Zgodnie z instrukcją na Forum zamieszczam log files z ComboFix i HT.
Z góry dziekuję za pomoc:-)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:18:46, on 2008-11-16
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\spss_lmd.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Nowe Gadu-Gadu\gg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wp.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier - Szybkie uruchomienie.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LWWLicenseService - WoltersKluwerLWW - C:\Program Files\Common Files\WoltersKluwerLWW Shared\Service\LWWLicenseService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Spss License Manager (SpssLM) - Unknown owner - C:\WINDOWS\system32\spss_lmd.exe
--
End of file - 7842 bytes
ComboFix 08-11-14.01 - Dexter 2008-11-16 14:22:03.12 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.975 [GMT 1:00]
Uruchomiony z: d:\pliki pobrane\ComboFix.exe
* Resident AV is active
.
((((((((((((((((((((((((( Pliki utworzone od 2008-10-16 do 2008-11-16 )))))))))))))))))))))))))))))))
.
2008-11-16 13:12 . 2008-11-16 13:12 <DIR> d-------- c:\program files\Trend Micro
2008-11-15 21:02 . 2008-11-15 23:14 <DIR> d-------- c:\documents and settings\Dexter\Dane aplikacji\Azureus
2008-11-15 21:02 . 2008-11-15 21:02 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Azureus
2008-11-15 21:01 . 2008-11-16 09:51 <DIR> d-------- c:\program files\Vuze
2008-11-15 21:01 . 2008-11-15 21:01 <DIR> d-------- c:\program files\Common Files\i4j_jres
2008-11-15 21:01 . 2008-11-15 21:02 <DIR> d-------- c:\program files\AskBarDis
2008-11-13 16:48 . 2008-10-24 12:10 453,632 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-07 22:49 . 2008-11-15 19:23 <DIR> d-------- c:\documents and settings\Dexter\Dane aplikacji\uTorrent
2008-11-07 22:40 . 2008-11-07 22:40 <DIR> d-------- c:\documents and settings\Dexter\Dane aplikacji\.BitTornado
2008-11-07 22:24 . 2008-11-07 22:31 <DIR> d-------- c:\program files\BitComet
2008-11-07 22:24 . 2008-11-07 22:24 <DIR> d-------- C:\Downloads
2008-11-07 20:43 . 2008-11-07 20:43 1,172 --a------ c:\windows\mozver.dat
2008-11-06 19:19 . 2008-11-06 19:19 <DIR> d-------- c:\documents and settings\Dexter\Dane aplikacji\CyberLink
2008-11-06 19:19 . 2008-11-06 19:19 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\CyberLink
2008-11-06 19:18 . 2008-11-06 19:18 <DIR> d-------- c:\program files\CyberLink
2008-11-06 19:18 . 2008-11-06 19:18 <DIR> d-------- c:\program files\Common Files\CyberLink
2008-11-06 19:18 . 2008-11-06 19:17 29,480 --a------ c:\windows\system32\msxml3a.dll
2008-11-06 19:17 . 2008-11-06 19:17 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Temp
2008-11-04 22:27 . 2008-11-15 19:25 <DIR> d-------- c:\program files\uTorrent
2008-11-04 21:19 . 2008-11-15 22:53 <DIR> d-------- c:\documents and settings\Dexter\Dane aplikacji\skypePM
2008-11-04 21:19 . 2008-11-04 21:19 56 --ah----- c:\windows\system32\ezsidmv.dat
2008-11-04 21:16 . 2008-11-04 21:16 <DIR> d-------- c:\program files\Skype
2008-11-04 21:16 . 2008-11-04 21:16 <DIR> d-------- c:\program files\Common Files\Skype
2008-11-04 21:16 . 2008-11-15 22:58 <DIR> d-------- c:\documents and settings\Dexter\Dane aplikacji\Skype
2008-11-04 21:16 . 2008-11-04 21:16 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Skype
2008-10-29 20:29 . 2008-08-14 14:46 2,181,632 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-29 20:29 . 2008-08-14 14:46 2,137,600 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-29 20:29 . 2008-08-14 14:46 2,059,008 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-29 20:29 . 2008-08-14 14:46 2,017,280 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-16 10:26 --------- d-----w c:\documents and settings\Dexter\Dane aplikacji\OpenOfficeT72
2008-11-15 12:11 --------- d-----w c:\program files\Eset
2008-11-11 19:27 --------- d-----w c:\program files\Google
2008-11-06 18:18 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-04 18:09 --------- d-----w c:\program files\HP
2008-10-29 19:27 --------- d-----w c:\program files\Nowe Gadu-Gadu
2008-10-28 21:27 --------- d-----w c:\program files\SPSS
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-04 14:39 --------- d-----w c:\program files\AVIcodec
2008-10-04 13:19 --------- d-----w c:\program files\IF UAM
2008-10-04 10:20 --------- d-----w c:\documents and settings\Dexter\Dane aplikacji\HP
2008-10-04 10:19 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\HP
2008-10-04 10:18 --------- d-----w c:\program files\Common Files\Sonic Shared
2008-10-04 10:18 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Sonic
2008-10-04 10:17 --------- d-----w c:\program files\Common Files\HP
2008-10-03 20:38 --------- d-----w c:\documents and settings\Dexter\Dane aplikacji\Search Settings
2008-10-02 19:29 --------- d-----w c:\program files\Search Settings
2008-10-02 19:28 --------- d-----w c:\program files\Free Audio Pack
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-19 16:50 --------- d-----w c:\program files\Common Files\Borland Shared
2008-09-15 15:40 1,846,272 ----a-w c:\windows\system32\win32k.sys
2008-09-04 16:46 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-08-20 05:38 662,016 ----a-w c:\windows\system32\wininet.dll
2008-08-19 19:09 298,104 ----a-w c:\windows\system32\imon.dll
.
((((((((((((((((((((((((((((( snapshot_2008-11-07_21.55.46,70 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-24 11:10:42 453,632 ------w c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2008-11-14 12:21:10 32,768 ----a-r c:\windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe
- 2004-08-03 22:44:06 1,236,480 -c--a-w c:\windows\system32\dllcache\msxml3.dll
+ 2008-09-04 16:46:14 1,106,944 -c--a-w c:\windows\system32\dllcache\msxml3.dll
- 2007-11-30 11:21:28 19,320 ------w c:\windows\system32\spmsg.dll
+ 2008-07-08 13:20:04 19,320 ------w c:\windows\system32\spmsg.dll
+ 2008-09-30 15:42:08 1,286,152 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9870.0_x-ww_a32d74cf\msxml4.dll
+ 2008-09-30 15:45:12 91,656 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.1.0_x-ww_2a41bceb\msxml4r.dll
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-10-02 16:44 325000 --a------ c:\program files\AskBarDis\bar\bin\askBar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-10-02 325000]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-10-02 325000]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-14 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-01 7618560]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-19 155648]
"nTrayFw"="c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [2005-04-29 266240]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-03-28 593920]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-08-19 949376]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"SearchSettings"="c:\program files\Search Settings\SearchSettings.exe" [2008-06-12 991584]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"nwiz"="nwiz.exe" [2006-06-01 c:\windows\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 c:\windows\system32\nvmctray.dll]
"SoundMan"="SOUNDMAN.EXE" [2005-10-24 c:\windows\soundman.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
c:\documents and settings\All Users\Menu Start\Programy\Autostart\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]
HP Photosmart Premier - Szybkie uruchomienie.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-02-10 73728]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"e:\\NN2\\nwn2main.exe"=
"e:\\NN2\\nwn2main_amdxp.exe"=
"e:\\NN2\\nwupdate.exe"=
"e:\\NN2\\nwn2server.exe"=
"c:\\Program Files\\Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\Kazaa Lite Rewolucja\\kazaalite.kpp"=
"c:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [2008-11-15 460168]
S3 ASNDIS5;ASNDIS5 Protocol Driver;\??\c:\windows\system32\ASNDIS5.SYS [2008-08-19 16269]
S3 se59bus;Sony Ericsson Device 089 driver (WDM);c:\windows\system32\DRIVERS\se59bus.sys [2008-04-28 61536]
S3 se59mdfl;Sony Ericsson Device 089 USB WMC Modem Filter;c:\windows\system32\DRIVERS\se59mdfl.sys [2008-04-28 9360]
S3 se59mdm;Sony Ericsson Device 089 USB WMC Modem Driver;c:\windows\system32\DRIVERS\se59mdm.sys [2008-04-28 97088]
S3 se59mgmt;Sony Ericsson Device 089 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\se59mgmt.sys [2008-04-28 88624]
S3 se59nd5;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (NDIS);c:\windows\system32\DRIVERS\se59nd5.sys [2008-04-28 18704]
S3 se59obex;Sony Ericsson Device 089 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\se59obex.sys [2008-04-28 86432]
S3 se59unic;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (WDM);c:\windows\system32\DRIVERS\se59unic.sys [2008-04-28 90800]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1df7381e-16ef-11dd-8ceb-00173185c1bd}]
\Shell\AutoRun\command - G:\jfvkcsy.bat
\Shell\explore\Command - G:\jfvkcsy.bat
\Shell\open\Command - G:\jfvkcsy.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{306abe1c-ff16-11dc-8ce2-00173185c1bd}]
\Shell\AutoRun\command - tmf3w3g0.com
\Shell\explore\Command - tmf3w3g0.com
\Shell\open\Command - tmf3w3g0.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{50320728-feff-11dc-8ce0-00173185c1bd}]
\Shell\AutoRun\command - G:\jfvkcsy.bat
\Shell\explore\Command - G:\jfvkcsy.bat
\Shell\open\Command - G:\jfvkcsy.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{597e834f-21c6-11dd-8cf7-00173185c1bd}]
\Shell\AutoRun\command - H:\i.exe
\Shell\explore\Command - H:\i.exe
\Shell\open\Command - H:\i.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
FOLDER::
c:\program files\AskBarDis
c:\documents and settings\Dexter\Dane aplikacji\Search Settings
REGISTRY::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
Windows Registry Editor Version 5.00
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1df7381e-16ef-11dd-8ceb-00173185c1bd}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{306abe1c-ff16-11dc-8ce2-00173185c1bd}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{50320728-feff-11dc-8ce0-00173185c1bd}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{597e834f-21c6-11dd-8cf7-00173185c1bd}]
[C:\WINDOWS\Debug\PASSWD.LOG Object is locked pominięty
[code]C:\WINDOWS\Debug\PASSWD.LOG Object is locked pominięty
C:\WINDOWS\SchedLgU.Txt Object is locked pominięty
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked pominięty
C:\WINDOWS\Sti_Trace.log Object is locked pominięty
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked pominięty
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked pominięty
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked pominięty
C:\WINDOWS\system32\config\default Object is locked pominięty
C:\WINDOWS\system32\config\default.LOG Object is locked pominięty
C:\WINDOWS\system32\config\SAM Object is locked pominięty
C:\WINDOWS\system32\config\SAM.LOG Object is locked pominięty
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked pominięty
C:\WINDOWS\system32\config\SECURITY Object is locked pominięty
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked pominięty
C:\WINDOWS\system32\config\software Object is locked pominięty
C:\WINDOWS\system32\config\software.LOG Object is locked pominięty
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked pominięty
C:\WINDOWS\system32\config\system Object is locked pominięty
C:\WINDOWS\system32\config\system.LOG Object is locked pominięty
C:\WINDOWS\system32\drivers\sptd.sys Object is locked pominięty
C:\WINDOWS\system32\h323log.txt Object is locked pominięty
C:\WINDOWS\system32\KMON.OCX Zainfekowanych: not-a-virus:Monitor.Win32.KeyLogger.o pominięty
C:\WINDOWS\system32\KTKBDHK3.DLL Zainfekowanych: not-a-virus:Monitor.Win32.KeyLogger.o pominięty
C:\WINDOWS\system32\nmp.log Object is locked pominięty
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked pominięty
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked pominięty
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked pominięty
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked pominięty
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked pominięty
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked pominięty
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked pominięty
C:\WINDOWS\system32\_nvidia_xxx_.log Object is locked pominięty
C:\WINDOWS\wiadebug.log Object is locked pominięty
C:\WINDOWS\wiaservc.log Object is locked pominięty
C:\WINDOWS\WindowsUpdate.log Object is locked pominięty
C:\DOCUME~1\Dexter\USTAWI~1\Temp\Acr2CAF.tmp Object is locked pominięty
C:\DOCUME~1\Dexter\USTAWI~1\Temp\hpodvd09.log Object is locked pominięty
C:\DOCUME~1\Dexter\USTAWI~1\Temp\Perflib_Perfdata_1058.dat Object is locked pominięty
C:\DOCUME~1\Dexter\USTAWI~1\Temp\~DFA3DB.tmp Object is locked pominięty
Proces skanowania został zakończony.
FILE::
C:\WINDOWS\system32\KMON.OCX
C:\WINDOWS\system32\KTKBDHK3.DLL
Użytkownicy przeglądający to forum: Brak zarejestrowanych użytkowników oraz 13 gości