Aktualizacje na programosy.pl:
EverNote • Qimage • Cypheros TS-Doctor • GridinSoft Anti-Malware • Loaris Trojan Remover • Monkey′s Audio • Mozilla Firefox • Atlantis Word Processor • Machinery HDR Effects
-
- Ogłoszenie:
Trojan mnie dopadł
52 posty(ów) • Strona 3 z 3 • 1, 2, 3
Trojan mnie dopadł
przez kalcyt13 13 Sie 2008, 09:09
-
kalcyt13 - ~user
- Posty: 684
- Dołączenie: 08 Sty 2006, 12:02
- Miejscowość: Dolny Śląsk
- djarta
- ~user
- Posty: 684
- Dołączenie: 31 Lip 2008, 10:49
- Pochwały: 55
Trojan mnie dopadł
przez kalcyt13 13 Sie 2008, 09:24
- Kod: Zaznacz wszystko
SmitFraudFix v2.335
Scan done at 9:16:10.71, 2008-08-13
Run from E:\POBIERANIE PLIKŕW\SmitfraudFix
OS: Microsoft Windows XP [Wersja 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: WAN (PPP/SLIP) Interface
DNS Server Search Order: 217.30.129.149
DNS Server Search Order: 217.30.137.200
HKLM\SYSTEM\CCS\Services\Tcpip\..\{D00ADFD7-4B7A-4A18-9769-C0B84E014826}: NameServer=217.30.129.149 217.30.137.200
HKLM\SYSTEM\CS3\Services\Tcpip\..\{D00ADFD7-4B7A-4A18-9769-C0B84E014826}: NameServer=217.30.129.149 217.30.137.200
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"="kdxqf.exe"
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Reboot
C:\WINDOWS\system32\kdxqf.exe not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» End
Dodano 13.08.2008 08:27:27:
- Kod: Zaznacz wszystko
Deckard's System Scanner v20071014.68
Run by darek on 2008-08-13 09:25:29
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- HijackThis (run as darek.exe) -----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:26, on 2008-08-13
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\DialNet\winpppoverethernet.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\DialNet\WrOS.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
E:\POBIERANIE PLIKÓW\dss.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\darek.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [a-winpoet-service] "C:\Program Files\DialNet\winpppoverethernet.exe"
O4 - HKLM\..\Run: [] "C:\PROGRA~1\DialNet\FPLICE~1.EXE zhimakaimen//WINPOET_QUITTING_EVENT"
O4 - HKLM\..\Run: [z-WrDialer] "C:\Program Files\DialNet\wrdialer.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Dodaj do listy blokowanych banerów - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virusscanner/kavwebscan_unicode.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D00ADFD7-4B7A-4A18-9769-C0B84E014826}: NameServer = 217.30.129.149 217.30.137.200
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: WinPPPoverEthernet - Fine Point Technologies, Inc. - C:\Program Files\DialNet\WrOS.EXE
--
End of file - 6805 bytes
-- Files created between 2008-07-13 and 2008-08-13 -----------------------------
2008-08-13 09:16:26 1616 --a------ C:\WINDOWS\system32\tmp.reg
2008-08-13 09:15:50 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-08-13 09:15:50 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-08-13 09:15:50 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-08-13 09:15:50 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-08-13 09:15:50 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-08-13 09:15:50 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-08-13 09:15:50 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-08-13 09:15:50 82432 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; 404Fix>
2008-08-12 19:55:46 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-08-12 17:40:47 96976 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-08-12 17:40:47 87855 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-08-12 17:40:24 262176 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-08-12 17:40:24 1953312 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-08-12 17:40:24 0 d-------- C:\Program Files\Kaspersky Lab
2008-08-12 13:13:24 0 d-------- C:\WINDOWS\ERUNT
2008-08-12 09:40:18 0 d-------- C:\Program Files\Trend Micro
2008-08-12 09:05:40 0 d-------- C:\Nod32 v2.5
2008-08-11 23:14:33 14336 --a------ C:\WINDOWS\system32\el32.dll
2008-08-11 10:49:28 0 d-------- C:\Program Files\Common Files\PCSuite
2008-08-11 10:49:27 0 d-------- C:\Program Files\Common Files\Nokia
2008-08-11 10:49:13 0 d-------- C:\Program Files\PC Connectivity Solution
2008-08-10 21:25:12 0 d-------- C:\WINDOWS\system32\oodag
2008-08-08 20:57:11 0 d-------- C:\WINDOWS\Sun
2008-08-08 17:35:23 210032 --a------ C:\WINDOWS\system32\DBCLIENT.DLL
2008-08-07 20:17:32 0 d-------- C:\WINDOWS\pss
2008-08-07 19:08:22 86016 --a------ C:\WINDOWS\system32\CNMCP66.exe <Not Verified; CANON INC.; Canon BJ Raster Printer Driver Installer>
2008-08-07 19:08:18 0 d--h----- C:\BJPrinter
2008-08-07 15:10:04 0 d-------- C:\Program Files\Common Files\Ulead Systems
2008-08-07 15:09:35 49152 --a------ C:\WINDOWS\system32\TempDel.EXE <Not Verified; Leadtek Research Inc.; Leadtek Research Inc. TempDel>
2008-08-07 15:09:33 9446 --a------ C:\WINDOWS\system32\drivers\WFIOCTL.sys <Not Verified; Leadtek Research Inc.; WinFast MultiMedia Device Driver (Windows 2000/XP)>
2008-08-07 15:09:30 0 d-------- C:\Program Files\WinFast
2008-08-07 15:06:50 0 d-------- C:\WINDOWS\system32\WinFast
2008-08-07 15:06:50 9728 --a------ C:\WINDOWS\system32\drivers\cxavxbar.sys <Not Verified; Leadtek Research Inc.; CX2388x AVStream Crossbar Driver>
2008-08-07 15:06:50 162944 --a------ C:\WINDOWS\system32\drivers\cx88vid.sys <Not Verified; Leadtek Research Inc.; CX2388x Video Capture Driver>
2008-08-07 15:06:50 50816 --a------ C:\WINDOWS\system32\drivers\cx88tune.sys <Not Verified; Leadtek Research Inc.; CX2388x Tuner Driver>
2008-08-07 15:06:49 0 d-------- C:\Program Files\Leadtek Research Inc
2008-08-07 14:40:03 0 d--hs---- C:\WINDOWS\Installer
2008-08-07 14:40:02 0 d-------- C:\Program Files\Common Files\ODBC
2008-08-07 14:40:01 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-08-07 14:40:00 0 dr------- C:\Program Files
2008-08-07 14:40:00 0 d-------- C:\Program Files\Common Files
2008-08-07 14:37:50 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-08-07 14:37:50 0 d-------- C:\WINDOWS\system32\CatRoot
2008-08-07 14:37:31 0 d--hs---- C:\System Volume Information
2008-08-07 14:37:31 0 d-------- C:\Documents and Settings
2008-08-07 14:34:20 0 d-------- C:\WINDOWS
2008-08-07 14:34:20 0 d-------- C:\WINDOWS\WinSxS
2008-08-07 14:34:20 0 dr------- C:\WINDOWS\Web
2008-08-07 14:34:20 0 d-------- C:\WINDOWS\twain_32
2008-08-07 14:34:20 0 d-------- C:\WINDOWS\system32
2008-08-07 14:34:20 0 d-------- C:\WINDOWS\system32\wins
2008-08-07 14:34:20 0 d-------- C:\WINDOWS\system32\wbem
2008-08-07 14:34:20 0 d-------- C:\WINDOWS\system32\usmt
2008-08-07 14:34:20 0 d-------- C:\WINDOWS\system32\spool
2008-08-07 14:34:20 0 d-------- C:\WINDOWS\system32\ShellExt
2008-08-07 14:34:20 0 d-------- C:\WINDOWS\system32\Setup
2008-08-07 14:34:20 0 d-------- C:\WINDOWS\system32\ras
2008-08-07 14:34:20 0 d-------- C:\WINDOWS\system32\oobe
2008-08-07 14:34:20 0 d-------- C:\WINDOWS\system32\npp
2008-08-07 14:34:20 0 d-------- C:\WINDOWS\system32\mui
2008-08-07 14:34:20 0 d-------- C:\WINDOWS\system32\inetsrv
2008-08-07 14:34:20 0 d-------- C:\WINDOWS\system32\IME
2008-08-07 14:34:20 0 d-------- C:\WINDOWS\system32\icsxml
2008-08-07 14:34:20 0 d-------- C:\WINDOWS\system32\ias
2008-08-07 14:34:20 0 d-------- C:\WINDOWS\system32\export
2008-08-07 14:34:20 0 d-------- C:\WINDOWS\system32\drivers
2008-08-07 14:34:20 0 d-------- C:\WINDOWS\system32\drivers\etc
2008-08-07 14:34:20 0 d-------- C:\WINDOWS\system32\drivers\disdn
2008-08-07 14:34:20 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-08-07 14:34:20 0 d-------- C:\WINDOWS\system32\dhcp
2008-08-07 14:34:20 0 d-------- C:\WINDOWS\system32\config
2008-08-07 14:34:20 0 d-------- C:\WINDOWS\system32\3com_dmi
2008-08-07 14:34:20 0 d-------- C:\WINDOWS\system32\3076
2008-08-07 14:34:20 0 d-------- C:\WINDOWS\system32\2052
2008-08-07 14:34:20 0 d-------- C:\WINDOWS\system32\1054
2008-08-07 14:34:20 0 d-------- C:\WINDOWS\system32\1045
2008-08-07 14:34:20 0 d-------- C:\WINDOWS\system32\1042
2008-08-07 14:34:20 0 d-------- C:\WINDOWS\system32\1041
2008-08-07 14:34:20 0 d-------- C:\WINDOWS\system32\1037
2008-08-07 14:34:20 0 d-------- C:\WINDOWS\system32\1033
2008-08-07 14:34:20 0 d-------- C:\WINDOWS\system32\1031
2008-08-07 14:34:20 0 d-------- C:\WINDOWS\system32\1028
2008-08-07 14:34:20 0 d-------- C:\WINDOWS\system32\1025
2008-08-07 14:34:20 0 d-------- C:\WINDOWS\system
2008-08-07 14:34:20 0 d-------- C:\WINDOWS\security
2008-08-07 14:34:20 0 d-------- C:\WINDOWS\Resources
2008-08-07 14:34:20 0 d-------- C:\WINDOWS\repair
2008-08-07 14:34:20 0 d-------- C:\WINDOWS\Provisioning
2008-08-07 14:34:20 0 d-------- C:\WINDOWS\PeerNet
2008-08-07 14:34:20 0 d-------- C:\WINDOWS\pchealth
2008-08-07 14:34:20 0 d-------- C:\WINDOWS\mui
2008-08-07 14:34:20 0 d-------- C:\WINDOWS\msapps
2008-08-07 14:34:20 0 d-------- C:\WINDOWS\msagent
2008-08-07 14:34:20 0 d-------- C:\WINDOWS\Media
2008-08-07 14:34:20 0 d-------- C:\WINDOWS\java
2008-08-07 14:34:20 0 d--h----- C:\WINDOWS\inf
2008-08-07 14:34:20 0 d-------- C:\WINDOWS\ime
2008-08-07 14:34:20 0 d-------- C:\WINDOWS\Help
2008-08-07 14:34:20 0 dr--s---- C:\WINDOWS\Fonts
2008-08-07 14:34:20 0 d-------- C:\WINDOWS\ehome
2008-08-07 14:34:20 0 d-------- C:\WINDOWS\Driver Cache
2008-08-07 14:34:20 0 d-------- C:\WINDOWS\Debug
2008-08-07 14:34:20 0 d-------- C:\WINDOWS\Cursors
2008-08-07 14:34:20 0 d-------- C:\WINDOWS\Connection Wizard
2008-08-07 14:34:20 0 d-------- C:\WINDOWS\Config
2008-08-07 14:34:20 0 d-------- C:\WINDOWS\AppPatch
2008-08-07 14:34:20 0 d-------- C:\WINDOWS\addins
2008-08-07 14:03:51 0 d-------- C:\Program Files\Microsoft Works
2008-08-07 14:03:45 0 d-------- C:\Program Files\MSBuild
2008-08-07 14:00:58 0 d-------- C:\WINDOWS\SHELLNEW
2008-08-07 14:00:23 0 dr-h----- C:\MSOCache
2008-08-07 13:54:04 0 --a------ C:\WINDOWS\nsreg.dat
2008-08-07 13:50:54 0 d-------- C:\Program Files\Opera
2008-08-07 13:39:52 0 d-------- C:\WINDOWS\Prefetch
2008-08-07 13:38:15 0 d-------- C:\WINDOWS\system32\PreInstall
2008-08-07 13:38:14 0 d--h----- C:\WINDOWS\$hf_mig$
2008-08-07 13:35:39 0 d-------- C:\WINDOWS\system32\pl-pl
2008-08-07 13:35:38 0 d-------- C:\WINDOWS\system32\pl
2008-08-07 13:35:38 0 d-------- C:\WINDOWS\system32\bits
2008-08-07 13:35:38 0 d-------- C:\WINDOWS\l2schemas
2008-08-07 13:33:55 0 d-------- C:\WINDOWS\ServicePackFiles
2008-08-07 13:32:18 0 d-------- C:\WINDOWS\network diagnostic
2008-08-07 13:27:24 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-08-07 13:24:03 30336 --a------ C:\WINDOWS\system32\drivers\fpd.sys <Not Verified; Politecnico di Torino; NPF Driver>
2008-08-07 13:23:55 1056768 --a------ C:\WINDOWS\system32\ROBOEX32.DLL <Not Verified; Blue Sky Software Corporation.; RoboHELP Classic 2000>
2008-08-07 13:23:55 52214 --a------ C:\WINDOWS\system32\drivers\WrKPoET2000.sys
2008-08-07 13:23:53 0 d-------- C:\Program Files\DialNet
2008-08-07 13:19:47 0 d-------- C:\Program Files\Windows Media Connect 2
2008-08-07 13:19:05 0 d-------- C:\WINDOWS\system32\LogFiles
2008-08-07 13:19:05 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2008-08-07 13:16:21 0 d-------- C:\Program Files\Common Files\Adobe
2008-08-07 13:14:46 364544 -----n--- C:\WINDOWS\system32\TwnLib4.dll <Not Verified; Pegasus Imaging Corp.; TwnLib4>
2008-08-07 13:14:46 106496 --a------ C:\WINDOWS\system32\TwnLib20.dll <Not Verified; Pegasus Software; TWNLIB20>
2008-08-07 13:14:45 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe <Not Verified; Ahead Software Gmbh; Ahead Software Gmbh NeroCheck>
2008-08-07 13:14:45 471040 -----n--- C:\WINDOWS\system32\ImagXRA7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2008-08-07 13:14:45 262144 -----n--- C:\WINDOWS\system32\ImagXR7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2008-08-07 13:14:45 1568768 -----n--- C:\WINDOWS\system32\ImagX7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2008-08-07 13:14:44 0 d-------- C:\Program Files\Common Files\Ahead
2008-08-07 13:14:43 0 d-------- C:\Program Files\Ahead
2008-08-07 13:11:39 0 d-------- C:\Program Files\Java
2008-08-07 13:11:38 0 d-------- C:\Program Files\Common Files\Java
2008-08-07 13:11:00 0 d-------- C:\Program Files\IrfanView
2008-08-07 13:09:14 0 d-------- C:\Program Files\Google
2008-08-07 13:09:04 0 d-------- C:\Program Files\Skype
2008-08-07 13:09:04 0 d-------- C:\Program Files\Common Files\Skype
2008-08-07 13:08:15 0 d-------- C:\Program Files\Gadu-Gadu
2008-08-07 13:04:46 0 d-------- C:\Program Files\Alwil Software
2008-08-07 13:04:21 0 d-------- C:\Program Files\MarBit
2008-08-07 13:02:10 0 d-------- C:\Program Files\My Company Name
2008-08-07 13:01:15 0 d-------- C:\WINDOWS\nview
2008-08-07 12:59:16 0 d-------- C:\Program Files\XP Codec Pack
2008-08-07 12:53:09 0 d-------- C:\WINDOWS\system32\Lang
2008-08-07 12:52:13 49152 -r------- C:\WINDOWS\system32\ChCfg.exe
2008-08-07 12:52:02 0 d-------- C:\WINDOWS\system32\RTCOM
2008-08-07 12:51:44 0 d-------- C:\Program Files\Realtek
2008-08-07 12:51:43 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-08-07 12:51:42 315392 --a------ C:\WINDOWS\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>
2008-08-07 12:51:41 520192 -r------- C:\WINDOWS\RtlExUpd.dll <Not Verified; Realtek Semiconductor Corp.; RtlExUpd Dynamic Link Library>
2008-08-07 12:51:38 0 d-------- C:\Program Files\Common Files\InstallShield
2008-08-07 12:51:18 0 d-------- C:\Program Files\DIFX
2008-08-07 12:51:17 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-08-07 12:51:15 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-08-07 12:50:53 1732 --a------ C:\WINDOWS\system32\drivers\nvphy.bin
2008-08-07 12:48:38 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-08-07 12:48:35 0 d---s---- C:\WINDOWS\system32\Microsoft
2008-08-07 12:46:28 0 d-------- C:\WINDOWS\system32\xircom
2008-08-07 12:46:28 0 d-------- C:\Program Files\microsoft frontpage
2008-08-07 12:46:09 0 -rahs---- C:\MSDOS.SYS
2008-08-07 12:46:09 0 -rahs---- C:\IO.SYS
2008-08-07 12:46:09 0 --a------ C:\CONFIG.SYS
2008-08-07 12:46:09 0 --a------ C:\AUTOEXEC.BAT
2008-08-07 12:45:20 0 dr------- C:\WINDOWS\Offline Web Pages
2008-08-07 12:45:20 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-08-07 12:45:12 0 d--h----- C:\Program Files\WindowsUpdate
2008-08-07 12:45:10 0 d-------- C:\Program Files\Usługi online
2008-08-07 12:44:59 0 d-------- C:\WINDOWS\system32\DirectX
2008-08-07 12:44:35 0 d---s---- C:\WINDOWS\Tasks
2008-08-07 12:44:34 0 d-------- C:\Program Files\Common Files\MSSoap
2008-08-07 12:44:32 0 d-------- C:\WINDOWS\srchasst
2008-08-07 12:44:31 0 d-------- C:\WINDOWS\system32\Macromed
2008-08-07 12:44:26 0 d-------- C:\Program Files\Movie Maker
2008-08-07 12:44:21 0 d-------- C:\WINDOWS\system32\Restore
2008-08-07 12:43:53 21856 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-08-07 12:43:40 0 d-------- C:\WINDOWS\Registration
2008-08-07 12:43:30 0 d-------- C:\Program Files\Messenger
2008-08-07 12:43:27 0 d-------- C:\Program Files\MSN Gaming Zone
2008-08-07 12:43:07 0 d-------- C:\Program Files\Windows NT
2008-08-07 12:43:05 0 d-------- C:\WINDOWS\system32\MsDtc
2008-08-07 12:43:04 0 d-------- C:\WINDOWS\system32\Com
-- Find3M Report ---------------------------------------------------------------
2008-08-13 08:44:19 0 d-------- C:\Documents and Settings\darek\Dane aplikacji\Grisoft
2008-08-12 21:05:48 0 d-------- C:\Documents and Settings\darek\Dane aplikacji\Corel
2008-08-12 19:24:28 0 d-------- C:\Documents and Settings\darek\Dane aplikacji\Skype
2008-08-11 10:52:29 0 d-------- C:\Documents and Settings\darek\Dane aplikacji\Nokia
2008-08-11 10:52:27 0 d-------- C:\Documents and Settings\darek\Dane aplikacji\PC Suite
2008-08-08 17:24:20 0 d-------- C:\Documents and Settings\darek\Dane aplikacji\AdobeUM
2008-08-07 23:20:24 0 d-------- C:\Documents and Settings\darek\Dane aplikacji\Media Player Classic
2008-08-07 23:20:12 0 d-------- C:\Documents and Settings\darek\Dane aplikacji\Adobe
2008-08-07 14:39:37 62 --ahs---- C:\Documents and Settings\darek\Dane aplikacji\desktop.ini
2008-08-07 14:28:41 0 d-------- C:\Documents and Settings\darek\Dane aplikacji\WinRAR
2008-08-07 14:05:24 359178 --a------ C:\WINDOWS\system32\perfh015.dat
2008-08-07 14:05:24 50968 --a------ C:\WINDOWS\system32\perfc015.dat
2008-08-07 14:04:30 0 d-------- C:\Documents and Settings\darek\Dane aplikacji\Macromedia
2008-08-07 13:54:03 0 d-------- C:\Documents and Settings\darek\Dane aplikacji\Mozilla
2008-08-07 13:50:59 0 d-------- C:\Documents and Settings\darek\Dane aplikacji\Opera
2008-08-07 13:48:50 0 d-------- C:\Documents and Settings\darek\Dane aplikacji\Gadu-Gadu
2008-08-07 13:42:03 0 d-------- C:\Documents and Settings\darek\Dane aplikacji\Google
2008-08-07 13:11:45 0 d-------- C:\Documents and Settings\darek\Dane aplikacji\Sun
2008-08-07 12:50:48 0 d-------- C:\Documents and Settings\darek\Dane aplikacji\InstallShield
2008-08-07 12:49:19 0 d-------- C:\Documents and Settings\darek\Dane aplikacji\Identities
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
2008-08-12 17:49 62728 --a------ C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-09-03 09:52 C:\WINDOWS\RTHDCPL.exe]
"Alcmtr"="ALCMTR.EXE" [2005-05-03 12:43 C:\WINDOWS\Alcmtr.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-04-11 11:33]
"nwiz"="nwiz.exe" [2008-04-11 11:33 C:\WINDOWS\system32\nwiz.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe" [2004-06-03 22:05]
"a-winpoet-service"="C:\Program Files\DialNet\winpppoverethernet.exe" [2007-07-06 08:40]
"@"="C:\PROGRA~1\DialNet\FPLICE~1.exe" [2007-07-04 16:27]
"z-WrDialer"="C:\Program Files\DialNet\wrdialer.exe" [2007-07-11 17:11]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-04-25 18:21]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 22:51]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc
*Newly Created Service* - AVGASCLN
-- End of Deckard's System Scanner: finished at 2008-08-13 09:26:53 ------------
Są już oba...
-
kalcyt13 - ~user
- Posty: 684
- Dołączenie: 08 Sty 2006, 12:02
- Miejscowość: Dolny Śląsk
-
Trojan mnie dopadł
przez djarta 13 Sie 2008, 09:32
Pobierz ---> The Avenger (jeśli już masz to nie pobieraj)
Wklej do niego ten tekst:
Kopiujesz - klikasz na Paste Script from Clipboard - Execute - Potwierdzasz i zgadzasz się na restart klikając OK.
Po wykonaniu skasuj z dysku plik: C:\Avenger\backup.zip i wklej raport na forum C:\avenger.txt
Potem:
Daj log z ----> System Repair Engineer (niżej na stronie linku),przepraszam za linkowanie...
==================================
K.
Wklej do niego ten tekst:
- Kod: Zaznacz wszystko
Files to delete:
C:\WINDOWS\system32\tmp.reg
C:\WINDOWS\system32\WS2Fix.exe
C:\WINDOWS\system32\VCCLSID.exe
C:\WINDOWS\system32\VACFix.exe
C:\WINDOWS\system32\SrchSTS.exe
C:\WINDOWS\system32\Process.exe
C:\WINDOWS\system32\IEDFix.exe
C:\WINDOWS\system32\dumphive.exe
C:\WINDOWS\system32\404Fix.exe
Kopiujesz - klikasz na Paste Script from Clipboard - Execute - Potwierdzasz i zgadzasz się na restart klikając OK.
Po wykonaniu skasuj z dysku plik: C:\Avenger\backup.zip i wklej raport na forum C:\avenger.txt
Potem:
Daj log z ----> System Repair Engineer (niżej na stronie linku),przepraszam za linkowanie...
==================================
K.
Pozdrawiam djarta. 
- djarta
- ~user
- Posty: 684
- Dołączenie: 31 Lip 2008, 10:49
- Pochwały: 55
-
Trojan mnie dopadł
przez kalcyt13 13 Sie 2008, 09:39
- Kod: Zaznacz wszystko
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
File "C:\WINDOWS\system32\tmp.reg" deleted successfully.
File "C:\WINDOWS\system32\WS2Fix.exe" deleted successfully.
File "C:\WINDOWS\system32\VCCLSID.exe" deleted successfully.
File "C:\WINDOWS\system32\VACFix.exe" deleted successfully.
File "C:\WINDOWS\system32\SrchSTS.exe" deleted successfully.
File "C:\WINDOWS\system32\Process.exe" deleted successfully.
File "C:\WINDOWS\system32\IEDFix.exe" deleted successfully.
File "C:\WINDOWS\system32\dumphive.exe" deleted successfully.
File "C:\WINDOWS\system32\404Fix.exe" deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
Dodano 13.08.2008 08:42:32:
System Repair Engineer nie daje się ściągnąć z tego linku
-
kalcyt13 - ~user
- Posty: 684
- Dołączenie: 08 Sty 2006, 12:02
- Miejscowość: Dolny Śląsk
-
Trojan mnie dopadł
przez djarta 13 Sie 2008, 09:46
A stąd ----> http://www.searchengines.pl/index.php?showtopic=13280&st=0&p=397093&#entry397093 (niżej na stronie)
Sorry za linkowanie.
Sorry za linkowanie.
Pozdrawiam djarta.
- djarta
- ~user
- Posty: 684
- Dołączenie: 31 Lip 2008, 10:49
- Pochwały: 55
-
Trojan mnie dopadł
przez kalcyt13 13 Sie 2008, 09:51
Znalazłem inny link w międzyczasie. Oto on:
- Kod: Zaznacz wszystko
2008-08-13,09:47:23
System Repair Engineer 2.6.12.1018
Smallfrogs (http://www.KZTechs.com)
Windows XP Professional Dodatek Service Pack 3 (Build 2600) - Administrative User - Completed Functions Allowed
[code]Follow item(s) have been selected:
All Boot Items (Including Registry, Startup Folders, Services and so on)
Browser Add-ons
Running Processes (Including process model information)
File Associations
Winsock Provider
Autorun.Inf
HOSTS File
Process Privileges Scan
Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<RTHDCPL><RTHDCPL.EXE> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<Alcmtr><ALCMTR.EXE> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup> [NVIDIA Corporation]
<nwiz><nwiz.exe /install> []
<SunJavaUpdateSched><C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe> []
<a-winpoet-service><"C:\Program Files\DialNet\winpppoverethernet.exe"> [Fine Point Technologies, Inc.]
<><"C:\PROGRA~1\DialNet\FPLICE~1.EXE zhimakaimen//WINPOET_QUITTING_EVENT"> [File is missing]
<z-WrDialer><"C:\Program Files\DialNet\wrdialer.exe"> [Fine Point Technologies, Inc.]
<GrooveMonitor><"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"> [(Verified)Microsoft Corporation]
<AVP><"C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"> [(Verified)Kaspersky Lab]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows Component Publisher]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Component Publisher]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{B5A7F190-DDA6-4420-B3BA-52453494E6CD}><C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL> [(Verified)Microsoft Corporation]
<{57B86673-276A-48B2-BAE7-C6DBB3020EB8}><C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll> [(Verified)GRISOFT LTD]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
<WinlogonNotify: klogon><C:\WINDOWS\system32\klogon.dll> [(Verified)Kaspersky Lab]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<Książka adresowa 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<!AVG Anti-Spyware><; "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized> [(Verified)GRISOFT LTD]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><; C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<NeroFilterCheck><; C:\WINDOWS\system32\NeroCheck.exe> [Ahead Software Gmbh]
<NvMediaCenter><; RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit> [NVIDIA Corporation]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<Skype><; "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized> [(Verified)Skype Technologies SA]
==================================
Startup Folders
N/A
==================================
Services
[avast! Antivirus / avast! Antivirus][Stopped/Auto Start]
<"C:\Program Files\Alwil Software\Avast4\ashServ.exe"><(File is missing)>
[AVG Anti-Spyware Guard / AVG Anti-Spyware Guard][Running/Auto Start]
<C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe><GRISOFT s.r.o.>
[Kaspersky Internet Security / AVP][Running/Auto Start]
<"C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" -r><Kaspersky Lab>
[Google Updater Service / gusvc][Stopped/Manual Start]
<"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google>
[Dostęp do urządzeń interfejsu HID / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[InstallDriver Table Manager / IDriverT][Stopped/Manual Start]
<"C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"><Macrovision Corporation>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
<C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[O&O Defrag / O&O Defrag][Running/Auto Start]
<C:\WINDOWS\system32\oodag.exe><O&O Software GmbH>
[ServiceLayer / ServiceLayer][Stopped/Manual Start]
<"C:\Program Files\PC Connectivity Solution\ServiceLayer.exe"><Nokia.>
[Ulead Burning Helper / UleadBurningHelper][Running/Auto Start]
<C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe><Ulead Systems, Inc.>
[WinPPPoverEthernet / WinPPPoverEthernet][Running/Auto Start]
<C:\Program Files\DialNet\WrOS.EXE><Fine Point Technologies, Inc.>
==================================
Drivers
[Sterownik procesora AMD / AmdK8][Running/System Start]
<system32\DRIVERS\AmdK8.sys><Advanced Micro Devices>
[AVG Anti-Spyware Driver / AVG Anti-Spyware Driver][Running/System Start]
<\??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys><N/A>
[AVG Anti-Spyware Clean Driver / AvgAsCln][Running/System Start]
<System32\DRIVERS\AvgAsCln.sys><GRISOFT, s.r.o.>
[WinFast CX2388x WDM Video Capture. / CX23880][Running/Auto Start]
<system32\drivers\cx88vid.sys><Leadtek Research Inc.>
[WinFast CX2388x WDM Crossbar. / CXAVXBAR][Running/Auto Start]
<system32\drivers\cxavxbar.sys><Leadtek Research Inc.>
[WinFast CX2388x WDM TVTuner. / CXTUNE][Running/Auto Start]
<system32\drivers\CX88TUNE.sys><Leadtek Research Inc.>
[Fine Point Packet Service / FPD][Running/Manual Start]
<\??\C:\WINDOWS\system32\drivers\fpd.sys><Politecnico di Torino>
[gdrv / gdrv][Stopped/Manual Start]
<\??\C:\WINDOWS\gdrv.sys><Windows (R) 2000 DDK provider>
[Sterownik magistrali Microsoft UAA dla High Definition Audio / HDAudBus][Running/Manual Start]
<system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Running/Manual Start]
<system32\drivers\RtkHDAud.sys><Realtek Semiconductor Corp.>
[kl1 / kl1][Running/Boot Start]
<\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab>
[Kaspersky Lab Boot Guard Driver / klbg][Running/Boot Start]
<\SystemRoot\system32\drivers\klbg.sys><Kaspersky Lab>
[Kaspersky Lab KLFltDev / KLFLTDEV][Running/Manual Start]
<system32\DRIVERS\klfltdev.sys><Kaspersky Lab>
[Kaspersky Lab Driver / KLIF][Running/System Start]
<system32\DRIVERS\klif.sys><Kaspersky Lab>
[Kaspersky Anti-Virus NDIS Filter / klim5][Running/Manual Start]
<system32\DRIVERS\klim5.sys><Kaspersky Lab>
[Nokia USB Phone Parent / nmwcd][Stopped/Manual Start]
<system32\drivers\ccdcmb.sys><Nokia>
[Nokia USB Generic / nmwcdc][Stopped/Manual Start]
<system32\drivers\ccdcmbo.sys><Nokia>
[nv / nv][Running/Manual Start]
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[NVIDIA nForce Networking Controller Driver / NVENETFD][Running/Manual Start]
<system32\DRIVERS\NVENETFD.sys><NVIDIA Corporation>
[NVIDIA Network Bus Enumerator / nvnetbus][Running/Manual Start]
<system32\DRIVERS\nvnetbus.sys><NVIDIA Corporation>
[PCCS Mode Change Filter Driver / pccsmcfd][Stopped/Manual Start]
<system32\DRIVERS\pccsmcfd.sys><Nokia>
[Sterownik bezpośredniego połączenia kablowego / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[WinPoET PPPoE Optimized Driver / TopWinPoETDriver][Running/Auto Start]
<system32\DRIVERS\WrKPoET2000.sys><N/A>
[upperdev / upperdev][Stopped/Manual Start]
<system32\DRIVERS\usbser_lowerflt.sys><Windows (R) Codename Longhorn DDK provider>
[UsbserFilt / UsbserFilt][Stopped/Manual Start]
<system32\DRIVERS\usbser_lowerfltj.sys><Windows (R) Codename Longhorn DDK provider>
[WFIOCTL / WFIOCTL][Stopped/Manual Start]
<\??\C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS><Leadtek Research Inc.>
[WrKPoET2000 / WrKPoET2000][Running/Manual Start]
<\??\C:\Program Files\DialNet\WrKPoET2000.sys><N/A>
[WinPoET PPPoE Adapter / WRSWanDD][Running/Manual Start]
<system32\DRIVERS\WrKPoETNic2000.sys><N/A>
==================================
Browser Add-ons
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, (Signed) Adobe Systems Incorporated>
[Skype add-on (mastermind)]
{22BF413B-C6D2-4d91-82A9-A0F997BA588C} <C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll, (Signed) Skype Technologies S.A.>
[IEVkbdBHO Class]
{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} <C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll, (Signed) Kaspersky Lab>
[Groove GFS Browser Helper]
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} <C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL, (Signed) Microsoft Corporation>
[Google Toolbar Helper]
{AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar1.dll, (Signed) Google Inc.>
[]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} <, >
[Statystyki ochrony WWW]
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll, (Signed) Kaspersky Lab>
[Send to OneNote from Internet Explorer button]
{2670000A-7350-4f3c-8081-5663EE0C6C49} <C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll, (Signed) Microsoft Corporation>
[Skype add-on (button)]
{77BF5300-1474-4EC7-9980-D32B190E9B07} <C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll, (Signed) Skype Technologies S.A.>
[&Poszukaj]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL, (Signed) Microsoft Corporation>
[]
{e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, (Signed) N/A>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, (Signed) Microsoft Corporation>
[&Google]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar1.dll, (Signed) Google Inc.>
[CKAVWebScan Object]
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} <C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll, Kaspersky Lab>
[Java Plug-in 1.4.2_05]
{8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll, JavaSoft / Sun Microsystems, Inc.>
[Java Plug-in 1.4.2_05]
{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} <C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll, JavaSoft / Sun Microsystems, Inc.>
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, (Signed) Adobe Systems Incorporated>
[]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} <, >
[CKAVWebScan Object]
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} <C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll, Kaspersky Lab>
[]
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <, >
[Skype add-on (mastermind)]
{22BF413B-C6D2-4D91-82A9-A0F997BA588C} <C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll, (Signed) Skype Technologies S.A.>
[&Google]
{2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar1.dll, (Signed) Google Inc.>
[]
{2670000A-7350-4F3C-8081-5663EE0C6C49} <, >
[Microsoft Terminal Services Client Control (redist)]
{4eb89ff4-7f78-4a0f-8b8d-2bf02e94e4b2} <%systemroot%\system32\mstscax.dll, (Signed) N/A>
[Microsoft Terminal Services Client Control (redist)]
{4EDCB26C-D24C-4e72-AF07-B576699AC0DE} <%systemroot%\system32\mstscax.dll, (Signed) N/A>
[IEVkbdBHO Class]
{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} <C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll, (Signed) Kaspersky Lab>
[CKAVReportCtrl Object]
{6117669B-8C2D-41FA-A6D9-9E484B999CF0} <C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll, Kaspersky Lab>
[Groove GFS Browser Helper]
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} <C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL, (Signed) Microsoft Corporation>
[Microsoft Terminal Services Client Control (redist)]
{7390f3d8-0439-4c05-91e3-cf5cb290c3d0} <%systemroot%\system32\mstscax.dll, (Signed) N/A>
[Microsoft Terminal Services Client Control (redist)]
{7584c670-2274-4efb-b00b-d6aaba6d3850} <%systemroot%\system32\mstscax.dll, (Signed) N/A>
[Skype add-on (button)]
{77BF5300-1474-4EC7-9980-D32B190E9B07} <C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll, (Signed) Skype Technologies S.A.>
[Microsoft Terminal Services Client Control (redist)]
{9059f30f-4eb1-4bd2-9fdc-36f43a218f4a} <%systemroot%\system32\mstscax.dll, (Signed) N/A>
[]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} <, >
[Google Toolbar Helper]
{AA58ED58-01DD-4D91-8333-CF10577473F7} <c:\program files\google\googletoolbar1.dll, (Signed) Google Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash6.ocx, (Signed) Macromedia, Inc.>
[]
{E2E2DD38-D088-4134-82B7-F2BA38496583} <, >
[]
{FB5F1910-F110-11D2-BB9E-00C04F795683} <, >
[Dodaj do listy blokowanych banerów]
<C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm, N/A>
[E&ksportuj do programu Microsoft Excel]
<res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000, N/A>
==================================
Running Processes
[PID: 952 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 1008 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 1032 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
[C:\WINDOWS\system32\klogon.dll] [Kaspersky Lab, 8.0.0.357]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1076 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\WINDOWS\AppPatch\AcAdProc.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
[PID: 1088 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
[PID: 1264 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 1312 / USŁUGA SIECIOWA][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 1436 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\WINDOWS\system32\wups2.dll] [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
[PID: 1476 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[c:\windows\system32\wudfsvc.dll] [Microsoft Corporation, 6.0.5730.0 (winmain.060915-1845)]
[c:\windows\system32\WUDFPlatform.dll] [Microsoft Corporation, 6.0.5730.0 (winmain.060915-1845)]
[PID: 1624 / USŁUGA LOKALNA][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 1836 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)]
[C:\WINDOWS\system32\CNMLM66.DLL] [CANON INC., 1.80.2.70]
[C:\WINDOWS\system32\msonpmon.dll] [Microsoft Corporation, 12.3.4518.1014]
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\CNMPD66.DLL] [CANON INC., 1.80.2.70]
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\msonpppr.dll] [Microsoft Corporation, 12.3.4518.1014]
[PID: 204 / darek][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL] [Microsoft Corporation, 12.0.4518.1014]
[C:\PROGRA~1\MICROS~2\Office12\GrooveUtil.DLL] [Microsoft Corporation, 12.0.4518.1014]
[C:\PROGRA~1\MICROS~2\Office12\GrooveNew.DLL] [Microsoft Corporation, 12.0.4518.1014]
[C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL] [Microsoft Corporation, 12.0.4518.1014]
[C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll] [GRISOFT s.r.o., 7, 5, 1, 36]
[C:\WINDOWS\system32\WPDShServiceObj.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[E:\PROGRAMY DAREK\Nokia PC Suite 7\phonebrowser.dll] [Nokia, 7, 0, 103, 0]
[E:\PROGRAMY DAREK\Nokia PC Suite 7\NGSCM.DLL] [Nokia, 7, 0, 140, 6]
[E:\PROGRAMY DAREK\Nokia PC Suite 7\Lang\PhoneBrowser_pol.nlr] [Nokia, 7, 0, 64, 0]
[E:\PROGRAMY DAREK\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr] [Nokia, 7, 0, 20, 0]
[C:\WINDOWS\system32\PortableDeviceTypes.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[C:\WINDOWS\system32\PortableDeviceApi.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\PROGRA~1\MICROS~2\Office12\GR326C~1.DLL] [Microsoft Corporation, 12.0.4518.1014]
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 7.0.0.2004121400]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Microsoft Office\Office12\1045\GrooveIntlResource.dll] [Microsoft Corporation, 12.0.4518.1014]
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 7.0.0.0]
[C:\WINDOWS\system32\nvcpl.dll] [NVIDIA Corporation, 6.14.11.7488]
[C:\WINDOWS\system32\NVRSPL.DLL] [NVIDIA Corporation, 6.14.11.7488]
[C:\WINDOWS\system32\nvapi.dll] [NVIDIA Corporation, 6.14.11.7488]
[C:\WINDOWS\system32\nvshell.dll] [, ]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\prremote.dll] [Kaspersky Lab, 8.0.0.357]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\prloader.dll] [Kaspersky Lab, 8.0.0.357]
[PID: 472 / darek][C:\WINDOWS\RTHDCPL.EXE] [Realtek Semiconductor Corp., 2.1.5.5]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 508 / darek][C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe] [N/A, ]
[PID: 512 / darek][C:\Program Files\DialNet\winpppoverethernet.exe] [Fine Point Technologies, Inc., 7.2.0.0]
[C:\Program Files\DialNet\WrOSControl.dll] [N/A, ]
[C:\Program Files\DialNet\WrFCUtil.dll] [N/A, ]
[C:\Program Files\DialNet\WrEventLog.dll] [N/A, ]
[C:\Program Files\DialNet\WrRTUtil.dll] [N/A, ]
[C:\Program Files\DialNet\WrInterfaceManager.dll] [N/A, ]
[C:\Program Files\DialNet\WrConfig.dll] [N/A, ]
[C:\Program Files\DialNet\WrSetupUtils.dll] [Fine Point Technologies, Inc., 1, 0, 0, 1]
[C:\Program Files\DialNet\libxml2.dll] [N/A, ]
[C:\Program Files\DialNet\iconv.dll] [N/A, ]
[C:\Program Files\DialNet\packet.dll] [Politecnico di Torino, 3, 0, 0, 18]
[C:\Program Files\DialNet\WinPoETControl.DLL] [N/A, ]
[C:\Program Files\DialNet\PacketsDump.dll] [N/A, ]
[C:\Program Files\DialNet\wpcap.dll] [Politecnico di Torino, 3, 0, 0, 18]
[C:\Program Files\DialNet\pthreadVC.dll] [N/A, ]
[PID: 536 / darek][C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe] [Microsoft Corporation, 12.0.4518.1014]
[C:\Program Files\Microsoft Office\Office12\GrooveUtil.DLL] [Microsoft Corporation, 12.0.4518.1014]
[C:\Program Files\Microsoft Office\Office12\GrooveNew.DLL] [Microsoft Corporation, 12.0.4518.1014]
[C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL] [Microsoft Corporation, 12.0.4518.1014]
[C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL] [Microsoft Corporation, 12.0.4518.1014]
[PID: 556 / darek][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
[PID: 1804 / SYSTEM][C:\WINDOWS\system32\nvsvc32.exe] [NVIDIA Corporation, 6.14.11.7488]
[C:\WINDOWS\system32\nvapi.dll] [NVIDIA Corporation, 6.14.11.7488]
[PID: 1920 / SYSTEM][C:\WINDOWS\system32\oodag.exe] [O&O Software GmbH, 10.0.1634]
[C:\WINDOWS\system32\OODAGRS.DLL] [O&O Software GmbH, 10.0.1.1617]
[PID: 1712 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 1536 / SYSTEM][C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe] [Ulead Systems, Inc., 1, 0, 0, 4]
[PID: 2060 / SYSTEM][C:\Program Files\DialNet\WrOS.EXE] [Fine Point Technologies, Inc., 1, 0, 0, 1]
[C:\Program Files\DialNet\WrOSControl.dll] [N/A, ]
[C:\Program Files\DialNet\WrFCUtil.dll] [N/A, ]
[C:\Program Files\DialNet\WrEventLog.dll] [N/A, ]
[C:\Program Files\DialNet\WrRTUtil.dll] [N/A, ]
[C:\Program Files\DialNet\WrInterfaceManager.dll] [N/A, ]
[C:\Program Files\DialNet\WrConfig.dll] [N/A, ]
[C:\Program Files\DialNet\WrNetworkDriver.dll] [N/A, ]
[C:\Program Files\DialNet\Wr_Mac_Frames.DLL] [N/A, ]
[C:\Program Files\DialNet\WrPoetDriver.DLL] [N/A, ]
[C:\Program Files\DialNet\WrPacketSock.dll] [N/A, ]
[PID: 2064 / USŁUGA LOKALNA][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)]
[PID: 2568 / darek][C:\Program Files\Mozilla Firefox\firefox.exe] [Mozilla Corporation, 1.9.0.1]
[C:\Program Files\Mozilla Firefox\xul.dll] [Mozilla Foundation, 1.9.0.1]
[C:\Program Files\Mozilla Firefox\sqlite3.dll] [sqlite.org, 3.5.9]
[C:\Program Files\Mozilla Firefox\MOZCRT19.dll] [Mozilla Foundation, 8.00.0000]
[C:\Program Files\Mozilla Firefox\js3250.dll] [Netscape Communications Corporation, 4.0]
[C:\Program Files\Mozilla Firefox\nspr4.dll] [Mozilla Foundation, 4.7.1]
[C:\Program Files\Mozilla Firefox\smime3.dll] [Mozilla Foundation, 3.12.0.3 Basic ECC]
[C:\Program Files\Mozilla Firefox\nss3.dll] [Mozilla Foundation, 3.12.0.3 Basic ECC]
[C:\Program Files\Mozilla Firefox\nssutil3.dll] [Mozilla Foundation, 3.12.0.3 Basic ECC]
[C:\Program Files\Mozilla Firefox\plc4.dll] [Mozilla Foundation, 4.7.1]
[C:\Program Files\Mozilla Firefox\plds4.dll] [Mozilla Foundation, 4.7.1]
[C:\Program Files\Mozilla Firefox\ssl3.dll] [Mozilla Foundation, 3.12.0.3 Basic ECC]
[C:\Program Files\Mozilla Firefox\xpcom.dll] [Mozilla Foundation, 1.9.0.1]
[C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll] [Mozilla Foundation, 1.9.0.1]
[C:\Program Files\Mozilla Firefox\softokn3.dll] [Mozilla Foundation, 3.12.0.3 Basic ECC]
[C:\Program Files\Mozilla Firefox\nssdbm3.dll] [Mozilla Foundation, 3.12.0.3 Basic ECC]
[C:\Program Files\Mozilla Firefox\freebl3.dll] [Mozilla Foundation, 3.12.0.3 Basic ECC]
[C:\Program Files\Mozilla Firefox\nssckbi.dll] [Mozilla Foundation, 1.70]
[C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll] [Mozilla Foundation, 1.9.0.1]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL] [Microsoft Corporation, 12.0.4518.1014]
[C:\PROGRA~1\MICROS~2\Office12\GrooveUtil.DLL] [Microsoft Corporation, 12.0.4518.1014]
[C:\PROGRA~1\MICROS~2\Office12\GrooveNew.DLL] [Microsoft Corporation, 12.0.4518.1014]
[C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL] [Microsoft Corporation, 12.0.4518.1014]
[C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll] [GRISOFT s.r.o., 7, 5, 1, 36]
[PID: 2032 / darek][E:\POBIERANIE PLIKÓW\SREngLdr.EXE] [Smallfrogs Studio, 2.6.12.1018]
[PID: 2412 / darek][E:\POBIERANIE PLIKÓW\SRE6d7d34bb.EXE] [Smallfrogs Studio, 2.6.12.1018]
[E:\POBIERANIE PLIKÓW\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]
==================================
File Associations
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock Provider
N/A
==================================
Autorun.Inf
N/A
==================================
HOSTS File
127.0.0.1 localhost
==================================
Process Privileges Scan
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 508, C:\PROGRAM FILES\JAVA\J2RE1.4.2_05\BIN\JUSCHED.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 512, C:\PROGRAM FILES\DIALNET\WINPPPOVERETHERNET.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 1804, C:\WINDOWS\SYSTEM32\NVSVC32.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 2032, E:\POBIERANIE PLIKÓW\SRENGLDR.EXE]
==================================
API HOOK
N/A
==================================
Hidden Process
N/A
==================================
[/CODE]
-
kalcyt13 - ~user
- Posty: 684
- Dołączenie: 08 Sty 2006, 12:02
- Miejscowość: Dolny Śląsk
-
Trojan mnie dopadł
przez djarta 13 Sie 2008, 15:21
Sorry,że dopiero teraz.
Usuń to z rejestru.
W usługach usuń.
Uruchom System Repair Engineer zakładka System Repair >> Browser Add-ons >> odszukaj i usuń.
Potem nowy log z System Repair Engineer.
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"nwiz"=-
"SunJavaUpdateSched"=-
Usuń to z rejestru.
[avast! Antivirus / avast! Antivirus][Stopped/Auto Start]
<"C:\Program Files\Alwil Software\Avast4\ashServ.exe"><(File is missing)>
W usługach usuń.
Uruchom System Repair Engineer zakładka System Repair >> Browser Add-ons >> odszukaj i usuń.
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}
{2670000A-7350-4F3C-8081-5663EE0C6C49}
{92780B25-18CC-41C8-B9BE-3C9C571A8263}
{E2E2DD38-D088-4134-82B7-F2BA38496583}
{FB5F1910-F110-11D2-BB9E-00C04F795683}
Potem nowy log z System Repair Engineer.
Pozdrawiam djarta.
- djarta
- ~user
- Posty: 684
- Dołączenie: 31 Lip 2008, 10:49
- Pochwały: 55
-
Trojan mnie dopadł
przez kalcyt13 13 Sie 2008, 19:06
Sorki,dopiero wróciłem. Jak się usuwa w usługach, bo nie wiem...
-
kalcyt13 - ~user
- Posty: 684
- Dołączenie: 08 Sty 2006, 12:02
- Miejscowość: Dolny Śląsk
-
Trojan mnie dopadł
przez Okocza 13 Sie 2008, 19:27
wejdź w cmd i wpisz (po każdym enter)
sc stop ashServ
sc delete ashServ
sc stop ashServ
sc delete ashServ
eMachines E730G - Core i5-430M, 2GiB RAM, ATI Mobility Radeon HD5470, WD 320GiB; Cort Z-44,DR 0.09-0.42, Peavey Backstage
Mac OS X 10.7.4 Lion // Windows 7 Professional x64 // NIE POMAGAM NA PW/GG/E-MAIL
"Moje Ego i Anima spotykają się i wymieniają przepisami na ciasteczka" - Maynard James Keenan
Mac OS X 10.7.4 Lion // Windows 7 Professional x64 // NIE POMAGAM NA PW/GG/E-MAIL
"Moje Ego i Anima spotykają się i wymieniają przepisami na ciasteczka" - Maynard James Keenan
-
Okocza - ~user
- Posty: 8001
- Dołączenie: 19 Mar 2006, 11:53
- Pochwały: 406
-
Trojan mnie dopadł
przez kalcyt13 13 Sie 2008, 19:28
Sorki. Po każdym np. sc ENTER itd, czy po każdej " linijce"?
-
kalcyt13 - ~user
- Posty: 684
- Dołączenie: 08 Sty 2006, 12:02
- Miejscowość: Dolny Śląsk
-
Trojan mnie dopadł
przez Okocza 13 Sie 2008, 19:31
Po każdej linijce.........
Piszcie tylko na temat, jak masz jakieś pytanie bo nie wiesz jak się robi to pisz PW
edit by Magik
jak w tym topicku będą sie pojawiać rozmówki nt. teraz nie mogę ale może później, kawka bedzie za pół h itd........to obaj Panowei jak kalcyt i djarta stracą miejsce do pisania swej twórczośći...bynajmniej w tym topicku a co niektórzy na całym forum
EOT
Piszcie tylko na temat, jak masz jakieś pytanie bo nie wiesz jak się robi to pisz PW
edit by Magik
jak w tym topicku będą sie pojawiać rozmówki nt. teraz nie mogę ale może później, kawka bedzie za pół h itd........to obaj Panowei jak kalcyt i djarta stracą miejsce do pisania swej twórczośći...bynajmniej w tym topicku a co niektórzy na całym forum
EOT
eMachines E730G - Core i5-430M, 2GiB RAM, ATI Mobility Radeon HD5470, WD 320GiB; Cort Z-44,DR 0.09-0.42, Peavey Backstage
Mac OS X 10.7.4 Lion // Windows 7 Professional x64 // NIE POMAGAM NA PW/GG/E-MAIL
"Moje Ego i Anima spotykają się i wymieniają przepisami na ciasteczka" - Maynard James Keenan
Mac OS X 10.7.4 Lion // Windows 7 Professional x64 // NIE POMAGAM NA PW/GG/E-MAIL
"Moje Ego i Anima spotykają się i wymieniają przepisami na ciasteczka" - Maynard James Keenan
-
Okocza - ~user
- Posty: 8001
- Dołączenie: 19 Mar 2006, 11:53
- Pochwały: 406
-
52 posty(ów) • Strona 3 z 3 • 1, 2, 3
Kto jest na forum
Użytkownicy przeglądający to forum: Brak zarejestrowanych użytkowników oraz 7 gości