Problem z heur.w32

**Posty:** 4 · przez **abdzela** 10 Kwi 2009, 15:13

witam,

wczoraj po przeskanwaniu systemu okazalo sie ze mam wirusa Heur.W32 ktorego nie jestem w stanie usunac normalnymi antywirusami.....Jednoczesnie problemy pojawiajace sie z moim komputerem to zaiweszanie sie regularne Firefoxa czy IE jak rowniez spowolnione dzialanie calego systemu. Prosze o pomoc jak moge usunac go i jak usprawnic dzialanie komputera?

Zrobilam scany w Combo i Hijack.

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.468 [GMT 1:00]
Running from: c:\documents and settings\Miroslaw Misiaszek\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090409-0] *On-access scanning disabled* (Updated)
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Miroslaw Misiaszek\Application Data\FunWebProducts
c:\program files\FunWebProducts
c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
c:\program files\FunWebProducts\Shared\Cache\WebfettiBtn.html
c:\program files\Internet Explorer\msimg32.dll
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
c:\program files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
c:\program files\MyWebSearch\bar\1.bin\F3DTACTL.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
c:\program files\MyWebSearch\bar\1.bin\F3REPROX.DLL
c:\program files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
c:\program files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SPACER.WMV
c:\program files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
c:\program files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE
c:\program files\MyWebSearch\bar\1.bin\M3HTML.DLL
c:\program files\MyWebSearch\bar\1.bin\M3IDLE.DLL
c:\program files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
c:\program files\MyWebSearch\bar\1.bin\M3MEDINT.EXE
c:\program files\MyWebSearch\bar\1.bin\M3MSG.DLL
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
c:\program files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
c:\program files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSBAR.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSSVC.EXE
c:\program files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files\MyWebSearch\bar\Cache\00026D37
c:\program files\MyWebSearch\bar\Cache\00147DE9.bin
c:\program files\MyWebSearch\bar\Cache\0022BEF5.bin
c:\program files\MyWebSearch\bar\Cache\00EFF13B
c:\program files\MyWebSearch\bar\Cache\00EFF2D1.bin
c:\program files\MyWebSearch\bar\Cache\00EFF467.bin
c:\program files\MyWebSearch\bar\Cache\00EFF5EE.bin
c:\program files\MyWebSearch\bar\Cache\00EFF7A4.bin
c:\program files\MyWebSearch\bar\Cache\00EFF969.bin
c:\program files\MyWebSearch\bar\Cache\01A0FCC7
c:\program files\MyWebSearch\bar\Cache\files.ini
c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files\MyWebSearch\bar\Game\CHESS.F3S
c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files\MyWebSearch\bar\History\search3
c:\program files\MyWebSearch\bar\icons\CM.ICO
c:\program files\MyWebSearch\bar\icons\MFC.ICO
c:\program files\MyWebSearch\bar\icons\PSS.ICO
c:\program files\MyWebSearch\bar\icons\SMILEY.ICO
c:\program files\MyWebSearch\bar\icons\WB.ICO
c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO
c:\program files\MyWebSearch\bar\Message\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\program files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
c:\windows\system32\drivers\npf.sys
c:\windows\system32\f3PSSavr.scr
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
O:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MYWEBSEARCHSERVICE
-------\Legacy_NPF
-------\Service_MyWebSearchService
-------\Service_NPF

((((((((((((((((((((((((( Files Created from 2009-03-10 to 2009-04-10 )))))))))))))))))))))))))))))))
.

2009-04-09 17:25 . 2009-04-09 17:33 <DIR> d-------- c:\program files\SkanerOnline
2009-04-09 12:18 . 2009-04-09 12:18 <DIR> d-------- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-04-07 15:43 . 2009-04-07 15:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\Winferno
2009-04-07 15:38 . 2009-04-07 15:38 <DIR> d-------- c:\program files\ffdshow
2009-04-07 15:37 . 2009-04-07 15:37 <DIR> d-------- c:\program files\Winferno
2009-04-07 15:37 . 2009-04-07 15:37 <DIR> d-------- c:\program files\Smart-Shopper
2009-04-07 15:37 . 2009-04-07 15:37 <DIR> d-------- c:\program files\Free Offers from Freeze.com
2009-04-07 15:37 . 2009-04-09 17:23 <DIR> d-------- c:\documents and settings\Miroslaw Misiaszek\Application Data\Smart-Shopper
2009-04-07 15:37 . 2006-10-09 12:28 835,584 --a------ c:\windows\system32\WINCTL4.OCX
2009-04-07 15:37 . 2006-10-09 13:06 495,616 --a------ c:\windows\system32\WINUTIL5.DLL
2009-04-07 15:37 . 2006-05-17 08:40 393,216 --a------ c:\windows\system32\WINLCTL5.DLL
2009-04-07 15:34 . 2009-04-07 15:34 <DIR> d-------- c:\program files\Codec Pack - All In 1
2009-04-07 15:34 . 2009-04-07 15:33 737,280 --a------ c:\windows\iun6002.exe
2009-03-17 19:06 . 2009-03-17 19:06 <DIR> d-------- c:\program files\Windows Media Connect 2
2009-03-17 19:04 . 2009-03-17 19:04 <DIR> d-------- c:\windows\system32\LogFiles
2009-03-17 19:04 . 2009-03-17 19:05 <DIR> d-------- c:\windows\system32\drivers\UMDF
2009-03-17 12:44 . 2009-03-17 12:44 <DIR> d-------- c:\documents and settings\Miroslaw Misiaszek\Application Data\pdf995
2009-03-17 12:44 . 2009-03-25 20:15 <DIR> d-------- c:\documents and settings\All Users\Application Data\pdf995
2009-03-17 12:44 . 2009-03-17 12:44 249,856 --a------ c:\windows\system32\pdfmona.dll
2009-03-17 12:44 . 2009-03-17 12:44 51,716 --a------ c:\windows\system32\pdf995mon.dll
2009-03-17 12:44 . 2009-03-25 20:15 59 --a------ c:\windows\wpd99.drv
2009-03-17 12:44 . 2009-03-17 12:44 28 --a------ c:\windows\pdf995.ini
2009-03-17 12:38 . 2009-03-17 12:44 <DIR> d-------- C:\pdf995
2009-03-17 12:31 . 2009-03-17 12:31 <DIR> d-------- c:\program files\MSECache
2009-03-10 23:24 . 2009-03-11 23:13 <DIR> d-------- c:\documents and settings\Miroslaw Misiaszek\Application Data\U3

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-10 12:35 --------- d-----w c:\program files\DNA
2009-04-10 12:35 --------- d-----w c:\documents and settings\Miroslaw Misiaszek\Application Data\DNA
2009-04-10 12:33 --------- d-----w c:\documents and settings\Miroslaw Misiaszek\Application Data\BitTorrent
2009-04-10 12:30 --------- d-----w c:\documents and settings\Miroslaw Misiaszek\Application Data\Skype
2009-04-10 11:36 --------- d-----w c:\documents and settings\Miroslaw Misiaszek\Application Data\skypePM
2009-04-10 00:27 --------- d-----w c:\program files\ALLPlayer
2009-04-07 09:27 --------- d-----w c:\documents and settings\Miroslaw Misiaszek\Application Data\Apple Computer
2009-04-07 09:24 --------- d-----w c:\program files\Solo9RusEngNum
2009-04-07 09:22 --------- d-----w c:\program files\Winamp
2009-03-29 11:14 --------- d-----w c:\program files\CD to MP3 Freeware
2009-03-29 11:13 --------- d-----w c:\program files\Common Files\Adobe
2009-03-27 01:21 --------- d-----w c:\program files\BitComet
2009-02-26 17:20 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-21 23:14 --------- d-----w c:\program files\Google
2009-02-20 17:35 --------- d-----w c:\documents and settings\All Users\Application Data\Solo9RusEngNum
2009-01-28 04:52 1,901 ----a-w c:\windows\panose.bin
2008-08-16 17:42 13,112 ----a-w c:\program files\mozilla firefox\plugins\cgpcfg.dll
2008-08-16 17:42 70,456 ----a-w c:\program files\mozilla firefox\plugins\CgpCore.dll
2008-08-16 17:42 91,448 ----a-w c:\program files\mozilla firefox\plugins\confmgr.dll
2006-06-15 20:33 233,472 ----a-w c:\program files\mozilla firefox\plugins\CrazyTalk4Native.dll
2006-05-25 18:43 204,895 ----a-w c:\program files\mozilla firefox\plugins\ctdomemhelper.dll
2005-09-29 14:41 77,824 ----a-w c:\program files\mozilla firefox\plugins\ctframeplayerobject.dll
2006-06-19 13:10 426,081 ----a-w c:\program files\mozilla firefox\plugins\ctplayerobject.dll
2008-08-16 17:42 20,800 ----a-w c:\program files\mozilla firefox\plugins\ctxlogging.dll
2008-08-16 17:43 206,136 ----a-w c:\program files\mozilla firefox\plugins\ctxmui.dll
2008-08-16 17:42 31,032 ----a-w c:\program files\mozilla firefox\plugins\icafile.dll
2008-08-16 17:42 40,248 ----a-w c:\program files\mozilla firefox\plugins\icalogon.dll
2005-02-02 12:19 458,752 ----a-w c:\program files\mozilla firefox\plugins\imagickrt.dll
2008-05-21 08:41 479,232 ----a-w c:\program files\mozilla firefox\plugins\msvcm80.dll
2008-05-21 08:41 548,864 ----a-w c:\program files\mozilla firefox\plugins\msvcp80.dll
2008-05-21 08:41 626,688 ----a-w c:\program files\mozilla firefox\plugins\msvcr80.dll
2006-04-10 18:35 139,264 ----a-w c:\program files\mozilla firefox\plugins\rlcontentclass.dll
2005-11-09 11:10 204,800 ----a-w c:\program files\mozilla firefox\plugins\RLMusicPacker.dll
2005-11-09 11:42 106,496 ----a-w c:\program files\mozilla firefox\plugins\RLMusicUnpacker.dll
2006-01-04 11:22 212,992 ----a-w c:\program files\mozilla firefox\plugins\RLVoicePacker.dll
2006-01-04 11:21 167,936 ----a-w c:\program files\mozilla firefox\plugins\RLVoiceUnpacker.dll
2008-06-05 13:58 648,504 ----a-w c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2008-08-16 17:42 23,864 ----a-w c:\program files\mozilla firefox\plugins\TcpPServ.dll
2008-12-17 22:43 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-12-17 22:43 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-17 22:43 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-12-17 22:43 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-12-17 22:43 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
2008-12-30 18:54 75 --sh--r c:\windows\CT4CET.bin
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2008-10-09 3502840]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-08-22 167368]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-01-25 342848]
"ALLUpdate"="c:\program files\ALLPlayer\ALLUpdate.exe" [2008-11-24 869888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-31 136600]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" [2008-06-03 446635]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 c:\windows\system32\HdAShCut.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Miroslaw Misiaszek\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-10-20 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-10-20 113664]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-11-09 118784]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"23259:TCP"= 23259:TCP:BitComet 23259 TCP
"23259:UDP"= 23259:UDP:BitComet 23259 UDP

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-11-09 114768]
R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-20 98304]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-11-09 20560]
R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-20 118784]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R3 OA002Afx;Provides a software interface to control audio effects of OA002 camera.;c:\windows\system32\drivers\OA002Afx.sys [2008-12-30 148056]
R3 OA002Ufd;Creative Camera OA002 Upper Filter Driver;c:\windows\system32\drivers\OA002Ufd.sys [2008-12-30 144672]
R3 OA002Vid;Creative Camera OA002 Function Driver;c:\windows\system32\drivers\OA002Vid.sys [2008-12-30 268672]
R3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual;c:\windows\system32\drivers\livecamv.sys [2009-01-04 31616]
S3 iMSPQMn;iMSPQMn;\??\c:\docume~1\MIROSL~1\LOCALS~1\Temp\iMSPQMn.sys --> c:\docume~1\MIROSL~1\LOCALS~1\Temp\iMSPQMn.sys [?]
S3 PAC207;Trust WB-1400T Webcam;c:\windows\system32\drivers\PFC027.sys [2005-02-24 162176]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3cdc8016-0dc2-11de-9140-0013d470ba71}]
\Shell\AutoRun\command - M:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6b30242e-1f83-11de-9167-0013d470ba71}]
\Shell\AutoRun\command - dll32.exe
\Shell\open\command - dll32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{791b5dd8-13ba-11de-914d-0013d470ba71}]
\Shell\Auto\command - asp.net
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL asp.net
.
Contents of the 'Scheduled Tasks' folder

2009-04-10 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 20:20]

2009-04-10 c:\windows\Tasks\RegPowerClean.job
- c:\program files\Winferno\RegistryPowerCleaner\RegPowerClean.exe [2008-10-28 14:48]

2009-04-10 c:\windows\Tasks\RPCReminder.job
- c:\program files\Winferno\RegistryPowerCleaner\RPCReminder.exe [2008-10-28 14:34]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-MP3 CD Extractor - c:\program files\MP3 CD Extractor\CD-Extractor.exe
HKLM-Run-MyWebSearch Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL
HKLM-Run-My Web Search Bar Search Scope Monitor - c:\progra~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe

.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZKfox000
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cab
FF - ProfilePath - c:\documents and settings\Miroslaw Misiaszek\Application Data\Mozilla\Firefox\Profiles\n6pzfxc1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - component: c:\documents and settings\Miroslaw Misiaszek\Application Data\Mozilla\Firefox\Profiles\n6pzfxc1.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\documents and settings\Miroslaw Misiaszek\Application Data\Mozilla\Firefox\Profiles\n6pzfxc1.default\extensions\SignPlugin@bph.pl\plugins\NPSignPlugin.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMyWebS.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npRLCT4Player.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-10 13:38:02
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(560)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PAStiSvc.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-04-10 13:40:16 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-10 12:39:59

Pre-Run: 86,606,254,080 bytes free
Post-Run: 86,959,689,728 bytes free

317 --- E O F --- 2009-04-09 11:19:03

I

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:53:55, on 10/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [ALLUpdate] "C:\Program Files\ALLPlayer\ALLUpdate.exe" "sleep"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Adobe Media Player.lnk = C:\Program Files\Adobe Media Player\Adobe Media Player.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZKfox000
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

--
End of file - 8804 bytes

Dzieki wielkie za pomoc

**Posty:** 684 · przez **djarta** 10 Kwi 2009, 15:39

Wstaw logi w tagi *code

======
K.

**Posty:** 4 · przez **abdzela** 10 Kwi 2009, 17:47

Przepraszam...znalazlam gdzies ze w quote ozna wklejac tez....jeszcze raz:

Kod: Zaznacz wszystko: Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.468 [GMT 1:00] Running from: c:\documents and settings\Miroslaw Misiaszek\Desktop\ComboFix.exe AV: avast! antivirus 4.8.1335 [VPS 090409-0] *On-access scanning disabled* (Updated) * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Miroslaw Misiaszek\Application Data\FunWebProducts c:\program files\FunWebProducts c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn.html c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html c:\program files\FunWebProducts\Shared\Cache\WebfettiBtn.html c:\program files\Internet Explorer\msimg32.dll c:\program files\MyWebSearch c:\program files\MyWebSearch\bar\1.bin\F3BKGERR.JPG c:\program files\MyWebSearch\bar\1.bin\F3CJPEG.DLL c:\program files\MyWebSearch\bar\1.bin\F3DTACTL.DLL c:\program files\MyWebSearch\bar\1.bin\F3HISTSW.DLL c:\program files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL c:\program files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL c:\program files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL c:\program files\MyWebSearch\bar\1.bin\F3POPSWT.DLL c:\program files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR c:\program files\MyWebSearch\bar\1.bin\F3REPROX.DLL c:\program files\MyWebSearch\bar\1.bin\F3RESTUB.DLL c:\program files\MyWebSearch\bar\1.bin\F3SCHMON.EXE c:\program files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL c:\program files\MyWebSearch\bar\1.bin\F3SPACER.WMV c:\program files\MyWebSearch\bar\1.bin\F3WALLPP.DAT c:\program files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST c:\program files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE c:\program files\MyWebSearch\bar\1.bin\M3HTML.DLL c:\program files\MyWebSearch\bar\1.bin\M3IDLE.DLL c:\program files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE c:\program files\MyWebSearch\bar\1.bin\M3MEDINT.EXE c:\program files\MyWebSearch\bar\1.bin\M3MSG.DLL c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST c:\program files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL c:\program files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL c:\program files\MyWebSearch\bar\1.bin\M3SKIN.DLL c:\program files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE c:\program files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE c:\program files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE c:\program files\MyWebSearch\bar\1.bin\MWSBAR.DLL c:\program files\MyWebSearch\bar\1.bin\MWSOEMON.EXE c:\program files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL c:\program files\MyWebSearch\bar\1.bin\MWSOESTB.DLL c:\program files\MyWebSearch\bar\1.bin\MWSSVC.EXE c:\program files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S c:\program files\MyWebSearch\bar\Cache\00026D37 c:\program files\MyWebSearch\bar\Cache\00147DE9.bin c:\program files\MyWebSearch\bar\Cache\0022BEF5.bin c:\program files\MyWebSearch\bar\Cache\00EFF13B c:\program files\MyWebSearch\bar\Cache\00EFF2D1.bin c:\program files\MyWebSearch\bar\Cache\00EFF467.bin c:\program files\MyWebSearch\bar\Cache\00EFF5EE.bin c:\program files\MyWebSearch\bar\Cache\00EFF7A4.bin c:\program files\MyWebSearch\bar\Cache\00EFF969.bin c:\program files\MyWebSearch\bar\Cache\01A0FCC7 c:\program files\MyWebSearch\bar\Cache\files.ini c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S c:\program files\MyWebSearch\bar\Game\CHESS.F3S c:\program files\MyWebSearch\bar\Game\REVERSI.F3S c:\program files\MyWebSearch\bar\History\search3 c:\program files\MyWebSearch\bar\icons\CM.ICO c:\program files\MyWebSearch\bar\icons\MFC.ICO c:\program files\MyWebSearch\bar\icons\PSS.ICO c:\program files\MyWebSearch\bar\icons\SMILEY.ICO c:\program files\MyWebSearch\bar\icons\WB.ICO c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO c:\program files\MyWebSearch\bar\Message\COMMON.F3S c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S c:\program files\MyWebSearch\bar\Notifier\DOG.F3S c:\program files\MyWebSearch\bar\Notifier\FISH.F3S c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S c:\program files\MyWebSearch\bar\Notifier\MAID.F3S c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm c:\program files\MyWebSearch\bar\Settings\s_pid.dat c:\program files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL c:\windows\system32\drivers\npf.sys c:\windows\system32\f3PSSavr.scr c:\windows\system32\Packet.dll c:\windows\system32\pthreadVC.dll c:\windows\system32\WanPacket.dll c:\windows\system32\wpcap.dll O:\Autorun.inf . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_MYWEBSEARCHSERVICE -------\Legacy_NPF -------\Service_MyWebSearchService -------\Service_NPF ((((((((((((((((((((((((( Files Created from 2009-03-10 to 2009-04-10 ))))))))))))))))))))))))))))))) . 2009-04-09 17:25 . 2009-04-09 17:33 <DIR> d-------- c:\program files\SkanerOnline 2009-04-09 12:18 . 2009-04-09 12:18 <DIR> d-------- c:\program files\Microsoft CAPICOM 2.1.0.2 2009-04-07 15:43 . 2009-04-07 15:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\Winferno 2009-04-07 15:38 . 2009-04-07 15:38 <DIR> d-------- c:\program files\ffdshow 2009-04-07 15:37 . 2009-04-07 15:37 <DIR> d-------- c:\program files\Winferno 2009-04-07 15:37 . 2009-04-07 15:37 <DIR> d-------- c:\program files\Smart-Shopper 2009-04-07 15:37 . 2009-04-07 15:37 <DIR> d-------- c:\program files\Free Offers from Freeze.com 2009-04-07 15:37 . 2009-04-09 17:23 <DIR> d-------- c:\documents and settings\Miroslaw Misiaszek\Application Data\Smart-Shopper 2009-04-07 15:37 . 2006-10-09 12:28 835,584 --a------ c:\windows\system32\WINCTL4.OCX 2009-04-07 15:37 . 2006-10-09 13:06 495,616 --a------ c:\windows\system32\WINUTIL5.DLL 2009-04-07 15:37 . 2006-05-17 08:40 393,216 --a------ c:\windows\system32\WINLCTL5.DLL 2009-04-07 15:34 . 2009-04-07 15:34 <DIR> d-------- c:\program files\Codec Pack - All In 1 2009-04-07 15:34 . 2009-04-07 15:33 737,280 --a------ c:\windows\iun6002.exe 2009-03-17 19:06 . 2009-03-17 19:06 <DIR> d-------- c:\program files\Windows Media Connect 2 2009-03-17 19:04 . 2009-03-17 19:04 <DIR> d-------- c:\windows\system32\LogFiles 2009-03-17 19:04 . 2009-03-17 19:05 <DIR> d-------- c:\windows\system32\drivers\UMDF 2009-03-17 12:44 . 2009-03-17 12:44 <DIR> d-------- c:\documents and settings\Miroslaw Misiaszek\Application Data\pdf995 2009-03-17 12:44 . 2009-03-25 20:15 <DIR> d-------- c:\documents and settings\All Users\Application Data\pdf995 2009-03-17 12:44 . 2009-03-17 12:44 249,856 --a------ c:\windows\system32\pdfmona.dll 2009-03-17 12:44 . 2009-03-17 12:44 51,716 --a------ c:\windows\system32\pdf995mon.dll 2009-03-17 12:44 . 2009-03-25 20:15 59 --a------ c:\windows\wpd99.drv 2009-03-17 12:44 . 2009-03-17 12:44 28 --a------ c:\windows\pdf995.ini 2009-03-17 12:38 . 2009-03-17 12:44 <DIR> d-------- C:\pdf995 2009-03-17 12:31 . 2009-03-17 12:31 <DIR> d-------- c:\program files\MSECache 2009-03-10 23:24 . 2009-03-11 23:13 <DIR> d-------- c:\documents and settings\Miroslaw Misiaszek\Application Data\U3 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-10 12:35 --------- d-----w c:\program files\DNA 2009-04-10 12:35 --------- d-----w c:\documents and settings\Miroslaw Misiaszek\Application Data\DNA 2009-04-10 12:33 --------- d-----w c:\documents and settings\Miroslaw Misiaszek\Application Data\BitTorrent 2009-04-10 12:30 --------- d-----w c:\documents and settings\Miroslaw Misiaszek\Application Data\Skype 2009-04-10 11:36 --------- d-----w c:\documents and settings\Miroslaw Misiaszek\Application Data\skypePM 2009-04-10 00:27 --------- d-----w c:\program files\ALLPlayer 2009-04-07 09:27 --------- d-----w c:\documents and settings\Miroslaw Misiaszek\Application Data\Apple Computer 2009-04-07 09:24 --------- d-----w c:\program files\Solo9RusEngNum 2009-04-07 09:22 --------- d-----w c:\program files\Winamp 2009-03-29 11:14 --------- d-----w c:\program files\CD to MP3 Freeware 2009-03-29 11:13 --------- d-----w c:\program files\Common Files\Adobe 2009-03-27 01:21 --------- d-----w c:\program files\BitComet 2009-02-26 17:20 --------- d-----w c:\program files\Microsoft Silverlight 2009-02-21 23:14 --------- d-----w c:\program files\Google 2009-02-20 17:35 --------- d-----w c:\documents and settings\All Users\Application Data\Solo9RusEngNum 2009-01-28 04:52 1,901 ----a-w c:\windows\panose.bin 2008-08-16 17:42 13,112 ----a-w c:\program files\mozilla firefox\plugins\cgpcfg.dll 2008-08-16 17:42 70,456 ----a-w c:\program files\mozilla firefox\plugins\CgpCore.dll 2008-08-16 17:42 91,448 ----a-w c:\program files\mozilla firefox\plugins\confmgr.dll 2006-06-15 20:33 233,472 ----a-w c:\program files\mozilla firefox\plugins\CrazyTalk4Native.dll 2006-05-25 18:43 204,895 ----a-w c:\program files\mozilla firefox\plugins\ctdomemhelper.dll 2005-09-29 14:41 77,824 ----a-w c:\program files\mozilla firefox\plugins\ctframeplayerobject.dll 2006-06-19 13:10 426,081 ----a-w c:\program files\mozilla firefox\plugins\ctplayerobject.dll 2008-08-16 17:42 20,800 ----a-w c:\program files\mozilla firefox\plugins\ctxlogging.dll 2008-08-16 17:43 206,136 ----a-w c:\program files\mozilla firefox\plugins\ctxmui.dll 2008-08-16 17:42 31,032 ----a-w c:\program files\mozilla firefox\plugins\icafile.dll 2008-08-16 17:42 40,248 ----a-w c:\program files\mozilla firefox\plugins\icalogon.dll 2005-02-02 12:19 458,752 ----a-w c:\program files\mozilla firefox\plugins\imagickrt.dll 2008-05-21 08:41 479,232 ----a-w c:\program files\mozilla firefox\plugins\msvcm80.dll 2008-05-21 08:41 548,864 ----a-w c:\program files\mozilla firefox\plugins\msvcp80.dll 2008-05-21 08:41 626,688 ----a-w c:\program files\mozilla firefox\plugins\msvcr80.dll 2006-04-10 18:35 139,264 ----a-w c:\program files\mozilla firefox\plugins\rlcontentclass.dll 2005-11-09 11:10 204,800 ----a-w c:\program files\mozilla firefox\plugins\RLMusicPacker.dll 2005-11-09 11:42 106,496 ----a-w c:\program files\mozilla firefox\plugins\RLMusicUnpacker.dll 2006-01-04 11:22 212,992 ----a-w c:\program files\mozilla firefox\plugins\RLVoicePacker.dll 2006-01-04 11:21 167,936 ----a-w c:\program files\mozilla firefox\plugins\RLVoiceUnpacker.dll 2008-06-05 13:58 648,504 ----a-w c:\program files\mozilla firefox\plugins\sslsdk_b.dll 2008-08-16 17:42 23,864 ----a-w c:\program files\mozilla firefox\plugins\TcpPServ.dll 2008-12-17 22:43 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll 2008-12-17 22:43 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll 2008-12-17 22:43 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll 2008-12-17 22:43 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll 2008-12-17 22:43 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll 2008-12-30 18:54 75 --sh--r c:\windows\CT4CET.bin . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2008-10-09 3502840] "DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-08-22 167368] "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-01-25 342848] "ALLUpdate"="c:\program files\ALLPlayer\ALLUpdate.exe" [2008-11-24 869888] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-31 136600] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088] "Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" [2008-06-03 446635] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 c:\windows\system32\HdAShCut.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\Miroslaw Misiaszek\Start Menu\Programs\Startup\ Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-10-20 113664] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-10-20 113664] Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588] WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-11-09 118784] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Gadu-Gadu\\gg.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"= "c:\\Program Files\\BitComet\\BitComet.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "23259:TCP"= 23259:TCP:BitComet 23259 TCP "23259:UDP"= 23259:UDP:BitComet 23259 UDP R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-11-09 114768] R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-20 98304] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-11-09 20560] R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-20 118784] R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592] R3 OA002Afx;Provides a software interface to control audio effects of OA002 camera.;c:\windows\system32\drivers\OA002Afx.sys [2008-12-30 148056] R3 OA002Ufd;Creative Camera OA002 Upper Filter Driver;c:\windows\system32\drivers\OA002Ufd.sys [2008-12-30 144672] R3 OA002Vid;Creative Camera OA002 Function Driver;c:\windows\system32\drivers\OA002Vid.sys [2008-12-30 268672] R3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual;c:\windows\system32\drivers\livecamv.sys [2009-01-04 31616] S3 iMSPQMn;iMSPQMn;\??\c:\docume~1\MIROSL~1\LOCALS~1\Temp\iMSPQMn.sys --> c:\docume~1\MIROSL~1\LOCALS~1\Temp\iMSPQMn.sys [?] S3 PAC207;Trust WB-1400T Webcam;c:\windows\system32\drivers\PFC027.sys [2005-02-24 162176] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3cdc8016-0dc2-11de-9140-0013d470ba71}] \Shell\AutoRun\command - M:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6b30242e-1f83-11de-9167-0013d470ba71}] \Shell\AutoRun\command - dll32.exe \Shell\open\command - dll32.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{791b5dd8-13ba-11de-914d-0013d470ba71}] \Shell\Auto\command - asp.net \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL asp.net . Contents of the 'Scheduled Tasks' folder 2009-04-10 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 20:20] 2009-04-10 c:\windows\Tasks\RegPowerClean.job - c:\program files\Winferno\RegistryPowerCleaner\RegPowerClean.exe [2008-10-28 14:48] 2009-04-10 c:\windows\Tasks\RPCReminder.job - c:\program files\Winferno\RegistryPowerCleaner\RPCReminder.exe [2008-10-28 14:34] . - - - - ORPHANS REMOVED - - - - HKCU-Run-MP3 CD Extractor - c:\program files\MP3 CD Extractor\CD-Extractor.exe HKLM-Run-MyWebSearch Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL HKLM-Run-My Web Search Bar Search Scope Monitor - c:\progra~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe . ------- Supplementary Scan ------- . uStart Page = about:blank uInternet Settings,ProxyOverride = *.local IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm IE: &Search - http://edits.mywebsearch.com/toolbaredi ... p=ZKfox000 IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cab FF - ProfilePath - c:\documents and settings\Miroslaw Misiaszek\Application Data\Mozilla\Firefox\Profiles\n6pzfxc1.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/ FF - component: c:\documents and settings\Miroslaw Misiaszek\Application Data\Mozilla\Firefox\Profiles\n6pzfxc1.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll FF - plugin: c:\documents and settings\Miroslaw Misiaszek\Application Data\Mozilla\Firefox\Profiles\n6pzfxc1.default\extensions\SignPlugin@bph.pl\plugins\NPSignPlugin.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMyWebS.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npRLCT4Player.dll FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - true. ************************************************************************** catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-10 13:38:02 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(560) c:\windows\system32\Ati2evxx.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ati2evxx.exe c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\windows\system32\ati2evxx.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\PAStiSvc.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe c:\program files\iPod\bin\iPodService.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2009-04-10 13:40:16 - machine was rebooted ComboFix-quarantined-files.txt 2009-04-10 12:39:59 Pre-Run: 86,606,254,080 bytes free Post-Run: 86,959,689,728 bytes free 317 --- E O F --- 2009-04-09 11:19:03

i

Kod: Zaznacz wszystko: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:53:55, on 10/04/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe C:\WINDOWS\System32\PAStiSvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\DNA\btdna.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Java\jre6\bin\jucheck.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\BitTorrent\bittorrent.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Winamp\winamp.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2 O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [ALLUpdate] "C:\Program Files\ALLPlayer\ALLUpdate.exe" "sleep" O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Adobe Media Player.lnk = C:\Program Files\Adobe Media Player\Adobe Media Player.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... p=ZKfox000 O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe -- End of file - 8804 bytes

Dziekuje jeszcze raz

**Posty:** 18165 · przez **wojtas** 11 Kwi 2009, 00:03

Wykonaj to co jest podane w tym temacie

Zastosuj SDFix . Po pobraniu uruchom go a rozpakuje się do C:\SDFix. Uruchom komputer w trybie awaryjnym (F8 przy stracie systemu). Będąc w awaryjnym uruchom plik RunThis.bat z folderu SDFixa. Zatwierdź czyszczenie przez Y. Poczekaj aż ukończy i komputer zresetuje

Potem wejdz do folderu C:\SDFix wrzuc zawartość pliku Report.txt + log z combofixa oraz daj loga z pijacka

**Posty:** 4 · przez **abdzela** 16 Kwi 2009, 14:16

oto logi po zastosowaniu podanych programow:

Kod: Zaznacz wszystko: Microsoft Windows XP [Version 5.1.2600] Running From: C:\SDFix [b]Checking Services [/b]: Restoring Default Security Values Restoring Default Hosts File Rebooting [b]Checking Files [/b]: No Trojan Files Found Removing Temp Files [b]ADS Check [/b]: [b]Final Check [/b]: catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-14 12:25:41 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] "s1"=dword:2df9c43f "s2"=dword:110480d0 "h0"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="C:\Program Files\DAEMON Tools\" "h0"=dword:00000000 "khjeh"=hex:6a,81,ec,e5,33,87,c2,63,8c,26,b9,bb,b1,f6,a0,ee,5f,6c,be,de,3f,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,89,b0,44,a5,86,7e,30,15,69,0d,e3,00,b7,48,26,05,bf,.. "khjeh"=hex:23,dd,78,74,95,c3,ae,a6,4d,9d,83,fd,5b,27,ad,59,ae,86,be,ef,f0,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:20,be,dc,75,a8,9a,23,f8,88,bf,9a,5a,06,91,ef,d1,8f,56,1f,86,cd,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="C:\Program Files\DAEMON Tools\" "h0"=dword:00000000 "khjeh"=hex:6a,81,ec,e5,33,87,c2,63,8c,26,b9,bb,b1,f6,a0,ee,5f,6c,be,de,3f,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,89,b0,44,a5,86,7e,30,15,69,0d,e3,00,b7,48,26,05,bf,.. "khjeh"=hex:23,dd,78,74,95,c3,ae,a6,4d,9d,83,fd,5b,27,ad,59,ae,86,be,ef,f0,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:20,be,dc,75,a8,9a,23,f8,88,bf,9a,5a,06,91,ef,d1,8f,56,1f,86,cd,.. scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 [b]Remaining Services [/b]: Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\Gadu-Gadu\\gg.exe"="C:\\Program Files\\Gadu-Gadu\\gg.exe:*:Enabled:Gadu-Gadu - program glówny" "C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox" "C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour" "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes" "C:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"="C:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe:*:Enabled:Veoh Web Player " "C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client" "C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:Enabled:DNA" "C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent" "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" [b]Remaining Files [/b]: [b]Files with Hidden Attributes [/b]: Fri 12 Dec 2008 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Sun 22 Feb 2009 9,934,392 A..H. --- "C:\Program Files\Google\Picasa3\setup.exe" Sun 22 Mar 2009 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp" Mon 12 Feb 2007 3,096,576 A..H. --- "C:\Documents and Settings\Miroslaw Misiaszek\Application Data\U3\temp\Launchpad Removal.exe" Fri 12 Dec 2008 4,348 ...H. --- "C:\Documents and Settings\Miroslaw Misiaszek\My Documents\My Music\License Backup\drmv1key.bak" Fri 19 Dec 2008 20 A..H. --- "C:\Documents and Settings\Miroslaw Misiaszek\My Documents\My Music\License Backup\drmv1lic.bak" Fri 12 Dec 2008 400 ...H. --- "C:\Documents and Settings\Miroslaw Misiaszek\My Documents\My Music\License Backup\drmv2key.bak" Fri 19 Dec 2008 1,536 A..H. --- "C:\Documents and Settings\Miroslaw Misiaszek\My Documents\My Music\License Backup\drmv2lic.bak" [b]Finished![/b]

i

Kod: Zaznacz wszystko: ComboFix 09-04-14.08 - 14/04/2009 12:34.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1023.502 [GMT 1:00] Running from: c:\documents and settings\Miroslaw Misiaszek\Desktop\ComboFix.exe AV: avast! antivirus 4.8.1335 [VPS 090413-0] *On-access scanning enabled* (Updated) * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2009-03-14 to 2009-04-14 ))))))))))))))))))))))))))))))) . 2009-04-14 11:11 . 2009-04-14 11:11 578560 -c--a-w c:\windows\system32\dllcache\user32.dll 2009-04-14 11:09 . 2009-04-14 11:09 -------- d-----w c:\windows\ERUNT 2009-04-14 11:04 . 2009-04-14 11:27 -------- d-----w C:\SDFix 2009-04-07 14:43 . 2009-04-07 14:43 -------- d-----w c:\documents and settings\All Users\Application Data\Winferno 2009-04-07 14:37 . 2006-10-09 12:06 495616 ----a-w c:\windows\system32\WINUTIL5.DLL 2009-04-07 14:37 . 2006-10-09 11:28 835584 ----a-w c:\windows\system32\WINCTL4.OCX 2009-04-07 14:37 . 2006-05-17 07:40 393216 ----a-w c:\windows\system32\WINLCTL5.DLL 2009-04-07 14:37 . 2009-04-09 16:23 -------- d-----w c:\documents and settings\Miroslaw Misiaszek\Application Data\Smart-Shopper 2009-04-07 14:34 . 2009-04-07 14:33 737280 ----a-w c:\windows\iun6002.exe 2009-03-17 18:04 . 2009-03-17 18:05 -------- d-----w c:\windows\system32\drivers\UMDF 2009-03-17 18:04 . 2009-03-17 18:04 -------- d-----w c:\windows\system32\LogFiles 2009-03-17 11:44 . 2009-03-17 11:44 28 ----a-w c:\windows\pdf995.ini 2009-03-17 11:44 . 2009-03-17 11:44 -------- d-----w c:\documents and settings\Miroslaw Misiaszek\Application Data\pdf995 2009-03-17 11:44 . 2009-03-25 19:15 59 ----a-w c:\windows\wpd99.drv 2009-03-17 11:44 . 2009-03-25 19:15 -------- d-----w c:\documents and settings\All Users\Application Data\pdf995 2009-03-17 11:44 . 2009-03-17 11:44 51716 ----a-w c:\windows\system32\pdf995mon.dll 2009-03-17 11:44 . 2009-03-17 11:44 249856 ----a-w c:\windows\system32\pdfmona.dll 2009-03-17 11:38 . 2009-03-17 11:44 -------- d-----w C:\pdf995 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-14 11:27 . 2009-01-24 23:30 -------- d-----w c:\program files\DNA 2009-04-14 11:27 . 2009-01-24 23:30 -------- d-----w c:\documents and settings\Miroslaw Misiaszek\Application Data\DNA 2009-04-13 23:00 . 2008-11-09 17:25 -------- d-----w c:\documents and settings\Miroslaw Misiaszek\Application Data\skypePM 2009-04-13 22:49 . 2008-11-09 17:07 -------- d-----w c:\documents and settings\Miroslaw Misiaszek\Application Data\Skype 2009-04-11 02:05 . 2009-01-25 01:06 -------- d-----w c:\program files\ALLPlayer 2009-04-10 20:40 . 2009-01-24 23:30 -------- d-----w c:\documents and settings\Miroslaw Misiaszek\Application Data\BitTorrent 2009-04-10 12:53 . 2009-04-10 12:53 -------- d-----w c:\program files\Trend Micro 2009-04-10 01:35 . 2009-04-09 16:33 7572 ----a-w C:\mksbasel.cpp.log 2009-04-09 16:33 . 2009-04-09 16:25 -------- d-----w c:\program files\SkanerOnline 2009-04-09 11:18 . 2009-04-09 11:18 -------- d-----w c:\program files\Microsoft CAPICOM 2.1.0.2 2009-04-07 14:38 . 2009-04-07 14:38 -------- d-----w c:\program files\ffdshow 2009-04-07 14:37 . 2009-04-07 14:37 -------- d-----w c:\program files\Free Offers from Freeze.com 2009-04-07 14:37 . 2009-04-07 14:37 -------- d-----w c:\program files\Winferno 2009-04-07 14:37 . 2009-04-07 14:37 -------- d-----w c:\program files\Smart-Shopper 2009-04-07 14:34 . 2009-04-07 14:34 -------- d-----w c:\program files\Codec Pack - All In 1 2009-04-07 09:27 . 2008-11-27 21:04 -------- d-----w c:\documents and settings\Miroslaw Misiaszek\Application Data\Apple Computer 2009-04-07 09:24 . 2009-02-20 17:34 -------- d-----w c:\program files\Solo9RusEngNum 2009-04-07 09:22 . 2009-01-13 12:56 -------- d-----w c:\program files\Winamp 2009-03-29 11:14 . 2008-11-12 12:27 -------- d-----w c:\program files\CD to MP3 Freeware 2009-03-29 11:13 . 2008-11-11 01:16 -------- d-----w c:\program files\Common Files\Adobe 2009-03-27 01:21 . 2008-12-27 13:57 -------- d-----w c:\program files\BitComet 2009-03-17 19:05 . 2008-11-09 15:35 36776 ----a-w c:\documents and settings\Miroslaw Misiaszek\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-03-17 18:06 . 2009-03-17 18:06 -------- d-----w c:\program files\Windows Media Connect 2 2009-03-17 11:31 . 2009-03-17 11:31 -------- d-----w c:\program files\MSECache 2009-03-11 22:13 . 2009-03-10 22:24 -------- d-----w c:\documents and settings\Miroslaw Misiaszek\Application Data\U3 2009-02-26 17:20 . 2008-11-11 17:19 -------- d-----w c:\program files\Microsoft Silverlight 2009-02-21 23:14 . 2009-02-21 23:14 -------- d-----w c:\program files\Google 2009-02-20 17:35 . 2009-02-20 17:34 -------- d-----w c:\documents and settings\All Users\Application Data\Solo9RusEngNum 2009-02-09 11:13 . 2004-08-04 12:00 1846784 ----a-w c:\windows\system32\win32k.sys 2009-01-28 04:52 . 2009-01-28 04:52 1901 ----a-w c:\windows\panose.bin 2009-01-21 16:11 . 2009-01-21 16:11 473600 ----a-w c:\windows\system32\SkanerOnline.dll 2008-08-16 17:2008-08-16 17:42 42:36 . c:\program files\mozilla firefox\plugins\cgpcfg.dll 2008-08-16 17:2008-08-16 17:42 42:02 . c:\program files\mozilla firefox\plugins\CgpCore.dll 2008-08-16 17:2008-08-16 17:42 42:12 . c:\program files\mozilla firefox\plugins\confmgr.dll 2006-06-15 20:2008-12-30 18:54 33:58 . c:\program files\mozilla firefox\plugins\CrazyTalk4Native.dll 2006-05-25 18:2008-12-30 18:54 43:32 . c:\program files\mozilla firefox\plugins\ctdomemhelper.dll 2005-09-29 14:2008-12-30 18:54 41:38 . c:\program files\mozilla firefox\plugins\ctframeplayerobject.dll 2006-06-19 13:2008-12-30 18:54 10:42 . c:\program files\mozilla firefox\plugins\ctplayerobject.dll 2008-08-16 17:2008-08-16 17:42 42:08 . c:\program files\mozilla firefox\plugins\ctxlogging.dll 2008-08-16 17:2008-08-16 17:43 43:00 . c:\program files\mozilla firefox\plugins\ctxmui.dll 2008-08-16 17:2008-08-16 17:42 42:10 . c:\program files\mozilla firefox\plugins\icafile.dll 2008-08-16 17:2008-08-16 17:42 42:32 . c:\program files\mozilla firefox\plugins\icalogon.dll 2005-02-02 12:2008-12-30 18:53 19:12 . c:\program files\mozilla firefox\plugins\imagickrt.dll 2008-05-21 08:2008-05-21 08:41 41:08 . c:\program files\mozilla firefox\plugins\msvcm80.dll 2008-05-21 08:2008-05-21 08:41 41:08 . c:\program files\mozilla firefox\plugins\msvcp80.dll 2008-05-21 08:2008-05-21 08:41 41:08 . c:\program files\mozilla firefox\plugins\msvcr80.dll 2006-04-10 18:2008-12-30 18:54 35:38 . c:\program files\mozilla firefox\plugins\rlcontentclass.dll 2005-11-09 11:2008-12-30 18:53 10:06 . c:\program files\mozilla firefox\plugins\RLMusicPacker.dll 2005-11-09 11:2008-12-30 18:53 42:52 . c:\program files\mozilla firefox\plugins\RLMusicUnpacker.dll 2006-01-04 11:2008-12-30 18:53 22:00 . c:\program files\mozilla firefox\plugins\RLVoicePacker.dll 2006-01-04 11:2008-12-30 18:53 21:44 . c:\program files\mozilla firefox\plugins\RLVoiceUnpacker.dll 2008-06-05 13:2008-06-05 13:58 58:54 . c:\program files\mozilla firefox\plugins\sslsdk_b.dll 2008-08-16 17:2008-08-16 17:42 42:04 . c:\program files\mozilla firefox\plugins\TcpPServ.dll 2008-12-17 22:2009-03-19 18:40 43:15 . c:\program files\mozilla firefox\components\jar50.dll 2008-12-17 22:2009-03-19 18:40 43:15 . c:\program files\mozilla firefox\components\jsd3250.dll 2008-12-17 22:2009-03-19 18:40 43:15 . c:\program files\mozilla firefox\components\myspell.dll 2008-12-17 22:2009-03-19 18:40 43:15 . c:\program files\mozilla firefox\components\spellchk.dll 2008-12-17 22:2009-03-19 18:40 43:15 . c:\program files\mozilla firefox\components\xpinstal.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2008-10-09 3502840] "DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-08-22 167368] "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-01-24 342848] "ALLUpdate"="c:\program files\ALLPlayer\ALLUpdate.exe" [2008-11-24 869888] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-31 136600] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088] "Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" [2008-06-03 446635] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2004-10-27 61952] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\Miroslaw Misiaszek\Start Menu\Programs\Startup\ Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-10-20 113664] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-10-20 113664] Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588] WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-11-9 118784] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Gadu-Gadu\\gg.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"= "c:\\Program Files\\BitComet\\BitComet.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "23259:TCP"= 23259:TCP:BitComet 23259 TCP "23259:UDP"= 23259:UDP:BitComet 23259 UDP R3 iMSPQMn;iMSPQMn; [x] R3 PAC207;Trust WB-1400T Webcam;c:\windows\system32\DRIVERS\pfc027.sys [2005-02-24 162176] S1 aswSP;avast! Self Protection; [x] S2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-20 98304] S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560] S2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-20 118784] S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592] S3 OA002Afx;Provides a software interface to control audio effects of OA002 camera.;c:\windows\system32\Drivers\OA002Afx.sys [2007-06-08 148056] S3 OA002Ufd;Creative Camera OA002 Upper Filter Driver;c:\windows\system32\DRIVERS\OA002Ufd.sys [2008-06-03 144672] S3 OA002Vid;Creative Camera OA002 Function Driver;c:\windows\system32\DRIVERS\OA002Vid.sys [2008-08-01 268672] S3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual;c:\windows\system32\DRIVERS\livecamv.sys [2007-01-15 31616] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3cdc8016-0dc2-11de-9140-0013d470ba71}] \Shell\AutoRun\command - M:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6b30242e-1f83-11de-9167-0013d470ba71}] \Shell\AutoRun\command - dll32.exe \Shell\open\command - dll32.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{791b5dd8-13ba-11de-914d-0013d470ba71}] \Shell\Auto\command - asp.net \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL asp.net . Contents of the 'Scheduled Tasks' folder 2009-04-14 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20] 2009-04-14 c:\windows\Tasks\RegPowerClean.job - c:\program files\Winferno\RegistryPowerCleaner\RegPowerClean.exe [2009-04-07 13:48] 2009-04-14 c:\windows\Tasks\RPCReminder.job - c:\program files\Winferno\RegistryPowerCleaner\RPCReminder.exe [2009-04-07 13:34] . . ------- Supplementary Scan ------- . uStart Page = about:blank uInternet Settings,ProxyOverride = *.local IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm IE: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZKfox000 IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cab FF - ProfilePath - c:\documents and settings\Miroslaw Misiaszek\Application Data\Mozilla\Firefox\Profiles\n6pzfxc1.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/ FF - component: c:\documents and settings\Miroslaw Misiaszek\Application Data\Mozilla\Firefox\Profiles\n6pzfxc1.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll FF - plugin: c:\documents and settings\Miroslaw Misiaszek\Application Data\Mozilla\Firefox\Profiles\n6pzfxc1.default\extensions\SignPlugin@bph.pl\plugins\NPSignPlugin.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMyWebS.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npRLCT4Player.dll FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - true. ************************************************************************** catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-14 12:36 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(556) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(2480) c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: ~,10time:~,-3 ComboFix-quarantined-files.txt 2009-04-14 11:37 ComboFix2.txt 2009-04-10 12:40 Pre-Run: 87,239,892,992 bytes free Post-Run: 87,231,791,104 bytes free 210 --- E O F --- 2009-04-13 16:43

i ostatni

Kod: Zaznacz wszystko: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:16:21, on 16/04/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\DNA\btdna.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe C:\WINDOWS\System32\PAStiSvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Java\jre6\bin\jucheck.exe C:\Program Files\Microsoft Office\Office\WINWORD.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2 O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [ALLUpdate] "C:\Program Files\ALLPlayer\ALLUpdate.exe" "sleep" O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Adobe Media Player.lnk = C:\Program Files\Adobe Media Player\Adobe Media Player.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZKfox000 O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe -- End of file - 8743 bytes

dzieki za pomoc

**Posty:** 18165 · przez **wojtas** 16 Kwi 2009, 14:23

Otworz notatnik i wklej w nim to:

Folder::
c:\program files\Smart-Shopper
C:\Program Files\Winferno

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6b30242e-1f83-11de-9167-0013d470ba71}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{791b5dd8-13ba-11de-914d-0013d470ba71}]

>>Plik>>Zapisz jako... >>> CFScript
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe
-->

Ma się rozpocząć usuwanie. (i powstanie log).Daj ten log, który powstanie w trakcie usuwania.

**Posty:** 4 · przez **abdzela** 21 Kwi 2009, 16:57

oto log

Kod: Zaznacz wszystko: Running from: c:\documents and settings\Miroslaw Misiaszek\Desktop\instalki i skroty\ComboFix.exe Command switches used :: c:\documents and settings\Miroslaw Misiaszek\Desktop\instalki i skroty\CFScript.txt AV: avast! antivirus 4.8.1335 [VPS 090421-0] *On-access scanning enabled* (Updated) * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\Smart-Shopper c:\program files\Smart-Shopper\Bin\2.5.1\Smrt-Shpr.dll c:\program files\Smart-Shopper\Uninst.exe c:\program files\Winferno c:\program files\Winferno\RegistryPowerCleaner\CHives.dll c:\program files\Winferno\RegistryPowerCleaner\regpowerclean.chm c:\program files\Winferno\RegistryPowerCleaner\RegPowerClean.exe c:\program files\Winferno\RegistryPowerCleaner\RPCL.DLL c:\program files\Winferno\RegistryPowerCleaner\RPCReminder.exe c:\program files\Winferno\RegistryPowerCleaner\SysRst.exe c:\program files\Winferno\RegistryPowerCleaner\unins000.dat c:\program files\Winferno\RegistryPowerCleaner\unins000.exe c:\program files\Winferno\RegistryPowerCleaner\WinCMR.dll c:\windows\system32\pthreadGC2.dll . ((((((((((((((((((((((((( Files Created from 2009-03-21 to 2009-04-21 ))))))))))))))))))))))))))))))) . 2009-04-16 15:28 . 2008-10-03 12:30 414 ----a-w c:\windows\system32\lame_acm.xml 2009-04-16 15:28 . 2008-12-11 00:33 86016 ----a-w c:\windows\system32\dpl100.dll 2009-04-16 15:28 . 2008-12-07 18:08 795648 ----a-w c:\windows\system32\xvidcore.dll 2009-04-16 15:28 . 2008-12-07 18:08 130048 ----a-w c:\windows\system32\xvidvfw.dll 2009-04-16 15:28 . 2008-11-06 16:37 3596288 ----a-w c:\windows\system32\qt-dx331.dll 2009-04-16 15:28 . 2007-09-21 00:52 118784 ----a-w c:\windows\system32\ac3acm.acm 2009-04-16 15:28 . 2004-01-25 16:18 217088 ----a-w c:\windows\system32\yv12vfw.dll 2009-04-16 15:28 . 2008-11-06 16:33 684032 ----a-w c:\windows\system32\divx.dll 2009-04-16 15:28 . 2009-03-02 18:10 67584 ----a-w c:\windows\system32\ff_vfw.dll 2009-04-16 15:28 . 2007-07-10 16:10 547 ----a-w c:\windows\system32\ff_vfw.dll.manifest 2009-04-16 11:12 . 2009-03-06 14:22 284160 -c----w c:\windows\system32\dllcache\pdh.dll 2009-04-16 11:12 . 2009-02-09 12:10 473600 -c----w c:\windows\system32\dllcache\fastprox.dll 2009-04-16 11:12 . 2009-02-09 12:10 401408 -c----w c:\windows\system32\dllcache\rpcss.dll 2009-04-16 11:12 . 2009-02-06 11:11 110592 -c----w c:\windows\system32\dllcache\services.exe 2009-04-16 11:12 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe 2009-04-16 11:12 . 2009-02-09 12:10 729088 -c----w c:\windows\system32\dllcache\lsasrv.dll 2009-04-16 11:12 . 2009-02-09 12:10 714752 -c----w c:\windows\system32\dllcache\ntdll.dll 2009-04-16 11:12 . 2009-02-09 12:10 617472 -c----w c:\windows\system32\dllcache\advapi32.dll 2009-04-16 11:12 . 2009-02-09 12:10 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll 2009-04-16 11:11 . 2009-03-27 06:58 1203922 -c----w c:\windows\system32\dllcache\sysmain.sdb 2009-04-16 11:11 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll 2009-04-16 11:11 . 2008-04-21 12:08 215552 -c----w c:\windows\system32\dllcache\wordpad.exe 2009-04-14 11:11 . 2009-04-14 11:11 578560 -c--a-w c:\windows\system32\dllcache\user32.dll 2009-04-14 11:09 . 2009-04-14 11:09 -------- d-----w c:\windows\ERUNT 2009-04-14 11:04 . 2009-04-14 11:27 -------- d-----w C:\SDFix 2009-04-07 14:43 . 2009-04-07 14:43 -------- d-----w c:\documents and settings\All Users\Application Data\Winferno 2009-04-07 14:37 . 2006-10-09 12:06 495616 ----a-w c:\windows\system32\WINUTIL5.DLL 2009-04-07 14:37 . 2006-10-09 11:28 835584 ----a-w c:\windows\system32\WINCTL4.OCX 2009-04-07 14:37 . 2006-05-17 07:40 393216 ----a-w c:\windows\system32\WINLCTL5.DLL 2009-04-07 14:37 . 2009-04-09 16:23 -------- d-----w c:\documents and settings\Miroslaw Misiaszek\Application Data\Smart-Shopper 2009-04-07 14:34 . 2009-04-07 14:33 737280 ----a-w c:\windows\iun6002.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-21 14:47 . 2008-11-09 17:07 -------- d-----w c:\documents and settings\Miroslaw Misiaszek\Application Data\Skype 2009-04-21 14:40 . 2009-01-24 23:30 -------- d-----w c:\documents and settings\Miroslaw Misiaszek\Application Data\DNA 2009-04-21 10:45 . 2008-11-09 17:25 -------- d-----w c:\documents and settings\Miroslaw Misiaszek\Application Data\skypePM 2009-04-21 10:39 . 2009-01-24 23:30 -------- d-----w c:\program files\DNA 2009-04-16 18:18 . 2009-01-25 01:06 -------- d-----w c:\program files\ALLPlayer 2009-04-16 15:51 . 2009-04-16 15:28 -------- d-----w c:\program files\K-Lite Codec Pack 2009-04-16 15:27 . 2009-04-07 14:38 -------- d-----w c:\program files\ffdshow 2009-04-10 20:40 . 2009-01-24 23:30 -------- d-----w c:\documents and settings\Miroslaw Misiaszek\Application Data\BitTorrent 2009-04-10 12:53 . 2009-04-10 12:53 -------- d-----w c:\program files\Trend Micro 2009-04-10 01:35 . 2009-04-09 16:33 7572 ----a-w C:\mksbasel.cpp.log 2009-04-09 16:33 . 2009-04-09 16:25 -------- d-----w c:\program files\SkanerOnline 2009-04-09 11:18 . 2009-04-09 11:18 -------- d-----w c:\program files\Microsoft CAPICOM 2.1.0.2 2009-04-07 14:37 . 2009-04-07 14:37 -------- d-----w c:\program files\Free Offers from Freeze.com 2009-04-07 14:34 . 2009-04-07 14:34 -------- d-----w c:\program files\Codec Pack - All In 1 2009-04-07 09:27 . 2008-11-27 21:04 -------- d-----w c:\documents and settings\Miroslaw Misiaszek\Application Data\Apple Computer 2009-04-07 09:24 . 2009-02-20 17:34 -------- d-----w c:\program files\Solo9RusEngNum 2009-04-07 09:22 . 2009-01-13 12:56 -------- d-----w c:\program files\Winamp 2009-03-29 11:14 . 2008-11-12 12:27 -------- d-----w c:\program files\CD to MP3 Freeware 2009-03-29 11:13 . 2008-11-11 01:16 -------- d-----w c:\program files\Common Files\Adobe 2009-03-27 01:21 . 2008-12-27 13:57 -------- d-----w c:\program files\BitComet 2009-03-25 19:15 . 2009-03-17 11:44 -------- d-----w c:\documents and settings\All Users\Application Data\pdf995 2009-03-17 19:05 . 2008-11-09 15:35 36776 ----a-w c:\documents and settings\Miroslaw Misiaszek\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-03-17 18:06 . 2009-03-17 18:06 -------- d-----w c:\program files\Windows Media Connect 2 2009-03-17 11:44 . 2009-03-17 11:44 -------- d-----w c:\documents and settings\Miroslaw Misiaszek\Application Data\pdf995 2009-03-17 11:44 . 2009-03-17 11:44 51716 ----a-w c:\windows\system32\pdf995mon.dll 2009-03-17 11:44 . 2009-03-17 11:44 249856 ----a-w c:\windows\system32\pdfmona.dll 2009-03-17 11:31 . 2009-03-17 11:31 -------- d-----w c:\program files\MSECache 2009-03-11 22:13 . 2009-03-10 22:24 -------- d-----w c:\documents and settings\Miroslaw Misiaszek\Application Data\U3 2009-03-06 14:22 . 2004-08-04 12:00 284160 ----a-w c:\windows\system32\pdh.dll 2009-03-03 00:18 . 2004-09-29 18:47 826368 ----a-w c:\windows\system32\wininet.dll 2009-02-26 17:20 . 2008-11-11 17:19 -------- d-----w c:\program files\Microsoft Silverlight 2009-02-21 23:14 . 2009-02-21 23:14 -------- d-----w c:\program files\Google 2009-02-20 18:09 . 2004-08-04 12:00 78336 ----a-w c:\windows\system32\ieencode.dll 2009-02-20 17:35 . 2009-02-20 17:34 -------- d-----w c:\documents and settings\All Users\Application Data\Solo9RusEngNum 2009-02-09 12:10 . 2004-10-28 01:21 729088 ----a-w c:\windows\system32\lsasrv.dll 2009-02-09 12:10 . 2004-08-04 12:00 714752 ----a-w c:\windows\system32\ntdll.dll 2009-02-09 12:10 . 2004-08-04 12:00 617472 ----a-w c:\windows\system32\advapi32.dll 2009-02-09 12:10 . 2004-08-04 12:00 401408 ----a-w c:\windows\system32\rpcss.dll 2009-02-09 11:13 . 2004-08-04 12:00 1846784 ----a-w c:\windows\system32\win32k.sys 2009-02-06 11:11 . 2004-08-04 12:00 110592 ----a-w c:\windows\system32\services.exe 2009-02-06 11:06 . 2004-08-04 12:00 2145280 ----a-w c:\windows\system32\ntoskrnl.exe 2009-02-06 10:39 . 2004-08-04 12:00 35328 ----a-w c:\windows\system32\sc.exe 2009-02-06 10:32 . 2004-08-03 22:59 2023936 ----a-w c:\windows\system32\ntkrnlpa.exe 2009-02-03 19:59 . 2004-08-04 12:00 56832 ----a-w c:\windows\system32\secur32.dll 2009-01-28 04:52 . 2009-01-28 04:52 1901 ----a-w c:\windows\panose.bin 2009-01-21 16:11 . 2009-01-21 16:11 473600 ----a-w c:\windows\system32\SkanerOnline.dll 2008-08-16 17:2008-08-16 17:42 42:36 . c:\program files\mozilla firefox\plugins\cgpcfg.dll 2008-08-16 17:2008-08-16 17:42 42:02 . c:\program files\mozilla firefox\plugins\CgpCore.dll 2008-08-16 17:2008-08-16 17:42 42:12 . c:\program files\mozilla firefox\plugins\confmgr.dll 2006-06-15 20:2008-12-30 18:54 33:58 . c:\program files\mozilla firefox\plugins\CrazyTalk4Native.dll 2006-05-25 18:2008-12-30 18:54 43:32 . c:\program files\mozilla firefox\plugins\ctdomemhelper.dll 2005-09-29 14:2008-12-30 18:54 41:38 . c:\program files\mozilla firefox\plugins\ctframeplayerobject.dll 2006-06-19 13:2008-12-30 18:54 10:42 . c:\program files\mozilla firefox\plugins\ctplayerobject.dll 2008-08-16 17:2008-08-16 17:42 42:08 . c:\program files\mozilla firefox\plugins\ctxlogging.dll 2008-08-16 17:2008-08-16 17:43 43:00 . c:\program files\mozilla firefox\plugins\ctxmui.dll 2008-08-16 17:2008-08-16 17:42 42:10 . c:\program files\mozilla firefox\plugins\icafile.dll 2008-08-16 17:2008-08-16 17:42 42:32 . c:\program files\mozilla firefox\plugins\icalogon.dll 2005-02-02 12:2008-12-30 18:53 19:12 . c:\program files\mozilla firefox\plugins\imagickrt.dll 2008-05-21 08:2008-05-21 08:41 41:08 . c:\program files\mozilla firefox\plugins\msvcm80.dll 2008-05-21 08:2008-05-21 08:41 41:08 . c:\program files\mozilla firefox\plugins\msvcp80.dll 2008-05-21 08:2008-05-21 08:41 41:08 . c:\program files\mozilla firefox\plugins\msvcr80.dll 2006-04-10 18:2008-12-30 18:54 35:38 . c:\program files\mozilla firefox\plugins\rlcontentclass.dll 2005-11-09 11:2008-12-30 18:53 10:06 . c:\program files\mozilla firefox\plugins\RLMusicPacker.dll 2005-11-09 11:2008-12-30 18:53 42:52 . c:\program files\mozilla firefox\plugins\RLMusicUnpacker.dll 2006-01-04 11:2008-12-30 18:53 22:00 . c:\program files\mozilla firefox\plugins\RLVoicePacker.dll 2006-01-04 11:2008-12-30 18:53 21:44 . c:\program files\mozilla firefox\plugins\RLVoiceUnpacker.dll 2008-06-05 13:2008-06-05 13:58 58:54 . c:\program files\mozilla firefox\plugins\sslsdk_b.dll 2008-08-16 17:2008-08-16 17:42 42:04 . c:\program files\mozilla firefox\plugins\TcpPServ.dll 2008-12-17 22:2009-03-19 18:40 43:15 . c:\program files\mozilla firefox\components\jar50.dll 2008-12-17 22:2009-03-19 18:40 43:15 . c:\program files\mozilla firefox\components\jsd3250.dll 2008-12-17 22:2009-03-19 18:40 43:15 . c:\program files\mozilla firefox\components\myspell.dll 2008-12-17 22:2009-03-19 18:40 43:15 . c:\program files\mozilla firefox\components\spellchk.dll 2008-12-17 22:2009-03-19 18:40 43:15 . c:\program files\mozilla firefox\components\xpinstal.dll 2008-12-30 18:54 . 2008-12-30 18:54 75 --sh--r c:\windows\CT4CET.bin . ((((((((((((((((((((((((((((( SnapShot@2009-04-14_11.36.18 ))))))))))))))))))))))))))))))))))))))))) . + 2009-04-21 10:40 . 2009-04-21 10:40 16384 c:\windows\Temp\Perflib_Perfdata_b28.dat + 2009-04-21 10:39 . 2009-04-21 10:39 16384 c:\windows\Temp\Perflib_Perfdata_524.dat + 2008-11-09 14:54 . 2008-07-09 07:38 26488 c:\windows\system32\spupdsvc.exe - 2008-11-09 14:54 . 2007-07-27 09:41 26488 c:\windows\system32\spupdsvc.exe + 2009-03-17 18:07 . 2007-11-30 12:39 17272 c:\windows\system32\spmsg.dll + 2004-08-04 12:00 . 2009-02-20 18:09 44544 c:\windows\system32\pngfilt.dll - 2004-08-04 12:00 . 2008-12-20 23:15 44544 c:\windows\system32\pngfilt.dll + 2004-08-04 12:00 . 2009-04-17 10:51 71516 c:\windows\system32\perfc009.dat - 2004-08-04 12:00 . 2009-03-29 16:37 71516 c:\windows\system32\perfc009.dat - 2008-11-09 14:51 . 2008-04-14 00:12 91648 c:\windows\system32\mtxoci.dll + 2008-11-09 14:51 . 2008-06-12 14:23 91648 c:\windows\system32\mtxoci.dll + 2004-08-04 12:00 . 2008-06-12 14:23 66560 c:\windows\system32\mtxclu.dll - 2004-08-04 12:00 . 2008-04-14 00:12 66560 c:\windows\system32\mtxclu.dll + 2007-08-13 18:54 . 2009-02-20 18:09 52224 c:\windows\system32\msfeedsbs.dll - 2007-08-13 18:54 . 2008-12-20 23:15 52224 c:\windows\system32\msfeedsbs.dll + 2008-11-09 14:50 . 2008-06-12 14:23 58880 c:\windows\system32\msdtclog.dll - 2008-11-09 14:50 . 2008-04-14 00:11 58880 c:\windows\system32\msdtclog.dll - 2004-08-04 12:00 . 2008-12-20 23:15 27648 c:\windows\system32\jsproxy.dll + 2004-08-04 12:00 . 2009-02-20 18:09 27648 c:\windows\system32\jsproxy.dll + 2007-08-13 18:39 . 2009-02-20 10:20 13824 c:\windows\system32\ieudinit.exe - 2007-08-13 18:39 . 2008-12-19 09:10 13824 c:\windows\system32\ieudinit.exe - 2004-08-04 12:00 . 2008-12-20 23:15 44544 c:\windows\system32\iernonce.dll + 2004-08-04 12:00 . 2009-02-20 18:09 44544 c:\windows\system32\iernonce.dll - 2004-08-04 12:00 . 2008-12-19 09:10 70656 c:\windows\system32\ie4uinit.exe + 2004-08-04 12:00 . 2009-02-20 10:20 70656 c:\windows\system32\ie4uinit.exe + 2007-08-13 18:36 . 2009-02-20 18:09 63488 c:\windows\system32\icardie.dll - 2007-08-13 18:36 . 2008-12-20 23:15 63488 c:\windows\system32\icardie.dll + 2009-02-03 19:59 . 2009-02-03 19:59 56832 c:\windows\system32\dllcache\secur32.dll + 2004-08-04 12:00 . 2009-02-06 10:39 35328 c:\windows\system32\dllcache\sc.exe + 2004-08-04 12:00 . 2009-02-20 18:09 44544 c:\windows\system32\dllcache\pngfilt.dll - 2004-08-04 12:00 . 2008-12-20 23:15 44544 c:\windows\system32\dllcache\pngfilt.dll + 2008-06-12 14:23 . 2008-06-12 14:23 91648 c:\windows\system32\dllcache\mtxoci.dll + 2008-06-12 14:23 . 2008-06-12 14:23 66560 c:\windows\system32\dllcache\mtxclu.dll + 2008-11-09 16:03 . 2009-02-20 18:09 52224 c:\windows\system32\dllcache\msfeedsbs.dll - 2008-11-09 16:03 . 2008-12-20 23:15 52224 c:\windows\system32\dllcache\msfeedsbs.dll + 2008-06-12 14:23 . 2008-06-12 14:23 58880 c:\windows\system32\dllcache\msdtclog.dll + 2004-08-04 12:00 . 2009-02-20 18:09 27648 c:\windows\system32\dllcache\jsproxy.dll - 2004-08-04 12:00 . 2008-12-20 23:15 27648 c:\windows\system32\dllcache\jsproxy.dll + 2008-11-09 16:03 . 2009-02-20 10:20 13824 c:\windows\system32\dllcache\ieudinit.exe - 2008-11-09 16:03 . 2008-12-19 09:10 13824 c:\windows\system32\dllcache\ieudinit.exe - 2004-08-04 12:00 . 2008-12-20 23:15 44544 c:\windows\system32\dllcache\iernonce.dll + 2004-08-04 12:00 . 2009-02-20 18:09 44544 c:\windows\system32\dllcache\iernonce.dll + 2009-02-20 18:09 . 2009-02-20 18:09 78336 c:\windows\system32\dllcache\ieencode.dll - 2004-08-04 12:00 . 2008-12-19 09:10 70656 c:\windows\system32\dllcache\ie4uinit.exe + 2004-08-04 12:00 . 2009-02-20 10:20 70656 c:\windows\system32\dllcache\ie4uinit.exe - 2008-11-09 16:03 . 2008-12-20 23:15 63488 c:\windows\system32\dllcache\icardie.dll + 2008-11-09 16:03 . 2009-02-20 18:09 63488 c:\windows\system32\dllcache\icardie.dll - 2009-03-20 02:07 . 2009-03-20 02:07 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe + 2009-04-17 01:36 . 2009-04-17 01:36 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe + 2009-04-17 01:38 . 2008-12-20 23:15 44544 c:\windows\ie7updates\KB963027-IE7\pngfilt.dll + 2009-04-17 01:38 . 2008-12-20 23:15 52224 c:\windows\ie7updates\KB963027-IE7\msfeedsbs.dll + 2009-04-17 01:38 . 2008-12-20 23:15 27648 c:\windows\ie7updates\KB963027-IE7\jsproxy.dll + 2009-04-17 01:38 . 2008-12-19 09:10 13824 c:\windows\ie7updates\KB963027-IE7\ieudinit.exe + 2009-04-17 01:38 . 2008-12-20 23:15 44544 c:\windows\ie7updates\KB963027-IE7\iernonce.dll + 2009-04-17 01:38 . 2008-04-14 00:11 81920 c:\windows\ie7updates\KB963027-IE7\ieencode.dll + 2009-04-17 01:38 . 2008-12-19 09:10 70656 c:\windows\ie7updates\KB963027-IE7\ie4uinit.exe + 2009-04-17 01:38 . 2008-12-20 23:15 63488 c:\windows\ie7updates\KB963027-IE7\icardie.dll + 2004-08-04 12:00 . 2008-12-16 12:30 354304 c:\windows\system32\winhttp.dll - 2004-08-04 12:00 . 2008-04-14 00:12 354304 c:\windows\system32\winhttp.dll - 2004-08-04 12:00 . 2008-12-20 23:15 233472 c:\windows\system32\webcheck.dll + 2004-08-04 12:00 . 2009-02-20 18:09 233472 c:\windows\system32\webcheck.dll + 2008-11-09 14:50 . 2009-02-06 10:10 227840 c:\windows\system32\wbem\wmiprvse.exe + 2008-11-09 14:50 . 2009-02-09 12:10 453120 c:\windows\system32\wbem\wmiprvsd.dll + 2008-11-09 14:50 . 2009-02-09 12:10 473600 c:\windows\system32\wbem\fastprox.dll + 2004-08-04 12:00 . 2009-02-20 18:09 105984 c:\windows\system32\url.dll - 2004-08-04 12:00 . 2008-12-20 23:15 105984 c:\windows\system32\url.dll - 2004-08-04 12:00 . 2009-03-29 16:37 441898 c:\windows\system32\perfh009.dat + 2004-08-04 12:00 . 2009-04-17 10:51 441898 c:\windows\system32\perfh009.dat + 2004-08-04 12:00 . 2009-02-20 18:09 102912 c:\windows\system32\occache.dll - 2004-08-04 12:00 . 2008-12-20 23:15 102912 c:\windows\system32\occache.dll - 2004-08-04 12:00 . 2008-12-20 23:15 671232 c:\windows\system32\mstime.dll + 2004-08-04 12:00 . 2009-02-20 18:09 671232 c:\windows\system32\mstime.dll + 2004-08-04 12:00 . 2009-02-20 18:09 193024 c:\windows\system32\msrating.dll - 2004-08-04 12:00 . 2008-12-20 23:15 193024 c:\windows\system32\msrating.dll + 2004-08-04 12:00 . 2009-02-20 18:09 477696 c:\windows\system32\mshtmled.dll - 2004-08-04 12:00 . 2008-12-20 23:15 477696 c:\windows\system32\mshtmled.dll + 2007-08-13 18:54 . 2009-02-20 18:09 459264 c:\windows\system32\msfeeds.dll - 2007-08-13 18:54 . 2008-12-20 23:15 459264 c:\windows\system32\msfeeds.dll + 2008-11-09 14:51 . 2008-06-12 14:23 161792 c:\windows\system32\msdtcuiu.dll - 2008-11-09 14:51 . 2008-04-14 00:11 161792 c:\windows\system32\msdtcuiu.dll + 2008-11-09 14:50 . 2008-06-12 14:23 956928 c:\windows\system32\msdtctm.dll - 2008-11-09 14:50 . 2008-04-14 00:11 956928 c:\windows\system32\msdtctm.dll + 2008-11-09 14:51 . 2008-06-12 14:23 428032 c:\windows\system32\msdtcprx.dll + 2004-08-04 12:00 . 2009-03-21 14:06 989696 c:\windows\system32\kernel32.dll - 2004-08-04 12:00 . 2008-04-14 00:11 989696 c:\windows\system32\kernel32.dll + 2007-08-13 18:34 . 2009-02-20 18:09 268288 c:\windows\system32\iertutil.dll + 2004-08-04 12:00 . 2009-02-20 18:09 385024 c:\windows\system32\iedkcs32.dll + 2007-07-11 12:27 . 2009-02-20 18:09 383488 c:\windows\system32\ieapfltr.dll - 2007-07-11 12:27 . 2008-12-20 23:15 383488 c:\windows\system32\ieapfltr.dll - 2004-08-04 12:00 . 2008-12-19 05:23 161792 c:\windows\system32\ieakui.dll + 2004-08-04 12:00 . 2009-02-20 05:14 161792 c:\windows\system32\ieakui.dll + 2004-08-04 12:00 . 2009-02-20 18:09 230400 c:\windows\system32\ieaksie.dll - 2004-08-04 12:00 . 2008-12-20 23:15 230400 c:\windows\system32\ieaksie.dll + 2004-08-04 12:00 . 2009-02-20 18:09 153088 c:\windows\system32\ieakeng.dll - 2004-08-04 12:00 . 2008-12-20 23:15 153088 c:\windows\system32\ieakeng.dll + 2004-08-04 12:00 . 2009-02-20 18:09 133120 c:\windows\system32\extmgr.dll - 2004-08-04 12:00 . 2008-12-20 23:15 133120 c:\windows\system32\extmgr.dll - 2004-08-04 12:00 . 2008-12-20 23:15 214528 c:\windows\system32\dxtrans.dll + 2004-08-04 12:00 . 2009-02-20 18:09 214528 c:\windows\system32\dxtrans.dll + 2004-08-04 12:00 . 2009-02-20 18:09 347136 c:\windows\system32\dxtmsft.dll - 2004-08-04 12:00 . 2008-12-20 23:15 347136 c:\windows\system32\dxtmsft.dll - 2004-09-29 18:47 . 2008-12-20 23:15 826368 c:\windows\system32\dllcache\wininet.dll + 2004-09-29 18:47 . 2009-03-03 00:18 826368 c:\windows\system32\dllcache\wininet.dll + 2008-12-16 12:30 . 2008-12-16 12:30 354304 c:\windows\system32\dllcache\winhttp.dll + 2004-08-04 12:00 . 2009-02-20 18:09 233472 c:\windows\system32\dllcache\webcheck.dll - 2004-08-04 12:00 . 2008-12-20 23:15 233472 c:\windows\system32\dllcache\webcheck.dll - 2004-08-04 12:00 . 2008-12-20 23:15 105984 c:\windows\system32\dllcache\url.dll + 2004-08-04 12:00 . 2009-02-20 18:09 105984 c:\windows\system32\dllcache\url.dll + 2004-08-04 12:00 . 2009-02-20 18:09 102912 c:\windows\system32\dllcache\occache.dll - 2004-08-04 12:00 . 2008-12-20 23:15 102912 c:\windows\system32\dllcache\occache.dll - 2004-08-04 12:00 . 2008-12-20 23:15 671232 c:\windows\system32\dllcache\mstime.dll + 2004-08-04 12:00 . 2009-02-20 18:09 671232 c:\windows\system32\dllcache\mstime.dll - 2004-08-04 12:00 . 2008-12-20 23:15 193024 c:\windows\system32\dllcache\msrating.dll + 2004-08-04 12:00 . 2009-02-20 18:09 193024 c:\windows\system32\dllcache\msrating.dll + 2004-08-04 12:00 . 2009-02-20 18:09 477696 c:\windows\system32\dllcache\mshtmled.dll - 2004-08-04 12:00 . 2008-12-20 23:15 477696 c:\windows\system32\dllcache\mshtmled.dll + 2008-11-09 16:03 . 2009-02-20 18:09 459264 c:\windows\system32\dllcache\msfeeds.dll - 2008-11-09 16:03 . 2008-12-20 23:15 459264 c:\windows\system32\dllcache\msfeeds.dll + 2008-06-12 14:23 . 2008-06-12 14:23 161792 c:\windows\system32\dllcache\msdtcuiu.dll + 2008-06-12 14:23 . 2008-06-12 14:23 956928 c:\windows\system32\dllcache\msdtctm.dll + 2008-06-12 14:23 . 2008-06-12 14:23 428032 c:\windows\system32\dllcache\msdtcprx.dll + 2009-03-21 14:06 . 2009-03-21 14:06 989696 c:\windows\system32\dllcache\kernel32.dll + 2008-11-09 14:52 . 2009-02-28 04:54 636072 c:\windows\system32\dllcache\iexplore.exe + 2008-11-09 16:03 . 2009-02-20 18:09 268288 c:\windows\system32\dllcache\iertutil.dll + 2004-08-04 12:00 . 2009-02-20 18:09 385024 c:\windows\system32\dllcache\iedkcs32.dll - 2008-11-09 16:03 . 2008-12-20 23:15 383488 c:\windows\system32\dllcache\ieapfltr.dll + 2008-11-09 16:03 . 2009-02-20 18:09 383488 c:\windows\system32\dllcache\ieapfltr.dll - 2004-08-04 12:00 . 2008-12-19 05:23 161792 c:\windows\system32\dllcache\ieakui.dll + 2004-08-04 12:00 . 2009-02-20 05:14 161792 c:\windows\system32\dllcache\ieakui.dll + 2004-08-04 12:00 . 2009-02-20 18:09 230400 c:\windows\system32\dllcache\ieaksie.dll - 2004-08-04 12:00 . 2008-12-20 23:15 230400 c:\windows\system32\dllcache\ieaksie.dll - 2004-08-04 12:00 . 2008-12-20 23:15 153088 c:\windows\system32\dllcache\ieakeng.dll + 2004-08-04 12:00 . 2009-02-20 18:09 153088 c:\windows\system32\dllcache\ieakeng.dll + 2004-08-04 12:00 . 2009-02-20 18:09 133120 c:\windows\system32\dllcache\extmgr.dll - 2004-08-04 12:00 . 2008-12-20 23:15 133120 c:\windows\system32\dllcache\extmgr.dll + 2004-08-04 12:00 . 2009-02-20 18:09 214528 c:\windows\system32\dllcache\dxtrans.dll - 2004-08-04 12:00 . 2008-12-20 23:15 214528 c:\windows\system32\dllcache\dxtrans.dll - 2004-08-04 12:00 . 2008-12-20 23:15 347136 c:\windows\system32\dllcache\dxtmsft.dll + 2004-08-04 12:00 . 2009-02-20 18:09 347136 c:\windows\system32\dllcache\dxtmsft.dll - 2004-08-04 12:00 . 2008-12-20 23:15 124928 c:\windows\system32\dllcache\advpack.dll + 2004-08-04 12:00 . 2009-02-20 18:09 124928 c:\windows\system32\dllcache\advpack.dll + 2004-08-04 12:00 . 2009-02-20 18:09 124928 c:\windows\system32\advpack.dll - 2004-08-04 12:00 . 2008-12-20 23:15 124928 c:\windows\system32\advpack.dll + 2008-11-27 21:04 . 2009-04-14 16:53 102400 c:\windows\Installer\{318AB667-3230-41B5-A617-CB3BF748D371}\iTunesIco.exe - 2008-11-27 21:04 . 2008-11-27 21:04 102400 c:\windows\Installer\{318AB667-3230-41B5-A617-CB3BF748D371}\iTunesIco.exe + 2009-04-17 01:38 . 2008-12-20 23:15 826368 c:\windows\ie7updates\KB963027-IE7\wininet.dll + 2009-04-17 01:38 . 2008-12-20 23:15 233472 c:\windows\ie7updates\KB963027-IE7\webcheck.dll + 2009-04-17 01:38 . 2008-12-20 23:15 105984 c:\windows\ie7updates\KB963027-IE7\url.dll + 2009-04-17 01:38 . 2008-07-09 07:38 382840 c:\windows\ie7updates\KB963027-IE7\spuninst\updspapi.dll + 2009-04-17 01:38 . 2008-07-08 13:02 231288 c:\windows\ie7updates\KB963027-IE7\spuninst\spuninst.exe + 2009-04-17 01:38 . 2008-12-20 23:15 102912 c:\windows\ie7updates\KB963027-IE7\occache.dll + 2009-04-17 01:38 . 2008-12-20 23:15 671232 c:\windows\ie7updates\KB963027-IE7\mstime.dll + 2009-04-17 01:38 . 2008-12-20 23:15 193024 c:\windows\ie7updates\KB963027-IE7\msrating.dll + 2009-04-17 01:38 . 2008-12-20 23:15 477696 c:\windows\ie7updates\KB963027-IE7\mshtmled.dll + 2009-04-17 01:38 . 2008-12-20 23:15 459264 c:\windows\ie7updates\KB963027-IE7\msfeeds.dll + 2009-04-17 01:38 . 2008-12-19 05:25 634024 c:\windows\ie7updates\KB963027-IE7\iexplore.exe + 2009-04-17 01:38 . 2008-12-20 23:15 267776 c:\windows\ie7updates\KB963027-IE7\iertutil.dll + 2009-04-17 01:38 . 2008-12-20 23:15 384512 c:\windows\ie7updates\KB963027-IE7\iedkcs32.dll + 2009-04-17 01:38 . 2008-12-20 23:15 383488 c:\windows\ie7updates\KB963027-IE7\ieapfltr.dll + 2009-04-17 01:38 . 2008-12-19 05:23 161792 c:\windows\ie7updates\KB963027-IE7\ieakui.dll + 2009-04-17 01:38 . 2008-12-20 23:15 230400 c:\windows\ie7updates\KB963027-IE7\ieaksie.dll + 2009-04-17 01:38 . 2008-12-20 23:15 153088 c:\windows\ie7updates\KB963027-IE7\ieakeng.dll + 2009-04-17 01:38 . 2008-12-20 23:15 133120 c:\windows\ie7updates\KB963027-IE7\extmgr.dll + 2009-04-17 01:38 . 2008-12-20 23:15 214528 c:\windows\ie7updates\KB963027-IE7\dxtrans.dll + 2009-04-17 01:38 . 2008-12-20 23:15 347136 c:\windows\ie7updates\KB963027-IE7\dxtmsft.dll + 2009-04-17 01:38 . 2008-12-20 23:15 124928 c:\windows\ie7updates\KB963027-IE7\advpack.dll + 2004-09-29 18:47 . 2009-02-20 18:09 1160192 c:\windows\system32\urlmon.dll - 2004-09-29 18:47 . 2008-12-20 23:15 1160192 c:\windows\system32\urlmon.dll - 2004-08-04 12:00 . 2008-05-07 05:12 1288192 c:\windows\system32\quartz.dll + 2004-08-04 12:00 . 2008-12-20 22:14 1288192 c:\windows\system32\quartz.dll + 2004-09-29 18:47 . 2009-02-20 18:09 3595264 c:\windows\system32\mshtml.dll + 2007-08-13 18:54 . 2009-02-20 18:09 6066176 c:\windows\system32\ieframe.dll - 2007-02-12 16:10 . 2007-04-17 09:32 2455488 c:\windows\system32\ieapfltr.dat + 2007-02-12 16:10 . 2008-07-09 14:25 2455488 c:\windows\system32\ieapfltr.dat - 2004-09-29 18:47 . 2008-12-20 23:15 1160192 c:\windows\system32\dllcache\urlmon.dll + 2004-09-29 18:47 . 2009-02-20 18:09 1160192 c:\windows\system32\dllcache\urlmon.dll - 2008-05-07 05:12 . 2008-05-07 05:12 1288192 c:\windows\system32\dllcache\quartz.dll + 2008-05-07 05:12 . 2008-12-20 22:14 1288192 c:\windows\system32\dllcache\quartz.dll + 2008-11-09 15:20 . 2009-02-06 11:08 2189056 c:\windows\system32\dllcache\ntoskrnl.exe - 2008-11-09 15:20 . 2008-08-14 09:33 2023936 c:\windows\system32\dllcache\ntkrpamp.exe + 2008-11-09 15:20 . 2009-02-06 10:32 2023936 c:\windows\system32\dllcache\ntkrpamp.exe + 2008-11-09 15:20 . 2009-02-07 18:02 2066048 c:\windows\system32\dllcache\ntkrnlpa.exe - 2008-11-09 15:20 . 2008-08-14 09:33 2066048 c:\windows\system32\dllcache\ntkrnlpa.exe + 2008-11-09 15:20 . 2009-02-06 11:06 2145280 c:\windows\system32\dllcache\ntkrnlmp.exe - 2008-11-09 15:20 . 2008-08-14 10:09 2145280 c:\windows\system32\dllcache\ntkrnlmp.exe + 2004-09-29 18:47 . 2009-02-20 18:09 3595264 c:\windows\system32\dllcache\mshtml.dll + 2008-11-09 16:03 . 2009-02-20 18:09 6066176 c:\windows\system32\dllcache\ieframe.dll + 2008-11-09 16:03 . 2008-07-09 14:25 2455488 c:\windows\system32\dllcache\ieapfltr.dat - 2008-11-09 16:03 . 2007-04-17 09:32 2455488 c:\windows\system32\dllcache\ieapfltr.dat + 2009-04-17 01:38 . 2008-12-20 23:15 1160192 c:\windows\ie7updates\KB963027-IE7\urlmon.dll + 2009-04-17 01:38 . 2009-01-16 21:35 3594752 c:\windows\ie7updates\KB963027-IE7\mshtml.dll + 2009-04-17 01:38 . 2008-12-20 23:15 6066688 c:\windows\ie7updates\KB963027-IE7\ieframe.dll + 2009-04-17 01:38 . 2007-04-17 09:32 2455488 c:\windows\ie7updates\KB963027-IE7\ieapfltr.dat + 2008-11-09 15:20 . 2009-02-06 11:08 2189056 c:\windows\Driver Cache\i386\ntoskrnl.exe + 2008-11-09 15:20 . 2009-02-06 10:32 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe - 2008-11-09 15:20 . 2008-08-14 09:33 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe - 2008-11-09 15:20 . 2008-08-14 09:33 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe + 2008-11-09 15:20 . 2009-02-07 18:02 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe - 2008-11-09 15:20 . 2008-08-14 10:09 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe + 2008-11-09 15:20 . 2009-02-06 11:06 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe + 2008-11-09 15:58 . 2009-04-06 14:57 24921544 c:\windows\system32\MRT.exe . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2008-10-09 3502840] "DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-08-22 167368] "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-01-24 342848] "ALLUpdate"="c:\program files\ALLPlayer\ALLUpdate.exe" [2008-11-24 869888] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-31 136600] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088] "Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" [2008-06-03 446635] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2004-10-27 61952] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\Miroslaw Misiaszek\Start Menu\Programs\Startup\ Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-10-20 113664] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-10-20 113664] Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588] WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-11-9 118784] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Gadu-Gadu\\gg.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"= "c:\\Program Files\\BitComet\\BitComet.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "23259:TCP"= 23259:TCP:BitComet 23259 TCP "23259:UDP"= 23259:UDP:BitComet 23259 UDP R3 iMSPQMn;iMSPQMn; [x] R3 PAC207;Trust WB-1400T Webcam;c:\windows\system32\DRIVERS\pfc027.sys [2005-02-24 162176] S1 aswSP;avast! Self Protection; [x] S2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-20 98304] S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560] S2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-20 118784] S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592] S3 OA002Afx;Provides a software interface to control audio effects of OA002 camera.;c:\windows\system32\Drivers\OA002Afx.sys [2007-06-08 148056] S3 OA002Ufd;Creative Camera OA002 Upper Filter Driver;c:\windows\system32\DRIVERS\OA002Ufd.sys [2008-06-03 144672] S3 OA002Vid;Creative Camera OA002 Function Driver;c:\windows\system32\DRIVERS\OA002Vid.sys [2008-08-01 268672] S3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual;c:\windows\system32\DRIVERS\livecamv.sys [2007-01-15 31616] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3cdc8016-0dc2-11de-9140-0013d470ba71}] \Shell\AutoRun\command - M:\LaunchU3.exe -a . Contents of the 'Scheduled Tasks' folder 2009-04-21 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20] . . ------- Supplementary Scan ------- . uStart Page = about:blank uInternet Settings,ProxyOverride = *.local IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm IE: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZKfox000 IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cab FF - ProfilePath - c:\documents and settings\Miroslaw Misiaszek\Application Data\Mozilla\Firefox\Profiles\n6pzfxc1.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/ FF - component: c:\documents and settings\Miroslaw Misiaszek\Application Data\Mozilla\Firefox\Profiles\n6pzfxc1.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll FF - plugin: c:\documents and settings\Miroslaw Misiaszek\Application Data\Mozilla\Firefox\Profiles\n6pzfxc1.default\extensions\SignPlugin@bph.pl\plugins\NPSignPlugin.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMyWebS.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npRLCT4Player.dll FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - true. ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-21 15:47 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(556) c:\windows\system32\Ati2evxx.dll . Completion time: 2009-04-21 15:49 ComboFix-quarantined-files.txt 2009-04-21 14:48 ComboFix2.txt 2009-04-14 11:37 ComboFix3.txt 2009-04-10 12:40 Pre-Run: 86,338,969,600 bytes free Post-Run: 86,359,961,600 bytes free 450 --- E O F --- 2009-04-17 01:39

**Posty:** 18165 · przez **wojtas** 21 Kwi 2009, 17:09

1. Ściągnij OTMoveIt i go włacz i odpal go z opcji CleanUp

oraz skasuj folder C:\Qoobox
2. wykonaj optymalizację windowsa
3.sciagnij ATF_Cleaner
zaznacz
Windows Temp
All users Temp
Temporary internet files
Recycle Bin
i wcisnij EMPTY SELECTED
4.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem
5. Wykonaj skan Dr. Web CureIt
6. Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum.

i tym:

FixIEDef.

**Posty:** 6 · przez **dalik** 01 Maj 2009, 09:25

Witam wszystkich. Jestem tutaj nowo zarejestrowany, ale nie znaczy to że nie przeglądam często tego forum, z którego dużo czerpię. Napisanie do was zmusiło mnie jednak nieporadzenie sobie samemu z problemem. A więc, najprawdopodobniej też mam problem z heur.w32. Objawy takie same jak kolega wyżej opisywał. Avast którego używam nie znajduje go, ale skaner online mks wyrzuca informacje o nim. Przyznam że nie wiem co dalej robić, czy mam wykonać wszystko to samo co proponowaliście wczesniej dla abdzela? Prosze o radę. Oto moje logi:

Kod: Zaznacz wszystko: ComboFix 09-04-30.05 - Darek i Ewa 2009-05-01 9:01.1 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.48.1045.18.3069.1784 [GMT 2:00] Uruchomiony z: c:\users\Darek i Ewa\Downloads\ComboFix.exe FW: ZoneAlarm Firewall *enabled* * Utworzono nowy punkt przywracania . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\x64 . ((((((((((((((((((((((((( Pliki utworzone od 2009-04-01 do 2009-05-01 ))))))))))))))))))))))))))))))) . 2009-05-01 06:48 . 2009-05-01 06:48 -------- d-----w c:\program files\Trend Micro 2009-05-01 06:35 . 2009-05-01 06:42 -------- d-----w c:\program files\SkanerOnline 2009-04-30 15:59 . 2009-05-01 06:38 -------- d-----w c:\program files\Panda Security 2009-04-29 17:45 . 2009-04-29 17:54 -------- d-----w c:\users\Darek i Ewa\AppData\Roaming\HiT-MM 2009-04-29 17:45 . 2009-04-29 20:51 -------- d---a-w c:\programdata\TEMP 2009-04-29 17:45 . 2009-04-29 20:51 -------- d---a-w c:\users\All Users\TEMP 2009-04-29 16:00 . 2009-04-29 16:00 -------- d-----w c:\users\Darek i Ewa\AppData\Roaming\VSRevoGroup 2009-04-28 20:22 . 2009-04-28 20:22 -------- d-----w c:\users\Darek i Ewa\AppData\Roaming\OpenOffice.org 2009-04-28 20:15 . 2009-04-28 20:15 -------- d-----w c:\program files\VS Revo Group 2009-04-27 19:21 . 2009-04-27 19:21 -------- d-----w c:\windows\Amelies Cafe 2009-04-27 19:21 . 2009-04-27 19:21 -------- d-----w c:\program files\Amelies Cafe 2009-04-27 18:57 . 2009-04-27 18:57 -------- d-----w c:\program files\OpenOffice.org 3 2009-04-27 16:55 . 2009-04-27 18:09 440864 --sha-w c:\windows\system32\drivers\fidbox.dat 2009-04-27 16:37 . 2009-04-27 18:02 -------- d-----w c:\program files\Common Files\ParetoLogic 2009-04-27 16:37 . 2009-04-27 18:02 -------- d-----w c:\programdata\ParetoLogic 2009-04-27 16:37 . 2009-04-27 18:02 -------- d-----w c:\users\All Users\ParetoLogic 2009-04-27 16:36 . 2009-04-27 16:36 -------- d-----w c:\users\Darek i Ewa\AppData\Local\Downloaded Installations 2009-04-27 15:07 . 2009-04-27 15:07 -------- d-----w c:\users\Darek i Ewa\AppData\Local\Apple Computer 2009-04-27 15:07 . 2009-04-27 15:07 -------- d-----w c:\users\Darek i Ewa\AppData\Roaming\Apple Computer 2009-04-27 15:07 . 2009-04-27 15:07 -------- d-----w c:\users\Darek i Ewa\AppData\Local\Apple 2009-04-27 15:07 . 2009-04-27 15:07 -------- d-----w c:\program files\Apple Software Update 2009-04-27 15:07 . 2009-04-27 15:07 -------- d-----w c:\programdata\Apple 2009-04-27 15:07 . 2009-04-27 15:07 -------- d-----w c:\users\All Users\Apple 2009-04-27 15:02 . 2009-04-27 15:02 -------- d-----w c:\users\Darek i Ewa\AppData\Local\Mozilla 2009-04-27 14:00 . 2009-04-27 14:00 -------- d-----w c:\users\Remek\AppData\Local\Toshiba 2009-04-26 19:09 . 2009-04-26 19:09 -------- d-----w c:\users\Darek i Ewa\AppData\Local\Winamp Toolbar 2009-04-26 05:07 . 2009-04-26 05:07 -------- d-----w c:\programdata\Alex Gordon 2009-04-26 05:07 . 2009-04-26 05:07 -------- d-----w c:\users\All Users\Alex Gordon 2009-04-26 05:00 . 2009-04-26 05:00 53248 ----a-w c:\windows\system32\unrar.dll 2009-04-26 04:58 . 2009-04-26 04:58 -------- d-----w c:\program files\Alex Gordon 2009-04-26 04:33 . 2009-04-26 04:33 -------- d-----w c:\users\Darek i Ewa\AppData\Local\Microsoft Games 2009-04-25 18:59 . 2009-04-25 18:59 -------- d-----w c:\users\Darek i Ewa\AppData\Roaming\DAEMON Tools 2009-04-25 18:59 . 2009-04-25 18:59 -------- d-----w c:\users\Darek i Ewa\AppData\Roaming\DAEMON Tools Pro 2009-04-25 18:59 . 2009-04-25 18:59 6944 ----a-w c:\users\Darek i Ewa\AppData\Local\d3d9caps.dat 2009-04-25 10:00 . 2009-04-25 10:00 -------- d-----w c:\users\Remek\AppData\Local\Opera 2009-04-25 09:59 . 2009-04-25 09:59 -------- d-----w c:\users\Remek\AppData\Roaming\ATI 2009-04-25 09:59 . 2009-04-25 09:59 -------- d-----w c:\users\Remek\AppData\Local\ATI 2009-04-25 09:59 . 2009-04-25 09:59 82720 ----a-w c:\users\Remek\AppData\Local\GDIPFONTCACHEV1.DAT 2009-04-25 09:59 . 2009-04-25 09:59 -------- d-----w c:\users\Remek\AppData\Local\Google 2009-04-25 09:59 . 2009-04-25 09:59 -------- d-----r c:\users\Remek\Searches 2009-04-24 22:12 . 2008-05-27 05:17 11776 ----a-w c:\windows\system32\msshooks.dll 2009-04-24 21:52 . 2009-04-24 21:52 -------- d-----w c:\windows\system32\IOSUBSYS 2009-04-24 21:42 . 2009-04-24 21:42 -------- d-----w c:\users\Darek i Ewa\AppData\Roaming\Toshiba 2009-04-24 21:23 . 2009-04-24 21:23 -------- d-----w c:\programdata\DAEMON Tools Lite 2009-04-24 21:23 . 2009-04-24 21:23 -------- d-----w c:\users\All Users\DAEMON Tools Lite 2009-04-24 21:23 . 2009-04-24 21:23 -------- d-----w c:\program files\DAEMON Tools Lite 2009-04-24 21:16 . 2009-04-24 21:16 -------- d-----w c:\program files\Common Files\Adobe 2009-04-24 21:14 . 2009-04-24 21:14 -------- d-----w c:\programdata\IsolatedStorage 2009-04-24 21:14 . 2009-04-24 21:14 -------- d-----w c:\users\All Users\IsolatedStorage 2009-04-24 21:14 . 2009-04-24 21:14 -------- d-----w c:\program files\CCleaner 2009-04-24 21:13 . 2009-04-24 21:13 717296 ----a-w c:\windows\system32\drivers\sptd.sys 2009-04-24 21:13 . 2009-04-26 05:00 -------- d-----w c:\users\Darek i Ewa\AppData\Roaming\DAEMON Tools Lite 2009-04-24 21:13 . 2009-04-24 21:13 -------- d-----w c:\program files\NAPI-PROJEKT 2009-04-24 21:07 . 2008-02-23 02:41 22528 ----a-w c:\windows\system32\netiougc.exe 2009-04-24 21:07 . 2008-02-23 04:38 170496 ----a-w c:\windows\system32\tcpipcfg.dll 2009-04-24 21:06 . 2009-05-01 06:33 -------- d-----w c:\users\Darek i Ewa\AppData\Roaming\Draco Organizer 2009-04-24 21:04 . 2009-04-24 21:04 -------- d-----w c:\programdata\CheckPoint 2009-04-24 21:04 . 2009-04-24 21:04 -------- d-----w c:\users\All Users\CheckPoint 2009-04-24 21:04 . 2009-05-01 06:50 -------- d-----w c:\windows\Internet Logs 2009-04-24 21:02 . 2009-04-24 21:02 -------- d-----w c:\programdata\Azureus 2009-04-24 21:02 . 2009-04-24 21:02 -------- d-----w c:\users\All Users\Azureus 2009-04-24 21:02 . 2009-04-30 15:52 -------- d-----w c:\users\Darek i Ewa\AppData\Roaming\Azureus 2009-04-24 21:02 . 2009-04-24 21:07 -------- d-----w c:\program files\AskBarDis 2009-04-24 20:59 . 2009-04-24 20:59 -------- d-----w c:\programdata\Winamp Toolbar 2009-04-24 20:59 . 2009-04-24 20:59 -------- d-----w c:\users\All Users\Winamp Toolbar 2009-04-24 20:59 . 2009-04-24 20:59 -------- d-----w c:\program files\Winamp Toolbar 2009-04-24 20:59 . 2009-04-24 20:59 -------- d-----w c:\program files\Common Files\PX Storage Engine 2009-04-24 20:59 . 2009-04-24 21:28 -------- d-----w c:\users\Darek i Ewa\AppData\Roaming\Winamp 2009-04-24 20:59 . 2009-04-30 15:44 -------- d-----w c:\program files\Winamp 2009-04-24 20:58 . 2009-04-24 20:58 -------- d-----w c:\program files\Vuze 2009-04-24 20:58 . 2009-04-24 21:00 -------- d-----w c:\program files\Spybot - Search & Destroy 2009-04-24 20:58 . 2009-05-01 06:45 -------- d-----w c:\programdata\Spybot - Search & Destroy 2009-04-24 20:58 . 2009-05-01 06:45 -------- d-----w c:\users\All Users\Spybot - Search & Destroy 2009-04-24 20:57 . 2009-03-02 17:10 67584 ----a-w c:\windows\system32\ff_vfw.dll 2009-04-24 20:57 . 2008-06-08 20:58 60273 ----a-w c:\windows\system32\pthreadGC2.dll 2009-04-24 20:57 . 2009-04-24 20:57 -------- d-----w c:\program files\ffdshow 2009-04-24 20:35 . 2009-04-24 20:35 -------- d-----w c:\windows\system32\Adobe 2009-04-24 20:33 . 2008-06-20 01:14 97800 ----a-w c:\windows\system32\infocardapi.dll 2009-04-24 20:33 . 2008-06-20 01:14 105016 ----a-w c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll 2009-04-24 20:33 . 2008-06-20 01:14 622080 ----a-w c:\windows\system32\icardagt.exe 2009-04-24 20:33 . 2008-06-20 01:14 11264 ----a-w c:\windows\system32\icardres.dll 2009-04-24 20:33 . 2008-06-20 01:14 43544 ----a-w c:\windows\system32\PresentationHostProxy.dll 2009-04-24 20:33 . 2008-06-20 01:14 781344 ----a-w c:\windows\system32\PresentationNative_v0300.dll 2009-04-24 20:33 . 2008-06-20 01:14 326160 ----a-w c:\windows\system32\PresentationHost.exe 2009-04-24 20:25 . 2009-04-24 20:28 -------- d-----w c:\users\Darek i Ewa\AppData\Roaming\Nowe Gadu-Gadu 2009-04-24 20:24 . 2009-04-24 20:54 -------- d-----w c:\program files\Nowe Gadu-Gadu 2009-04-24 20:24 . 2008-07-27 18:03 96760 ----a-w c:\windows\system32\dfshim.dll 2009-04-24 20:24 . 2008-07-27 18:03 282112 ----a-w c:\windows\system32\mscoree.dll 2009-04-24 20:24 . 2008-07-27 18:03 41984 ----a-w c:\windows\system32\netfxperf.dll 2009-04-24 20:23 . 2009-04-24 20:23 -------- d-----w c:\users\Darek i Ewa\AppData\Local\Sun 2009-04-24 20:22 . 2008-07-27 18:03 158720 ----a-w c:\windows\system32\mscorier.dll 2009-04-24 20:22 . 2008-07-27 18:03 83968 ----a-w c:\windows\system32\mscories.dll 2009-04-24 20:22 . 2009-04-24 20:22 -------- d-----w c:\users\Darek i Ewa\AppData\Local\Opera 2009-04-24 20:22 . 2009-04-24 20:22 -------- d-----w c:\program files\Opera 2009-04-24 20:17 . 2008-06-06 03:27 562176 ----a-w c:\windows\system32\msdtcprx.dll 2009-04-24 20:17 . 2008-06-06 03:27 38912 ----a-w c:\windows\system32\xolehlp.dll 2009-04-24 20:17 . 2009-02-13 08:49 1255936 ----a-w c:\windows\system32\lsasrv.dll 2009-04-24 20:17 . 2009-02-13 08:49 72704 ----a-w c:\windows\system32\secur32.dll 2009-04-24 20:17 . 2009-03-17 03:38 13824 ----a-w c:\windows\system32\apilogen.dll 2009-04-24 20:17 . 2009-03-17 03:38 24064 ----a-w c:\windows\system32\amxread.dll 2009-04-24 20:16 . 2009-04-24 21:43 -------- d-----w c:\users\Darek i Ewa\AppData\Local\Adobe 2009-04-24 20:13 . 2009-03-03 04:39 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll 2009-04-24 20:12 . 2008-08-27 01:05 212480 ----a-w c:\windows\system32\drivers\mrxsmb10.sys 2009-04-24 20:12 . 2008-06-19 03:31 361984 ----a-w c:\windows\system32\IPSECSVC.DLL 2009-04-24 20:12 . 2008-04-18 05:48 269312 ----a-w c:\windows\system32\es.dll 2009-04-24 19:44 . 2008-08-28 03:40 425472 ----a-w c:\windows\system32\PhotoMetadataHandler.dll 2009-04-24 19:44 . 2008-08-28 03:40 347136 ----a-w c:\windows\system32\WindowsCodecsExt.dll 2009-04-24 19:44 . 2008-08-28 03:40 712704 ----a-w c:\windows\system32\WindowsCodecs.dll 2009-04-24 19:44 . 2008-09-18 04:56 147456 ----a-w c:\windows\system32\Faultrep.dll 2009-04-24 19:41 . 2008-06-23 01:59 2868736 ----a-w c:\windows\system32\mf.dll 2009-04-24 19:41 . 2008-06-23 01:59 996352 ----a-w c:\windows\system32\WMNetMgr.dll 2009-04-24 19:41 . 2008-06-23 01:58 94720 ----a-w c:\windows\system32\logagent.exe 2009-04-24 19:41 . 2008-10-21 05:25 1645568 ----a-w c:\windows\system32\connect.dll 2009-04-24 19:14 . 2009-02-09 03:10 2033152 ----a-w c:\windows\system32\win32k.sys 2009-04-24 19:14 . 2008-09-10 03:40 1334272 ----a-w c:\windows\system32\msxml6.dll 2009-04-24 19:06 . 2008-10-16 21:09 43544 ----a-w c:\windows\system32\wups2.dll 2009-04-24 19:06 . 2008-10-16 21:09 51224 ----a-w c:\windows\system32\wuauclt.exe 2009-04-24 19:06 . 2008-10-16 20:56 1524736 ----a-w c:\windows\system32\wucltux.dll 2009-04-24 19:06 . 2008-10-16 21:13 1809944 ----a-w c:\windows\system32\wuaueng.dll 2009-04-24 19:05 . 2008-10-16 21:08 34328 ----a-w c:\windows\system32\wups.dll 2009-04-24 19:05 . 2008-10-16 20:55 83456 ----a-w c:\windows\system32\wudriver.dll 2009-04-24 19:05 . 2008-10-16 21:12 561688 ----a-w c:\windows\system32\wuapi.dll 2009-04-24 19:05 . 2008-10-16 12:08 162064 ----a-w c:\windows\system32\wuwebv.dll 2009-04-24 19:05 . 2008-10-16 11:56 31232 ----a-w c:\windows\system32\wuapp.exe 2009-04-24 18:50 . 2009-04-24 18:50 -------- d-----w c:\users\Darek i Ewa\AppData\Roaming\ATI . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-05-01 06:37 . 2008-01-21 06:24 662056 ----a-w c:\windows\system32\perfh015.dat 2009-05-01 06:37 . 2008-01-21 06:24 126908 ----a-w c:\windows\system32\perfc015.dat 2009-05-01 06:36 . 2008-07-04 10:23 -------- d-----w c:\program files\Google 2009-05-01 06:31 . 2009-04-24 21:05 350192 ---ha-w c:\windows\system32\drivers\vsconfig.xml 2009-04-27 18:09 . 2009-04-27 16:55 6980 --sha-w c:\windows\system32\drivers\fidbox.idx 2009-04-27 18:01 . 2008-07-04 09:59 -------- d-----w c:\program files\Toshiba 2009-04-27 18:01 . 2008-07-04 09:49 -------- d--h--w c:\program files\InstallShield Installation Information 2009-04-27 15:23 . 2006-11-02 10:25 51200 ----a-w c:\windows\inf\infpub.dat 2009-04-27 15:23 . 2006-11-02 10:25 143360 ----a-w c:\windows\inf\infstrng.dat 2009-04-25 05:21 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail 2009-04-24 21:05 . 2009-04-24 21:05 -------- d-----w c:\program files\Zone Labs 2009-04-24 21:05 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infstor.dat 2009-04-24 21:05 . 2009-04-24 21:05 -------- d-----w c:\program files\Draco Software 2009-04-24 20:30 . 2009-04-24 20:30 -------- d-----r c:\program files\Skype 2009-04-24 20:30 . 2009-04-24 20:30 -------- d-----w c:\program files\Alwil Software 2009-04-24 20:23 . 2008-07-04 09:35 -------- d-----w c:\program files\Java 2009-04-24 17:36 . 2009-04-24 17:36 0 --sha-r c:\windows\system32\drivers\TOSHIBA_Satellite A300_08016-PL_PSAGCE-09000.MRK 2009-04-24 17:32 . 2009-04-24 17:32 -------- d-----w c:\program files\Realtek 2009-04-24 17:32 . 2008-07-04 09:50 319456 ----a-w c:\windows\DIFxAPI.dll 2009-04-24 17:31 . 2009-04-24 17:31 -------- d-----w c:\program files\ATI Technologies 2009-04-24 17:30 . 2008-07-04 09:36 -------- d-----w c:\program files\Intel 2009-03-17 03:38 . 2009-04-24 20:17 40960 ----a-w c:\windows\AppPatch\apihex86.dll 2009-03-03 04:46 . 2009-04-24 20:14 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe 2009-03-03 04:46 . 2009-04-24 20:14 3547632 ----a-w c:\windows\system32\ntoskrnl.exe 2009-03-03 04:40 . 2009-04-24 19:42 827392 ----a-w c:\windows\system32\wininet.dll 2009-03-03 04:39 . 2009-04-24 20:13 183296 ----a-w c:\windows\system32\sdohlp.dll 2009-03-03 04:39 . 2009-04-24 20:14 551424 ----a-w c:\windows\system32\rpcss.dll 2009-03-03 04:37 . 2009-04-24 19:42 78336 ----a-w c:\windows\system32\ieencode.dll 2009-03-03 04:37 . 2009-04-24 20:13 98304 ----a-w c:\windows\system32\iasrecst.dll 2009-03-03 04:37 . 2009-04-24 20:13 54784 ----a-w c:\windows\system32\iasads.dll 2009-03-03 04:37 . 2009-04-24 20:13 44032 ----a-w c:\windows\system32\iasdatastore.dll 2009-03-03 03:04 . 2009-04-24 20:14 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe 2009-03-03 02:38 . 2009-04-24 20:13 17408 ----a-w c:\windows\system32\iashost.exe 2009-03-03 02:28 . 2009-04-24 19:42 26624 ----a-w c:\windows\system32\ieUnatt.exe 2009-02-15 22:11 . 2009-04-24 21:05 293528 ----a-w c:\windows\system32\drivers\vsdatant.sys 2009-02-15 22:10 . 2009-04-24 21:06 1221512 ----a-w c:\windows\system32\zpeng25.dll 2009-02-05 20:06 . 2009-04-24 20:30 51792 ----a-w c:\windows\system32\drivers\aswMonFlt.sys 2008-01-21 02:43 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}] 2008-12-09 16:40 333192 ----a-w c:\program files\AskBarDis\bar\bin\askBar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-12-09 333192] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-12-09 333192] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920] "TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-04-24 430080] "Nowe Gadu-Gadu"="c:\program files\Nowe Gadu-Gadu\gg.exe" [2009-04-20 9818728] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] "Draco Organizer"="c:\program files\Draco Software\Draco Organizer 3\Organizer.exe" [2009-02-22 10560512] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 144784] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440] "Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-04-29 417792] "HDMICtrlMan"="c:\program files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe" [2008-04-26 716800] "TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456] "HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-10-31 54608] "SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-01-25 509816] "00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-03-19 716800] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000] "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-15 981384] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "NDSTray.exe"="NDSTray.exe" [BU] "RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-04-08 6037504] "Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-11-20 1826816] c:\users\Remek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ TRDCReminder.lnk - c:\program files\Toshiba\TRDCReminder\TRDCReminder.exe [2008-3-5 393216] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GOEC62~1.DLL [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{0C12CEC7-392B-43B9-B40C-07340BE0882A}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{EDF8BAA0-2546-417B-810E-78DDE9D6AA9F}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{A1EB7158-918B-486D-B2E6-6673E32ABABF}"= c:\program files\Skype\Phone\Skype.exe:Skype "TCP Query User{3A9E1A36-3934-4EBA-A68C-6F2EB1CA0F20}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus "UDP Query User{BA49DDCA-C67D-4C07-83A2-DBFC39C12185}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) R3 GoogleDesktopManager-022208-143751;Menedżer Google Desktop 5.7.802.22438;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-07-04 29744] R3 Partner Service;Partner Service;c:\programdata\Partner\partner.exe [2008-07-04 110576] S1 aswSP;avast! Self Protection; [x] S2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [2008-12-09 464264] S2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [2008-12-09 234888] S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560] S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-02-05 51792] S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-04-16 40960] S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168] S3 NETw5v32;Sterownik karty Intel(R) Wireless WiFi Link dla systemu Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-28 3658752] --- Inne Usługi/Sterowniki w Pamięci --- *NewlyCreated* - PAVBOOT [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{39d07498-30f6-11de-b7a3-806e6f6e6963}] \shell\AutoRun\command - F:\autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b0c83a3b-31ca-11de-a755-001e3398ae94}] \shell\AutoRun\command - D:\csetup.exe . Zawartość folderu 'Zaplanowane zadania' 2009-05-01 c:\windows\Tasks\User_Feed_Synchronization-{99587E5E-A343-49EE-BF05-C8BC2F209EF1}.job - c:\windows\system32\msfeedssync.exe [2008-01-21 02:24] . - - - - USUNIĘTO PUSTE WPISY - - - - HKLM-Run-cfFncEnabler.exe - cfFncEnabler.exe . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA; mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: {{76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/4908-44618-9400-3/4 IE: {{8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redirect-home?tag=Toshibaukbholink-21&site=home Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cab FF - ProfilePath - c:\users\Darek i Ewa\AppData\Roaming\Mozilla\Firefox\Profiles\n2no1xzj.default\ FF - prefs.js: network.proxy.type - 2 FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-05-01 09:05 Windows 6.0.6001 Service Pack 1 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... HKCU\Software\Microsoft\Windows\CurrentVersion\Run TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i??????7?w?A??P?[?x?[???[???[?? skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- [HKEY_USERS\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0[/u]000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 [HKEY_USERS\SYSTEM\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0[/u]000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . Czas ukończenia: 2009-05-01 9:06 ComboFix-quarantined-files.txt 2009-05-01 07:06 Przed: 149 327 818 752 bajtów wolnych Po: 149 360 984 064 bajtów wolnych Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4 309 --- E O F --- 2009-04-27 14:02

i z hijack

Kod: Zaznacz wszystko: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 08:48:36, on 2009-05-01 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18226) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Toshiba\ConfigFree\NDSTray.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Toshiba\HDMICtrlMan\HDMICtrlMan.exe C:\Program Files\Toshiba\Power Saver\TPwrMain.exe C:\Program Files\Toshiba\SmoothView\SmoothView.exe C:\Program Files\Toshiba\FlashCards\TCrdMain.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe C:\Program Files\Toshiba\HDMICtrlMan\HCMSoundChanger.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Internet Explorer\IEUser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe c:\program files\winamp toolbar\WinampTbServer.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Windows\system32\conime.exe C:\Program Files\Opera\opera.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [cfFncEnabler.exe] cfFncEnabler.exe O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Skytel] Skytel.exe O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start O4 - HKLM\..\Run: [HDMICtrlMan] C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe O4 - HKCU\..\Run: [Nowe Gadu-Gadu] "C:\Program Files\Nowe Gadu-Gadu\gg.exe" O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [Draco Organizer] "C:\Program Files\Draco Software\Draco Organizer 3\Organizer.exe" /tray O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA SIECIOWA') O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (User 'Default user') O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: eBay - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/4908-44618-9400-3/4 (file missing) O9 - Extra button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redirect-home?tag=Toshibaukbholink-21&site=home (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O13 - Gopher Prefix: O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Menedżer Google Desktop 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Partner Service - Google Inc. - C:\ProgramData\Partner\partner.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: SmartFaceVWatchSrv - Toshiba - C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe -- End of file - 10586 bytes

z góry dziękuje za pomoc

**Posty:** 18165 · przez **wojtas** 01 Maj 2009, 14:05

dalik, załoz swoj temat..