service;C:\WINDOWS\system32\drivers\AEAudio.sys R3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\system32\DRIVERS\e4usbaw.sys R3 V0230Vfx;V0230Vfx;C:\WINDOWS\system32\DRIVERS\V0230Vfx.sys R3 V0230VID;Live! Cam Video IM Pro;C:\WINDOWS\system32\DRIVERS\V0230VID.sys S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\system32\Drivers\e4ldr.sys S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\DRIVERS\ggflt.sys S3 gggen;Generic USB Flash Driver;C:\WINDOWS\system32\DRIVERS\gggen.sys S3 GVCplDrv;GVCplDrv;C:\WINDOWS\system32\drivers\GVCplDrv.sys S3 k510bus;Sony Ericsson K510 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\k510bus.sys S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k510mdfl.sys S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\k510mdm.sys S3 ntportio;ntportio;\??\E:\Komórka\torrenty.org\Programy serwisowe do SE\Programy do Sony Ericssonow\SEMCtool v8.4\ntportio.sys . ************************************************************************** catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-19 16:15:39 Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-11-19 16:16:00 . --- E O F ---

Skan online:

Zrobiłem to co trzeba z tymi portami

[code]__________________________________________________
ewido anti-spyware online scanner
http://www.ewido.net
__________________________________________________

Name: TrackingCookie.Zedo
Path: C:\Documents and Settings\Wojtaz\Cookies\wojtaz@zedo[1].txt
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: C:\Documents and Settings\Wojtaz\Cookies\wojtaz@ad.yieldmanager[1].txt
Risk: Medium

Name: TrackingCookie.2o7
Path: C:\Documents and Settings\Wojtaz\Cookies\wojtaz@2o7[2].txt
Risk: Medium

Name: TrackingCookie.Kmpads
Path: C:\Documents and Settings\Wojtaz\Cookies\wojtaz@kmpads[1].txt
Risk: Medium

Name: TrackingCookie.Doubleclick
Path: C:\Documents and Settings\Wojtaz\Cookies\wojtaz@doubleclick[1].txt
Risk: Medium

Name: TrackingCookie.Tradedoubler
Path: C:\Documents and Settings\Wojtaz\Cookies\wojtaz@tradedoubler[1].txt
Risk: Medium

Name: TrackingCookie.Real
Path: C:\Documents and Settings\Wojtaz\Cookies\wojtaz@real[2].txt
Risk: Medium

Name: TrackingCookie.Real
Path: C:\Documents and Settings\Wojtaz\Cookies\wojtaz@realguide.real[1].txt
Risk: Medium

Name: TrackingCookie.Skype
Path: C:\Documents and Settings\Wojtaz\Cookies\wojtaz@skype[2].txt
Risk: Medium

Name: TrackingCookie.Tradedoubler
Path: C:\Documents and Settings\Wojtaz\Cookies\wojtaz@tradedoubler[2].txt
Risk: Medium

Name: TrackingCookie.2o7
Path: C:\Documents and Settings\Wojtaz\Cookies\wojtaz@2o7[3].txt
Risk: Medium

Name: TrackingCookie.Information
Path: C:\Documents and Settings\Wojtaz\Cookies\wojtaz@searchportal.information[1].txt
Risk: Medium

Name: TrackingCookie.Revenue
Path: C:\Documents and Settings\Wojtaz\Cookies\wojtaz@revenue[2].txt
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: C:\Documents and Settings\Wojtaz\Cookies\wojtaz@ad.yieldmanager[3].txt
Risk: Medium

Name: TrackingCookie.Casalemedia
Path: C:\Documents and Settings\Wojtaz\Cookies\wojtaz@casalemedia[2].txt
Risk: Medium

Name: TrackingCookie.Yadro
Path: C:\Documents and Settings\Wojtaz\Cookies\wojtaz@yadro[1].txt
Risk: Medium

Name: TrackingCookie.Texttbnru
Path: C:\Documents and Settings\Wojtaz\Cookies\wojtaz@ad.text.tbn[2].txt
Risk: Medium

Name: TrackingCookie.Netflame
Path: C:\Documents and Settings\Wojtaz\Cookies\wojtaz@ssl-hints.netflame[1].txt
Risk: Medium

Name: Logger.Delf.abp
Path: C:\WINDOWS\system32\SENDER.EXE
Risk: High

Name: TrackingCookie.Tradedoubler
Path: :mozilla.29:C:\Documents and Settings\Wojtaz\Dane aplikacji\Mozilla\Firefox\Profiles\e5bieo5t.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Tradedoubler
Path: :mozilla.30:C:\Documents and Settings\Wojtaz\Dane aplikacji\Mozilla\Firefox\Profiles\e5bieo5t.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Tradedoubler
Path: :mozilla.34:C:\Documents and Settings\Wojtaz\Dane aplikacji\Mozilla\Firefox\Profiles\e5bieo5t.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Tradedoubler
Path: :mozilla.35:C:\Documents and Settings\Wojtaz\Dane aplikacji\Mozilla\Firefox\Profiles\e5bieo5t.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Netflame
Path: :mozilla.55:C:\Documents and Settings\Wojtaz\Dane aplikacji\Mozilla\Firefox\Profiles\e5bieo5t.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Doubleclick
Path: :mozilla.95:C:\Documents and Settings\Wojtaz\Dane aplikacji\Mozilla\Firefox\Profiles\e5bieo5t.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adbrite
Path: :mozilla.106:C:\Documents and Settings\Wojtaz\Dane aplikacji\Mozilla\Firefox\Profiles\e5bieo5t.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adbrite
Path: :mozilla.107:C:\Documents and Settings\Wojtaz\Dane aplikacji\Mozilla\Firefox\Profiles\e5bieo5t.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adbrite
Path: :mozilla.108:C:\Documents and Settings\Wojtaz\Dane aplikacji\Mozilla\Firefox\Profiles\e5bieo5t.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: :mozilla.111:C:\Documents and Settings\Wojtaz\Dane aplikacji\Mozilla\Firefox\Profiles\e5bieo5t.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: :mozilla.112:C:\Documents and Settings\Wojtaz\Dane aplikacji\Mozilla\Firefox\Profiles\e5bieo5t.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: :mozilla.113:C:\Documents and Settings\Wojtaz\Dane aplikacji\Mozilla\Firefox\Profiles\e5bieo5t.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: :mozilla.114:C:\Documents and Settings\Wojtaz\Dane aplikacji\Mozilla\Firefox\Profiles\e5bieo5t.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: :mozilla.115:C:\Documents and Settings\Wojtaz\Dane aplikacji\Mozilla\Firefox\Profiles\e5bieo5t.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: :mozilla.116:C:\Documents and Settings\Wojtaz\Dane aplikacji\Mozilla\Firefox\Profiles\e5bieo5t.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: :mozilla.117:C:\Documents and Settings\Wojtaz\Dane aplikacji\Mozilla\Firefox\Profiles\e5bieo5t.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.119:C:\Documents and Settings\Wojtaz\Dane aplikacji\Mozilla\Firefox\Profiles\e5bieo5t.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.120:C:\Documents and Settings\Wojtaz\Dane aplikacji\Mozilla\Firefox\Profiles\e5bieo5t.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.121:C:\Documents and Settings\Wojtaz\Dane aplikacji\Mozilla\Firefox\Profiles\e5bieo5t.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.122:C:\Documents and Settings\Wojtaz\Dane aplikacji\Mozilla\Firefox\Profiles\e5bieo5t.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Tacoda
Path: :mozilla.217:C:\Documents and Settings\Wojtaz\Dane aplikacji\Mozilla\Firefox\Profiles\e5bieo5t.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Tacoda
Path: :mozilla.219:C:\Documents and Settings\Wojtaz\Dane aplikacji\Mozilla\Firefox\Profiles\e5bieo5t.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Tacoda
Path: :mozilla.220:C:\Documents and Settings\Wojtaz\Dane aplikacji\Mozilla\Firefox\Profiles\e5bieo5t.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Tacoda
Path: :mozilla.221:C:\Documents and Settings\Wojtaz\Dane aplikacji\Mozilla\Firefox\Profiles\e5bieo5t.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Revsci
Path: :mozilla.222:C:\Documents and Settings\Wojtaz\Dane aplikacji\Mozilla\Firefox\Profiles\e5bieo5t.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Revsci
Path: :mozilla.223:C:\Documents and Settings\Wojtaz\Dane aplikacji\Mozilla\Firefox\Profiles\e5bieo5t.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Revsci
Path: :mozilla.224:C:\Documents and Settings\Wojtaz\Dane aplikacji\Mozilla\Firefox\Profiles\e5bieo5t.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Advertising
Path: :mozilla.225:C:\Documents and Settings\Wojtaz\Dane aplikacji\Mozilla\Firefox\Profiles\e5bieo5t.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Advertising
Path: :mozilla.226:C:\Documents and Settings\Wojtaz\Dane aplikacji\Mozilla\Firefox\Profiles\e5bieo5t.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Advertising
Path: :mozilla.227:C:\Documents and Settings\Wojtaz\Dane aplikacji\Mozilla\Firefox\Profiles\e5bieo5t.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Tacoda
Path: :mozilla.232:C:\Documents and Settings\Wojtaz\Dane aplikacji\Mozilla\Firefox\Profiles\e5bieo5t.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.233:C:\Documents and Settings\Wojtaz\Dane aplikacji\Mozilla\Firefox\Profiles\e5bieo5t.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.234:C:\Documents and Settings\Wojtaz\Dane aplikacji\Mozilla\Firefox\Profiles\e5bieo5t.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.235:C:\Documents and Settings\Wojtaz\Dane aplikacji\Mozilla\Firefox\Profiles\e5bieo5t.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.236:C:\Documents and Settings\Wojtaz\Dane aplikacji\Mozilla\Firefox\Profiles\e5bieo5t.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.237:C:\Documents and Settings\Wojtaz\Dane aplikacji\Mozilla\Firefox\Profiles\e5bieo5t.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.238:C:\Documents and Settings\Wojtaz\Dane aplikacji\Mozilla\Firefox\Profiles\e5bieo5t.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.239:C:\Documents and Settings\Wojtaz\Dane aplikacji\Mozilla\Firefox\Profiles\e5bieo5t.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.240:C:\Documents and Settings\Wojtaz\Dane aplikacji\Mozilla\Firefox\Profiles\e5bieo5t.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.293:C:\Documents and Settings\Wojtaz\Dane aplikacji\Mozilla\Firefox\Profiles\e5bieo5t.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Overture
Path: :mozilla.307:C:\Documents and Settings\Wojtaz\Dane aplikacji\Mozilla\Firefox\Profiles\e5bieo5t.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Fastclick
Path: :mozilla.344:C:\Documents and Settings\Wojtaz\Dane aplikacji\Mozilla\Firefox\Profiles\e5bieo5t.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Fastclick
Path: :mozilla.345:C:\Documents and Settings\Wojtaz\Dane aplikacji\Mozilla\Firefox\Profiles\e5bieo5t.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Fastclick
Path: :mozilla.346:C:\Documents and Settings\Wojtaz\Dane aplikacji\Mozilla\Firefox\Profiles\e5bieo5t.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Fastclick
Path: :mozilla.347:C:\Documents and Settings\Wojtaz\Dane aplikacji\Mozilla\Firefox\Profiles\e5bieo5t.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Fastclick
Path: :mozilla.348:C:\Documents and Settings\Wojtaz\Dane aplikacji\Mozilla\Firefox\Profiles\e5bieo5t.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Fastclick
Path: :mozilla.349:C:\Documents and Settings\Wojtaz\Dane aplikacji\Mozilla\Firefox\Profiles\e5bieo5t.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Fastclick
Path: :mozilla.350:C:\Documents and Settings\Wojtaz\Dane aplikacji\Mozilla\Firefox\Profiles\e5bieo5t.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Tribalfusion
Path: :mozilla.352:C:\Documents and Settings\Wojtaz\Dane aplikacji\Mozilla\Firefox\Profiles\e5bieo5t.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Skype
Path: :mozilla.360:C:\Documents and Settings\Wojtaz\Dane aplikacji\Mozilla\Firefox\Profiles\e5bieo5t.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Imrworldwide
Path: :mozilla.378:C:\Documents and Settings\Wojtaz\Dane aplikacji\Mozilla\Firefox\Profiles\e5bieo5t.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Imrworldwide
Path: :mozilla.379:C:\Documents and Settings\Wojtaz\Dane aplikacji\Mozilla\Firefox\Profiles\e5bieo5t.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Yadro
Path: :mozilla.440:C:\Documents and Settings\Wojtaz\Dane aplikacji\Mozilla\Firefox\Profiles\e5bieo5t.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Yadro
Path: :mozilla.442:C:\Documents and Settings\Wojtaz\Dane aplikacji\Mozilla\Firefox\Profiles\e5bieo5t.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Atdmt
Path: :mozilla.452:C:\Documents and Settings\Wojtaz\Dane aplikacji\Mozilla\Firefox\Profiles\e5bieo5t.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adrevolver
Path: :mozilla.462:C:\Documents and Settings\Wojtaz\Dane aplikacji\Mozilla\Firefox\Profiles\e5bieo5t.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adrevolver
Path: :mozilla.463:C:\Documents and Settings\Wojtaz\Dane aplikacji\Mozilla\Firefox\Profiles\e5bieo5t.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adrevolver
Path: :mozilla.464:C:\Documents and Settings\Wojtaz\Dane aplikacji\Mozilla\Firefox\Profiles\e5bieo5t.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adrevolver
Path: :mozilla.465:C:\Documents and Settings\Wojtaz\Dane aplikacji\Mozilla\Firefox\Profiles\e5bieo5t.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adrevolver
Path: :mozilla.466:C:\Documents and Settings\Wojtaz\Dane aplikacji\Mozilla\Firefox\Profiles\e5bieo5t.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Skype
Path: :mozilla.472:C:\Documents and Settings\Wojtaz\Dane aplikacji\Mozilla\Firefox\Profiles\e5bieo5t.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Serving-sys
Path: :mozilla.495:C:\Documents and Settings\Wojtaz\Dane aplikacji\Mozilla\Firefox\Profiles\e5bieo5t.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Serving-sys
Path: :mozilla.496:C:\Documents and Settings\Wojtaz\Dane aplikacji\Mozilla\Firefox\Profiles\e5bieo5t.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Serving-sys
Path: :mozilla.497:C:\Documents and Settings\Wojtaz\Dane aplikacji\Mozilla\Firefox\Profiles\e5bieo5t.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Serving-sys
Path: :mozilla.498:C:\Documents and Settings\Wojtaz\Dane aplikacji\Mozilla\Firefox\Profiles\e5bieo5t.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Serving-sys
Path: :mozilla.499:C:\Documents and Settings\Wojtaz\Dane aplikacji\Mozilla\Firefox\Profiles\e5bieo5t.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Serving-sys
Path: :mozilla.500:C:\Documents and Settings\Wojtaz\Dane aplikacji\Mozilla\Firefox\Profiles\e5bieo5t.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Tradedoubler
Path: :mozilla.17:C:\FOUND.003\FILE0000.CHK
Risk: Medium

Name: TrackingCookie.Tradedoubler
Path: :mozilla.21:C:\FOUND.003\FILE0000.CHK
Risk: Medium

Name: TrackingCookie.Doubleclick
Path: :mozilla.42:C:\FOUND.006\FILE0000.CHK
Risk: Medium

Name: TrackingCookie.Tradedoubler
Path: :mozilla.67:C:\FOUND.006\FILE0000.CHK
Risk: Medium

Name: TrackingCookie.Tradedoubler
Path: :mozilla.68:C:\FOUND.006\FILE0000.CHK
Risk: Medium

Name: TrackingCookie.Tradedoubler
Path: :mozilla.69:C:\FOUND.006\FILE0000.CHK
Risk: Medium

Name: TrackingCookie.Tradedoubler
Path: :mozilla.70:C:\FOUND.006\FILE0000.CHK
Risk: Medium

Name: TrackingCookie.Adrevolver
Path: :mozilla.86:C:\FOUND.006\FILE0000.CHK
Risk: Medium

Name: TrackingCookie.Adrevolver
Path: :mozilla.87:C:\FOUND.006\FILE0000.CHK
Risk: Medium

Name: TrackingCookie.Adrevolver
Path: :mozilla.88:C:\FOUND.006\FILE0000.CHK
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: :mozilla.89:C:\FOUND.006\FILE0000.CHK
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: :mozilla.90:C:\FOUND.006\FILE0000.CHK
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: :mozilla.91:C:\FOUND.006\FILE0000.CHK
Risk: Medium

Name: TrackingCookie.Adrevolver
Path: :mozilla.92:C:\FOUND.006\FILE0000.CHK
Risk: Medium

Name: TrackingCookie.Adrevolver
Path: :mozilla.93:C:\FOUND.006\FILE0000.CHK
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: :mozilla.94:C:\FOUND.006\FILE0000.CHK
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: :mozilla.95:C:\FOUND.006\FILE0000.CHK
Risk: Medium

Name: TrackingCookie.Adbrite
Path: :mozilla.111:C:\FOUND.006\FILE0000.CHK
Risk: Medium

Name: TrackingCookie.Adbrite
Path: :mozilla.112:C:\FOUND.006\FILE0000.CHK
Risk: Medium

Name: TrackingCookie.Adbrite
Path: :mozilla.114:C:\FOUND.006\FILE0000.CHK
Risk: Medium

Name: TrackingCookie.Trafic
Path: :mozilla.133:C:\FOUND.006\FILE0000.CHK
Risk: Medium

Name: TrackingCookie.Zedo
Path: :mozilla.137:C:\FOUND.006\FILE0000.CHK
Risk: Medium

Name: TrackingCookie.Zedo
Path: :mozilla.138:C:\FOUND.006\FILE0000.CHK
Risk: Medium

Name: TrackingCookie.Zedo
Path: :mozilla.139:C:\FOUND.006\FILE0000.CHK
Risk

**Posty:** 7838 · przez **Lukesh** 22 Lis 2007, 16:56

Zastosuj sie do wskazowek z tematu: http://forum.programosy.pl/bad-generic-host-process-for-win32-services-vt79489.html
:arrow:

Zrob skan on-line www.ewido.com
:arrow:

Pokaz log z ComboFix: http://www.programosy.pl/program,combofix.html - PRZED UZYCIEM COFNIJ DATE SYSTEMOWA, NP O ROK - inaczej program nie ruszy

na sam koniec wstaw CALE logi wg opisu: http://forum.programosy.pl/hijackthis-amp-silent-runners-gtobsuga-i-umieszczanie-vt9452.html

**Posty:** 237 · przez **Kuba1** 22 Lis 2007, 19:02

Ściągnij OTMoveIt
Po uruchomieniu aplikacji do lewego okna - Paste List of Files/Folders to be Moved wklej:

C:\WINDOWS\system32\SRCHOST.SCR
C:\Program Files\ContextTool
C:\Program Files\MyGlobalSearch
C:\WINDOWS\system32\WinNB58.dll
C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar
C:\WINDOWS\system32\ban_list.txt
C:\WINDOWS\1-fe5e180d56ed9c233080898276c260cc.exe
C:\WINDOWS\MBDownloader_876932.exe

Następnie naciskamy - MoveIt!. Pliki zostały przeniesione. Wynik operacji zobaczymy w prawym oknie Results.
Log po pracy programu zobaczymy w lokalizacji - C:\_OTMoveIt\MovedFiles
Po całej operacji należy zresetować komputer.

Powyższe to jest początek..

Użyj koniecznie SmitFraudFix z opcji nr 2 w trybie awaryjnym.

Nastepnie

Pobierz narzędzie SDFix

*Klikamy 2 krotknie na ikonę SDFix.exe,program wypakuje się domyślnie do lokalizacji C:\SDFix

*Wchodzimy do trybu awaryjnego z obsługą sieci:
>>>>>>Jak wejść do trybu awaryjnego z obsługą sieci?

*F8 podczas bootowania systemu.
*Używamy narzędzia BootSafe.exe zaznaczamy opcje Safe Mode- Networking i klikamy reboot

*Gdy już jesteśmy w trybie awaryjnym,wchodzimy do folderu SDFix i uruchamiamy narzędzie klikająć
2-krotnie na plik RunThis.bat lewym przyciskiem myszy.

*Wciskamy Y co uruchomi proces usuwania

*Kiedy proces usuwania się zakończy wciskamy dowolny klawisz>>nastąpi restart.

*Po restarcie SDFix dokończy proces usuwania,kiedy w oknie narzędzia SDFix pojawi się napis Finished
klikamy dowolny klawisz,narzędzie zakończy swoją pracę,na pulpicie załadują się ikony.

*Wchodzimy do folderu SDFix i kopiujemy zawartość pliku tekstowego Report.txt i wklejamy go na forum

W następnym poscie ma sie znalezc raport z SmitFraudFix i SDFix oraz log z ComboFix.

NIe edytuj pierwszego posta, tylko pisz następne.

prośba o sprawdzenie loga

prośba o sprawdzenie loga

Kto jest na forum