Zebralem wszystko do kupy moze cos jeszcze bedzie ;/
jak nie to trzeba bedzie zaryzykowac
- Kod: Zaznacz wszystko
********************************************************************************
* *
* FixIEDef Log *
* Version 1.4.16.4411 *
* *
********************************************************************************
Created at 17:23:44 on Sunday, June 08, 2008
Time Zone :
Operating System : Microsoft Windows XP Professional
Service Pack Level: Dodatek Service Pack 2
System Langauge : Polish
Processor : X86
Boot State : Normal boot
--------------------------------------------------------------------------------
!!! Files that have been deleted !!!
No malicious files found
--------------------------------------------------------------------------------
!!! Directories that have been removed !!!
No malicious directories to be removed
--------------------------------------------------------------------------------
!!! Registry entries that have been removed !!!
No malicious Registry entries found
================================================================================
All Done :)
ShadowPuterDude
Safe Surfing!!!
- Kod: Zaznacz wszystko
"Silent Runners.vbs", revision 58, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"STYLEXP" = "C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide" [empty string]
"DAEMON Tools Pro Agent" = ""C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"" ["DT Soft Ltd."]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]
"ImageShackUtil" = "C:\Program Files\ImageShack\QuickShot\QuickShot.exe" [null data]
"AVG7_CC" = "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."]
"cFosSpeed" = "C:\Program Files\cFosSpeed\cFosSpeed.exe" ["cFos Software GmbH"]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"MSConfig" = "C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto" [MS]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{055FD26D-3A88-4e15-963D-DC8493744B1D}\(Default) = (no title provided)
-> {HKLM...CLSID} = "XTTBPos00 Class"
\InProcServer32\(Default) = "C:\PROGRA~1\ICQTOO~1\toolbaru.dll" ["IE Toolbar"]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Spybot-S&D IE Protection"
\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{B089FE88-FB52-11D3-BDF1-0050DA34150D}" = "NOD32 Context Menu Shell Extension"
-> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
\InProcServer32\(Default) = "F:\Program Files\nodshex.dll" [file not found]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension"
-> {HKLM...CLSID} = "AVG7 Shell Extension Class"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension"
-> {HKLM...CLSID} = "AVG7 Find Extension Class"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
"{49BF5420-FA7F-11cf-8011-00A0C90A8F78}" = "Mobile Device"
-> {HKLM...CLSID} = "Mobile Device"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Wcesview.dll" [MS]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
<<!>> "{E25C29AB-12B9-4523-A53C-324B5FBA648C}" = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "E:\TMP\datF40.tmp" [null data]
HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]
HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {HKLM...CLSID} = "AVG7 Shell Extension Class"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]
DaemonShellExtImage\(Default) = "{40966797-8FFE-46C8-9EF8-7003F33CCF0F}"
-> {HKLM...CLSID} = "DaemonShellExtImage Class"
\InProcServer32\(Default) = "C:\Program Files\DAEMON Tools Pro\imgshl32.dll" ["DT Soft Ltd."]
NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"
-> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
\InProcServer32\(Default) = "F:\Program Files\nodshex.dll" [file not found]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {HKLM...CLSID} = "AVG7 Shell Extension Class"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]
NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"
-> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
\InProcServer32\(Default) = "F:\Program Files\nodshex.dll" [file not found]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------
Note: detected settings may not have any effect.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
"NoDrives" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\
"NoDrives" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\
"HideLegacyLogonScripts" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
"HideLogoffScripts" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
"RunLogonScriptSync" = (REG_DWORD) dword:0x00000001
{unrecognized setting}
"RunStartupScriptSync" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
"HideStartupScripts" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\
"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}
"undockwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}
"HideLegacyLogonScripts" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
"HideLogoffScripts" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
"RunLogonScriptSync" = (REG_DWORD) dword:0x00000001
{unrecognized setting}
"RunStartupScriptSync" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
"HideStartupScripts" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
"DisableRegistryTools" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"
Windows Portable Device AutoPlay Handlers
-----------------------------------------
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\
BlankCDHandler\
"Provider" = "@F:\Program Files\Ahead\Nero\APHandler.dll,-101"
"InvokeProgID" = "APHandler.Handler.1"
"InvokeVerb" = "BlankCD"
HKLM\SOFTWARE\Classes\APHandler.Handler.1\shell\BlankCD\command\(Default) = "F:\Program Files\Ahead\Nero\nero.exe /BlankCD" ["Ahead Software AG Karlsbad Germany Phone: ++49-7248-911-800 Fax: ++49-7248-911-888 e-mail: info@nero.com"]
CDAudioHandler\
"Provider" = "@F:\Program Files\Ahead\Nero\APHandler.dll,-101"
"InvokeProgID" = "APHandler.Handler.1"
"InvokeVerb" = "CDAudio"
HKLM\SOFTWARE\Classes\APHandler.Handler.1\shell\CDAudio\command\(Default) = "F:\Program Files\Ahead\Nero\nero.exe /CDAudio" ["Ahead Software AG Karlsbad Germany Phone: ++49-7248-911-800 Fax: ++49-7248-911-888 e-mail: info@nero.com"]
VLCPlayCDAudioOnArrival\
"Provider" = "VideoLAN VLC media player"
"InvokeProgID" = "VLC.CDAudio"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\VLC.CDAudio\shell\play\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file cdda:%1" ["VideoLAN Team"]
VLCPlayDVDMovieOnArrival\
"Provider" = "VideoLAN VLC media player"
"InvokeProgID" = "VLC.DVDMovie"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\VLC.DVDMovie\shell\play\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file dvd:%1" ["VideoLAN Team"]
Startup items in "Administrator" & "All Users" startup folders:
---------------------------------------------------------------
C:\Documents and Settings\Administrator\Menu Start\Programy\Autostart
"EasyTune5" -> shortcut to: "C:\Program Files\Gigabyte\ET5\ET5SC.exe" [empty string]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
"DSLMON" -> shortcut to: "C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe" [empty string]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
w2pxdrv.dll ["Proxy Labs"], 01 - 04, 10
%SystemRoot%\system32\mswsock.dll [MS], 05 - 07, 11 - 22
%SystemRoot%\system32\rsvpsp.dll [MS], 08 - 09
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{855F3B16-6D32-4FE6-8A56-BBB695989046}"
-> {HKLM...CLSID} = "ICQ Toolbar"
\InProcServer32\(Default) = "C:\PROGRA~1\ICQTOO~1\toolbaru.dll" ["IE Toolbar"]
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
"{855F3B16-6D32-4FE6-8A56-BBB695989046}" = (no title provided)
-> {HKLM...CLSID} = "ICQ Toolbar"
\InProcServer32\(Default) = "C:\PROGRA~1\ICQTOO~1\toolbaru.dll" ["IE Toolbar"]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}\
"ButtonText" = "Create Mobile Favorite"
"CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}"
-> {HKLM...CLSID} = "Create Mobile Favorite"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\INetRepl.dll" [MS]
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}\
"MenuText" = "Create Mobile Favorite..."
"CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}"
-> {HKLM...CLSID} = "Create Mobile Favorite"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\INetRepl.dll" [MS]
{85D1F590-48F4-11D9-9669-0800200C9A66}\
"MenuText" = "Uninstall BitDefender Online Scanner v8"
"Exec" = "%windir%\bdoscandel.exe" [null data]
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\
"MenuText" = "Spybot - Search & Destroy Configuration"
"CLSIDExtension" = "{53707962-6F74-2D53-2644-206D7942484F}"
-> {HKLM...CLSID} = "Spybot-S&D IE Protection"
\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
{E59EB121-F339-4851-A3BA-FE49C35617C2}\
"ButtonText" = "ICQ6"
"MenuText" = "ICQ6"
"Exec" = "C:\Program Files\ICQ6\ICQ.exe" ["ICQ, Inc."]
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]
Miscellaneous IE Hijack Points
------------------------------
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\
<<H>> "{855F3B16-6D32-4fe6-8A56-BBB695989046}" = (no title provided)
-> {HKLM...CLSID} = "ICQ Toolbar"
\InProcServer32\(Default) = "C:\PROGRA~1\ICQTOO~1\toolbaru.dll" ["IE Toolbar"]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
AVG E-mail Scanner, AVGEMS, "C:\PROGRA~1\Grisoft\AVG7\avgemc.exe" ["GRISOFT, s.r.o."]
AVG7 Alert Manager Server, Avg7Alrt, "C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe" ["GRISOFT, s.r.o."]
AVG7 Update Service, Avg7UpdSvc, "C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe" ["GRISOFT, s.r.o."]
cFosSpeed System Service, cFosSpeedS, ""C:\Program Files\cFosSpeed\spd.exe" -service" ["cFos Software GmbH"]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
StyleXPService, StyleXPService, ""C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe"" [empty string]
---------- (launch time: 2008-06-08 17:30:38)
<<!>>: Suspicious data at a malware launch point.
<<H>>: Suspicious data at a browser hijack point.
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 14 seconds.
---------- (total run time: 55 seconds)
- Kod: Zaznacz wszystko
BitDefender Online Scanner
Scan report generated at: Sun, Jun 08, 2008 - 17:20:16
Scan path: C:\;D:\;E:\;F:\;G:\;H:\;I:\;J:\;L:\;
Statistics
Time
01:43:43
Files
245061
Folders
8811
Boot Sectors
8
Archives
1460
Packed Files
7620
Results
Identified Viruses
8
Infected Files
12
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
10
Engines Info
Virus Definitions
1256912
Engine build
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)
Scan plugins
16
Archive plugins
42
Unpack plugins
7
E-mail plugins
6
System plugins
5
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\Documents and Settings\Administrator\Moje dokumenty\patch_l2_exi_it.rar=>system\Project1.dll
Infected with: DeepScan:Generic.Malware.P!.BB28547F
C:\Documents and Settings\Administrator\Moje dokumenty\patch_l2_exi_it.rar=>system\Project1.dll
Disinfection failed
C:\Documents and Settings\Administrator\Moje dokumenty\patch_l2_exi_it.rar=>system\Project1.dll
Deleted
C:\Documents and Settings\Administrator\Moje dokumenty\patch_l2_exi_it.rar
Update failed
C:\Documents and Settings\hax\Dane aplikacji\Opera\Opera\profile\cache4\opr0K0KF.htm
Infected with: Exploit.HTML.Agent.AM
C:\Documents and Settings\hax\Dane aplikacji\Opera\Opera\profile\cache4\opr0K0KF.htm
Disinfection failed
C:\Documents and Settings\hax\Dane aplikacji\Opera\Opera\profile\cache4\opr0K0KF.htm
Deleted
C:\Documents and Settings\hax\Dane aplikacji\Opera\Opera\profile\cache4\opr0K0KK.swf
Infected with: Exploit.SWF.Gen
C:\Documents and Settings\hax\Dane aplikacji\Opera\Opera\profile\cache4\opr0K0KK.swf
Disinfection failed
C:\Documents and Settings\hax\Dane aplikacji\Opera\Opera\profile\cache4\opr0K0KK.swf
Deleted
E:\TMP\datF3B.tmp
Infected with: MemScan:Trojan.Dropper.Rootkit.NBT
E:\TMP\datF3B.tmp
Disinfection failed
E:\TMP\datF3B.tmp
Deleted
E:\TMP\datF3C.tmp
Infected with: Trojan.PWS.OnlineGames.YYQ
E:\TMP\datF3C.tmp
Deleted
E:\TMP\datF3D.tmp
Infected with: Trojan.Killav.OC
E:\TMP\datF3D.tmp
Disinfection failed
E:\TMP\datF3D.tmp
Deleted
E:\TMP\datF40.tmp
Infected with: MemScan:Trojan.Dropper.Rootkit.NBT
E:\TMP\datF40.tmp
Disinfection failed
E:\TMP\datF40.tmp
Delete failed
E:\TMP\datF41.tmp
Infected with: Trojan.PWS.OnlineGames.YYQ
E:\TMP\datF41.tmp
Disinfection failed
E:\TMP\datF41.tmp
Delete failed
E:\TMP\datF42.tmp
Infected with: Trojan.Killav.OC
E:\TMP\datF42.tmp
Disinfection failed
E:\TMP\datF42.tmp
Deleted
E:\TMP\orz.exe
Infected with: MemScan:Win32.Worm.Otwycal.T
E:\TMP\orz.exe
Deleted
I:\StyleXP v3.06 KeyGen\eclsxp30.exe
Detected with: Application.Keygen.Xpstyle.CK
I:\StyleXP v3.06 KeyGen\eclsxp30.exe
Disinfection failed
I:\StyleXP v3.06 KeyGen\eclsxp30.exe
Deleted
I:\StyleXP v3.06 KeyGen.rar=>eclsxp30.exe
Detected with: Application.Keygen.Xpstyle.CK
I:\StyleXP v3.06 KeyGen.rar=>eclsxp30.exe
Disinfection failed
I:\StyleXP v3.06 KeyGen.rar=>eclsxp30.exe
Deleted
I:\StyleXP v3.06 KeyGen.rar
Update failed
- Kod: Zaznacz wszystko
Logfile of HijackThis v1.99.1
Scan saved at 17:37:35, on 2008-06-08
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\cFosSpeed\spd.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ImageShack\QuickShot\QuickShot.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\cFosSpeed\cFosSpeed.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
F:\mIRC\mirc.exe
C:\WINDOWS\explorer.exe
F:\Program Files\Opera\Opera.exe
C:\Documents and Settings\Administrator\Pulpit\Instalki\hijackthis_199\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ImageShackUtil] C:\Program Files\ImageShack\QuickShot\QuickShot.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [cFosSpeed] C:\Program Files\cFosSpeed\cFosSpeed.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - Startup: EasyTune5.lnk = C:\Program Files\Gigabyte\ET5\ET5SC.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet'a - F:\flashget\jc_link.htm
O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet'a - F:\flashget\jc_all.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://F:\PROGRA~1\M814F~1.OFF\Office10\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'w2pxdrv.dll' missing
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0E60181C-1D27-43EF-99BE-4EFE02027361}: NameServer = 194.204.159.1 217.98.63.164
O17 - HKLM\System\CS1\Services\Tcpip\..\{0E60181C-1D27-43EF-99BE-4EFE02027361}: NameServer = 194.204.159.1 217.98.63.164
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - Unknown owner - C:\Program Files\cFosSpeed\spd.exe" -service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Bufor wydruku (Spooler) - Unknown owner - C:\WINDOWS\system32\spoolsv.exe (file missing)
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
- Kod: Zaznacz wszystko
Deckard's System Scanner v20071014.68
Run by Administrator on 2008-06-08 17:32:49
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Failed to create restore point; System Restore is disabled (service is not running).
Backed up registry hives.
Performed disk cleanup.
[color=red]System Drive C: has 0 GiB (less than 15%) free.[/color]
-- HijackThis (run as Administrator.exe) ---------------------------------------
Unable to run HijackThis; Nie można odnaleźć określonego pliku.
Path: C:\DOCUME~1\ADMINI~1\Pulpit\Instalki\HIJACK~1\Administrator.exe
-- HijackThis Clone ------------------------------------------------------------
Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-06-08 17:34:37
Platform: Windows XP Dodatek Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Grisoft\AVG7\avgemc.exe
C:\Program Files\cFosSpeed\spd.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\alg.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ImageShack\QuickShot\QuickShot.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\cFosSpeed\cfosspeed.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
F:\mIRC\mirc.exe
C:\WINDOWS\explorer.exe
F:\Program Files\Opera\Opera.exe
C:\Documents and Settings\Administrator\Pulpit\dss.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ImageShackUtil] C:\Program Files\ImageShack\QuickShot\QuickShot.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [cFosSpeed] C:\Program Files\cFosSpeed\cFosSpeed.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: EasyTune5.lnk = C:\Program Files\Gigabyte\ET5\ET5SC.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet'a - F:\flashget\jc_link.htm
O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet'a - F:\flashget\jc_all.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://F:\PROGRA~1\M814F~1.OFF\Office10\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: w2pxdrv.dllO10 - Unknown file in Winsock LSP: C:\WINDOWS\system32\w2pxdrv.dll
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{0E60181C-1D27-43EF-99BE-4EFE02027361}: NameServer = 194.204.159.1 217.98.63.164
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgemc.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Program Files\cFosSpeed\spd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Bufor wydruku (Spooler) - Unknown owner - C:\WINDOWS\system32\spoolsv.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
--
End of file - 8793 bytes
-- HijackThis Fixed Entries (C:\Documents and Settings\Administrator\Pulpit\Instalki\hijackthis_199\backups\) --------------------------------------------------------------------------------
backup-20070823-220727-217 F2 - REG:system.ini: Shell=Explorer.exe activexdebugger32.exe
backup-20071029-163500-302 O23 - Service: Loki Drivers Auto Removal (pr2agqwc) (pr2agqwc) - Cyanide - C:\WINDOWS\system32\pr2agqwc.exe
backup-20071029-164318-670 O23 - Service: Loki Drivers Auto Removal (pr2agqwc) (pr2agqwc) - Unknown owner - C:\WINDOWS\system32\pr2agqwc.exe (file missing)
backup-20071029-164835-215 O23 - Service: Loki Drivers Auto Removal (pr2agqwc) (pr2agqwc) - Unknown owner - C:\WINDOWS\system32\pr2agqwc.exe (file missing)
backup-20071128-220351-465 F2 - REG:system.ini: Shell=Explorer.exe activexdebugger32.exe
backup-20080127-113809-154 O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - F:\flashget\getflash.dll
backup-20080127-113809-237 O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - F:\flashget\jccatch.dll
backup-20080127-113840-197 O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - F:\flashget\FlashGet.exe
backup-20080127-113840-383 O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet'a - F:\flashget\jc_all.htm
backup-20080127-113840-987 O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet'a - F:\flashget\jc_link.htm
backup-20080608-144324-692 O2 - BHO: (no name) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file)
-- File Associations -----------------------------------------------------------
[COLOR=red].cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*[/COLOR]
[COLOR=red].cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*[/COLOR]
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R0 giveio - c:\windows\system32\giveio.sys
R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfvfs02 (StarForce Protection VFS Driver (version 2.x)) - c:\windows\system32\drivers\sfvfs02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 speedfan - c:\windows\system32\speedfan.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
R1 StyleXPHelper - c:\program files\tgtsoft\stylexp\stylexphelper.exe <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
R2 lirsgt - c:\windows\system32\drivers\lirsgt.sys
S2 npkcrypt - g:\program files\pvpx\system\npkcrypt.sys (file missing)
S3 FreshIO - f:\freshdiagnose\freshio.sys (file missing)
S3 npkcusb - g:\program files\lineage int\system\npkcusb.sys (file missing)
S3 npkycryp - g:\program files\lineage inter\system\npkycryp.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 StyleXPService - "c:\program files\tgtsoft\stylexp\stylexpservice.exe" <Not Verified; ; StyleXPService Module>
S2 Spooler (Bufor wydruku) - c:\windows\system32\spoolsv.exe (file missing)
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA}
Description: Urządzenie USB interfejsu HID
Device ID: USB\VID_04F2&PID_0210&MI_00\6&265B993C&0&0000
Manufacturer: (Standardowe urządzenia systemowe)
Name: Urządzenie USB interfejsu HID
PNP Device ID: USB\VID_04F2&PID_0210&MI_00\6&265B993C&0&0000
Service: HidUsb
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: cFosSpeed Miniport
Device ID: ROOT\CFOSSPEED_MP\0000
Manufacturer: cFos Software GmbH
Name: WAN Miniport (Network Monitor) - cFosSpeed Miniport
PNP Device ID: ROOT\CFOSSPEED_MP\0000
Service: cFosSpeed
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: cFosSpeed Miniport
Device ID: ROOT\CFOSSPEED_MP\0001
Manufacturer: cFos Software GmbH
Name: Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC - cFosSpeed Miniport
PNP Device ID: ROOT\CFOSSPEED_MP\0001
Service: cFosSpeed
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: cFosSpeed Miniport
Device ID: ROOT\CFOSSPEED_MP\0002
Manufacturer: cFos Software GmbH
Name: WAN Miniport (IP) - cFosSpeed Miniport
PNP Device ID: ROOT\CFOSSPEED_MP\0002
Service: cFosSpeed
-- Files created between 2008-05-08 and 2008-06-08 -----------------------------
2008-06-08 17:26:27 68096 --a------ C:\WINDOWS\zip.exe
2008-06-08 17:26:27 49152 --a------ C:\WINDOWS\VFind.exe
2008-06-08 17:26:27 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-08 17:26:27 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-08 17:26:27 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-08 17:26:27 98816 --a------ C:\WINDOWS\sed.exe
2008-06-08 17:26:27 80412 --a------ C:\WINDOWS\grep.exe
2008-06-08 17:26:27 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-08 15:29:46 0 d-------- C:\WINDOWS\BDOSCAN8
2008-06-08 15:29:44 0 d-------- C:\WINDOWS\LastGood
2008-06-08 12:39:03 0 d-------- C:\Program Files\Common Files\plugin
2008-06-07 22:40:54 0 d-------- C:\mIRC
2008-05-31 23:35:49 0 d-------- C:\Program Files\SpeedFan
2008-05-26 17:32:06 0 d-------- C:\Program Files\Frets on Fire
2008-05-25 00:32:22 127456 --a------ C:\WINDOWS\system32\IPDETECT.EXE <Not Verified; ; IPDETECT>
2008-05-25 00:32:21 152126 --a------ C:\WINDOWS\system32\drivers\L1E9P2.BIN
2008-05-25 00:32:20 212992 --a------ C:\WINDOWS\system32\unaddrv.exe <Not Verified; Analog Devices.; UnADdrv>
2008-05-25 00:32:20 152126 --a------ C:\WINDOWS\system32\drivers\L1E9P1.BIN
2008-05-25 00:32:20 152126 --a------ C:\WINDOWS\system32\drivers\L1E9P0.BIN
2008-05-25 00:32:20 152126 --a------ C:\WINDOWS\system32\drivers\L1E9I2.BIN
2008-05-25 00:32:20 152126 --a------ C:\WINDOWS\system32\drivers\L1E9I1.BIN
2008-05-25 00:32:20 152126 --a------ C:\WINDOWS\system32\drivers\L1E9I0.BIN
2008-05-25 00:32:20 152146 --a------ C:\WINDOWS\system32\drivers\L1E4P2.BIN
2008-05-25 00:32:20 152145 --a------ C:\WINDOWS\system32\drivers\L1E4P1.BIN
2008-05-25 00:32:20 152145 --a------ C:\WINDOWS\system32\drivers\L1E4P0.BIN
2008-05-25 00:32:20 152308 --a------ C:\WINDOWS\system32\drivers\L1E4I2.BIN
2008-05-25 00:32:20 152306 --a------ C:\WINDOWS\system32\drivers\L1E4I1.BIN
2008-05-25 00:32:20 152306 --a------ C:\WINDOWS\system32\drivers\L1E4I0.BIN
2008-05-25 00:32:20 200704 --a------ C:\WINDOWS\system32\coclassfast.dll
2008-05-25 00:32:20 46892 --a------ C:\WINDOWS\system32\ADADIX16.DLL
2008-05-25 00:32:20 24576 --a------ C:\WINDOWS\enddisk32.exe
2008-05-25 00:32:20 176128 --a------ C:\WINDOWS\autoclk.exe <Not Verified; ; autoclk Application>
2008-05-25 00:32:11 0 d-------- C:\Program Files\SAGEM
2008-05-22 22:58:28 0 d-------- C:\Program Files\Jamdat
2008-05-22 22:27:59 0 d-------- C:\Program Files\MDM
2008-05-22 16:18:29 0 d-------- C:\Program Files\Microsoft ActiveSync
-- Find3M Report ---------------------------------------------------------------
2008-06-08 17:34:29 0 d-------- C:\Program Files\cFosSpeed
2008-06-08 15:28:08 0 d-------- C:\Program Files\ICQToolbar
2008-06-08 15:23:11 0 d-------- C:\Documents and Settings\Administrator\Dane aplikacji\AVG7
2008-06-08 12:39:03 0 d-------- C:\Program Files\Common Files
2008-06-08 11:36:26 0 d-------- C:\Documents and Settings\Administrator\Dane aplikacji\mIRC
2008-05-30 20:14:53 0 d-------- C:\Documents and Settings\Administrator\Dane aplikacji\LimeWire
2008-05-26 17:37:23 0 d-------- C:\Documents and Settings\Administrator\Dane aplikacji\fretsonfire
2008-05-25 00:32:20 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-24 12:39:02 0 d-------- C:\Documents and Settings\Administrator\Dane aplikacji\BitTorrent
2008-05-22 16:22:17 448348 --a------ C:\WINDOWS\system32\perfh015.dat
2008-05-22 16:22:17 74450 --a------ C:\WINDOWS\system32\perfc015.dat
2008-05-22 16:19:17 2528 --a------ C:\Documents and Settings\Administrator\Dane aplikacji\$_hpcst$.hpc
2008-05-15 17:21:38 0 d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Ubisoft
2008-04-24 15:53:40 379392 --a------ C:\WINDOWS\smun3240.exe
2008-04-24 15:53:38 0 d-------- C:\Program Files\Ashampoo
2008-04-19 20:01:07 0 d-------- C:\Documents and Settings\Administrator\Dane aplikacji\U3
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-04-19 13:26]
"ImageShackUtil"="C:\Program Files\ImageShack\QuickShot\QuickShot.exe" [2006-04-30 00:42]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-15 09:49]
"cFosSpeed"="C:\Program Files\cFosSpeed\cFosSpeed.exe" [2008-02-12 15:16]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-19 13:26]
"MSConfig"="C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.exe" [2004-08-04 01:44]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:44]
"STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 20:31]
"DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 15:08]
C:\Documents and Settings\Administrator\Menu Start\Programy\Autostart\
EasyTune5.lnk - C:\Program Files\Gigabyte\ET5\ET5SC.exe [2007-06-20 12:31:09]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-05-25 00:32:22]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)
"DisableRegistryTools"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{E25C29AB-12B9-4523-A53C-324B5FBA648C}"= E:\TMP\datF40.tmp [2008-06-08 12:39 10072]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adiras]
adiras.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
ALCMTR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
"C:\Program Files\BitTorrent_DNA\dna.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyTuneV]
C:\Program Files\Gigabyte\ET5\ETcall.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget]
F:\flashget\flashget.exe /min
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]
"F:\Gadu-Gadu\gg.exe" /tray
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
"C:\Program Files\ICQ6\ICQ.exe" silent
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\system32\\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nod32kui]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ProxyCap]
C:\PROGRA~1\PROXYL~1\ProxyCap\ProxyCap.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"F:\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
RTHDCPL.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shell]
"C:\WINDOWS\system32\Rundll32.exe" "C:\WINDOWS\system32\shell32.dll",Control_RunDLL "E:\TMP\datF40.tmp"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
SkyTel.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"srservice"=2 (0x2)
"CiSvc"=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
netwm netwm
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
AutoRun\command- K:\LaunchU3.exe -a
-- End of Deckard's System Scanner: finished at 2008-06-08 17:34:55 ------------
[code]
ComboFix 08-06-07.3 - Administrator 2008-06-08 17:26:38.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1570 [GMT 2:00]
Running from: C:\Documents and Settings\Administrator\Pulpit\ComboFix.exe
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((( Files Created from 2008-05-08 to 2008-06-08 )))))))))))))))))))))))))))))))
.
2008-06-08 15:29 . 2008-06-08 15:29 <DIR> d-------- C:\WINDOWS\LastGood
2008-06-08 15:29 . 2008-06-08 17:21 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-06-08 12:39 . 2008-06-08 12:39 <DIR> d-------- C:\Program Files\Common Files\plugin
2008-06-08 12:39 . 2008-06-08 12:39 4,224 --a------ C:\WINDOWS\system32\drivers\beep.sys
2008-06-07 22:40 . 2008-06-07 22:40 <DIR> d-------- C:\mIRC
2008-06-07 22:40 . 2008-06-08 11:36 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\mIRC
2008-06-07 20:41 . 2008-06-07 21:01 122 --a------ C:\WINDOWS\WA.INI
2008-05-31 23:35 . 2008-06-04 14:18 <DIR> d-------- C:\Program Files\SpeedFan
2008-05-31 23:35 . 2008-05-31 23:35 45 --a------ C:\WINDOWS\system32\initdebug.nfo
2008-05-26 17:32 . 2008-05-26 17:37 <DIR> d-------- C:\Program Files\Frets on Fire
2008-05-26 17:32 . 2008-05-26 17:37 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\fretsonfire
2008-05-25 00:32 . 2008-05-25 00:32 <DIR> d-------- C:\Program Files\SAGEM
2008-05-22 22:58 . 2008-05-22 22:58 <DIR> d-------- C:\Program Files\Jamdat
2008-05-22 22:27 . 2008-05-22 22:35 <DIR> d-------- C:\Program Files\MDM
2008-05-22 16:18 . 2008-05-22 16:18 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-05-22 16:18 . 2005-10-21 03:47 30,592 --------- C:\WINDOWS\system32\drivers\rndismpx.sys
2008-05-22 16:18 . 2005-10-21 03:47 12,800 --------- C:\WINDOWS\system32\drivers\usb8023x.sys
2008-05-15 17:21 . 2008-05-15 17:21 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Ubisoft
2008-05-15 17:21 . 2008-05-15 17:21 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Ubisoft
2008-05-15 17:20 . 2007-10-12 15:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll
2008-05-15 17:20 . 2007-10-12 15:14 1,374,232 --a------ C:\WINDOWS\system32\D3DCompiler_36.dll
2008-05-15 17:20 . 2007-10-02 09:56 444,776 --a------ C:\WINDOWS\system32\d3dx10_36.dll
2008-05-15 17:20 . 2007-10-22 03:39 267,272 --a------ C:\WINDOWS\system32\xactengine2_10.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-08 15:26 --------- d-----w C:\Program Files\cFosSpeed
2008-06-08 13:28 --------- d-
