Wyrazne spowolnienie komputera

**Posty:** 468 · przez **rafi9-92** 02 Lut 2009, 19:07

Od jakiegos czasu znacznie mi zwolnil komputer wszystko zamula . Wlaczylem menedzera zadan i co zobaczylem zuuzycie procesora wynosi 100 % a proces ktory pochlania jest explorer.exe mowie sobie o co chodzi , zresetowalem raz komputer znowu to samo drugi raz res i wszystko prawie wrocilo do normy oprocz tego ze nie ma zuuzycia procka to i tak wszystko spowolnilo . Sprzet jest na 100 % sprawny . Mysle ze to wina wirusow

Daje logi do kontroli :

SR :

Kod: Zaznacz wszystko: "Silent Runners.vbs", revision 59, http://www.silentrunners.org/ Operating System: Windows XP Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS] "AutoConnect" = "C:\Programy\AutoConnect\AutoConnect.exe" ["http://autoconnect.prv.pl"] "swg" = "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" ["Google Inc."] "CTSyncU.exe" = ""C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"" [empty string] "AlcoholAutomount" = ""C:\Gry\Alcohol Soft\Alcohol 120\axcmd.exe" /automount" ["Alcohol Soft Development Team"] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "JMB36X IDE Setup" = "C:\WINDOWS\RaidTool\xInsIDE.exe" [null data] "36X Raid Configurer" = "C:\WINDOWS\system32\xRaidSetup.exe boot" ["Gigabyte Technology Corp."] "Easy-PrintToolBox" = "C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon" ["CANON INC."] "NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"] "NETIANET" = "C:\Program Files\Netia\Net\netianet.exe -auto" ["NETIA S.A."] "RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."] "SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."] "AlcWzrd" = "ALCWZRD.EXE" ["RealTek Semicoductor Corp."] "SMSTray" = "C:\Programy\Samsung\Samsung Media Studio 5\SMSTray.exe" ["SAMSUNG ELECTRONICS"] "MAAgent" = "C:\Program Files\MarkAny\ContentSafer\MAAgent.exe" ["(*)****" (unwritable string)] "GrooveMonitor" = ""C:\Programy\Microsoft Office\Office12\GrooveMonitor.exe"" [MS] "TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."] "PCSuiteTrayApplication" = "C:\Programy\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup" ["Nokia"] "Kernel and Hardware Abstraction Layer" = "KHALMNPR.EXE" ["Logitech, Inc."] "ISUSPM Startup" = "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup" ["InstallShield Software Corporation"] "ISUSScheduler" = ""C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start" ["InstallShield Software Corporation"] "QuickTime Task" = ""C:\Programy\QuickTime\qttask.exe" -atboottime" ["Apple Inc."] "StartCCC" = ""C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun" ["Advanced Micro Devices, Inc."] "AVP" = ""C:\Programy\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"" ["Kaspersky Lab"] "VolPanel" = ""C:\Program Files\Creative\Volume Panel\VolPanlu.exe" /r" ["Creative Technology Ltd"] "CTxfiHlp" = "CTXFIHLP.EXE" ["Creative Technology Ltd"] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {02478D38-C3F9-4efb-9B51-7695ECA05670}\(Default) = (no title provided) -> {HKLM...CLSID} = "Yahoo! Companion BHO" \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll" ["Yahoo! Inc."] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "AcroIEHlprObj Class" \InProcServer32\(Default) = "C:\Programy\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {3049C3E9-B461-4BC5-8870-4C09146192CA}\(Default) = (no title provided) -> {HKLM...CLSID} = "RealPlayer Download and Record Plugin for Internet Explorer" \InProcServer32\(Default) = "C:\Programy\Real player\rpbrowserrecordplugin.dll" ["RealPlayer"] {31FF080D-12A3-439A-A2EF-4BA95A3148E8}\(Default) = "*`*`" (unwritable string) -> {HKLM...CLSID} = "IE to GetRight Helper" \InProcServer32\(Default) = "C:\Programy\GetRight\xx2gr.dll" ["Headlight Software, Inc."] {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}\(Default) = "IEVkbdBHO" -> {HKLM...CLSID} = "IEVkbdBHO Class" \InProcServer32\(Default) = "C:\Programy\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll" ["Kaspersky Lab"] {72853161-30C5-4D22-B7F9-0BBC1D38A37E}\(Default) = (no title provided) -> {HKLM...CLSID} = "Groove GFS Browser Helper" \InProcServer32\(Default) = "C:\Programy\MICROS~1\Office12\GRA8E1~1.DLL" [MS] {AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided) -> {HKLM...CLSID} = "Google Toolbar Helper" \InProcServer32\(Default) = "C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll" [null data] {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\(Default) = (no title provided) -> {HKLM...CLSID} = "Google Toolbar Notifier BHO" \InProcServer32\(Default) = "C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll" ["Google Inc."] {C84D72FE-E17D-4195-BB24-76C02E2E7C4E}\(Default) = "Google Dictionary Compression sdch" -> {HKLM...CLSID} = "Google Dictionary Compression sdch" \InProcServer32\(Default) = "C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll" ["Google Inc."] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania" -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] "{72853161-30C5-4D22-B7F9-0BBC1D38A37E}" = "Groove GFS Browser Helper" -> {HKLM...CLSID} = "Groove GFS Browser Helper" \InProcServer32\(Default) = "C:\Programy\MICROS~1\Office12\GRA8E1~1.DLL" [MS] "{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}" = "Groove GFS Explorer Bar" -> {HKLM...CLSID} = "Groove Folder Synchronization" \InProcServer32\(Default) = "C:\Programy\MICROS~1\Office12\GRA8E1~1.DLL" [MS] "{A449600E-1DC6-4232-B948-9BD794D62056}" = "Groove GFS Stub Icon Handler" -> {HKLM...CLSID} = "Groove GFS Stub Icon Handler" \InProcServer32\(Default) = "C:\Programy\MICROS~1\Office12\GRA8E1~1.DLL" [MS] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" = "Groove GFS Stub Execution Hook" -> {HKLM...CLSID} = "Groove GFS Stub Execution Hook" \InProcServer32\(Default) = "C:\Programy\MICROS~1\Office12\GRA8E1~1.DLL" [MS] "{6C467336-8281-4E60-8204-430CED96822D}" = "Groove GFS Context Menu Handler" -> {HKLM...CLSID} = "Groove GFS Context Menu Handler" \InProcServer32\(Default) = "C:\Programy\MICROS~1\Office12\GRA8E1~1.DLL" [MS] "{387E725D-DC16-4D76-B310-2C93ED4752A0}" = "Groove XML Icon Handler" -> {HKLM...CLSID} = "Groove XML Icon Handler" \InProcServer32\(Default) = "C:\Programy\MICROS~1\Office12\GRA8E1~1.DLL" [MS] "{16F3DD56-1AF5-4347-846D-7C10C4192619}" = "Groove Explorer Icon Overlay 3 (GFS Folder)" -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 3 (GFS Folder)" \InProcServer32\(Default) = "C:\Programy\MICROS~1\Office12\GRA8E1~1.DLL" [MS] "{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}" = "Groove Explorer Icon Overlay 2 (GFS Stub)" -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2 (GFS Stub)" \InProcServer32\(Default) = "C:\Programy\MICROS~1\Office12\GRA8E1~1.DLL" [MS] "{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}" = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" \InProcServer32\(Default) = "C:\Programy\MICROS~1\Office12\GRA8E1~1.DLL" [MS] "{99FD978C-D287-4F50-827F-B2C658EDA8E7}" = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" \InProcServer32\(Default) = "C:\Programy\MICROS~1\Office12\GRA8E1~1.DLL" [MS] "{920E6DB1-9907-4370-B3A0-BAFC03D81399}" = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" \InProcServer32\(Default) = "C:\Programy\MICROS~1\Office12\GRA8E1~1.DLL" [MS] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Outlook File Icon Extension" \InProcServer32\(Default) = "C:\Programy\MICROS~1\Office12\OLKFSTUB.DLL" [MS] "{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler" -> {HKLM...CLSID} = "Microsoft Office Outlook" \InProcServer32\(Default) = "C:\Programy\MICROS~1\Office12\MLSHEXT.DLL" [MS] "{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C}" = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" -> {HKLM...CLSID} = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" \InProcServer32\(Default) = "C:\Programy\MICROS~1\Office12\ONFILTER.DLL" [MS] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Programy\Microsoft Office\Office12\msohevi.dll" [MS] "{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler" -> {HKLM...CLSID} = "Microsoft Office Metadata Handler" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS] "{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler" -> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS] "{24849E2F-0A86-40CD-A62A-B12F161882DB}" = "ZEN V Series Media Explorer" -> {HKLM...CLSID} = "ZEN V Series Media Explorer" \InProcServer32\(Default) = "C:\Programy\Creative\ZEN V Series Media Explorer\SHCTMTP.dll" ["Creative Technology Ltd"] "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player" -> {HKLM...CLSID} = "RealOne Player Context Menu Class" \InProcServer32\(Default) = "C:\Programy\Real player\rpshell.dll" ["RealNetworks, Inc."] "{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}" = "Nokia Phone Browser" -> {HKLM...CLSID} = "Nokia Phone Browser" \InProcServer32\(Default) = "C:\Programy\Nokia\Nokia PC Suite 6\PhoneBrowser.dll" ["Nokia"] "{AD392E40-428C-459F-961E-9B147782D099}" = "UltraISO" -> {HKLM...CLSID} = "UIContextMenu Class" \InProcServer32\(Default) = "C:\Gry\UltraISO\isoshell.dll" ["EZB Systems, Inc."] "{DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C}" = "Logitech Setpoint Extension" -> {HKLM...CLSID} = "KbLogiExt Class" \InProcServer32\(Default) = "C:\Programy\Logitech\SetPoint\kbcplext.dll" ["Logitech, Inc."] "{B9B9F083-2B04-452A-8691-83694AC1037B}" = "Logitech Setpoint Extension" -> {HKLM...CLSID} = "LogiExt Class" \InProcServer32\(Default) = "C:\Programy\Logitech\SetPoint\mcplext.dll" ["Logitech, Inc."] "{8C9BC81C-CB3C-4A7E-AADB-6A701F61D65B}" = "Direct Audio Converter and CD Ripper" -> {HKLM...CLSID} = "Direct Audio Converter and CD Ripper context menu" \InProcServer32\(Default) = "C:\Programy\MPC\cmenu2.dll" [null data] "{23170F69-40C1-278A-1000-000100020000}" = "7-Zip Shell Extension" -> {HKLM...CLSID} = "7-Zip Shell Extension" \InProcServer32\(Default) = "C:\Programy\7-Zip\7-zip.dll" ["Igor Pavlov"] "{5E2121EE-0300-11D4-8D3B-444553540000}" = "Catalyst Context Menu extension" -> {HKLM...CLSID} = "SimpleShlExt Class" \InProcServer32\(Default) = "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll" ["Advanced Micro Devices, Inc."] "{85E0B171-04FA-11D1-B7DA-00A0C90348D6}" = "Statystyki ochrony WWW" -> {HKLM...CLSID} = "Statystyki ochrony WWW" \InProcServer32\(Default) = "C:\Programy\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll" ["Kaspersky Lab"] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ <<!>> "{88485281-8b4b-4f8d-9ede-82e29a064277}" = "MarkAny Contents Safer Manager 1.0" -> {HKLM...CLSID} = "ShellHook Class" \InProcServer32\(Default) = "C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL" ["MarkAny Cooperation."] <<!>> "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" = "Groove GFS Stub Execution Hook" -> {HKLM...CLSID} = "Groove GFS Stub Execution Hook" \InProcServer32\(Default) = "C:\Programy\MICROS~1\Office12\GRA8E1~1.DLL" [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ "WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" -> {HKLM...CLSID} = "WPDShServiceObj Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <<!>> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."] <<!>> klogon\DLLName = "C:\WINDOWS\system32\klogon.dll" ["Kaspersky Lab"] <<!>> LBTWlgn\DLLName = "c:\program files\common files\logitech\bluetooth\LBTWlgn.dll" ["Logitech, Inc."] HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\ <<!>> text/xml\CLSID = "{807563E5-5146-11D5-A672-00B0D022E945}" -> {HKLM...CLSID} = "Microsoft Office InfoPath XML Mime Filter" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL" [MS] HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ 7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}" -> {HKLM...CLSID} = "7-Zip Shell Extension" \InProcServer32\(Default) = "C:\Programy\7-Zip\7-zip.dll" ["Igor Pavlov"] CTMTPMediaExplorer\(Default) = "{7895F317-A125-42CC-BD3E-5830765CE577}" -> {HKLM...CLSID} = "CtMtpContextMenu Class" \InProcServer32\(Default) = "C:\PROGRA~1\Creative\SHARED~1\CtCmeCtx.dll" [file not found] Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Programy\Kaspersky Lab\Kaspersky Anti-Virus 2009\ShellEx.dll" ["Kaspersky Lab"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}" -> {HKLM...CLSID} = "Groove GFS Context Menu Handler" \InProcServer32\(Default) = "C:\Programy\MICROS~1\Office12\GRA8E1~1.DLL" [MS] HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ 7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}" -> {HKLM...CLSID} = "7-Zip Shell Extension" \InProcServer32\(Default) = "C:\Programy\7-Zip\7-zip.dll" ["Igor Pavlov"] UltraISO\(Default) = "{AD392E40-428C-459F-961E-9B147782D099}" -> {HKLM...CLSID} = "UIContextMenu Class" \InProcServer32\(Default) = "C:\Gry\UltraISO\isoshell.dll" ["EZB Systems, Inc."] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}" -> {HKLM...CLSID} = "Groove GFS Context Menu Handler" \InProcServer32\(Default) = "C:\Programy\MICROS~1\Office12\GRA8E1~1.DLL" [MS] HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\ CTMTPMediaExplorer\(Default) = "{7895F317-A125-42CC-BD3E-5830765CE577}" -> {HKLM...CLSID} = "CtMtpContextMenu Class" \InProcServer32\(Default) = "C:\PROGRA~1\Creative\SHARED~1\CtCmeCtx.dll" [file not found] Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Programy\Kaspersky Lab\Kaspersky Anti-Virus 2009\ShellEx.dll" ["Kaspersky Lab"] UltraISO\(Default) = "{AD392E40-428C-459F-961E-9B147782D099}" -> {HKLM...CLSID} = "UIContextMenu Class" \InProcServer32\(Default) = "C:\Gry\UltraISO\isoshell.dll" ["EZB Systems, Inc."] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}" -> {HKLM...CLSID} = "Groove GFS Context Menu Handler" \InProcServer32\(Default) = "C:\Programy\MICROS~1\Office12\GRA8E1~1.DLL" [MS] HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\ XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}" -> {HKLM...CLSID} = "Groove GFS Context Menu Handler" \InProcServer32\(Default) = "C:\Programy\MICROS~1\Office12\GRA8E1~1.DLL" [MS] Default executables: -------------------- <<!>> HKLM\SOFTWARE\Classes\.com\(Default) = "ComFile" Group Policies {policy setting}: -------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ "NoDrives" = (REG_DWORD) dword:0x00000000 {unrecognized setting} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ "NoDrives" = (REG_DWORD) dword:0x00000000 {unrecognized setting} HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\ "HideLegacyLogonScripts" = (REG_DWORD) dword:0x00000000 {unrecognized setting} "HideLogoffScripts" = (REG_DWORD) dword:0x00000000 {unrecognized setting} "HideStartupScripts" = (REG_DWORD) dword:0x00000000 {unrecognized setting} "RunLogonScriptSync" = (REG_DWORD) dword:0x00000001 {unrecognized setting} "RunStartupScriptSync" = (REG_DWORD) dword:0x00000000 {unrecognized setting} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ "shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001 {Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) dword:0x00000001 {Devices: Allow undock without having to log on} "DisableRegistryTools" = (REG_DWORD) dword:0x00000000 {unrecognized setting} "HideLegacyLogonScripts" = (REG_DWORD) dword:0x00000000 {unrecognized setting} "HideLogoffScripts" = (REG_DWORD) dword:0x00000000 {unrecognized setting} "RunLogonScriptSync" = (REG_DWORD) dword:0x00000001 {unrecognized setting} "RunStartupScriptSync" = (REG_DWORD) dword:0x00000000 {unrecognized setting} "HideStartupScripts" = (REG_DWORD) dword:0x00000000 {unrecognized setting} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp" Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Documents and Settings\Krzysztof\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp" Windows Portable Device AutoPlay Handlers ----------------------------------------- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ AlcoholAutoPlayV2.BurnDisc\ "Provider" = "Alcohol 120%" "InvokeProgID" = "AlcoholAutoPlayV2" "InvokeVerb" = "BurnDisc" HKLM\SOFTWARE\Classes\AlcoholAutoPlayV2\shell\BurnDisc\command\(Default) = ""C:\Gry\Alcohol Soft\Alcohol 120\_Alcohol.exe" %1" ["Alcohol Soft Development Team"] AlcoholAutoPlayV2.ReadDisc\ "Provider" = "Alcohol 120%" "InvokeProgID" = "AlcoholAutoPlayV2" "InvokeVerb" = "ReadDisc" HKLM\SOFTWARE\Classes\AlcoholAutoPlayV2\shell\ReadDisc\command\(Default) = ""C:\Gry\Alcohol Soft\Alcohol 120\_Alcohol.exe" %1" ["Alcohol Soft Development Team"] CTMTPHandler\ "Provider" = "Creative Media Explorer" "ProgID" = "CTMtpAut.CTMtpEventHandler" "InitCmdLine" = "OrganizeUsingZME" HKLM\SOFTWARE\Classes\CTMtpAut.CTMtpEventHandler\CLSID\(Default) = "{9F40AC21-F4D1-477C-AC95-7A935224220F}" -> {HKLM...CLSID} = "CTMtpEventHandler Class" \LocalServer32\(Default) = "C:\PROGRA~1\Creative\SHARED~1\CTMtpAut.exe" [file not found] daccdrip\ "Provider" = "Direct Audio Converter" "InvokeProgID" = "PistonSoftware.daccdrip" "InvokeVerb" = "RipCD2" HKLM\SOFTWARE\Classes\PistonSoftware.daccdrip\shell\RipCD2\Command\(Default) = ""C:\Programy\MPC\converter.exe" -DRIVE_%L" ["Piston Software"] MSWPDShellNamespaceHandler\ "Provider" = "@%SystemRoot%\System32\WPDShextRes.dll,-501" "CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}" "InitCmdLine" = " " -> {HKLM...CLSID} = "WPDShextAutoplay" \LocalServer32\(Default) = "C:\WINDOWS\system32\WPDShextAutoplay.exe" [MS] NeroAutoPlayEmptyCD\ "Provider" = "Nero StartSmart" "InvokeProgID" = "Nero.AutoPlay" "InvokeVerb" = "EmptyCD" HKLM\SOFTWARE\Classes\Nero.AutoPlay\shell\EmptyCD\command\(Default) = ""C:\Program Files\Ahead\nero startsmart\nerostartsmart.exe" /Drive:%L" ["Ahead Software AG"] NMMPlayCDAudioOnArrival\ "Provider" = "Nokia Music Manager" "InvokeProgID" = "NokiaMusicManager" "InvokeVerb" = "NMMPlayCD" HKLM\SOFTWARE\Classes\NokiaMusicManager\shell\NMMPlayCD\command\(Default) = "C:\Programy\Nokia\Nokia PC Suite 6\MusicManager.exe /playCD "%L"" ["Nokia"] NMMRipCDAudioOnArrival\ "Provider" = "Nokia Music Manager" "InvokeProgID" = "NokiaMusicManager" "InvokeVerb" = "NMMRipCD" HKLM\SOFTWARE\Classes\NokiaMusicManager\shell\NMMRipCD\command\(Default) = "C:\Programy\Nokia\Nokia PC Suite 6\MusicManager.exe /ripCD "%L"" ["Nokia"] RPCDBurningOnArrival\ "Provider" = "RealPlayer" "InvokeProgID" = "RealPlayer.CDBurn.6" "InvokeVerb" = "open" HKCU\Software\Classes\RealPlayer.CDBurn.6\shell\open\command\(Default) = ""C:\Programy\Real player\\RealPlay.exe" /burn "%1"" ["RealNetworks, Inc."] RPDeviceOnArrival\ "Provider" = "RealPlayer" "ProgID" = "RealPlayer.HWEventHandler" HKLM\SOFTWARE\Classes\RealPlayer.HWEventHandler\CLSID\(Default) = "{67E76F1D-BDE2-4052-913C-2752366192D2}" -> {HKLM...CLSID} = "RealNetworks Scheduler" \LocalServer32\(Default) = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -autoplay" ["RealNetworks, Inc."] RPPlayCDAudioOnArrival\ "Provider" = "RealPlayer" "InvokeProgID" = "RealPlayer.AudioCD.6" "InvokeVerb" = "play" HKCU\Software\Classes\RealPlayer.AudioCD.6\shell\play\command\(Default) = ""C:\Programy\Real player\\RealPlay.exe" /play %1 " ["RealNetworks, Inc."] RPPlayDVDMovieOnArrival\ "Provider" = "RealPlayer" "InvokeProgID" = "RealPlayer.DVD.6" "InvokeVerb" = "play" HKCU\Software\Classes\RealPlayer.DVD.6\shell\play\command\(Default) = ""C:\Programy\Real player\\RealPlay.exe" /dvd %1 " ["RealNetworks, Inc."] RPPlayMediaOnArrival\ "Provider" = "RealPlayer" "InvokeProgID" = "RealPlayer.AutoPlay.6" "InvokeVerb" = "open" HKCU\Software\Classes\RealPlayer.AutoPlay.6\shell\open\command\(Default) = ""C:\Programy\Real player\\RealPlay.exe" /autoplay "%1"" ["RealNetworks, Inc."] SMSPlayCDOnArrival\ "Provider" = "SAMSUNG Media Studio" "InvokeProgID" = "Samsung.Samsung Media StudioCD" "InvokeVerb" = "Play" HKLM\SOFTWARE\Classes\Samsung.Samsung Media StudioCD\shell\Play\Command\(Default) = ""C:\Programy\Samsung\Samsung Media Studio 5\SMSMain.exe" /PlayCD" [null data] SMSPlaySongsOnArrival\ "Provider" = "SAMSUNG Media Studio" "InvokeProgID" = "Samsung.Samsung Media Studio" "InvokeVerb" = "Play" HKLM\SOFTWARE\Classes\Samsung.Samsung Media Studio\shell\Play\DropTarget\CLSID = "{80F9FF0A-3C89-40a3-9216-979461AC5967}" -> {HKLM...CLSID} = (no title provided) \LocalServer32\(Default) = "C:\Programy\Samsung\Samsung Media Studio 5\SMSMain.exe" [null data] Startup items in "Krzysztof" & "All Users" startup folders: ----------------------------------------------------------- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart "Adobe Gamma Loader" -> shortcut to: "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."] "DSLMON" -> shortcut to: "C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe /W" [empty string] "Logitech SetPoint" -> shortcut to: "C:\Programy\Logitech\SetPoint\SetPoint.exe" ["Logitech, Inc."] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" -> {HKLM...CLSID} = "&Google Toolbar" \InProcServer32\(Default) = "C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll" [null data] HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" -> {HKLM...CLSID} = "&Yahoo! Companion" \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll" ["Yahoo! Inc."] "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" -> {HKLM...CLSID} = "&Google Toolbar" \InProcServer32\(Default) = "C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll" [null data] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided) -> {HKLM...CLSID} = "&Yahoo! Companion" \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll" ["Yahoo! Inc."] "{327C2873-E90D-4C37-AA9D-10AC9BABA46C}" = "Easy-WebPrint" -> {HKLM...CLSID} = "Easy-WebPrint" \InProcServer32\(Default) = "C:\Program Files\Canon\Easy-WebPrint\Toolband.dll" [null data] "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided) -> {HKLM...CLSID} = "&Google Toolbar" \InProcServer32\(Default) = "C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll" [null data] Explorer Bars HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ HKLM\SOFTWARE\Classes\CLSID\{01002DB2-8170-4D9B-A8B1-DDC9DD114E03}\(Default) = "Volet Wanadoo" Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32\(Default) = "C:\PROGRA~1\NEOSTR~1\audience\audience.dll" [empty string] HKLM\SOFTWARE\Classes\CLSID\{03C1C47F-0538-4645-8372-D3109B9FC636}\(Default) = "Easy-WebPrint" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\Program Files\Canon\Easy-WebPrint\Toolband.dll" [null data] HKLM\SOFTWARE\Classes\CLSID\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}\(Default) = "Groove Folder Synchronization" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\Programy\MICROS~1\Office12\GRA8E1~1.DLL" [MS] HKLM\SOFTWARE\Classes\CLSID\{3BAF4A27-C764-4E1A-A6F4-62F7A7E5E51C}\(Default) = "ToolBand Class" Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32\(Default) = "C:\PROGRA~1\NEOSTR~1\audience\audience.dll" [empty string] HKLM\SOFTWARE\Classes\CLSID\{5BF498C0-931E-4A4F-B33F-456D07137EAA}\(Default) = "Volet Wanadoo" Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32\(Default) = "C:\PROGRA~1\NEOSTR~1\audience\audience.dll" [empty string] HKLM\SOFTWARE\Classes\CLSID\{85E0B171-04FA-11D1-B7DA-00A0C90348D6}\(Default) = "Statystyki ochrony WWW" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\Programy\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll" ["Kaspersky Lab"] HKLM\SOFTWARE\Classes\CLSID\{E16DC1FE-7C34-43F2-B754-F3AD12DDF97C}\(Default) = "Google Find Bar" Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32\(Default) = "C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll" [null data] HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Poszukaj" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\Programy\MICROS~1\Office12\REFIEBAR.DLL" [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\ {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}\ "ButtonText" = "Statystyki ochrony WWW" {2670000A-7350-4F3C-8081-5663EE0C6C49}\ "ButtonText" = "Wyślij do programu OneNote" "MenuText" = "Wyślij &do programu OneNote" "CLSIDExtension" = "{48E73304-E1D6-4330-914C-F5F514E3486C}" -> {HKLM...CLSID} = "Send to OneNote from Internet Explorer button" \InProcServer32\(Default) = "C:\Programy\MICROS~1\Office12\ONBttnIE.dll" [MS] {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ "ButtonText" = "Research" {E2E2DD38-D088-4134-82B7-F2BA38496583}\ "MenuText" = "@xpsp3res.dll,-20001" "Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS] {FB5F1910-F110-11D2-BB9E-00C04F795683}\ "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS] Miscellaneous IE Hijack Points ------------------------------ HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\ <<H>> "{08C06D61-F1F3-4799-86F8-BE1A89362C85}" = (no title provided) -> {HKLM...CLSID} = "Search Class" \InProcServer32\(Default) = "C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL" [empty string] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."] Creative Audio Service, CTAudSvcService, "C:\Program Files\Creative\Shared Files\CTAudSvc.exe" ["Creative Technology Ltd"] Kaspersky Anti-Virus, AVP, ""C:\Programy\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" -r" ["Kaspersky Lab"] PnkBstrA, PnkBstrA, "C:\WINDOWS\system32\PnkBstrA.exe" [null data] ServiceLayer, ServiceLayer, ""C:\Program Files\PC Connectivity Solution\ServiceLayer.exe"" ["Nokia."] StarWind AE Service, StarWindServiceAE, "C:\Gry\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe" ["Rocket Division Software"] Windows Driver Foundation - User-mode Driver Framework, WudfSvc, "C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup" {"C:\WINDOWS\System32\WUDFSvc.dll" [MS]} Print Monitors: --------------- HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\ Canon BJ Language Monitor PIXMA iP1500\Driver = "CNMLM5y.DLL" ["CANON INC."] Send To Microsoft OneNote Monitor\Driver = "msonpmon.dll" [MS] ---------- (launch time: 2009-02-02 17:57:22) <<!>>: Suspicious data at a malware launch point. <<H>>: Suspicious data at a browser hijack point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 199 seconds. ---------- (total run time: 232 seconds)

Hijack :

Kod: Zaznacz wszystko: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:57:11, on 2009-02-02 Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Creative\Shared Files\CTAudSvc.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Gry\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Netia\Net\netianet.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programy\Samsung\Samsung Media Studio 5\SMSTray.exe C:\Program Files\MarkAny\ContentSafer\MAAgent.exe C:\Programy\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Programy\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\Creative\Volume Panel\VolPanlu.exe C:\WINDOWS\system32\CTXFIHLP.EXE C:\WINDOWS\system32\ctfmon.exe C:\Programy\AutoConnect\AutoConnect.exe C:\WINDOWS\SYSTEM32\CTXFISPI.EXE C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Gry\SKAN KOMPA\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.allegro.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programy\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programy\Real player\rpbrowserrecordplugin.dll O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Programy\GetRight\xx2gr.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programy\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programy\MICROS~1\Office12\GRA8E1~1.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [NETIANET] C:\Program Files\Netia\Net\netianet.exe -auto O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [SMSTray] C:\Programy\Samsung\Samsung Media Studio 5\SMSTray.exe O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programy\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programy\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [QuickTime Task] "C:\Programy\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [AVP] "C:\Programy\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Volume Panel\VolPanlu.exe" /r O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [AutoConnect] C:\Programy\AutoConnect\AutoConnect.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Gry\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Programy\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Programy\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: Download with GetRight Pro - C:\Programy\GetRight\GRdownload.htm O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\Programy\MICROS~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Open with GetRight Pro Browser - C:\Programy\GetRight\GRbrowse.htm O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programy\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programy\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programy\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programy\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/ocx/15106/CTPID.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{832088B4-C1C5-4012-8506-C55FFC782CAB}: NameServer = 213.241.79.37 83.238.255.76 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programy\MICROS~1\Office12\GR99D3~1.DLL O20 - AppInit_DLLs: C:\Programy\KASPER~1\KASPER~1\mzvkbd.dll,C:\Programy\KASPER~1\KASPER~1\mzvkbd3.dll O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Programy\Ares\chatServer.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Programy\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\GEST\GSvr.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Gry\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- End of file - 11427 bytes

**Posty:** 8001 · przez **Okocza** 02 Lut 2009, 19:38

rafi9-92, daj log z combofixa

**Posty:** 468 · przez **rafi9-92** 02 Lut 2009, 20:15

Prosze log z combo :

Kod: Zaznacz wszystko: ComboFix 09-02-01.01 - Krzysztof 2009-02-02 19:03:35.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1045.18.3326.2758 [GMT 1:00] Uruchomiony z: c:\documents and settings\Krzysztof\Pulpit\ComboFix.exe AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) * Utworzono nowy punkt przywracania UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !! . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Dane aplikacji\Microsoft\Network\Downloader\qmgr0.dat c:\documents and settings\All Users\Dane aplikacji\Microsoft\Network\Downloader\qmgr1.dat c:\windows\IE4 Error Log.txt ----- BITS: Możliwe zainfekowane strony ----- hxxp://speedytorrents.net . ((((((((((((((((((((((((( Pliki utworzone od 2009-01-02 do 2009-02-02 ))))))))))))))))))))))))))))))) . 2009-01-31 15:44 . 2009-01-31 15:44 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Blizzard 2009-01-25 20:09 . 2009-01-25 20:09 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Electronic Arts 2009-01-24 19:56 . 2009-01-24 20:02 2,524 --a------ C:\272543531 2009-01-24 19:56 . 2009-01-24 20:02 2,473 --a------ C:\aoewakhr.exe 2009-01-24 19:56 . 2009-01-24 20:02 2,472 --a------ C:\dplkq.exe 2009-01-24 19:56 . 2009-01-24 20:02 2,470 --a------ C:\svekfg.exe 2009-01-24 19:56 . 2009-01-24 20:02 2,470 --a------ C:\rdywn.exe 2009-01-24 19:56 . 2009-01-24 20:02 2,470 --a------ C:\msoipn.exe 2009-01-24 19:56 . 2009-01-24 20:02 2,470 --a------ C:\fsir.exe 2009-01-24 19:56 . 2009-01-24 20:02 2,469 --a------ C:\jusay.exe 2009-01-23 13:57 . 2009-01-23 14:02 <DIR> d-------- c:\documents and settings\Krzysztof\Dane aplikacji\TwoWorldsCP 2009-01-23 13:39 . 2009-01-23 13:39 <DIR> d-------- C:\cda 2009-01-17 23:27 . 2009-01-17 23:27 <DIR> d-------- c:\program files\Nowy folder 2009-01-14 17:04 . 2009-01-15 01:21 1,080 --a------ c:\windows\system32\settingsbkup.sfm 2009-01-14 17:04 . 2009-01-15 01:21 1,080 --a------ c:\windows\system32\settings.sfm 2009-01-14 16:52 . 2009-02-02 19:05 54,928 --a------ c:\windows\system32\BMXState-{00000005-00000000-00000000-00001102-00000005-00331102}.rfx 2009-01-14 16:52 . 2009-02-02 19:05 788 --a------ c:\windows\system32\DVCState-{00000005-00000000-00000000-00001102-00000005-00331102}.rfx 2009-01-14 16:02 . 2009-01-14 16:02 <DIR> d-------- c:\program files\Common Files\Creative Labs Shared 2009-01-12 19:15 . 2009-01-12 19:15 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Creative Labs 2009-01-12 18:17 . 2003-06-12 23:25 7,062 --a------ c:\windows\system32\audiopid.vxd 2009-01-12 16:50 . 2009-02-02 19:05 54,928 --a------ c:\windows\system32\BMXStateBkp-{00000005-00000000-00000000-00001102-00000005-00331102}.rfx 2009-01-12 16:48 . 2008-02-04 10:27 102,400 --a------ c:\windows\system32\cttele32.dll 2009-01-12 16:47 . 2009-01-14 16:50 <DIR> d-------- c:\windows\system32\Data 2009-01-12 16:47 . 2008-09-25 15:40 20,888,640 --a------ c:\windows\system32\AppSetup.exe 2009-01-06 12:11 . 2009-01-06 12:11 96,976 --a------ c:\windows\system32\drivers\klin.dat 2009-01-06 12:11 . 2009-01-06 12:11 87,855 --a------ c:\windows\system32\drivers\klick.dat 2009-01-06 12:10 . 2009-02-02 19:07 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab 2009-01-06 12:10 . 2009-02-02 19:05 4,469,280 --ahs---- c:\windows\system32\drivers\fidbox.dat 2009-01-06 12:10 . 2009-02-02 19:05 819,232 --ahs---- c:\windows\system32\drivers\fidbox2.dat 2009-01-06 12:10 . 2009-02-02 19:05 35,996 --ahs---- c:\windows\system32\drivers\fidbox.idx 2009-01-06 12:10 . 2009-02-02 19:05 3,880 --ahs---- c:\windows\system32\drivers\fidbox2.idx 2009-01-05 12:41 . 2009-01-05 12:41 <DIR> d-------- c:\documents and settings\Krzysztof\Dane aplikacji\DAEMON Tools Pro 2009-01-05 12:41 . 2009-01-05 12:41 <DIR> d-------- c:\documents and settings\Krzysztof\Dane aplikacji\DAEMON Tools 2009-01-05 12:23 . 2009-01-05 12:23 <DIR> d-------- c:\documents and settings\Krzysztof\Dane aplikacji\DAEMON Tools Lite 2009-01-05 12:23 . 2009-01-05 12:23 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\DAEMON Tools Lite 2009-01-03 20:06 . 2009-01-03 20:06 <DIR> d-------- c:\program files\ipla 2009-01-03 20:06 . 2009-01-03 20:07 <DIR> d-------- c:\documents and settings\Krzysztof\Dane aplikacji\ipla 2009-01-03 20:06 . 2009-01-03 20:07 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\ipla 2009-01-03 13:43 . 2009-01-03 13:43 0 --a------ C:\LHT13.tmp . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-02 18:00 --------- d-----w c:\program files\Neostrada TP 2009-02-02 16:47 --------- d-----w c:\documents and settings\Krzysztof\Dane aplikacji\BitTorrent 2009-02-02 13:02 --------- d-----w c:\program files\eMule 2009-01-31 14:35 --------- d-----w c:\program files\Common Files\Blizzard Entertainment 2009-01-28 12:56 --------- d---a-w c:\documents and settings\All Users\Dane aplikacji\TEMP 2009-01-25 12:26 --------- d-----w c:\program files\Common Files\Wise Installation Wizard 2009-01-25 12:26 --------- d-----w c:\program files\AGEIA Technologies 2009-01-23 19:04 --------- d-----w c:\program files\Google 2009-01-14 16:06 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Creative 2009-01-14 16:02 --------- d--h--w c:\program files\InstallShield Installation Information 2009-01-14 15:49 --------- d-----w c:\program files\Creative 2009-01-12 18:11 --------- d-----w c:\documents and settings\Krzysztof\Dane aplikacji\Creative 2009-01-12 15:48 --------- d-----w c:\program files\OpenAL 2009-01-05 11:01 717,296 ----a-w c:\windows\system32\drivers\sptd.sys 2009-01-01 13:29 --------- d-----w c:\documents and settings\Krzysztof\Dane aplikacji\Sports Interactive 2009-01-01 13:14 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Sports Interactive 2008-12-31 23:21 --------- d--h--w c:\program files\Zero G Registry 2008-12-28 16:40 --------- d-----w c:\program files\Common Files\Logitech 2008-12-28 16:40 --------- d-----w c:\program files\Common Files\Logishrd 2008-12-18 20:10 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\ATI 2008-12-18 20:07 --------- d-----w c:\program files\ATI Technologies 2008-12-15 12:45 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf 2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys 2008-12-10 17:57 --------- d-----w c:\program files\Microsoft Games for Windows - LIVE 2008-12-02 19:01 138,184 ----a-w c:\windows\system32\drivers\PnkBstrK.sys 2008-11-10 17:50 16,608 ----a-w c:\windows\gdrv.sys 2008-09-04 19:50 92,064 ----a-w c:\documents and settings\Krzysztof\mqdmmdm.sys 2008-09-04 19:50 9,232 ----a-w c:\documents and settings\Krzysztof\mqdmmdfl.sys 2008-09-04 19:50 79,328 ----a-w c:\documents and settings\Krzysztof\mqdmserd.sys 2008-09-04 19:50 66,656 ----a-w c:\documents and settings\Krzysztof\mqdmbus.sys 2008-09-04 19:50 6,208 ----a-w c:\documents and settings\Krzysztof\mqdmcmnt.sys 2008-09-04 19:50 5,936 ----a-w c:\documents and settings\Krzysztof\mqdmwhnt.sys 2008-09-04 19:50 4,048 ----a-w c:\documents and settings\Krzysztof\mqdmcr.sys 2008-09-04 19:50 25,600 ----a-w c:\documents and settings\Krzysztof\usbsermptxp.sys 2008-09-04 19:50 22,768 ----a-w c:\documents and settings\Krzysztof\usbsermpt.sys . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "AutoConnect"="c:\programy\AutoConnect\AutoConnect.exe" [2004-08-28 295424] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-15 68856] "CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-08-07 700416] "AlcoholAutomount"="c:\gry\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-11-23 203720] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864] "36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-08-29 1966080] "Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "NETIANET"="c:\program files\Netia\Net\netianet.exe" [2008-09-01 493568] "SMSTray"="c:\programy\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-02-23 126976] "MAAgent"="c:\program files\MarkAny\ContentSafer\MAAgent.exe" [2007-01-30 57344] "GrooveMonitor"="c:\programy\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-09-11 185896] "PCSuiteTrayApplication"="c:\programy\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 271360] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 221184] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920] "QuickTime Task"="c:\programy\QuickTime\qttask.exe" [2008-09-06 413696] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440] "AVP"="c:\programy\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2008-11-11 206088] "VolPanel"="c:\program files\Creative\Volume Panel\VolPanlu.exe" [2008-08-06 233576] "RTHDCPL"="RTHDCPL.EXE" [2008-07-31 c:\windows\RTHDCPL.EXE] "SoundMan"="SOUNDMAN.EXE" [2008-06-18 c:\windows\SOUNDMAN.EXE] "AlcWzrd"="ALCWZRD.EXE" [2008-06-19 c:\windows\ALCWZRD.EXE] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe] "CTxfiHlp"="CTXFIHLP.EXE" [2008-10-07 c:\windows\system32\Ctxfihlp.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "Nokia.PCSync"="c:\programy\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088] c:\documents and settings\All Users\Menu Start\Programy\Autostart\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-10-30 113664] DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-09-01 962661] Logitech SetPoint.lnk - c:\programy\Logitech\SetPoint\SetPoint.exe [2008-12-28 805392] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{88485281-8b4b-4f8d-9ede-82e29a064277}"= "c:\progra~1\MarkAny\CONTEN~1\MACSMA~1.DLL" [2004-11-23 192512] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2008-05-02 02:42 72208 c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Gry\\Valve\\Steam\\SteamApps\\rafi992\\counter-strike\\hl.exe"= "c:\\Documents and Settings\\All Users\\Dane aplikacji\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 2009\\Polish\\setup.exe"= "c:\\Programy\\BitTorrent\\bittorrent.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Dema\\Electronic Arts\\Crytek\\Crysis SP Demo\\Bin32\\Crysis.exe"= "c:\\Dema\\Codemasters\\GRID Demo\\GRID.exe"= "c:\\WINDOWS\\system32\\muzapp.exe"= "c:\\Programy\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Programy\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Programy\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Gry\\World of Warcraft\\BackgroundDownloader.exe"= "c:\\Programy\\Ares\\Ares.exe"= "c:\\Gry\\Valve\\Steam\\SteamApps\\rafi992\\team fortress 2\\hl2.exe"= "c:\\Gry\\Grid\\GRID.exe"= "c:\\Gry\\Opera\\opera.exe"= "c:\\Gry\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"= "c:\\Gry\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Gry\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"= "c:\\Gry\\SopCast\\adv\\SopAdver.exe"= "c:\\Gry\\Tibia\\Tibia.exe"= "c:\\Gry\\Valve\\Steam\\Steam.exe"= "c:\\Gry\\Sports Interactive\\Football Manager 2009\\fm.exe"= "c:\\Program Files\\eMule\\emule.exe"= "c:\\Gry\\Saints Row 2\\SR2_pc.exe"= "c:\\Gry\\Reality Pump\\Two Worlds\\TwoWorlds.exe"= "c:\\Gry\\Reality Pump\\Two Worlds\\TwoWorlds_RADEON.exe"= "c:\\Gry\\EA Games\\Mirror's Edge\\Binaries\\MirrorsEdge.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784] R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2008-10-08 171032] R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2008-10-08 1324056] R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2008-10-08 72728] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-04-30 24592] S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-01-14 79360] S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2008-10-08 171032] S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2008-10-08 1324056] S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2008-10-08 72728] S3 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\GEST\GSvr.exe [2008-09-01 47624] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5918b230-db1a-11dd-98e5-4d6564696130}] \Shell\AutoRun\command - E:\autorun.exe . . ------- Skan uzupełniający ------- . uSearch Page = hxxp://www.google.com uStart Page = hxxp://www.allegro.pl/ uSearch Bar = hxxp://www.google.com/ie mStart Page = hxxp://www.yahoo.com uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Download with GetRight Pro - c:\programy\GetRight\GRdownload.htm IE: E&ksportuj do programu Microsoft Excel - c:\programy\MICROS~1\Office12\EXCEL.EXE/3000 IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html IE: Open with GetRight Pro Browser - c:\programy\GetRight\GRbrowse.htm IE: { - c:\program files\Messenger\msmsgs.exe DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-02 19:07:56 Windows 5.1.2600 Dodatek Service Pack 3 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run CTxfiHlp = CTXFIHLP.EXE? skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- [HKEY_USERS\S-1-5-21-776561741-1788223648-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8971B1B8-F8DF-CF42-22F1-79F0E4EB747D}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "oageidejfbnhfiniflblkgklimpcej"=hex:64,61,68,6b,67,66,68,69,00,70 "oakbahakofbpbbinefgfdeikdbpfid"=hex:6a,61,68,6b,65,69,68,67,61,69,62,6a,67,6e, 70,65,61,63,69,66,00,fd "naeccmcndngmfnapoheiknhlkdol"=hex:69,61,61,6b,6a,69,6e,6f,69,6e,66,6f,6f,61, 6e,6e,65,6a,00,00 [HKEY_USERS\S-1-5-21-776561741-1788223648-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:13,ef,de,47,37,a5,91,36,35,51,18,36,4d,a8,19,76,d3,9a,2c,c0,82,62,14, b6,8a,57,ef,86,3c,ef,bf,eb,61,db,b0,5d,b6,26,67,95,37,01,88,e3,0d,3a,58,5f,\ "??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50 [HKEY_USERS\S-1-5-21-776561741-1788223648-839522115-1004\Software\SecuROM\License information*] "datasecu"=hex:5e,26,b2,08,09,9e,c8,5d,a7,21,d9,4e,52,bc,bf,b6,76,44,66,6c,0a, f1,f0,f9,64,f0,26,dc,81,2d,56,b2,a6,a6,4f,f1,bc,b5,0c,83,d3,16,47,63,7e,5d,\ "rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98 . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'winlogon.exe'(988) c:\windows\system32\Ati2evxx.dll c:\program files\common files\logitech\bluetooth\LBTWlgn.dll c:\program files\common files\logitech\bluetooth\LBTServ.dll c:\windows\system32\iphlpapi.dll . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\windows\system32\ati2evxx.exe c:\windows\system32\ati2evxx.exe c:\program files\Creative\Shared Files\CTAudSvc.exe c:\windows\system32\PnkBstrA.exe c:\gry\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe c:\programy\Real player\realplay.exe c:\program files\PC Connectivity Solution\ServiceLayer.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe c:\windows\system32\CTxfispi.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Czas ukończenia: 2009-02-02 19:09:37 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2009-02-02 18:09:35 Przed: 192 261 488 640 bajtów wolnych Po: 192,459,661,312 bajtów wolnych 265 --- E O F --- 2009-01-14 09:43:53

**Posty:** 8001 · przez **Okocza** 02 Lut 2009, 20:17

Wykonaj to co jest podane w tym temacie

Zastosuj SDFix . Po pobraniu uruchom go a rozpakuje się do C:\SDFix. Uruchom komputer w trybie awaryjnym (F8 przy stracie systemu). Będąc w awaryjnym uruchom plik RunThis.bat z folderu SDFixa. Zatwierdź czyszczenie przez Y. Poczekaj aż ukończy i komputer zresetuje

Potem wejdz do folderu C:\SDFix wrzuc zawartość pliku Report.txt + log z combofixa oraz daj loga z hijacka

**Posty:** 468 · przez **rafi9-92** 02 Lut 2009, 21:28

to tak logi :

SDfix :

Kod: Zaznacz wszystko: [b]SDFix: Version 1.240 [/b] Run by Administrator on 2009-02-02 at 19:34 Microsoft Windows XP [Wersja 5.1.2600] Running From: C:\SDFix [b]Checking Services [/b]: Restoring Default Security Values Restoring Default Hosts File Rebooting [b]Checking Files [/b]: No Trojan Files Found Removing Temp Files [b]ADS Check [/b]: [b]Final Check [/b]: catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-02 20:14:17 Windows 5.1.2600 Dodatek Service Pack 3 NTFS scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] "s1"=dword:2df9c43f "s2"=dword:110480d0 "h0"=dword:00000002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04] "h0"=dword:00000000 "ujdew"=hex:32,13,f3,bd,23,29,9b,0e,e6,db,c3,04,ef,ef,c4,e5,9f,5e,cb,ee,d0,.. "p0"="C:\Gry\Alcohol Soft\Alcohol 120\" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="C:\Programy\DAEMON Tools Lite\" "h0"=dword:00000001 "khjeh"=hex:ec,90,77,03,c7,f7,79,dc,59,c9,4b,5e,76,6d,50,a1,4c,bc,7c,87,8b,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,ad,bb,b4,90,ca,c1,ce,ed,7d,16,cb,78,3b,69,34,ae,d3,.. "khjeh"=hex:cb,61,f3,77,26,0b,5a,4c,8e,f6,83,43,dd,dd,53,7a,5b,70,1a,02,69,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:1c,c6,2d,d5,2a,4b,44,97,0b,dc,2f,bf,a2,58,82,95,c8,72,93,f9,1e,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04] "h0"=dword:00000000 "ujdew"=hex:8f,4b,a4,d4,f9,d7,dc,ac,e6,0f,8b,bb,8a,34,ed,c2,ba,34,75,1c,79,.. "p0"="C:\Gry\Alcohol Soft\Alcohol 120\" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04] "h0"=dword:00000000 "ujdew"=hex:32,13,f3,bd,23,29,9b,0e,e6,db,c3,04,ef,ef,c4,e5,9f,5e,cb,ee,d0,.. "p0"="C:\Gry\Alcohol Soft\Alcohol 120\" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="C:\Programy\DAEMON Tools Lite\" "h0"=dword:00000001 "khjeh"=hex:ec,90,77,03,c7,f7,79,dc,59,c9,4b,5e,76,6d,50,a1,4c,bc,7c,87,8b,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,ad,bb,b4,90,ca,c1,ce,ed,7d,16,cb,78,3b,69,34,ae,d3,.. "khjeh"=hex:cb,61,f3,77,26,0b,5a,4c,8e,f6,83,43,dd,dd,53,7a,5b,70,1a,02,69,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:1c,c6,2d,d5,2a,4b,44,97,0b,dc,2f,bf,a2,58,82,95,c8,72,93,f9,1e,.. scanning hidden registry entries ... [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8971B1B8-F8DF-CF42-22F1-79F0E4EB747D}] "oageidejfbnhfiniflblkgklimpcej"=hex:64,61,68,6b,67,66,68,69,00,70 "oakbahakofbpbbinefgfdeikdbpfid"=hex:6a,61,68,6b,65,69,68,67,61,69,62,6a,67,6e,70,65,61,63,69,66,00,.. "naeccmcndngmfnapoheiknhlkdol"=hex:69,61,61,6b,6a,69,6e,6f,69,6e,66,6f,6f,61,6e,6e,65,6a,00,00 scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 [b]Remaining Services [/b]: Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Gry\\Valve\\Steam\\SteamApps\\rafi992\\counter-strike\\hl.exe"="C:\\Gry\\Valve\\Steam\\SteamApps\\rafi992\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher" "C:\\Documents and Settings\\All Users\\Dane aplikacji\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 2009\\Polish\\setup.exe"="C:\\Documents and Settings\\All Users\\Dane aplikacji\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 2009\\Polish\\setup.exe:*:Enabled:Kaspersky Anti-Virus 2009 Setup" "C:\\Programy\\BitTorrent\\bittorrent.exe"="C:\\Programy\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent" "C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test" "C:\\Dema\\Electronic Arts\\Crytek\\Crysis SP Demo\\Bin32\\Crysis.exe"="C:\\Dema\\Electronic Arts\\Crytek\\Crysis SP Demo\\Bin32\\Crysis.exe:*:Enabled:Crysis_32_sp_demo" "C:\\Dema\\Codemasters\\GRID Demo\\GRID.exe"="C:\\Dema\\Codemasters\\GRID Demo\\GRID.exe:*:Enabled:GRID Demo" "C:\\WINDOWS\\system32\\muzapp.exe"="C:\\WINDOWS\\system32\\muzapp.exe:*:Enabled:MUZ AOD APP player" "C:\\Programy\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Programy\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "C:\\Programy\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Programy\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove" "C:\\Programy\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Programy\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote" "C:\\Gry\\World of Warcraft\\BackgroundDownloader.exe"="C:\\Gry\\World of Warcraft\\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader" "C:\\Programy\\Ares\\Ares.exe"="C:\\Programy\\Ares\\Ares.exe:*:Enabled:Ares p2p for windows" "C:\\Gry\\Valve\\Steam\\SteamApps\\rafi992\\team fortress 2\\hl2.exe"="C:\\Gry\\Valve\\Steam\\SteamApps\\rafi992\\team fortress 2\\hl2.exe:*:Enabled:hl2" "C:\\Gry\\Grid\\GRID.exe"="C:\\Gry\\Grid\\GRID.exe:*:Enabled:GRID Executable" "C:\\Gry\\Opera\\opera.exe"="C:\\Gry\\Opera\\opera.exe:*:Enabled:Opera Internet Browser" "C:\\Gry\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"="C:\\Gry\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club" "C:\\Gry\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"="C:\\Gry\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Gry\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"="C:\\Gry\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe:*:Enabled:Grand Theft Auto IV" "C:\\Gry\\SopCast\\adv\\SopAdver.exe"="C:\\Gry\\SopCast\\adv\\SopAdver.exe:*:Enabled:SopCast Adver" "C:\\Gry\\Tibia\\Tibia.exe"="C:\\Gry\\Tibia\\Tibia.exe:*:Enabled:Tibia Player" "C:\\Gry\\Valve\\Steam\\Steam.exe"="C:\\Gry\\Valve\\Steam\\Steam.exe:*:Enabled:Steam" "C:\\Gry\\Sports Interactive\\Football Manager 2009\\fm.exe"="C:\\Gry\\Sports Interactive\\Football Manager 2009\\fm.exe:*:Enabled:Football Manager 2009" "C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule" "C:\\Gry\\Saints Row 2\\SR2_pc.exe"="C:\\Gry\\Saints Row 2\\SR2_pc.exe:*:Enabled:SR2_pc" "C:\\Gry\\Reality Pump\\Two Worlds\\TwoWorlds.exe"="C:\\Gry\\Reality Pump\\Two Worlds\\TwoWorlds.exe:*:Enabled:Two Worlds" "C:\\Gry\\Reality Pump\\Two Worlds\\TwoWorlds_RADEON.exe"="C:\\Gry\\Reality Pump\\Two Worlds\\TwoWorlds_RADEON.exe:*:Enabled:Two Worlds" "C:\\Gry\\EA Games\\Mirror's Edge\\Binaries\\MirrorsEdge.exe"="C:\\Gry\\EA Games\\Mirror's Edge\\Binaries\\MirrorsEdge.exe:*:Enabled:Mirror's Edge™" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" [b]Remaining Files [/b]: [b]Files with Hidden Attributes [/b]: Wed 3 Sep 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp" Wed 10 Dec 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\73a2b837fd570c01cee685772aade693\BIT16.tmp" Wed 10 Dec 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\8a8e46f14ac89b46453f76fc31bb36b3\BIT14.tmp" Wed 28 Jan 2009 7,768 ...HR --- "C:\Documents and Settings\Krzysztof\Dane aplikacji\SecuROM\UserData\securom_v7_01.bak" [b]Finished![/b]

Combo :

Kod: Zaznacz wszystko: ComboFix 09-02-01.01 - Krzysztof 2009-02-02 20:22:54.3 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1045.18.3326.2816 [GMT 1:00] Uruchomiony z: c:\gry\SKAN KOMPA\ComboFix.exe AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !! . ((((((((((((((((((((((((( Pliki utworzone od 2009-01-02 do 2009-02-02 ))))))))))))))))))))))))))))))) . 2009-02-02 19:28 . 2009-02-02 20:16 <DIR> d-------- C:\SDFix 2009-01-31 15:44 . 2009-01-31 15:44 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Blizzard 2009-01-25 20:09 . 2009-01-25 20:09 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Electronic Arts 2009-01-24 19:56 . 2009-01-24 20:02 2,524 --a------ C:\272543531 2009-01-24 19:56 . 2009-01-24 20:02 2,473 --a------ C:\aoewakhr.exe 2009-01-24 19:56 . 2009-01-24 20:02 2,472 --a------ C:\dplkq.exe 2009-01-24 19:56 . 2009-01-24 20:02 2,470 --a------ C:\svekfg.exe 2009-01-24 19:56 . 2009-01-24 20:02 2,470 --a------ C:\rdywn.exe 2009-01-24 19:56 . 2009-01-24 20:02 2,470 --a------ C:\msoipn.exe 2009-01-24 19:56 . 2009-01-24 20:02 2,470 --a------ C:\fsir.exe 2009-01-24 19:56 . 2009-01-24 20:02 2,469 --a------ C:\jusay.exe 2009-01-23 13:57 . 2009-01-23 14:02 <DIR> d-------- c:\documents and settings\Krzysztof\Dane aplikacji\TwoWorldsCP 2009-01-23 13:39 . 2009-01-23 13:39 <DIR> d-------- C:\cda 2009-01-17 23:27 . 2009-01-17 23:27 <DIR> d-------- c:\program files\Nowy folder 2009-01-14 17:04 . 2009-01-15 01:21 1,080 --a------ c:\windows\system32\settingsbkup.sfm 2009-01-14 17:04 . 2009-01-15 01:21 1,080 --a------ c:\windows\system32\settings.sfm 2009-01-14 16:52 . 2009-02-02 19:30 54,928 --a------ c:\windows\system32\BMXState-{00000005-00000000-00000000-00001102-00000005-00331102}.rfx 2009-01-14 16:52 . 2009-02-02 19:30 788 --a------ c:\windows\system32\DVCState-{00000005-00000000-00000000-00001102-00000005-00331102}.rfx 2009-01-14 16:02 . 2009-01-14 16:02 <DIR> d-------- c:\program files\Common Files\Creative Labs Shared 2009-01-12 19:15 . 2009-01-12 19:15 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Creative Labs 2009-01-12 18:17 . 2003-06-12 23:25 7,062 --a------ c:\windows\system32\audiopid.vxd 2009-01-12 16:50 . 2009-02-02 19:30 54,928 --a------ c:\windows\system32\BMXStateBkp-{00000005-00000000-00000000-00001102-00000005-00331102}.rfx 2009-01-12 16:48 . 2008-02-04 10:27 102,400 --a------ c:\windows\system32\cttele32.dll 2009-01-12 16:47 . 2009-01-14 16:50 <DIR> d-------- c:\windows\system32\Data 2009-01-12 16:47 . 2008-09-25 15:40 20,888,640 --a------ c:\windows\system32\AppSetup.exe 2009-01-06 12:11 . 2009-01-06 12:11 96,976 --a------ c:\windows\system32\drivers\klin.dat 2009-01-06 12:11 . 2009-01-06 12:11 87,855 --a------ c:\windows\system32\drivers\klick.dat 2009-01-06 12:10 . 2009-02-02 20:19 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab 2009-01-06 12:10 . 2009-02-02 20:16 4,501,536 --ahs---- c:\windows\system32\drivers\fidbox.dat 2009-01-06 12:10 . 2009-02-02 20:09 835,616 --ahs---- c:\windows\system32\drivers\fidbox2.dat 2009-01-06 12:10 . 2009-02-02 20:15 36,248 --ahs---- c:\windows\system32\drivers\fidbox.idx 2009-01-06 12:10 . 2009-02-02 20:09 3,936 --ahs---- c:\windows\system32\drivers\fidbox2.idx 2009-01-05 12:41 . 2009-01-05 12:41 <DIR> d-------- c:\documents and settings\Krzysztof\Dane aplikacji\DAEMON Tools Pro 2009-01-05 12:41 . 2009-01-05 12:41 <DIR> d-------- c:\documents and settings\Krzysztof\Dane aplikacji\DAEMON Tools 2009-01-05 12:23 . 2009-01-05 12:23 <DIR> d-------- c:\documents and settings\Krzysztof\Dane aplikacji\DAEMON Tools Lite 2009-01-05 12:23 . 2009-01-05 12:23 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\DAEMON Tools Lite 2009-01-03 20:06 . 2009-01-03 20:06 <DIR> d-------- c:\program files\ipla 2009-01-03 20:06 . 2009-01-03 20:07 <DIR> d-------- c:\documents and settings\Krzysztof\Dane aplikacji\ipla 2009-01-03 20:06 . 2009-01-03 20:07 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\ipla 2009-01-03 13:43 . 2009-01-03 13:43 0 --a------ C:\LHT13.tmp . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-02 18:00 --------- d-----w c:\program files\Neostrada TP 2009-02-02 16:47 --------- d-----w c:\documents and settings\Krzysztof\Dane aplikacji\BitTorrent 2009-02-02 13:02 --------- d-----w c:\program files\eMule 2009-01-31 14:35 --------- d-----w c:\program files\Common Files\Blizzard Entertainment 2009-01-28 12:56 --------- d---a-w c:\documents and settings\All Users\Dane aplikacji\TEMP 2009-01-25 12:26 --------- d-----w c:\program files\Common Files\Wise Installation Wizard 2009-01-25 12:26 --------- d-----w c:\program files\AGEIA Technologies 2009-01-23 19:04 --------- d-----w c:\program files\Google 2009-01-14 16:06 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Creative 2009-01-14 16:02 --------- d--h--w c:\program files\InstallShield Installation Information 2009-01-14 15:50 444,952 ----a-w c:\windows\system32\wrap_oal.dll 2009-01-14 15:50 109,080 ----a-w c:\windows\system32\OpenAL32.dll 2009-01-14 15:49 --------- d-----w c:\program files\Creative 2009-01-12 18:11 --------- d-----w c:\documents and settings\Krzysztof\Dane aplikacji\Creative 2009-01-12 15:48 --------- d-----w c:\program files\OpenAL 2009-01-05 11:01 717,296 ----a-w c:\windows\system32\drivers\sptd.sys 2009-01-01 13:29 --------- d-----w c:\documents and settings\Krzysztof\Dane aplikacji\Sports Interactive 2009-01-01 13:14 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Sports Interactive 2008-12-31 23:21 --------- d--h--w c:\program files\Zero G Registry 2008-12-28 16:40 --------- d-----w c:\program files\Common Files\Logitech 2008-12-28 16:40 --------- d-----w c:\program files\Common Files\Logishrd 2008-12-19 23:30 81,920 ----a-w c:\windows\system32\frapsvid.dll 2008-12-18 20:10 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\ATI 2008-12-18 20:07 --------- d-----w c:\program files\ATI Technologies 2008-12-15 12:45 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf 2008-12-13 11:09 1,700,352 ----a-w c:\windows\system32\gdiplus.dll 2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys 2008-12-10 17:57 --------- d-----w c:\program files\Microsoft Games for Windows - LIVE 2008-12-02 19:01 138,184 ----a-w c:\windows\system32\drivers\PnkBstrK.sys 2008-12-02 19:00 183,112 ----a-w c:\windows\system32\PnkBstrB.exe 2008-11-21 17:49 66,872 ----a-w c:\windows\system32\PnkBstrA.exe 2008-11-11 19:00 218,376 ----a-w c:\windows\system32\klogon.dll 2008-11-10 17:50 16,608 ----a-w c:\windows\gdrv.sys 2008-09-04 19:50 92,064 ----a-w c:\documents and settings\Krzysztof\mqdmmdm.sys 2008-09-04 19:50 9,232 ----a-w c:\documents and settings\Krzysztof\mqdmmdfl.sys 2008-09-04 19:50 79,328 ----a-w c:\documents and settings\Krzysztof\mqdmserd.sys 2008-09-04 19:50 66,656 ----a-w c:\documents and settings\Krzysztof\mqdmbus.sys 2008-09-04 19:50 6,208 ----a-w c:\documents and settings\Krzysztof\mqdmcmnt.sys 2008-09-04 19:50 5,936 ----a-w c:\documents and settings\Krzysztof\mqdmwhnt.sys 2008-09-04 19:50 4,048 ----a-w c:\documents and settings\Krzysztof\mqdmcr.sys 2008-09-04 19:50 25,600 ----a-w c:\documents and settings\Krzysztof\usbsermptxp.sys 2008-09-04 19:50 22,768 ----a-w c:\documents and settings\Krzysztof\usbsermpt.sys . ((((((((((((((((((((((((((((( snapshot@2009-02-02_19.09.03.81 ))))))))))))))))))))))))))))))))))))))))) . - 2009-02-02 18:02:02 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE + 2009-02-02 19:22:04 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE - 2008-12-19 17:29:01 532,480 ----a-w c:\windows\ERUNT\SDFIX\Users\[u]0[/u]0000001\NTUSER.DAT + 2009-02-02 18:32:54 552,960 ----a-w c:\windows\ERUNT\SDFIX\Users\[u]0[/u]0000001\NTUSER.DAT - 2008-12-19 17:29:01 8,192 ----a-w c:\windows\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat + 2009-02-02 18:32:54 8,192 ----a-w c:\windows\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "AutoConnect"="c:\programy\AutoConnect\AutoConnect.exe" [2004-08-28 295424] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-15 68856] "CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-08-07 700416] "AlcoholAutomount"="c:\gry\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-11-23 203720] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864] "36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-08-29 1966080] "Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "NETIANET"="c:\program files\Netia\Net\netianet.exe" [2008-09-01 493568] "SMSTray"="c:\programy\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-02-23 126976] "MAAgent"="c:\program files\MarkAny\ContentSafer\MAAgent.exe" [2007-01-30 57344] "GrooveMonitor"="c:\programy\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-09-11 185896] "PCSuiteTrayApplication"="c:\programy\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 271360] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 221184] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920] "QuickTime Task"="c:\programy\QuickTime\qttask.exe" [2008-09-06 413696] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440] "AVP"="c:\programy\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2008-11-11 206088] "VolPanel"="c:\program files\Creative\Volume Panel\VolPanlu.exe" [2008-08-06 233576] "RTHDCPL"="RTHDCPL.EXE" [2008-07-31 c:\windows\RTHDCPL.EXE] "SoundMan"="SOUNDMAN.EXE" [2008-06-18 c:\windows\SOUNDMAN.EXE] "AlcWzrd"="ALCWZRD.EXE" [2008-06-19 c:\windows\ALCWZRD.EXE] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe] "CTxfiHlp"="CTXFIHLP.EXE" [2008-10-07 c:\windows\system32\Ctxfihlp.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "Nokia.PCSync"="c:\programy\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088] c:\documents and settings\All Users\Menu Start\Programy\Autostart\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-10-30 113664] DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-09-01 962661] Logitech SetPoint.lnk - c:\programy\Logitech\SetPoint\SetPoint.exe [2008-12-28 805392] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{88485281-8b4b-4f8d-9ede-82e29a064277}"= "c:\progra~1\MarkAny\CONTEN~1\MACSMA~1.DLL" [2004-11-23 192512] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2008-05-02 02:42 72208 c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Gry\\Valve\\Steam\\SteamApps\\rafi992\\counter-strike\\hl.exe"= "c:\\Documents and Settings\\All Users\\Dane aplikacji\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 2009\\Polish\\setup.exe"= "c:\\Programy\\BitTorrent\\bittorrent.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Dema\\Electronic Arts\\Crytek\\Crysis SP Demo\\Bin32\\Crysis.exe"= "c:\\Dema\\Codemasters\\GRID Demo\\GRID.exe"= "c:\\WINDOWS\\system32\\muzapp.exe"= "c:\\Programy\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Programy\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Programy\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Gry\\World of Warcraft\\BackgroundDownloader.exe"= "c:\\Programy\\Ares\\Ares.exe"= "c:\\Gry\\Valve\\Steam\\SteamApps\\rafi992\\team fortress 2\\hl2.exe"= "c:\\Gry\\Grid\\GRID.exe"= "c:\\Gry\\Opera\\opera.exe"= "c:\\Gry\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"= "c:\\Gry\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Gry\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"= "c:\\Gry\\SopCast\\adv\\SopAdver.exe"= "c:\\Gry\\Tibia\\Tibia.exe"= "c:\\Gry\\Valve\\Steam\\Steam.exe"= "c:\\Gry\\Sports Interactive\\Football Manager 2009\\fm.exe"= "c:\\Program Files\\eMule\\emule.exe"= "c:\\Gry\\Saints Row 2\\SR2_pc.exe"= "c:\\Gry\\Reality Pump\\Two Worlds\\TwoWorlds.exe"= "c:\\Gry\\Reality Pump\\Two Worlds\\TwoWorlds_RADEON.exe"= "c:\\Gry\\EA Games\\Mirror's Edge\\Binaries\\MirrorsEdge.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784] R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2008-10-08 171032] R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2008-10-08 1324056] R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2008-10-08 72728] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-04-30 24592] S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-01-14 79360] S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2008-10-08 171032] S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2008-10-08 1324056] S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2008-10-08 72728] S3 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\GEST\GSvr.exe [2008-09-01 47624] . . ------- Skan uzupełniający ------- . uSearch Page = hxxp://www.google.com uStart Page = hxxp://www.allegro.pl/ uSearch Bar = hxxp://www.google.com/ie mStart Page = hxxp://www.yahoo.com uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Download with GetRight Pro - c:\programy\GetRight\GRdownload.htm IE: E&ksportuj do programu Microsoft Excel - c:\programy\MICROS~1\Office12\EXCEL.EXE/3000 IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html IE: Open with GetRight Pro Browser - c:\programy\GetRight\GRbrowse.htm IE: { - c:\program files\Messenger\msmsgs.exe TCP: {832088B4-C1C5-4012-8506-C55FFC782CAB} = 213.241.79.37 83.238.255.76 DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-02 20:23:47 Windows 5.1.2600 Dodatek Service Pack 3 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run CTxfiHlp = CTXFIHLP.EXE? skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- [HKEY_USERS\S-1-5-21-776561741-1788223648-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8971B1B8-F8DF-CF42-22F1-79F0E4EB747D}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "oageidejfbnhfiniflblkgklimpcej"=hex:64,61,68,6b,67,66,68,69,00,70 "oakbahakofbpbbinefgfdeikdbpfid"=hex:6a,61,68,6b,65,69,68,67,61,69,62,6a,67,6e, 70,65,61,63,69,66,00,fd "naeccmcndngmfnapoheiknhlkdol"=hex:69,61,61,6b,6a,69,6e,6f,69,6e,66,6f,6f,61, 6e,6e,65,6a,00,00 [HKEY_USERS\S-1-5-21-776561741-1788223648-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:13,ef,de,47,37,a5,91,36,35,51,18,36,4d,a8,19,76,d3,9a,2c,c0,82,62,14, b6,8a,57,ef,86,3c,ef,bf,eb,61,db,b0,5d,b6,26,67,95,37,01,88,e3,0d,3a,58,5f,\ "??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50 [HKEY_USERS\S-1-5-21-776561741-1788223648-839522115-1004\Software\SecuROM\License information*] "datasecu"=hex:5e,26,b2,08,09,9e,c8,5d,a7,21,d9,4e,52,bc,bf,b6,76,44,66,6c,0a, f1,f0,f9,64,f0,26,dc,81,2d,56,b2,a6,a6,4f,f1,bc,b5,0c,83,d3,16,47,63,7e,5d,\ "rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98 . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'winlogon.exe'(988) c:\windows\system32\Ati2evxx.dll c:\program files\common files\logitech\bluetooth\LBTWlgn.dll c:\program files\common files\logitech\bluetooth\LBTServ.dll . Czas ukończenia: 2009-02-02 20:24:36 ComboFix-quarantined-files.txt 2009-02-02 19:24:31 ComboFix2.txt 2009-02-02 18:09:38 Przed: 192 444 616 704 bajtów wolnych Po: 192,446,099,456 bajtów wolnych 255 --- E O F --- 2009-01-14 09:43:53

HJ :

Kod: Zaznacz wszystko: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:25:17, on 2009-02-02 Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Creative\Shared Files\CTAudSvc.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Gry\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Netia\Net\netianet.exe C:\Program Files\MarkAny\ContentSafer\MAAgent.exe C:\Programy\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Programy\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Creative\Volume Panel\VolPanlu.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\WINDOWS\system32\ctfmon.exe C:\Programy\AutoConnect\AutoConnect.exe C:\WINDOWS\SYSTEM32\CTXFISPI.EXE C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\Programy\Logitech\SetPoint\SetPoint.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\explorer.exe C:\Gry\SKAN KOMPA\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.allegro.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programy\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programy\Real player\rpbrowserrecordplugin.dll O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Programy\GetRight\xx2gr.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programy\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programy\MICROS~1\Office12\GRA8E1~1.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [NETIANET] C:\Program Files\Netia\Net\netianet.exe -auto O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [SMSTray] C:\Programy\Samsung\Samsung Media Studio 5\SMSTray.exe O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programy\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programy\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [QuickTime Task] "C:\Programy\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [AVP] "C:\Programy\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Volume Panel\VolPanlu.exe" /r O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [AutoConnect] C:\Programy\AutoConnect\AutoConnect.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Gry\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Programy\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Programy\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: Download with GetRight Pro - C:\Programy\GetRight\GRdownload.htm O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\Programy\MICROS~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Open with GetRight Pro Browser - C:\Programy\GetRight\GRbrowse.htm O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programy\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programy\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programy\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programy\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/ocx/15106/CTPID.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{832088B4-C1C5-4012-8506-C55FFC782CAB}: NameServer = 213.241.79.37 83.238.255.76 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programy\MICROS~1\Office12\GR99D3~1.DLL O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Programy\Ares\chatServer.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Programy\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\GEST\GSvr.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Gry\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- End of file - 11332 bytes

**Posty:** 8001 · przez **Okocza** 02 Lut 2009, 21:38

wklej w notatnik:

Kod: Zaznacz wszystko: File:: C:\272543531 C:\aoewakhr.exe C:\dplkq.exe C:\svekfg.exe C:\rdywn.exe C:\msoipn.exe C:\fsir.exe C:\jusay.exe C:\LHT13.tmp Registry:: [-hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

Plik >>> zapisz jako CFScript.txt .Plik przeciągnij i upuść na ikonę ComboFixa (tak jak tu ) . odczekaj az wygeneruje sie nowy log i go daj na forum

te pliki przeskanuj na www.virustotal.com i daj raport:

c:\windows\system32\BMXState-{00000005-00000000-00000000-00001102-00000005-00331102}.rfx
c:\windows\system32\DVCState-{00000005-00000000-00000000-00001102-00000005-00331102}.rfx

**Posty:** 468 · przez **rafi9-92** 02 Lut 2009, 21:55

Combo :

Kod: Zaznacz wszystko: ComboFix 09-02-01.01 - Krzysztof 2009-02-02 20:48:05.4 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1045.18.3326.2774 [GMT 1:00] Uruchomiony z: c:\gry\SKAN KOMPA\ComboFix.exe Użyto następujących komend :: c:\documents and settings\Krzysztof\Pulpit\CFScript.txt AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) * Utworzono nowy punkt przywracania UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !! FILE :: C:\272543531 C:\aoewakhr.exe C:\dplkq.exe C:\fsir.exe C:\jusay.exe C:\LHT13.tmp C:\msoipn.exe C:\rdywn.exe C:\svekfg.exe . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\272543531 C:\aoewakhr.exe C:\dplkq.exe C:\fsir.exe C:\jusay.exe C:\LHT13.tmp C:\msoipn.exe C:\rdywn.exe C:\svekfg.exe . ((((((((((((((((((((((((( Pliki utworzone od 2009-01-02 do 2009-02-02 ))))))))))))))))))))))))))))))) . 2009-02-02 20:45 . 2009-02-02 20:45 <DIR> d-------- c:\documents and settings\Krzysztof\Nowy folder (4) 2009-02-02 20:45 . 2009-02-02 20:45 <DIR> d-------- c:\documents and settings\Krzysztof\Nowy folder (3) 2009-02-02 20:45 . 2009-02-02 20:45 <DIR> d-------- c:\documents and settings\Krzysztof\Nowy folder (2) 2009-02-02 20:45 . 2009-02-02 20:45 <DIR> d-------- c:\documents and settings\Krzysztof\Nowy folder 2009-02-02 19:28 . 2009-02-02 20:16 <DIR> d-------- C:\SDFix 2009-01-31 15:44 . 2009-01-31 15:44 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Blizzard 2009-01-25 20:09 . 2009-01-25 20:09 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Electronic Arts 2009-01-23 13:57 . 2009-01-23 14:02 <DIR> d-------- c:\documents and settings\Krzysztof\Dane aplikacji\TwoWorldsCP 2009-01-23 13:39 . 2009-01-23 13:39 <DIR> d-------- C:\cda 2009-01-17 23:27 . 2009-01-17 23:27 <DIR> d-------- c:\program files\Nowy folder 2009-01-14 17:04 . 2009-01-15 01:21 1,080 --a------ c:\windows\system32\settingsbkup.sfm 2009-01-14 17:04 . 2009-01-15 01:21 1,080 --a------ c:\windows\system32\settings.sfm 2009-01-14 16:52 . 2009-02-02 19:30 54,928 --a------ c:\windows\system32\BMXState-{00000005-00000000-00000000-00001102-00000005-00331102}.rfx 2009-01-14 16:52 . 2009-02-02 19:30 788 --a------ c:\windows\system32\DVCState-{00000005-00000000-00000000-00001102-00000005-00331102}.rfx 2009-01-14 16:02 . 2009-01-14 16:02 <DIR> d-------- c:\program files\Common Files\Creative Labs Shared 2009-01-12 19:15 . 2009-01-12 19:15 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Creative Labs 2009-01-12 18:17 . 2003-06-12 23:25 7,062 --a------ c:\windows\system32\audiopid.vxd 2009-01-12 16:50 . 2009-02-02 19:30 54,928 --a------ c:\windows\system32\BMXStateBkp-{00000005-00000000-00000000-00001102-00000005-00331102}.rfx 2009-01-12 16:48 . 2008-02-04 10:27 102,400 --a------ c:\windows\system32\cttele32.dll 2009-01-12 16:47 . 2009-01-14 16:50 <DIR> d-------- c:\windows\system32\Data 2009-01-12 16:47 . 2008-09-25 15:40 20,888,640 --a------ c:\windows\system32\AppSetup.exe 2009-01-06 12:11 . 2009-01-06 12:11 96,976 --a------ c:\windows\system32\drivers\klin.dat 2009-01-06 12:11 . 2009-01-06 12:11 87,855 --a------ c:\windows\system32\drivers\klick.dat 2009-01-06 12:10 . 2009-02-02 20:25 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab 2009-01-06 12:10 . 2009-02-02 20:16 4,501,536 --ahs---- c:\windows\system32\drivers\fidbox.dat 2009-01-06 12:10 . 2009-02-02 20:47 843,808 --ahs---- c:\windows\system32\drivers\fidbox2.dat 2009-01-06 12:10 . 2009-02-02 20:15 36,248 --ahs---- c:\windows\system32\drivers\fidbox.idx 2009-01-06 12:10 . 2009-02-02 20:47 3,964 --ahs---- c:\windows\system32\drivers\fidbox2.idx 2009-01-05 12:41 . 2009-01-05 12:41 <DIR> d-------- c:\documents and settings\Krzysztof\Dane aplikacji\DAEMON Tools Pro 2009-01-05 12:41 . 2009-01-05 12:41 <DIR> d-------- c:\documents and settings\Krzysztof\Dane aplikacji\DAEMON Tools 2009-01-05 12:23 . 2009-01-05 12:23 <DIR> d-------- c:\documents and settings\Krzysztof\Dane aplikacji\DAEMON Tools Lite 2009-01-05 12:23 . 2009-01-05 12:23 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\DAEMON Tools Lite 2009-01-03 20:06 . 2009-01-03 20:06 <DIR> d-------- c:\program files\ipla 2009-01-03 20:06 . 2009-01-03 20:07 <DIR> d-------- c:\documents and settings\Krzysztof\Dane aplikacji\ipla 2009-01-03 20:06 . 2009-01-03 20:07 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\ipla . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-02 18:00 --------- d-----w c:\program files\Neostrada TP 2009-02-02 16:47 --------- d-----w c:\documents and settings\Krzysztof\Dane aplikacji\BitTorrent 2009-02-02 13:02 --------- d-----w c:\program files\eMule 2009-01-31 14:35 --------- d-----w c:\program files\Common Files\Blizzard Entertainment 2009-01-28 12:56 --------- d---a-w c:\documents and settings\All Users\Dane aplikacji\TEMP 2009-01-25 12:26 --------- d-----w c:\program files\Common Files\Wise Installation Wizard 2009-01-25 12:26 --------- d-----w c:\program files\AGEIA Technologies 2009-01-23 19:04 --------- d-----w c:\program files\Google 2009-01-14 16:06 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Creative 2009-01-14 16:02 --------- d--h--w c:\program files\InstallShield Installation Information 2009-01-14 15:50 444,952 ----a-w c:\windows\system32\wrap_oal.dll 2009-01-14 15:50 109,080 ----a-w c:\windows\system32\OpenAL32.dll 2009-01-14 15:49 --------- d-----w c:\program files\Creative 2009-01-12 18:11 --------- d-----w c:\documents and settings\Krzysztof\Dane aplikacji\Creative 2009-01-12 15:48 --------- d-----w c:\program files\OpenAL 2009-01-05 11:01 717,296 ----a-w c:\windows\system32\drivers\sptd.sys 2009-01-01 13:29 --------- d-----w c:\documents and settings\Krzysztof\Dane aplikacji\Sports Interactive 2009-01-01 13:14 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Sports Interactive 2008-12-31 23:21 --------- d--h--w c:\program files\Zero G Registry 2008-12-28 16:40 --------- d-----w c:\program files\Common Files\Logitech 2008-12-28 16:40 --------- d-----w c:\program files\Common Files\Logishrd 2008-12-19 23:30 81,920 ----a-w c:\windows\system32\frapsvid.dll 2008-12-18 20:10 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\ATI 2008-12-18 20:07 --------- d-----w c:\program files\ATI Technologies 2008-12-15 12:45 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf 2008-12-13 11:09 1,700,352 ----a-w c:\windows\system32\gdiplus.dll 2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys 2008-12-10 17:57 --------- d-----w c:\program files\Microsoft Games for Windows - LIVE 2008-12-02 19:01 138,184 ----a-w c:\windows\system32\drivers\PnkBstrK.sys 2008-12-02 19:00 183,112 ----a-w c:\windows\system32\PnkBstrB.exe 2008-11-21 17:49 66,872 ----a-w c:\windows\system32\PnkBstrA.exe 2008-11-11 19:00 218,376 ----a-w c:\windows\system32\klogon.dll 2008-11-10 17:50 16,608 ----a-w c:\windows\gdrv.sys 2008-09-04 19:50 92,064 ----a-w c:\documents and settings\Krzysztof\mqdmmdm.sys 2008-09-04 19:50 9,232 ----a-w c:\documents and settings\Krzysztof\mqdmmdfl.sys 2008-09-04 19:50 79,328 ----a-w c:\documents and settings\Krzysztof\mqdmserd.sys 2008-09-04 19:50 66,656 ----a-w c:\documents and settings\Krzysztof\mqdmbus.sys 2008-09-04 19:50 6,208 ----a-w c:\documents and settings\Krzysztof\mqdmcmnt.sys 2008-09-04 19:50 5,936 ----a-w c:\documents and settings\Krzysztof\mqdmwhnt.sys 2008-09-04 19:50 4,048 ----a-w c:\documents and settings\Krzysztof\mqdmcr.sys 2008-09-04 19:50 25,600 ----a-w c:\documents and settings\Krzysztof\usbsermptxp.sys 2008-09-04 19:50 22,768 ----a-w c:\documents and settings\Krzysztof\usbsermpt.sys . ((((((((((((((((((((((((((((( snapshot@2009-02-02_19.09.03.81 ))))))))))))))))))))))))))))))))))))))))) . - 2009-02-02 18:02:02 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE + 2009-02-02 19:47:15 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE - 2008-12-19 17:29:01 532,480 ----a-w c:\windows\ERUNT\SDFIX\Users\[u]0[/u]0000001\NTUSER.DAT + 2009-02-02 18:32:54 552,960 ----a-w c:\windows\ERUNT\SDFIX\Users\[u]0[/u]0000001\NTUSER.DAT - 2008-12-19 17:29:01 8,192 ----a-w c:\windows\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat + 2009-02-02 18:32:54 8,192 ----a-w c:\windows\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "AutoConnect"="c:\programy\AutoConnect\AutoConnect.exe" [2004-08-28 295424] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-15 68856] "CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-08-07 700416] "AlcoholAutomount"="c:\gry\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-11-23 203720] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864] "36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-08-29 1966080] "Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "NETIANET"="c:\program files\Netia\Net\netianet.exe" [2008-09-01 493568] "SMSTray"="c:\programy\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-02-23 126976] "MAAgent"="c:\program files\MarkAny\ContentSafer\MAAgent.exe" [2007-01-30 57344] "GrooveMonitor"="c:\programy\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-09-11 185896] "PCSuiteTrayApplication"="c:\programy\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 271360] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 221184] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920] "QuickTime Task"="c:\programy\QuickTime\qttask.exe" [2008-09-06 413696] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440] "AVP"="c:\programy\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2008-11-11 206088] "VolPanel"="c:\program files\Creative\Volume Panel\VolPanlu.exe" [2008-08-06 233576] "RTHDCPL"="RTHDCPL.EXE" [2008-07-31 c:\windows\RTHDCPL.EXE] "SoundMan"="SOUNDMAN.EXE" [2008-06-18 c:\windows\SOUNDMAN.EXE] "AlcWzrd"="ALCWZRD.EXE" [2008-06-19 c:\windows\ALCWZRD.EXE] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe] "CTxfiHlp"="CTXFIHLP.EXE" [2008-10-07 c:\windows\system32\Ctxfihlp.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "Nokia.PCSync"="c:\programy\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088] c:\documents and settings\All Users\Menu Start\Programy\Autostart\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-10-30 113664] DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-09-01 962661] Logitech SetPoint.lnk - c:\programy\Logitech\SetPoint\SetPoint.exe [2008-12-28 805392] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2008-05-02 02:42 72208 c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Gry\\Valve\\Steam\\SteamApps\\rafi992\\counter-strike\\hl.exe"= "c:\\Documents and Settings\\All Users\\Dane aplikacji\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 2009\\Polish\\setup.exe"= "c:\\Programy\\BitTorrent\\bittorrent.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Dema\\Electronic Arts\\Crytek\\Crysis SP Demo\\Bin32\\Crysis.exe"= "c:\\Dema\\Codemasters\\GRID Demo\\GRID.exe"= "c:\\WINDOWS\\system32\\muzapp.exe"= "c:\\Programy\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Programy\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Programy\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Gry\\World of Warcraft\\BackgroundDownloader.exe"= "c:\\Programy\\Ares\\Ares.exe"= "c:\\Gry\\Valve\\Steam\\SteamApps\\rafi992\\team fortress 2\\hl2.exe"= "c:\\Gry\\Grid\\GRID.exe"= "c:\\Gry\\Opera\\opera.exe"= "c:\\Gry\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"= "c:\\Gry\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Gry\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"= "c:\\Gry\\SopCast\\adv\\SopAdver.exe"= "c:\\Gry\\Tibia\\Tibia.exe"= "c:\\Gry\\Valve\\Steam\\Steam.exe"= "c:\\Gry\\Sports Interactive\\Football Manager 2009\\fm.exe"= "c:\\Program Files\\eMule\\emule.exe"= "c:\\Gry\\Saints Row 2\\SR2_pc.exe"= "c:\\Gry\\Reality Pump\\Two Worlds\\TwoWorlds.exe"= "c:\\Gry\\Reality Pump\\Two Worlds\\TwoWorlds_RADEON.exe"= "c:\\Gry\\EA Games\\Mirror's Edge\\Binaries\\MirrorsEdge.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784] R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2008-10-08 171032] R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2008-10-08 1324056] R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2008-10-08 72728] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-04-30 24592] S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-01-14 79360] S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2008-10-08 171032] S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2008-10-08 1324056] S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2008-10-08 72728] S3 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\GEST\GSvr.exe [2008-09-01 47624] . . ------- Skan uzupełniający ------- . uSearch Page = hxxp://www.google.com uStart Page = hxxp://www.allegro.pl/ uSearch Bar = hxxp://www.google.com/ie mStart Page = hxxp://www.yahoo.com uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Download with GetRight Pro - c:\programy\GetRight\GRdownload.htm IE: E&ksportuj do programu Microsoft Excel - c:\programy\MICROS~1\Office12\EXCEL.EXE/3000 IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html IE: Open with GetRight Pro Browser - c:\programy\GetRight\GRbrowse.htm IE: { - c:\program files\Messenger\msmsgs.exe TCP: {832088B4-C1C5-4012-8506-C55FFC782CAB} = 213.241.79.37 83.238.255.76 DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-02 20:48:43 Windows 5.1.2600 Dodatek Service Pack 3 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run CTxfiHlp = CTXFIHLP.EXE? skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- [HKEY_USERS\S-1-5-21-776561741-1788223648-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8971B1B8-F8DF-CF42-22F1-79F0E4EB747D}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "oageidejfbnhfiniflblkgklimpcej"=hex:64,61,68,6b,67,66,68,69,00,70 "oakbahakofbpbbinefgfdeikdbpfid"=hex:6a,61,68,6b,65,69,68,67,61,69,62,6a,67,6e, 70,65,61,63,69,66,00,fd "naeccmcndngmfnapoheiknhlkdol"=hex:69,61,61,6b,6a,69,6e,6f,69,6e,66,6f,6f,61, 6e,6e,65,6a,00,00 [HKEY_USERS\S-1-5-21-776561741-1788223648-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:13,ef,de,47,37,a5,91,36,35,51,18,36,4d,a8,19,76,d3,9a,2c,c0,82,62,14, b6,8a,57,ef,86,3c,ef,bf,eb,61,db,b0,5d,b6,26,67,95,37,01,88,e3,0d,3a,58,5f,\ "??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50 [HKEY_USERS\S-1-5-21-776561741-1788223648-839522115-1004\Software\SecuROM\License information*] "datasecu"=hex:5e,26,b2,08,09,9e,c8,5d,a7,21,d9,4e,52,bc,bf,b6,76,44,66,6c,0a, f1,f0,f9,64,f0,26,dc,81,2d,56,b2,a6,a6,4f,f1,bc,b5,0c,83,d3,16,47,63,7e,5d,\ "rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98 . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'winlogon.exe'(988) c:\windows\system32\Ati2evxx.dll c:\program files\common files\logitech\bluetooth\LBTWlgn.dll c:\program files\common files\logitech\bluetooth\LBTServ.dll . Czas ukończenia: 2009-02-02 20:49:28 ComboFix-quarantined-files.txt 2009-02-02 19:49:24 ComboFix2.txt 2009-02-02 19:24:37 ComboFix3.txt 2009-02-02 18:09:38 Przed: 192 421 523 456 bajtów wolnych Po: 192,410,652,672 bajtów wolnych 273 --- E O F --- 2009-01-14 09:43:53

Skan z virustotal

Kod: Zaznacz wszystko: Plik BMXState-_00000005-00000000-00000 otrzymany 2009.02.02 20:44:15 (CET) Obecny status: zakończono Wynik: 0/39 (0.00%) Zwięzły Drukuj wyniki Antywirus Wersja Ostatnia aktualizacja Wynik a-squared 4.0.0.93 2009.02.02 - AhnLab-V3 5.0.0.2 2009.02.02 - AntiVir 7.9.0.71 2009.02.02 - Authentium 5.1.0.4 2009.02.02 - Avast 4.8.1281.0 2009.02.02 - AVG 8.0.0.229 2009.02.02 - BitDefender 7.2 2009.02.02 - CAT-QuickHeal 10.00 2009.02.02 - ClamAV 0.94.1 2009.02.02 - Comodo 959 2009.02.02 - DrWeb 4.44.0.09170 2009.02.02 - eSafe 7.0.17.0 2009.02.01 - eTrust-Vet 31.6.6337 2009.02.02 - F-Prot 4.4.4.56 2009.02.02 - F-Secure 8.0.14470.0 2009.02.02 - Fortinet 3.117.0.0 2009.02.02 - GData 19 2009.02.02 - Ikarus T3.1.1.45.0 2009.02.02 - K7AntiVirus 7.10.615 2009.02.02 - Kaspersky 7.0.0.125 2009.02.02 - McAfee 5514 2009.02.02 - McAfee+Artemis 5514 2009.02.02 - Microsoft 1.4306 2009.02.02 - NOD32 3819 2009.02.02 - Norman 6.00.02 2009.02.02 - nProtect 2009.1.8.0 2009.02.02 - Panda 9.5.1.2 2009.02.02 - PCTools 4.4.2.0 2009.02.02 - Prevx1 V2 2009.02.02 - Rising 21.14.61.00 2009.02.01 - SecureWeb-Gateway 6.7.6 2009.02.02 - Sophos 4.38.0 2009.02.02 - Sunbelt 3.2.1835.2 2009.01.16 - Symantec 10 2009.02.02 - TheHacker 6.3.1.5.243 2009.02.02 - TrendMicro 8.700.0.1004 2009.02.02 - VBA32 3.12.8.12 2009.02.01 - ViRobot 2009.2.2.1585 2009.02.02 - VirusBuster 4.5.11.0 2009.02.02 - Dodatkowe informacje File size: 54928 bytes MD5...: 871fecd2e6f63007aab966a3de48cddc SHA1..: d1b40eafc89bd937b213d9addea79cb082096707 SHA256: 49e5f283bca8ab58bc720534e73c0a9bdc4fc49563d832f3d72aa4d138424b1c SHA512: d260a4832382c29066be0adf210db32e8fc15aea91614f26a4d72591fb86b7a7 3ecda51a913ae4404fcabeb4c735df3fbe2e88e5e892debf51a4d80bef1d0766 ssdeep: 384:RKamX2316pD5CsjNjOJGofpIUmBnnW4KjiNOXuJZ866/FKeF3TYS9:RK35GI ZJWtjQOXuJN6dKeFDYS9 PEiD..: - TrID..: File type identification Unknown! PEInfo: -

2 skan :

Kod: Zaznacz wszystko: Plik DVCState-_00000005-00000000-00000 otrzymany 2009.02.02 20:52:42 (CET) Obecny status: Ładowanie ... w kolejce oczekuje skanowanie zakończono NIE ZNALEZIONO ZATRZYMANE Wynik: 0/39 (0%) Ładowanie informacji serwera... Twój plik czeka w kolejce na pozycji: 1. Oczekiwany czas rozpoczęcia zawiera się między 42 i 60 sekundy. Nie zamykaj tego okna, dopóki skanowanie nie zostanie ukończone. Skaner nie odpowiada, trwają próby odzyskania wyników skanowania. Jeśli potrwa to dłużej niż 5 minut, wyślik plik ponownie. Twój plik jest obecnie skanowany, wyniki będą pojawiać się stopniowo. Zwięzły Drukuj wyniki Twój plik wygasł lub nie istnieje. Usługa została wstrzymana. Twój plik będzie czekać na skanowanie (na pozycji: ) przez nieokreślony czas. Możesz czekać na odpowiedź (automatyczne przeładowanie) lub podać swój email poniżej i kliknąć "przypomnij", wtedy system poinformuje Cię o zakończeniu skanowania wysyłając email. Przypomnij: Antywirus Wersja Ostatnia aktualizacja Wynik a-squared 4.0.0.93 2009.02.02 - AhnLab-V3 5.0.0.2 2009.02.02 - AntiVir 7.9.0.71 2009.02.02 - Authentium 5.1.0.4 2009.02.02 - Avast 4.8.1281.0 2009.02.02 - AVG 8.0.0.229 2009.02.02 - BitDefender 7.2 2009.02.02 - CAT-QuickHeal 10.00 2009.02.02 - ClamAV 0.94.1 2009.02.02 - Comodo 959 2009.02.02 - DrWeb 4.44.0.09170 2009.02.02 - eSafe 7.0.17.0 2009.02.01 - eTrust-Vet 31.6.6337 2009.02.02 - F-Prot 4.4.4.56 2009.02.02 - F-Secure 8.0.14470.0 2009.02.02 - Fortinet 3.117.0.0 2009.02.02 - GData 19 2009.02.02 - Ikarus T3.1.1.45.0 2009.02.02 - K7AntiVirus 7.10.615 2009.02.02 - Kaspersky 7.0.0.125 2009.02.02 - McAfee 5514 2009.02.02 - McAfee+Artemis 5514 2009.02.02 - Microsoft 1.4306 2009.02.02 - NOD32 3819 2009.02.02 - Norman 6.00.02 2009.02.02 - nProtect 2009.1.8.0 2009.02.02 - Panda 9.5.1.2 2009.02.02 - PCTools 4.4.2.0 2009.02.02 - Prevx1 V2 2009.02.02 - Rising 21.14.61.00 2009.02.01 - SecureWeb-Gateway 6.7.6 2009.02.02 - Sophos 4.38.0 2009.02.02 - Sunbelt 3.2.1835.2 2009.01.16 - Symantec 10 2009.02.02 - TheHacker 6.3.1.5.243 2009.02.02 - TrendMicro 8.700.0.1004 2009.02.02 - VBA32 3.12.8.12 2009.02.01 - ViRobot 2009.2.2.1585 2009.02.02 - VirusBuster 4.5.11.0 2009.02.02 - Dodatkowe informacje File size: 788 bytes MD5...: a1f2007dc627c5cc8003f0d54ed3b166 SHA1..: 9fd3c110871af4c707183e92e3f1f6f37bf77358 SHA256: 184534aa25d0084f9d2621da128d928208bddce0760ca2db80ba270a7703d47d SHA512: 0d26e87e0456931bc11feb9e233b93620c729742d96d6e63303380d282949039 61780fd4a1c0c422006d11ed6c67d3e4e5d3ba5f2887866e7fbd60c8ddfb9d2a ssdeep: 24:+2cXd8Uvc0SQL8qTL84xB8svp6IQQQQQQ/IQQQQQQ:b09vcBaP7BnvDQQQQQQ AQQQQQQ PEiD..: - TrID..: File type identification Unknown! PEInfo: -

**Posty:** 18165 · przez **wojtas** 02 Lut 2009, 22:28

1. Ściągnij OTMoveIt i go włacz i odpal go z opcji CleanUp

oraz skasuj folder C:\Qoobox
2. wykonaj optymalizację windowsa
3.sciagnij ATF_Cleaner
zaznacz
Windows Temp
All users Temp
Temporary internet files
Recycle Bin
i wcisnij EMPTY SELECTED
4.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem
5. Wykonaj skan Dr. Web CureIt
6. Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum.

i tym:

FixIEDef.