proszę o sprawdzenie loga

[maciek_s]

Ostatnio pozbylismy się pop'up-ów yyy102... Niestety cały czas złażą mi się jakieś syfy w stylu fuel.exe, a.exe itp.. Obniżają mi performance kompa i spowalniają net... Musi być jakieś źródełko tego syfu i nie wiem jakje znaleźć...

Kod: Zaznacz wszystko


Logfile of HijackThis v1.99.1
Scan saved at 19:02:55, on 2006-03-09
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programs\ewido anti-malware\ewidoctrl.exe
C:\Programs\ewido anti-malware\ewidoguard.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programs\Gadu-Gadu\gg.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\totalcmd\TOTALCMD.EXE
c:\Documents and Settings\Maciek.HOME\Pulpit\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gazeta.pl/0,0.html?p1
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O4 - HKLM\..\Run: [SmcService] C:\Programs\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [Jet Detection] C:\Programs\Creative\SBLive\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [] mozilla.exe
O4 - HKLM\..\RunServices: [] mozilla.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Programs\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [] mozilla.exe
O4 - HKCU\..\RunServices: [] mozilla.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programs\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programs\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Bootvis.lnk = C:\boot\Bootvis_Sleep.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\Programs\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_03\bin\npjpi141_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_03\bin\npjpi141_03.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{3959D4FC-F620-4BD8-A839-EB55FF1DD186}: NameServer = 194.204.152.34 217.98.63.164
O23 - Service: ewido security suite control - ewido networks - C:\Programs\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programs\ewido anti-malware\ewidoguard.exe
O23 - Service: mswmf32 - Unknown owner - C:\WINDOWS\mswmf32.exe (file missing)
O23 - Service: netconf32 - Unknown owner - C:\WINDOWS\netconf32.exe (file missing)
O23 - Service: Performance True Type Font (PerfFont) - Unknown owner - C:\WINDOWS\System32\perfont.exe (file missing)
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programs\SPF\smc.exe



i ewido

Kod: Zaznacz wszystko


---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on:         19:01:24, 2006-03-09
+ Report-Checksum:      1366B6AC

+ Scan result:

   C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\KNGF0PKF\tds[1].exe -> Downloader.Agent.acv : Cleaned with backup
   C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\W16FWXUB\rp5[1].exe -> Backdoor.SdBot.aad : Cleaned with backup
   C:\WINDOWS\system32\a.exe -> Backdoor.SdBot.aad : Cleaned with backup
   C:\WINDOWS\win32ssr.exe -> Backdoor.SdBot.aad : Cleaned with backup
   C:\Documents and Settings\Maciek.HOME\Cookies\maciek@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned with backup
   C:\Documents and Settings\Maciek.HOME\Cookies\anyuser@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned with backup


::Report End



dzięki z góry

maciek_s

[Red]

do usuniecia masz:

O23 - Service: mswmf32 - Unknown owner - C:\WINDOWS\mswmf32.exe (file missing)
O23 - Service: netconf32 - Unknown owner - C:\WINDOWS\netconf32.exe (file missing)
O23 - Service: Performance True Type Font (PerfFont) - Unknown owner - C:\WINDOWS\System32\perfont.exe (file missing)

Dodatkowo prosze przeinstalowac na poczatek firefoxa ,a po usuwaniu dajesz log do kontroli

[maciek_s]

Narobil się spory syf...

Nie mogę zainstalować firefoxa bo wyskakuje błąd dekompresji pliku

Nie mogę uruchomić hijack'a ani nawetmenedżera urządzeń... znowu jakiś syf...

maciek_s

[Red]

zassaj hijacka stad:
http://members.lycos.co.uk/serforum/hijackthis.com
i wklej na forum

[maciek_s]

ok jest log z hijack'a

Kod: Zaznacz wszystko


Logfile of HijackThis v1.99.1
Scan saved at 20:23:08, on 2006-03-09
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programs\ewido anti-malware\ewidoctrl.exe
C:\Programs\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\Explorer.EXE
C:\Programs\SPF\smc.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programs\Gadu-Gadu\gg.exe
C:\Programs\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\totalcmd\TOTALCMD.EXE
c:\Documents and Settings\Maciek.HOME\Pulpit\hijackthis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O4 - HKLM\..\Run: [SmcService] C:\Programs\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [Jet Detection] C:\Programs\Creative\SBLive\PROGRAM\ADGJDet.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Programs\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programs\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programs\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\Programs\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_03\bin\npjpi141_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_03\bin\npjpi141_03.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{3959D4FC-F620-4BD8-A839-EB55FF1DD186}: NameServer = 194.204.152.34 217.98.63.164
O23 - Service: ewido security suite control - ewido networks - C:\Programs\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programs\ewido anti-malware\ewidoguard.exe
O23 - Service: Performance True Type Font (PerfFont) - Unknown owner - C:\WINDOWS\System32\perfont.exe (file missing)
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programs\SPF\smc.exe



[Red]

O23 - Service: Performance True Type Font (PerfFont) - Unknown owner - C:\WINDOWS\System32\perfont.exe (file missing)

prosze wykonac:

Start >>> Uruchom >>> cmd i wklep zestaw komend:

sc stop PerfFont
sc delete PerfFont

nastepnie :
1. Ściągaj na dysk narzędzie UnHookExec.inf

http://securityresponse.symantec.com/avcenter/UnHookExec.inf
2. Wyłącz Przywracanie systemu i zastartuj do trybu awaryjnego. Uruchom UnHook poprzez prawy klik > Instaluj > nic się nie pokaże ale ta akcja odblokuje exeki

Sprawdz nastepnie czy mozesz zadziałac ewido ,jesli tak to wklej log z ewido na forum ....

[maciek_s]

ok nowy log z ewido:

było sporo

Kod: Zaznacz wszystko


---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on:         21:07:23, 2006-03-09
+ Report-Checksum:      A492CB4C

+ Scan result:

   C:\Documents and Settings\All Users\Menu Start\Programy\WinHound spyware remover -> Adware.WinHound : Cleaned with backup
   C:\Documents and Settings\All Users\Menu Start\Programy\WinHound spyware remover\Uninstall.lnk -> Adware.WinHound : Cleaned with backup
   C:\Documents and Settings\All Users\Menu Start\Programy\WinHound spyware remover\Start WinHound spyware remover.lnk -> Adware.WinHound : Cleaned with backup
   C:\Documents and Settings\All Users\Menu Start\Programy\WinHound spyware remover\Register WinHound spyware remover.lnk -> Adware.WinHound : Cleaned with backup
   C:\Documents and Settings\LocalService.ZARZĄDZANIE NT.000\Ustawienia lokalne\Temporary Internet Files\Content.IE5\01KL4NOP\p3[1].tar -> Proxy.Agent.ic : Cleaned with backup
   C:\Documents and Settings\LocalService.ZARZĄDZANIE NT.000\Ustawienia lokalne\Temporary Internet Files\Content.IE5\8RATCVWX\p2[1].tar -> Proxy.Ranky.dy : Cleaned with backup
   :mozilla.6:C:\Documents and Settings\LocalService.ZARZĄDZANIE NT.000\Dane aplikacji\Mozilla\Firefox\Profiles\om0swdyr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.7:C:\Documents and Settings\LocalService.ZARZĄDZANIE NT.000\Dane aplikacji\Mozilla\Firefox\Profiles\om0swdyr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.8:C:\Documents and Settings\LocalService.ZARZĄDZANIE NT.000\Dane aplikacji\Mozilla\Firefox\Profiles\om0swdyr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.9:C:\Documents and Settings\LocalService.ZARZĄDZANIE NT.000\Dane aplikacji\Mozilla\Firefox\Profiles\om0swdyr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   C:\Documents and Settings\Maciek.HOME\Ustawienia lokalne\Temporary Internet Files\Content.IE5\UZQ9EF49\load[1].jpg -> Downloader.Adload.t : Cleaned with backup
   :mozilla.28:C:\Documents and Settings\Maciek.HOME\Dane aplikacji\Mozilla\Firefox\Profiles\12l2eln9.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
   :mozilla.29:C:\Documents and Settings\Maciek.HOME\Dane aplikacji\Mozilla\Firefox\Profiles\12l2eln9.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
   :mozilla.30:C:\Documents and Settings\Maciek.HOME\Dane aplikacji\Mozilla\Firefox\Profiles\12l2eln9.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
   :mozilla.31:C:\Documents and Settings\Maciek.HOME\Dane aplikacji\Mozilla\Firefox\Profiles\12l2eln9.default\cookies.txt -> TrackingCookie.Adocean : Cleaned with backup
   :mozilla.32:C:\Documents and Settings\Maciek.HOME\Dane aplikacji\Mozilla\Firefox\Profiles\12l2eln9.default\cookies.txt -> TrackingCookie.Adocean : Cleaned with backup
   :mozilla.36:C:\Documents and Settings\Maciek.HOME\Dane aplikacji\Mozilla\Firefox\Profiles\12l2eln9.default\cookies.txt -> TrackingCookie.Adocean : Cleaned with backup
   :mozilla.37:C:\Documents and Settings\Maciek.HOME\Dane aplikacji\Mozilla\Firefox\Profiles\12l2eln9.default\cookies.txt -> TrackingCookie.Adocean : Cleaned with backup
   :mozilla.56:C:\Documents and Settings\Maciek.HOME\Dane aplikacji\Mozilla\Firefox\Profiles\12l2eln9.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
   :mozilla.57:C:\Documents and Settings\Maciek.HOME\Dane aplikacji\Mozilla\Firefox\Profiles\12l2eln9.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
   :mozilla.59:C:\Documents and Settings\Maciek.HOME\Dane aplikacji\Mozilla\Firefox\Profiles\12l2eln9.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   :mozilla.63:C:\Documents and Settings\Maciek.HOME\Dane aplikacji\Mozilla\Firefox\Profiles\12l2eln9.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
   :mozilla.18:C:\Documents and Settings\Maciek.HOME\Dane aplikacji\Mozilla\Firefox\Profiles\12l2eln9.default\cookies-1.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   :mozilla.19:C:\Documents and Settings\Maciek.HOME\Dane aplikacji\Mozilla\Firefox\Profiles\12l2eln9.default\cookies-1.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   :mozilla.7:C:\Documents and Settings\Maciek.HOME\Dane aplikacji\Mozilla\Firefox\Profiles\12l2eln9.default\cookies-6.txt -> TrackingCookie.Starware : Cleaned with backup
   :mozilla.8:C:\Documents and Settings\Maciek.HOME\Dane aplikacji\Mozilla\Firefox\Profiles\12l2eln9.default\cookies-6.txt -> TrackingCookie.Starware : Cleaned with backup
   :mozilla.9:C:\Documents and Settings\Maciek.HOME\Dane aplikacji\Mozilla\Firefox\Profiles\12l2eln9.default\cookies-6.txt -> TrackingCookie.Starware : Cleaned with backup
   :mozilla.10:C:\Documents and Settings\Maciek.HOME\Dane aplikacji\Mozilla\Firefox\Profiles\12l2eln9.default\cookies-6.txt -> TrackingCookie.Starware : Cleaned with backup
   :mozilla.18:C:\Documents and Settings\Maciek.HOME\Dane aplikacji\Mozilla\Firefox\Profiles\12l2eln9.default\cookies-6.txt -> TrackingCookie.Paypopup : Cleaned with backup
   :mozilla.19:C:\Documents and Settings\Maciek.HOME\Dane aplikacji\Mozilla\Firefox\Profiles\12l2eln9.default\cookies-6.txt -> TrackingCookie.Paypopup : Cleaned with backup
   :mozilla.20:C:\Documents and Settings\Maciek.HOME\Dane aplikacji\Mozilla\Firefox\Profiles\12l2eln9.default\cookies-6.txt -> TrackingCookie.Paypopup : Cleaned with backup
   :mozilla.21:C:\Documents and Settings\Maciek.HOME\Dane aplikacji\Mozilla\Firefox\Profiles\12l2eln9.default\cookies-6.txt -> TrackingCookie.Paypopup : Cleaned with backup
   :mozilla.22:C:\Documents and Settings\Maciek.HOME\Dane aplikacji\Mozilla\Firefox\Profiles\12l2eln9.default\cookies-6.txt -> TrackingCookie.Paypopup : Cleaned with backup
   :mozilla.37:C:\Documents and Settings\Maciek.HOME\Dane aplikacji\Mozilla\Firefox\Profiles\12l2eln9.default\cookies-6.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   :mozilla.38:C:\Documents and Settings\Maciek.HOME\Dane aplikacji\Mozilla\Firefox\Profiles\12l2eln9.default\cookies-6.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   :mozilla.20:C:\Documents and Settings\Maciek.HOME\Dane aplikacji\Mozilla\Firefox\Profiles\12l2eln9.default\cookies-2.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   :mozilla.21:C:\Documents and Settings\Maciek.HOME\Dane aplikacji\Mozilla\Firefox\Profiles\12l2eln9.default\cookies-2.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   :mozilla.20:C:\Documents and Settings\Maciek.HOME\Dane aplikacji\Mozilla\Firefox\Profiles\12l2eln9.default\cookies-3.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   :mozilla.21:C:\Documents and Settings\Maciek.HOME\Dane aplikacji\Mozilla\Firefox\Profiles\12l2eln9.default\cookies-3.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   :mozilla.6:C:\Documents and Settings\Maciek.HOME\Dane aplikacji\Mozilla\Firefox\Profiles\12l2eln9.default\cookies-4.txt -> TrackingCookie.Paypopup : Cleaned with backup
   :mozilla.7:C:\Documents and Settings\Maciek.HOME\Dane aplikacji\Mozilla\Firefox\Profiles\12l2eln9.default\cookies-4.txt -> TrackingCookie.Paypopup : Cleaned with backup
   :mozilla.8:C:\Documents and Settings\Maciek.HOME\Dane aplikacji\Mozilla\Firefox\Profiles\12l2eln9.default\cookies-4.txt -> TrackingCookie.Paypopup : Cleaned with backup
   :mozilla.10:C:\Documents and Settings\Maciek.HOME\Dane aplikacji\Mozilla\Firefox\Profiles\12l2eln9.default\cookies-4.txt -> TrackingCookie.Paypopup : Cleaned with backup
   :mozilla.11:C:\Documents and Settings\Maciek.HOME\Dane aplikacji\Mozilla\Firefox\Profiles\12l2eln9.default\cookies-4.txt -> TrackingCookie.Paypopup : Cleaned with backup
   :mozilla.26:C:\Documents and Settings\Maciek.HOME\Dane aplikacji\Mozilla\Firefox\Profiles\12l2eln9.default\cookies-4.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   :mozilla.27:C:\Documents and Settings\Maciek.HOME\Dane aplikacji\Mozilla\Firefox\Profiles\12l2eln9.default\cookies-4.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   :mozilla.6:C:\Documents and Settings\Maciek.HOME\Dane aplikacji\Mozilla\Firefox\Profiles\12l2eln9.default\cookies-5.txt -> TrackingCookie.Starware : Cleaned with backup
   :mozilla.7:C:\Documents and Settings\Maciek.HOME\Dane aplikacji\Mozilla\Firefox\Profiles\12l2eln9.default\cookies-5.txt -> TrackingCookie.Starware : Cleaned with backup
   :mozilla.8:C:\Documents and Settings\Maciek.HOME\Dane aplikacji\Mozilla\Firefox\Profiles\12l2eln9.default\cookies-5.txt -> TrackingCookie.Starware : Cleaned with backup
   :mozilla.9:C:\Documents and Settings\Maciek.HOME\Dane aplikacji\Mozilla\Firefox\Profiles\12l2eln9.default\cookies-5.txt -> TrackingCookie.Starware : Cleaned with backup
   :mozilla.16:C:\Documents and Settings\Maciek.HOME\Dane aplikacji\Mozilla\Firefox\Profiles\12l2eln9.default\cookies-5.txt -> TrackingCookie.Paypopup : Cleaned with backup
   :mozilla.17:C:\Documents and Settings\Maciek.HOME\Dane aplikacji\Mozilla\Firefox\Profiles\12l2eln9.default\cookies-5.txt -> TrackingCookie.Paypopup : Cleaned with backup
   :mozilla.19:C:\Documents and Settings\Maciek.HOME\Dane aplikacji\Mozilla\Firefox\Profiles\12l2eln9.default\cookies-5.txt -> TrackingCookie.Paypopup : Cleaned with backup
   :mozilla.20:C:\Documents and Settings\Maciek.HOME\Dane aplikacji\Mozilla\Firefox\Profiles\12l2eln9.default\cookies-5.txt -> TrackingCookie.Paypopup : Cleaned with backup
   :mozilla.21:C:\Documents and Settings\Maciek.HOME\Dane aplikacji\Mozilla\Firefox\Profiles\12l2eln9.default\cookies-5.txt -> TrackingCookie.Paypopup : Cleaned with backup
   :mozilla.36:C:\Documents and Settings\Maciek.HOME\Dane aplikacji\Mozilla\Firefox\Profiles\12l2eln9.default\cookies-5.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   :mozilla.37:C:\Documents and Settings\Maciek.HOME\Dane aplikacji\Mozilla\Firefox\Profiles\12l2eln9.default\cookies-5.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   :mozilla.7:C:\Documents and Settings\Maciek.HOME\Dane aplikacji\Mozilla\Firefox\Profiles\12l2eln9.default\cookies-7.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
   :mozilla.17:C:\Documents and Settings\Maciek.HOME\Dane aplikacji\Mozilla\Firefox\Profiles\12l2eln9.default\cookies-7.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   :mozilla.18:C:\Documents and Settings\Maciek.HOME\Dane aplikacji\Mozilla\Firefox\Profiles\12l2eln9.default\cookies-7.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   :mozilla.6:C:\Documents and Settings\Maciek.HOME\Dane aplikacji\Mozilla\Firefox\Profiles\12l2eln9.default\cookies-8.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   :mozilla.7:C:\Documents and Settings\Maciek.HOME\Dane aplikacji\Mozilla\Firefox\Profiles\12l2eln9.default\cookies-8.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   :mozilla.8:C:\Documents and Settings\Maciek.HOME\Dane aplikacji\Mozilla\Firefox\Profiles\12l2eln9.default\cookies-8.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   :mozilla.10:C:\Documents and Settings\Maciek.HOME\Dane aplikacji\Mozilla\Firefox\Profiles\12l2eln9.default\cookies-8.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
   :mozilla.6:C:\Documents and Settings\Maciek.HOME\Dane aplikacji\Mozilla\Firefox\Profiles\12l2eln9.default\cookies-9.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   :mozilla.7:C:\Documents and Settings\Maciek.HOME\Dane aplikacji\Mozilla\Firefox\Profiles\12l2eln9.default\cookies-9.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   :mozilla.8:C:\Documents and Settings\Maciek.HOME\Dane aplikacji\Mozilla\Firefox\Profiles\12l2eln9.default\cookies-9.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   :mozilla.10:C:\Documents and Settings\Maciek.HOME\Dane aplikacji\Mozilla\Firefox\Profiles\12l2eln9.default\cookies-9.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
   :mozilla.6:C:\Documents and Settings\Maciek.HOME\Dane aplikacji\Mozilla\Firefox\Profiles\12l2eln9.default\cookies-10.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   :mozilla.7:C:\Documents and Settings\Maciek.HOME\Dane aplikacji\Mozilla\Firefox\Profiles\12l2eln9.default\cookies-10.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   :mozilla.8:C:\Documents and Settings\Maciek.HOME\Dane aplikacji\Mozilla\Firefox\Profiles\12l2eln9.default\cookies-10.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   :mozilla.10:C:\Documents and Settings\Maciek.HOME\Dane aplikacji\Mozilla\Firefox\Profiles\12l2eln9.default\cookies-10.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
   :mozilla.19:C:\Documents and Settings\Maciek.HOME\Dane aplikacji\Mozilla\Firefox\Profiles\12l2eln9.default\cookies-11.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   :mozilla.20:C:\Documents and Settings\Maciek.HOME\Dane aplikacji\Mozilla\Firefox\Profiles\12l2eln9.default\cookies-11.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   :mozilla.28:C:\Documents and Settings\Maciek.HOME\Dane aplikacji\Mozilla\Firefox\Profiles\12l2eln9.default\cookies-12.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   :mozilla.29:C:\Documents and Settings\Maciek.HOME\Dane aplikacji\Mozilla\Firefox\Profiles\12l2eln9.default\cookies-12.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   :mozilla.28:C:\Documents and Settings\Maciek.HOME\Dane aplikacji\Mozilla\Firefox\Profiles\12l2eln9.default\cookies-13.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   :mozilla.29:C:\Documents and Settings\Maciek.HOME\Dane aplikacji\Mozilla\Firefox\Profiles\12l2eln9.default\cookies-13.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   :mozilla.28:C:\Documents and Settings\Maciek.HOME\Dane aplikacji\Mozilla\Firefox\Profiles\12l2eln9.default\cookies-14.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   :mozilla.29:C:\Documents and Settings\Maciek.HOME\Dane aplikacji\Mozilla\Firefox\Profiles\12l2eln9.default\cookies-14.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   :mozilla.28:C:\Documents and Settings\Maciek.HOME\Dane aplikacji\Mozilla\Firefox\Profiles\12l2eln9.default\cookies-15.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   :mozilla.29:C:\Documents and Settings\Maciek.HOME\Dane aplikacji\Mozilla\Firefox\Profiles\12l2eln9.default\cookies-15.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   :mozilla.28:C:\Documents and Settings\Maciek.HOME\Dane aplikacji\Mozilla\Firefox\Profiles\12l2eln9.default\cookies-16.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   :mozilla.29:C:\Documents and Settings\Maciek.HOME\Dane aplikacji\Mozilla\Firefox\Profiles\12l2eln9.default\cookies-16.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   :mozilla.13:C:\Documents and Settings\Maciek.HOME\Dane aplikacji\Mozilla\Firefox\Profiles\12l2eln9.default\cookies-17.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   :mozilla.14:C:\Documents and Settings\Maciek.HOME\Dane aplikacji\Mozilla\Firefox\Profiles\12l2eln9.default\cookies-17.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   :mozilla.6:C:\Documents and Settings\Maciek.HOME\Dane aplikacji\Mozilla\Firefox\Profiles\12l2eln9.default\cookies-18.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   :mozilla.7:C:\Documents and Settings\Maciek.HOME\Dane aplikacji\Mozilla\Firefox\Profiles\12l2eln9.default\cookies-18.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   :mozilla.6:C:\Documents and Settings\Maciek.HOME\Dane aplikacji\Mozilla\Firefox\Profiles\12l2eln9.default\cookies-19.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   :mozilla.7:C:\Documents and Settings\Maciek.HOME\Dane aplikacji\Mozilla\Firefox\Profiles\12l2eln9.default\cookies-19.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   :mozilla.8:C:\Documents and Settings\Maciek.HOME\Dane aplikacji\Mozilla\Firefox\Profiles\12l2eln9.default\cookies-19.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   :mozilla.6:C:\Documents and Settings\Maciek.HOME\Dane aplikacji\Mozilla\Firefox\Profiles\12l2eln9.default\cookies-20.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   :mozilla.7:C:\Documents and Settings\Maciek.HOME\Dane aplikacji\Mozilla\Firefox\Profiles\12l2eln9.default\cookies-20.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   :mozilla.8:C:\Documents and Settings\Maciek.HOME\Dane aplikacji\Mozilla\Firefox\Profiles\12l2eln9.default\cookies-20.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   :mozilla.10:C:\Documents and Settings\Maciek.HOME\Dane aplikacji\Mozilla\Firefox\Profiles\12l2eln9.default\cookies-20.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
   :mozilla.7:C:\Documents and Settings\Maciek.HOME\Dane aplikacji\Mozilla\Firefox\Profiles\12l2eln9.default\cookies-21.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
   :mozilla.13:C:\Documents and Settings\Maciek.HOME\Dane aplikacji\Mozilla\Firefox\Profiles\12l2eln9.default\cookies-21.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   :mozilla.14:C:\Documents and Settings\Maciek.HOME\Dane aplikacji\Mozilla\Firefox\Profiles\12l2eln9.default\cookies-21.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   :mozilla.15:C:\Documents and Settings\Maciek.HOME\Dane aplikacji\Mozilla\Firefox\Profiles\12l2eln9.default\cookies-21.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   :mozilla.8:C:\Documents and Settings\Maciek.HOME\Dane aplikacji\Mozilla\Firefox\Profiles\12l2eln9.default\cookies-22.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
   :mozilla.13:C:\Documents and Settings\Maciek.HOME\Dane aplikacji\Mozilla\Firefox\Profiles\12l2eln9.default\cookies-22.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   :mozilla.14:C:\Documents and Settings\Maciek.HOME\Dane aplikacji\Mozilla\Firefox\Profiles\12l2eln9.default\cookies-22.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   :mozilla.15:C:\Documents and Settings\Maciek.HOME\Dane aplikacji\Mozilla\Firefox\Profiles\12l2eln9.default\cookies-22.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   :mozilla.8:C:\Documents and Settings\Maciek.HOME\Dane aplikacji\Mozilla\Firefox\Profiles\12l2eln9.default\cookies-23.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
   :mozilla.13:C:\Documents and Settings\Maciek.HOME\Dane aplikacji\Mozilla\Firefox\Profiles\12l2eln9.default\cookies-23.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   :mozilla.14:C:\Documents and Settings\Maciek.HOME\Dane aplikacji\Mozilla\Firefox\Profiles\12l2eln9.default\cookies-23.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   :mozilla.15:C:\Documents and Settings\Maciek.HOME\Dane aplikacji\Mozilla\Firefox\Profiles\12l2eln9.default\cookies-23.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   :mozilla.6:C:\Documents and Settings\Maciek.HOME\Dane aplikacji\Mozilla\Firefox\Profiles\12l2eln9.default\cookies-24.txt -> TrackingCookie.Yieldmanager : Cleaned with backup



i tak jeszcze długo długo bo plików zainfekowanych było 1032...

[Red]

Prosze usunac wszystko co znalazł ewido i raz jeszcze zrobic skanowanie.Wklej wynik ponownie po usuwaniu i skanowaniu...

[maciek_s]

z rzeczy nie poprzedzonych słowem mozilla:

Kod: Zaznacz wszystko


C:\System Volume Information\_restore{0E1788F8-6787-4F16-927D-F4364BF055EC}\RP169\A0085575.exe -> Backdoor.SdBot.yx : Cleaned with backup
   C:\System Volume Information\_restore{7594CB19-2512-4B0B-8FE4-61F4E98F3A1E}\RP44\A0015017.dll -> Adware.Look2Me : Cleaned with backup
   C:\System Volume Information\_restore{7594CB19-2512-4B0B-8FE4-61F4E98F3A1E}\RP44\A0017014.dll -> Adware.Look2Me : Cleaned with backup
   C:\System Volume Information\_restore{7594CB19-2512-4B0B-8FE4-61F4E98F3A1E}\RP44\A0018018.dll -> Adware.Look2Me : Cleaned with backup
   C:\System Volume Information\_restore{7594CB19-2512-4B0B-8FE4-61F4E98F3A1E}\RP44\A0018021.dll -> Adware.Look2Me : Cleaned with backup



Kod: Zaznacz wszystko


C:\Recycled\Dc6.txt -> TrackingCookie.Adocean : Cleaned with backup
   C:\Recycled\Dc9.txt -> TrackingCookie.Tradedoubler : Cleaned with backup



Kod: Zaznacz wszystko


C:\Documents and Settings\Kasia\msdirectx.sys -> Rootkit.Agent.l : Cleaned with backup
   C:\Program Files\Tlen.pl\plugins\DozaKultury.tpl -> Adware.Doza : Cleaned with backup



Kod: Zaznacz wszystko


C:\Documents and Settings\Maciek.HOME\msdirectx.sys -> Rootkit.Agent.l : Cleaned with backup
   C:\Documents and Settings\Kasia\Ustawienia lokalne\Temporary Internet Files\Content.IE5\2ACLK1MR\load[1].jpg -> Downloader.Adload.t : Cleaned with backup
   C:\Documents and Settings\Kasia\Cookies\kasia@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned with backup
   :mozilla.11:C:\Documents and Settings\Kasia\Dane aplikacji\Mozilla\Firefox\Profiles\tbd1jrqd.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup



Kod: Zaznacz wszystko


   C:\Documents and Settings\Maciek.HOME\Ustawienia lokalne\Temporary Internet Files\Content.IE5\UZQ9EF49\load[1].jpg -> Downloader.Adload.t : Cleaned with backup



mam nadzieję że pomogę

[Red]

wszystko jest Cleaned with backup to dobrze ,ale skad ty złapałes tyle tego badziewia chłopie,to smieci na 30 logów innych userów

Leć ewido raz jeszcze i prosze o wynik

[maciek_s]

leci deep scan więc jeszcze chwilka i zapodam

maciek_s

[ Dodano: Dzisiaj o 22:01 ]

Kod: Zaznacz wszystko


---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on:         21:49:49, 2006-03-09
+ Report-Checksum:      9A41548A

+ Scan result:

   No infected objects found.


::Report End



i może jeszcze hijack:

Kod: Zaznacz wszystko


Logfile of HijackThis v1.99.1
Scan saved at 21:50:52, on 2006-03-09
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programs\ewido anti-malware\ewidoctrl.exe
C:\Programs\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programs\Gadu-Gadu\gg.exe
C:\Programs\ewido anti-malware\securitysuite.exe
c:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\totalcmd\TOTALCMD.EXE
c:\Documents and Settings\Maciek.HOME\Pulpit\hijackthis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O4 - HKLM\..\Run: [SmcService] C:\Programs\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [Jet Detection] C:\Programs\Creative\SBLive\PROGRAM\ADGJDet.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Programs\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programs\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programs\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\Programs\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_03\bin\npjpi141_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_03\bin\npjpi141_03.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{3959D4FC-F620-4BD8-A839-EB55FF1DD186}: NameServer = 194.204.152.34 217.98.63.164
O23 - Service: ewido security suite control - ewido networks - C:\Programs\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programs\ewido anti-malware\ewidoguard.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programs\SPF\smc.exe



[Tom@szek]

maciek_s - na drugi raz zaliczysz kreche za stawianie drugiego tematu z log-iem

[Red]

Log jest ok.

Tom@szek racja ,faktycznie to przegapiłem

[maciek_s]

Sorki! Ostatni raz!

Log jest ok. Tak ale w kompie wiele się nie zmieniło, cały czas ciągnie jak szalony, mimo że mam tylko uruchomionego explorera z forum

[Red]

cały czas ciągnie jak szalony

Co znaczy ciagnie???Opisz dokładnie co jeszcze sie dzieje na kompie...

[maciek_s]

aha, no i w zasadzie nie daje się zainstalować firefox; nie odpala się bo błąd dekompresji, a instalka świeżo ściągnięta...

[Red]

Przed instalowaniem firefoxa na nowo prosze wyczyscic rejestr np programem:
http://www.programosy.pl/index.php?s=prog&id=603

po czyszczeniu rejestru wejdz w start wyszukaj pliki i foldery i wpisz słowo firefox>>>wyszukaj .Wszystko co znajdzie usuwasz kolejno z prawoklika myszy.Po usuwaniu restart kompa i teraz zainstaluj liska

[maciek_s]

w ciągu ostatnich 15-20 minut odebrał przeszło 7 000 000 bajtów danych (przy czym sam nic nie ściągam poza standardowym korzystaniem z przeglądarki (tylko forum) cały czas świecą się ikonki pobierania i wysylania danych. działa tylko IE

[Red]

Prosze sciagnac obowiazkowo :
http://www.firewallleaktester.com/tools/wwdc.exe
pozamykaj wszystko na enable

scren:

http://img331.imageshack.us/my.php?image=scren4kp.png

Autor postu otrzymał pochwałę

[maciek_s]

Z otwartych zostaly porty: UDP 123, 68, 1031, 500 ORAZ TCP 1025, 1027, 1028, 1030, 1032

I jeszcze dzisiejszy log z ewido i hijack'a

Kod: Zaznacz wszystko


-------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on:         15:58:16, 2006-03-10
+ Report-Checksum:      57FEBCD8

+ Scan result:

   C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\KDEJKTQV\rp5[1].exe -> Backdoor.SdBot.aad : Cleaned with backup
   C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\W16FWXUB\tds[1].exe -> Downloader.Agent.acv : Cleaned with backup
   C:\WINDOWS\system32\drivers\netpt.sys -> Not-A-Virus.Monitor.Win32.NetMon.a : Cleaned with backup
   C:\WINDOWS\system32\wbem\wmiprvi.dll -> Trojan.Mutech.b : Cleaned with backup
   C:\WINDOWS\win32ssr.exe -> Backdoor.SdBot.aad : Cleaned with backup


::Report End



Kod: Zaznacz wszystko


Logfile of HijackThis v1.99.1
Scan saved at 18:01:09, on 2006-03-10
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programs\ewido anti-malware\ewidoctrl.exe
C:\Programs\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programs\Gadu-Gadu\gg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\totalcmd\TOTALCMD.EXE
c:\Downloads\wwdc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programs\ACD Systems\ACDSee\6.0\ACDSee6.exe
C:\Program Files\Common Files\ACD Systems\DBLocalServer.exe
c:\Documents and Settings\Maciek.HOME\Pulpit\hijackthis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O4 - HKLM\..\Run: [SmcService] C:\Programs\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [Jet Detection] C:\Programs\Creative\SBLive\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Programs\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programs\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programs\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\Programs\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_03\bin\npjpi141_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_03\bin\npjpi141_03.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{3959D4FC-F620-4BD8-A839-EB55FF1DD186}: NameServer = 194.204.152.34 217.98.63.164
O23 - Service: ewido security suite control - ewido networks - C:\Programs\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programs\ewido anti-malware\ewidoguard.exe
O23 - Service: Performance True Type Font (PerfFont) - Unknown owner - C:\WINDOWS\System32\perfont.exe (file missing)
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programs\SPF\smc.exe



Pozdrawiam i dzięki za pomoc

maciek_s




[/img]