trojan, rookit, zapchane łącze.

**Posty:** 93 · przez **andig** 04 Lis 2007, 15:02

Mam zapychane łącze i to w sumie dość dziwnie, bo nie ciągle, tylko co jakiś czas są wysyłane tak jakby paczki. Przez to mam więcej wysłanych niż odebranych albo na równi. Skanowałem różnymi programami, został mi już tylko avast. Żaden nie wykrył trojana i rookita poza Spy Sweeperem, a ten dziad okazał się bublem, bo wersja testowa, którą z ciągnąłem z programosów, nie ma opcji usuwania czego znajdzie

. Proszę o pomoc.
Log z HiJackThis, Silent Runners i Gmera.

**Posty:** 7838 · przez **Lukesh** 04 Lis 2007, 15:08

Zastosuj sie do wskazowek z tematu: http://forum.programosy.pl/bad-generic-host-process-for-win32-services-vt79489.html
:arrow:

Zrob skan on-line www.ewido.com
:arrow:

Pokaz log z ComboFix: http://www.programosy.pl/program,combofix.html
:arrow:

na sam koniec wstaw CALE logi wg opisu: http://forum.programosy.pl/hijackthis-amp-silent-runners-gtobsuga-i-umieszczanie-vt9452.html

**Posty:** 93 · przez **andig** 04 Lis 2007, 18:20

Kod: Zaznacz wszystko: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:32:25, on 2007-11-06 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe E:\Programy\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Bonjour\mDNSResponder.exe E:\Programy\MSI\bin\btwdins.exe E:\Programy\Nero\Nero 8\InCD\InCDsrv.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\VNICMon.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe E:\Programy\Nero\Nero 8\Nero BackItUp\NBService.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe E:\Programy\MSI\BTTray.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe E:\Programy\A4Tech\Mouse\Amoumain.exe C:\Program Files\Cyberlink\Shared Files\RichVideo.exe C:\WINDOWS\System32\svchost.exe E:\Programy\Spy Sweeper\SpySweeper.exe E:\Programy\A4Tech\Keyboard\Ikeymain.exe E:\Programy\StyleXp\CursorXP.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\Program Files\iPod\bin\iPodService.exe E:\Programy\uTorrent\uTorrent.exe E:\Programy\Opera\Opera.exe C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Documents and Settings\ADMIN\Pulpit\Programy\Drużyna odsyfiania\HijackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Programy\Adobe Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Flashget Catch Url Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - E:\Programy\FlashGet\jccatch.dll O2 - BHO: BitComet Helper - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - E:\Programy\BitComet\tools\BitCometBHO_1.1.8.30.dll (file missing) O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MegauploadToolbar\megauploadtoolbar.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: CoTGT_BHO Class - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - E:\Programy\FlashGet\getflash.dll O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - E:\Programy\FlashGet\fgiebar.dll O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MegauploadToolbar\megauploadtoolbar.dll O4 - HKLM\..\Run: [NIC Monitor] VNICMon.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Tray Temperature] F:\Program Files\AWS\MiniBug.exe 1 O4 - HKLM\..\Run: [QuickTime Task] "E:\Programy\Quick Time\QTTask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" O4 - HKLM\..\Run: [NBKeyScan] "E:\Programy\Nero\Nero 8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [NETIANET] "C:\Program Files\Netia\Net\netianet.exe" -auto O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [CloneCDTray] "E:\Programy\CloneCD\CloneCDTray.exe" /s O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-19\..\Run: [NETIANET] C:\Program Files\Netia\Net\netianet.exe (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: Amoumain.lnk = E:\Programy\A4Tech\Mouse\Amoumain.exe O4 - Startup: cursor.CurXPTheme O4 - Startup: Ikeymain.lnk = E:\Programy\A4Tech\Keyboard\Ikeymain.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Programy\Adobe Reader\Reader\reader_sl.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O4 - Global Startup: Kalendarz XP.lnk = E:\Programy\Kalendarz XP\Kalendarz.exe O8 - Extra context menu item: &D&ownload &with BitComet - res://E:\Programy\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://E:\Programy\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://E:\Programy\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet'a - E:\Programy\FlashGet\jc_link.htm O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet'a - E:\Programy\FlashGet\jc_all.htm O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Wyślij do interfejsu &Bluetooth - E:\Programy\MSI\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - E:\Programy\BitComet\tools\BitCometBHO_1.1.8.30.dll (file missing) O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Programy\MSI\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Programy\MSI\btsendto_ie.htm O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\Programy\FlashGet\flashget.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\Programy\FlashGet\flashget.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O15 - Trusted Zone: http://bezpieczenstwo.onet.pl O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://bezpieczenstwo.onet.pl/skaner/ArcaOnline.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{442584D8-2591-414A-8BC1-556222A46283}: NameServer = 213.241.79.37 83.238.255.76 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - E:\Programy\AVG Anti-Spyware 7.5\guard.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - E:\Programy\MSI\bin\btwdins.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - E:\Programy\Nero\Nero 8\InCD\InCDsrv.exe O23 - Service: Usługa iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - E:\Programy\Nero\Nero 8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared Files\RichVideo.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe O23 - Service: Creative VF0010 RunApp Service (VF0010Srv) - Unknown owner - h:\drivers\english\V0010bSv.exe (file missing) O23 - Service: Visual Studio Analyzer RPC bridge - Unknown owner - E:\Nauka\Visual Basic 6.0\Tools\VS-Ent98\Vanalyzr\varpc.exe (file missing) O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - E:\Programy\Spy Sweeper\SpySweeper.exe -- End of file - 11275 bytes

Kod: Zaznacz wszystko: "Silent Runners.vbs", revision 46, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = ""C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"" ["Nero AG"] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "NIC Monitor" = "VNICMon.exe" [empty string] "avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" ["ALWIL Software"] "Tray Temperature" = "F:\Program Files\AWS\MiniBug.exe 1" [file not found] "QuickTime Task" = ""E:\Programy\Quick Time\QTTask.exe" -atboottime" ["Apple Inc."] "SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"" ["Sun Microsystems, Inc."] "NeroFilterCheck" = ""C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe"" ["Nero AG"] "NBKeyScan" = ""E:\Programy\Nero\Nero 8\Nero BackItUp\NBKeyScan.exe"" ["Nero AG"] "NETIANET" = ""C:\Program Files\Netia\Net\netianet.exe" -auto" ["NETIA S.A."] "iTunesHelper" = ""C:\Program Files\iTunes\iTunesHelper.exe"" ["Apple Inc."] "CloneCDTray" = ""E:\Programy\CloneCD\CloneCDTray.exe" /s" ["SlySoft, Inc."] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "AcroIEHlprObj Class" \InProcServer32\(Default) = "E:\Programy\Adobe Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {2F364306-AA45-47B5-9F9D-39A8B94E7EF7}\(Default) = (no title provided) -> {HKLM...CLSID} = "Flashget Catch Url Class" \InProcServer32\(Default) = "E:\Programy\FlashGet\jccatch.dll" ["www.flashget.com"] {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}\(Default) = (no title provided) -> {HKLM...CLSID} = "BitComet Helper" \InProcServer32\(Default) = "E:\Programy\BitComet\tools\BitCometBHO_1.1.8.30.dll" [file not found] {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}\(Default) = (no title provided) -> {HKLM...CLSID} = "Megaupload Toolbar" \InProcServer32\(Default) = "C:\PROGRA~1\MegauploadToolbar\megauploadtoolbar.dll" ["MEGAUPLOAD "] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = "SSVHelper Class" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."] {9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided) -> {HKLM...CLSID} = "Windows Live Sign-in Helper" \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS] {C333CF63-767F-4831-94AC-E683D962C63C}\(Default) = (no title provided) -> {HKLM...CLSID} = "CoTGT_BHO Class" \InProcServer32\(Default) = "C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll" [null data] {F156768E-81EF-470C-9057-481BA8380DBA}\(Default) = (no title provided) -> {HKLM...CLSID} = "FlashGet GetFlash Class" \InProcServer32\(Default) = "E:\Programy\FlashGet\getflash.dll" ["www.flashget.com"] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania" -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."] "{FF393560-C2A7-11CF-BFF4-444553540000}" = "Historia" -> {HKCU...CLSID} = "Historia" \InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS] "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}" = "Internet" -> {HKCU...CLSID} = "Internet" \InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS] "{88C6C381-2E85-11D0-94DE-444553540000}" = "Folder pamięci podręcznej ActiveX" -> {HKCU...CLSID} = "Folder pamięci podręcznej ActiveX" \InProcServer32\(Default) = "C:\WINDOWS\System32\occache.dll" [MS] "{F5175861-2688-11d0-9C5E-00AA00A45957}" = "Folder subskrypcji" -> {HKCU...CLSID} = "Folder subskrypcji" \InProcServer32\(Default) = "C:\WINDOWS\System32\webcheck.dll" [MS] "{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler" -> {HKLM...CLSID} = "Microsoft Office Outlook" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS] "{472083B0-C522-11CF-8763-00608CC02F24}" = "avast" -> {HKLM...CLSID} = "avast" \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"] "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player" -> {HKLM...CLSID} = "RealOne Player Context Menu Class" \InProcServer32\(Default) = "E:\Programy\Real Player\rpshell.dll" ["RealNetworks, Inc."] "{e82a2d71-5b2f-43a0-97b8-81be15854de8}" = "ShellLink for Application References" -> {HKLM...CLSID} = "ShellLink for Application References" \InProcServer32\(Default) = "C:\WINDOWS\system32\dfshim.dll" [MS] "{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}" = "Shell Icon Handler for Application References" -> {HKLM...CLSID} = "Shell Icon Handler for Application References" \InProcServer32\(Default) = "C:\WINDOWS\system32\dfshim.dll" [MS] "{6B19FEC2-A45B-11CF-9045-00A0C9039735}" = "Registered ActiveX Controls" -> {HKLM...CLSID} = "Registered ActiveX Controls" \InProcServer32\(Default) = "E:\Nauka\Visual Basic 6.0\MSDev98\Bin\IDE\DEVXPGL.DLL" [file not found] "{D545EBD1-BD92-11CF-8772-00A0C9039735}" = "Developer Studio Components" -> {HKLM...CLSID} = "Developer Studio Components" \InProcServer32\(Default) = "E:\Nauka\Visual Basic 6.0\MSDev98\Bin\IDE\DEVXPGL.DLL" [file not found] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "E:\Programy\WinRAR\rarext.dll" [null data] "{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders" -> {HKLM...CLSID} = "Moje foldery udostępniania" \InProcServer32\(Default) = "C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll" [MS] "{6af09ec9-b429-11d4-a1fb-0090960218cb}" = "My Bluetooth Places" -> {HKLM...CLSID} = "Moje miejsca interfejsu Bluetooth" \InProcServer32\(Default) = "C:\WINDOWS\system32\btneighborhood.dll" ["Broadcom Corporation."] "{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices" -> {HKLM...CLSID} = "Portable Media Devices" \InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS] "{35786D3C-B075-49b9-88DD-029876E11C01}" = "Portable Devices" -> {HKLM...CLSID} = "Portable Devices" \InProcServer32\(Default) = "C:\WINDOWS\system32\wpdshext.dll" [MS] "{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8}" = "Portable Devices Menu" -> {HKLM...CLSID} = "Portable Devices Menu" \InProcServer32\(Default) = "C:\WINDOWS\system32\wpdshext.dll" [MS] "{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}" = "PhoneBrowser" -> {HKLM...CLSID} = "Nokia Phone Browser" \InProcServer32\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll" ["Nokia"] "{09bffb91-ecda-4149-bcfd-d87a345c219e}" = "InCDShellExt extension" -> {HKLM...CLSID} = "InCDShellExt Class" \InProcServer32\(Default) = "E:\Programy\Nero\Nero 8\InCD\InCDshx.dll" ["Nero AG"] "{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2}" = "NeroCoverEd Live Icons" -> {HKLM...CLSID} = "NeroCoverEdLiveIcons Class" \InProcServer32\(Default) = "E:\Programy\Nero\Nero 8\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"] "{692eb3b0-d034-403e-b742-2407bd43bf9b}" = "InCDUdfPerm extension" -> {HKLM...CLSID} = "InCDUdfPerm Class" \InProcServer32\(Default) = "E:\Programy\Nero\Nero 8\InCD\InCDUP.dll" ["Nero AG"] "{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes" -> {HKLM...CLSID} = "iTunes" \InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Inc."] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ INFECTION WARNING! "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "AVG Anti-Spyware 7.5" -> {HKLM...CLSID} = "CShellExecuteHookImpl Object" \InProcServer32\(Default) = "E:\Programy\AVG Anti-Spyware 7.5\shellexecutehook.dll" ["GRISOFT s.r.o."] HKLM\System\CurrentControlSet\Control\Session Manager\ INFECTION WARNING! "BootExecute" = "autocheck autochk * SsiEfr.exe" [file not found], [MS], [file not found], [file not found] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ INFECTION WARNING! WRNotifier\DLLName = "WRLogonNTF.dll" ["Webroot Software, Inc."] HKLM\Software\Classes\PROTOCOLS\Filter\ INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "E:\Programy\Adobe Reader\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}" -> {HKLM...CLSID} = "avast" \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"] AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}" -> {HKLM...CLSID} = "CContextScan Object" \InProcServer32\(Default) = "E:\Programy\AVG Anti-Spyware 7.5\context.dll" ["GRISOFT s.r.o."] Cover Designer\(Default) = "{73FCA462-9BD5-4065-A73F-A8E5F6904EF7}" -> {HKLM...CLSID} = "NeroCoverEdContextMenu Class" \InProcServer32\(Default) = "E:\Programy\Nero\Nero 8\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"] InCDShellExt\(Default) = "{09bffb91-ecda-4149-bcfd-d87a345c219e}" -> {HKLM...CLSID} = "InCDShellExt Class" \InProcServer32\(Default) = "E:\Programy\Nero\Nero 8\InCD\InCDshx.dll" ["Nero AG"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "E:\Programy\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}" -> {HKLM...CLSID} = "CContextScan Object" \InProcServer32\(Default) = "E:\Programy\AVG Anti-Spyware 7.5\context.dll" ["GRISOFT s.r.o."] InCDShellExt\(Default) = "{09bffb91-ecda-4149-bcfd-d87a345c219e}" -> {HKLM...CLSID} = "InCDShellExt Class" \InProcServer32\(Default) = "E:\Programy\Nero\Nero 8\InCD\InCDshx.dll" ["Nero AG"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "E:\Programy\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}" -> {HKLM...CLSID} = "avast" \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"] FineReader8\(Default) = "{F7091C74-EBB1-49D7-94C7-FE4886CCC18D}" -> {HKLM...CLSID} = "FineReader8ExplorerContextMenuHandler" \InProcServer32\(Default) = "E:\Programy\ABBYY FineReader 8.0 Professional Edition\FECMenu.dll" ["ABBYY Software"] InCDShellExt\(Default) = "{09bffb91-ecda-4149-bcfd-d87a345c219e}" -> {HKLM...CLSID} = "InCDShellExt Class" \InProcServer32\(Default) = "E:\Programy\Nero\Nero 8\InCD\InCDshx.dll" ["Nero AG"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "E:\Programy\WinRAR\rarext.dll" [null data] Active Desktop and Wallpaper: ----------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Documents and Settings\ADMIN\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp" DESKTOP.INI DLL launch in local fixed drive directories: -------------------------------------------------------- C:\Documents and Settings\ADMIN\Ustawienia lokalne\Historia\DESKTOP.INI [.ShellClassInfo] CLSID={FF393560-C2A7-11CF-BFF4-444553540000} -> {HKCU...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS] C:\Documents and Settings\ADMIN\Ustawienia lokalne\Historia\History.IE5\DESKTOP.INI [.ShellClassInfo] CLSID={FF393560-C2A7-11CF-BFF4-444553540000} -> {HKCU...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS] C:\Documents and Settings\Administrator\Ustawienia lokalne\Historia\DESKTOP.INI [.ShellClassInfo] CLSID={FF393560-C2A7-11CF-BFF4-444553540000} -> {HKCU...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS] C:\Documents and Settings\Administrator\Ustawienia lokalne\Historia\History.IE5\DESKTOP.INI [.ShellClassInfo] CLSID={FF393560-C2A7-11CF-BFF4-444553540000} -> {HKCU...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS] C:\Documents and Settings\Default User\Ustawienia lokalne\Historia\DESKTOP.INI [.ShellClassInfo] CLSID={FF393560-C2A7-11CF-BFF4-444553540000} -> {HKCU...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS] C:\Documents and Settings\Default User\Ustawienia lokalne\Historia\History.IE5\DESKTOP.INI [.ShellClassInfo] CLSID={FF393560-C2A7-11CF-BFF4-444553540000} -> {HKCU...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS] C:\Documents and Settings\LocalService\Ustawienia lokalne\Historia\DESKTOP.INI [.ShellClassInfo] CLSID={FF393560-C2A7-11CF-BFF4-444553540000} -> {HKCU...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS] C:\Documents and Settings\LocalService\Ustawienia lokalne\Historia\History.IE5\DESKTOP.INI [.ShellClassInfo] CLSID={FF393560-C2A7-11CF-BFF4-444553540000} -> {HKCU...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS] C:\Documents and Settings\NetworkService\Ustawienia lokalne\Historia\History.IE5\DESKTOP.INI [.ShellClassInfo] CLSID={FF393560-C2A7-11CF-BFF4-444553540000} -> {HKCU...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS] C:\WINDOWS\Downloaded Program Files\DESKTOP.INI [.ShellClassInfo] CLSID={88C6C381-2E85-11d0-94DE-444553540000} -> {HKCU...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\occache.dll" [MS] C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\DESKTOP.INI [.ShellClassInfo] CLSID={FF393560-C2A7-11CF-BFF4-444553540000} -> {HKCU...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS] C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\DESKTOP.INI [.ShellClassInfo] CLSID={FF393560-C2A7-11CF-BFF4-444553540000} -> {HKCU...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS] Startup items in "ADMIN" & "All Users" startup folders: ------------------------------------------------------- C:\Documents and Settings\ADMIN\Menu Start\Programy\Autostart "Amoumain" -> shortcut to: "E:\Programy\A4Tech\Mouse\Amoumain.exe" ["A4Tech Co.,Ltd."] INFECTION WARNING! "cursor.CurXPTheme" [null data] "Ikeymain" -> shortcut to: "E:\Programy\A4Tech\Keyboard\Ikeymain.exe" ["A4Tech Co.,Ltd."] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart "Adobe Reader Speed Launch" -> shortcut to: "E:\Programy\Adobe Reader\Reader\reader_sl.exe" ["Adobe Systems Incorporated"] "BTTray" -> shortcut to: "E:\Programy\MSI\BTTray.exe" ["Broadcom Corporation."] "DSLMON" -> shortcut to: "C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe" [empty string] "Kalendarz XP" -> shortcut to: "E:\Programy\Kalendarz XP\Kalendarz.exe" [null data] Enabled Scheduled Tasks: ------------------------ "AppleSoftwareUpdate" -> launches: "C:\Program Files\Apple Software Update\SoftwareUpdate.exe -task" ["Apple Inc."] "Uniblue SpeedUpMyPC Nag" -> launches: "C:\Documents and Settings\ADMIN\Pulpit\SpeedUpMyPC 3\SpeedUpMyPC.exe -s" [file not found] "Uniblue SpeedUpMyPC" -> launches: "C:\Documents and Settings\ADMIN\Pulpit\SpeedUpMyPC 3\SpeedUpMyPC.exe -s" [file not found] "Uniblue SpyEraser Nag" -> launches: "C:\Documents and Settings\ADMIN\Pulpit\SpyEraser\SpyEraser.exe -ynag" [file not found] "Uniblue SpyEraser" -> launches: "C:\Documents and Settings\ADMIN\Pulpit\SpyEraser\SpyEraser.exe -s" [file not found] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000004\LibraryPath = "C:\Program Files\Bonjour\mdnsNSP.dll" ["Apple Computer, Inc."] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 27 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}" -> {HKLM...CLSID} = "Megaupload Toolbar" \InProcServer32\(Default) = "C:\PROGRA~1\MegauploadToolbar\megauploadtoolbar.dll" ["MEGAUPLOAD "] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ "{E0E899AB-F487-11D5-8D29-0050BA6940E3}" = "FlashGet" -> {HKLM...CLSID} = "FlashGet" \InProcServer32\(Default) = "E:\Programy\FlashGet\fgiebar.dll" ["Amaze Soft"] "{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}" = (no title provided) -> {HKLM...CLSID} = "Megaupload Toolbar" \InProcServer32\(Default) = "C:\PROGRA~1\MegauploadToolbar\megauploadtoolbar.dll" ["MEGAUPLOAD "] Explorer Bars Dormant Explorer Bars in "View, Explorer Bar" menu HKLM\Software\Classes\CLSID\{E7A829CC-671F-4C3D-B590-8C0AEA72E6B2}\(Default) = "BitComet Button" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "E:\Programy\BitComet\tools\BitCometBHO_1.1.8.30.dll" [file not found] HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Badanie" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ "MenuText" = "Sun Java Console" "CLSIDExtension" = "{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}" -> {HKCU...CLSID} = "Java Plug-in 1.6.0_03" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."] -> {HKLM...CLSID} = "Java Plug-in 1.6.0_03" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll" ["Sun Microsystems, Inc."] {461CC20B-FB6E-4F16-8FE8-C29359DB100E}\ "ButtonText" = "BitComet Search" {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ "ButtonText" = "Badanie" {CCA281CA-C863-46EF-9331-5C8D4460577F}\ "ButtonText" = "@btrez.dll,-4015" "MenuText" = "@btrez.dll,-4017" "Script" = "E:\Programy\MSI\btsendto_ie.htm" [null data] {D6E814A0-E0C5-11D4-8D29-0050BA6940E3}\ "ButtonText" = "FlashGet" "MenuText" = "FlashGet" "Exec" = "E:\Programy\FlashGet\flashget.exe" ["FlashGet.com"] {E2E2DD38-D088-4134-82B7-F2BA38496583}\ "MenuText" = "@xpsp3res.dll,-20001" "Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS] {FB5F1910-F110-11D2-BB9E-00C04F795683}\ "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "C:\Program Files\Messenger\msmsgs.exe" [file not found] Miscellaneous IE Hijack Points ------------------------------ HKLM\Software\Microsoft\Internet Explorer\AboutURLs\ Missing lines (compared with English-language version): HIJACK WARNING! "Tabs" = "C:\Documents and Settings\ADMIN\Dane aplikacji\MEGAUPLOADTOOLBAR\tabwelcome.html" [null data] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##, Bonjour Service, ""C:\Program Files\Bonjour\mDNSResponder.exe"" ["Apple Computer, Inc."] Apple Mobile Device, Apple Mobile Device, ""C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"" ["Apple, Inc."] avast! Antivirus, avast! Antivirus, ""C:\Program Files\Alwil Software\Avast4\ashServ.exe"" ["ALWIL Software"] avast! iAVS4 Control Service, aswUpdSv, ""C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" ["ALWIL Software"] avast! Mail Scanner, avast! Mail Scanner, ""C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"] avast! Web Scanner, avast! Web Scanner, ""C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"] AVG Anti-Spyware Guard, AVG Anti-Spyware Guard, "E:\Programy\AVG Anti-Spyware 7.5\guard.exe" ["GRISOFT s.r.o."] Bluetooth Service, btwdins, "E:\Programy\MSI\bin\btwdins.exe" ["Broadcom Corporation."] Cyberlink RichVideo Service(CRVS), RichVideo, ""C:\Program Files\Cyberlink\Shared Files\RichVideo.exe"" [empty string] InCD Helper, InCDsrv, "E:\Programy\Nero\Nero 8\InCD\InCDsrv.exe" ["Nero AG"] Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS] Nero BackItUp Scheduler 3, Nero BackItUp Scheduler 3, "E:\Programy\Nero\Nero 8\Nero BackItUp\NBService.exe" ["Nero AG"] NMIndexingService, NMIndexingService, ""C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe"" ["Nero AG"] SQL Server (SQLEXPRESS), MSSQL$SQLEXPRESS, ""c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS" [MS] StyleXPService, StyleXPService, ""C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe"" [empty string] Usługa iPod, iPod Service, ""C:\Program Files\iPod\bin\iPodService.exe"" ["Apple Inc."] Webroot Spy Sweeper Engine, WebrootSpySweeperService, ""E:\Programy\Spy Sweeper\SpySweeper.exe"" ["Webroot Software, Inc."] Windows Driver Foundation - User-mode Driver Framework, WudfSvc, "C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup" {"C:\WINDOWS\System32\WUDFSvc.dll" [MS]} Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ Canon BJ Language Monitor i320\Driver = "CNMLM47.DLL" ["CANON INC."] Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS] Port drukarki interfejsu Bluetooth\Driver = "bthcrp.dll" ["Broadcom Corporation."] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 307 seconds. + The search for all Registry CLSIDs containing dormant Explorer Bars took 80 seconds. ---------- (total run time: 493 seconds)

Kod: Zaznacz wszystko: "ADMIN" - 2007-11-06 15:45:08 Dodatek Service Pack 2 ComboFix 07-05.08.3.V - Running from: "C:\Documents and Settings\ADMIN\Pulpit\Programy\Druľyna odsyfiania\" ((((((((((((((((((((((((((((((( Files Created from 2007-10-06 to 2007-11-06 )))))))))))))))))))))))))))))))))) 2007-11-06 08:57 <DIR> d-------- C:\DOCUME~1\NETWOR~1\DANEAP~1\Webroot 2007-11-06 01:07 15,360 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys 2007-11-06 01:07 14,848 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys 2007-11-06 01:07 13,824 --a------ C:\WINDOWS\system32\drivers\SSFS041A.sys 2007-11-06 01:07 117,248 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys 2007-11-06 01:07 <DIR> d-------- C:\DOCUME~1\LOCALS~1\DANEAP~1\Webroot 2007-11-06 01:06 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Webroot 2007-11-06 01:06 <DIR> d-------- C:\DOCUME~1\ADMIN\DANEAP~1\Webroot 2007-11-03 11:55 164 --a------ C:\install.dat 2007-11-03 01:41 3,608 --a------ C:\WINDOWS\system32\drivers\port_nt.sys 2007-11-02 23:34 <DIR> d-------- C:\Program Files\Yahoo! 2007-10-19 15:17 <DIR> d-------- C:\DOCUME~1\ADMIN\DANEAP~1\Winamp 2007-10-17 16:45 <DIR> d-------- C:\Program Files\Winamp Remote 2007-10-17 16:45 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\OrbNetworks 2007-10-16 00:38 <DIR> d-------- C:\Program Files\iTunes 2007-10-16 00:38 <DIR> d-------- C:\Program Files\iPod 2007-10-14 16:00 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Nokia 2007-10-14 15:53 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys 2007-10-14 15:53 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll 2007-10-14 15:53 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys 2007-10-14 15:53 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys 2007-10-14 15:53 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys 2007-10-11 16:55 <DIR> d-------- C:\Program Files\Netia 2007-10-08 17:51 52,864 -ra------ C:\WINDOWS\system32\drivers\CnxTrUsb.sys 2007-10-08 17:51 25,984 -ra------ C:\WINDOWS\system32\drivers\CnxTrLan.sys 2007-10-08 17:51 22,048 -ra------ C:\WINDOWS\system32\cocpyinf.dll 2007-10-08 17:51 <DIR> d-------- C:\Program Files\Conexant (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-11-06 14:48:59 -------- d-----w C:\DOCUME~1\ADMIN\DANEAP~1\uTorrent 2007-11-05 16:55:14 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll 2007-11-04 19:58:34 -------- d-----w C:\DOCUME~1\ADMIN\DANEAP~1\MegauploadToolbar 2007-10-28 09:22:08 93,128 ----a-w C:\WINDOWS\system32\perfc015.dat 2007-10-28 09:22:08 497,928 ----a-w C:\WINDOWS\system32\perfh015.dat 2007-10-25 16:05:36 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys 2007-10-25 16:05:20 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys 2007-10-25 16:03:19 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys 2007-10-25 16:01:34 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys 2007-10-25 15:58:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys 2007-10-25 15:24:45 815,480 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-10-25 15:14:25 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr 2007-10-14 15:00:35 -------- d-----w C:\Program Files\Common Files\Nokia 2007-10-14 15:00:33 -------- d-----w C:\Program Files\Nokia 2007-10-02 18:24:01 -------- d-----w C:\DOCUME~1\ADMIN\DANEAP~1\Nero 2007-10-02 18:21:50 -------- d-----w C:\Program Files\Common Files\Nero 2007-10-02 18:02:58 -------- d-----w C:\Program Files\Common Files\Ahead 2007-09-21 16:43:14 -------- d-----w C:\DOCUME~1\ADMIN\DANEAP~1\Apple Computer 2007-09-21 16:38:25 -------- d-----w C:\Program Files\Common Files\Apple 2007-09-21 15:57:00 -------- d-----w C:\Program Files\Apple Software Update 2007-09-16 23:51:02 -------- d-----w C:\DOCUME~1\ADMIN\DANEAP~1\AdobeUM 2007-09-16 19:24:54 -------- d-----w C:\Program Files\Bonjour 2007-09-16 12:50:46 -------- d-----w C:\Program Files\Common Files\Macrovision Shared 2007-09-16 11:27:03 249,856 ------w C:\WINDOWS\Setup1.exe 2007-09-16 11:27:01 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE 2007-09-09 23:07:31 -------- d-----w C:\DOCUME~1\ADMIN\DANEAP~1\Lavasoft 2007-09-06 17:54:07 -------- d-----w C:\Program Files\PIXEL 2007-09-06 16:12:34 804 ----a-w C:\WINDOWS\TSCTVDIV.BIN 2007-09-04 18:50:49 2,560 ----a-w C:\WINDOWS\system32\bitcometres.dll 2007-08-10 19:56:53 93,128 ----a-w C:\WINDOWS\system32\ElbyCDIO.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] "{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}"="E:\Programy\Adobe Reader\ActiveX\AcroIEHelper.dll" "{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}"="E:\Programy\FlashGet\jccatch.dll" "{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}"="E:\Programy\BitComet\tools\BitCometBHO_1.1.8.30.dll" [x] "{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}"="C:\PROGRA~1\MegauploadToolbar\megauploadtoolbar.dll" "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"="C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll" "{9030D464-4C02-4ABF-8ECC-5164760863C6}"="C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" "{C333CF63-767F-4831-94AC-E683D962C63C}"="C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll" "{F156768E-81EF-470C-9057-481BA8380DBA}"="E:\Programy\FlashGet\getflash.dll" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "NIC Monitor"="VNICMon.exe" "avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe" "Tray Temperature"="F:\\Program Files\\AWS\\MiniBug.exe 1" "QuickTime Task"="\"E:\\Programy\\Quick Time\\QTTask.exe\" -atboottime" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_03\\bin\\jusched.exe\"" "NeroFilterCheck"="\"C:\\Program Files\\Common Files\\Nero\\Lib\\NeroCheck.exe\"" "NBKeyScan"="\"E:\\Programy\\Nero\\Nero 8\\Nero BackItUp\\NBKeyScan.exe\"" "NETIANET"="\"C:\\Program Files\\Netia\\Net\\netianet.exe\" -auto" "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\"" "CloneCDTray"="\"E:\\Programy\\CloneCD\\CloneCDTray.exe\" /s" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Nero\\Lib\\NMBgMonitor.exe\"" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\AdobeUpdater] @="" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "NETIANET"="C:\\Program Files\\Netia\\Net\\netianet.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="E:\Programy\AVG Anti-Spyware 7.5\shellexecutehook.dll" HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages msv1_0\0\0 Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages scecli\0\0 HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ad-watch "E:\Programy\Ad-aware 6\Ad-watch.exe" HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\awmon "E:\Programy\Ad-Aware SE Professional\Ad-Watch.exe" HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\incd E:\Programy\Nero\Nero 8\InCD\InCD.exe HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ituneshelper "C:\Program Files\iTunes\iTunesHelper.exe" HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msmsgs "C:\Program Files\Messenger\msmsgs.exe" /background HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\netianet C:\Program Files\Netia\Net\netianet.exe -auto HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\securdisc E:\Programy\Nero\Nero 8\InCD\NBHGui.exe [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService DnsCache\0\0 rpcss RpcSs\0\0 imgsvc StiSvc\0\0 termsvcs TermService\0\0 HTTPFilter HTTPFilter\0\0 DcomLaunch DcomLaunch\0TermService\0\0 WudfServiceGroup WUDFSvc\0\0 HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\Uniblue SpeedUpMyPC Nag.job C:\WINDOWS\tasks\Uniblue SpeedUpMyPC.job C:\WINDOWS\tasks\Uniblue SpyEraser Nag.job C:\WINDOWS\tasks\Uniblue SpyEraser.job ******************************************************************** catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-06 15:49:56 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 ******************************************************************** Completion time: 2007-11-06 15:50:09 C:\ComboFix-quarantined-files.txt ... 2007-11-06 15:50 C:\ComboFix2.txt ... 2007-11-04 16:12

Zrobiłem update, bo wywaliłem z kompa jeszcze coś.

**Posty:** 3854 · przez **Dzi@dek** 04 Lis 2007, 18:28

Otwórz notatnik i wklej 1:1

Kod: Zaznacz wszystko: Windows Registry Editor Version 5.0 [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\]

Plik zapisz jako - wszystkie pliki - FIX.REG
Klikasz 2 razy fix.reg i potwierdzasz dodanie wpisu do rejestru.

**Posty:** 93 · przez **andig** 04 Lis 2007, 20:15

Jest problem - podobny plik, nie jest plikiem rejestru.

**Posty:** 3854 · przez **Dzi@dek** 04 Lis 2007, 20:47

Dzi@dek napisał(a):Windows Registry Editor Version 5.0

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\]

sorry, mój błąd

Kod: Zaznacz wszystko: Windows Registry Editor Version 5.00 [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\]

**Posty:** 93 · przez **andig** 04 Lis 2007, 21:19

Ok, teraz poszło

.

Edit: Mam kolejne pytanko, czy logi są czyste ??

Edit 2: Nadal spy sweeper wykrywa mi wiry, a łącze sobie szaleje

.

**Posty:** 18165 · przez **wojtas** 06 Lis 2007, 18:08

Zastosuj SDFix . Po pobraniu uruchom go a rozpakuje się do C:\SDFix. Uruchom komputer w trybie awaryjnym (F8 przy stracie systemu). Będąc w awaryjnym uruchom plik RunThis.bat z folderu SDFixa. Zatwierdź czyszczenie przez Y. Poczekaj aż ukończy i komputer zresetuje

Potem wejdz do folderu SDFix wrzuc zawartość pliku Report.txt + log z combofixa oraz z hijacka oraz screeny w wykrywanych wirusow

**Posty:** 93 · przez **andig** 07 Lis 2007, 00:53

Kod: Zaznacz wszystko: "ADMIN" - 2007-11-06 19:10:02 Dodatek Service Pack 2 ComboFix 07-05.08.3.V - Running from: "C:\Documents and Settings\ADMIN\Pulpit\Programy\Druľyna odsyfiania\" ((((((((((((((((((((((((((((((( Files Created from 2007-10-06 to 2007-11-06 )))))))))))))))))))))))))))))))))) 2007-11-06 18:44 <DIR> d-------- C:\WINDOWS\ERUNT 2007-11-06 08:57 <DIR> d-------- C:\DOCUME~1\NETWOR~1\DANEAP~1\Webroot 2007-11-06 01:07 15,360 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys 2007-11-06 01:07 14,848 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys 2007-11-06 01:07 13,824 --a------ C:\WINDOWS\system32\drivers\SSFS041A.sys 2007-11-06 01:07 117,248 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys 2007-11-06 01:07 <DIR> d-------- C:\DOCUME~1\LOCALS~1\DANEAP~1\Webroot 2007-11-06 01:06 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Webroot 2007-11-06 01:06 <DIR> d-------- C:\DOCUME~1\ADMIN\DANEAP~1\Webroot 2007-11-03 11:55 164 --a------ C:\install.dat 2007-11-03 01:41 3,608 --a------ C:\WINDOWS\system32\drivers\port_nt.sys 2007-11-02 23:34 <DIR> d-------- C:\Program Files\Yahoo! 2007-10-19 15:17 <DIR> d-------- C:\DOCUME~1\ADMIN\DANEAP~1\Winamp 2007-10-17 16:45 <DIR> d-------- C:\Program Files\Winamp Remote 2007-10-17 16:45 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\OrbNetworks 2007-10-16 00:38 <DIR> d-------- C:\Program Files\iTunes 2007-10-16 00:38 <DIR> d-------- C:\Program Files\iPod 2007-10-14 16:00 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Nokia 2007-10-14 15:53 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys 2007-10-14 15:53 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll 2007-10-14 15:53 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys 2007-10-14 15:53 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys 2007-10-14 15:53 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys 2007-10-11 16:55 <DIR> d-------- C:\Program Files\Netia 2007-10-08 17:51 52,864 -ra------ C:\WINDOWS\system32\drivers\CnxTrUsb.sys 2007-10-08 17:51 25,984 -ra------ C:\WINDOWS\system32\drivers\CnxTrLan.sys 2007-10-08 17:51 22,048 -ra------ C:\WINDOWS\system32\cocpyinf.dll 2007-10-08 17:51 <DIR> d-------- C:\Program Files\Conexant (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-11-06 17:31:13 -------- d-----w C:\DOCUME~1\ADMIN\DANEAP~1\uTorrent 2007-11-06 15:17:05 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll 2007-11-04 19:58:34 -------- d-----w C:\DOCUME~1\ADMIN\DANEAP~1\MegauploadToolbar 2007-10-28 09:22:08 93,128 ----a-w C:\WINDOWS\system32\perfc015.dat 2007-10-28 09:22:08 497,928 ----a-w C:\WINDOWS\system32\perfh015.dat 2007-10-25 16:05:36 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys 2007-10-25 16:05:20 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys 2007-10-25 16:03:19 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys 2007-10-25 16:01:34 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys 2007-10-25 15:58:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys 2007-10-25 15:24:45 815,480 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-10-25 15:14:25 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr 2007-10-14 15:00:35 -------- d-----w C:\Program Files\Common Files\Nokia 2007-10-14 15:00:33 -------- d-----w C:\Program Files\Nokia 2007-10-02 18:24:01 -------- d-----w C:\DOCUME~1\ADMIN\DANEAP~1\Nero 2007-10-02 18:21:50 -------- d-----w C:\Program Files\Common Files\Nero 2007-10-02 18:02:58 -------- d-----w C:\Program Files\Common Files\Ahead 2007-09-21 16:43:14 -------- d-----w C:\DOCUME~1\ADMIN\DANEAP~1\Apple Computer 2007-09-21 16:38:25 -------- d-----w C:\Program Files\Common Files\Apple 2007-09-21 15:57:00 -------- d-----w C:\Program Files\Apple Software Update 2007-09-16 23:51:02 -------- d-----w C:\DOCUME~1\ADMIN\DANEAP~1\AdobeUM 2007-09-16 19:24:54 -------- d-----w C:\Program Files\Bonjour 2007-09-16 12:50:46 -------- d-----w C:\Program Files\Common Files\Macrovision Shared 2007-09-16 11:27:03 249,856 ------w C:\WINDOWS\Setup1.exe 2007-09-16 11:27:01 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE 2007-09-09 23:07:31 -------- d-----w C:\DOCUME~1\ADMIN\DANEAP~1\Lavasoft 2007-09-06 17:54:07 -------- d-----w C:\Program Files\PIXEL 2007-09-06 16:12:34 804 ----a-w C:\WINDOWS\TSCTVDIV.BIN 2007-09-04 18:50:49 2,560 ----a-w C:\WINDOWS\system32\bitcometres.dll 2007-08-10 19:56:53 93,128 ----a-w C:\WINDOWS\system32\ElbyCDIO.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] "{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}"="E:\Programy\Adobe Reader\ActiveX\AcroIEHelper.dll" "{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}"="E:\Programy\FlashGet\jccatch.dll" "{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}"="E:\Programy\BitComet\tools\BitCometBHO_1.1.8.30.dll" [x] "{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}"="C:\PROGRA~1\MegauploadToolbar\megauploadtoolbar.dll" "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"="C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll" "{9030D464-4C02-4ABF-8ECC-5164760863C6}"="C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" "{C333CF63-767F-4831-94AC-E683D962C63C}"="C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll" "{F156768E-81EF-470C-9057-481BA8380DBA}"="E:\Programy\FlashGet\getflash.dll" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "NIC Monitor"="VNICMon.exe" "avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe" "Tray Temperature"="F:\\Program Files\\AWS\\MiniBug.exe 1" "QuickTime Task"="\"E:\\Programy\\Quick Time\\QTTask.exe\" -atboottime" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_03\\bin\\jusched.exe\"" "NeroFilterCheck"="\"C:\\Program Files\\Common Files\\Nero\\Lib\\NeroCheck.exe\"" "NBKeyScan"="\"E:\\Programy\\Nero\\Nero 8\\Nero BackItUp\\NBKeyScan.exe\"" "NETIANET"="\"C:\\Program Files\\Netia\\Net\\netianet.exe\" -auto" "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\"" "CloneCDTray"="\"E:\\Programy\\CloneCD\\CloneCDTray.exe\" /s" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Nero\\Lib\\NMBgMonitor.exe\"" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\AdobeUpdater] @="" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "NETIANET"="C:\\Program Files\\Netia\\Net\\netianet.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="E:\Programy\AVG Anti-Spyware 7.5\shellexecutehook.dll" HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages msv1_0\0\0 Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages scecli\0\0 HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ad-watch "E:\Programy\Ad-aware 6\Ad-watch.exe" HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\awmon "E:\Programy\Ad-Aware SE Professional\Ad-Watch.exe" HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\incd E:\Programy\Nero\Nero 8\InCD\InCD.exe HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ituneshelper "C:\Program Files\iTunes\iTunesHelper.exe" HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msmsgs "C:\Program Files\Messenger\msmsgs.exe" /background HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\netianet C:\Program Files\Netia\Net\netianet.exe -auto HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\securdisc E:\Programy\Nero\Nero 8\InCD\NBHGui.exe [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService DnsCache\0\0 rpcss RpcSs\0\0 imgsvc StiSvc\0\0 termsvcs TermService\0\0 HTTPFilter HTTPFilter\0\0 DcomLaunch DcomLaunch\0TermService\0\0 WudfServiceGroup WUDFSvc\0\0 HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\Uniblue SpeedUpMyPC Nag.job C:\WINDOWS\tasks\Uniblue SpeedUpMyPC.job C:\WINDOWS\tasks\Uniblue SpyEraser Nag.job C:\WINDOWS\tasks\Uniblue SpyEraser.job ******************************************************************** catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-06 19:14:48 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 ******************************************************************** Completion time: 2007-11-06 19:15:01 C:\ComboFix-quarantined-files.txt ... 2007-11-06 19:15 C:\ComboFix2.txt ... 2007-11-06 15:50 C:\ComboFix3.txt ... 2007-11-04 16:12

Kod: Zaznacz wszystko: SDFix: Version 1.113 Run by ADMIN on 2007-11-06 at 18:45 Microsoft Windows XP [Wersja 5.1.2600] Running From: C:\SDFix Safe Mode: Checking Services: Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting... Normal Mode: Checking Files: No Trojan Files Found Removing Temp Files... ADS Check: C:\WINDOWS No streams found. C:\WINDOWS\system32 No streams found. C:\WINDOWS\system32\svchost.exe No streams found. C:\WINDOWS\system32\ntoskrnl.exe No streams found. Final Check: catchme 0.3.1253 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-06 19:04:52 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... IPC error: 2 Nie można odnaleźć określonego pliku. scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] "s0"=dword:ef38e672 "s1"=dword:fb98ec22 "s2"=dword:a6a04d39 "h0"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="E:\Programy\Daemon Tools\" "h0"=dword:00000000 "khjeh"=hex:46,03,91,f6,6b,ba,d3,bf,15,b1,ab,ff,7a,63,8b,8d,47,97,ef,87,8b,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,c3,19,dd,61,98,5e,b4,b9,2f,f0,0d,34,b5,e6,22,1a,65,.. "khjeh"=hex:d3,ac,56,64,e7,a0,37,38,e0,45,12,51,19,90,82,5d,de,a2,ad,1d,21,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:da,53,ef,53,24,9a,5a,eb,8f,e9,2f,9c,2b,e2,9e,82,22,78,76,e2,89,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41] "khjeh"=hex:fe,5a,b1,9a,e3,17,27,03,f8,69,97,87,99,3b,04,11,48,71,34,4f,f7,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="E:\Programy\Daemon Tools\" "h0"=dword:00000000 "khjeh"=hex:46,03,91,f6,6b,ba,d3,bf,15,b1,ab,ff,7a,63,8b,8d,47,97,ef,87,8b,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,c3,19,dd,61,98,5e,b4,b9,2f,f0,0d,34,b5,e6,22,1a,65,.. "khjeh"=hex:d3,ac,56,64,e7,a0,37,38,e0,45,12,51,19,90,82,5d,de,a2,ad,1d,21,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:da,53,ef,53,24,9a,5a,eb,8f,e9,2f,9c,2b,e2,9e,82,22,78,76,e2,89,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41] "khjeh"=hex:fe,5a,b1,9a,e3,17,27,03,f8,69,97,87,99,3b,04,11,48,71,34,4f,f7,.. scanning hidden registry entries ... source file error: C:\Documents and Settings\ADMIN\ntuser.dat scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "E:\\Programy\\uTorrent\\uTorrent.exe"="E:\\Programy\\uTorrent\\uTorrent.exe:*:Enabled:uTorrent" "C:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"="C:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe:*:Enabled:Sunbelt Kerio Firewall GUI" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" Remaining Files: --------------- Files with Hidden Attributes: Fri 4 Aug 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Tue 24 Apr 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp" Fri 4 Aug 2006 4,348 ...H. --- "C:\Documents and Settings\ADMIN\Moje dokumenty\Moja muzyka\Kopia zapasowa licencji\drmv1key.bak" Mon 7 Aug 2006 20 A..H. --- "C:\Documents and Settings\ADMIN\Moje dokumenty\Moja muzyka\Kopia zapasowa licencji\drmv1lic.bak" Fri 4 Aug 2006 312 A.SH. --- "C:\Documents and Settings\ADMIN\Moje dokumenty\Moja muzyka\Kopia zapasowa licencji\drmv2key.bak" Finished!

Kod: Zaznacz wszystko: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:18:04, on 2007-11-06 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe E:\Programy\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Bonjour\mDNSResponder.exe E:\Programy\MSI\bin\btwdins.exe E:\Programy\Nero\Nero 8\InCD\InCDsrv.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE E:\Programy\Nero\Nero 8\Nero BackItUp\NBService.exe C:\Program Files\Cyberlink\Shared Files\RichVideo.exe C:\WINDOWS\System32\svchost.exe E:\Programy\Spy Sweeper\SpySweeper.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\system32\VNICMon.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe E:\Programy\MSI\BTTray.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe E:\Programy\A4Tech\Mouse\Amoumain.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe E:\Programy\A4Tech\Keyboard\Ikeymain.exe E:\Programy\StyleXp\CursorXP.exe C:\Program Files\iPod\bin\iPodService.exe E:\Programy\Opera\Opera.exe C:\WINDOWS\system32\notepad.exe C:\Documents and Settings\ADMIN\Pulpit\Programy\Drużyna odsyfiania\HijackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Programy\Adobe Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Flashget Catch Url Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - E:\Programy\FlashGet\jccatch.dll O2 - BHO: BitComet Helper - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - E:\Programy\BitComet\tools\BitCometBHO_1.1.8.30.dll (file missing) O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MegauploadToolbar\megauploadtoolbar.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: CoTGT_BHO Class - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - E:\Programy\FlashGet\getflash.dll O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - E:\Programy\FlashGet\fgiebar.dll O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MegauploadToolbar\megauploadtoolbar.dll O4 - HKLM\..\Run: [NIC Monitor] VNICMon.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Tray Temperature] F:\Program Files\AWS\MiniBug.exe 1 O4 - HKLM\..\Run: [QuickTime Task] "E:\Programy\Quick Time\QTTask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" O4 - HKLM\..\Run: [NBKeyScan] "E:\Programy\Nero\Nero 8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [NETIANET] "C:\Program Files\Netia\Net\netianet.exe" -auto O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [CloneCDTray] "E:\Programy\CloneCD\CloneCDTray.exe" /s O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-19\..\Run: [NETIANET] C:\Program Files\Netia\Net\netianet.exe (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: Amoumain.lnk = E:\Programy\A4Tech\Mouse\Amoumain.exe O4 - Startup: cursor.CurXPTheme O4 - Startup: Ikeymain.lnk = E:\Programy\A4Tech\Keyboard\Ikeymain.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Programy\Adobe Reader\Reader\reader_sl.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O4 - Global Startup: Kalendarz XP.lnk = E:\Programy\Kalendarz XP\Kalendarz.exe O8 - Extra context menu item: &D&ownload &with BitComet - res://E:\Programy\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://E:\Programy\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://E:\Programy\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet'a - E:\Programy\FlashGet\jc_link.htm O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet'a - E:\Programy\FlashGet\jc_all.htm O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Wyślij do interfejsu &Bluetooth - E:\Programy\MSI\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - E:\Programy\BitComet\tools\BitCometBHO_1.1.8.30.dll (file missing) O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Programy\MSI\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Programy\MSI\btsendto_ie.htm O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\Programy\FlashGet\flashget.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\Programy\FlashGet\flashget.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O15 - Trusted Zone: http://bezpieczenstwo.onet.pl O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://bezpieczenstwo.onet.pl/skaner/ArcaOnline.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - E:\Programy\AVG Anti-Spyware 7.5\guard.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - E:\Programy\MSI\bin\btwdins.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - E:\Programy\Nero\Nero 8\InCD\InCDsrv.exe O23 - Service: Usługa iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - E:\Programy\Nero\Nero 8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared Files\RichVideo.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe O23 - Service: Creative VF0010 RunApp Service (VF0010Srv) - Unknown owner - h:\drivers\english\V0010bSv.exe (file missing) O23 - Service: Visual Studio Analyzer RPC bridge - Unknown owner - E:\Nauka\Visual Basic 6.0\Tools\VS-Ent98\Vanalyzr\varpc.exe (file missing) O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - E:\Programy\Spy Sweeper\SpySweeper.exe -- End of file - 11161 bytes

Co do screenów, to jakąś tam część tego trojana usunąłem starszą wersją sweepera. Rookita znalazłem najnowszym, jednak nie zrobię już całego skanowania, bo ostatnie zajęło mi cały dzień i całą noc. W ostateczności, jak bardzo będziesz tego potrzebował, to je zrobię.

**Posty:** 18165 · przez **wojtas** 07 Lis 2007, 17:10

w logach nic nie widac... sadze ze jest to falszywy alert

**Posty:** 93 · przez **andig** 08 Lis 2007, 17:55

Acha, no dobra wielkie dzięki. Widocznie tak ma być, że w Netii nawet jak nic nie robie, to ten internet pracuje

. Jeszcze raz dzięki!!

trojan, rookit, zapchane łącze.

Trojan, Rookit, zapchane łącze.

Kto jest na forum