Szkodliwa www z oprogr.mixmediadirect.cn

**Posty:** 171 · przez **maci** 04 Cze 2009, 14:50

wojtas napisał(a):start > uruchom > regedit i co jakis bląd czy cos ??

I nic się nie dzieje.Nie wyskakuje żaden błąd.Wiesz co bo właśnie znowu zainstalowałem maxthona(przyzwycziłem się do niego) i znowu to badziewie wyskakuje.Ta strona http://up.programosy.pl/foto/2_800.jpg

Może tego się pozbędziemy jakoś.Dodam jeszcze że problem nie występuje w FF i IE tylko w maxthonie

Dodano 04.06.2009 13:52:58:
I widzisz ,jak próbuje dodać ten plik do rejestru dwuklikiem,to nie ma żadnej reakcji.Dawniej pisało że plik został dodany pomyślnie,a teraz nic:(

**Posty:** 18165 · przez **wojtas** 04 Cze 2009, 14:58

daj loga z combofixa i otlistit 2

do tego poczytaj to to powinno Ci pomoc

**Posty:** 171 · przez **maci** 04 Cze 2009, 15:34

Z combofixa Ci nie dam ,bo mi pisałes wczesniej zebym konsole zainstalował,aj sobie z nią nieporadzę itd.

Log z Otlist

Kod: Zaznacz wszystko: OTListIt logfile created on: 2009-06-04 15:16:22 - Run 4 OTListIt2 by OldTimer - Version 2.0.15.8 Folder = G:\MACIEK\OCHRONA KOMPA Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 510,68 Mb Total Physical Memory | 131,38 Mb Available Physical Memory | 25,73% Memory free 1,22 Gb Paging File | 0,87 Gb Available in Paging File | 71,06% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 48,83 Gb Total Space | 35,85 Gb Free Space | 73,43% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 124,63 Gb Total Space | 109,70 Gb Free Space | 88,02% Space Free | Partition Type: NTFS Drive F: | 124,63 Gb Total Space | 118,88 Gb Free Space | 95,39% Space Free | Partition Type: NTFS Drive G: | 97,65 Gb Total Space | 26,90 Gb Free Space | 27,54% Space Free | Partition Type: NTFS Drive H: | 135,23 Gb Total Space | 15,53 Gb Free Space | 11,49% Space Free | Partition Type: NTFS Drive I: | 3,94 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: SPECIAL-XP Current User Name: Xp Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Output = Standard File Age = 30 Days Company Name Whitelist: On [color=orange]========== Processes (SafeList) ==========[/color] PRC - [2008-04-14 22:51:18 | 01,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE PRC - [2002-04-12 02:00:00 | 00,057,344 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\system32\brsvc01a.exe PRC - [2001-12-13 02:01:00 | 00,045,056 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\system32\brss01a.exe PRC - [2009-02-12 15:56:36 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe PRC - [2006-02-28 12:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe PRC - [2008-05-03 05:46:00 | 00,159,812 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe PRC - [2007-05-14 12:54:36 | 00,272,024 | ---- | M] () -- C:\Program Files\CyberLink\Shared files\RichVideo.exe PRC - [2002-09-20 15:50:10 | 00,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe PRC - [2009-01-22 07:29:12 | 03,511,664 | ---- | M] (Maxthon International ltd.) -- C:\Program Files\Maxthon2\Maxthon.exe PRC - [2008-04-22 07:03:00 | 01,083,848 | ---- | M] (C. Ghisler & Co.) -- C:\totalcmd\TOTALCMD.EXE PRC - [2007-04-17 13:12:28 | 02,113,536 | ---- | M] (Gadu-Gadu S.A.) -- C:\Program Files\Gadu-Gadu\gg.exe PRC - [2009-06-02 14:25:21 | 00,501,248 | ---- | M] (OldTimer Tools) -- G:\MACIEK\OCHRONA KOMPA\OTListIt2.exe [color=orange]========== Win32 Services (SafeList) ==========[/color] SRV - [2008-08-05 15:50:50 | 01,238,344 | ---- | M] (Agnitum Ltd.) -- C:\Program Files\Agnitum\Outpost Firewall Pro\acs.exe -- (acssrv [Auto | Running]) SRV - [2005-09-23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped]) SRV - [2006-02-28 12:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running]) SRV - [2002-04-12 02:00:00 | 00,057,344 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\system32\brsvc01a.exe -- (Brother XP spl Service [Auto | Running]) SRV - [2005-09-23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) SRV - [2009-06-02 09:20:09 | 00,051,712 | RHS- | M] () -- C:\WINDOWS\system32\AgCPanelGermant.exe -- (dmadminBITS [Auto | Stopped]) SRV - [2009-04-14 13:42:03 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped]) SRV - [2009-02-12 15:56:36 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c98d19bbddcc46 [Auto | Stopped]) SRV - [2008-11-20 21:18:52 | 00,136,120 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped]) SRV - [2008-04-14 22:50:46 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running]) SRV - [2004-10-22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped]) SRV - [2008-05-03 05:46:00 | 00,159,812 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running]) SRV - [2003-07-28 20:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped]) SRV - [2007-05-14 12:54:36 | 00,272,024 | ---- | M] () -- C:\Program Files\CyberLink\Shared files\RichVideo.exe -- (RichVideo [Auto | Running]) SRV - [2008-04-07 09:17:30 | 00,430,592 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer [On_Demand | Stopped]) SRV - [2002-09-20 15:50:10 | 00,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default) [Auto | Running]) SRV - [2006-12-01 11:46:28 | 00,918,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped]) [color=orange]========== Driver Services (SafeList) ==========[/color] DRV - [2004-05-17 11:23:48 | 00,133,200 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio [On_Demand | Running]) DRV - [2008-06-30 17:16:00 | 00,030,864 | ---- | M] (Agnitum Ltd.) -- C:\WINDOWS\system32\DRIVERS\afw.sys -- (afw [On_Demand | Running]) DRV - [2008-06-30 17:16:14 | 00,234,640 | ---- | M] (Agnitum Ltd.) -- C:\WINDOWS\system32\drivers\afwcore.sys -- (afwcore [On_Demand | Running]) DRV - [2008-07-11 15:42:08 | 00,033,408 | ---- | M] (Agnitum Ltd.) -- C:\WINDOWS\system32\Filt\ASWFilt.dll -- (ASWFilt [On_Demand | Running]) DRV - [2004-10-15 05:50:20 | 00,015,295 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\System32\Drivers\BrScnUsb.sys -- (BrScnUsb [On_Demand | Running]) DRV - [2009-02-15 00:10:11 | 00,371,349 | ---- | M] (Illusion & Hope.) -- C:\WINDOWS\system32\drivers\BT848.sys -- (BT848 [Auto | Running]) DRV - [2004-08-22 16:31:10 | 00,155,136 | ---- | M] ( ) -- C:\WINDOWS\system32\DRIVERS\d347bus.sys -- (d347bus [Boot | Running]) DRV - [2004-08-22 16:31:48 | 00,005,248 | ---- | M] ( ) -- C:\WINDOWS\System32\Drivers\d347prt.sys -- (d347prt [Boot | Running]) DRV - [2002-04-14 17:23:00 | 00,016,588 | ---- | M] (The freeware company) -- E:\RÓŻNE\MORE TV\HWIONT.sys -- (HWIONT [On_Demand | Running]) DRV - [2004-06-21 16:03:22 | 00,078,976 | ---- | M] (Pinnacle Systems GmbH) -- C:\WINDOWS\system32\DRIVERS\MarvinBus.sys -- (MarvinBus [On_Demand | Running]) DRV - [2007-12-05 23:34:18 | 00,004,864 | ---- | M] (ShiningMorning Inc.) -- C:\WINDOWS\system32\drivers\mcctl.sys -- (mcctl [Boot | Running]) DRV - [2007-12-05 23:45:20 | 00,015,872 | ---- | M] (ShiningMorning Inc.) -- C:\WINDOWS\system32\DRIVERS\mcdevice.sys -- (mcdevice [On_Demand | Stopped]) DRV - [2002-09-20 11:53:34 | 00,235,100 | ---- | M] (Analog Devices Inc) -- C:\WINDOWS\system32\drivers\MidiSyn.sys -- (MidiSyn [On_Demand | Stopped]) DRV - [2008-09-15 08:56:24 | 00,017,664 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd [On_Demand | Stopped]) DRV - [2008-09-15 08:56:24 | 00,022,016 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc [On_Demand | Stopped]) DRV - [2008-05-03 05:46:00 | 06,554,496 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running]) DRV - [2007-09-17 15:53:26 | 00,021,632 | ---- | M] (Nokia) -- C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys -- (pccsmcfd [On_Demand | Stopped]) DRV - [2002-03-19 10:29:16 | 00,014,165 | ---- | M] (Pinnacle Systems GmbH) -- C:\WINDOWS\system32\drivers\pclepci.sys -- (PCLEPCI [System | Running]) DRV - [2009-04-21 21:02:23 | 00,010,368 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc [On_Demand | Running]) DRV - [2001-08-17 23:49:56 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running]) DRV - [2008-11-20 21:19:06 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running]) DRV - [2001-08-17 23:57:36 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Drivers\RootMdm.sys -- (ROOTMODEM [On_Demand | Stopped]) DRV - [2008-04-14 00:05:40 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\DRIVERS\RTL8139.SYS -- (rtl8139 [On_Demand | Running]) DRV - [2008-07-11 15:41:28 | 00,673,920 | ---- | M] (Agnitum Ltd.) -- C:\WINDOWS\system32\DRIVERS\SandBox.sys -- (SandBox [System | Running]) DRV - [2006-09-18 14:58:48 | 00,061,600 | R--- | M] (MCCI) -- C:\WINDOWS\system32\DRIVERS\SE27bus.sys -- (SE27bus [On_Demand | Stopped]) DRV - [2006-09-18 14:58:52 | 00,009,360 | R--- | M] (MCCI) -- C:\WINDOWS\system32\DRIVERS\SE27mdfl.sys -- (SE27mdfl [On_Demand | Stopped]) DRV - [2006-09-18 14:58:54 | 00,097,184 | R--- | M] (MCCI) -- C:\WINDOWS\system32\DRIVERS\SE27mdm.sys -- (SE27mdm [On_Demand | Stopped]) DRV - [2006-09-18 14:58:58 | 00,088,688 | R--- | M] (MCCI) -- C:\WINDOWS\system32\DRIVERS\SE27mgmt.sys -- (SE27mgmt [On_Demand | Stopped]) DRV - [2006-09-18 14:59:00 | 00,018,704 | R--- | M] (MCCI) -- C:\WINDOWS\system32\DRIVERS\se27nd5.sys -- (se27nd5 [On_Demand | Stopped]) DRV - [2006-09-18 14:59:02 | 00,086,560 | R--- | M] (MCCI) -- C:\WINDOWS\system32\DRIVERS\SE27obex.sys -- (SE27obex [On_Demand | Stopped]) DRV - [2006-09-18 14:59:08 | 00,090,800 | R--- | M] (MCCI) -- C:\WINDOWS\system32\DRIVERS\se27unic.sys -- (se27unic [On_Demand | Stopped]) DRV - [2008-04-13 22:09:18 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped]) DRV - [2004-04-26 10:49:56 | 00,381,056 | ---- | M] (Sensaura) -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt [On_Demand | Running]) DRV - [2004-08-28 13:54:38 | 00,033,995 | ---- | M] (Sonic Focus, Inc) -- C:\WINDOWS\system32\drivers\sf.sys -- (sf [System | Running]) DRV - [2008-05-02 08:48:55 | 00,062,208 | ---- | M] (Silicon Image, Inc.) -- C:\WINDOWS\System32\drivers\si3112.sys -- (Si3112 [Boot | Running]) DRV - [2004-09-01 12:18:40 | 00,259,648 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm [On_Demand | Running]) DRV - [2001-08-17 22:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped]) DRV - [2008-07-07 21:53:06 | 00,685,816 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running]) DRV - [2008-09-15 08:56:24 | 00,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys -- (upperdev [On_Demand | Stopped]) DRV - [2008-04-14 00:15:38 | 00,026,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\usbser.sys -- (usbser [On_Demand | Stopped]) DRV - [2006-04-01 17:16:44 | 00,162,176 | R--- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\DRIVERS\V0260Vid.sys -- (V0260VID [On_Demand | Stopped]) DRV - [2007-09-19 22:37:48 | 00,041,456 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink\PowerDVD\000.fcl -- ({95808DC4-FA4A-4C74-92FE-5B863F82066B} [Auto | Running]) [color=orange]========== Standard Registry (SafeList) ==========[/color] [color=orange]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local [color=orange]========== FireFox ==========[/color] FF - prefs.js..browser.startup.homepage: "" FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.21.0 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10 FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\PROGRAM FILES\GOOGLE\GOOGLE GEARS\FIREFOX\ [2009-05-29 10:03:27 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009-06-02 22:40:20 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009-06-02 22:40:12 | 00,000,000 | ---D | M] [2009-06-02 22:40:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Xp\Dane aplikacji\mozilla\Extensions [2009-06-02 22:40:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Xp\Dane aplikacji\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009-06-02 22:40:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Xp\Dane aplikacji\mozilla\Firefox\Profiles\t6zon6v7.default\extensions [2009-06-02 22:40:12 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions [2009-06-02 22:40:12 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009-04-24 11:54:25 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll [2009-04-24 11:54:25 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll [2006-06-03 18:43:22 | 00,000,896 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2008-04-03 19:19:08 | 00,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2008-04-16 06:08:20 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml [2007-03-31 19:11:54 | 00,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2006-06-03 18:43:22 | 00,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2008-03-28 23:36:04 | 00,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2007-01-05 13:40:56 | 00,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml O1 HOSTS File: (740 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.21.0\gears.dll (Google Inc.) O4 - HKLM..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent File not found O4 - HKLM..\Run: [Internet Connection Wizard Setup Tool] C:\Program Files\Internet Explorer\Connection Wizard\icwsetup.exe (http://www.softella.com/) O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation) O4 - HKLM..\Run: [OutpostFeedBack] "C:\Program Files\Agnitum\Outpost Firewall Pro\feedback.exe" /dump:os_startup (Agnitum Ltd.) O4 - HKLM..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice (Agnitum Ltd.) O4 - HKCU..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray (Gadu-Gadu S.A.) O4 - Startup: C:\Documents and Settings\All Users\Application Data\Microsoft\Shortcuts\icwsetup.exe (http://www.softella.com/) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0 O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 (Google Inc.) O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.) O9 - Extra 'Tools' menuitem : Ustawienia wtyczki &Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.21.0\gears.dll (Google Inc.) O9 - Extra Button: Ustawienia Outpost Firewall Pro - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Firewall Pro\ie_bar.dll (Agnitum Ltd.) O9 - Extra Button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [Obszar nazw Bluetooth] - C:\WINDOWS\system32\wshbth.dll (Microsoft Corporation) O15 - HKLM\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKCU\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.) O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (c:\progra~1\agnitum\outpos~1\wl_hook.dll) - c:\Program Files\Agnitum\Outpost Firewall Pro\wl_hook.dll (Agnitum Ltd.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - File not found O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008-07-07 13:28:58 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2005-02-25 18:24:46 | 00,000,051 | R--- | M] () - I:\autorun.inf -- [ UDF ] O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - * [2009-06-04 14:19:51 | 00,000,000 | ---D | M] [color=orange]========== Files/Folders - Created Within 30 Days ==========[/color] [2 C:\WINDOWS\System32\*.tmp files] [4 C:\WINDOWS\*.tmp files] [2009-06-04 14:30:56 | 00,000,675 | ---- | C] () -- C:\Documents and Settings\Xp\Pulpit\Maxthon2.lnk [2009-06-04 14:30:52 | 00,000,000 | ---D | C] -- C:\Program Files\Maxthon2 [2009-06-03 19:55:01 | 00,019,968 | ---- | C] (http://www.softella.com/) -- C:\Documents and Settings\All Users\Application Data\Microsoft\Shortcuts\icwsetup.exe [2009-06-03 15:34:21 | 00,234,640 | ---- | C] (Agnitum Ltd.) -- C:\WINDOWS\System32\drivers\afwcore.sys [2009-06-03 15:33:22 | 00,000,049 | ---- | C] () -- C:\WINDOWS\transp.gif [2009-06-03 15:33:21 | 00,673,920 | ---- | C] (Agnitum Ltd.) -- C:\WINDOWS\System32\drivers\SandBox.sys [2009-06-03 15:33:20 | 00,030,864 | ---- | C] (Agnitum Ltd.) -- C:\WINDOWS\System32\drivers\afw.sys [2009-06-03 15:33:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Filt [2009-06-03 15:33:13 | 00,000,000 | ---D | C] -- C:\Program Files\Agnitum [2009-06-03 15:33:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Agnitum [2009-06-03 10:28:34 | 00,000,000 | ---D | C] -- C:\WINDOWS\CSC [2009-06-03 10:26:32 | 00,000,790 | ---- | C] () -- C:\Documents and Settings\Xp\Pulpit\Skrót do Xp.exe.lnk [2009-06-02 22:40:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Xp\Dane aplikacji\Mozilla [2009-06-02 22:40:14 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Mozilla Firefox.lnk [2009-06-02 22:40:11 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2009-06-02 20:44:40 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software [2009-06-02 10:04:59 | 00,000,000 | ---D | C] -- C:\!KillBox [2009-06-02 09:21:25 | 00,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\null.sys [2009-06-02 09:21:25 | 00,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\null.sys [2009-06-02 09:20:58 | 00,004,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\beep.sys [2009-06-02 09:20:58 | 00,004,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\beep.sys [2009-06-02 09:20:17 | 00,000,032 | --S- | C] () -- C:\WINDOWS\System32\3500322332.dat [2009-06-02 09:20:10 | 00,051,712 | RHS- | C] () -- C:\WINDOWS\System32\AgCPanelGermant.exe [2009-05-31 17:56:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData [2009-05-28 20:41:25 | 00,000,700 | ---- | C] () -- C:\Documents and Settings\Xp\Pulpit\jv16 PowerTools.lnk [2009-05-28 20:41:24 | 00,000,000 | ---D | C] -- C:\Program Files\jv16 PowerTools [2009-05-26 16:47:36 | 00,000,000 | ---D | C] -- C:\rsit [2009-05-24 18:32:33 | 00,000,750 | ---- | C] () -- C:\Documents and Settings\Xp\Pulpit\Skrót do VirtualDub.lnk [2009-05-24 18:20:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Xp\Ustawienia lokalne\Apps [2009-05-23 22:28:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Xp\Moje dokumenty\Eksportowanie HTML programu Picasa [2009-05-22 21:12:29 | 02,359,350 | ---- | C] () -- C:\WINDOWS\ACD Tapeta.bmp [2009-05-22 19:21:12 | 00,000,630 | ---- | C] () -- C:\Documents and Settings\Xp\Pulpit\Audacity.lnk [2009-05-22 19:21:10 | 00,000,000 | ---D | C] -- C:\Program Files\Audacity [2009-05-22 16:04:53 | 00,184,320 | ---- | C] () -- C:\Documents and Settings\Xp\Moje dokumenty\Recording.mp3 [2009-05-22 15:52:44 | 00,000,730 | ---- | C] () -- C:\Documents and Settings\Xp\Pulpit\mp3DirectCut.lnk [2009-05-22 15:52:43 | 00,000,000 | ---D | C] -- C:\Program Files\mp3DirectCut [2009-05-22 15:47:53 | 00,000,000 | ---D | C] -- C:\Program Files\ToniArts [2009-05-21 18:17:43 | 00,278,528 | ---- | C] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll [2009-05-21 18:17:42 | 00,000,000 | ---D | C] -- C:\Program Files\Real Alternative [2009-05-21 18:17:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Xp\Dane aplikacji\Real [2009-05-21 18:17:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Real [2009-05-21 18:17:11 | 00,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2009-05-21 18:17:10 | 00,839,680 | ---- | C] (http://www.mp3dev.org/) -- C:\WINDOWS\System32\lameACM.acm [2009-05-21 18:17:10 | 00,000,414 | ---- | C] () -- C:\WINDOWS\System32\lame_acm.xml [2009-05-21 18:17:09 | 00,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2009-05-21 18:17:09 | 00,217,088 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\yv12vfw.dll [2009-05-21 18:17:09 | 00,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2009-05-21 18:17:09 | 00,118,784 | ---- | C] (fccHandler) -- C:\WINDOWS\System32\ac3acm.acm [2009-05-21 18:17:08 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2009-05-21 18:17:08 | 00,684,032 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx.dll [2009-05-21 18:17:08 | 00,086,016 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\dpl100.dll [2009-05-21 18:17:06 | 00,067,584 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2009-05-21 18:17:06 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2009-05-21 18:17:04 | 00,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack [2009-05-21 18:02:32 | 00,036,928 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2009-05-21 15:16:23 | 00,000,759 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Picasa 3.lnk [2009-05-21 15:16:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\IOSUBSYS [2009-05-19 21:09:40 | 00,013,944 | ---- | C] () -- C:\WINDOWS\desctemp.dat [2009-05-19 16:30:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Xp\Moje dokumenty\Bluetooth [2009-05-19 16:30:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Bluetooth [2009-05-19 16:09:19 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthmodem.sys [2009-05-19 16:09:19 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthmodem.sys [2009-05-19 16:07:26 | 00,101,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthpan.sys [2009-05-19 16:07:26 | 00,101,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthpan.sys [2009-05-19 16:07:16 | 00,059,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rfcomm.sys [2009-05-19 16:07:16 | 00,059,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rfcomm.sys [2009-05-19 16:07:15 | 00,152,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irftp.exe [2009-05-19 16:07:15 | 00,152,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irftp.exe [2009-05-19 16:07:15 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irmon.dll [2009-05-19 16:07:15 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irmon.dll [2009-05-19 16:07:15 | 00,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\BthEnum.sys [2009-05-19 16:07:15 | 00,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthenum.sys [2009-05-19 16:07:14 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wshirda.dll [2009-05-19 16:07:14 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wshirda.dll [2009-05-19 16:07:04 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\BTHUSB.SYS [2009-05-19 16:07:04 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthusb.sys [2009-05-17 08:44:54 | 00,001,836 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Google Earth.lnk [2009-05-08 17:32:03 | 00,000,156 | ---- | C] () -- C:\WINDOWS\Twunk001.MTX [2009-05-08 17:32:03 | 00,000,003 | ---- | C] () -- C:\WINDOWS\Twain001.Mtx [2009-05-08 17:32:03 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Twunk002.MTX [2009-05-08 17:32:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Xp\Dane aplikacji\Publish Providers [2009-05-08 17:31:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Xp\Moje dokumenty\My Videos [2009-05-08 17:31:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Xp\Dane aplikacji\Sony [2009-05-08 17:30:03 | 00,000,000 | ---D | C] -- C:\Program Files\Sony [2009-05-08 17:26:33 | 00,000,000 | R-SD | C] -- C:\WINDOWS\assembly [2009-05-08 17:25:41 | 00,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET [2009-05-08 17:23:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Xp\Dane aplikacji\Sony Setup [2008-12-28 12:02:51 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\JVideoWindow.dll [2008-12-28 12:02:36 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\JVideoSession.dll [2008-12-28 12:02:19 | 00,098,304 | ---- | C] () -- C:\WINDOWS\System32\JInstantMessaging.dll [2008-12-28 12:01:27 | 00,040,517 | ---- | C] () -- C:\WINDOWS\System32\jRegistryKey.dll [2008-12-07 17:14:29 | 00,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll [2008-12-07 17:14:29 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\tmpPrst.dll [2008-12-07 17:14:29 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll [2008-09-24 16:58:11 | 00,000,144 | ---- | C] () -- C:\WINDOWS\Eudcedit.ini [2008-08-23 17:18:01 | 00,000,472 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini [2008-08-10 00:18:13 | 00,000,037 | ---- | C] () -- C:\WINDOWS\Grappler.ini [2008-07-14 15:03:15 | 00,002,048 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll [2008-07-14 15:03:15 | 00,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll [2008-07-14 15:03:15 | 00,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll [2008-07-12 17:59:00 | 00,000,091 | ---- | C] () -- C:\WINDOWS\System32\logon.ini [2008-07-12 17:53:11 | 00,000,001 | ---- | C] () -- C:\WINDOWS\System32\sav950231.sys [2008-07-10 19:07:10 | 00,027,019 | ---- | C] () -- C:\WINDOWS\maxlink.ini [2008-07-08 00:31:02 | 00,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2008-07-07 22:12:26 | 00,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2008-07-07 22:04:59 | 00,155,136 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347bus.sys [2008-07-07 22:04:59 | 00,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347prt.sys [2008-07-07 21:53:06 | 00,685,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2008-07-07 17:57:53 | 00,000,477 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI [2008-07-07 17:57:53 | 00,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini [2008-07-07 17:57:53 | 00,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI [2008-07-07 15:25:45 | 00,015,360 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll [2008-07-07 15:20:18 | 00,003,867 | ---- | C] () -- C:\WINDOWS\wincmd.ini [2008-07-07 14:46:57 | 00,000,093 | ---- | C] () -- C:\WINDOWS\AVerTV2K.ini [2008-05-03 09:24:01 | 00,000,082 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2008-05-03 05:46:00 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2008-05-03 05:46:00 | 01,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2008-05-03 05:46:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2008-05-03 05:46:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2008-05-03 05:46:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2007-07-23 09:03:32 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll [2007-07-23 09:03:32 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll [2007-07-23 09:03:32 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll [2007-07-23 09:03:30 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll [2007-07-23 09:03:30 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll [2007-07-23 09:03:30 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll [2007-07-23 09:03:30 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll [2007-07-23 09:03:30 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll [2007-07-23 09:03:30 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll [2007-03-29 23:00:40 | 00,203,264 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll [2004-08-22 17:04:56 | 00,069,120 | ---- | C] () -- C:\WINDOWS\daemon.dll [2004-03-18 08:44:29 | 01,663,068 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll [2003-04-08 11:40:22 | 00,005,679 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI [2002-03-21 15:39:02 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL [2002-03-04 10:16:34 | 00,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll [2001-07-22 00:16:20 | 00,000,603 | ---- | C] () -- C:\WINDOWS\win.ini [2001-07-22 00:15:52 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini [color=orange]========== Files - Modified Within 30 Days ==========[/color] [2 C:\WINDOWS\System32\*.tmp files] [4 C:\WINDOWS\*.tmp files] [2009-06-04 14:46:56 | 00,003,867 | ---- | M] () -- C:\WINDOWS\wincmd.ini [2009-06-04 14:30:56 | 00,000,675 | ---- | M] () -- C:\Documents and Settings\Xp\Pulpit\Maxthon2.lnk [2009-06-04 14:24:27 | 00,993,330 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2009-06-04 14:24:27 | 00,451,564 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2009-06-04 14:24:27 | 00,395,336 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2009-06-04 14:24:27 | 00,075,706 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2009-06-04 14:24:27 | 00,059,576 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2009-06-04 14:20:06 | 00,182,851 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2009-06-04 14:20:04 | 00,000,032 | --S- | M] () -- C:\WINDOWS\System32\3500322332.dat [2009-06-04 14:19:52 | 00,001,032 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job [2009-06-04 14:19:49 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009-06-04 14:19:48 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Xp\Ustawienia lokalne\desktop.ini [2009-06-04 14:19:44 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009-06-03 15:32:25 | 00,002,596 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2009-06-03 10:26:32 | 00,000,790 | ---- | M] () -- C:\Documents and Settings\Xp\Pulpit\Skrót do Xp.exe.lnk [2009-06-03 07:21:29 | 00,000,603 | ---- | M] () -- C:\WINDOWS\win.ini [2009-06-03 07:21:29 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2009-06-03 07:21:29 | 00,000,211 | -HS- | M] () -- C:\boot.ini [2009-06-02 22:40:14 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Mozilla Firefox.lnk [2009-06-02 19:32:19 | 00,000,740 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2009-06-02 09:20:10 | 00,019,968 | ---- | M] (http://www.softella.com/) -- C:\Documents and Settings\All Users\Application Data\Microsoft\Shortcuts\icwsetup.exe [2009-06-02 09:20:09 | 00,051,712 | RHS- | M] () -- C:\WINDOWS\System32\AgCPanelGermant.exe [2009-06-01 07:51:15 | 00,002,341 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Nokia PC Suite.lnk [2009-05-28 20:41:25 | 00,000,700 | ---- | M] () -- C:\Documents and Settings\Xp\Pulpit\jv16 PowerTools.lnk [2009-05-27 11:25:12 | 00,027,136 | ---- | M] () -- C:\Documents and Settings\Xp\Pulpit\1.doc [2009-05-26 20:54:34 | 00,000,472 | ---- | M] () -- C:\WINDOWS\wcx_ftp.ini [2009-05-24 18:32:33 | 00,000,750 | ---- | M] () -- C:\Documents and Settings\Xp\Pulpit\Skrót do VirtualDub.lnk [2009-05-22 21:12:29 | 02,359,350 | ---- | M] () -- C:\WINDOWS\ACD Tapeta.bmp [2009-05-22 19:21:12 | 00,000,630 | ---- | M] () -- C:\Documents and Settings\Xp\Pulpit\Audacity.lnk [2009-05-22 16:05:07 | 00,184,320 | ---- | M] () -- C:\Documents and Settings\Xp\Moje dokumenty\Recording.mp3 [2009-05-22 15:52:44 | 00,000,730 | ---- | M] () -- C:\Documents and Settings\Xp\Pulpit\mp3DirectCut.lnk [2009-05-21 18:32:35 | 00,002,657 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\ACDSee Pro.lnk [2009-05-21 18:02:32 | 00,036,928 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat [2009-05-21 15:16:23 | 00,000,759 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Picasa 3.lnk [2009-05-21 15:11:16 | 00,000,752 | ---- | M] () -- C:\Documents and Settings\Xp\Pulpit\CSI Kryminalne Zagadki Las Vegas.lnk [2009-05-20 13:40:12 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009-05-19 21:09:40 | 00,013,944 | ---- | M] () -- C:\WINDOWS\desctemp.dat [2009-05-17 08:44:54 | 00,001,836 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Google Earth.lnk [2009-05-15 09:59:32 | 00,000,830 | ---- | M] () -- C:\Documents and Settings\Xp\Pulpit\Counter Strike 1.6 Non Steam.lnk [2009-05-14 17:56:02 | 01,498,416 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2009-05-09 12:25:15 | 00,000,003 | ---- | M] () -- C:\WINDOWS\Twain001.Mtx [2009-05-09 12:25:10 | 00,000,156 | ---- | M] () -- C:\WINDOWS\Twunk001.MTX [2009-05-08 17:32:03 | 00,000,000 | ---- | M] () -- C:\WINDOWS\Twunk002.MTX [2009-05-07 09:16:29 | 24,699,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe [color=orange]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:05EE1EEF @Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:C8B8CEBD @Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:94A19129 < End of report >

I www przeskanowanej strony

Rejestr już działa.Nie wiem jak ,ale działa.skanowałem malwarebytes,znalazł trochę wpisów
tutaj log

Kod: Zaznacz wszystko: Malwarebytes' Anti-Malware 1.37 Wersja bazy definicji: 2227 Windows 5.1.2600 Dodatek Service Pack 3 2009-06-04 15:54:50 mbam-log-2009-06-04 (15-54-46).txt Typ skanowania: Szybkie skanowanie Przeskanowane obiekty: 80435 Upłynęło: 3 minute(s), 30 second(s) Zainfekowane procesy w pamięci: 0 Zainfekowane moduły pamięci: 0 Zainfekowane klucze rejestru: 91 Zainfekowane wartości rejestru: 0 Zainfekowane pliki rejestru: 3 Zainfekowane foldery: 0 Zainfekowane pliki: 2 Zainfekowane procesy w pamięci: (Nie wykryto groźnych plików) Zainfekowane moduły pamięci: (Nie wykryto groźnych plików) Zainfekowane klucze rejestru: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCONSOL.EXE (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVP32.EXE (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAV32.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPFW.EXE (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapsvc.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapw32.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVNT.EXE (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navw32.EXE (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVWNT.EXE (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SCAN32.EXE (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ZONEALARM.EXE (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\filemon.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpost.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regmon.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapro.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrssvc.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvMonitor.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenter.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HijackThis.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASMain.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASTask.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVDX.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVStart.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32X.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32krn.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPF.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OllyDBG.EXE (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regtool.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\niu.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\A2SERVICE.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVGNT.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVGUARD.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVSCAN.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdagent.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CASECURITYCENTER.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EKRN.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FAMEH32.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPAVSERVER.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPWIN.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSAV32.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSGK32ST.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSMA32.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsserv.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwadins.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwebupw.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GFRing3.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ArcaCheck.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\arcavir.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashEnhcd.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashServ.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashUpd.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswUpdSv.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avadmin.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcenter.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcls.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconfig.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz4.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz_se.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdinit.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\caav.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\caavguiscan.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccupdate.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfp.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfpupdat.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmdagent.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DRWEB32.EXE (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fpscan.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardgui.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardxservice.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardxup.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navigator.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVSTUB.EXE (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Nvcc.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\preupd.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pskdr.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SfFnUp.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Vba32arkit.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vba32ldr.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Zanda.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Zlh.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zoneband.dll (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{d08d9f98-1c78-4704-87e6-368b0023d831} (Adware.RelevantKnowledge) -> No action taken. Zainfekowane wartości rejestru: (Nie wykryto groźnych plików) Zainfekowane pliki rejestru: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. Zainfekowane foldery: (Nie wykryto groźnych plików) Zainfekowane pliki: c:\WINDOWS\system32\AgCPanelGermant.exe (Trojan.Agent) -> No action taken. c:\documents and settings\Xp\Dane aplikacji\wiaserva.log (Malware.Trace) -> No action taken.

Usunąłem i jest ok.natomiast te www ,nie wiem czy pisałem już,nawet przy stracie systemu uruchamiają maxthona i sie właczają

Ciężki przypadek,i denerwujący

**Posty:** 18165 · przez **wojtas** 04 Cze 2009, 18:56

:OTLI
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O32 - AutoRun File - [2005-02-25 18:24:46 | 00,000,051 | R--- | M] () - I:\autorun.inf -- [ UDF ]

:Commands
[emptytemp]
[start explorer]
[Reboot]

Kliknij w Run Fix. I potwierdz reset kompa .

Pobierz i uruchom narzędzie
The Avenger
w bialym polu wklej tekst:

Files to delete:

C:\WINDOWS\System32\3500322332.dat
C:\WINDOWS\System32\AgCPanelGermant.exe
c:\documents and settings\Xp\Dane aplikacji\wiaserva.log

Folder to delete:

C:\WINDOWS\System32\NtmsData

Kopiujesz - Klikasz na Paste Script from Clipboard - Execute - Potwierdzasz i zgadzasz się na restart klikając OK.
Po wykonaniu skasuj z dysku plik: C:\Avenger\backup.zip i wklej raport na forum C:\avenger.txt + log z combofixa ( nie przejmuj sie konsolą ) instrukcja combo

**Posty:** 171 · przez **maci** 04 Cze 2009, 20:06

Ufff jestem po combofixie i komp działa.

Log

Kod: Zaznacz wszystko: ComboFix 09-06-03.04 - Xp 2009-06-04 19:56.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.511.260 [GMT 2:00] Uruchomiony z: c:\documents and settings\Xp\Pulpit\ComboFix.exe FW: Outpost Firewall Pro *disabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD} . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Xp\Dane aplikacji\.# c:\windows\system32\drivers\jynfv.sys c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf c:\windows\system32\lsprst7.dll c:\windows\system32\ssprs.dll c:\windows\system32\tmp.reg c:\windows\system32\tmpPrst.dll . ((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_DMADMINBITS -------\Legacy_GLAIDE32 -------\Service_dmadminBITS ((((((((((((((((((((((((( Pliki utworzone od 2009-05-04 do 2009-06-04 ))))))))))))))))))))))))))))))) . 2009-06-04 13:48 . 2009-06-04 13:48 -------- d-----w- c:\documents and settings\Xp\Dane aplikacji\Malwarebytes 2009-06-04 13:48 . 2009-05-26 11:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-06-04 13:48 . 2009-06-04 13:48 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Malwarebytes 2009-06-04 13:48 . 2009-05-26 11:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-06-04 13:48 . 2009-06-04 13:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-06-04 12:30 . 2009-06-04 17:49 -------- d-----w- c:\program files\Maxthon2 2009-06-03 13:34 . 2008-06-30 15:16 234640 ----a-w- c:\windows\system32\drivers\afwcore.sys 2009-06-03 13:33 . 2008-07-11 13:41 673920 ----a-w- c:\windows\system32\drivers\SandBox.sys 2009-06-03 13:33 . 2008-06-30 15:16 30864 ----a-w- c:\windows\system32\drivers\afw.sys 2009-06-03 13:33 . 2009-06-04 08:19 -------- d-----w- c:\windows\system32\Filt 2009-06-03 13:33 . 2009-06-03 13:33 -------- d-----w- c:\program files\Agnitum 2009-06-03 13:33 . 2009-06-03 13:33 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Agnitum 2009-06-02 20:40 . 2009-06-02 20:40 -------- d-----w- c:\documents and settings\Xp\Ustawienia lokalne\Dane aplikacji\Mozilla 2009-06-02 18:44 . 2009-06-02 18:44 -------- d-----w- c:\program files\Alwil Software 2009-06-02 08:04 . 2009-06-02 08:06 -------- d-----w- C:\!KillBox 2009-06-02 07:21 . 2001-08-17 21:47 2944 ----a-w- c:\windows\system32\drivers\null.sys 2009-06-02 07:21 . 2001-08-17 21:47 2944 ----a-w- c:\windows\system32\dllcache\null.sys 2009-06-02 07:20 . 2001-08-17 21:47 4224 ----a-w- c:\windows\system32\drivers\beep.sys 2009-06-02 07:20 . 2001-08-17 21:47 4224 ----a-w- c:\windows\system32\dllcache\beep.sys 2009-05-31 15:56 . 2009-05-31 15:57 -------- d-----w- c:\windows\system32\NtmsData 2009-05-28 18:41 . 2009-05-28 18:41 -------- d-----w- c:\program files\jv16 PowerTools 2009-05-26 14:47 . 2009-05-26 14:48 -------- d-----w- C:\rsit 2009-05-24 16:20 . 2009-05-24 16:20 -------- d-----w- c:\documents and settings\Xp\Ustawienia lokalne\Dane aplikacji\Deployment 2009-05-22 17:21 . 2009-05-22 17:21 -------- d-----w- c:\program files\Audacity 2009-05-22 13:52 . 2009-05-22 14:04 -------- d-----w- c:\program files\mp3DirectCut 2009-05-22 13:47 . 2009-05-22 13:47 -------- d-----w- c:\program files\ToniArts 2009-05-21 16:13 . 2005-09-25 18:11 2494464 ----a-w- c:\windows\system\advrcntr2.dll 2009-05-21 16:02 . 2009-05-21 16:02 36928 ---ha-w- c:\windows\system32\mlfcache.dat 2009-05-21 13:16 . 2009-05-21 13:16 -------- d-----w- c:\windows\system32\IOSUBSYS 2009-05-19 19:09 . 2009-05-19 19:09 13944 ----a-w- c:\windows\desctemp.dat 2009-05-19 14:30 . 2009-06-01 16:26 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Bluetooth 2009-05-19 14:09 . 2008-04-13 22:16 37888 ----a-w- c:\windows\system32\drivers\bthmodem.sys 2009-05-19 14:09 . 2008-04-13 22:16 37888 ----a-w- c:\windows\system32\dllcache\bthmodem.sys 2009-05-13 18:46 . 2009-05-13 18:46 -------- d-----w- c:\documents and settings\Xp\DoctorWeb 2009-05-08 15:32 . 2009-05-08 15:32 -------- d-----w- c:\documents and settings\Xp\Dane aplikacji\Publish Providers 2009-05-08 15:31 . 2009-05-08 15:31 -------- d-----w- c:\documents and settings\Xp\Ustawienia lokalne\Dane aplikacji\Sony 2009-05-08 15:31 . 2009-05-08 15:31 -------- d-----w- c:\documents and settings\Xp\Dane aplikacji\Sony 2009-05-08 15:30 . 2009-05-22 13:40 -------- d-----w- c:\program files\Sony 2009-05-08 15:23 . 2009-05-08 15:24 23510720 ----a-w- c:\documents and settings\Xp\Dane aplikacji\Sony Setup\[u]0[/u]9063B41-0916-4360-A80D-0C2A2B89D300\dotnetfx.exe 2009-05-08 15:23 . 2009-05-08 15:23 -------- d-----w- c:\documents and settings\Xp\Dane aplikacji\Sony Setup . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-04 17:48 . 2008-07-07 15:07 -------- d-----w- c:\documents and settings\Xp\Dane aplikacji\MxBoost 2009-06-04 17:42 . 2001-10-26 16:15 75706 ----a-w- c:\windows\system32\perfc015.dat 2009-06-04 17:42 . 2001-10-26 16:15 451564 ----a-w- c:\windows\system32\perfh015.dat 2009-06-04 14:40 . 2008-07-07 18:16 -------- d-----w- c:\program files\Common Files\Adobe 2009-06-01 05:54 . 2008-07-12 12:05 -------- d-----w- c:\documents and settings\Xp\Dane aplikacji\Nokia 2009-05-31 19:48 . 2008-07-09 16:26 -------- d-----w- c:\documents and settings\Xp\Dane aplikacji\Skype 2009-05-29 08:37 . 2009-04-26 10:14 -------- d-----w- c:\program files\VirtualDub-1.8.8 2009-05-29 08:03 . 2008-07-12 22:16 -------- d-----w- c:\program files\Google 2009-05-22 13:47 . 2008-07-07 11:53 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-05-21 16:17 . 2009-05-21 16:17 -------- d-----w- c:\program files\Real Alternative 2009-05-21 16:17 . 2009-05-21 16:17 -------- d-----w- c:\program files\K-Lite Codec Pack 2009-05-18 15:19 . 2008-08-15 15:50 -------- d-----w- c:\documents and settings\Xp\Dane aplikacji\Creative 2009-05-14 20:08 . 2008-07-07 18:16 53568 ----a-w- c:\documents and settings\Xp\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT 2009-05-14 15:25 . 2009-03-18 12:55 -------- d-----w- c:\program files\SkanerOnline 2009-05-09 10:33 . 2008-09-10 10:49 -------- d---a-w- c:\documents and settings\All Users\Dane aplikacji\TEMP 2009-05-01 18:30 . 2009-05-01 18:30 3366912 ----a-w- c:\windows\system32\GPhotos.scr 2009-04-30 10:34 . 2009-04-30 10:31 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-04-30 10:34 . 2009-04-30 10:31 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Spybot - Search & Destroy 2009-04-25 07:52 . 2008-07-14 15:51 -------- d-----w- c:\documents and settings\Xp\Dane aplikacji\uTorrent 2009-04-23 08:37 . 2009-04-23 08:37 -------- d-----w- c:\documents and settings\Xp\Dane aplikacji\GeoVid 2009-04-23 08:36 . 2009-04-23 08:36 -------- d-----w- c:\program files\GeoVid 2009-04-21 19:02 . 2008-07-07 13:24 -------- d-----w- c:\program files\Common Files\ACD Systems 2009-04-21 19:02 . 2009-04-21 19:02 -------- d-----w- c:\program files\ACD Systems 2009-04-21 19:02 . 2009-04-21 19:02 10368 ----a-w- c:\windows\system32\drivers\pfc.sys 2009-04-17 21:23 . 2009-04-17 21:02 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Pinnacle 2009-04-17 18:26 . 2009-04-17 18:26 356352 ----a-w- c:\windows\eSellerateEngine.dll 2009-04-14 11:51 . 2009-04-14 11:51 -------- d-----w- c:\program files\Bonjour 2009-04-14 11:42 . 2009-04-14 11:42 -------- d-----w- c:\program files\Common Files\Macrovision Shared 2009-04-07 10:02 . 2008-07-14 13:03 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\hps 2009-03-24 11:47 . 2009-03-24 11:47 434688 ----a-w- c:\windows\system32\ss2uinst.exe 2009-03-10 18:28 . 2008-12-06 18:22 107888 ----a-w- c:\windows\system32\CmdLineExt.dll . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2007-04-17 2113536] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088] "OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2008-08-22 1157448] "OutpostFeedBack"="c:\program files\Agnitum\Outpost Firewall Pro\feedback.exe" [2008-08-05 435528] "Internet Connection Wizard Setup Tool"="c:\program files\Internet Explorer\Connection Wizard\icwsetup.exe" [2009-06-02 19968] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_2"="shell32" [X] "nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-02-20 124928] c:\documents and settings\All Users\Application Data\Microsoft\Shortcuts\ icwsetup.exe [2009-6-2 19968] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Application Data^Microsoft^Shortcuts^icwsetup.exe] path=c:\documents and settings\All Users\Application Data\Microsoft\Shortcuts\icwsetup.exe backup=c:\windows\pss\icwsetup.exeCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Status Monitor.lnk] path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Status Monitor.lnk backup=c:\windows\pss\Status Monitor.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "h:\\DC++\\DCPlusPlus.exe"= "c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Gadu-Gadu\\gg.exe"= "c:\\Program Files\\SopCast\\adv\\SopAdver.exe"= "c:\\WINDOWS\\system32\\dpnsvr.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R0 mcctl;mcctl;c:\windows\system32\drivers\mcctl.sys [2009-04-17 4864] R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [2009-06-03 673920] R2 BT848;Conexant's BtPCI WDM Video Capture;c:\windows\system32\drivers\BT848.sys [2008-07-07 371349] R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [2009-06-03 30864] R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [2009-06-03 234640] R3 ASWFilt;ASWFilt;c:\windows\system32\Filt\ASWFilt.dll [2009-06-03 33408] S2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [2009-06-03 1238344] S2 gupdate1c98d19bbddcc46;Google Update Service (gupdate1c98d19bbddcc46);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-12 133104] S3 mcdevice;mcdevice;c:\windows\system32\drivers\mcdevice.sys [2009-04-17 15872] S3 V0260VID;Live! Cam Vista IM;c:\windows\system32\drivers\V0260Vid.sys [2008-08-15 162176] . Zawartość folderu 'Zaplanowane zadania' 2009-06-04 c:\windows\Tasks\GoogleUpdateTaskMachine.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-12 13:56] . - - - - USUNIĘTO PUSTE WPISY - - - - SafeBoot-procexp90.Sys . ------- Skan uzupełniający ------- . uStart Page = about:blank uInternet Settings,ProxyOverride = *.local IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cab FF - ProfilePath - c:\documents and settings\Xp\Dane aplikacji\Mozilla\Firefox\Profiles\t6zon6v7.default\ FF - prefs.js: browser.startup.homepage - FF - component: c:\program files\Google\Google Gears\Firefox\components\gears.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-04 20:01 Windows 5.1.2600 Dodatek Service Pack 3 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}] "ImagePath"="\??\c:\program files\CyberLink\PowerDVD\[u]0[/u]00.fcl" . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- [HKEY_USERS\S-1-5-21-2025429265-920026266-1177238915-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:f2,9d,d5,d4,5a,4f,bd,34,73,8e,6c,74,3e,a7,48,e5,65,07,15,b3,cc,8a,b5, c7,3d,80,07,f8,5c,b9,01,11,bc,4e,85,08,da,12,f3,6e,6e,6d,61,64,8b,53,f8,6f,\ "??"=hex:9f,3c,38,3e,ea,9b,99,d9,1f,2d,93,22,dd,63,d9,d0 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,fe,2a,a6,55,9a, 9b,f3,fe,e2,63,26,f1,3f,c8,ff,68,51,53,3f,d0,2f,87,b8,d7,e2,63,26,f1,3f,c8,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,2f,6c,9d,ab,cf, 3c,d0,e7,6a,9c,d6,61,af,45,84,18,20,c5,90,36,88,9c,80,5d,6a,9c,d6,61,af,45,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,76,2b,fa,05,47, 89,77,87,ff,7c,85,e0,43,d4,0e,fe,45,a9,03,d7,ac,a5,39,93,ff,7c,85,e0,43,d4,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,79,77,2f,6b,89, ea,06,80,86,8c,21,01,be,91,eb,e7,2d,af,8f,e8,16,ed,b6,42,86,8c,21,01,be,91,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,dd,bc,30,a0,89, 12,72,52,f5,1d,4d,73,a8,13,5c,05,e2,74,2e,06,cd,62,f7,03,f5,1d,4d,73,a8,13,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,c4,37,bb,f0,3e, e6,f3,1e,df,20,58,62,78,6b,cf,c8,29,1d,83,15,b5,2f,29,46,df,20,58,62,78,6b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,85,e9,41,8b,94, da,26,cb,fb,a7,78,e6,12,2f,9a,ea,e5,55,7c,1a,16,c7,90,96,fb,a7,78,e6,12,2f,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "1d68fe701cdea33e477eb204b76f993d"=hex:aa,52,c6,00,84,3c,26,64,80,dd,36,2a,7f, ac,0a,98,01,3a,48,fc,e8,04,4a,f1,f9,41,ec,e4,ce,a6,a8,97,01,3a,48,fc,e8,04,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,58,a4,5e,3c,00, d5,31,99,f6,0f,4e,58,98,5b,89,c9,59,21,db,fd,35,a3,4e,bd,f6,0f,4e,58,98,5b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,2c,c8,3a,ae,91, 08,53,45,3d,ce,ea,26,2d,45,aa,78,12,22,c5,04,46,60,80,23,3d,ce,ea,26,2d,45,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,d9,e5,7e,2a,89, 3e,68,e0,2a,b7,cc,b5,b9,7f,41,e7,b5,05,95,8e,f1,dd,a1,0a,2a,b7,cc,b5,b9,7f,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,f6,ef,f8,d4,fe, f6,88,15,6c,43,2d,1e,aa,22,2f,9c,ad,b9,e5,a2,a0,b5,78,ea,6c,43,2d,1e,aa,22,\ . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'explorer.exe'(812) c:\windows\system32\wpdshserviceobj.dll c:\program files\Nokia\Nokia PC Suite 6\phonebrowser.dll c:\program files\Nokia\Nokia PC Suite 6\NGSCM.DLL c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_pol.nlr c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr c:\windows\system32\portabledevicetypes.dll c:\windows\system32\portabledeviceapi.dll . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\windows\system32\brss01a.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\system32\nvsvc32.exe c:\program files\CyberLink\Shared files\RichVideo.exe c:\program files\Analog Devices\SoundMAX\SMAgent.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Czas ukończenia: 2009-06-04 20:04 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2009-06-04 18:04 Przed: 38 256 963 584 bajtów wolnych Po: 38 164 566 016 bajtów wolnych WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 286 --- E O F --- 2009-05-27 10:18

Log avengera

Kod: Zaznacz wszystko: Logfile of The Avenger Version 2.0, (c) by Swandog46 http://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! File "C:\WINDOWS\System32\3500322332.dat" deleted successfully. Error: file "C:\WINDOWS\System32\AgCPanelGermant.exe" not found! Deletion of file "C:\WINDOWS\System32\AgCPanelGermant.exe" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "c:\documents and settings\Xp\Dane aplikacji\wiaserva.log" not found! Deletion of file "c:\documents and settings\Xp\Dane aplikacji\wiaserva.log" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "Folder to delete:" not found! Deletion of file "Folder to delete:" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: "C:\WINDOWS\System32\NtmsData" is a folder, not a file! Deletion of file "C:\WINDOWS\System32\NtmsData" failed! Status: 0xc00000ba (STATUS_FILE_IS_A_DIRECTORY) --> use "Folders to delete:" instead of "Files to delete:" to delete a directory Completed script processing. ******************* Finished! Terminate.

**Posty:** 18165 · przez **wojtas** 04 Cze 2009, 20:15

log wydaje sie byc czysty... combo usunął co nieco

**Posty:** 171 · przez **maci** 04 Cze 2009, 21:40

wojtas napisał(a):log wydaje sie byc czysty... combo usunął co nieco

No to super,ale zainstalowałem maxthona w celu sprawdzenia czy nic sie będzie działo i co ? I na dzień dobry bach dwie zakładki z tymi stronkami się otwierają.Szkoda mi sąsiądów jak słyszą jak wyklinam tego syfa

**Posty:** 18165 · przez **wojtas** 04 Cze 2009, 21:57

no to ja nie wiem a czy tamten link o tej infekcji hidden nie pomogł ?? bo już nie mam pomysłu

**Posty:** 171 · przez **maci** 04 Cze 2009, 22:12

Nie pomogło Wojtas nic.Już nawet odinstalowałem maxt,usunąłem wszystkie wpisy z rejestru dotyczące tej przegladarki,usunałem też programem jv16.Zainstalowałem starszą wersję i dalej to samo.Wcześniej jeszczeprzed combofixem to jak się te strony itwierały,to łączyła mi się przegladarka ze stroną windowslive.Udało mi sie zrzut zrobic ,bo za sekundę znikło.

Tak jakby to była czyjaś poczta :1:

bo moja napewno nie

Co to są wogóle te strony,jakieś reklamy i dlaczego one się uruchamiają przy starcie systemu,i wogóle gdzie mogą siedzieć w systemie ,że tak trudno je wy....lić :ok:

**Posty:** 18165 · przez **wojtas** 04 Cze 2009, 22:25

tu jest nowy temat o tym:

ten i tez za bardzo pojecia nie mają jak to usunąć... wiec nie wiem co poczynic jak to skasowac..

**Posty:** 171 · przez **maci** 04 Cze 2009, 22:37

Tam niewiele piszą o tym.Pozytwem jest fakt że avast sie odpalił i chodzi. :ok:

Z logów nic nie wynika ,że one gdzieś siedzą w jakiś plikach :?:

.Uruchamiają one same maxthona .W IE nie ma ich i FF też a przecież maxhton to nakładka na IE.Wojtas jak Ty nie wiesz jak sobie z tym poradzić ,to kto ma wiedzieć :wink:

**Posty:** 18165 · przez **wojtas** 04 Cze 2009, 22:43

nom naprawdę nie wiem co zrobić ... jedyna myśl to przejscie na inna przegladarke

Autor postu otrzymał pochwałę

**Posty:** 171 · przez **maci** 04 Cze 2009, 22:58

No to też tak zrobiłem.Wywalam narazie maxthona,i będe używał FF.Trudno moze się przyzwyczaje.Dużo osób chwali FF w sumie.A w logach nie było nic ,że coś jest do usuniącia jakieś pliki które startują wraz z systemem.Nie doczytasz się niczego.Może jakiś log jeszcze wrzucić,czy wszystko już wiadomo??

**Posty:** 18165 · przez **wojtas** 04 Cze 2009, 23:21

no nic nie ma ... to nie jest infekcja plikow..

**Posty:** 171 · przez **maci** 04 Cze 2009, 23:55

wojtas napisał(a):no nic nie ma ... to nie jest infekcja plikow..

W takim razie Wojtas narazie dzięki wielkie :ok:

Jak coś sie będzie działo ,będe pisał.Oby nie.Trzymaj się,cześć

**Posty:** 112 · przez **Fever** 05 Cze 2009, 13:29

podejrzewam, że ma to związek z tym:
http://tech.wp.pl/kat,1009785,title,Google-pierwsza-dziesiatka-stron-z-malwareem,wid,11192084,wiadomosc.html