http://img110.imageshack.us/my.php?image=programosyvu3.png
Aktualizacje na programosy.pl:
Chromium • Kaspersky Rescue Disk • Vim • FreeMeter • Syncovery • DriverStoreExplorer • Far Manager • YT Downloader • Wipe
-
- Ogłoszenie:
"wykryto poteencjalną infekcję"
57 posty(ów) • Strona 2 z 3 • 1, 2, 3
przez Jaramaniak 09 Lut 2008, 19:57
http://img110.imageshack.us/my.php?image=programosyvu3.png
-
Jaramaniak - ~user
- Posty: 140
- Dołączenie: 29 Gru 2007, 11:52
- Pochwały: 1
przez wojtas 09 Lut 2008, 21:30
Zastosuj SDFix . Po pobraniu uruchom go a rozpakuje się do C:\SDFix. Uruchom komputer w trybie awaryjnym (F8 przy stracie systemu). Będąc w awaryjnym uruchom plik RunThis.bat z folderu SDFixa. Zatwierdź czyszczenie przez Y. Poczekaj aż ukończy i komputer zresetuje
Potem wejdz do folderu C:\SDFix wrzuc zawartość pliku Report.txt + log z combofixa oraz z hijacka
Potem wejdz do folderu C:\SDFix wrzuc zawartość pliku Report.txt + log z combofixa oraz z hijacka
-
wojtas - *mod
- Posty: 18165
- Dołączenie: 13 Sty 2006, 16:00
- Miejscowość: Krzeszyce
- Pochwały: 1656
-
przez Jaramaniak 09 Lut 2008, 23:56
no i po zrobieniu z tym SDFix (nie wiem czy dobrze, bo Run Batery mi w ogole nie chodzilo, nacisnalem catchme i cos skanowalo) nie moge odpalic comboFix bo pisze mi to
http://img519.imageshack.us/my.php?image=bladtn6.png
pogiete to...
a to rezultaz z tego catchme:
http://img519.imageshack.us/my.php?image=bladtn6.png
pogiete to...
a to rezultaz z tego catchme:
- Kod: Zaznacz wszystko
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-09 22:45:52
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:bc454920
"s2"=dword:4d8048d3
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:51,a1,f3,3e,c0,9b,1c,33,13,58,d6,2e,79,13,43,dd,43,5f,a8,84,f6,..
"p0"="C:\Program Files\DAEMON Tools\"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,cf,83,0c,85,d7,3e,9e,8c,23,1a,9c,01,31,e9,de,a3,11,..
"khjeh"=hex:94,a7,f7,5b,5a,93,6a,7c,31,09,e1,7b,c2,d7,8c,96,ee,f8,7c,00,9f,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:7e,08,1e,e5,d2,3a,6d,7a,71,00,4c,eb,37,b4,98,1b,85,8e,dd,0b,2f,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:38,2c,c8,ef,c1,8f,e2,73,d0,6e,60,02,59,e3,ec,51,ea,57,13,8b,5c,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vax347s\Config\$winnt32$_test]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vax347s\Config\jdgg40]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:51,a1,f3,3e,c0,9b,1c,33,13,58,d6,2e,79,13,43,dd,43,5f,a8,84,f6,..
"p0"="C:\Program Files\DAEMON Tools\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:3b,65,71,12,df,68,20,88,06,fc,ea,22,78,68,de,23,5a,34,b9,f9,fc,..
"a0"=hex:20,01,00,00,b4,9c,8c,1e,35,92,ae,2a,d4,6e,26,a1,c8,f2,38,fa,5a,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:fa,8c,26,f1,81,c9,c6,64,1e,28,f0,d5,75,e5,0e,cb,87,d2,1d,95,68,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:9c,fe,0f,1f,05,e8,2d,e8,48,c8,b9,9c,02,ae,79,6c,f2,5b,83,8b,6d,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:51,a1,f3,3e,c0,9b,1c,33,13,58,d6,2e,79,13,43,dd,43,5f,a8,84,f6,..
"p0"="C:\Program Files\DAEMON Tools\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,cf,83,0c,85,d7,3e,9e,8c,23,1a,9c,01,31,e9,de,a3,11,..
"khjeh"=hex:94,a7,f7,5b,5a,93,6a,7c,31,09,e1,7b,c2,d7,8c,96,ee,f8,7c,00,9f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:7e,08,1e,e5,d2,3a,6d,7a,71,00,4c,eb,37,b4,98,1b,85,8e,dd,0b,2f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:38,2c,c8,ef,c1,8f,e2,73,d0,6e,60,02,59,e3,ec,51,ea,57,13,8b,5c,..
scanning hidden registry entries ...
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A\1\5\1c]
"Order"=hex:08,00,00,00,02,00,00,00,72,00,00,00,01,00,00,00,01,00,00,00,66,..
scanning hidden files ...
-
Jaramaniak - ~user
- Posty: 140
- Dołączenie: 29 Gru 2007, 11:52
- Pochwały: 1
-
przez Jaramaniak 10 Lut 2008, 11:42
- Kod: Zaznacz wszystko
Deckard's System Scanner v20071014.68
Run by Miki on 2008-02-10 10:38:57
Computer is in Normal Mode.
--------------------------------------------------------------------------------
[color=red]System Drive C: has 0.13 GiB (less than 15%) free.[/color]
-- HijackThis (run as Miki.exe) ------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:40:04, on 2008-02-10
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\VM305_STI.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AutoConnect\AutoConnect.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Miki\Pulpit\dss.exe
C:\DOCUME~1\Miki\Pulpit\Miki.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\Rundll32.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\3.bin\MGSBAR.DLL (file missing)
O2 - BHO: (no name) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {A00CA75C-DEDD-4474-9088-5D6363D69338} - C:\WINDOWS\system32\rqrqopo.dll
O2 - BHO: (no name) - {B422BD69-D803-4950-9868-E439D509B5F2} - C:\WINDOWS\system32\ssqpo.dll
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-ABCD-7DD20B8622FF} - C:\Program Files\Helper\1202404148.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\NOKIA\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: ATI CATALYST – pasek zadań.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1202589149750
O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_03) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{6B8FB721-98CD-4524-89AA-6A3DB549ECF7}: NameServer = 194.204.159.1 217.98.63.164
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: rqrqopo - C:\WINDOWS\SYSTEM32\rqrqopo.dll
O20 - Winlogon Notify: winrkp32 - C:\WINDOWS\SYSTEM32\winrkp32.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
--
End of file - 9741 bytes
-- Files created between 2008-01-10 and 2008-02-10 -----------------------------
2008-02-09 22:52:36 0 d-------- C:\WINDOWS\LastGood
2008-02-09 18:13:38 0 d-------- C:\Program Files\TrojanHunter 5.0
2008-02-07 20:15:06 0 d-------- C:\Program Files\Hamachi
2008-02-07 18:12:10 257155 --ahs---- C:\WINDOWS\system32\opqss.ini2
2008-02-07 18:11:59 331264 --a------ C:\WINDOWS\system32\ssqpo.dll
2008-02-07 18:08:11 2 --a------ C:\1948880548
2008-02-07 18:07:18 54764 --a------ C:\WINDOWS\system32\4fdw.dll
2008-02-07 18:07:14 0 d-------- C:\Program Files\Helper
2008-02-07 18:07:10 58368 --a------ C:\xjoukm.exe
2008-02-07 18:06:50 41472 --a------ C:\WINDOWS\system32\rqrqopo.dll
2008-02-07 18:06:30 23552 --a------ C:\WINDOWS\system32\winrkp32.dll
2008-02-02 11:30:29 0 d-------- C:\Program Files\Microsoft Works
2008-02-02 11:30:08 0 d-------- C:\Program Files\MSBuild
2008-02-02 11:27:14 0 d-------- C:\Program Files\Microsoft.NET
2008-02-02 11:21:07 0 d-------- C:\WINDOWS\SHELLNEW
2008-02-02 11:19:25 0 dr-h----- C:\MSOCache
2008-02-02 09:11:44 0 d--h----- C:\WINDOWS\$hf_mig$
2008-02-01 22:55:04 0 d-------- C:\Program Files\VSD Software
2008-01-27 15:05:11 0 d-------- C:\Program Files\Common Files\Sony Ericsson Shared
2008-01-27 15:03:28 0 d-------- C:\WINDOWS\Downloaded Installations
2008-01-19 14:33:03 0 d-------- C:\Program Files\AdVantage
2008-01-19 14:22:03 0 d-------- C:\Program Files\DAEMON Tools
2008-01-15 20:01:35 98304 --a------ C:\WINDOWS\system32\IStestDLL.dll <Not Verified; ; IStestDLL Dynamic Link Library>
2008-01-15 20:00:22 28672 --a------ C:\WINDOWS\system32\ISkeyObject.dll <Not Verified; ; ISkeyObject Dynamic Link Library>
2008-01-15 20:00:20 0 d-------- C:\Program Files\Octatec
2008-01-12 12:55:35 0 d-------- C:\Program Files\YouTube Video Downloader
2008-01-10 21:52:23 0 d-------- C:\Program Files\FLV to AVI MPEG WMV 3GP MP4 iPod Converter
-- Find3M Report ---------------------------------------------------------------
2008-02-10 10:36:10 0 d-------- C:\Program Files\AutoConnect
2008-02-09 23:19:06 0 --a------ C:\AUTOEXEC.BAT
2008-02-09 22:21:29 0 d-------- C:\Program Files\FlashGet
2008-02-08 17:11:03 0 d-------- C:\Program Files\Neostrada TP
2008-02-07 20:26:54 0 d-------- C:\Documents and Settings\Miki\Dane aplikacji\Hamachi
2008-02-02 11:29:10 0 d-------- C:\Program Files\Common Files
2008-02-02 11:05:38 0 d-------- C:\Documents and Settings\Miki\Dane aplikacji\uTorrent
2008-02-02 11:02:12 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-02-02 09:08:58 0 d-------- C:\Documents and Settings\Miki\Dane aplikacji\ATI
2008-01-31 18:57:52 0 d-------- C:\Documents and Settings\Miki\Dane aplikacji\Tibia
2008-01-27 15:06:37 0 d-------- C:\Program Files\Common Files\Teleca Shared
2008-01-19 14:53:21 0 d-------- C:\Documents and Settings\Miki\Dane aplikacji\Sports Interactive
2008-01-19 14:22:04 0 d-------- C:\Documents and Settings\Miki\Dane aplikacji\DAEMON Tools
2008-01-16 10:01:25 0 d-------- C:\Documents and Settings\Miki\Dane aplikacji\Adobe
2008-01-12 15:53:02 0 d-------- C:\Documents and Settings\Miki\Dane aplikacji\GanymedeNet
2008-01-12 14:27:21 0 d-------- C:\Program Files\Gadu-Gadu
2008-01-12 11:55:14 0 d-------- C:\Documents and Settings\Miki\Dane aplikacji\Nokia
2008-01-11 20:42:30 0 d-------- C:\Program Files\Ganymede
2008-01-08 19:14:34 436322 --a------ C:\WINDOWS\system32\perfh015.dat
2008-01-08 19:14:34 67298 --a------ C:\WINDOWS\system32\perfc015.dat
2008-01-06 13:25:34 0 d-------- C:\Program Files\VstPlugins
2008-01-06 13:18:38 0 d-------- C:\Program Files\ASIO4ALL v2
2008-01-05 19:26:02 4382 --a----c- C:\WINDOWS\mozver.dat
2008-01-01 14:34:59 168 --a------ C:\WINDOWS\system32\proc1395793746.bin
2007-12-30 17:35:47 0 d-------- C:\Program Files\YourWare Solutions
2007-12-29 19:10:20 23640 --a----c- C:\WINDOWS\system32\emptyregdb.dat
2007-12-29 17:49:08 0 d-------- C:\Program Files\ATI Technologies
2007-12-25 13:09:53 0 d-------- C:\Program Files\uTorrent
2007-12-23 13:14:24 21840 --a-----t C:\WINDOWS\system32\SIntfNT.dll
2007-12-23 13:14:24 17212 --a-----t C:\WINDOWS\system32\SIntf32.dll
2007-12-23 13:14:24 12067 --a-----t C:\WINDOWS\system32\SIntf16.dll
2007-12-21 21:07:43 0 d-------- C:\Program Files\CCleaner
2007-12-21 21:07:43 0 d-------- C:\Program Files\7-Zip
2007-12-15 11:58:40 0 d-------- C:\Program Files\No-IP
2007-12-13 19:52:12 0 d-------- C:\Program Files\Java
2007-12-13 19:49:12 0 d-------- C:\Program Files\Common Files\Java
2007-12-11 19:48:28 0 d-------- C:\Program Files\Winamp
2007-12-11 19:48:28 0 d-------- C:\Program Files\QuickTime
2007-12-11 19:48:28 0 d-------- C:\Program Files\IrfanView
2007-12-11 09:21:48 0 d-------- C:\Documents and Settings\Miki\Dane aplikacji\Skype
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A00CA75C-DEDD-4474-9088-5D6363D69338}]
2008-02-07 18:06 41472 --a------ C:\WINDOWS\system32\rqrqopo.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B422BD69-D803-4950-9868-E439D509B5F2}]
2008-02-07 18:12 331264 --a------ C:\WINDOWS\system32\ssqpo.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F10587E9-0E47-4CBE-ABCD-7DD20B8622FF}]
2008-02-07 18:09 12800 --a------ C:\Program Files\Helper\1202404148.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-01-11 15:08 C:\WINDOWS\soundman.exe]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-06 01:07]
"BigDog305"="C:\WINDOWS\VM305_STI.exe" [2005-08-05 08:15]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-06-09 20:28]
"adiras"="adiras.exe" []
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00]
"PCSuiteTrayApplication"="C:\Program Files\NOKIA\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 13:20]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00]
"AutoConnect"="C:\Program Files\AutoConnect\AutoConnect.exe" [2004-08-28 19:27]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Program Files\NOKIA\Nokia PC Suite 6\PcSync2.exe /NoDialog
-- End of Deckard's System Scanner: finished at 2008-02-10 10:42:07 ------------
-
Jaramaniak - ~user
- Posty: 140
- Dołączenie: 29 Gru 2007, 11:52
- Pochwały: 1
-
przez wojtas 10 Lut 2008, 19:38
skasuj te wpisy:
Ściągnij OTMoveIt W okienko po lewej Paste List of Files/Folders to be Moved wklej
Następnie naciskamy - MoveIt!. Pliki zostały przeniesione. Wynik operacji zobaczymy w prawym oknie Results.
Log po pracy programu zobaczymy w lokalizacji - C:\_OTMoveIt\MovedFiles
Po całej operacji należy zresetować komputer
potem wracasz z logami
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\3.bin\MGSBAR.DLL (file missing)
O2 - BHO: (no name) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - (no file)
O2 - BHO: (no name) - {A00CA75C-DEDD-4474-9088-5D6363D69338} - C:\WINDOWS\system32\rqrqopo.dll
O2 - BHO: (no name) - {B422BD69-D803-4950-9868-E439D509B5F2} - C:\WINDOWS\system32\ssqpo.dll
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-ABCD-7DD20B8622FF} - C:\Program Files\Helper\1202404148.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O20 - Winlogon Notify: rqrqopo - C:\WINDOWS\SYSTEM32\rqrqopo.dll
O20 - Winlogon Notify: winrkp32 - C:\WINDOWS\SYSTEM32\winrkp32.dll
Ściągnij OTMoveIt W okienko po lewej Paste List of Files/Folders to be Moved wklej
C:\WINDOWS\system32\rqrqopo.dll
C:\WINDOWS\system32\ssqpo.dll
C:\Program Files\Helper\1202404148.dll
C:\Program Files\Helper
C:\WINDOWS\SYSTEM32\winrkp32.dll
C:\WINDOWS\system32\opqss.ini2
C:\1948880548
C:\WINDOWS\system32\4fdw.dll
Następnie naciskamy - MoveIt!. Pliki zostały przeniesione. Wynik operacji zobaczymy w prawym oknie Results.
Log po pracy programu zobaczymy w lokalizacji - C:\_OTMoveIt\MovedFiles
Po całej operacji należy zresetować komputer
potem wracasz z logami
-
wojtas - *mod
- Posty: 18165
- Dołączenie: 13 Sty 2006, 16:00
- Miejscowość: Krzeszyce
- Pochwały: 1656
-
przez Jaramaniak 12 Lut 2008, 11:16
DllUnregisterServer procedure not found in C:\WINDOWS\system32\rqrqopo.dll
C:\WINDOWS\system32\rqrqopo.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\rqrqopo.dll scheduled to be moved on reboot.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\ssqpo.dll
C:\WINDOWS\system32\ssqpo.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\ssqpo.dll scheduled to be moved on reboot.
C:\Program Files\Helper\1202404148.dll unregistered successfully.
C:\Program Files\Helper\1202404148.dll moved successfully.
C:\Program Files\Helper moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\winrkp32.dll
C:\WINDOWS\SYSTEM32\winrkp32.dll NOT unregistered.
C:\WINDOWS\SYSTEM32\winrkp32.dll moved successfully.
C:\WINDOWS\system32\opqss.ini2 moved successfully.
C:\1948880548 moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\4fdw.dll
C:\WINDOWS\system32\4fdw.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\4fdw.dll scheduled to be moved on reboot.
OTMoveIt2 v1.0.19 log created on 02122008_101421
oto co pojawiło się w okienku po prawej...
C:\WINDOWS\system32\rqrqopo.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\rqrqopo.dll scheduled to be moved on reboot.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\ssqpo.dll
C:\WINDOWS\system32\ssqpo.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\ssqpo.dll scheduled to be moved on reboot.
C:\Program Files\Helper\1202404148.dll unregistered successfully.
C:\Program Files\Helper\1202404148.dll moved successfully.
C:\Program Files\Helper moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\winrkp32.dll
C:\WINDOWS\SYSTEM32\winrkp32.dll NOT unregistered.
C:\WINDOWS\SYSTEM32\winrkp32.dll moved successfully.
C:\WINDOWS\system32\opqss.ini2 moved successfully.
C:\1948880548 moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\4fdw.dll
C:\WINDOWS\system32\4fdw.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\4fdw.dll scheduled to be moved on reboot.
OTMoveIt2 v1.0.19 log created on 02122008_101421
oto co pojawiło się w okienku po prawej...
-
Jaramaniak - ~user
- Posty: 140
- Dołączenie: 29 Gru 2007, 11:52
- Pochwały: 1
-
przez Jaramaniak 12 Lut 2008, 20:05
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:03:19, on 2008-02-12
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\VM305_STI.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AutoConnect\AutoConnect.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Miki\Pulpit\Miki.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: (no name) - {554EB8C2-39C0-4845-B08C-F2196A90B983} - C:\WINDOWS\system32\ssqpo.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {A00CA75C-DEDD-4474-9088-5D6363D69338} - C:\WINDOWS\system32\rqrqopo.dll
O2 - BHO: (no name) - {D1AC35C4-FB7A-444B-B5EA-5F504377533E} - C:\WINDOWS\system32\jkkjg.dll
O2 - BHO: (no name) - {E07CE26D-D2D8-484E-8674-FE5A76A122D6} - C:\WINDOWS\system32\geede.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\NOKIA\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: ATI CATALYST – pasek zadań.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1202589149750
O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_03) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{6B8FB721-98CD-4524-89AA-6A3DB549ECF7}: NameServer = 194.204.159.1 217.98.63.164
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: rqrqopo - C:\WINDOWS\SYSTEM32\rqrqopo.dll
O20 - Winlogon Notify: winrkp32 - winrkp32.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
--
End of file - 9330 bytes
Deckard's System Scanner v20071014.68
Run by Miki on 2008-02-12 19:03:43
Computer is in Normal Mode.
--------------------------------------------------------------------------------
System Drive C: has 0.53 GiB (less than 15%) free.
-- HijackThis (run as Miki.exe) ------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:03:50, on 2008-02-12
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\VM305_STI.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AutoConnect\AutoConnect.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Miki\Pulpit\dss.exe
C:\DOCUME~1\Miki\Pulpit\Miki.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: (no name) - {554EB8C2-39C0-4845-B08C-F2196A90B983} - C:\WINDOWS\system32\ssqpo.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {A00CA75C-DEDD-4474-9088-5D6363D69338} - C:\WINDOWS\system32\rqrqopo.dll
O2 - BHO: (no name) - {D1AC35C4-FB7A-444B-B5EA-5F504377533E} - C:\WINDOWS\system32\jkkjg.dll
O2 - BHO: (no name) - {E07CE26D-D2D8-484E-8674-FE5A76A122D6} - C:\WINDOWS\system32\geede.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\NOKIA\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: ATI CATALYST – pasek zadań.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1202589149750
O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_03) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{6B8FB721-98CD-4524-89AA-6A3DB549ECF7}: NameServer = 194.204.159.1 217.98.63.164
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: rqrqopo - C:\WINDOWS\SYSTEM32\rqrqopo.dll
O20 - Winlogon Notify: winrkp32 - winrkp32.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
--
End of file - 9363 bytes
-- Files created between 2008-01-12 and 2008-02-12 -----------------------------
2008-02-12 16:30:59 207408 --ahs---- C:\WINDOWS\system32\edeeg.ini2
2008-02-12 16:30:45 334336 --a------ C:\WINDOWS\system32\geede.dll
2008-02-12 15:01:33 203868 --ahs---- C:\WINDOWS\system32\gjkkj.ini2
2008-02-12 15:01:21 334336 --a------ C:\WINDOWS\system32\jkkjg.dll
2008-02-12 10:16:24 202408 --ahs---- C:\WINDOWS\system32\opqss.ini2
2008-02-10 18:26:42 0 --a------ C:\WINDOWS\system32\aruoupxi.dll
2008-02-10 18:23:38 0 --a------ C:\WINDOWS\system32\xqoyyolf.dll
2008-02-09 18:13:38 0 d-------- C:\Program Files\TrojanHunter 5.0
2008-02-07 20:15:06 0 d-------- C:\Program Files\Hamachi
2008-02-07 18:11:59 331264 --a------ C:\WINDOWS\system32\ssqpo.dll
2008-02-07 18:07:18 54764 --a------ C:\WINDOWS\system32\4fdw.dll
2008-02-07 18:07:10 58368 --a------ C:\xjoukm.exe
2008-02-07 18:06:50 41472 --a------ C:\WINDOWS\system32\rqrqopo.dll
2008-02-02 11:30:29 0 d-------- C:\Program Files\Microsoft Works
2008-02-02 11:30:08 0 d-------- C:\Program Files\MSBuild
2008-02-02 11:27:14 0 d-------- C:\Program Files\Microsoft.NET
2008-02-02 11:21:07 0 d-------- C:\WINDOWS\SHELLNEW
2008-02-02 11:19:25 0 dr-h----- C:\MSOCache
2008-02-02 09:11:44 0 d--h----- C:\WINDOWS\$hf_mig$
2008-02-01 22:55:04 0 d-------- C:\Program Files\VSD Software
2008-01-27 15:05:11 0 d-------- C:\Program Files\Common Files\Sony Ericsson Shared
2008-01-27 15:03:28 0 d-------- C:\WINDOWS\Downloaded Installations
2008-01-19 14:33:03 0 d-------- C:\Program Files\AdVantage
2008-01-19 14:22:03 0 d-------- C:\Program Files\DAEMON Tools
2008-01-15 20:01:35 98304 --a------ C:\WINDOWS\system32\IStestDLL.dll <Not Verified; ; IStestDLL Dynamic Link Library>
2008-01-15 20:00:22 28672 --a------ C:\WINDOWS\system32\ISkeyObject.dll <Not Verified; ; ISkeyObject Dynamic Link Library>
2008-01-15 20:00:20 0 d-------- C:\Program Files\Octatec
2008-01-12 12:55:35 0 d-------- C:\Program Files\YouTube Video Downloader
-- Find3M Report ---------------------------------------------------------------
2008-02-12 19:00:11 0 d-------- C:\Program Files\AutoConnect
2008-02-12 15:27:36 0 d-------- C:\Program Files\Neostrada TP
2008-02-12 13:07:54 0 d-------- C:\Documents and Settings\Miki\Dane aplikacji\uTorrent
2008-02-12 10:17:18 0 d-------- C:\Program Files\FlashGet
2008-02-10 13:43:05 0 d-------- C:\Documents and Settings\Miki\Dane aplikacji\Hamachi
2008-02-10 12:06:52 5351 --a----c- C:\WINDOWS\mozver.dat
2008-02-10 11:37:17 0 d-------- C:\Documents and Settings\Miki\Dane aplikacji\GanymedeNet
2008-02-10 11:35:01 0 d-------- C:\Program Files\Ganymede
2008-02-09 23:19:06 0 --a------ C:\AUTOEXEC.BAT
2008-02-02 11:29:10 0 d-------- C:\Program Files\Common Files
2008-02-02 11:02:12 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-02-02 09:08:58 0 d-------- C:\Documents and Settings\Miki\Dane aplikacji\ATI
2008-01-31 18:57:52 0 d-------- C:\Documents and Settings\Miki\Dane aplikacji\Tibia
2008-01-27 15:06:37 0 d-------- C:\Program Files\Common Files\Teleca Shared
2008-01-19 14:53:21 0 d-------- C:\Documents and Settings\Miki\Dane aplikacji\Sports Interactive
2008-01-19 14:22:04 0 d-------- C:\Documents and Settings\Miki\Dane aplikacji\DAEMON Tools
2008-01-16 10:01:25 0 d-------- C:\Documents and Settings\Miki\Dane aplikacji\Adobe
2008-01-12 14:27:21 0 d-------- C:\Program Files\Gadu-Gadu
2008-01-12 12:22:56 0 d-------- C:\Program Files\FLV to AVI MPEG WMV 3GP MP4 iPod Converter
2008-01-12 11:55:14 0 d-------- C:\Documents and Settings\Miki\Dane aplikacji\Nokia
2008-01-08 19:14:34 436322 --a------ C:\WINDOWS\system32\perfh015.dat
2008-01-08 19:14:34 67298 --a------ C:\WINDOWS\system32\perfc015.dat
2008-01-06 13:25:34 0 d-------- C:\Program Files\VstPlugins
2008-01-06 13:18:38 0 d-------- C:\Program Files\ASIO4ALL v2
2008-01-01 14:34:59 168 --a------ C:\WINDOWS\system32\proc1395793746.bin
2007-12-30 17:35:47 0 d-------- C:\Program Files\YourWare Solutions
2007-12-29 19:10:20 23640 --a----c- C:\WINDOWS\system32\emptyregdb.dat
2007-12-29 17:49:08 0 d-------- C:\Program Files\ATI Technologies
2007-12-25 13:09:53 0 d-------- C:\Program Files\uTorrent
2007-12-23 13:14:24 21840 --a-----t C:\WINDOWS\system32\SIntfNT.dll
2007-12-23 13:14:24 17212 --a-----t C:\WINDOWS\system32\SIntf32.dll
2007-12-23 13:14:24 12067 --a-----t C:\WINDOWS\system32\SIntf16.dll
2007-12-21 21:07:43 0 d-------- C:\Program Files\CCleaner
2007-12-21 21:07:43 0 d-------- C:\Program Files\7-Zip
2007-12-15 11:58:40 0 d-------- C:\Program Files\No-IP
2007-12-13 19:52:12 0 d-------- C:\Program Files\Java
2007-12-13 19:49:12 0 d-------- C:\Program Files\Common Files\Java
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{554EB8C2-39C0-4845-B08C-F2196A90B983}]
2008-02-07 18:12 331264 --a------ C:\WINDOWS\system32\ssqpo.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A00CA75C-DEDD-4474-9088-5D6363D69338}]
2008-02-07 18:06 41472 --a------ C:\WINDOWS\system32\rqrqopo.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D1AC35C4-FB7A-444B-B5EA-5F504377533E}]
2008-02-12 15:01 334336 --a------ C:\WINDOWS\system32\jkkjg.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E07CE26D-D2D8-484E-8674-FE5A76A122D6}]
2008-02-12 16:30 334336 --a------ C:\WINDOWS\system32\geede.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-01-11 15:08 C:\WINDOWS\soundman.exe]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-06 01:07]
"BigDog305"="C:\WINDOWS\VM305_STI.exe" [2005-08-05 08:15]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-06-09 20:28]
"adiras"="adiras.exe" []
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00]
"PCSuiteTrayApplication"="C:\Program Files\NOKIA\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 13:20]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00]
"AutoConnect"="C:\Program Files\AutoConnect\AutoConnect.exe" [2004-08-28 19:27]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Program Files\NOKIA\Nokia PC Suite 6\PcSync2.exe /NoDialog
-- End of Deckard's System Scanner: finished at 2008-02-12 19:04:42 ------------
znów często pisze mi o trojanach (info avast4)
-
Jaramaniak - ~user
- Posty: 140
- Dołączenie: 29 Gru 2007, 11:52
- Pochwały: 1
-
przez wojtas 12 Lut 2008, 20:10
-
wojtas - *mod
- Posty: 18165
- Dołączenie: 13 Sty 2006, 16:00
- Miejscowość: Krzeszyce
- Pochwały: 1656
-
przez Jaramaniak 12 Lut 2008, 20:26
mowilem Ci ze smitfraudfix sie mi nie otwieeeeera! serio wbija mi na dosa na mikrosekunde i koniec...
-
Jaramaniak - ~user
- Posty: 140
- Dołączenie: 29 Gru 2007, 11:52
- Pochwały: 1
-
przez Jaramaniak 12 Lut 2008, 21:03
ok ale w tym vundofix nie tworzy mi sie log 
[ Dodano: Dzisiaj o 20:05 ]
powstala w programie taka mini lista plikow ktore jak sie domyslam trzeba usunac rozumiem ze mam to zrobic tak?
[ Dodano: Dzisiaj o 20:05 ]
powstala w programie taka mini lista plikow ktore jak sie domyslam trzeba usunac
rozumiem ze mam to zrobic tak?-
Jaramaniak - ~user
- Posty: 140
- Dołączenie: 29 Gru 2007, 11:52
- Pochwały: 1
-
przez wojtas 12 Lut 2008, 21:22
w vundofixie dajesz najpierw opcje scan for vundo a potem remove vundo 
jak wykonasz to wroc z logami
jak wykonasz to wroc z logami-
wojtas - *mod
- Posty: 18165
- Dołączenie: 13 Sty 2006, 16:00
- Miejscowość: Krzeszyce
- Pochwały: 1656
-
przez Jaramaniak 13 Lut 2008, 18:52
[02/12/2008, 19:29:04] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Miki\Pulpit\VirtumundoBeGone.exe" )
[02/12/2008, 19:29:14] - User choose NOT to continue. Exiting...
[02/13/2008, 17:49:59] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Miki\Pulpit\VirtumundoBeGone.exe" )
[02/13/2008, 17:50:02] - Detected System Information:
[02/13/2008, 17:50:02] - Windows Version: 5.1.2600, Dodatek Service Pack 2
[02/13/2008, 17:50:02] - Current Username: Miki (Admin)
[02/13/2008, 17:50:02] - Windows is in NORMAL mode.
[02/13/2008, 17:50:02] - Searching for Browser Helper Objects:
[02/13/2008, 17:50:02] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[02/13/2008, 17:50:02] - BHO 2: {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} (FGCatchUrl)
[02/13/2008, 17:50:02] - BHO 3: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} (Groove GFS Browser Helper)
[02/13/2008, 17:50:02] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[02/13/2008, 17:50:02] - BHO 5: {7EE7BEDD-5227-4DD7-A9E7-BA9CA2359CF2} ()
[02/13/2008, 17:50:02] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/13/2008, 17:50:02] - Checking for HKLM\...\Winlogon\Notify\awtss
[02/13/2008, 17:50:02] - Key not found: HKLM\...\Winlogon\Notify\awtss, continuing.
[02/13/2008, 17:50:02] - BHO 6: {9147866A-B0D9-400B-BD38-DD6F15E1813F} ()
[02/13/2008, 17:50:02] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/13/2008, 17:50:02] - Checking for HKLM\...\Winlogon\Notify\jkkjg
[02/13/2008, 17:50:02] - Key not found: HKLM\...\Winlogon\Notify\jkkjg, continuing.
[02/13/2008, 17:50:02] - BHO 7: {A00CA75C-DEDD-4474-9088-5D6363D69338} ()
[02/13/2008, 17:50:02] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/13/2008, 17:50:03] - Checking for HKLM\...\Winlogon\Notify\rqrqopo
[02/13/2008, 17:50:03] - Key not found: HKLM\...\Winlogon\Notify\rqrqopo, continuing.
[02/13/2008, 17:50:03] - BHO 8: {E07CE26D-D2D8-484E-8674-FE5A76A122D6} ()
[02/13/2008, 17:50:03] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/13/2008, 17:50:03] - Checking for HKLM\...\Winlogon\Notify\geede
[02/13/2008, 17:50:03] - Key not found: HKLM\...\Winlogon\Notify\geede, continuing.
[02/13/2008, 17:50:03] - BHO 9: {F156768E-81EF-470C-9057-481BA8380DBA} (FlashGet GetFlash Class)
[02/13/2008, 17:50:03] - Finished Searching Browser Helper Objects
[02/13/2008, 17:50:03] - Finishing up...
[02/13/2008, 17:50:03] - Nothing found! Exiting...
[02/12/2008, 19:29:14] - User choose NOT to continue. Exiting...
[02/13/2008, 17:49:59] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Miki\Pulpit\VirtumundoBeGone.exe" )
[02/13/2008, 17:50:02] - Detected System Information:
[02/13/2008, 17:50:02] - Windows Version: 5.1.2600, Dodatek Service Pack 2
[02/13/2008, 17:50:02] - Current Username: Miki (Admin)
[02/13/2008, 17:50:02] - Windows is in NORMAL mode.
[02/13/2008, 17:50:02] - Searching for Browser Helper Objects:
[02/13/2008, 17:50:02] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[02/13/2008, 17:50:02] - BHO 2: {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} (FGCatchUrl)
[02/13/2008, 17:50:02] - BHO 3: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} (Groove GFS Browser Helper)
[02/13/2008, 17:50:02] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[02/13/2008, 17:50:02] - BHO 5: {7EE7BEDD-5227-4DD7-A9E7-BA9CA2359CF2} ()
[02/13/2008, 17:50:02] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/13/2008, 17:50:02] - Checking for HKLM\...\Winlogon\Notify\awtss
[02/13/2008, 17:50:02] - Key not found: HKLM\...\Winlogon\Notify\awtss, continuing.
[02/13/2008, 17:50:02] - BHO 6: {9147866A-B0D9-400B-BD38-DD6F15E1813F} ()
[02/13/2008, 17:50:02] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/13/2008, 17:50:02] - Checking for HKLM\...\Winlogon\Notify\jkkjg
[02/13/2008, 17:50:02] - Key not found: HKLM\...\Winlogon\Notify\jkkjg, continuing.
[02/13/2008, 17:50:02] - BHO 7: {A00CA75C-DEDD-4474-9088-5D6363D69338} ()
[02/13/2008, 17:50:02] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/13/2008, 17:50:03] - Checking for HKLM\...\Winlogon\Notify\rqrqopo
[02/13/2008, 17:50:03] - Key not found: HKLM\...\Winlogon\Notify\rqrqopo, continuing.
[02/13/2008, 17:50:03] - BHO 8: {E07CE26D-D2D8-484E-8674-FE5A76A122D6} ()
[02/13/2008, 17:50:03] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/13/2008, 17:50:03] - Checking for HKLM\...\Winlogon\Notify\geede
[02/13/2008, 17:50:03] - Key not found: HKLM\...\Winlogon\Notify\geede, continuing.
[02/13/2008, 17:50:03] - BHO 9: {F156768E-81EF-470C-9057-481BA8380DBA} (FlashGet GetFlash Class)
[02/13/2008, 17:50:03] - Finished Searching Browser Helper Objects
[02/13/2008, 17:50:03] - Finishing up...
[02/13/2008, 17:50:03] - Nothing found! Exiting...
-
Jaramaniak - ~user
- Posty: 140
- Dołączenie: 29 Gru 2007, 11:52
- Pochwały: 1
-
przez wojtas 13 Lut 2008, 19:13
daj teraz nowe logi prosze Cie staraj sie czytac do konca moje prosby
prosze Cie staraj sie czytac do konca moje prosby-
wojtas - *mod
- Posty: 18165
- Dołączenie: 13 Sty 2006, 16:00
- Miejscowość: Krzeszyce
- Pochwały: 1656
-
57 posty(ów) • Strona 2 z 3 • 1, 2, 3
Kto jest na forum
Użytkownicy przeglądający to forum: Brak zarejestrowanych użytkowników oraz 9 gości