prosze o sprawdzenie loga

**Posty:** 159 · przez **know** 10 Mar 2007, 17:38

Cos siedzi w kompie. Wyskakuja mi okienka IE zebym sciagnal jakis program antywirusowy, ze komputer jest zagrozony itp. Przeskanowalem www.ewido.net i usunalem 2 syfy ale z jednym Ewido sobie nie poradzil.. Mysle, ze nadal gdzies siedzi w kompie...

Kod: Zaznacz wszystko: Logfile of HijackThis v1.99.1 Scan saved at 16:30:29, on 2007-03-10 Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Norton Internet Security\ISSVC.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\V0220Mon.exe C:\Program Files\Wanadoo\TaskBarIcon.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Agnitum\Outpost Firewall\outpost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Wanadoo\EspaceWanadoo.exe C:\Program Files\Wanadoo\ComComp.exe C:\Program Files\Wanadoo\Watch.exe C:\Program Files\Tlen.pl\tlen.exe C:\Program Files\Mozilla Firefox\firefox.exe F:\Krzysiek\uzytki\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada Plus wita Cie w Internecie R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file) O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [C:\WINDOWS\System32\V0220Cvw.dll] C:\WINDOWS\System32\RegSvr32.exe /s C:\WINDOWS\System32\V0220Cvw.dll O4 - HKLM\..\Run: [V0220Mon.exe] C:\WINDOWS\V0220Mon.exe O4 - HKLM\..\Run: [] C:\Program Files\Wanadoo\TaskBarIcon.exe O4 - HKLM\..\Run: [msvcc25] svcchost.exe O4 - HKLM\..\Run: [Outpost Firewall] C:\Program Files\Agnitum\Outpost Firewall\outpost.exe /waitservice O4 - HKLM\..\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Firewall\feedback.exe /dump:os_startup O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\System32\mypsdaoy.dll",setvm O4 - HKLM\..\RunServices: [msvcc25] svcchost.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Utwórz łącze Ulubione dla urządzenia przenośnego... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) - https://www.bph.pl/pi/components/SignActivX.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{C10F468C-7B31-47F2-83D0-5E3AA6AFEB9C}: NameServer = 194.204.159.1 217.98.63.164 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Harmonogram automatycznej usługi LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Network helper Service (MSDisk) - Unknown owner - C:\WINDOWS\System32\irdvxc.exe" /service (file missing) O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\Program Files\Agnitum\Outpost Firewall\outpost.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Windows System Service (SYSTEMSVC) - Unknown owner - C:\WINDOWS\system\system.exe (file missing)

**Posty:** 8694 · przez **Red** 10 Mar 2007, 17:45

pozbądz sie tego:

O4 - HKLM\..\Run: [C:\WINDOWS\System32\V0220Cvw.dll] C:\WINDOWS\System32\RegSvr32.exe /s C:\WINDOWS\System32\V0220Cvw.dll
O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\System32\mypsdaoy.dll",setvm
O4 - HKLM\..\RunServices: [msvcc25] svcchost.exe>>>nie pomyl nazwy
O23 - Service: Network helper Service (MSDisk) - Unknown owner - C:\WINDOWS\System32\irdvxc.exe" /service (file missing)
O23 - Service: Windows System Service (SYSTEMSVC) - Unknown owner - C:\WINDOWS\system\system.exe (file missing)

i daj log do kontroli

**Posty:** 935 · przez **Aqui** 10 Mar 2007, 17:58

O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\System32\mypsdaoy.dll",setvm

Przeciez to jest Vundo...

**Posty:** 8694 · przez **Red** 10 Mar 2007, 18:00

Przeciez to jest Vundo...

więc co ...ma zostawić????

**Posty:** 935 · przez **Aqui** 10 Mar 2007, 18:05

Raczej nie ma szans usuwac Vundo recznie.....

Automaty +l2mfix+Comboscan+Silentrunners i wtedy da sie usunac.

**Posty:** 8694 · przez **Red** 10 Mar 2007, 18:07

To mu to napisz,a nie nabijaj posty.Ok?

**Posty:** 159 · przez **know** 10 Mar 2007, 18:11

nowy log:

Kod: Zaznacz wszystko: Logfile of HijackThis v1.99.1 Scan saved at 17:05:07, on 2007-03-10 Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Norton Internet Security\ISSVC.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\V0220Mon.exe C:\Program Files\Wanadoo\TaskBarIcon.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Agnitum\Outpost Firewall\outpost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Wanadoo\EspaceWanadoo.exe C:\Program Files\Wanadoo\ComComp.exe C:\Program Files\Wanadoo\Watch.exe C:\Program Files\Tlen.pl\tlen.exe C:\Program Files\Mozilla Firefox\firefox.exe F:\Krzysiek\uzytki\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada Plus wita Cie w Internecie R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file) O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [V0220Mon.exe] C:\WINDOWS\V0220Mon.exe O4 - HKLM\..\Run: [] C:\Program Files\Wanadoo\TaskBarIcon.exe O4 - HKLM\..\Run: [msvcc25] svcchost.exe O4 - HKLM\..\Run: [Outpost Firewall] C:\Program Files\Agnitum\Outpost Firewall\outpost.exe /waitservice O4 - HKLM\..\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Firewall\feedback.exe /dump:os_startup O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\System32\uwyspccl.dll",setvm O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Utwórz łącze Ulubione dla urządzenia przenośnego... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) - https://www.bph.pl/pi/components/SignActivX.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{C10F468C-7B31-47F2-83D0-5E3AA6AFEB9C}: NameServer = 194.204.159.1 217.98.63.164 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Harmonogram automatycznej usługi LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Network helper Service (MSDisk) - Unknown owner - C:\WINDOWS\System32\irdvxc.exe" /service (file missing) O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\Program Files\Agnitum\Outpost Firewall\outpost.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Windows System Service (SYSTEMSVC) - Unknown owner - C:\WINDOWS\system\system.exe (file missing)

co do ostatniej linijki loga to tam wlasnie Ewido wykryl smiecia ktorego nie mogl usunac...

**Posty:** 8694 · przez **Red** 10 Mar 2007, 18:16

co do ostatniej linijki loga to tam wlasnie Ewido wykryl smiecia ktorego nie mogl usunac...

Start >>> Uruchom >>> cmd i wklep komendę:

sc delete SYSTEMSVC

O23 - Service: Network helper Service (MSDisk) - Unknown owner - C:\WINDOWS\System32\irdvxc.exe" /service (file missing)

Start >>> Uruchom >>> cmd i wklep komendę:

sc delete MSDisk

zastosuj dodatkowo:

http://securityresponse.symantec.com/avcenter/FixVundo.exe

http://www.atribune.org/downloads/VundoFix.exe

i nadal siedzi to:

O4 - HKLM\..\Run: [msvcc25] svcchost.exe

**Posty:** 159 · przez **know** 10 Mar 2007, 18:37

Kod: Zaznacz wszystko: Logfile of HijackThis v1.99.1 Scan saved at 17:31:08, on 2007-03-10 Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Norton Internet Security\ISSVC.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\V0220Mon.exe C:\Program Files\Wanadoo\TaskBarIcon.exe C:\WINDOWS\System32\ctfmon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Agnitum\Outpost Firewall\outpost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Wanadoo\EspaceWanadoo.exe C:\Program Files\Wanadoo\ComComp.exe C:\Program Files\Wanadoo\Watch.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Tlen.pl\tlen.exe F:\Krzysiek\uzytki\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada Plus wita Cie w Internecie R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file) O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [V0220Mon.exe] C:\WINDOWS\V0220Mon.exe O4 - HKLM\..\Run: [] C:\Program Files\Wanadoo\TaskBarIcon.exe O4 - HKLM\..\Run: [Outpost Firewall] C:\Program Files\Agnitum\Outpost Firewall\outpost.exe /waitservice O4 - HKLM\..\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Firewall\feedback.exe /dump:os_startup O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\System32\uwyspccl.dll",setvm O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Utwórz łącze Ulubione dla urządzenia przenośnego... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) - https://www.bph.pl/pi/components/SignActivX.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{C10F468C-7B31-47F2-83D0-5E3AA6AFEB9C}: NameServer = 194.204.159.1 217.98.63.164 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Harmonogram automatycznej usługi LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\Program Files\Agnitum\Outpost Firewall\outpost.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

zadnego Vundo nie znalazl...

pytanie: czy Norton ktorego aktualnos uplynela moze generowac jakies reklamy zachecajace do kupowania oprogramowania antywirusowego? Mowie tu o generowaniu czegos na wzor wyskakujacych okienek lub otwierajacych sie zakladek w przegladarce (nie mowie o typowych komunikatach Nortona)

**Posty:** 8694 · przez **Red** 10 Mar 2007, 18:41

podeslij jeszcze log z silent runners,ok

**Posty:** 159 · przez **know** 10 Mar 2007, 19:08

Kod: Zaznacz wszystko: "Silent Runners.vbs", revision 46, http://www.silentrunners.org/ Operating System: Windows XP Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "CTFMON.EXE" = "C:\WINDOWS\System32\ctfmon.exe" [MS] "H/PC Connection Agent" = ""C:\Program Files\Microsoft ActiveSync\wcescomm.exe"" [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "SpeedTouch USB Diagnostics" = ""C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon" ["THOMSON multimedia"] "ccApp" = ""C:\Program Files\Common Files\Symantec Shared\ccApp.exe"" ["Symantec Corporation"] "Symantec NetDriver Monitor" = "C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer" ["Symantec Corporation"] "NvCplDaemon" = "RUNDLL32.EXE NvQTwk,NvCplDaemon initialize" [MS] "nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"] "V0220Mon.exe" = "C:\WINDOWS\V0220Mon.exe" ["Creative Technology Ltd."] "(Default)" = "C:\Program Files\Wanadoo\TaskBarIcon.exe" ["France Télécom R&D"] "Outpost Firewall" = "C:\Program Files\Agnitum\Outpost Firewall\outpost.exe /waitservice" ["Agnitum Ltd."] "OutpostFeedBack" = "C:\Program Files\Agnitum\Outpost Firewall\feedback.exe /dump:os_startup" ["Agnitum Ltd."] "2chkdsk" = "rundll32.exe "C:\WINDOWS\System32\uwyspccl.dll",setvm" [MS] HKLM\Software\Microsoft\Active Setup\Installed Components\ {306D6C21-C1B6-4629-986C-E59E1875B8AF}\(Default) = (no title provided) \StubPath = ""C:\WINDOWS\System32\rundll32.exe" "C:\Program Files\Messenger\msgsc.dll",ShowIconsUser" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "AcroIEHlprObj Class" \InProcServer32\(Default) = "C:\Program Files\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = "SSVHelper Class" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."] {9ECB9560-04F9-4bbc-943D-298DDF1699E1}\(Default) = (no title provided) -> {HKLM...CLSID} = "CNisExtBho Class" \InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll" ["Symantec Corporation"] {BBEA1135-3771-43F2-86E2-FC412EA99A83}\(Default) = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\System32\ljjgg.dll" [null data] {BDF3E430-B101-42AD-A544-FADC6B084872}\(Default) = (no title provided) -> {HKLM...CLSID} = "CNavExtBho Class" \InProcServer32\(Default) = "C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"] {D38439EC-4A7F-42b4-90C2-D810D7778FDD}\(Default) = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\System32\gukoytxe.dll" [file not found] {FDEA8B50-5D70-4293-865F-141F7EB156C0}\(Default) = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\System32\cbxxyvv.dll" [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania" -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."] "{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler" -> {HKLM...CLSID} = "Microsoft Office Outlook" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS] "{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices" -> {HKLM...CLSID} = "Portable Media Devices" \InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS] "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu" -> {HKLM...CLSID} = "Portable Media Devices Menu" \InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS] "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Eksplorator pulpitów" -> {HKLM...CLSID} = "Eksplorator pulpitów" \InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"] "{49BF5420-FA7F-11cf-8011-00A0C90A8F78}" = "Mobile Device" -> {HKLM...CLSID} = "Urządzenie przenośne" \InProcServer32\(Default) = "C:\PROGRA~1\MI3AA1~1\Wcesview.dll" [MS] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ INFECTION WARNING! "{FDEA8B50-5D70-4293-865F-141F7EB156C0}" = "*V" (unwritable string) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\System32\cbxxyvv.dll" [null data] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ INFECTION WARNING! cbxxyvv\DLLName = "cbxxyvv.dll" [null data] INFECTION WARNING! ljjgg\DLLName = "C:\WINDOWS\System32\ljjgg.dll" [null data] HKLM\Software\Classes\PROTOCOLS\Filter\ INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "C:\Program Files\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ ASW\(Default) = "{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}" -> {HKLM...CLSID} = "Outpost.ASWShellExt Component" \InProcServer32\(Default) = "C:\Program Files\Agnitum\Outpost Firewall\op_shell.dll" ["Agnitum Ltd."] Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}" -> {HKLM...CLSID} = "IEContextMenu Class" \InProcServer32\(Default) = "C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ ASW\(Default) = "{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}" -> {HKLM...CLSID} = "Outpost.ASWShellExt Component" \InProcServer32\(Default) = "C:\Program Files\Agnitum\Outpost Firewall\op_shell.dll" ["Agnitum Ltd."] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ ASW\(Default) = "{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}" -> {HKLM...CLSID} = "Outpost.ASWShellExt Component" \InProcServer32\(Default) = "C:\Program Files\Agnitum\Outpost Firewall\op_shell.dll" ["Agnitum Ltd."] Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}" -> {HKLM...CLSID} = "IEContextMenu Class" \InProcServer32\(Default) = "C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] Active Desktop and Wallpaper: ----------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Documents and Settings\LESZEK\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp" Enabled Scheduled Tasks: ------------------------ "Norton AntiVirus - Skanuj komputer - LESZEK" -> launches: "C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe /task:"C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Norton AntiVirus\Tasks\mycomp.sca"" ["Symantec Corporation"] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 19 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ "{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" -> {HKLM...CLSID} = "Norton AntiVirus" \InProcServer32\(Default) = "C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"] HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" -> {HKLM...CLSID} = "Norton Internet Security" \InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll" ["Symantec Corporation"] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ "{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" = "Norton Internet Security" -> {HKLM...CLSID} = "Norton Internet Security" \InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll" ["Symantec Corporation"] "{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus" -> {HKLM...CLSID} = "Norton AntiVirus" \InProcServer32\(Default) = "C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"] Explorer Bars Dormant Explorer Bars in "View, Explorer Bar" menu HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Badanie" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ "MenuText" = "Sun Java Console" "CLSIDExtension" = "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}" -> {HKCU...CLSID} = "Java Plug-in" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."] -> {HKLM...CLSID} = "Java Plug-in 1.5.0_06" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll" ["Sun Microsystems, Inc."] {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}\ "ButtonText" = "Create Mobile Favorite" "CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}" -> {HKLM...CLSID} = "Create Mobile Favorite" \InProcServer32\(Default) = "C:\PROGRA~1\MI3AA1~1\INetRepl.dll" [MS] {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}\ "MenuText" = "Utwórz łącze Ulubione dla urządzenia przenośnego..." "CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}" -> {HKLM...CLSID} = "Create Mobile Favorite" \InProcServer32\(Default) = "C:\PROGRA~1\MI3AA1~1\INetRepl.dll" [MS] {85D1F590-48F4-11D9-9669-0800200C9A66}\ "MenuText" = "Uninstall BitDefender Online Scanner v8" "Exec" = "%windir%\bdoscandel.exe" [null data] {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ "ButtonText" = "Badanie" Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ BlueSoleil Hid Service, BlueSoleil Hid Service, "C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe" [null data] Harmonogram automatycznej usługi LiveUpdate, Harmonogram automatycznej usługi LiveUpdate, ""C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"" ["Symantec Corporation"] ISSvc, ISSVC, "C:\Program Files\Norton Internet Security\ISSVC.exe" ["Symantec Corporation"] LightScribeService Direct Disc Labeling Service, LightScribeService, "C:\Program Files\Common Files\LightScribe\LSSrvc.exe" ["Hewlett-Packard Company"] Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS] Norton AntiVirus Auto-Protect Service, navapsvc, ""C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe"" ["Symantec Corporation"] NVIDIA Driver Helper Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"] Outpost Firewall Service, OutpostFirewall, "C:\Program Files\Agnitum\Outpost Firewall\outpost.exe /service" ["Agnitum Ltd."] Symantec Core LC, Symantec Core LC, "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe" ["Symantec Corporation"] Symantec Event Manager, ccEvtMgr, ""C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"] Symantec Network Drivers Service, SNDSrvc, "C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe" ["Symantec Corporation"] Symantec Network Proxy, ccProxy, ""C:\Program Files\Common Files\Symantec Shared\ccProxy.exe"" ["Symantec Corporation"] Symantec Settings Manager, ccSetMgr, ""C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"" ["Symantec Corporation"] Symantec SPBBCSvc, SPBBCSvc, "C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe" ["Symantec Corporation"] Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\System32\wdfmgr.exe" [MS] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 162 seconds. + The search for all Registry CLSIDs containing dormant Explorer Bars took 400 seconds. ---------- (total run time: 1372 seconds)

czemu to tyle trwalo ?

**Posty:** 18165 · przez **wojtas** 11 Mar 2007, 12:35

zastosuj te 3 usuwacze

http://www.atribune.org/ccount/click.php?id=4

Trojan.Vundo Removal Tool

http://securityresponse.symantec.com/avcenter/FixVundo.exe

VirtumundoBeGone

http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

**Posty:** 159 · przez **know** 11 Mar 2007, 20:41

Ten ostatni program chyba zadzialal bo cos usunal i zrestartowal system a przy ponownym uruchomieniu juz nic nie znalazl...
Wrzucam log z Silenta

Kod: Zaznacz wszystko: "Silent Runners.vbs", revision 46, http://www.silentrunners.org/ Operating System: Windows XP Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "CTFMON.EXE" = "C:\WINDOWS\System32\ctfmon.exe" [MS] "H/PC Connection Agent" = ""C:\Program Files\Microsoft ActiveSync\wcescomm.exe"" [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "SpeedTouch USB Diagnostics" = ""C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon" ["THOMSON multimedia"] "NvCplDaemon" = "RUNDLL32.EXE NvQTwk,NvCplDaemon initialize" [MS] "nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"] "V0220Mon.exe" = "C:\WINDOWS\V0220Mon.exe" ["Creative Technology Ltd."] "(Default)" = "C:\Program Files\Wanadoo\TaskBarIcon.exe" ["France Télécom R&D"] "Outpost Firewall" = "C:\Program Files\Agnitum\Outpost Firewall\outpost.exe /waitservice" ["Agnitum Ltd."] "OutpostFeedBack" = "C:\Program Files\Agnitum\Outpost Firewall\feedback.exe /dump:os_startup" ["Agnitum Ltd."] "2chkdsk" = "rundll32.exe "C:\WINDOWS\System32\uwyspccl.dll",setvm" [MS] HKLM\Software\Microsoft\Active Setup\Installed Components\ {306D6C21-C1B6-4629-986C-E59E1875B8AF}\(Default) = (no title provided) \StubPath = ""C:\WINDOWS\System32\rundll32.exe" "C:\Program Files\Messenger\msgsc.dll",ShowIconsUser" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "AcroIEHlprObj Class" \InProcServer32\(Default) = "C:\Program Files\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = "SSVHelper Class" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania" -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."] "{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler" -> {HKLM...CLSID} = "Microsoft Office Outlook" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS] "{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices" -> {HKLM...CLSID} = "Portable Media Devices" \InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS] "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu" -> {HKLM...CLSID} = "Portable Media Devices Menu" \InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS] "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Eksplorator pulpitów" -> {HKLM...CLSID} = "Eksplorator pulpitów" \InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"] "{49BF5420-FA7F-11cf-8011-00A0C90A8F78}" = "Mobile Device" -> {HKLM...CLSID} = "Urządzenie przenośne" \InProcServer32\(Default) = "C:\PROGRA~1\MI3AA1~1\Wcesview.dll" [MS] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\PROTOCOLS\Filter\ INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "C:\Program Files\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ ASW\(Default) = "{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}" -> {HKLM...CLSID} = "Outpost.ASWShellExt Component" \InProcServer32\(Default) = "C:\Program Files\Agnitum\Outpost Firewall\op_shell.dll" ["Agnitum Ltd."] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ ASW\(Default) = "{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}" -> {HKLM...CLSID} = "Outpost.ASWShellExt Component" \InProcServer32\(Default) = "C:\Program Files\Agnitum\Outpost Firewall\op_shell.dll" ["Agnitum Ltd."] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ ASW\(Default) = "{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}" -> {HKLM...CLSID} = "Outpost.ASWShellExt Component" \InProcServer32\(Default) = "C:\Program Files\Agnitum\Outpost Firewall\op_shell.dll" ["Agnitum Ltd."] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] Active Desktop and Wallpaper: ----------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Documents and Settings\LESZEK\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp" Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 19 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Explorer Bars Dormant Explorer Bars in "View, Explorer Bar" menu HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Badanie" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ "MenuText" = "Sun Java Console" "CLSIDExtension" = "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}" -> {HKCU...CLSID} = "Java Plug-in" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."] -> {HKLM...CLSID} = "Java Plug-in 1.5.0_06" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll" ["Sun Microsystems, Inc."] {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}\ "ButtonText" = "Create Mobile Favorite" "CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}" -> {HKLM...CLSID} = "Create Mobile Favorite" \InProcServer32\(Default) = "C:\PROGRA~1\MI3AA1~1\INetRepl.dll" [MS] {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}\ "MenuText" = "Utwórz łącze Ulubione dla urządzenia przenośnego..." "CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}" -> {HKLM...CLSID} = "Create Mobile Favorite" \InProcServer32\(Default) = "C:\PROGRA~1\MI3AA1~1\INetRepl.dll" [MS] {85D1F590-48F4-11D9-9669-0800200C9A66}\ "MenuText" = "Uninstall BitDefender Online Scanner v8" "Exec" = "%windir%\bdoscandel.exe" [null data] {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ "ButtonText" = "Badanie" Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ BlueSoleil Hid Service, BlueSoleil Hid Service, "C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe" [null data] LightScribeService Direct Disc Labeling Service, LightScribeService, "C:\Program Files\Common Files\LightScribe\LSSrvc.exe" ["Hewlett-Packard Company"] Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS] NVIDIA Driver Helper Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"] Outpost Firewall Service, OutpostFirewall, "C:\Program Files\Agnitum\Outpost Firewall\outpost.exe /service" ["Agnitum Ltd."] Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\System32\wdfmgr.exe" [MS] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 121 seconds. + The search for all Registry CLSIDs containing dormant Explorer Bars took 331 seconds. ---------- (total run time: 1199 seconds)

ponawiam pytanie dotyczace bardzo dlugiego dzialania Silent 1199 sekund... ?? Co moze byc przyczyna? Widzialem ze u niektorych trwa to kilka albo kilkanascie razy szybciej...

**Posty:** 18165 · przez **wojtas** 11 Mar 2007, 20:50

sciagnij killbox`a:

http://www.wiruskill.pl/forum/viewtopic.php?t=58

Odpalasz Killboxa zaznacz opcję Delete on Reboot następnie w polu Full Path of File to Delete wklej ścieżkę :

C:\WINDOWS\System32\uwyspccl.dll

i nacisnij x
Program będzie pytał o restart (oczywiście zgadzasz się)

wklej do notatnika:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"2chkdsk"=-

w notatniku u góry>>>plik zapisz jako>>>Zmien rozszerzenie z TXT na Wszystkie pliki *.* >>> Zapisz pod nazwą FIX.REG

Klikasz dwa razy na powstały plik fix i dodajesz go do rejestru....

co do silenta to moze dlugo sie tworzyc gdy masz jakis syf, gdy nie robiona byla defragmentacja dyskow, gdy podczas tworzenia logu cos pamieciozernego wykonujesz

**Posty:** 159 · przez **know** 11 Mar 2007, 21:31

Zrobione. Nowy log:

Kod: Zaznacz wszystko: "Silent Runners.vbs", revision 46, http://www.silentrunners.org/ Operating System: Windows XP Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "CTFMON.EXE" = "C:\WINDOWS\System32\ctfmon.exe" [MS] "H/PC Connection Agent" = ""C:\Program Files\Microsoft ActiveSync\wcescomm.exe"" [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "SpeedTouch USB Diagnostics" = ""C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon" ["THOMSON multimedia"] "NvCplDaemon" = "RUNDLL32.EXE NvQTwk,NvCplDaemon initialize" [MS] "nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"] "V0220Mon.exe" = "C:\WINDOWS\V0220Mon.exe" ["Creative Technology Ltd."] "(Default)" = "C:\Program Files\Wanadoo\TaskBarIcon.exe" ["France Télécom R&D"] "Outpost Firewall" = "C:\Program Files\Agnitum\Outpost Firewall\outpost.exe /waitservice" ["Agnitum Ltd."] "OutpostFeedBack" = "C:\Program Files\Agnitum\Outpost Firewall\feedback.exe /dump:os_startup" ["Agnitum Ltd."] HKLM\Software\Microsoft\Active Setup\Installed Components\ {306D6C21-C1B6-4629-986C-E59E1875B8AF}\(Default) = (no title provided) \StubPath = ""C:\WINDOWS\System32\rundll32.exe" "C:\Program Files\Messenger\msgsc.dll",ShowIconsUser" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "AcroIEHlprObj Class" \InProcServer32\(Default) = "C:\Program Files\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = "SSVHelper Class" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania" -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."] "{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler" -> {HKLM...CLSID} = "Microsoft Office Outlook" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS] "{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices" -> {HKLM...CLSID} = "Portable Media Devices" \InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS] "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu" -> {HKLM...CLSID} = "Portable Media Devices Menu" \InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS] "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Eksplorator pulpitów" -> {HKLM...CLSID} = "Eksplorator pulpitów" \InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"] "{49BF5420-FA7F-11cf-8011-00A0C90A8F78}" = "Mobile Device" -> {HKLM...CLSID} = "Urządzenie przenośne" \InProcServer32\(Default) = "C:\PROGRA~1\MI3AA1~1\Wcesview.dll" [MS] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\PROTOCOLS\Filter\ INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "C:\Program Files\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ ASW\(Default) = "{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}" -> {HKLM...CLSID} = "Outpost.ASWShellExt Component" \InProcServer32\(Default) = "C:\Program Files\Agnitum\Outpost Firewall\op_shell.dll" ["Agnitum Ltd."] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ ASW\(Default) = "{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}" -> {HKLM...CLSID} = "Outpost.ASWShellExt Component" \InProcServer32\(Default) = "C:\Program Files\Agnitum\Outpost Firewall\op_shell.dll" ["Agnitum Ltd."] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ ASW\(Default) = "{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}" -> {HKLM...CLSID} = "Outpost.ASWShellExt Component" \InProcServer32\(Default) = "C:\Program Files\Agnitum\Outpost Firewall\op_shell.dll" ["Agnitum Ltd."] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] Active Desktop and Wallpaper: ----------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Documents and Settings\LESZEK\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp" Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 19 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Explorer Bars Dormant Explorer Bars in "View, Explorer Bar" menu HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Badanie" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ "MenuText" = "Sun Java Console" "CLSIDExtension" = "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}" -> {HKCU...CLSID} = "Java Plug-in" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."] -> {HKLM...CLSID} = "Java Plug-in 1.5.0_06" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll" ["Sun Microsystems, Inc."] {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}\ "ButtonText" = "Create Mobile Favorite" "CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}" -> {HKLM...CLSID} = "Create Mobile Favorite" \InProcServer32\(Default) = "C:\PROGRA~1\MI3AA1~1\INetRepl.dll" [MS] {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}\ "MenuText" = "Utwórz łącze Ulubione dla urządzenia przenośnego..." "CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}" -> {HKLM...CLSID} = "Create Mobile Favorite" \InProcServer32\(Default) = "C:\PROGRA~1\MI3AA1~1\INetRepl.dll" [MS] {85D1F590-48F4-11D9-9669-0800200C9A66}\ "MenuText" = "Uninstall BitDefender Online Scanner v8" "Exec" = "%windir%\bdoscandel.exe" [null data] {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ "ButtonText" = "Badanie" Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ BlueSoleil Hid Service, BlueSoleil Hid Service, "C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe" [null data] LightScribeService Direct Disc Labeling Service, LightScribeService, "C:\Program Files\Common Files\LightScribe\LSSrvc.exe" ["Hewlett-Packard Company"] Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS] NVIDIA Driver Helper Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"] Outpost Firewall Service, OutpostFirewall, "C:\Program Files\Agnitum\Outpost Firewall\outpost.exe /service" ["Agnitum Ltd."] Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\System32\wdfmgr.exe" [MS] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 148 seconds. + The search for all Registry CLSIDs containing dormant Explorer Bars took 362 seconds. ---------- (total run time: 1158 seconds)

**Posty:** 18165 · przez **wojtas** 11 Mar 2007, 22:14

w logu jest ok daj jeszcze loga z:

http://www.techsupportforum.com/sectools/Deckard/comboscan.exe

**Posty:** 1134 · przez **MISTEJK** 11 Mar 2007, 22:51

Koniecznie do analizy jest log z l2mfix. Vundo nie jest zwykłą infekcją. Rozszczepia się po całym windowsie.

wojtas19162 napisał(a):w logu jest ok

owszem, ale sytuacja w systemie zapewne nie jest klarowna.

ps. czasami warto słuchać głosów pomocy :mrgreen:

**Posty:** 159 · przez **know** 12 Mar 2007, 22:13

Kod: Zaznacz wszystko: ComboScan v20070306.20 run by LESZEK on 2007-03-12 at 21:06:51 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created ComboScan Restore Point. -- Last 4 Restore Point(s) -- 4: 2007-03-12 20:06:52 UTC - RP4 - ComboScan Restore Point 3: 2007-03-11 20:05:17 UTC - RP3 - Removed Diskeeper Lite 2: 2007-03-11 19:46:06 UTC - RP2 - Installed Diskeeper Lite 1: 2007-03-11 19:13:28 UTC - RP1 - Punkt kontrolny systemu Performed disk cleanup. -- HijackThis (run as LESZEK.exe) ---------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 21:06:56, on 2007-03-12 Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Agnitum\Outpost Firewall\outpost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe C:\WINDOWS\V0220Mon.exe C:\Program Files\Wanadoo\TaskBarIcon.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\Wanadoo\EspaceWanadoo.exe C:\Program Files\Wanadoo\ComComp.exe C:\Program Files\Wanadoo\Watch.exe C:\Program Files\Tlen.pl\tlen.exe C:\Program Files\Mozilla Firefox\firefox.exe F:\Krzysiek\uzytki\comboscan.exe F:\Krzysiek\uzytki\HIJACK~1\LESZEK.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada Plus wita Cie w Internecie R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: (no name) - {D38439EC-4A7F-42b4-90C2-D810D7778FDD} - (no file) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file) O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [V0220Mon.exe] C:\WINDOWS\V0220Mon.exe O4 - HKLM\..\Run: [] C:\Program Files\Wanadoo\TaskBarIcon.exe O4 - HKLM\..\Run: [Outpost Firewall] C:\Program Files\Agnitum\Outpost Firewall\outpost.exe /waitservice O4 - HKLM\..\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Firewall\feedback.exe /dump:os_startup O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Utwórz łącze Ulubione dla urządzenia przenośnego... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) - https://www.bph.pl/pi/components/SignActivX.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{C10F468C-7B31-47F2-83D0-5E3AA6AFEB9C}: NameServer = 194.204.159.1 217.98.63.164 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\Program Files\Agnitum\Outpost Firewall\outpost.exe -- HijackThis Fixed Entries (F:\Krzysiek\uzytki\HIJACK~1\backups\) ------------- backup-20060517-091920-182 F2 - REG:system.ini: Shell= backup-20060517-094920-630 O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k backup-20060803-211454-734 O4 - HKLM\..\Run: [Services] C:\WINDOWS\services.exe backup-20061023-203636-566 O4 - HKLM\..\RunServices: [Misk Monitor] C:\WINDOWS\System32\misk.exe backup-20061023-203636-775 O4 - HKCU\..\Run: [win msdt service] mswindtc.exe backup-20061023-203636-786 O4 - HKLM\..\RunServices: [Windows Security Component] C:\WINDOWS\System32\Com\winssc.exe backup-20061023-203636-961 O4 - HKLM\..\RunServices: [Microsoft dll Host Service ] wkssr.exe backup-20061023-203833-550 O4 - HKCU\..\RunServices: [Microsoft dll Host Service ] wkssr.exe backup-20061023-203833-557 O4 - HKCU\..\RunServices: [win msdt service] mswindtc.exe backup-20061023-203833-625 O4 - HKLM\..\Run: [Windows Security Component] C:\WINDOWS\System32\Com\winssc.exe backup-20061023-203833-689 O4 - HKLM\..\Run: [Microsoft dll Host Service ] wkssr.exe backup-20061023-203833-888 O4 - HKCU\..\Run: [Microsoft dll Host Service ] wkssr.exe backup-20070310-165753-278 O4 - HKLM\..\RunServices: [msvcc25] svcchost.exe backup-20070310-165753-378 O4 - HKLM\..\Run: [C:\WINDOWS\System32\V0220Cvw.dll] C:\WINDOWS\System32\RegSvr32.exe /s C:\WINDOWS\System32\V0220Cvw.dll backup-20070310-165753-488 O23 - Service: Windows System Service (SYSTEMSVC) - Unknown owner - C:\WINDOWS\system\system.exe (file missing) backup-20070310-165753-498 O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\System32\mypsdaoy.dll",setvm backup-20070310-165753-673 O23 - Service: Network helper Service (MSDisk) - Unknown owner - C:\WINDOWS\System32\irdvxc.exe" /service (file missing) backup-20070310-171638-687 O4 - HKLM\..\Run: [msvcc25] svcchost.exe -- File Associations ----------------------------------------------------------- .bat - batfile - "%1" %* .chm - chm.file - "C:\WINDOWS\hh.exe" %1 .cmd - cmdfile - "%1" %* .com - comfile - "%1" %* .exe - exefile - "%1" %* .hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1 .inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1 .ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1 .js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %* .lnk - lnkfile - {00021401-0000-0000-C000-000000000046} .pif - piffile - "%1" %* .reg - regfile - regedit.exe "%1" .scr - scrfile - "%1" /S .txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1 .vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %* -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- 3R ADBLOCK.DLL (Outpost Firewall PlugIn (ADBLOCK.DLL)) - C:\Program Files\Agnitum\Outpost Firewall\Kernel\adblock.dll 3R alcan5wn (Alcatel SpeedTouch USB ADSL PPP Networking Driver (NDISWAN)) - C:\WINDOWS\system32\drivers\alcan5wn.sys 3R alcaudsl (Alcatel Speed Touch ADSL Modem ATM Transport) - C:\WINDOWS\system32\drivers\alcaudsl.sys 3R ALCXWDM (Service for Avance AC97 Audio (WDM)) - C:\WINDOWS\system32\drivers\ALCXWDM.SYS 1R AmdK7 (Sterownik procesora AMD K7) - C:\WINDOWS\system32\drivers\amdk7.sys 3R ARP.DLL (Outpost Firewall PlugIn (ARP.DLL)) - C:\Program Files\Agnitum\Outpost Firewall\Kernel\arp.dll 3R BlueletAudio (Bluetooth Audio Service) - C:\WINDOWS\system32\drivers\blueletaudio.sys 3R BlueletSCOAudio (Bluetooth SCO Audio Service) - C:\WINDOWS\system32\drivers\BlueletSCOAudio.sys 3R BT (Bluetooth PAN Network Adapter) - C:\WINDOWS\system32\drivers\BtNetDrv.sys 3S Btcsrusb (Bluetooth USB For Bluetooth Service) - C:\WINDOWS\system32\drivers\btcusb.sys 3R BTHidEnum (Bluetooth HID Enumerator) - C:\WINDOWS\system32\drivers\vbtenum.sys 0R BTHidMgr (Bluetooth HID Manager Service) - C:\WINDOWS\system32\drivers\BTHidMgr.sys 3S BTNetFilter (Bluetooth Network Filter) - C:\Program Files\IVT Corporation\BlueSoleil\device\Win2k\BTNetFilter.sys 3S CCDECODE (Closed Caption Decoder) - C:\WINDOWS\system32\drivers\ccdecode.sys 3R CONTENT.DLL (Outpost Firewall PlugIn (CONTENT.DLL)) - C:\Program Files\Agnitum\Outpost Firewall\Kernel\content.dll 3R DNSCACHE.DLL (Outpost Firewall PlugIn (DNSCACHE.DLL)) - C:\Program Files\Agnitum\Outpost Firewall\Kernel\dnscache.dll 3R FTPFILT.DLL (Outpost Firewall PlugIn (FTPFILT.DLL)) - C:\Program Files\Agnitum\Outpost Firewall\Kernel\ftpfilt.dll 3R HTMLFILT.DLL (Outpost Firewall PlugIn (HTMLFILT.DLL)) - C:\Program Files\Agnitum\Outpost Firewall\Kernel\htmlfilt.dll 3R HTTPFILT.DLL (Outpost Firewall PlugIn (HTTPFILT.DLL)) - C:\Program Files\Agnitum\Outpost Firewall\Kernel\httpfilt.dll 3R IMAPFILT.DLL (Outpost Firewall PlugIn (IMAPFILT.DLL)) - C:\Program Files\Agnitum\Outpost Firewall\Kernel\imapfilt.dll 3S k750bus (Sony Ericsson 750 driver (WDM)) - C:\WINDOWS\system32\drivers\k750bus.sys 3S k750mdfl (Sony Ericsson 750 USB WMC Modem Filter) - C:\WINDOWS\system32\drivers\k750mdfl.sys 3S k750mdm (Sony Ericsson 750 USB WMC Modem Drivers) - C:\WINDOWS\system32\drivers\k750mdm.sys 3R MAILFILT.DLL (Outpost Firewall PlugIn (MAILFILT.DLL)) - C:\Program Files\Agnitum\Outpost Firewall\Kernel\mailfilt.dll 3S msdirectxclicks - C:\Documents and Settings\LESZEK\msdirectxclks.sys (not found) 3S MSTEE (Microsoft Streaming Tee/Sink-to-Sink Converter) - C:\WINDOWS\system32\drivers\mstee.sys 3S NABTSFEC (NABTS/FEC VBI Codec) - C:\WINDOWS\system32\drivers\nabtsfec.sys 3S NdisIP (Microsoft TV/Video Connection) - C:\WINDOWS\system32\drivers\ndisip.sys 3R NNTPFILT.DLL (Outpost Firewall PlugIn (NNTPFILT.DLL)) - C:\Program Files\Agnitum\Outpost Firewall\Kernel\nntpfilt.dll 3R nv - C:\WINDOWS\system32\drivers\nv4_mini.sys 3R POP3FILT.DLL (Outpost Firewall PlugIn (POP3FILT.DLL)) - C:\Program Files\Agnitum\Outpost Firewall\Kernel\pop3filt.dll 3R PROTECT.DLL (Outpost Firewall PlugIn (PROTECT.DLL)) - C:\Program Files\Agnitum\Outpost Firewall\Kernel\protect.dll 0R PxHelp20 - C:\WINDOWS\system32\drivers\pxhelp20.sys 3R ROOTMODEM (Microsoft Legacy Modem Driver) - C:\WINDOWS\system32\drivers\rootmdm.sys 1R SandBox (Outpost Firewall Sandbox Driver) - C:\Program Files\Agnitum\Outpost Firewall\Kernel\SandBox.sys 3R SECRET.DLL (Outpost Firewall PlugIn (SECRET.DLL)) - C:\Program Files\Agnitum\Outpost Firewall\Kernel\secret.dll 3S SLIP (BDA Slip De-Framer) - C:\WINDOWS\system32\drivers\slip.sys 3S streamip (BDA IPSink) - C:\WINDOWS\system32\drivers\streamip.sys 3R usbprint (Klasa PRINTER USB Microsoft) - C:\WINDOWS\system32\drivers\usbprint.sys 3S usbscan (Sterownik skanera USB) - C:\WINDOWS\system32\drivers\usbscan.sys 3S USBSTOR (Sterownik magazynu masowego USB) - C:\WINDOWS\system32\drivers\USBSTOR.SYS 3S usb_rndisx (USB RNDIS Adapter) - C:\WINDOWS\system32\drivers\usb8023x.sys 3R V0220Dev (Live! Cam Video IM) - C:\WINDOWS\system32\drivers\V0220Dev.sys 3R V0220Vfx - C:\WINDOWS\system32\drivers\V0220Vfx.sys 3R VComm (Virtual Serial port driver) - C:\WINDOWS\system32\drivers\VComm.sys 3R VcommMgr (Bluetooth VComm Manager Service) - C:\WINDOWS\system32\drivers\VcommMgr.sys 1R VFILT (Outpost Firewall Kernel Driver) - C:\Program Files\Agnitum\Outpost Firewall\Kernel\filtnt.sys 0R viaagp (Filtr magistrali AGP VIA) - C:\WINDOWS\system32\drivers\VIAAGP1.SYS 0R viaagp1 (VIA AGP Filter) - C:\WINDOWS\system32\drivers\VIAAGP1.SYS 1R VIAPFD - C:\WINDOWS\system32\drivers\VIAPFD.SYS 3S WSTCODEC (World Standard Teletext Codec) - C:\WINDOWS\system32\drivers\wstcodec.sys -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- 2R BlueSoleil Hid Service - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe 2R LightScribeService (LightScribeService Direct Disc Labeling Service) - C:\Program Files\Common Files\LightScribe\LSSrvc.exe 2R NVSvc (NVIDIA Driver Helper Service) - C:\WINDOWS\System32\nvsvc32.exe 3S ose (Office Source Engine) - "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" 2R OutpostFirewall (Outpost Firewall Service) - C:\Program Files\Agnitum\Outpost Firewall\outpost.exe /service 3S SCardDrv (Pomocnik karty inteligentnej) - C:\WINDOWS\System32\SCardSvr.exe 2R UMWdf (Windows User Mode Driver Framework) - C:\WINDOWS\System32\wdfmgr.exe 2R uploadmgr (Menedżer przekazywania) - C:\WINDOWS\System32\svchost.exe -k netsvcs -- Files created between 2007-02-12 and 2007-03-12 ----------------------------- 2007-03-11 20:45:38 0 d-------- C:\Program Files\Executive Software<EXECUT~1> 2007-03-11 19:57:08 0 d-------- C:\!KillBox 2007-03-11 17:44:41 0 d-------- C:\VundoFix Backups<VUNDOF~1> 2007-03-11 17:35:03 88340 --a------ C:\WINDOWS\System32\kaxpsqoa.exe 2007-03-10 11:19:47 6576 -ra------ C:\WINDOWS\System32\drivers\k750mdfl.sys 2007-03-10 11:19:47 6144 -ra------ C:\WINDOWS\System32\drivers\k750cmnt.sys 2007-03-10 11:19:46 89872 -ra------ C:\WINDOWS\System32\drivers\k750mdm.sys 2007-03-10 11:19:46 6144 -ra------ C:\WINDOWS\System32\drivers\k750cm.sys 2007-03-10 11:19:02 5744 -ra------ C:\WINDOWS\System32\drivers\k750whnt.sys 2007-03-10 11:19:02 5744 -ra------ C:\WINDOWS\System32\drivers\k750wh.sys 2007-03-10 11:19:02 55216 -ra------ C:\WINDOWS\System32\drivers\k750bus.sys 2007-03-10 10:52:25 88340 --a------ C:\WINDOWS\System32\qfaevrpb.exe 2007-03-10 10:52:17 421533 ---hs---- C:\WINDOWS\System32\ggjjl.bak2<GGJJL~2.BAK> 2007-03-09 09:38:29 88340 --a------ C:\WINDOWS\System32\ukcogocx.exe 2007-03-09 09:38:24 76412 --a------ C:\WINDOWS\System32\yapeuntl.dll 2007-03-09 09:38:18 123412 --a------ C:\WINDOWS\System32\mypsdaoy.dll 2007-03-09 09:38:16 446678 ---hs---- C:\WINDOWS\System32\ggjjl.bak1<GGJJL~1.BAK> 2007-02-26 19:29:05 0 d-------- C:\Program Files\Sun 2007-02-26 19:28:42 0 d-------- C:\Program Files\StarOffice 8 Conversion<STAROF~1> 2007-02-22 21:56:56 0 d-------- C:\Program Files\Common Files\Agnitum Shared<AGNITU~1> 2007-02-22 21:56:56 0 d-------- C:\Program Files\Agnitum 2007-02-21 13:05:42 249856 -----n--- C:\WINDOWS\Setup1.exe 2007-02-21 13:05:41 73216 --a------ C:\WINDOWS\ST6UNST.EXE 2007-02-21 10:50:31 0 --ahs---- C:\WINDOWS\System32\.exe<EXE~1> 2007-02-19 12:14:08 0 d-------- C:\Program Files\Gadwin Systems<GADWIN~1> 2007-02-19 12:10:14 0 d-------- C:\Program Files\Lavasoft 2007-02-19 12:08:50 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard<WISEIN~1> 2007-02-19 10:47:22 0 d-------- C:\Program Files\eMule 2007-02-12 09:10:40 0 d-------- C:\Program Files\Common Files\Onet.pl 2007-02-12 09:10:39 0 d-------- C:\Program Files\Onet -- Find3M Report --------------------------------------------------------------- 2007-03-12 21:01:19 0 d-------- C:\Program Files\Wanadoo 2007-03-10 18:12:55 0 d-------- C:\Program Files\Common Files\Symantec Shared<SYMANT~1> 2007-03-10 17:16:16 0 d-------- C:\Program Files\Mozilla Firefox<MOZILL~1> 2007-03-10 11:28:14 0 d-------- C:\Documents and Settings\LESZEK\Dane aplikacji\Skype 2007-03-05 20:29:35 0 d-------- C:\Documents and Settings\LESZEK\Dane aplikacji\Tlen.pl 2007-02-26 19:37:23 0 d-------- C:\Documents and Settings\LESZEK\Dane aplikacji\StarOffice8ConversionTechnologyPreview1<STAROF~1> 2007-02-19 14:42:13 0 d-------- C:\Program Files\DivX 2007-02-19 12:11:10 0 d-------- C:\Documents and Settings\LESZEK\Dane aplikacji\Lavasoft 2007-02-12 09:10:43 0 d-------- C:\Documents and Settings\LESZEK\Dane aplikacji\Czat 2007-02-12 09:10:41 0 d-------- C:\Documents and Settings\LESZEK\Dane aplikacji\Kamerzysta<KAMERZ~1> 2007-02-12 09:10:41 0 d-------- C:\Documents and Settings\LESZEK\Dane aplikacji\AutoUpdate<AUTOUP~1> 2007-02-01 05:56:06 823296 --a------ C:\WINDOWS\System32\divx_xx07.dll<DIVX_X~2.DLL> 2007-02-01 05:56:05 802816 --a------ C:\WINDOWS\System32\divx_xx11.dll<DIVX_X~3.DLL> 2007-02-01 05:56:05 823296 --a------ C:\WINDOWS\System32\divx_xx0c.dll<DIVX_X~1.DLL> 2007-02-01 05:56:04 639066 --a------ C:\WINDOWS\System32\DivX.dll 2007-01-31 22:27:01 524288 --a------ C:\WINDOWS\System32\DivXsm.exe 2007-01-31 00:15:10 118784 --a------ C:\WINDOWS\System32\DivXCodecUpdateChecker.exe<DIVXCO~1.EXE> 2007-01-30 06:03:40 3596288 --a------ C:\WINDOWS\System32\qt-dx331.dll 2007-01-30 06:03:34 118520 -----n--- C:\WINDOWS\System32\pxinsi64.exe 2007-01-30 06:03:34 116472 -----n--- C:\WINDOWS\System32\pxcpyi64.exe 2007-01-30 06:03:34 129784 -----n--- C:\WINDOWS\System32\pxafs.dll 2007-01-30 06:03:26 200704 --a------ C:\WINDOWS\System32\ssldivx.dll 2007-01-30 06:03:26 1044480 --a------ C:\WINDOWS\System32\libdivx.dll 2007-01-30 05:56:56 196608 --a------ C:\WINDOWS\System32\dtu100.dll 2007-01-30 05:56:56 73728 --a------ C:\WINDOWS\System32\dpl100.dll 2007-01-30 05:56:54 53248 --a------ C:\WINDOWS\System32\dpuGUI10.dll 2007-01-30 05:56:52 57344 --a------ C:\WINDOWS\System32\dpv11.dll 2007-01-30 05:56:52 344064 --a------ C:\WINDOWS\System32\dpus11.dll 2007-01-30 05:56:52 593920 --a------ C:\WINDOWS\System32\dpuGUI11.dll 2007-01-30 05:56:52 294912 --a------ C:\WINDOWS\System32\dpu11.dll 2007-01-30 05:56:52 294912 --a------ C:\WINDOWS\System32\dpu10.dll 2007-01-29 21:53:06 0 d-------- C:\Documents and Settings\LESZEK\Dane aplikacji\AutoMapa 2007-01-26 22:46:19 0 d-------- C:\Program Files\YouTube Video Downloader<YOUTUB~1> 2007-01-18 20:54:54 0 d-------- C:\Documents and Settings\LESZEK\Dane aplikacji\MegauploadToolbar<MEGAUP~1> 2007-01-18 17:54:37 0 d-------- C:\Program Files\DestinatorApps<DESTIN~1> 2007-01-18 17:39:59 355830 --a------ C:\WINDOWS\System32\perfh015.dat 2007-01-18 17:39:59 49712 --a------ C:\WINDOWS\System32\perfc015.dat 2007-01-18 17:39:04 0 d---s---- C:\Documents and Settings\LESZEK\Dane aplikacji\Microsoft<MICROS~1> 2007-01-18 17:37:12 2508 --a------ C:\Documents and Settings\LESZEK\Dane aplikacji\$_hpcst$.hpc 2007-01-18 17:36:01 0 d-------- C:\Program Files\Microsoft ActiveSync<MI3AA1~1> 2007-01-18 17:30:40 0 d--h----- C:\Program Files\WindowsUpdate<WINDOW~3> 2007-01-08 20:33:21 30720 --a------ C:\WINDOWS\6816White12.dat<6816WH~1.DAT> 2007-01-08 20:33:21 4 --a------ C:\WINDOWS\6816Error.dat<6816ER~1.DAT> 2007-01-08 20:33:17 30720 --a------ C:\WINDOWS\6816Dark12.dat<6816DA~1.DAT> 2007-01-08 20:33:14 3 --a------ C:\WINDOWS\6816Offset.dat<6816OF~1.DAT> 2007-01-08 20:33:14 3 --a------ C:\WINDOWS\6816Gain.dat 2007-01-08 20:33:14 6 --a------ C:\WINDOWS\6816Exposure.dat<6816EX~1.DAT> 2006-12-29 14:35:24 1168 --a------ C:\WINDOWS\mozver.dat 2006-12-26 18:50:27 5 --ahs---- C:\WINDOWS\System32\fbcfcacdf_s.dll<FBCFCA~1.DLL> 2006-12-12 17:24:42 12288 --a------ C:\WINDOWS\System32\DivXWMPExtType.dll<DIVXWM~1.DLL> -- Registry Dump --------------------------------------------------------------- [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\System32\\ctfmon.exe" "H/PC Connection Agent"="\"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe\"" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "SpeedTouch USB Diagnostics"="\"C:\\Program Files\\Alcatel\\SpeedTouch USB\\Dragdiag.exe\" /icon" "NvCplDaemon"="RUNDLL32.EXE NvQTwk,NvCplDaemon initialize" "nwiz"="nwiz.exe /install" "V0220Mon.exe"="C:\\WINDOWS\\V0220Mon.exe" @="C:\\Program Files\\Wanadoo\\TaskBarIcon.exe" "Outpost Firewall"="C:\\Program Files\\Agnitum\\Outpost Firewall\\outpost.exe /waitservice" "OutpostFeedBack"="C:\\Program Files\\Agnitum\\Outpost Firewall\\feedback.exe /dump:os_startup" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_USERS\.default\software\microsoft\windows\currentversion\runservices] "Microsoft Directx clicks"="directxclickers.exe" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runservices] "Microsoft Directx clicks"="directxclickers.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Messenger"=dword:00000002 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{FDEA8B50-5D70-4293-865F-141F7EB156C0}"="" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE" "Microsoft Directx clicks"="directxclickers.exe" "Offices Monitorse"="C:\\WINDOWS\\System32\\algose32.exe" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE" "Microsoft Directx clicks"="directxclickers.exe" "Offices Monitorse"="C:\\WINDOWS\\System32\\algose32.exe" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 -- End of ComboScan: finished at 2007-03-12 at 21:07:27 ------------------------

i z tego drugiego cuda:

Kod: Zaznacz wszystko: L2MFIX find log 051206 These are the registry keys present ********************************************************************************** Winlogon/notify: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 "Logoff"="ChainWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Logoff"="CryptnetWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] "DLLName"="cscdll.dll" "Logon"="WinlogonLogonEvent" "Logoff"="WinlogonLogoffEvent" "ScreenSaver"="WinlogonScreenSaverEvent" "Startup"="WinlogonStartupEvent" "Shutdown"="WinlogonShutdownEvent" "StartShell"="WinlogonStartShellEvent" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] "DLLName"="wlnotify.dll" "Logon"="SCardStartCertProp" "Logoff"="SCardStopCertProp" "Lock"="SCardSuspendCertProp" "Unlock"="SCardResumeCertProp" "Enabled"=dword:00000001 "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "StartShell"="SchedStartShell" "Logoff"="SchedEventLogOff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] "Logoff"="WLEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] "DLLName"="WlNotify.dll" "Lock"="SensLockEvent" "Logon"="SensLogonEvent" "Logoff"="SensLogoffEvent" "Safe"=dword:00000001 "MaxWait"=dword:00000258 "StartScreenSaver"="SensStartScreenSaverEvent" "StopScreenSaver"="SensStopScreenSaverEvent" "Startup"="SensStartupEvent" "Shutdown"="SensShutdownEvent" "StartShell"="SensStartShellEvent" "PostShell"="SensPostShellEvent" "Disconnect"="SensDisconnectEvent" "Reconnect"="SensReconnectEvent" "Unlock"="SensUnlockEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "Logoff"="TSEventLogoff" "Logon"="TSEventLogon" "PostShell"="TSEventPostShell" "Shutdown"="TSEventShutdown" "StartShell"="TSEventStartShell" "Startup"="TSEventStartup" "MaxWait"=dword:00000258 "Reconnect"="TSEventReconnect" "Disconnect"="TSEventDisconnect" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] "DLLName"="wlnotify.dll" "Logon"="RegisterTicketExpiredNotificationEvent" "Logoff"="UnregisterTicketExpiredNotificationEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 ********************************************************************************** useragent: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] ********************************************************************************** Shell Extension key: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] "{00022613-0000-0000-C000-000000000046}"="Karta wˆa˜ciwo˜ci pliku multimedialnego" "{176d6597-26d3-11d1-b350-080036a75b03}"="ZarzĄdzanie skanerem ICM" "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Strona zabezpieczeä NTFS" "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Strona wˆa˜ciwo˜ci OLE Docfile" "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Rozszerzenia powˆoki dla udost©pniania zasob˘w" "{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension" "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Rozszerzenie CPL karty graficznej" "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Rozszerzenie CPL monitora wy˜wietlania" "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Rozszerzenie CPL kadrowania wy˜wietlania" "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Strona zabezpieczeä usˆugi DS" "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Strona zgodno˜ci" "{56117100-C0CD-101B-81E2-00AA004AE837}"="Program obsˆugi danych wycinkowych powˆoki" "{59099400-57FF-11CE-BD94-0020AF85B590}"="Rozszerzenie Disc Copy" "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Rozszerzenia powˆoki dla obiekt˘w Microsoft Windows Network" "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ZarzĄdzanie monitorem ICM" "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ZarzĄdzanie drukarkĄ ICM" "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Rozszerzenia powˆoki dla kompresji plik˘w" "{77597368-7b15-11d0-a0c2-080036af3f03}"="Rozszerzenie powˆoki drukarek sieci Web" "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI" "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu kontekstowe szyfrowania" "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Akt˘wka" "{88895560-9AA2-1069-930E-00AA0030EBC8}"="Rozszerzenie ikony HyperTerminalu" "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts" "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC" "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Strona zabezpieczeä drukarek" "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Rozszerzenia powˆoki dla udost©pniania zasob˘w" "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension" "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Rozszerzenie Crypto PKO" "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Rozszerzenie Crypto Sign" "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="PoˆĄczenia sieciowe" "{992CFFA0-F557-101A-88EC-00DD010CCC48}"="PoˆĄczenia sieciowe" "{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Skanery i aparaty fotograficzne" "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Skanery i aparaty fotograficzne" "{905667aa-acd6-11d2-8080-00805f6596d2}"="&Skanery i aparaty fotograficzne" "{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Skanery i aparaty fotograficzne" "{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Skanery i aparaty fotograficzne" "{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension" "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension" "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Rozszerzenia powˆoki dla hosta skrypt˘w systemu Windows" "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link" "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler" "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension" "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Zaplanowane zadania" "{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Pasek zadaä i menu Start" "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Wyszukaj" "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Pomoc i obsˆuga techniczna" "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Pomoc i obsˆuga techniczna" "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Uruchom..." "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet" "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail" "{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Czcionki" "{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Narz©dzia administracyjne" "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler" "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler" "{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler" "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler" "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler" "{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor" "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Pasek narz©dzi programu Microsoft Internet" "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Stan pobierania" "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Folder powˆoki zwi©kszonej" "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Folder powˆoki zwi©kszonej 2" "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy" "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Pasek przeglĄdarki Microsoft" "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Pasek wyszukiwania" "{32683183-48a0-441b-a342-7c2a440a9478}"="Pasek multimedi˘w" "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Wyszukiwanie w okienku" "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Wyszukiwanie w sieci Web" "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Narz©dzie opcji drzewa rejestru" "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adres" "{A08C11D2-A228-11d0-825B-00AA005B4383}"="Pole edycji adresu" "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Autouzupeˆnianie Microsoft" "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="Wyodr©bnianie obraz˘w Trident" "{6756A641-DE71-11d0-831B-00AA005B4383}"="Lista autouzupeˆniania MRU" "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Niestandardowa lista autouzupeˆniania MRU" "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Dost©pny" "{acf35015-526e-4230-9596-becbe19f0ac9}"="Pasek podr©czny ˜ledzenia" "{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analizator paska adresu" "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Lista autouzupeˆniania historii Microsoft" "{03C036F1-A186-11D0-824A-00AA005B4383}"="Lista autouzupeˆniania folderu powˆoki Microsoft" "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Kontener wielu list autouzupeˆniania Microsoft" "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu witryny paska powˆoki" "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp" "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Pasek pulpitu powˆoki" "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite" "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Pomoc dla uľytkownika" "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Globalne ustawienia folder˘w" "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band" "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service" "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer" "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture" "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut" "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service" "{FF393560-C2A7-11CF-BFF4-444553540000}"="Historia" "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Tymczasowe pliki internetowe" "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Tymczasowe pliki internetowe" "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook" "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Ekran powitalny pakietu IE4" "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook" "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC" "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC" "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet" "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space" "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Pasek eksploratora" "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{88C6C381-2E85-11D0-94DE-444553540000}"="Folder pami©ci podr©cznej ActiveX" "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck" "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr" "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Folder subskrypcji" "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler" "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent" "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent" "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent" "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent" "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent" "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler" "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Menedľer aplikacji powˆoki" "{0B124F8F-91F0-11D1-B8B5-006008059382}"="Wyliczanie zainstalowanych aplikacji" "{CFCCC7A0-A282-11D1-9082-006008059382}"="Publikator aplikacji Darwin" "{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs" "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory" "{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+program wyodr©bniajĄcy miniatury plik˘w" "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Informacje podsumowujĄce obsˆugi miniatur (DOCFILES)" "{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Wyodr©bnianie miniatur HTML" "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler" "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Kreator publikacji w sieci Web" "{add36aa8-751a-4579-a266-d66f5202ccbb}"="Zamawianie odbitek w sieci Web" "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Obiekt powˆoki kreatora publikacji" "{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Kreator uzyskiwania profilu usˆugi Passport" "{7A9D77BD-5403-11d2-8785-2E0420524153}"="Konta uľytkownik˘w" "{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler" "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target" "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Plik kanaˆu" "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Skr˘t kanaˆu" "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Obiekt obsˆugi kanaˆu" "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu" "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties" "{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview" "{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext" "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control" "{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control" "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control" "{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control" "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control" "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI" "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object" "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find" "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find" "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI" "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs" "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook" "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target" "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties" "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu" "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options" "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Folder plik˘w trybu offline" "{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler" "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell" "{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%" "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler" "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer" "{32714800-2E5F-11d0-8B85-00AA0044F941}"="&Do os˘b..." "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler" "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler" "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler" "{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Foldery w sieci Web" "{00020D75-0000-0000-C000-000000000046}"="Microsoft Office Outlook Desktop Icon Handler" "{0006F045-0000-0000-C000-000000000046}"="Microsoft Office Outlook Custom Icon Handler" "{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler" "{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices" "{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu" "{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Eksplorator pulpit˘w" "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu" "{49BF5420-FA7F-11cf-8011-00A0C90A8F78}"="Mobile Device" "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension" ********************************************************************************** HKEY ROOT CLASSIDS: ********************************************************************************** Files Found are not all bad files: C:\WINDOWS\SYSTEM32\ divx.dll Thu 2007-02-01 5:56:06 A.... 639 066 624,09 K divxwm~1.dll Tue 2006-12-12 17:24:44 A.... 12 288 12,00 K divx_x~1.dll Thu 2007-02-01 5:56:06 A.... 823 296 804,00 K divx_x~2.dll Thu 2007-02-01 5:56:08 A.... 823 296 804,00 K divx_x~3.dll Thu 2007-02-01 5:56:06 A.... 802 816 784,00 K dpl100.dll Tue 2007-01-30 5:56:58 A.... 73 728 72,00 K dpu10.dll Tue 2007-01-30 5:56:54 A.... 294 912 288,00 K dpu11.dll Tue 2007-01-30 5:56:54 A.... 294 912 288,00 K dpugui10.dll Tue 2007-01-30 5:56:56 A.... 53 248 52,00 K dpugui11.dll Tue 2007-01-30 5:56:54 A.... 593 920 580,00 K dpus11.dll Tue 2007-01-30 5:56:54 A.... 344 064 336,00 K dpv11.dll Tue 2007-01-30 5:56:54 A.... 57 344 56,00 K dtu100.dll Tue 2007-01-30 5:56:58 A.... 196 608 192,00 K fbcfca~1.dll Tue 2006-12-26 18:50:28 A.SH. 5 0,00 K libdivx.dll Tue 2007-01-30 6:03:28 A.... 1 044 480 1020,00 K mypsdaoy.dll Fri 2007-03-09 9:38:22 A.... 123 412 120,52 K px.dll Tue 2007-01-30 6:03:36 ..... 527 096 514,74 K pxafs.dll Tue 2007-01-30 6:03:36 ..... 129 784 126,74 K pxdrv.dll Tue 2007-01-30 6:03:36 ..... 502 520 490,74 K pxmas.dll Tue 2007-01-30 6:03:36 ..... 183 032 178,74 K pxsfs.dll Tue 2007-01-30 6:03:36 ..... 1 329 912 1,27 M pxwave.dll Tue 2007-01-30 6:03:36 ..... 379 640 370,74 K qt-dx331.dll Tue 2007-01-30 6:03:42 A.... 3 596 288 3,43 M ssldivx.dll Tue 2007-01-30 6:03:28 A.... 200 704 196,00 K vxblock.dll Tue 2007-01-30 6:03:36 ..... 39 672 38,74 K yapeuntl.dll Fri 2007-03-09 9:38:26 A.... 76 412 74,62 K 26 items found: 26 files (1 H/S), 0 directories. Total of file sizes: 13 142 455 bytes 12,53 M Locate .tmp files: C:\WINDOWS\SYSTEM32\ mcrh.tmp Sat 2007-03-10 16:37:16 A.... 143 0,14 K 1 item found: 1 file, 0 directories. Total of file sizes: 143 bytes 0,14 K ********************************************************************************** Directory Listing of system files: Wolumin w stacji C nie ma etykiety. Numer seryjny woluminu: 68D1-9FE8 Katalog: C:\WINDOWS\System32 2007-03-11 20:17 <DIR> dllcache 2007-03-11 19:08 1˙597˙782 lccpsywu.ini 2007-03-11 19:06 426˙759 ggjjl.ini 2007-03-11 17:35 421˙533 ggjjl.bak2 2007-03-10 15:38 1˙586˙538 yoadspym.ini 2007-03-09 09:38 446˙678 ggjjl.bak1 2007-03-09 09:38 282˙212 ljjgg.dll.vir 2007-03-09 09:32 26˙637 cbxxyvv.dll.vir 2007-02-22 21:02 0 .exe 2006-12-26 18:50 5 fbcfcacdf_s.dll 2006-12-02 15:17 <DIR> Microsoft 9 plik(˘w) 4˙788˙144 bajt˘w 2 katalog(˘w) 8˙610˙594˙816 bajt˘w wolnych

**Posty:** 18165 · przez **wojtas** 12 Mar 2007, 23:25

Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach)
Start do awaryjnego ( F8 ) przy starcie komputera.

mcrh.tmp Sat 2007-03-10 16:37:16 A.... 143 0,14 K
2007-03-11 19:08 1˙597˙782 lccpsywu.ini
2007-03-11 19:06 426˙759 ggjjl.ini
2007-03-10 15:38 1˙586˙538 yoadspym.ini
2007-03-09 09:38 282˙212 ljjgg.dll.vir
2007-03-09 09:32 26˙637 cbxxyvv.dll.vir
C:\WINDOWS\System32\kaxpsqoa.exe
2007-03-10 10:52:25 88340 --a------ C:\WINDOWS\System32\qfaevrpb.exe
2007-03-10 10:52:17 421533 ---hs---- C:\WINDOWS\System32\ggjjl.bak2
2007-03-09 09:38:29 88340 --a------ C:\WINDOWS\System32\ukcogocx.exe
2007-03-09 09:38:24 76412 --a------ C:\WINDOWS\System32\yapeuntl.dll
2007-03-09 09:38:18 123412 --a------ C:\WINDOWS\System32\mypsdaoy.dll
2007-03-09 09:38:16 446678 ---hs---- C:\WINDOWS\System32\ggjjl.bak1
2007-02-21 13:05:42 249856 -----n--- C:\WINDOWS\Setup1.exe
2007-02-21 13:05:41 73216 --a------ C:\WINDOWS\ST6UNST.EXE
2007-02-21 10:50:31 0 --ahs---- C:\WINDOWS\System32\.exe
2007-03-11 19:57:08 0 d-------- C:\!KillBox
2007-03-11 17:44:41 0 d-------- C:\VundoFix Backups

Pogrubione pliki usuwasz ręcznie z dysku

wklej do notatnika:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{FDEA8B50-5D70-4293-865F-141F7EB156C0}"=-

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runservices]
"Microsoft Directx clicks"=-

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runservices]
"Microsoft Directx clicks"=-

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Microsoft Directx clicks"=-
"Offices Monitorse"=-

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"Microsoft Directx clicks"=-
"Offices Monitorse"=-

w notatniku u góry>>>plik zapisz jako>>>Zmien rozszerzenie z TXT na Wszystkie pliki *.* >>> Zapisz pod nazwą FIX.REG

Klikasz dwa razy na powstały plik fix i dodajesz go do rejestru....

**Posty:** 159 · przez **know** 13 Mar 2007, 12:37

wojtas19162 napisał(a):mcrh.tmp Sat 2007-03-10 16:37:16 A.... 143 0,14 K
2007-03-11 19:08 1˙597˙782 lccpsywu.ini
2007-03-11 19:06 426˙759 ggjjl.ini
2007-03-10 15:38 1˙586˙538 yoadspym.ini
2007-03-09 09:38 282˙212 ljjgg.dll.vir
2007-03-09 09:32 26˙637 cbxxyvv.dll.vir

jak mam znalezc te pliki ??

Start >>> Wyszukaj pliki lub foldery ??

i z ktorego programu mam potem dac log do weryfikacji ??

prosze o sprawdzenie loga

prosze o sprawdzenie loga

Kto jest na forum