wirusy i trojany, wolne działanie komputera

[ToServeAndProtect]

sprawdźcie komputer koleżanki. 100% że coś jest. kiepsko działa itp

Logi z DSS

Kod: Zaznacz wszystko

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: Polish

CPU 0: AMD Athlon(TM) XP 2200+
Percentage of Memory in Use: 49%
Physical Memory (total/avail): 767.53 MiB / 387.6 MiB
Pagefile Memory (total/avail): 1878.1 MiB / 1624.96 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1919.63 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 29.29 GiB total, 18.18 GiB free.
D: is Fixed (NTFS) - 45.23 GiB total, 29.94 GiB free.
E: is CDROM (No Media)
F: is CDROM (CDFS)
G: is Fixed (NTFS) - 18.62 GiB total, 4.72 GiB free.

\\.\PHYSICALDRIVE0 - WDC WD800BB-00CAA1 - 74.53 GiB - 2 partitions
  \PARTITION0 (bootable) - Instalowalny system plików - 29.29 GiB - C:
  \PARTITION1 - Rozszerzona z rozszerzonym przerwaniem 13 - 45.23 GiB - D:

\\.\PHYSICALDRIVE1 - HITACHI_ DK23DA-20 USB Device - 18.63 GiB - 1 partition
  \PARTITION0 - Instalowalny system plików - 18.62 GiB - G:



-- Security Center -------------------------------------------------------------

AUOptions is disabled.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\xxx\Dane aplikacji
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=ZZZ-8A68FBE51BB
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\xxx
LOGONSERVER=\\ZZZ-8A68FBE51BB
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\PC Connectivity Solution\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 1, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0801
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\xxx\USTAWI~1\Temp
TMP=C:\DOCUME~1\xxx\USTAWI~1\Temp
USERDOMAIN=ZZZ-8A68FBE51BB
USERNAME=xxx
USERPROFILE=C:\Documents and Settings\xxx
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

xxx [I](admin)[/I]
LEWBEATA [I](admin)[/I]


-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
50 FREE MP3s +1 Free Audiobook! --> "C:\Program Files\Winamp\eMusic\Uninst-eMusic-promotion.exe"
802.11g Wireless Network Adapter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9166DD9E-FF78-4B06-8DE6-3071C3DC0687}\setup.exe" -l0x9
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.0 - Polish --> MsiExec.exe /I{AC76BA86-7AD7-1045-7B44-A81000000003}
Adobe Shockwave Player 11 --> C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
ALLPlayer V3.X --> "C:\Program Files\MarBit\ALLPlayer\unins000.exe"
AML Free Registry Cleaner 4.0 --> "C:\Program Files\AML Products\Registry Cleaner\unins000.exe"
Ashampoo Burning Studio 2008 --> "C:\Program Files\Ashampoo\Ashampoo Burning Studio 2008\unins000.exe"
Atlas świata --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AF085552-7B64-4D40-9212-D98ECF15D838}\setup.exe" -l0x15
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Conflict Desert Storm II --> D:\CONFLI~1\CONFLI~1\UNWISE.EXE D:\CONFLI~1\CONFLI~1\INSTALL.LOG
Conflict Desert Storm PL --> D:\PROGRA~1\CONFLI~2\UNWISE.EXE D:\PROGRA~1\CONFLI~2\INSTALL.LOG
Counter-Strike 1.6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9ABFB92D-93DA-49EE-8ABF-F8195DE45CA9}\Setup.exe" -l0x19
DX-Ball 1.09 --> C:\PROGRA~1\DX-Ball\UNWISE.EXE C:\PROGRA~1\DX-Ball\INSTALL.LOG
DX-Ball 2 v1.2 --> C:\PROGRA~1\DXBall2\UNWISE.EXE C:\PROGRA~1\DXBall2\INSTALL.LOG
Dysk wspomnieniowy HP --> MsiExec.exe /X{B376402D-58EA-45EA-BD50-DD924EB67A70}
ESET Smart Security --> MsiExec.exe /I{E8046F6F-E286-4989-BEB3-175307C95148}
FlashGet ads support --> RunDll32 C:\WINDOWS\system32\cd_clint.dll,ServiceRunDll u_277
FlatOut --> MsiExec.exe /I{A57D86AF-DE8E-4B26-972E-A1A28FFF7742}
Football Generation --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{74299A64-3EB6-4260-AAFB-8DC62A70E85E}\Setup.exe" -l0x9
Gadu-Gadu 7.7 --> D:\gg\Gadu-Gadu\Setup.exe
GameDesire-Pool & Snooker --> C:\Program Files\Ganymede\billiards_uninstall.exe
GameSpy Arcade --> C:\PROGRA~1\GAMESP~1\UNWISE.EXE C:\PROGRA~1\GAMESP~1\INSTALL.LOG
Gimnazjum_testy_2008 1.0 --> D:\Program Files\Gimnazjum_testy_2008\uninst.exe
Gothic --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{758A4269-70E5-4B11-B419-F692882408A9}\setup.exe" -l0x15
Gothic II --> D:\PROGRA~1\GOTHIC~1\UNWISE.EXE D:\PROGRA~1\GOTHIC~1\INSTALL.LOG
Heroes of Might and Magic® III --> C:\WINDOWS\IsUn0415.exe -fd:\heroes3\Uninst.isu -c"d:\heroes3\uninst.dll
hp deskjet 5100 --> msiexec /x{FEDA56C4-82F3-46DD-8B50-FC592BBE1C0D}
HP Photo and Imaging 2.0 - Deskjet Series --> MsiExec.exe /I{E0828692-FD9D-459F-9312-C645C3CA6650}
hp print screen utility --> C:\Program Files\Hewlett-Packard\hp print screen utility\UnInstall\prnunins.exe
Image Signature 1.5.1 --> "C:\Program Files\BBProject\Image Signature\unins000.exe"
IrfanView (remove only) --> C:\Program Files\IrfanView\iv_uninstall.exe
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Kalendarz XP v29.85 --> C:\Program Files\Kalendarz XP\uninstall.exe
Kozacy - Europejskie boje --> C:\WINDOWS\uncsetup.exe
Lara Croft Tomb Raider: The Angel Of Darkness --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{93656878-FF8B-4935-99BB-F3F260037C57}
Microsoft Office Access MUI (Polish) 2007 --> MsiExec.exe /X{90120000-0015-0415-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (Polish) 2007 --> MsiExec.exe /X{90120000-0016-0415-0000-0000000FF1CE}
Microsoft Office Groove MUI (Polish) 2007 --> MsiExec.exe /X{90120000-00BA-0415-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Polish) 2007 --> MsiExec.exe /X{90120000-0044-0415-0000-0000000FF1CE}
Microsoft Office OneNote MUI (Polish) 2007 --> MsiExec.exe /X{90120000-00A1-0415-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Polish) 2007 --> MsiExec.exe /X{90120000-001A-0415-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Polish) 2007 --> MsiExec.exe /X{90120000-0018-0415-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007 --> MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Polish) 2007 --> MsiExec.exe /X{90120000-001F-0415-0000-0000000FF1CE}
Microsoft Office Proofing (Polish) 2007 --> MsiExec.exe /X{90120000-002C-0415-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Polish) 2007 --> MsiExec.exe /X{90120000-0019-0415-0000-0000000FF1CE}
Microsoft Office Shared MUI (Polish) 2007 --> MsiExec.exe /X{90120000-006E-0415-0000-0000000FF1CE}
Microsoft Office Word MUI (Polish) 2007 --> MsiExec.exe /X{90120000-001B-0415-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Mozilla Firefox (2.0.0.16) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Multimedialny słownik angielsko-polski --> C:\Program Files\Leksykonia\Rzeczpospolita\TL6\bin\deinstal.exe
NOD32 v3.x FiX 1.1 by TemDono (Free Updates - Expire in 2050) --> "C:\Program Files\ESET\ESET Smart Security\unins000.exe"
Nokia Connectivity Cable Driver --> MsiExec.exe /X{0FF1922C-B6C4-40BB-AF30-BEF75A482444}
Nokia PC Suite --> MsiExec.exe /I{D89AC4DF-7A00-4D0B-BA99-D582C7974A09}
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
PC Connectivity Solution --> MsiExec.exe /I{AB2347E4-153B-4194-AA3B-97C0A662B369}
PhotoDream 1.26 --> "C:\Program Files\PhotoDreamr\unins000.exe"
Picasa 2 --> "d:\Picasa2\Uninstall.exe"
Skype™ 3.5 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe"
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Stunt GP --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB132F09-DCF1-46EA-AE92-F8B42AB7BAD4}\setup.exe"
Tactical Ops - Wojna z Terrorem --> C:\Program Files\InstallShield Installation Information\{AF051ABD-880B-4B0F-8AA6-C0B7351F7698}\setup.exe -runfromtemp -l0x0015 -removeonly
TeamSpeak 2 RC2 --> "C:\Program Files\Teamspeak2_RC2\unins000.exe"
VDOTool 5.3 --> "C:\Program Files\VDOTool\unins000.exe"
Warlords Battlecry --> C:\WINDOWS\IsUninst.exe -f"d:\program files\Uninst.isu"
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Driver Package - Nokia (WUDFRd) WPD (11/03/2006 6.82.26.2) --> C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccswpddri_6B630EE2E66584353C6CD8683D447072872F34D8\pccswpddriver.inf
Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1) --> C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_4EFFAAE27A08EDFDE145390033D8EF099DA65567\nokbtmdm.inf
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type2616 / Warning
Event Submitted/Written: 07/25/2008 07:40:07 PM
Event ID/Source: 1015 / MsiInstaller
Event Description:
Nie można połączyć się z serwerem. Błąd: 0x800401F0

Event Record #/Type2602 / Error
Event Submitted/Written: 07/21/2008 02:18:23 PM
Event ID/Source: 1000 / Application Error
Event Description:
Aplikacja powodująca błąd iexplore.exe, wersja 6.0.2900.2180, moduł powodujący błąd mshtml.dll, wersja 6.0.2900.2180, adres błędu 0x001f57fa.
Przetwarzanie zdarzenia określonego nośnika dla [iexplore.exe!ws!]

Event Record #/Type2601 / Error
Event Submitted/Written: 07/21/2008 02:03:51 PM
Event ID/Source: 1000 / Application Error
Event Description:
Aplikacja powodująca błąd iexplore.exe, wersja 6.0.2900.2180, moduł powodujący błąd mshtml.dll, wersja 6.0.2900.2180, adres błędu 0x001f57fa.
Przetwarzanie zdarzenia określonego nośnika dla [iexplore.exe!ws!]

Event Record #/Type2597 / Error
Event Submitted/Written: 07/21/2008 00:02:42 AM
Event ID/Source: 1000 / Application Error
Event Description:
Aplikacja powodująca błąd iexplore.exe, wersja 6.0.2900.2180, moduł powodujący błąd mshtml.dll, wersja 6.0.2900.2180, adres błędu 0x001f57fa.
Przetwarzanie zdarzenia określonego nośnika dla [iexplore.exe!ws!]

Event Record #/Type2559 / Error
Event Submitted/Written: 06/29/2008 11:52:42 PM
Event ID/Source: 1000 / Application Error
Event Description:
Aplikacja powodująca błąd explorer.exe, wersja 6.0.2900.2180, moduł powodujący błąd msvcr80.dll, wersja 8.0.50727.163, adres błędu 0x000177a9.
Przetwarzanie zdarzenia określonego nośnika dla [explorer.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type23591 / Error
Event Submitted/Written: 07/25/2008 07:42:20 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
Usługa Przeglądarka komputera zakończyła działanie; wystąpił następujący błąd:
%%1460

Event Record #/Type23563 / Error
Event Submitted/Written: 07/25/2008 07:35:30 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
Usługa Przeglądarka komputera zakończyła działanie; wystąpił następujący błąd:
%%1460

Event Record #/Type23560 / Warning
Event Submitted/Written: 07/25/2008 07:35:30 PM
Event ID/Source: 57 / Ftdisk
Event Description:
Nie można zrzucić danych do dziennika transakcji. Może wystąpić uszkodzenie.

Event Record #/Type23521 / Warning
Event Submitted/Written: 07/25/2008 07:21:46 PM
Event ID/Source: 57 / Ftdisk
Event Description:
Nie można zrzucić danych do dziennika transakcji. Może wystąpić uszkodzenie.

Event Record #/Type23509 / Error
Event Submitted/Written: 07/25/2008 01:24:53 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
Usługa Przeglądarka komputera zakończyła działanie; wystąpił następujący błąd:
%%1460



-- End of Deckard's System Scanner: finished at 2008-07-25 19:59:51 ------------



Kod: Zaznacz wszystko

Deckard's System Scanner v20071014.68
Run by xxx on 2008-07-25 19:55:07
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
12: 2008-07-25 17:55:35 UTC - RP212 - Deckard's System Scanner Restore Point
11: 2008-07-25 17:46:43 UTC - RP211 - Usunięto: Nero - Burning Rom
10: 2008-07-25 17:45:33 UTC - RP210 - Zainstalowany program DirectX
9: 2008-07-25 17:40:50 UTC - RP209 - Removed BurnAware Free Edition
8: 2008-07-25 17:39:17 UTC - RP208 - Zainstalowano: Microsoft Visual C++ 2005 Redistributable


-- First Restore Point --
1: 2008-07-20 20:17:27 UTC - RP201 - Punkt kontrolny systemu


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-07-25 19:58:09
Platform: Windows XP Dodatek Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\B54GT Wireless Monitor\WLService.exe
C:\Program Files\B54GT Wireless Monitor\WLanCfgG.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\VDOTool\TBPANEL.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\xxx\Pulpit\Security\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - (no file)
O2 - BHO: (no name) - {37B85A21-692B-4205-9CAD-2626E4993404} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\BEARSH~1\FlashGet\jccatch.dll (file missing)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O4 - HKLM\..\Run: [Gainward] C:\Program Files\VDOTool\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [Gadu-Gadu] "D:\gg\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Download All by FlashGet - D:\Bearshare\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - D:\Bearshare\FlashGet\jc_link.htm
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\BEARSH~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\BEARSH~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{EF8B6E16-4D48-4712-B538-5DEB4734237D}: NameServer = 194.204.152.34,194.204.159.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O23 - Service: 802.11g Wireless Network Adapter (B54GT Wireless Service) - Unknown owner - C:\Program Files\B54GT Wireless Monitor\WLService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O24 - Desktop Component 0:  - http://szukaj.torrenty.org/themes/default/images/logo_diab.jpg

--
End of file - 8573 bytes

-- File Associations -----------------------------------------------------------

[COLOR=red].cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*[/COLOR]
[COLOR=red].cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*[/COLOR]


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 prohlp02 (StarForce Protection Helper Driver v2) - c:\windows\system32\drivers\prohlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 prosync1 (StarForce Protection Synchronization Driver v1) - c:\windows\system32\drivers\prosync1.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp01 (StarForce Protection Helper Driver) - c:\windows\system32\drivers\sfhlp01.sys <Not Verified; Protection Technology; StarForce Protection System>
R1 AFS2K - c:\windows\system32\drivers\afs2k.sys <Not Verified; Oak Technology Inc.; AFS>
R1 prodrv06 (StarForce Protection Environment Driver v6) - c:\windows\system32\drivers\prodrv06.sys <Not Verified; Protection Technology; StarForce Protection System>
R1 VIAPFD - c:\windows\system32\drivers\viapfd.sys <Not Verified; VIA Technologies. Inc.; VIA PFD driver>
R2 MDC8021X (AEGIS Protocol (IEEE 802.1x) v2.3.0.0) - c:\windows\system32\drivers\mdc8021x.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 2.3.1>
R3 GTNDIS5 (GTNDIS5 NDIS Protocol Driver) - c:\windows\system32\gtndis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 B54GT Wireless Service (802.11g Wireless Network Adapter) - c:\program files\b54gt wireless monitor\wlservice.exe
R3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2008-06-25 and 2008-07-25 -----------------------------

2008-07-25 19:49:56         0 d-------- C:\Program Files\Ashampoo
2008-07-25 19:46:01         0 d-------- C:\Program Files\IrfanView
2008-07-25 19:41:50         0 d-------- C:\WINDOWS\Logs
2008-07-25 19:41:25         0 d-------- C:\WINDOWS\LastGood
2008-07-25 19:38:51         0 d-------- C:\WINDOWS\system32\Adobe
2008-07-25 19:34:55       352 --ah----- C:\WINDOWS\nod32fixtemdono.reg
2008-07-25 19:32:31         0 d-------- C:\WINDOWS\pss
2008-07-25 19:18:23         0 d-------- C:\WINDOWS\system32\appmgmt
2008-06-28 15:41:08         0 d-------- C:\Program Files\MarBit


-- Find3M Report ---------------------------------------------------------------

2008-07-25 19:50:37         0 d-------- C:\Documents and Settings\xxx\Dane aplikacji\Ashampoo
2008-07-25 19:47:06         0 d-------- C:\Program Files\Ahead
2008-07-25 19:43:15         0 d-------- C:\Program Files\Folderico
2008-07-25 19:34:44         0 d-------- C:\Documents and Settings\xxx\Dane aplikacji\ESET
2008-07-25 19:26:37         0 d-------- C:\Program Files\BearShare
2008-07-25 19:26:05         0 d-------- C:\Program Files\Tibia
2008-07-25 19:24:11         0 d-------- C:\Program Files\Google
2008-07-25 19:22:30         0 d-------- C:\Program Files\Common Files
2008-07-25 16:47:34         0 d-------- C:\Documents and Settings\xxx\Dane aplikacji\uTorrent
2008-07-25 16:28:28         0 d-------- C:\Program Files\Kalendarz XP
2008-07-20 21:39:47         0 d-------- C:\Program Files\Valve
2008-07-20 21:34:41         0 d-------- C:\Program Files\Winamp
2008-07-20 21:28:32         0 d-------- C:\Documents and Settings\xxx\Dane aplikacji\Winamp
2008-07-18 14:41:25         0 d-------- C:\Documents and Settings\xxx\Dane aplikacji\PC Suite
2008-07-18 14:41:19         0 d-------- C:\Documents and Settings\xxx\Dane aplikacji\Nokia
2008-06-29 11:03:39         0 d-------- C:\Program Files\Messenger
2008-06-19 17:05:19         0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-29 19:13:32         0 d-------- C:\Program Files\FlashGet
2008-05-26 18:12:53         0 d-------- C:\Program Files\Common Files\Adobe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gainward"="C:\Program Files\VDOTool\TBPanel.exe" [2007-06-26 15:58]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-07-23 04:34]
"nwiz"="nwiz.exe" [2007-07-23 04:34 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-07-23 04:34]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2002-12-17 12:40]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-26 09:19]
"DeviceDiscovery"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2002-12-02 21:56]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-11-08 14:27]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2008-03-13 16:48]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="D:\gg\Gadu-Gadu\gg.exe" [2008-03-20 12:04]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"PcSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ClearRecentDocsOnExit"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Kalendarz XP.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Kalendarz XP.lnk
backup=C:\WINDOWS\pss\Kalendarz XP.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^xxx^Menu Start^Programy^Autostart^Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk]
path=C:\Documents and Settings\xxx\Menu Start\Programy\Autostart\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk
backup=C:\WINDOWS\pss\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\system32\\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
d:\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"C:\Program Files\Winamp\winampa.exe"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb05fc04-db0b-11dc-903d-000e8e00a815}]
AutoRun\command- G:\EXPLORER.EXE
explore\Command- G:\EXPLORER.EXE
open\Command- G:\EXPLORER.EXE




-- End of Deckard's System Scanner: finished at 2008-07-25 19:59:51 ------------



[Magik]

Zastosuj SDFix . Po pobraniu uruchom go a rozpakuje się do C:\SDFix. Uruchom komputer w trybie awaryjnym (F8 przy stracie systemu). Będąc w awaryjnym uruchom plik RunThis.bat z folderu SDFixa. Zatwierdź czyszczenie przez Y. Poczekaj aż ukończy i komputer zresetuje

Potem wejdz do folderu C:\SDFix wrzuc zawartość pliku Report.txt + log z combofixa oraz daj loga z hijacka

+
to
http://forum.programosy.pl/program-szukajacy-trojanow-i-malware-vt97108.html

[ToServeAndProtect]

PS: ni emogę uruchomić Silent Runners bo dostęp do HOSTA jest wyłączony

FixIEDef nic nie znalazł

Kod: Zaznacz wszystko

[b]SDFix: Version 1.208 [/b]
Run by xxx on 2008-07-25 at 20:30

Microsoft Windows XP [Wersja 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


[b]Checking Files [/b]:

No Trojan Files Found






Removing Temp Files

[b]ADS Check [/b]:



                                 [b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-25 20:35:43
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Gadu-Gadu\\gg.exe"="C:\\Program Files\\Gadu-Gadu\\gg.exe:*:Enabled:Gadu-Gadu - program gˆ˘wny"
"C:\\Program Files\\BearShare\\BearShare.exe"="C:\\Program Files\\BearShare\\BearShare.exe:*:Enabled:BearShare"
"C:\\Program Files\\FlashGet\\flashget.exe"="C:\\Program Files\\FlashGet\\flashget.exe:*:Enabled:Flashget"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:uTorrent"
"D:\\pc\\igi2.exe"="D:\\pc\\igi2.exe:*:Enabled:IGI2:Covert Strike"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[b]Remaining Files [/b]:



[b]Files with Hidden Attributes [/b]:

Mon  7 Jan 2008           352 A..H. --- "C:\WINDOWS\nod32fixtemdono.reg"
Mon 28 Jan 2008     1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008     5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008     2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Sat  3 Nov 2007         4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sat 19 Jul 2008       589,824 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\z32rcooo.TMP"
Sat  3 Nov 2007         4,348 A..H. --- "C:\Documents and Settings\xxx\Moje dokumenty\Moja muzyka\Kopia zapasowa licencji\drmv1key.bak"
Sat 17 Nov 2007            20 A..H. --- "C:\Documents and Settings\xxx\Moje dokumenty\Moja muzyka\Kopia zapasowa licencji\drmv1lic.bak"
Sat  3 Nov 2007         9,655 A.SH. --- "C:\Documents and Settings\xxx\Moje dokumenty\Moja muzyka\Kopia zapasowa licencji\drmv2key.bak"

[b]Finished![/b]



Kod: Zaznacz wszystko

Username "xxx" - 2008-07-25 20:24:20 [Fixwareout edited 9/01/2007]

~~~~~ Prerun check

Pomyślnie opróżniono pamięć podręczną programu rozpoznawania nazw DNS.


System was rebooted successfully.

~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "System"=""
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....

~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gainward"="C:\\Program Files\\VDOTool\\TBPanel.exe /A"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"HP Software Update"="C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWuSchd.exe"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb08.exe"
"DeviceDiscovery"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpotdd01.exe"
"PCSuiteTrayApplication"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\LaunchApplication.exe -startup"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_03\\bin\\jusched.exe\""
"egui"="\"C:\\Program Files\\ESET\\ESET Smart Security\\egui.exe\" /hide /waitservice"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="\"D:\\gg\\Gadu-Gadu\\gg.exe\" /tray"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~


Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:40:20, on 2008-07-25
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\B54GT Wireless Monitor\WLService.exe
C:\Program Files\B54GT Wireless Monitor\WLanCfgG.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\VDOTool\TBPanel.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\xxx\Pulpit\Security\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - (no file)
O2 - BHO: (no name) - {37B85A21-692B-4205-9CAD-2626E4993404} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\BEARSH~1\FlashGet\jccatch.dll (file missing)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O4 - HKLM\..\Run: [Gainward] C:\Program Files\VDOTool\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [Gadu-Gadu] "D:\gg\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Download All by FlashGet - D:\Bearshare\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - D:\Bearshare\FlashGet\jc_link.htm
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\BEARSH~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\BEARSH~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{EF8B6E16-4D48-4712-B538-5DEB4734237D}: NameServer = 194.204.152.34,194.204.159.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: 802.11g Wireless Network Adapter (B54GT Wireless Service) - Unknown owner - C:\Program Files\B54GT Wireless Monitor\WLService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O24 - Desktop Component 0: (no name) - http://szukaj.torrenty.org/themes/default/images/logo_diab.jpg

--
End of file - 6723 bytes


[Okocza]

Kod: Zaznacz wszystko

O2 - BHO: (no name) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - (no file)
O2 - BHO: (no name) - {37B85A21-692B-4205-9CAD-2626E4993404} - (no file)
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\BEARSH~1\FlashGet\jccatch.dll (file missing)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)


daj jeszcze log z CF

[Magik]

te wpisy daje na fix w HJT

Kod: Zaznacz wszystko

O2 - BHO: (no name) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - (no file)
O2 - BHO: (no name) - {37B85A21-692B-4205-9CAD-2626E4993404} - (no file)
   O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\BEARSH~1\FlashGet\jccatch.dll (file missing)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
   O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\BEARSH~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\BEARSH~1\FlashGet\flashget.exe (file missing)


wirusy, trojany, gdzie to wszystko jest



wklejaj do notatnika

Kod: Zaznacz wszystko

Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb05fc04-db0b-11dc-903d-000e8e00a815}]


zapisz jako fix.reg i odpal


wklej screen z zakladki autostart/w msconfig

[ToServeAndProtect]

wirusy, trojany, gdzie to wszystko jest

Jak nie ma to tym lepiej


ESET wykrył jednego: Win32/Dialer.NEC




Nie mogę odinstalować Flashget ads

[Magik]

Na out

jusched
HPWSCHD
i ew. ta Nokia


dasz rade wrzucic log z combofix'a??


by mario
1. wykonaj optymalizację windowsa
2.sciagnij ATF_Cleaner
zaznacz
Windows Temp
All users Temp
Temporary internet files
Recycle Bin
i wcisnij EMPTY SELECTED
3.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem

[Okocza]

Win32/Dialer.NEC

spybot search and destroy zastosuj.

[ToServeAndProtect]

reszta zrobiona

Kod: Zaznacz wszystko

ComboFix 08-07-24.6 - xxx 2008-07-25 21:08:20.1 - NTFSx86
Running from: C:\Documents and Settings\xxx\Pulpit\ComboFix.exe
* Resident AV is active


[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\myglobalsearch
C:\Program Files\myglobalsearch\bar\History\search
C:\WINDOWS\system32\AdCache
C:\WINDOWS\system32\AdCache\b_149300.GIF
C:\WINDOWS\system32\AdCache\b_149301.GIF
C:\WINDOWS\system32\AdCache\b_151700.GIF
C:\WINDOWS\system32\AdCache\b_151701.GIF

.
(((((((((((((((((((((((((   Files Created from 2008-06-25 to 2008-07-25  )))))))))))))))))))))))))))))))
.

2008-07-25 20:27 . 2008-07-25 20:27   <DIR>   d--------   C:\WINDOWS\ERUNT
2008-07-25 19:54 . 2008-07-25 19:54   <DIR>   d--------   C:\Deckard
2008-07-25 19:50 . 2008-07-25 19:50   <DIR>   d--------   C:\Documents and Settings\xxx\Dane aplikacji\Ashampoo
2008-07-25 19:50 . 2008-07-25 19:50   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\ashampoo
2008-07-25 19:49 . 2008-07-25 19:49   <DIR>   d--------   C:\Program Files\Ashampoo
2008-07-25 19:46 . 2008-07-25 19:46   <DIR>   d--------   C:\Program Files\IrfanView
2008-07-25 19:46 . 2008-05-30 14:19   507,400   --a------   C:\WINDOWS\system32\XAudio2_1.dll
2008-07-25 19:46 . 2008-05-30 14:18   238,088   --a------   C:\WINDOWS\system32\xactengine3_1.dll
2008-07-25 19:46 . 2008-05-30 14:17   65,032   --a------   C:\WINDOWS\system32\XAPOFX1_0.dll
2008-07-25 19:41 . 2008-07-25 19:41   <DIR>   d--------   C:\WINDOWS\Logs
2008-07-25 19:38 . 2008-07-25 19:38   <DIR>   d--------   C:\WINDOWS\system32\Adobe
2008-07-25 19:34 . 2008-07-25 19:34   <DIR>   d--------   C:\Documents and Settings\xxx\Dane aplikacji\ESET
2008-07-25 19:34 . 2008-01-07 14:29   352   --ah-----   C:\WINDOWS\nod32fixtemdono.reg
2008-07-25 19:33 . 2008-07-25 19:33   <DIR>   d--------   C:\Program Files\ESET
2008-07-25 19:33 . 2008-07-25 19:33   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\ESET
2008-07-17 13:08 . 2004-08-04 00:44   159,232   --a------   C:\WINDOWS\system32\ptpusd.dll
2008-07-17 13:08 . 2004-08-03 22:58   15,104   --a------   C:\WINDOWS\system32\drivers\usbscan.sys
2008-07-17 13:08 . 2004-08-03 22:58   15,104   --a--c---   C:\WINDOWS\system32\dllcache\usbscan.sys
2008-07-17 13:08 . 2001-10-26 17:29   5,632   --a------   C:\WINDOWS\system32\ptpusb.dll
2008-06-29 22:56 . 2008-07-18 14:41   <DIR>   d--------   C:\Documents and Settings\xxx\Dane aplikacji\Nokia
2008-06-28 15:41 . 2008-06-28 15:41   <DIR>   d--------   C:\Program Files\MarBit

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-25 17:47   ---------   d-----w   C:\Program Files\Ahead
2008-07-25 17:43   ---------   d-----w   C:\Program Files\Folderico
2008-07-25 17:27   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\IconTweaker
2008-07-25 17:26   ---------   d-----w   C:\Program Files\Tibia
2008-07-25 17:26   ---------   d-----w   C:\Program Files\BearShare
2008-07-25 17:24   ---------   d-----w   C:\Program Files\Google
2008-07-25 14:47   ---------   d-----w   C:\Documents and Settings\xxx\Dane aplikacji\uTorrent
2008-07-25 14:28   ---------   d-----w   C:\Program Files\Kalendarz XP
2008-07-20 19:39   ---------   d-----w   C:\Program Files\Valve
2008-07-20 19:34   ---------   d-----w   C:\Program Files\Winamp
2008-07-20 19:28   ---------   d-----w   C:\Documents and Settings\xxx\Dane aplikacji\Winamp
2008-07-18 12:41   ---------   d-----w   C:\Documents and Settings\xxx\Dane aplikacji\PC Suite
2008-06-19 15:05   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-05-30 12:17   25,608   ----a-w   C:\WINDOWS\system32\X3DAudio1_4.dll
2008-05-30 12:11   467,984   ----a-w   C:\WINDOWS\system32\d3dx10_38.dll
2008-05-30 12:11   3,850,760   ----a-w   C:\WINDOWS\system32\D3DX9_38.dll
2008-05-30 12:11   1,491,992   ----a-w   C:\WINDOWS\system32\D3DCompiler_38.dll
2008-05-29 17:13   ---------   d-----w   C:\Program Files\FlashGet
2008-05-26 16:12   ---------   d-----w   C:\Program Files\Common Files\Adobe
.

------- Sigcheck -------

2004-08-03 23:14  359040  9f4b36614a0fc234525ba224957de55c   C:\WINDOWS\system32\dllcache\tcpip.sys
2004-08-03 23:14  359040  6a603809f598332dbedd535bdbce313e   C:\WINDOWS\system32\drivers\tcpip.sys
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="D:\gg\Gadu-Gadu\gg.exe" [2008-03-20 12:04 2127296]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gainward"="C:\Program Files\VDOTool\TBPanel.exe" [2007-06-26 15:58 2165272]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-07-23 04:34 8466432]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-07-23 04:34 81920]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-26 09:19 172032]
"DeviceDiscovery"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2002-12-02 21:56 40960]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-11-08 14:27 222208]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2008-03-13 16:48 1443072]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 00:44 159744]
"nwiz"="nwiz.exe" [2007-07-23 04:34 1626112 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44 15360]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 18:15 1634304]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Kalendarz XP.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Kalendarz XP.lnk
backup=C:\WINDOWS\pss\Kalendarz XP.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^xxx^Menu Start^Programy^Autostart^Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk]
path=C:\Documents and Settings\xxx\Menu Start\Programy\Autostart\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk
backup=C:\WINDOWS\pss\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-05-11 13:06 40048 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-27 01:47 31016 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
-ra------ 2002-12-17 12:40 49152 C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
--------- 2007-10-23 23:18 443968 d:\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 12:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 02:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2008-07-09 23:33 36352 C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 B54GT Wireless Service;802.11g Wireless Network Adapter;C:\Program Files\B54GT Wireless Monitor\WLService.exe [2004-03-29 17:08]

*Newly Created Service* - PROCEXP90
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-NeroCheck - C:\WINDOWS\system32\\NeroCheck.exe
MSConfigStartUp-swg - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.pl/
R0 -: HKCU-Main,Default_Search_URL = hxxp://www.google.com/ie
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O8 -: &Winamp Search
O8 -: Download All by FlashGet - D:\Bearshare\FlashGet\jc_all.htm
O8 -: Download using FlashGet - D:\Bearshare\FlashGet\jc_link.htm
O8 -: E&ksportuj do programu Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O17 -: HKLM\CCS\Interface\{EF8B6E16-4D48-4712-B538-5DEB4734237D}: NameServer = 194.204.152.34,194.204.159.1


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-25 21:09:54
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-25 21:12:04
ComboFix-quarantined-files.txt  2008-07-25 19:11:03

Pre-Run: 19,505,594,368 bajtów wolnych
Post-Run: 19,495,997,440 bajtów wolnych

152


[Okocza]

combo czysty

[Magik]

ToServeAndProtect niech Twoja kolezanka uzywa

http://www.programosy.pl/program,avg-anti-spyware.html

genialne roziwniecie Ewido--> w sumie dalsza jego postac pod nowa nazwa


oprcz NoD'a--->

Autor postu otrzymał pochwałę

[ToServeAndProtect]

dzięki emuś. mimo że nie znalazło trojanów itp to i tak praca komputera została przyspieszona

[Dzi@dek]

C:\WINDOWS\ERUNT
C:\Deckard
To możez sobie usunąć.
Z NOD nie masz problemów