prosze o ponowne sprawdzenie logów

przez **BlackHawk** » 25 Lis 2006, 17:40

Logi z HiJacka:

Kod: Zaznacz wszystko: Logfile of HijackThis v1.99.1 Scan saved at 16:43:01, on 2006-11-25 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:WINDOWSSystem32smss.exe C:WINDOWSsystem32winlogon.exe C:WINDOWSsystem32services.exe C:WINDOWSsystem32lsass.exe C:WINDOWSsystem32svchost.exe C:WINDOWSSystem32svchost.exe C:WINDOWSsystem32spoolsv.exe C:WINDOWSExplorer.EXE C:Program FilesUnlockerUnlockerAssistant.exe C:Program FilesWinampwinampa.exe C:Program FilesGadu-Gadugg.exe C:Program FilesCommon FilesLightScribeLSSrvc.exe C:WINDOWSSystem32MRTServ.exe C:WINDOWSSystem32 vsvc32.exe C:WINDOWSSystem32svchost.exe C:Program FilesMozilla Firefoxfirefox.exe C:Documents and SettingsBlackHawkPulpitHijackThis.exe R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocx O4 - HKLM..Run: [UnlockerAssistant] "C:Program FilesUnlockerUnlockerAssistant.exe" O4 - HKLM..Run: [WinampAgent] C:Program FilesWinampwinampa.exe O4 - HKCU..Run: [Gadu-Gadu] "C:Program FilesGadu-Gadugg.exe" /tray O8 - Extra context menu item: Download all links using BitComet - res://C:Program FilesBitCometBitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download all videos using BitComet - res://C:Program FilesBitCometBitComet.exe/AddVideo.htm O8 - Extra context menu item: Download link using &BitComet - res://C:Program FilesBitCometBitComet.exe/AddLink.htm O16 - DPF: {5A09E43F-A0A7-4ABF-AF80-11367CF1DC8F} (MainControl Class) - http://mks.com.pl/skaner/SkanerOnline.cab O17 - HKLMSystemCCSServicesTcpip..{73F0B218-2C38-4862-BF1E-1F380CB71BE3}: NameServer = 194.204.152.34 217.98.63.164 O21 - SSODL: AdobePDF - {D92D666A-0F7B-5892-A7E8-29340333F07E} - c:program filesinternet explorerPLUGINS ppdf.dll O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:Program FilesCommon FilesLightScribeLSSrvc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:WINDOWSSystem32 vsvc32.exe O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:WINDOWSSystem32wdfmgr.exe (file missing)

i z L2Mfix:

Kod: Zaznacz wszystko: L2MFIX find log 051206 These are the registry keys present ********************************************************************************** Winlogon/notify: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionWinlogonNotify] [HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionWinlogonNotifycrypt32chain] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00, 6c,00,00,00 "Logoff"="ChainWlxLogoffEvent" [HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionWinlogonNotifycryptnet] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00, 6c,00,6c,00,00,00 "Logoff"="CryptnetWlxLogoffEvent" [HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionWinlogonNotifycscdll] "DLLName"="cscdll.dll" "Logon"="WinlogonLogonEvent" "Logoff"="WinlogonLogoffEvent" "ScreenSaver"="WinlogonScreenSaverEvent" "Startup"="WinlogonStartupEvent" "Shutdown"="WinlogonShutdownEvent" "StartShell"="WinlogonStartShellEvent" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionWinlogonNotifyScCertProp] "DLLName"="wlnotify.dll" "Logon"="SCardStartCertProp" "Logoff"="SCardStopCertProp" "Lock"="SCardSuspendCertProp" "Unlock"="SCardResumeCertProp" "Enabled"=dword:00000001 "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionWinlogonNotifySchedule] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00, 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "StartShell"="SchedStartShell" "Logoff"="SchedEventLogOff" [HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionWinlogonNotifysclgntfy] "Logoff"="WLEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00, 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionWinlogonNotifySensLogn] "DLLName"="WlNotify.dll" "Lock"="SensLockEvent" "Logon"="SensLogonEvent" "Logoff"="SensLogoffEvent" "Safe"=dword:00000001 "MaxWait"=dword:00000258 "StartScreenSaver"="SensStartScreenSaverEvent" "StopScreenSaver"="SensStopScreenSaverEvent" "Startup"="SensStartupEvent" "Shutdown"="SensShutdownEvent" "StartShell"="SensStartShellEvent" "PostShell"="SensPostShellEvent" "Disconnect"="SensDisconnectEvent" "Reconnect"="SensReconnectEvent" "Unlock"="SensUnlockEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionWinlogonNotify ermsrv] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00, 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "Logoff"="TSEventLogoff" "Logon"="TSEventLogon" "PostShell"="TSEventPostShell" "Shutdown"="TSEventShutdown" "StartShell"="TSEventStartShell" "Startup"="TSEventStartup" "MaxWait"=dword:00000258 "Reconnect"="TSEventReconnect" "Disconnect"="TSEventDisconnect" [HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionWinlogonNotifywlballoon] "DLLName"="wlnotify.dll" "Logon"="RegisterTicketExpiredNotificationEvent" "Logoff"="UnregisterTicketExpiredNotificationEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 ********************************************************************************** useragent: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionInternet SettingsUser AgentPost Platform] ********************************************************************************** Shell Extension key: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShell ExtensionsApproved] "{00022613-0000-0000-C000-000000000046}"="Karta wˆa˜ciwo˜ci pliku multimedialnego" "{176d6597-26d3-11d1-b350-080036a75b03}"="ZarzĄdzanie skanerem ICM" "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Strona zabezpieczeä NTFS" "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Strona wˆa˜ciwo˜ci OLE Docfile" "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Rozszerzenia powˆoki dla udost©pniania zasob˘w" "{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension" "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Rozszerzenie CPL karty graficznej" "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Rozszerzenie CPL monitora wy˜wietlania" "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Rozszerzenie CPL kadrowania wy˜wietlania" "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Strona zabezpieczeä usˆugi DS" "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Strona zgodno˜ci" "{56117100-C0CD-101B-81E2-00AA004AE837}"="Program obsˆugi danych wycinkowych powˆoki" "{59099400-57FF-11CE-BD94-0020AF85B590}"="Rozszerzenie Disc Copy" "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Rozszerzenia powˆoki dla obiekt˘w Microsoft Windows Network" "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ZarzĄdzanie monitorem ICM" "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ZarzĄdzanie drukarkĄ ICM" "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Rozszerzenia powˆoki dla kompresji plik˘w" "{77597368-7b15-11d0-a0c2-080036af3f03}"="Rozszerzenie powˆoki drukarek sieci Web" "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI" "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu kontekstowe szyfrowania" "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Akt˘wka" "{88895560-9AA2-1069-930E-00AA0030EBC8}"="Rozszerzenie ikony HyperTerminalu" "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts" "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC" "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Strona zabezpieczeä drukarek" "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Rozszerzenia powˆoki dla udost©pniania zasob˘w" "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension" "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Rozszerzenie Crypto PKO" "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Rozszerzenie Crypto Sign" "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="PoˆĄczenia sieciowe" "{992CFFA0-F557-101A-88EC-00DD010CCC48}"="PoˆĄczenia sieciowe" "{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Skanery i aparaty fotograficzne" "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Skanery i aparaty fotograficzne" "{905667aa-acd6-11d2-8080-00805f6596d2}"="&Skanery i aparaty fotograficzne" "{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Skanery i aparaty fotograficzne" "{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Skanery i aparaty fotograficzne" "{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension" "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension" "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Rozszerzenia powˆoki dla hosta skrypt˘w systemu Windows" "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link" "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler" "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension" "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Zaplanowane zadania" "{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Pasek zadaä i menu Start" "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Wyszukaj" "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Pomoc i obsˆuga techniczna" "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Pomoc i obsˆuga techniczna" "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Uruchom..." "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet" "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail" "{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Czcionki" "{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Narz©dzia administracyjne" "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler" "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler" "{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler" "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler" "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler" "{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor" "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Pasek narz©dzi programu Microsoft Internet" "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Stan pobierania" "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Folder powˆoki zwi©kszonej" "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Folder powˆoki zwi©kszonej 2" "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy" "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Pasek przeglĄdarki Microsoft" "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Pasek wyszukiwania" "{32683183-48a0-441b-a342-7c2a440a9478}"="Pasek multimedi˘w" "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Wyszukiwanie w okienku" "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Wyszukiwanie w sieci Web" "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Narz©dzie opcji drzewa rejestru" "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adres" "{A08C11D2-A228-11d0-825B-00AA005B4383}"="Pole edycji adresu" "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Autouzupeˆnianie Microsoft" "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="Wyodr©bnianie obraz˘w Trident" "{6756A641-DE71-11d0-831B-00AA005B4383}"="Lista autouzupeˆniania MRU" "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Niestandardowa lista autouzupeˆniania MRU" "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Dost©pny" "{acf35015-526e-4230-9596-becbe19f0ac9}"="Pasek podr©czny ˜ledzenia" "{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analizator paska adresu" "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Lista autouzupeˆniania historii Microsoft" "{03C036F1-A186-11D0-824A-00AA005B4383}"="Lista autouzupeˆniania folderu powˆoki Microsoft" "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Kontener wielu list autouzupeˆniania Microsoft" "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu witryny paska powˆoki" "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp" "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Pasek pulpitu powˆoki" "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite" "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Pomoc dla uľytkownika" "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Globalne ustawienia folder˘w" "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band" "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service" "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer" "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture" "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut" "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service" "{FF393560-C2A7-11CF-BFF4-444553540000}"="Historia" "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Tymczasowe pliki internetowe" "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Tymczasowe pliki internetowe" "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook" "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Ekran powitalny pakietu IE4" "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook" "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC" "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC" "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet" "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space" "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Pasek eksploratora" "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{88C6C381-2E85-11D0-94DE-444553540000}"="Folder pami©ci podr©cznej ActiveX" "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck" "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr" "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Folder subskrypcji" "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler" "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent" "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent" "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent" "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent" "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent" "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler" "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Menedľer aplikacji powˆoki" "{0B124F8F-91F0-11D1-B8B5-006008059382}"="Wyliczanie zainstalowanych aplikacji" "{CFCCC7A0-A282-11D1-9082-006008059382}"="Publikator aplikacji Darwin" "{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs" "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory" "{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+program wyodr©bniajĄcy miniatury plik˘w" "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Informacje podsumowujĄce obsˆugi miniatur (DOCFILES)" "{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Wyodr©bnianie miniatur HTML" "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler" "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Kreator publikacji w sieci Web" "{add36aa8-751a-4579-a266-d66f5202ccbb}"="Zamawianie odbitek w sieci Web" "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Obiekt powˆoki kreatora publikacji" "{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Kreator uzyskiwania profilu usˆugi Passport" "{7A9D77BD-5403-11d2-8785-2E0420524153}"="Konta uľytkownik˘w" "{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler" "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target" "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Plik kanaˆu" "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Skr˘t kanaˆu" "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Obiekt obsˆugi kanaˆu" "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu" "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties" "{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview" "{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext" "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control" "{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control" "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control" "{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control" "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control" "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI" "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object" "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find" "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find" "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI" "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs" "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook" "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target" "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties" "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu" "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options" "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Folder plik˘w trybu offline" "{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler" "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell" "{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%" "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler" "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer" "{32714800-2E5F-11d0-8B85-00AA0044F941}"="&Do os˘b..." "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler" "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler" "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler" "{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer" "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu" "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension" "{A155339D-CCCD-4714-85EB-3754B804C9DF}"="a-squared Free Context Menu Shell Extension" "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}"="UnlockerShellExtension" ********************************************************************************** HKEY ROOT CLASSIDS: ********************************************************************************** Files Found are not all bad files: Locate .tmp files: ********************************************************************************** Directory Listing of system files: Wolumin w stacji C nie ma etykiety. Numer seryjny woluminu: EC2C-DD9B Katalog: C:WINDOWSSystem32 2006-11-20 10:06 117˙760 KB4553736.LOG 2006-11-18 12:30 117˙760 x.LOG 2006-11-15 15:10 55˙808 .exe 2006-11-08 21:59 <DIR> dllcache 2001-10-26 17:29 51˙712 Ravdm.exe 4 plik(˘w) 343˙040 bajt˘w 1 katalog(˘w) 12˙861˙423˙616 bajt˘w wolnych

A co dokładniej mam zrobić z tym linkiem co mi dałeś wyżej??

przez **pp3088** » 25 Lis 2006, 19:37

Logi czyste.

Co do tamtego to dodaj to do rejestru. Niweluje szkody VX2. Byc może ostatnio przez moje pominięcie z tym wpisem bawimy się znowu

przez **BlackHawk** » 22 Gru 2006, 22:05

Witam!

Mam znowu problem. Nie wiem dlaczego mnie zawsze takie rzeczy dotykają ale cóż.

Do rzeczy.
Jak włącze kompa i podepne neta to po niecałych 10 minutach restartuje mi się komputer.
Przejechałem a2, Ad-awarem i nic nie pomogło. Kończą mi się pomysły więc pisze. Do tego wyskakuje mi jeszcze takie irytujące okienko
ostrzegawcze ze znakami zapytania i przyciskiem OK, np. kiedy wkładam płyte i uruvhami mi się autostart, jak wchodze w niektóre
opcje w panelu sterowania, zawsze przy starcie windy i jak wpinam jakieś urzadenia do USB.

Niżej sa logi.

HiJackThis:

"Silent Runners.vbs", revision 49, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:
---------------------------------

HKCUSoftwareMicrosoftWindowsCurrentVersionRun {++}
"Gadu-Gadu" = ""C:Program FilesGadu-Gadugg.exe" /tray" ["sms-express.com"]

HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerRun {++}
"9" = "C:WINDOWSSystem32Ravdm.exe" [null data]
"KAV" = "rundll32.exe "C:Program FilesKavKav.dll",AntiVirus" [MS]

HKLMSoftwareMicrosoftWindowsCurrentVersionRun {++}
"UnlockerAssistant" = ""C:Program FilesUnlockerUnlockerAssistant.exe"" [null data]
"WinampAgent" = "C:Program FilesWinampwinampa.exe" [null data]
"QuickTime Task" = ""C:Program FilesQuickTimeqttask.exe" -atboottime" [file not found]
"iTunesHelper" = ""C:Program FilesiTunesiTunesHelper.exe"" ["Apple Computer, Inc."]
"RemoteControl" = ""C:Program FilesCyberLinkPowerDVDPDVDServ.exe"" ["Cyberlink Corp."]
"HP Software Update" = "C:Program FilesHewlett-PackardHP Software UpdateHPWuSchd.exe" [null data]
"DeviceDiscovery" = "C:Program FilesHewlett-PackardDigital Imaginginhpotdd01.exe" ["Hewlett-Packard"]
"Onet.pl AutoUpdate" = "C:Program FilesCommon FilesOnet.plAutoUpdate.exe /tsr" ["Onet.pl"]
"DAEMON Tools" = ""C:Program FilesDAEMON Toolsdaemon.exe" -lang 1033" ["DT Soft Ltd."]

[/code]

HiJakcThis:

Kod: Zaznacz wszystko: Logfile of HijackThis v1.99.1 Scan saved at 21:06:54, on 2006-12-22 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:WINDOWSSystem32smss.exe C:WINDOWSsystem32csrss.exe C:WINDOWSsystem32winlogon.exe C:WINDOWSsystem32services.exe C:WINDOWSsystem32lsass.exe C:WINDOWSsystem32svchost.exe C:WINDOWSSystem32svchost.exe C:WINDOWSSystem32svchost.exe C:WINDOWSSystem32svchost.exe C:WINDOWSsystem32spoolsv.exe C:WINDOWSExplorer.EXE C:Program FilesUnlockerUnlockerAssistant.exe C:Program FilesWinampwinampa.exe C:Program FilesiTunesiTunesHelper.exe C:Program FilesCyberLinkPowerDVDPDVDServ.exe C:Program FilesHewlett-PackardHP Software UpdateHPWuSchd.exe C:Program FilesHewlett-PackardDigital Imaginginhpotdd01.exe C:Program FilesCommon FilesOnet.plAutoUpdate.exe C:Program FilesDAEMON Toolsdaemon.exe C:Program FilesGadu-Gadugg.exe C:Program FilesGetRightgetright.exe C:Program FilesCommon FilesLightScribeLSSrvc.exe C:WINDOWSSystem32MRTServ.exe C:WINDOWSSystem32 vsvc32.exe C:WINDOWSSystem32svchost.exe C:Program FilesiPodiniPodService.exe C:WINDOWSTEMPVRT4C.tmp C:PROGRA~1MOZILL~1FIREFOX.EXE C:Program FilesKONAMIPro Evolution Soccer 6pes6.exe C:WINDOWSsystem32 otepad.exe C:WINDOWSsystem32NOTEPAD.EXE C:WINDOWSSystem32WScript.exe C:WINDOWSSystem32wbemwmiprvse.exe C:WINDOWSSystem32wbemwmiprvse.exe C:WINDOWSsystem32NOTEPAD.EXE C:Documents and SettingsBlackHawkPulpitHijackThis.exe R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:Program FilesGetRightxx2gr.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:Program FilesBitComet oolsBitCometBHO.dll O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:PROGRA~1MEGAUP~1MEGAUP~1.DLL O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocx O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:PROGRA~1MEGAUP~1MEGAUP~1.DLL O4 - HKLM..Run: [UnlockerAssistant] "C:Program FilesUnlockerUnlockerAssistant.exe" O4 - HKLM..Run: [WinampAgent] C:Program FilesWinampwinampa.exe O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime O4 - HKLM..Run: [iTunesHelper] "C:Program FilesiTunesiTunesHelper.exe" O4 - HKLM..Run: [RemoteControl] "C:Program FilesCyberLinkPowerDVDPDVDServ.exe" O4 - HKLM..Run: [HP Software Update] C:Program FilesHewlett-PackardHP Software UpdateHPWuSchd.exe O4 - HKLM..Run: [DeviceDiscovery] C:Program FilesHewlett-PackardDigital Imaginginhpotdd01.exe O4 - HKLM..Run: [Onet.pl AutoUpdate] C:Program FilesCommon FilesOnet.plAutoUpdate.exe /tsr O4 - HKLM..Run: [DAEMON Tools] "C:Program FilesDAEMON Toolsdaemon.exe" -lang 1033 O4 - HKCU..Run: [Gadu-Gadu] "C:Program FilesGadu-Gadugg.exe" /tray O4 - Global Startup: GetRight - Tray Icon.lnk = C:Program FilesGetRightgetright.exe O8 - Extra context menu item: Download all links using BitComet - res://C:Program FilesBitCometBitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download all videos using BitComet - res://C:Program FilesBitCometBitComet.exe/AddVideo.htm O8 - Extra context menu item: Download link using &BitComet - res://C:Program FilesBitCometBitComet.exe/AddLink.htm O8 - Extra context menu item: Download with GetRight - C:Program FilesGetRightGRdownload.htm O8 - Extra context menu item: Open with GetRight Browser - C:Program FilesGetRightGRbrowse.htm O16 - DPF: {5A09E43F-A0A7-4ABF-AF80-11367CF1DC8F} (MainControl Class) - http://mks.com.pl/skaner/SkanerOnline.cab O21 - SSODL: AdobePDF - {D92D666A-0F7B-5892-A7E8-29340333F07E} - c:program filesinternet explorerPLUGINS ppdf.dll O21 - SSODL: QQMusic - {E16A6111-85DD-4877-8E67-017B0193D359} - C:WINDOWSQQMusic.dll O23 - Service: iPod Service - Apple Computer, Inc. - C:Program FilesiPodiniPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:Program FilesCommon FilesLightScribeLSSrvc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:WINDOWSSystem32 vsvc32.exe O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:WINDOWSSystem32wdfmgr.exe (file missing)

L2mfix:

Kod: Zaznacz wszystko: L2MFIX find log 051206 These are the registry keys present ********************************************************************************** Winlogon/notify: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionWinlogonNotify] [HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionWinlogonNotifycrypt32chain] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00, 6c,00,00,00 "Logoff"="ChainWlxLogoffEvent" [HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionWinlogonNotifycryptnet] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00, 6c,00,6c,00,00,00 "Logoff"="CryptnetWlxLogoffEvent" [HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionWinlogonNotifycscdll] "DLLName"="cscdll.dll" "Logon"="WinlogonLogonEvent" "Logoff"="WinlogonLogoffEvent" "ScreenSaver"="WinlogonScreenSaverEvent" "Startup"="WinlogonStartupEvent" "Shutdown"="WinlogonShutdownEvent" "StartShell"="WinlogonStartShellEvent" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionWinlogonNotifyScCertProp] "DLLName"="wlnotify.dll" "Logon"="SCardStartCertProp" "Logoff"="SCardStopCertProp" "Lock"="SCardSuspendCertProp" "Unlock"="SCardResumeCertProp" "Enabled"=dword:00000001 "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionWinlogonNotifySchedule] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00, 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "StartShell"="SchedStartShell" "Logoff"="SchedEventLogOff" [HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionWinlogonNotifysclgntfy] "Logoff"="WLEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00, 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionWinlogonNotifySensLogn] "DLLName"="WlNotify.dll" "Lock"="SensLockEvent" "Logon"="SensLogonEvent" "Logoff"="SensLogoffEvent" "Safe"=dword:00000001 "MaxWait"=dword:00000258 "StartScreenSaver"="SensStartScreenSaverEvent" "StopScreenSaver"="SensStopScreenSaverEvent" "Startup"="SensStartupEvent" "Shutdown"="SensShutdownEvent" "StartShell"="SensStartShellEvent" "PostShell"="SensPostShellEvent" "Disconnect"="SensDisconnectEvent" "Reconnect"="SensReconnectEvent" "Unlock"="SensUnlockEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionWinlogonNotify ermsrv] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00, 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "Logoff"="TSEventLogoff" "Logon"="TSEventLogon" "PostShell"="TSEventPostShell" "Shutdown"="TSEventShutdown" "StartShell"="TSEventStartShell" "Startup"="TSEventStartup" "MaxWait"=dword:00000258 "Reconnect"="TSEventReconnect" "Disconnect"="TSEventDisconnect" [HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionWinlogonNotifywlballoon] "DLLName"="wlnotify.dll" "Logon"="RegisterTicketExpiredNotificationEvent" "Logoff"="UnregisterTicketExpiredNotificationEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 ********************************************************************************** useragent: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionInternet SettingsUser AgentPost Platform] ********************************************************************************** Shell Extension key: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShell ExtensionsApproved] "{00022613-0000-0000-C000-000000000046}"="Karta wˆa˜ciwo˜ci pliku multimedialnego" "{176d6597-26d3-11d1-b350-080036a75b03}"="ZarzĄdzanie skanerem ICM" "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Strona zabezpieczeä NTFS" "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Strona wˆa˜ciwo˜ci OLE Docfile" "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Rozszerzenia powˆoki dla udost©pniania zasob˘w" "{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension" "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Rozszerzenie CPL karty graficznej" "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Rozszerzenie CPL monitora wy˜wietlania" "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Rozszerzenie CPL kadrowania wy˜wietlania" "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Strona zabezpieczeä usˆugi DS" "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Strona zgodno˜ci" "{56117100-C0CD-101B-81E2-00AA004AE837}"="Program obsˆugi danych wycinkowych powˆoki" "{59099400-57FF-11CE-BD94-0020AF85B590}"="Rozszerzenie Disc Copy" "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Rozszerzenia powˆoki dla obiekt˘w Microsoft Windows Network" "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ZarzĄdzanie monitorem ICM" "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ZarzĄdzanie drukarkĄ ICM" "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Rozszerzenia powˆoki dla kompresji plik˘w" "{77597368-7b15-11d0-a0c2-080036af3f03}"="Rozszerzenie powˆoki drukarek sieci Web" "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI" "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu kontekstowe szyfrowania" "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Akt˘wka" "{88895560-9AA2-1069-930E-00AA0030EBC8}"="Rozszerzenie ikony HyperTerminalu" "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts" "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC" "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Strona zabezpieczeä drukarek" "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Rozszerzenia powˆoki dla udost©pniania zasob˘w" "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension" "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Rozszerzenie Crypto PKO" "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Rozszerzenie Crypto Sign" "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="PoˆĄczenia sieciowe" "{992CFFA0-F557-101A-88EC-00DD010CCC48}"="PoˆĄczenia sieciowe" "{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Skanery i aparaty fotograficzne" "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Skanery i aparaty fotograficzne" "{905667aa-acd6-11d2-8080-00805f6596d2}"="&Skanery i aparaty fotograficzne" "{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Skanery i aparaty fotograficzne" "{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Skanery i aparaty fotograficzne" "{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension" "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension" "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Rozszerzenia powˆoki dla hosta skrypt˘w systemu Windows" "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link" "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler" "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension" "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Zaplanowane zadania" "{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Pasek zadaä i menu Start" "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Wyszukaj" "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Pomoc i obsˆuga techniczna" "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Pomoc i obsˆuga techniczna" "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Uruchom..." "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet" "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail" "{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Czcionki" "{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Narz©dzia administracyjne" "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler" "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler" "{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler" "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler" "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler" "{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor" "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Pasek narz©dzi programu Microsoft Internet" "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Stan pobierania" "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Folder powˆoki zwi©kszonej" "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Folder powˆoki zwi©kszonej 2" "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy" "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Pasek przeglĄdarki Microsoft" "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Pasek wyszukiwania" "{32683183-48a0-441b-a342-7c2a440a9478}"="Pasek multimedi˘w" "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Wyszukiwanie w okienku" "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Wyszukiwanie w sieci Web" "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Narz©dzie opcji drzewa rejestru" "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adres" "{A08C11D2-A228-11d0-825B-00AA005B4383}"="Pole edycji adresu" "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Autouzupeˆnianie Microsoft" "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="Wyodr©bnianie obraz˘w Trident" "{6756A641-DE71-11d0-831B-00AA005B4383}"="Lista autouzupeˆniania MRU" "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Niestandardowa lista autouzupeˆniania MRU" "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Dost©pny" "{acf35015-526e-4230-9596-becbe19f0ac9}"="Pasek podr©czny ˜ledzenia" "{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analizator paska adresu" "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Lista autouzupeˆniania historii Microsoft" "{03C036F1-A186-11D0-824A-00AA005B4383}"="Lista autouzupeˆniania folderu powˆoki Microsoft" "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Kontener wielu list autouzupeˆniania Microsoft" "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu witryny paska powˆoki" "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp" "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Pasek pulpitu powˆoki" "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite" "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Pomoc dla uľytkownika" "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Globalne ustawienia folder˘w" "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band" "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service" "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer" "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture" "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut" "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service" "{FF393560-C2A7-11CF-BFF4-444553540000}"="Historia" "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Tymczasowe pliki internetowe" "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Tymczasowe pliki internetowe" "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook" "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Ekran powitalny pakietu IE4" "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook" "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC" "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC" "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet" "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space" "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Pasek eksploratora" "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{88C6C381-2E85-11D0-94DE-444553540000}"="Folder pami©ci podr©cznej ActiveX" "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck" "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr" "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Folder subskrypcji" "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler" "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent" "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent" "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent" "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent" "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent" "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler" "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Menedľer aplikacji powˆoki" "{0B124F8F-91F0-11D1-B8B5-006008059382}"="Wyliczanie zainstalowanych aplikacji" "{CFCCC7A0-A282-11D1-9082-006008059382}"="Publikator aplikacji Darwin" "{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs" "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory" "{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+program wyodr©bniajĄcy miniatury plik˘w" "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Informacje podsumowujĄce obsˆugi miniatur (DOCFILES)" "{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Wyodr©bnianie miniatur HTML" "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler" "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Kreator publikacji w sieci Web" "{add36aa8-751a-4579-a266-d66f5202ccbb}"="Zamawianie odbitek w sieci Web" "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Obiekt powˆoki kreatora publikacji" "{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Kreator uzyskiwania profilu usˆugi Passport" "{7A9D77BD-5403-11d2-8785-2E0420524153}"="Konta uľytkownik˘w" "{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler" "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target" "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Plik kanaˆu" "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Skr˘t kanaˆu" "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Obiekt obsˆugi kanaˆu" "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu" "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties" "{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview" "{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext" "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control" "{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control" "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control" "{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control" "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control" "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI" "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object" "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find" "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find" "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI" "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs" "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook" "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target" "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties" "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu" "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options" "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Folder plik˘w trybu offline" "{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler" "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell" "{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%" "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler" "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer" "{32714800-2E5F-11d0-8B85-00AA0044F941}"="&Do os˘b..." "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler" "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler" "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler" "{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer" "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu" "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension" "{A155339D-CCCD-4714-85EB-3754B804C9DF}"="a-squared Free Context Menu Shell Extension" "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}"="UnlockerShellExtension" "{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}"="iTunes" "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}"="OpenOffice.org Column Handler" "{087B3AE3-E237-4467-B8DB-5A38AB959AC9}"="OpenOffice.org Infotip Handler" "{63542C48-9552-494A-84F7-73AA6A7C99C1}"="OpenOffice.org Property Sheet Handler" "{3B092F0C-7696-40E3-A80F-68D74DA84210}"="OpenOffice.org Thumbnail Viewer" ********************************************************************************** HKEY ROOT CLASSIDS: ********************************************************************************** Files Found are not all bad files: ********************************************************************************** Directory Listing of system files: Wolumin w stacji C nie ma etykiety. Numer seryjny woluminu: EC2C-DD9B Katalog: C:WINDOWSSystem32 2006-12-22 09:05 117˙760 KB4553736.LOG 2006-11-18 12:30 117˙760 x.LOG 2006-11-15 15:10 55˙808 .exe 2006-11-08 21:59 <DIR> dllcache 2001-10-26 17:29 51˙712 Ravdm.exe 4 plik(˘w) 343˙040 bajt˘w 1 katalog(˘w) 5˙311˙021˙056 bajt˘w wolnych

Prosze o pomoc.

Z góry dzięki.

przez **pp3088** » 22 Gru 2006, 23:19

C:WINDOWSSystem32Ravdm.exe

To na czerwono do kosza ręcznie

O21 - SSODL: QQMusic - {E16A6111-85DD-4877-8E67-017B0193D359} - C:WINDOWSQQMusic.dll

Znasz to może?

przez **BlackHawk** » 22 Gru 2006, 23:40

Niebardzo.

Jak nie znam to wywalić??

przez **BlackHawk** » 22 Gru 2006, 23:52

Tego pliku co wypisałeś wyżej nie mam na dysku. Sprawdziłem z netem i bez neta. Co mam zrobić z tym linkiem wyżej??

Logi

HiJack

Kod: Zaznacz wszystko: Logfile of HijackThis v1.99.1 Scan saved at 23:01:53, on 2006-12-22 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:WINDOWSSystem32smss.exe C:WINDOWSsystem32csrss.exe C:WINDOWSsystem32winlogon.exe C:WINDOWSsystem32services.exe C:WINDOWSsystem32lsass.exe C:WINDOWSsystem32svchost.exe C:WINDOWSSystem32svchost.exe C:WINDOWSSystem32svchost.exe C:WINDOWSSystem32svchost.exe C:WINDOWSsystem32spoolsv.exe C:WINDOWSExplorer.EXE C:Program FilesUnlockerUnlockerAssistant.exe C:Program FilesWinampwinampa.exe C:Program FilesiTunesiTunesHelper.exe C:Program FilesCyberLinkPowerDVDPDVDServ.exe C:Program FilesHewlett-PackardHP Software UpdateHPWuSchd.exe C:Program FilesHewlett-PackardDigital Imaginginhpotdd01.exe C:Program FilesDAEMON Toolsdaemon.exe C:Program FilesGetRightgetright.exe C:Program FilesCommon FilesLightScribeLSSrvc.exe C:WINDOWSSystem32MRTServ.exe C:WINDOWSSystem32 vsvc32.exe C:WINDOWSSystem32svchost.exe C:Program FilesiPodiniPodService.exe C:Program FilesMozilla Firefoxfirefox.exe C:PROGRA~1MOZILL~1FIREFOX.EXE C:WINDOWSTEMPVRT5F.tmp C:Documents and SettingsBlackHawkPulpitHijackThis.exe R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:Program FilesGetRightxx2gr.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:Program FilesBitComet oolsBitCometBHO.dll O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:PROGRA~1MEGAUP~1MEGAUP~1.DLL O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocx O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:PROGRA~1MEGAUP~1MEGAUP~1.DLL O4 - HKLM..Run: [UnlockerAssistant] "C:Program FilesUnlockerUnlockerAssistant.exe" O4 - HKLM..Run: [WinampAgent] C:Program FilesWinampwinampa.exe O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime O4 - HKLM..Run: [iTunesHelper] "C:Program FilesiTunesiTunesHelper.exe" O4 - HKLM..Run: [RemoteControl] "C:Program FilesCyberLinkPowerDVDPDVDServ.exe" O4 - HKLM..Run: [HP Software Update] C:Program FilesHewlett-PackardHP Software UpdateHPWuSchd.exe O4 - HKLM..Run: [DeviceDiscovery] C:Program FilesHewlett-PackardDigital Imaginginhpotdd01.exe O4 - HKLM..Run: [Onet.pl AutoUpdate] C:Program FilesCommon FilesOnet.plAutoUpdate.exe /tsr O4 - HKLM..Run: [DAEMON Tools] "C:Program FilesDAEMON Toolsdaemon.exe" -lang 1033 O4 - HKCU..Run: [Gadu-Gadu] "C:Program FilesGadu-Gadugg.exe" /tray O4 - Global Startup: GetRight - Tray Icon.lnk = C:Program FilesGetRightgetright.exe O8 - Extra context menu item: Download all links using BitComet - res://C:Program FilesBitCometBitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download all videos using BitComet - res://C:Program FilesBitCometBitComet.exe/AddVideo.htm O8 - Extra context menu item: Download link using &BitComet - res://C:Program FilesBitCometBitComet.exe/AddLink.htm O8 - Extra context menu item: Download with GetRight - C:Program FilesGetRightGRdownload.htm O8 - Extra context menu item: Open with GetRight Browser - C:Program FilesGetRightGRbrowse.htm O16 - DPF: {5A09E43F-A0A7-4ABF-AF80-11367CF1DC8F} (MainControl Class) - http://mks.com.pl/skaner/SkanerOnline.cab O21 - SSODL: AdobePDF - {D92D666A-0F7B-5892-A7E8-29340333F07E} - c:program filesinternet explorerPLUGINS ppdf.dll O21 - SSODL: QQMusic - {E16A6111-85DD-4877-8E67-017B0193D359} - C:WINDOWSQQMusic.dll O23 - Service: iPod Service - Apple Computer, Inc. - C:Program FilesiPodiniPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:Program FilesCommon FilesLightScribeLSSrvc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:WINDOWSSystem32 vsvc32.exe O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:WINDOWSSystem32wdfmgr.exe (file missing)

i l2mfix

Kod: Zaznacz wszystko: L2MFIX find log 051206 These are the registry keys present ********************************************************************************** Winlogon/notify: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionWinlogonNotify] [HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionWinlogonNotifycrypt32chain] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00, 6c,00,00,00 "Logoff"="ChainWlxLogoffEvent" [HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionWinlogonNotifycryptnet] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00, 6c,00,6c,00,00,00 "Logoff"="CryptnetWlxLogoffEvent" [HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionWinlogonNotifycscdll] "DLLName"="cscdll.dll" "Logon"="WinlogonLogonEvent" "Logoff"="WinlogonLogoffEvent" "ScreenSaver"="WinlogonScreenSaverEvent" "Startup"="WinlogonStartupEvent" "Shutdown"="WinlogonShutdownEvent" "StartShell"="WinlogonStartShellEvent" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionWinlogonNotifyScCertProp] "DLLName"="wlnotify.dll" "Logon"="SCardStartCertProp" "Logoff"="SCardStopCertProp" "Lock"="SCardSuspendCertProp" "Unlock"="SCardResumeCertProp" "Enabled"=dword:00000001 "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionWinlogonNotifySchedule] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00, 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "StartShell"="SchedStartShell" "Logoff"="SchedEventLogOff" [HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionWinlogonNotifysclgntfy] "Logoff"="WLEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00, 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionWinlogonNotifySensLogn] "DLLName"="WlNotify.dll" "Lock"="SensLockEvent" "Logon"="SensLogonEvent" "Logoff"="SensLogoffEvent" "Safe"=dword:00000001 "MaxWait"=dword:00000258 "StartScreenSaver"="SensStartScreenSaverEvent" "StopScreenSaver"="SensStopScreenSaverEvent" "Startup"="SensStartupEvent" "Shutdown"="SensShutdownEvent" "StartShell"="SensStartShellEvent" "PostShell"="SensPostShellEvent" "Disconnect"="SensDisconnectEvent" "Reconnect"="SensReconnectEvent" "Unlock"="SensUnlockEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionWinlogonNotify ermsrv] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00, 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "Logoff"="TSEventLogoff" "Logon"="TSEventLogon" "PostShell"="TSEventPostShell" "Shutdown"="TSEventShutdown" "StartShell"="TSEventStartShell" "Startup"="TSEventStartup" "MaxWait"=dword:00000258 "Reconnect"="TSEventReconnect" "Disconnect"="TSEventDisconnect" [HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionWinlogonNotifywlballoon] "DLLName"="wlnotify.dll" "Logon"="RegisterTicketExpiredNotificationEvent" "Logoff"="UnregisterTicketExpiredNotificationEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 ********************************************************************************** useragent: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionInternet SettingsUser AgentPost Platform] ********************************************************************************** Shell Extension key: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShell ExtensionsApproved] "{00022613-0000-0000-C000-000000000046}"="Karta wˆa˜ciwo˜ci pliku multimedialnego" "{176d6597-26d3-11d1-b350-080036a75b03}"="ZarzĄdzanie skanerem ICM" "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Strona zabezpieczeä NTFS" "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Strona wˆa˜ciwo˜ci OLE Docfile" "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Rozszerzenia powˆoki dla udost©pniania zasob˘w" "{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension" "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Rozszerzenie CPL karty graficznej" "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Rozszerzenie CPL monitora wy˜wietlania" "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Rozszerzenie CPL kadrowania wy˜wietlania" "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Strona zabezpieczeä usˆugi DS" "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Strona zgodno˜ci" "{56117100-C0CD-101B-81E2-00AA004AE837}"="Program obsˆugi danych wycinkowych powˆoki" "{59099400-57FF-11CE-BD94-0020AF85B590}"="Rozszerzenie Disc Copy" "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Rozszerzenia powˆoki dla obiekt˘w Microsoft Windows Network" "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ZarzĄdzanie monitorem ICM" "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ZarzĄdzanie drukarkĄ ICM" "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Rozszerzenia powˆoki dla kompresji plik˘w" "{77597368-7b15-11d0-a0c2-080036af3f03}"="Rozszerzenie powˆoki drukarek sieci Web" "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI" "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu kontekstowe szyfrowania" "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Akt˘wka" "{88895560-9AA2-1069-930E-00AA0030EBC8}"="Rozszerzenie ikony HyperTerminalu" "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts" "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC" "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Strona zabezpieczeä drukarek" "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Rozszerzenia powˆoki dla udost©pniania zasob˘w" "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension" "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Rozszerzenie Crypto PKO" "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Rozszerzenie Crypto Sign" "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="PoˆĄczenia sieciowe" "{992CFFA0-F557-101A-88EC-00DD010CCC48}"="PoˆĄczenia sieciowe" "{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Skanery i aparaty fotograficzne" "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Skanery i aparaty fotograficzne" "{905667aa-acd6-11d2-8080-00805f6596d2}"="&Skanery i aparaty fotograficzne" "{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Skanery i aparaty fotograficzne" "{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Skanery i aparaty fotograficzne" "{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension" "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension" "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Rozszerzenia powˆoki dla hosta skrypt˘w systemu Windows" "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link" "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler" "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension" "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Zaplanowane zadania" "{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Pasek zadaä i menu Start" "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Wyszukaj" "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Pomoc i obsˆuga techniczna" "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Pomoc i obsˆuga techniczna" "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Uruchom..." "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet" "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail" "{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Czcionki" "{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Narz©dzia administracyjne" "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler" "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler" "{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler" "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler" "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler" "{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor" "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Pasek narz©dzi programu Microsoft Internet" "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Stan pobierania" "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Folder powˆoki zwi©kszonej" "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Folder powˆoki zwi©kszonej 2" "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy" "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Pasek przeglĄdarki Microsoft" "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Pasek wyszukiwania" "{32683183-48a0-441b-a342-7c2a440a9478}"="Pasek multimedi˘w" "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Wyszukiwanie w okienku" "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Wyszukiwanie w sieci Web" "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Narz©dzie opcji drzewa rejestru" "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adres" "{A08C11D2-A228-11d0-825B-00AA005B4383}"="Pole edycji adresu" "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Autouzupeˆnianie Microsoft" "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="Wyodr©bnianie obraz˘w Trident" "{6756A641-DE71-11d0-831B-00AA005B4383}"="Lista autouzupeˆniania MRU" "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Niestandardowa lista autouzupeˆniania MRU" "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Dost©pny" "{acf35015-526e-4230-9596-becbe19f0ac9}"="Pasek podr©czny ˜ledzenia" "{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analizator paska adresu" "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Lista autouzupeˆniania historii Microsoft" "{03C036F1-A186-11D0-824A-00AA005B4383}"="Lista autouzupeˆniania folderu powˆoki Microsoft" "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Kontener wielu list autouzupeˆniania Microsoft" "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu witryny paska powˆoki" "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp" "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Pasek pulpitu powˆoki" "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite" "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Pomoc dla uľytkownika" "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Globalne ustawienia folder˘w" "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band" "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service" "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer" "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture" "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut" "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service" "{FF393560-C2A7-11CF-BFF4-444553540000}"="Historia" "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Tymczasowe pliki internetowe" "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Tymczasowe pliki internetowe" "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook" "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Ekran powitalny pakietu IE4" "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook" "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC" "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC" "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet" "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space" "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Pasek eksploratora" "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{88C6C381-2E85-11D0-94DE-444553540000}"="Folder pami©ci podr©cznej ActiveX" "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck" "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr" "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Folder subskrypcji" "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler" "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent" "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent" "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent" "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent" "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent" "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler" "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Menedľer aplikacji powˆoki" "{0B124F8F-91F0-11D1-B8B5-006008059382}"="Wyliczanie zainstalowanych aplikacji" "{CFCCC7A0-A282-11D1-9082-006008059382}"="Publikator aplikacji Darwin" "{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs" "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory" "{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+program wyodr©bniajĄcy miniatury plik˘w" "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Informacje podsumowujĄce obsˆugi miniatur (DOCFILES)" "{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Wyodr©bnianie miniatur HTML" "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler" "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Kreator publikacji w sieci Web" "{add36aa8-751a-4579-a266-d66f5202ccbb}"="Zamawianie odbitek w sieci Web" "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Obiekt powˆoki kreatora publikacji" "{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Kreator uzyskiwania profilu usˆugi Passport" "{7A9D77BD-5403-11d2-8785-2E0420524153}"="Konta uľytkownik˘w" "{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler" "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target" "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Plik kanaˆu" "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Skr˘t kanaˆu" "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Obiekt obsˆugi kanaˆu" "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu" "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties" "{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview" "{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext" "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control" "{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control" "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control" "{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control" "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control" "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI" "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object" "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find" "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find" "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI" "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs" "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook" "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target" "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties" "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu" "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options" "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Folder plik˘w trybu offline" "{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler" "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell" "{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%" "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler" "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer" "{32714800-2E5F-11d0-8B85-00AA0044F941}"="&Do os˘b..." "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler" "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler" "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler" "{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer" "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu" "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension" "{A155339D-CCCD-4714-85EB-3754B804C9DF}"="a-squared Free Context Menu Shell Extension" "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}"="UnlockerShellExtension" "{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}"="iTunes" "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}"="OpenOffice.org Column Handler" "{087B3AE3-E237-4467-B8DB-5A38AB959AC9}"="OpenOffice.org Infotip Handler" "{63542C48-9552-494A-84F7-73AA6A7C99C1}"="OpenOffice.org Property Sheet Handler" "{3B092F0C-7696-40E3-A80F-68D74DA84210}"="OpenOffice.org Thumbnail Viewer" ********************************************************************************** HKEY ROOT CLASSIDS: ********************************************************************************** Files Found are not all bad files: Locate .tmp files: ********************************************************************************** Directory Listing of system files: Wolumin w stacji C nie ma etykiety. Numer seryjny woluminu: EC2C-DD9B Katalog: C:WINDOWSSystem32 2006-12-22 09:05 117˙760 KB4553736.LOG 2006-11-18 12:30 117˙760 x.LOG 2006-11-15 15:10 55˙808 .exe 2006-11-08 21:59 <DIR> dllcache 2001-10-26 17:29 51˙712 Ravdm.exe 4 plik(˘w) 343˙040 bajt˘w 1 katalog(˘w) 5˙310˙218˙240 bajt˘w wolnych

przez **pp3088** » 23 Gru 2006, 01:23

O21 - SSODL: QQMusic - {E16A6111-85DD-4877-8E67-017B0193D359} - C:WINDOWSQQMusic.dll

fix.

Poprosze o logi z SmitFraud Fixa i ComboFix

przez **BlackHawk** » 23 Gru 2006, 12:01

Oto logi,

z SmitFraudFix:

Kod: Zaznacz wszystko: SmitFraudFix v2.122 Scan done at 10:55:44,09, 2006-12-23 Run from C:Documents and SettingsBlackHawkPulpitSmitfraudFix OS: Microsoft Windows XP [Wersja 5.1.2600] - Windows_NT Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» C: »»»»»»»»»»»»»»»»»»»»»»»» C:WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:WINDOWSsystem »»»»»»»»»»»»»»»»»»»»»»»» C:WINDOWSWeb »»»»»»»»»»»»»»»»»»»»»»»» C:WINDOWSsystem32 »»»»»»»»»»»»»»»»»»»»»»»» C:Documents and SettingsBlackHawk »»»»»»»»»»»»»»»»»»»»»»»» C:Documents and SettingsBlackHawkApplication Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu »»»»»»»»»»»»»»»»»»»»»»»» C:DOCUME~1BLACKH~1ULUBIONE »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» C:Program Files »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32 pe386 detected, use a Rootkit scanner »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End

i combofix

Kod: Zaznacz wszystko: ComboFix 06.11.27 - Running from: "C:Documents and SettingsBlackHawkPulpit" (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:Documents and SettingsBlackHawkDane aplikacjiInstall.dat C:WINDOWSuninstall_nmon.vbs C:Documents and SettingsLocalServiceDane aplikacjiNetMon C:Program FilesCommon Files{EC2CDD9B-0726-1045-0812-031024030030} ((((((((((((((((((((((((((((((( Files Created from 2006-11-23 to 2006-12-23 )))))))))))))))))))))))))))))))))) 2006-12-23 10:55 61,440 --a------ C:WINDOWSsystem32Process.exe 2006-12-23 10:47 <DIR> d--hs---- C:FOUND.010 2006-12-23 10:39 <DIR> d--hs---- C:FOUND.009 2006-12-22 15:38 <DIR> d--hs---- C:FOUND.008 2006-12-22 10:22 <DIR> d--hs---- C:FOUND.007 2006-12-22 09:42 <DIR> d--hs---- C:FOUND.006 2006-12-20 22:35 <DIR> d-------- C:Program FilesDX9RunTime 2006-12-20 21:13 <DIR> d-------- C:Program Filesillusion 2006-12-20 20:48 <DIR> d-------- C:Program FilesDAEMON Tools 2006-12-20 20:46 639,224 --a------ C:WINDOWSsystem32driverssptd.sys 2006-12-19 15:25 <DIR> d-------- C:Program FilesVID_0E8F&PID_100B 2006-12-19 14:51 <DIR> d-------- C:Program FilesKONAMI 2006-12-18 22:05 <DIR> d-------- C:Program FilesOnet 2006-12-18 22:05 <DIR> d-------- C:Program FilesCommon FilesOnet.pl 2006-12-18 22:05 <DIR> d-------- C:Documents and SettingsBlackHawkDane aplikacjiOnet 2006-12-18 22:05 <DIR> d-------- C:Documents and SettingsBlackHawkDane aplikacjiMozillaControl 2006-12-18 22:05 <DIR> d-------- C:Documents and SettingsBlackHawkDane aplikacjiListonosz 2006-12-18 22:05 <DIR> d-------- C:Documents and SettingsBlackHawkDane aplikacjiAutoUpdate 2006-12-12 17:43 82,380 --a------ C:WINDOWSsystem32driversAFS2K.SYS 2006-12-12 17:42 332,800 --a------ C:WINDOWSIsUn0415.exe 2006-12-12 17:07 <DIR> d-------- C:Program FilesHewlett-Packard 2006-12-12 12:25 <DIR> d-------- C:RMConverterOutput 2006-12-11 23:07 <DIR> d-------- C:Documents and SettingsBlackHawkDane aplikacjiCyberLink 2006-12-10 00:10 <DIR> d-------- C:games 2006-12-10 00:06 <DIR> d-------- C:Documents and SettingsBlackHawkDane aplikacji.BitTornado 2006-12-10 00:05 <DIR> d-------- C:Program FilesBitTornado 2006-12-07 20:24 <DIR> d-------- C:Program FilesUltra RM Converter 2006-12-07 09:44 <DIR> d-------- C:Program FilesMegauploadToolbar 2006-12-07 09:44 <DIR> d-------- C:Documents and SettingsBlackHawkDane aplikacjiMegauploadToolbar 2006-12-06 16:38 <DIR> d-------- C:Documents and SettingsBlackHawkDane aplikacjiOpenOffice.org2 2006-12-06 16:37 <DIR> d-------- C:Program FilesOpenOffice.org 2.0.3 2006-12-05 21:20 <DIR> d-------- C:Program FilesKav 2006-12-05 21:19 49,664 --ah----- C:WINDOWSQQMusic.dll 2006-12-05 21:19 45,056 --a------ C:WINDOWSmsole.dll 2006-11-26 16:06 <DIR> d-------- C:Program FileshyperMU 1.02K Full Client 2006-11-26 12:40 <DIR> d-------- C:Program FilesGetRight 2006-11-26 11:28 <DIR> d-------- C:Program FilesCyberLink 2006-11-26 11:28 <DIR> d-------- C:Documents and SettingsAll UsersDane aplikacjiCyberLink 2006-11-25 21:23 <DIR> d-------- C:Program FilesiPod 2006-11-25 21:23 <DIR> d-------- C:Documents and SettingsBlackHawkDane aplikacjiApple Computer 2006-11-25 21:22 <DIR> d-------- C:Program FilesQuickTime 2006-11-25 21:22 <DIR> d-------- C:Program FilesiTunes 2006-11-25 21:22 <DIR> d-------- C:Program FilesApple Software Update 2006-11-25 21:21 <DIR> d-------- C:Documents and SettingsAll UsersDane aplikacjiApple Computer 2006-11-25 20:53 <DIR> d-------- C:Program FilesPT Software 2006-11-25 16:37 <DIR> d--hs---- C:FOUND.005 2006-11-25 11:53 36,528 --------- C:WINDOWSsystem32driversPxHelp20.sys 2006-11-25 11:53 2,560 --------- C:WINDOWSsystem32driverscdralw2k.sys 2006-11-25 11:53 2,432 --------- C:WINDOWSsystem32driverscdr4_xp.sys 2006-11-25 11:53 129,784 --------- C:WINDOWSsystem32pxafs.dll 2006-11-25 11:53 115,880 --------- C:WINDOWSsystem32pxinsi64.exe 2006-11-25 11:51 <DIR> d-------- C:Program FilesWinamp 2006-11-24 08:05 <DIR> d--hs---- C:FOUND.004 (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) [color=red][b]Rootkit driver pe386 is present. A rootkit scan is required[/b][/color] 2006-12-23 10:55 1616 --a------ C:WINDOWSsystem32 mp.reg 2006-12-10 00:06 -------- d-------- C:Documents and SettingsBlackHawkDane aplikacji.BitTornado 2006-12-05 21:20 54784 ---hs---- C:WINDOWS455373LZ.DLL 2006-12-05 21:20 53248 ---hs---- C:WINDOWS455373JH.DLL 2006-11-22 22:38 -------- d-------- C:Program FilesAudacity 2006-11-19 23:42 -------- d-------- C:Program FilesIrfanView 2006-11-18 12:31 81408 ---hs---- C:WINDOWS455373.DLL 2006-11-18 01:27 513808 --a------ C:WINDOWSsystem32 undll32.exe 2006-11-18 01:18 10920 --a------ C:WINDOWSsystem32wdfmgr32.exe 2006-11-17 15:33 12528 --a------ C:WINDOWSsystem32driverssecdrv.sys 2006-11-16 23:21 -------- d-------- C:Program FilesUnlocker 2006-11-16 23:07 -------- d-------- C:Program FilesKaspersky Lab 2006-11-16 23:07 -------- d-------- C:Program Filesa-squared Free 2006-11-16 21:06 701 --a------ C:WINDOWSgmer.bat 2006-11-16 21:00 -------- d-------- C:Program Filesone Labs 2006-11-16 11:30 41392 --a------ C:WINDOWSOEM.exe 2006-11-16 11:29 57344 --a------ C:WINDOWSfree.exe 2006-11-16 11:24 24576 --a------ C:WINDOWSmmx499.exe 2006-11-16 02:18 24576 --a------ C:WINDOWSmmx379.exe 2006-11-16 01:17 24576 --a------ C:WINDOWSmmx429.exe 2006-11-16 00:17 24576 --a------ C:WINDOWSmmx926.exe 2006-11-15 23:55 24576 --a------ C:WINDOWSmmx290.exe 2006-11-15 21:38 24576 --a------ C:WINDOWSmmx578.exe 2006-11-15 19:39 -------- d-------- C:Program FilesLavasoft 2006-11-15 19:39 -------- d-------- C:Documents and SettingsBlackHawkDane aplikacjiLavasoft 2006-11-15 19:31 24576 --a------ C:WINDOWSmmx187.exe 2006-11-15 18:52 24576 --a------ C:WINDOWSmmx552.exe 2006-11-15 17:43 24576 --a------ C:WINDOWSmmx170.exe 2006-11-15 16:40 24576 --a------ C:WINDOWSmmx478.exe 2006-11-15 16:17 138 --a------ C:WINDOWS est.bat 2006-11-15 15:10 55808 --ahs---- C:WINDOWSsystem32.exe 2006-11-15 14:48 24576 --a------ C:WINDOWSmmx480.exe 2006-11-15 13:47 24576 --a------ C:WINDOWSmmx17.exe 2006-11-15 12:47 67072 --a------ C:WINDOWSarca.exe 2006-11-15 12:46 24576 --a------ C:WINDOWSmmx542.exe 2006-11-15 11:32 24576 --a------ C:WINDOWSschedule.exe 2006-11-15 11:32 24576 --a------ C:WINDOWSmmx401.exe 2006-11-15 00:24 24576 --a------ C:WINDOWSmmx602.exe 2006-11-14 23:57 101888 --a------ C:WINDOWSsystem32durvilx.exe 2006-11-14 23:56 6687 --------- C:WINDOWSsystem32ldcore.dll 2006-11-14 23:46 0 --a------ C:WINDOWSsystem32fhm.exe 2006-11-14 17:57 7380 --a------ C:WINDOWSsystem32dlh9jk3dq7.exe 2006-11-14 17:57 7380 --a------ C:WINDOWSsystem32dl2h9jkdq7.exe 2006-11-14 17:57 6868 --a------ C:WINDOWSsystem32dlh9j3kdq6.exe 2006-11-14 17:57 6868 --a------ C:WINDOWSsystem32dl2h9jkdq6.exe 2006-11-14 17:57 25535 --a------ C:WINDOWSsystem32dlh9j3kdq2.exe 2006-11-14 17:57 25535 --a------ C:WINDOWSsystem32d2lh9jkdq2.exe 2006-11-14 17:57 17920 --a------ C:WINDOWSsystem32 tio256.sys 2006-11-14 17:57 15360 --a------ C:WINDOWSsystem32protector.exe 2006-11-14 17:57 15 --a------ C:WINDOWSsystem32dlh9jk3dq8.exe 2006-11-14 17:57 15 --a------ C:WINDOWSsystem32d2lh9jkdq8.exe 2006-11-14 17:57 11414 --a------ C:WINDOWSsystem32 esttestt.exe 2006-11-14 17:57 10179 --a------ C:WINDOWSsystem32kernels1118.exe 2006-11-14 17:57 10179 --a------ C:WINDOWSsystem32dlh9j3kdq5.exe 2006-11-14 17:57 10179 --a------ C:WINDOWSsystem32d2lh9jkdq5.exe 2006-11-14 16:06 -------- d-------- C:Program FilesSkanerOnline 2006-11-13 16:35 8464 --a------ C:WINDOWSsystem32sporder.dll 2006-11-12 22:27 44648 --a------ C:WINDOWS111111111111.exe 2006-11-12 11:03 -------- d-------- C:Documents and SettingsBlackHawkDane aplikacjiMedia Player Classic 2006-11-12 10:51 -------- d-------- C:Program FilesCommon FilesLightScribe 2006-11-12 10:49 -------- d-------- C:Program FilesCommon FilesNero 2006-11-12 10:48 -------- d-------- C:Program FilesCommon FilesAhead 2006-11-12 10:48 -------- d-------- C:Program FilesAhead 2006-11-11 20:38 -------- d-------- C:Program Filesfoobar2000 2006-11-11 20:38 -------- d-------- C:Documents and SettingsBlackHawkDane aplikacjifoobar2000 2006-11-11 16:56 -------- d-------- C:Program FilesGuitar Pro 5 2006-11-10 22:51 -------- d-------- C:Program FilesEuroPlus+ Angielski z Cambridge 2006-11-10 22:51 -------- d-------- C:Program FilesCommon FilesYDP 2006-11-09 00:41 -------- d-------- C:Documents and SettingsBlackHawkDane aplikacjiMacromedia 2006-11-09 00:35 -------- d-------- C:Program FilesReal Alternative 2006-11-09 00:35 -------- d-------- C:Program FilesMedia Player Classic 2006-11-09 00:35 -------- d-------- C:Program FilesDamian Pasternak 2006-11-09 00:35 -------- d-------- C:Documents and SettingsBlackHawkDane aplikacjiReal 2006-11-09 00:31 -------- d-------- C:Program FilesMarBit 2006-11-09 00:19 80 --a------ C:WINDOWSgmer_uninstall.cmd 2006-11-09 00:19 -------- d-------- C:Program FilesWinRAR 2006-11-08 23:52 -------- d-------- C:Program FilesMozilla Thunderbird 2006-11-08 23:52 -------- d-------- C:Documents and SettingsBlackHawkDane aplikacjiThunderbird 2006-11-08 23:52 -------- d-------- C:Documents and SettingsBlackHawkDane aplikacjiTalkback 2006-11-08 23:33 -------- d-------- C:Program FilesCamgoo 2006-11-08 23:29 -------- d-------- C:Program FilesSunbelt Software 2006-11-08 23:28 -------- d-------- C:Program FilesCombined Community Codec Pack 2006-11-08 23:22 -------- d-------- C:Program FilesBitComet 2006-11-08 23:21 -------- d-------- C:Program FilesMozilla Firefox 2006-11-08 23:21 -------- d-------- C:Documents and SettingsBlackHawkDane aplikacjiMozilla 2006-11-08 23:20 -------- d-------- C:Program FilesGadu-Gadu 2006-11-08 23:17 -------- d-------- C:Program FileseMule 2006-11-08 23:16 -------- d-------- C:Program FilesSubEdit-Player 2006-11-08 23:10 -------- d-------- C:Program FilesPC Camer@ 2006-11-08 23:10 -------- d-------- C:Program FilesCommon FilesPCCamera 2006-11-08 23:00 -------- d-------- C:Program FilesThomson 2006-11-08 22:59 -------- d--h----- C:Program FilesInstallShield Installation Information 2006-11-08 22:59 -------- d-------- C:Program FilesJava Web Start 2006-11-08 22:59 -------- d-------- C:Program FilesJava 2006-11-08 22:59 -------- d-------- C:Program FilesCommon FilesInstallShield 2006-11-08 22:58 -------- d-------- C:Program FilesNeostrada TP 2006-11-08 22:44 -------- d--h----- C:Program FilesUninstall Information 2006-11-08 22:44 -------- d-------- C:Documents and SettingsBlackHawkDane aplikacjiIdentities 2006-11-08 22:30 0 -rahs---- C:MSDOS.SYS 2006-11-08 22:30 0 -rahs---- C:IO.SYS 2006-11-08 22:30 0 --a------ C:CONFIG.SYS 2006-11-08 22:30 0 --a------ C:AUTOEXEC.BAT 2006-11-08 22:30 -------- d-------- C:Program Filesxerox 2006-11-08 22:30 -------- d-------- C:Program Filesmicrosoft frontpage 2006-11-08 22:28 -------- d-------- C:Program FilesWindows Media Player 2006-11-08 22:28 -------- d-------- C:Program FilesOutlook Express 2006-11-08 22:28 -------- d-------- C:Program FilesNetMeeting 2006-11-08 22:28 -------- d-------- C:Program FilesMovie Maker 2006-11-08 22:28 -------- d-------- C:Program FilesInternet Explorer 2006-11-08 22:28 -------- d-------- C:Program FilesCommon FilesSystem 2006-11-08 22:28 -------- d-------- C:Program FilesCommon FilesServices 2006-11-08 22:28 -------- d-------- C:Program FilesCommon FilesMSSoap 2006-11-08 22:27 -------- d--h----- C:Program FilesWindowsUpdate 2006-11-08 22:27 -------- d-------- C:Program FilesWindows NT 2006-11-08 22:27 -------- d-------- C:Program FilesMSN Gaming Zone 2006-11-08 22:27 -------- d-------- C:Program FilesMSN 2006-11-08 22:27 -------- d-------- C:Program FilesMessenger 2006-11-08 22:27 -------- d-------- C:Program FilesComPlus Applications 2006-11-08 22:05 62 --ahs---- C:Documents and SettingsBlackHawkDane aplikacjidesktop.ini 2006-11-08 22:05 -------- d-------- C:Program FilesCommon FilesSpeechEngines 2006-11-08 22:05 -------- d-------- C:Program FilesCommon FilesODBC 2006-11-08 22:05 -------- d-------- C:Program FilesCommon FilesMicrosoft Shared 2006-11-08 22:05 -------- d-------- C:Program FilesCommon Files 2006-11-08 22:04 -------- d---s---- C:Documents and SettingsBlackHawkDane aplikacjiMicrosoft 2006-10-02 13:44 5120 --a------ C:WINDOWSsystem32ff_vfw.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries are not shown [HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversion un] "Gadu-Gadu"=""C:\Program Files\Gadu-Gadu\gg.exe" /tray" "ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversion un] "UnlockerAssistant"=""C:\Program Files\Unlocker\UnlockerAssistant.exe"" "WinampAgent"="C:\Program Files\Winamp\winampa.exe" "QuickTime Task"=""C:\Program Files\QuickTime\qttask.exe" -atboottime" "iTunesHelper"=""C:\Program Files\iTunes\iTunesHelper.exe"" "RemoteControl"=""C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"" "HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" "DeviceDiscovery"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" "Onet.pl AutoUpdate"="C:\Program Files\Common Files\Onet.pl\AutoUpdate.exe /tsr" "DAEMON Tools"=""C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033" [HKEY_CURRENT_USERsoftwaremicrosoftinternet explorerdesktopcomponents] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000000 [HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversion un] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" "Key"="C:\WINDOWS\TEMP\E.tmp" "Windows Updates Security System"="kavsvc.exe" [HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversion unservices] "Windows Updates Security System"="kavsvc.exe" [HKEY_USERSs-1-5-18softwaremicrosoftwindowscurrentversion un] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" "Key"="C:\WINDOWS\TEMP\E.tmp" "Windows Updates Security System"="kavsvc.exe" [HKEY_USERSs-1-5-18softwaremicrosoftwindowscurrentversion unservices] "Windows Updates Security System"="kavsvc.exe" [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorersharedtaskscheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Moduł wstępnego ładowania interfejsu Browseui" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Demon buforu kategorii składników" [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" [HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer] "NoDriveTypeAutoRun"=hex:95,00,00,00 [HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorerRun] [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciesexplorer] [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciesexplorer un] "9"="C:\WINDOWS\System32\Ravdm.exe" "KAV"="rundll32.exe "C:\Program Files\Kav\Kav.dll",AntiVirus" [HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionpoliciesexplorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionpoliciesexplorerRun] "{EC2CDD9B-0726-1045-0812-031024030030}"=""C:\Program Files\Common Files\{EC2CDD9B-0726-1045-0812-031024030030}\Update.exe" c-110-12-0001186 f" [HKEY_USERSs-1-5-18softwaremicrosoftwindowscurrentversionpoliciesexplorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERSs-1-5-18softwaremicrosoftwindowscurrentversionpoliciesexplorerRun] "{EC2CDD9B-0726-1045-0812-031024030030}"=""C:\Program Files\Common Files\{EC2CDD9B-0726-1045-0812-031024030030}\Update.exe" c-110-12-0001186 f" [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionshellserviceobjectdelayload] "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" "AdobePDF"="{D92D666A-0F7B-5892-A7E8-29340333F07E}" "QQMusic"="{E16A6111-85DD-4877-8E67-017B0193D359}" [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigservices] "STI Simulator"=dword:00000002 "MSDisk"=dword:00000002 "MsaSvc"=dword:00000002 "cmdService"=dword:00000002 [HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsecurityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" Contents of the 'Scheduled Tasks' folder C:WINDOWS asksAppleSoftwareUpdate.job Completion time: 06-12-23 10:59:02.65 C:ComboFix.txt ... 06-12-23 10:59

przez **pp3088** » 23 Gru 2006, 12:32

Mamy gnoja, to rootkit pe386. Ptrzebny będzie log.

Ściągnij GMER->alternatwyny serwer. Stronka domowa zaatakowana przez hackerów.

Na ustawieniach:
- Rootkit >>> Szukaj >>> Kopiuj >>> CTRL+V do Notatnika
- Rootkit >>> zaznaczyć tylko Usługi >>> zaznaczyć Pokaż wszystko >>> Szukaj >>> Kopiuj >>> CTRL+V do Notatnika

Wrzuć to na jkaiś server bo w poście jest limit znaków.

przez **Mirahz** » 23 Gru 2006, 12:42

pp3088 napisał(a):...
Ściągnij Gmera->alternatwyny serwer. Stronka domowa zaatakowana przez hackerów.
...

Lub zassaj z instalki.pl

http://www.instalki.pl/programy/downloa ... /GMER.html

przez **BlackHawk** » 23 Gru 2006, 20:48

Oto logi:

Kod: Zaznacz wszystko: GMER 1.0.12.11889 - http://www.gmer.net Rootkit scan 2006-12-23 19:52:07 Windows 5.1.2600 ---- System - GMER 1.0.12 ---- SSDT F88BEB3E ZwCreateFile SSDT sptd.sys ZwCreateKey SSDT F88BEA8A ZwOpenFile SSDT sptd.sys ZwOpenKey SSDT sptd.sys ZwQueryKey SSDT sptd.sys ZwQueryValueKey SSDT sptd.sys ZwSetValueKey SSDT SystemRootsystem32driversKWatch2.sys ZwTerminateProcess SYSENTER ??C:WINDOWSSystem32lzx32.sys EEC9F9FE Code ??C:WINDOWSSystem32lzx32.sys pIofCallDriver ---- Kernel code sections - GMER 1.0.12 ---- .text ntoskrnl.exe!KeInitializeInterrupt + B79 804D4F8E 1 Byte .text ntoskrnl.exe!Kei386EoiHelper + 148E 804D6B48 3 Bytes JMP F4CDD569 .text ntoskrnl.exe!KeI386Call16BitCStyleFunction + 1A0 804FC6B8 4 Bytes .text ntoskrnl.exe!KeI386Call16BitCStyleFunction + 1B0 804FC6C8 4 Bytes .text ntoskrnl.exe!KeI386Call16BitCStyleFunction + 2DC 804FC7F4 4 Bytes .text ntoskrnl.exe!KeI386Call16BitCStyleFunction + 2E8 804FC800 4 Bytes .text ntoskrnl.exe!KeI386Call16BitCStyleFunction + 38C 804FC8A4 4 Bytes .text ... .text USBPORT.SYS!DllUnload F8253DBC 5 Bytes JMP 81BC31B8 ---- User code sections - GMER 1.0.12 ---- .text C:WINDOWSSYSTEM32SVCHOST.EXE[192] ntdll.dll!NtCreateFile 77F7E603 5 Bytes CALL 7FFA137D .text C:WINDOWSSYSTEM32SVCHOST.EXE[192] ntdll.dll!NtCreateProcess 77F7E6A3 5 Bytes CALL 7FFA13CA .text C:WINDOWSSYSTEM32SVCHOST.EXE[192] ntdll.dll!NtCreateProcessEx 77F7E6B3 5 Bytes CALL 7FFA13D7 .text C:Program FilesiPodiniPodService.exe[304] ntdll.dll!NtCreateFile 77F7E603 5 Bytes CALL 7FFA137D .text C:Program FilesiPodiniPodService.exe[304] ntdll.dll!NtCreateProcess 77F7E6A3 5 Bytes CALL 7FFA13CA .text C:Program FilesiPodiniPodService.exe[304] ntdll.dll!NtCreateProcessEx 77F7E6B3 5 Bytes CALL 7FFA13D7 .text C:WINDOWSSYSTEM32WINLOGON.EXE[544] ntdll.dll!NtCreateFile 77F7E603 5 Bytes CALL 7FFA137D .text C:WINDOWSSYSTEM32WINLOGON.EXE[544] ntdll.dll!NtCreateProcess 77F7E6A3 5 Bytes CALL 7FFA13CA .text C:WINDOWSSYSTEM32WINLOGON.EXE[544] ntdll.dll!NtCreateProcessEx 77F7E6B3 5 Bytes CALL 7FFA13D7 .text C:WINDOWSSYSTEM32SERVICES.EXE[588] ntdll.dll!NtCreateFile 77F7E603 5 Bytes CALL 7FFA137D .text C:WINDOWSSYSTEM32SERVICES.EXE[588] ntdll.dll!NtCreateProcess 77F7E6A3 5 Bytes CALL 7FFA13CA .text C:WINDOWSSYSTEM32SERVICES.EXE[588] ntdll.dll!NtCreateProcessEx 77F7E6B3 5 Bytes CALL 7FFA13D7 .text C:WINDOWSSYSTEM32LSASS.EXE[600] ntdll.dll!NtCreateFile 77F7E603 5 Bytes CALL 7FFA137D .text C:WINDOWSSYSTEM32LSASS.EXE[600] ntdll.dll!NtCreateProcess 77F7E6A3 5 Bytes CALL 7FFA13CA .text C:WINDOWSSYSTEM32LSASS.EXE[600] ntdll.dll!NtCreateProcessEx 77F7E6B3 5 Bytes CALL 7FFA13D7 .text C:WINDOWSSYSTEM32SVCHOST.EXE[772] ntdll.dll!NtCreateFile 77F7E603 5 Bytes CALL 7FFA137D .text C:WINDOWSSYSTEM32SVCHOST.EXE[772] ntdll.dll!NtCreateProcess 77F7E6A3 5 Bytes CALL 7FFA13CA .text C:WINDOWSSYSTEM32SVCHOST.EXE[772] ntdll.dll!NtCreateProcessEx 77F7E6B3 5 Bytes CALL 7FFA13D7 .text C:WINDOWSSYSTEM32SVCHOST.EXE[788] ntdll.dll!NtCreateFile 77F7E603 5 Bytes CALL 7FFA137D .text C:WINDOWSSYSTEM32SVCHOST.EXE[788] ntdll.dll!NtCreateProcess 77F7E6A3 5 Bytes CALL 7FFA13CA .text C:WINDOWSSYSTEM32SVCHOST.EXE[788] ntdll.dll!NtCreateProcessEx 77F7E6B3 5 Bytes CALL 7FFA13D7 .text C:WINDOWSTEMPVRT9.tmp[1132] ntdll.dll!NtCreateFile 77F7E603 5 Bytes CALL 7FFA137D .text C:WINDOWSTEMPVRT9.tmp[1132] ntdll.dll!NtCreateProcess 77F7E6A3 5 Bytes CALL 7FFA13CA .text C:WINDOWSTEMPVRT9.tmp[1132] ntdll.dll!NtCreateProcessEx 77F7E6B3 5 Bytes CALL 7FFA13D7 .text C:WINDOWSSYSTEM32SPOOLSV.EXE[1324] ntdll.dll!NtCreateFile 77F7E603 5 Bytes CALL 7FFA137D .text C:WINDOWSSYSTEM32SPOOLSV.EXE[1324] ntdll.dll!NtCreateProcess 77F7E6A3 5 Bytes CALL 7FFA13CA .text C:WINDOWSSYSTEM32SPOOLSV.EXE[1324] ntdll.dll!NtCreateProcessEx 77F7E6B3 5 Bytes CALL 7FFA13D7 .text C:WINDOWSEXPLORER.EXE[1516] ntdll.dll!NtCreateFile 77F7E603 5 Bytes CALL 7FFA137D .text C:WINDOWSEXPLORER.EXE[1516] ntdll.dll!NtCreateProcess 77F7E6A3 5 Bytes CALL 7FFA13CA .text C:WINDOWSEXPLORER.EXE[1516] ntdll.dll!NtCreateProcessEx 77F7E6B3 5 Bytes CALL 7FFA13D7 .text C:WINDOWSEXPLORER.EXE[1516] SHELL32.dll!SHFileOperationW 774514A4 5 Bytes JMP 10001102 C:Program FilesUnlockerUnlockerHook.dll .text C:Program FilesMozilla Firefoxfirefox.exe[1560] ntdll.dll!NtCreateFile 77F7E603 5 Bytes CALL 7FFA137D .text C:Program FilesMozilla Firefoxfirefox.exe[1560] ntdll.dll!NtCreateProcess 77F7E6A3 5 Bytes CALL 7FFA13CA .text C:Program FilesMozilla Firefoxfirefox.exe[1560] ntdll.dll!NtCreateProcessEx 77F7E6B3 5 Bytes CALL 7FFA13D7 .text C:PROGRAM FILESCOMMON FILESLIGHTSCRIBELSSRVC.EXE[1588] ntdll.dll!NtCreateFile 77F7E603 5 Bytes CALL 7FFA137D .text C:PROGRAM FILESCOMMON FILESLIGHTSCRIBELSSRVC.EXE[1588] ntdll.dll!NtCreateProcess 77F7E6A3 5 Bytes CALL 7FFA13CA .text C:PROGRAM FILESCOMMON FILESLIGHTSCRIBELSSRVC.EXE[1588] ntdll.dll!NtCreateProcessEx 77F7E6B3 5 Bytes CALL 7FFA13D7 .text C:WINDOWSSystem32MRTServ.exe[1604] ntdll.dll!NtCreateFile 77F7E603 5 Bytes CALL 7FFA137D .text C:WINDOWSSystem32MRTServ.exe[1604] ntdll.dll!NtCreateProcess 77F7E6A3 5 Bytes CALL 7FFA13CA .text C:WINDOWSSystem32MRTServ.exe[1604] ntdll.dll!NtCreateProcessEx 77F7E6B3 5 Bytes CALL 7FFA13D7 .text C:Program FilesUnlockerUnlockerAssistant.exe[1768] ntdll.dll!NtCreateFile 77F7E603 5 Bytes CALL 7FFA137D .text C:Program FilesUnlockerUnlockerAssistant.exe[1768] ntdll.dll!NtCreateProcess 77F7E6A3 5 Bytes CALL 7FFA13CA .text C:Program FilesUnlockerUnlockerAssistant.exe[1768] ntdll.dll!NtCreateProcessEx 77F7E6B3 5 Bytes CALL 7FFA13D7 .text C:Program FilesWinampwinampa.exe[1776] ntdll.dll!NtCreateFile 77F7E603 5 Bytes CALL 7FFA137D .text C:Program FilesWinampwinampa.exe[1776] ntdll.dll!NtCreateProcess 77F7E6A3 5 Bytes CALL 7FFA13CA .text C:Program FilesWinampwinampa.exe[1776] ntdll.dll!NtCreateProcessEx 77F7E6B3 5 Bytes CALL 7FFA13D7 .text C:Program FilesiTunesiTunesHelper.exe[1784] ntdll.dll!NtCreateFile 77F7E603 5 Bytes CALL 7FFA137D .text C:Program FilesiTunesiTunesHelper.exe[1784] ntdll.dll!NtCreateProcess 77F7E6A3 5 Bytes CALL 7FFA13CA .text C:Program FilesiTunesiTunesHelper.exe[1784] ntdll.dll!NtCreateProcessEx 77F7E6B3 5 Bytes CALL 7FFA13D7 .text C:Program FilesCyberLinkPowerDVDPDVDServ.exe[1796] ntdll.dll!NtCreateFile 77F7E603 5 Bytes CALL 7FFA137D .text C:Program FilesCyberLinkPowerDVDPDVDServ.exe[1796] ntdll.dll!NtCreateProcess 77F7E6A3 5 Bytes CALL 7FFA13CA .text C:Program FilesCyberLinkPowerDVDPDVDServ.exe[1796] ntdll.dll!NtCreateProcessEx 77F7E6B3 5 Bytes CALL 7FFA13D7 .text C:Program FilesHewlett-PackardHP Software UpdateHPWuSchd.exe[1804] ntdll.dll!NtCreateFile 77F7E603 5 Bytes CALL 7FFA137D .text C:Program FilesHewlett-PackardHP Software UpdateHPWuSchd.exe[1804] ntdll.dll!NtCreateProcess 77F7E6A3 5 Bytes CALL 7FFA13CA .text C:Program FilesHewlett-PackardHP Software UpdateHPWuSchd.exe[1804] ntdll.dll!NtCreateProcessEx 77F7E6B3 5 Bytes CALL 7FFA13D7 .text C:Program FilesHewlett-PackardDigital Imaginginhpotdd01.exe[1812] ntdll.dll!NtCreateFile 77F7E603 5 Bytes CALL 7FFA137D .text C:Program FilesHewlett-PackardDigital Imaginginhpotdd01.exe[1812] ntdll.dll!NtCreateProcess 77F7E6A3 5 Bytes CALL 7FFA13CA .text C:Program FilesHewlett-PackardDigital Imaginginhpotdd01.exe[1812] ntdll.dll!NtCreateProcessEx 77F7E6B3 5 Bytes CALL 7FFA13D7 .text C:Program FilesCommon FilesOnet.plAutoUpdate.exe[1832] ntdll.dll!NtCreateFile 77F7E603 5 Bytes CALL 7FFA137D .text C:Program FilesCommon FilesOnet.plAutoUpdate.exe[1832] ntdll.dll!NtCreateProcess 77F7E6A3 5 Bytes CALL 7FFA13CA .text C:Program FilesCommon FilesOnet.plAutoUpdate.exe[1832] ntdll.dll!NtCreateProcessEx 77F7E6B3 5 Bytes CALL 7FFA13D7 .text C:Program FilesDAEMON Toolsdaemon.exe[1840] ntdll.dll!NtCreateFile 77F7E603 5 Bytes CALL 7FFA137D .text C:Program FilesDAEMON Toolsdaemon.exe[1840] ntdll.dll!NtCreateProcess 77F7E6A3 5 Bytes CALL 7FFA13CA .text C:Program FilesDAEMON Toolsdaemon.exe[1840] ntdll.dll!NtCreateProcessEx 77F7E6B3 5 Bytes CALL 7FFA13D7 .text C:PROGRAM FILESGADU-GADUGG.EXE[1864] ntdll.dll!NtCreateFile 77F7E603 5 Bytes CALL 7FFA137D .text C:PROGRAM FILESGADU-GADUGG.EXE[1864] ntdll.dll!NtCreateProcess 77F7E6A3 5 Bytes CALL 7FFA13CA .text C:PROGRAM FILESGADU-GADUGG.EXE[1864] ntdll.dll!NtCreateProcessEx 77F7E6B3 5 Bytes CALL 7FFA13D7 .text C:WINDOWSSYSTEM32CTFMON.EXE[1872] ntdll.dll!NtCreateFile 77F7E603 5 Bytes CALL 7FFA137D .text C:WINDOWSSYSTEM32CTFMON.EXE[1872] ntdll.dll!NtCreateProcess 77F7E6A3 5 Bytes CALL 7FFA13CA .text C:WINDOWSSYSTEM32CTFMON.EXE[1872] ntdll.dll!NtCreateProcessEx 77F7E6B3 5 Bytes CALL 7FFA13D7 .text C:Documents and SettingsBlackHawkPulpitgmer.exe[1924] ntdll.dll!NtCreateFile 77F7E603 5 Bytes CALL 7FFA137D .text C:WINDOWSSYSTEM32PROTECTOR.EXE[1992] ntdll.dll!NtCreateFile 77F7E603 5 Bytes CALL 7FFA137D .text C:WINDOWSSYSTEM32PROTECTOR.EXE[1992] ntdll.dll!NtCreateProcess 77F7E6A3 5 Bytes CALL 7FFA13CA .text C:WINDOWSSYSTEM32PROTECTOR.EXE[1992] ntdll.dll!NtCreateProcessEx 77F7E6B3 5 Bytes CALL 7FFA13D7 .text C:WINDOWSSYSTEM32NVSVC32.EXE[2000] ntdll.dll!NtCreateFile 77F7E603 5 Bytes CALL 7FFA137D .text C:WINDOWSSYSTEM32NVSVC32.EXE[2000] ntdll.dll!NtCreateProcess 77F7E6A3 5 Bytes CALL 7FFA13CA .text C:WINDOWSSYSTEM32NVSVC32.EXE[2000] ntdll.dll!NtCreateProcessEx 77F7E6B3 5 Bytes CALL 7FFA13D7 ---- Devices - GMER 1.0.12 ---- Device FileSystemNtfs Ntfs IRP_MJ_CREATE 81BDD980 Device FileSystemNtfs Ntfs IRP_MJ_CLOSE 81BDD980 Device FileSystemNtfs Ntfs IRP_MJ_READ 81BDD980 Device FileSystemNtfs Ntfs IRP_MJ_WRITE 81BDD980 Device FileSystemNtfs Ntfs IRP_MJ_QUERY_INFORMATION 81BDD980 Device FileSystemNtfs Ntfs IRP_MJ_SET_INFORMATION 81BDD980 Device FileSystemNtfs Ntfs IRP_MJ_QUERY_EA 81BDD980 Device FileSystemNtfs Ntfs IRP_MJ_SET_EA 81BDD980 Device FileSystemNtfs Ntfs IRP_MJ_FLUSH_BUFFERS 81BDD980 Device FileSystemNtfs Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION 81BDD980 Device FileSystemNtfs Ntfs IRP_MJ_SET_VOLUME_INFORMATION 81BDD980 Device FileSystemNtfs Ntfs IRP_MJ_DIRECTORY_CONTROL 81BDD980 Device FileSystemNtfs Ntfs IRP_MJ_FILE_SYSTEM_CONTROL 81BDD980 Device FileSystemNtfs Ntfs IRP_MJ_DEVICE_CONTROL 81BDD980 Device FileSystemNtfs Ntfs IRP_MJ_SHUTDOWN 81BDD980 Device FileSystemNtfs Ntfs IRP_MJ_LOCK_CONTROL 81BDD980 Device FileSystemNtfs Ntfs IRP_MJ_CLEANUP 81BDD980 Device FileSystemNtfs Ntfs IRP_MJ_QUERY_SECURITY 81BDD980 Device FileSystemNtfs Ntfs IRP_MJ_SET_SECURITY 81BDD980 Device FileSystemNtfs Ntfs IRP_MJ_QUERY_QUOTA 81BDD980 Device FileSystemNtfs Ntfs IRP_MJ_SET_QUOTA 81BDD980 Device FileSystemNtfs Ntfs IRP_MJ_PNP 81BDD980 Device FileSystemFastfat FatCdrom IRP_MJ_CREATE 81FC81D8 Device FileSystemFastfat FatCdrom IRP_MJ_CLOSE 81FC81D8 Device FileSystemFastfat FatCdrom IRP_MJ_READ 81FC81D8 Device FileSystemFastfat FatCdrom IRP_MJ_WRITE 81FC81D8 Device FileSystemFastfat FatCdrom IRP_MJ_QUERY_INFORMATION 81FC81D8 Device FileSystemFastfat FatCdrom IRP_MJ_SET_INFORMATION 81FC81D8 Device FileSystemFastfat FatCdrom IRP_MJ_QUERY_EA 81FC81D8 Device FileSystemFastfat FatCdrom IRP_MJ_SET_EA 81FC81D8 Device FileSystemFastfat FatCdrom IRP_MJ_FLUSH_BUFFERS 81FC81D8 Device FileSystemFastfat FatCdrom IRP_MJ_QUERY_VOLUME_INFORMATION 81FC81D8 Device FileSystemFastfat FatCdrom IRP_MJ_SET_VOLUME_INFORMATION 81FC81D8 Device FileSystemFastfat FatCdrom IRP_MJ_DIRECTORY_CONTROL 81FC81D8 Device FileSystemFastfat FatCdrom IRP_MJ_FILE_SYSTEM_CONTROL 81FC81D8 Device FileSystemFastfat FatCdrom IRP_MJ_DEVICE_CONTROL 81FC81D8 Device FileSystemFastfat FatCdrom IRP_MJ_SHUTDOWN 81FC81D8 Device FileSystemFastfat FatCdrom IRP_MJ_LOCK_CONTROL 81FC81D8 Device FileSystemFastfat FatCdrom IRP_MJ_CLEANUP 81FC81D8 Device FileSystemFastfat FatCdrom IRP_MJ_PNP 81FC81D8 Device FileSystemUdfs UdfsCdRom IRP_MJ_CREATE 81C3D1D8 Device FileSystemUdfs UdfsCdRom IRP_MJ_CLOSE 81C3D1D8 Device FileSystemUdfs UdfsCdRom IRP_MJ_READ 81C3D1D8 Device FileSystemUdfs UdfsCdRom IRP_MJ_WRITE 81C3D1D8 Device FileSystemUdfs UdfsCdRom IRP_MJ_QUERY_INFORMATION 81C3D1D8 Device FileSystemUdfs UdfsCdRom IRP_MJ_SET_INFORMATION 81C3D1D8 Device FileSystemUdfs UdfsCdRom IRP_MJ_QUERY_VOLUME_INFORMATION 81C3D1D8 Device FileSystemUdfs UdfsCdRom IRP_MJ_DIRECTORY_CONTROL 81C3D1D8 Device FileSystemUdfs UdfsCdRom IRP_MJ_FILE_SYSTEM_CONTROL 81C3D1D8 Device FileSystemUdfs UdfsCdRom IRP_MJ_DEVICE_CONTROL 81C3D1D8 Device FileSystemUdfs UdfsCdRom IRP_MJ_LOCK_CONTROL 81C3D1D8 Device FileSystemUdfs UdfsCdRom IRP_MJ_CLEANUP 81C3D1D8 Device FileSystemUdfs UdfsCdRom IRP_MJ_PNP 81C3D1D8 Device FileSystemUdfs UdfsDisk IRP_MJ_CREATE 81C3D1D8 Device FileSystemUdfs UdfsDisk IRP_MJ_CLOSE 81C3D1D8 Device FileSystemUdfs UdfsDisk IRP_MJ_READ 81C3D1D8 Device FileSystemUdfs UdfsDisk IRP_MJ_WRITE 81C3D1D8 Device FileSystemUdfs UdfsDisk IRP_MJ_QUERY_INFORMATION 81C3D1D8 Device FileSystemUdfs UdfsDisk IRP_MJ_SET_INFORMATION 81C3D1D8 Device FileSystemUdfs UdfsDisk IRP_MJ_QUERY_VOLUME_INFORMATION 81C3D1D8 Device FileSystemUdfs UdfsDisk IRP_MJ_DIRECTORY_CONTROL 81C3D1D8 Device FileSystemUdfs UdfsDisk IRP_MJ_FILE_SYSTEM_CONTROL 81C3D1D8 Device FileSystemUdfs UdfsDisk IRP_MJ_DEVICE_CONTROL 81C3D1D8 Device FileSystemUdfs UdfsDisk IRP_MJ_LOCK_CONTROL 81C3D1D8 Device FileSystemUdfs UdfsDisk IRP_MJ_CLEANUP 81C3D1D8 Device FileSystemUdfs UdfsDisk IRP_MJ_PNP 81C3D1D8 Device Driver

Sorry, że tutaj ale zanim wrzuce to na jakiś serwer to mi się komp zresetuje.[/code]

przez **pp3088** » 23 Gru 2006, 23:48

Kod: Zaznacz wszystko: http://www.searchengines.pl/phpbb203/index.php?s=a26c7c9fb9bc75d32a1482487005c6ce&showtopic=6745&st=30

przez **BlackHawk** » 24 Gru 2006, 12:50

Więc tak. Rootkit wywalony z tego co pokazuje gmer ale komp się nadal resetuje. Jeszcze dzisiaj sprawdze przy czasie ale wczoraj się jeszcze resetował.

Pozdrawiam i jak bym nie wlazł dzisiaj, Wesołych Świąt

przez **BlackHawk** » 29 Sty 2007, 13:45

Ja już nie wiem co mam robić. Chyba wezmę i się powieszę bo co chwile coś mi się sypie w kompie. Naprawdę jestem bezradny już. Błagam o pomoc.

Logi HiJackThis:

Kod: Zaznacz wszystko: Logfile of HijackThis v1.99.1 Scan saved at 12:35:20, on 2007-01-29 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:WINDOWSsystem32winlogon.exe C:WINDOWSsystem32services.exe C:WINDOWSsystem32lsass.exe C:WINDOWSsystem32svchost.exe C:WINDOWSSystem32svchost.exe C:WINDOWSsystem32svchost.exe C:WINDOWSExplorer.EXE C:WINDOWSsystem32spoolsv.exe C:Program FilesSunbelt SoftwarePersonal Firewallkpf4ss.exe C:Program FilesCommon FilesLightScribeLSSrvc.exe C:WINDOWSsystem32 vsvc32.exe C:Program FilesSunbelt SoftwarePersonal Firewallkpf4gui.exe C:Program FilesThomsonSpeedTouch USBDragdiag.exe C:Program FilesDAEMON Toolsdaemon.exe C:Program FilesCommon FilesOnet.plAutoUpdate.exe C:WINDOWSsystem32spooldriversw32x863hpztsb08.exe C:Program FilesHewlett-PackardDigital Imaginginhpotdd01.exe C:WINDOWSsystem32ctfmon.exe C:WINDOWSsystem32wscntfy.exe C:Program FilesGadu-Gadugg.exe C:Program FilesSunbelt SoftwarePersonal Firewallkpf4gui.exe C:Program FilesMessengermsmsgs.exe C:WINDOWSsystem32RUNDLL32.EXE C:Program FilesTlen.pl len.exe C:Program FilesOpenOffice.org 2.0.3programsoffice.exe C:Program FilesOpenOffice.org 2.0.3programsoffice.BIN C:Program FilesSubEdit-Playersubedit.exe C:WINDOWSsystem32msasvc.exe C:WINDOWSsystem32ctpmon.exe C:WINDOWSsystem32ctpmon.exe D:Pliki i programy do logowania i naprawiania systemugmer.exe C:Program FilesMozilla Firefoxfirefox.exe C:Documents and SettingsBlackHawkPulpitHijackThis.exe R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:Program FilesBitComet oolsBitCometBHO.dll O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:PROGRA~1MEGAUP~1MEGAUP~1.DLL O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:PROGRA~1MEGAUP~1MEGAUP~1.DLL O4 - HKLM..Run: [SpeedTouch USB Diagnostics] "C:Program FilesThomsonSpeedTouch USBDragdiag.exe" /icon O4 - HKLM..Run: [WinampAgent] C:Program FilesWinampwinampa.exe O4 - HKLM..Run: [DAEMON Tools] "C:Program FilesDAEMON Toolsdaemon.exe" -lang 1033 O4 - HKLM..Run: [Onet.pl AutoUpdate] C:Program FilesCommon FilesOnet.plAutoUpdate.exe /tsr O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe O4 - HKLM..Run: [HP Software Update] C:Program FilesHewlett-PackardHP Software UpdateHPWuSchd.exe O4 - HKLM..Run: [HPDJ Taskbar Utility] C:WINDOWSsystem32spooldriversw32x863hpztsb08.exe O4 - HKLM..Run: [DeviceDiscovery] C:Program FilesHewlett-PackardDigital Imaginginhpotdd01.exe O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup O4 - HKLM..Run: [nwiz] nwiz.exe /install O4 - HKLM..Run: [System] C:WINDOWSsystem32kernels1118.exe O4 - HKLM..Run: [sysinter] C:WINDOWSsystem32adirss.exe O4 - HKLM..Run: [lnwin.exe] C:WINDOWSsystem32lnwin.exe O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe O4 - HKCU..Run: [Gadu-Gadu] "C:Program FilesGadu-Gadugg.exe" /tray O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background O4 - HKCU..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NVMCTRAY.DLL,NvTaskbarInit O4 - HKCU..Run: [Komunikator] C:Program FilesTlen.pl len.exe O4 - Startup: OpenOffice.org 2.0.3.lnk = C:Program FilesOpenOffice.org 2.0.3programquickstart.exe O8 - Extra context menu item: Download all links using BitComet - res://C:Program FilesBitCometBitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download all videos using BitComet - res://C:Program FilesBitCometBitComet.exe/AddVideo.htm O8 - Extra context menu item: Download link using &BitComet - res://C:Program FilesBitCometBitComet.exe/AddLink.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe O17 - HKLMSystemCCSServicesTcpip..{F701AA99-9143-4159-B748-02B301FA2823}: NameServer = 194.204.152.34 217.98.63.164 O20 - AppInit_DLLs: c:windowssystem32ldcore.dll O20 - Winlogon Notify: rpcc - C:WINDOWSsystem32 pcc.dll O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:Program FilesSunbelt SoftwarePersonal Firewallkpf4ss.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:Program FilesCommon FilesLightScribeLSSrvc.exe O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:WINDOWSsystem32msasvc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32 vsvc32.exe

l2mfix

Kod: Zaznacz wszystko: L2MFIX find log 051206 These are the registry keys present ********************************************************************************** Winlogon/notify: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionWinlogonNotify] [HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionWinlogonNotifycrypt32chain] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00, 6c,00,00,00 "Logoff"="ChainWlxLogoffEvent" [HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionWinlogonNotifycryptnet] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00, 6c,00,6c,00,00,00 "Logoff"="CryptnetWlxLogoffEvent" [HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionWinlogonNotifycscdll] "DLLName"="cscdll.dll" "Logon"="WinlogonLogonEvent" "Logoff"="WinlogonLogoffEvent" "ScreenSaver"="WinlogonScreenSaverEvent" "Startup"="WinlogonStartupEvent" "Shutdown"="WinlogonShutdownEvent" "StartShell"="WinlogonStartShellEvent" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionWinlogonNotify pcc] "DllName"="C:WINDOWSsystem32 pcc.dll" "Asynchronous"=dword:00000001 "Impersonate"=dword:00000001 "Startup"="Startup" [HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionWinlogonNotifyScCertProp] "DLLName"="wlnotify.dll" "Logon"="SCardStartCertProp" "Logoff"="SCardStopCertProp" "Lock"="SCardSuspendCertProp" "Unlock"="SCardResumeCertProp" "Enabled"=dword:00000001 "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionWinlogonNotifySchedule] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00, 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "StartShell"="SchedStartShell" "Logoff"="SchedEventLogOff" [HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionWinlogonNotifysclgntfy] "Logoff"="WLEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00, 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionWinlogonNotifySensLogn] "DLLName"="WlNotify.dll" "Lock"="SensLockEvent" "Logon"="SensLogonEvent" "Logoff"="SensLogoffEvent" "Safe"=dword:00000001 "MaxWait"=dword:00000258 "StartScreenSaver"="SensStartScreenSaverEvent" "StopScreenSaver"="SensStopScreenSaverEvent" "Startup"="SensStartupEvent" "Shutdown"="SensShutdownEvent" "StartShell"="SensStartShellEvent" "PostShell"="SensPostShellEvent" "Disconnect"="SensDisconnectEvent" "Reconnect"="SensReconnectEvent" "Unlock"="SensUnlockEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionWinlogonNotify ermsrv] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00, 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "Logoff"="TSEventLogoff" "Logon"="TSEventLogon" "PostShell"="TSEventPostShell" "Shutdown"="TSEventShutdown" "StartShell"="TSEventStartShell" "Startup"="TSEventStartup" "MaxWait"=dword:00000258 "Reconnect"="TSEventReconnect" "Disconnect"="TSEventDisconnect" [HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionWinlogonNotifywlballoon] "DLLName"="wlnotify.dll" "Logon"="RegisterTicketExpiredNotificationEvent" "Logoff"="UnregisterTicketExpiredNotificationEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 ********************************************************************************** useragent: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionInternet SettingsUser AgentPost Platform] "sv1"="" ********************************************************************************** Shell Extension key: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShell ExtensionsApproved] "{00022613-0000-0000-C000-000000000046}"="Karta wˆa˜ciwo˜ci pliku multimedialnego" "{176d6597-26d3-11d1-b350-080036a75b03}"="ZarzĄdzanie skanerem ICM" "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Strona zabezpieczeä NTFS" "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Strona wˆa˜ciwo˜ci OLE Docfile" "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Rozszerzenia powˆoki dla udost©pniania zasob˘w" "{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension" "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Rozszerzenie CPL karty graficznej" "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Rozszerzenie CPL monitora wy˜wietlania" "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Rozszerzenie CPL kadrowania wy˜wietlania" "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Strona zabezpieczeä usˆugi DS" "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Strona zgodno˜ci" "{56117100-C0CD-101B-81E2-00AA004AE837}"="Program obsˆugi danych wycinkowych powˆoki" "{59099400-57FF-11CE-BD94-0020AF85B590}"="Rozszerzenie Disc Copy" "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Rozszerzenia powˆoki dla obiekt˘w Microsoft Windows Network" "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ZarzĄdzanie monitorem ICM" "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ZarzĄdzanie drukarkĄ ICM" "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Rozszerzenia powˆoki dla kompresji plik˘w" "{77597368-7b15-11d0-a0c2-080036af3f03}"="Rozszerzenie powˆoki drukarek sieci Web" "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI" "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu kontekstowe szyfrowania" "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Akt˘wka" "{88895560-9AA2-1069-930E-00AA0030EBC8}"="Rozszerzenie ikony HyperTerminalu" "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts" "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC" "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Strona zabezpieczeä drukarek" "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Rozszerzenia powˆoki dla udost©pniania zasob˘w" "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension" "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Rozszerzenie Crypto PKO" "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Rozszerzenie Crypto Sign" "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="PoˆĄczenia sieciowe" "{992CFFA0-F557-101A-88EC-00DD010CCC48}"="PoˆĄczenia sieciowe" "{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Skanery i aparaty fotograficzne" "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Skanery i aparaty fotograficzne" "{905667aa-acd6-11d2-8080-00805f6596d2}"="&Skanery i aparaty fotograficzne" "{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Skanery i aparaty fotograficzne" "{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Skanery i aparaty fotograficzne" "{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension" "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Rozszerzenia powˆoki dla hosta skrypt˘w systemu Windows" "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link" "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler" "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension" "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Zaplanowane zadania" "{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults" "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension" "{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Pasek zadaä i menu Start" "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Wyszukaj" "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Pomoc i obsˆuga techniczna" "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Pomoc i obsˆuga techniczna" "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Uruchom..." "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet" "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail" "{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Czcionki" "{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Narz©dzia administracyjne" "{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Strona wˆa˜ciwo˜ci Poprzednie wersje" "{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Poprzednie wersje" "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler" "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler" "{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler" "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler" "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler" "{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor" "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Pasek narz©dzi programu Microsoft Internet" "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Stan pobierania" "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Folder powˆoki zwi©kszonej" "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Folder powˆoki zwi©kszonej 2" "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy" "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Pasek przeglĄdarki Microsoft" "{21569614-B795-46b1-85F4-E737A8DC09AD}"="Shell Search Band" "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Wyszukiwanie w okienku" "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Narz©dzie opcji drzewa rejestru" "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adres" "{A08C11D2-A228-11d0-825B-00AA005B4383}"="Pole edycji adresu" "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Shell Microsoft AutoComplete" "{6756A641-DE71-11d0-831B-00AA005B4383}"="Lista autouzupeˆniania MRU" "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Niestandardowa lista autouzupeˆniania MRU" "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Dost©pny" "{acf35015-526e-4230-9596-becbe19f0ac9}"="Pasek podr©czny ˜ledzenia" "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Lista autouzupeˆniania historii Microsoft" "{03C036F1-A186-11D0-824A-00AA005B4383}"="Lista autouzupeˆniania folderu powˆoki Microsoft" "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Kontener wielu list autouzupeˆniania Microsoft" "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu witryny paska powˆoki" "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp" "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Pasek pulpitu powˆoki" "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite" "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Pomoc dla uľytkownika" "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Globalne ustawienia folder˘w" "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="IE Search Band" "{3028902F-6374-48b2-8DC6-9725E775B926}"="IE Microsoft AutoComplete" "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Wyszukiwanie w sieci Web" "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="Wyodr©bnianie obraz˘w Trident" "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band" "{EFA24E62-B078-11d0-89E4-00C04FC9E26E}"="History Band" "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service" "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture" "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC" "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC" "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer" "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut" "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service" "{FF393560-C2A7-11CF-BFF4-444553540000}"="Historia" "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Tymczasowe pliki internetowe" "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Tymczasowe pliki internetowe" "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook" "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Ekran powitalny pakietu IE4" "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook" "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet" "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Pasek eksploratora" "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space" "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{88C6C381-2E85-11D0-94DE-444553540000}"="Folder pami©ci podr©cznej ActiveX" "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck" "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr" "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Folder subskrypcji" "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler" "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent" "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent" "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent" "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent" "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent" "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler" "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Menedľer aplikacji powˆoki" "{0B124F8F-91F0-11D1-B8B5-006008059382}"="Wyliczanie zainstalowanych aplikacji" "{CFCCC7A0-A282-11D1-9082-006008059382}"="Publikator aplikacji Darwin" "{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs" "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory" "{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}"="Autoplay for SlideShow" "{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+program wyodr©bniajĄcy miniatury plik˘w" "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Informacje podsumowujĄce obsˆugi miniatur (DOCFILES)" "{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Wyodr©bnianie miniatur HTML" "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler" "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Kreator publikacji w sieci Web" "{add36aa8-751a-4579-a266-d66f5202ccbb}"="Zamawianie odbitek w sieci Web" "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Obiekt powˆoki kreatora publikacji" "{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Kreator uzyskiwania profilu usˆugi Passport" "{7A9D77BD-5403-11d2-8785-2E0420524153}"="Konta uľytkownik˘w" "{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler" "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target" "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Plik kanaˆu" "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Skr˘t kanaˆu" "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Obiekt obsˆugi kanaˆu" "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu" "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties" "{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder" "{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview" "{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext" "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control" "{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control" "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control" "{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control" "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control" "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI" "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object" "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find" "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find" "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI" "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs" "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook" "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target" "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties" "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu" "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options" "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Folder plik˘w trybu offline" "{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler" "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell" "{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%" "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler" "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer" "{32714800-2E5F-11d0-8B85-00AA0044F941}"="&Do os˘b..." "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler" "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler" "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler" "{A155339D-CCCD-4714-85EB-3754B804C9DF}"="a-squared Free Context Menu Shell Extension" "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}"="OpenOffice.org Column Handler" "{087B3AE3-E237-4467-B8DB-5A38AB959AC9}"="OpenOffice.org Infotip Handler" "{63542C48-9552-494A-84F7-73AA6A7C99C1}"="OpenOffice.org Property Sheet Handler" "{3B092F0C-7696-40E3-A80F-68D74DA84210}"="OpenOffice.org Thumbnail Viewer" "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension" "{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache" "{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer" "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu" ********************************************************************************** HKEY ROOT CLASSIDS: ********************************************************************************** Files Found are not all bad files: C:WINDOWSSYSTEM32 rpcc.dll Sat 2007-01-27 17:25:08 A.... 30 208 29,50 K ldcore.dll Thu 2007-01-25 16:09:32 A.... 6 689 6,53 K adir.dll Mon 2007-01-29 11:46:20 A.... 4 608 4,50 K zlbw.dll Sun 2007-01-28 10:55:42 A.... 46 592 45,50 K bitcom~1.dll Sat 2007-01-06 1:20:38 A.... 2 560 2,50 K 5 items found: 5 files, 0 directories. Total of file sizes: 90 657 bytes 88,53 K Locate .tmp files: No matches found. ********************************************************************************** Directory Listing of system files: Wolumin w stacji C nie ma etykiety. Numer seryjny woluminu: 486D-23D1 Katalog: C:WINDOWSSystem32 2006-12-27 16:17 <DIR> Microsoft 2006-12-27 15:55 <DIR> dllcache 0 plik(˘w) 0 bajt˘w 2 katalog(˘w) 2˙123˙497˙472 bajt˘w wolnych

i SilentRunners

Kod: Zaznacz wszystko: "Silent Runners.vbs", revision R50, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCUSoftwareMicrosoftWindowsCurrentVersionRun {++} "CTFMON.EXE" = "C:WINDOWSsystem32ctfmon.exe" [MS] "Gadu-Gadu" = ""C:Program FilesGadu-Gadugg.exe" /tray" ["sms-express.com"] "MSMSGS" = ""C:Program FilesMessengermsmsgs.exe" /background" [MS] "NvMediaCenter" = "RUNDLL32.EXE C:WINDOWSsystem32NVMCTRAY.DLL,NvTaskbarInit" [MS] "Komunikator" = "C:Program FilesTlen.pl len.exe" ["o2.pl Sp. z o.o."] HKLMSoftwareMicrosoftWindowsCurrentVersionRun {++} "SpeedTouch USB Diagnostics" = ""C:Program FilesThomsonSpeedTouch USBDragdiag.exe" /icon" ["THOMSON"] "WinampAgent" = "C:Program FilesWinampwinampa.exe" [file not found] "DAEMON Tools" = ""C:Program FilesDAEMON Toolsdaemon.exe" -lang 1033" ["DT Soft Ltd."] "Onet.pl AutoUpdate" = "C:Program FilesCommon FilesOnet.plAutoUpdate.exe /tsr" ["Onet.pl"] "NeroFilterCheck" = "C:WINDOWSsystem32NeroCheck.exe" ["Ahead Software Gmbh"] "HP Software Update" = "C:Program FilesHewlett-PackardHP Software UpdateHPWuSchd.exe" [file not found] "HPDJ Taskbar Utility" = "C:WINDOWSsystem32spooldriversw32x863hpztsb08.exe" ["HP"] "DeviceDiscovery" = "C:Program FilesHewlett-PackardDigital Imaginginhpotdd01.exe" ["Hewlett-Packard"] "NvCplDaemon" = "RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup" [MS] "nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"] "System" = "C:WINDOWSsystem32kernels1118.exe" [null data] "sysinter" = "C:WINDOWSsystem32adirss.exe" [file not found] "lnwin.exe" = "C:WINDOWSsystem32lnwin.exe" [file not found] HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM...CLSID} = "Adobe PDF Reader Link Helper" InProcServer32(Default) = "C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll" ["Adobe Systems Incorporated"] {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}(Default) = "BitComet ClickCapture" -> {HKLM...CLSID} = "BitComet Helper" InProcServer32(Default) = "C:Program FilesBitComet oolsBitCometBHO.dll" ["BitComet"] {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}(Default) = (no title provided) -> {HKLM...CLSID} = "Megaupload Toolbar" InProcServer32(Default) = "C:PROGRA~1MEGAUP~1MEGAUP~1.DLL" ["MegaUpload"] HKLMSoftwareMicrosoftWindowsCurrentVersionShell ExtensionsApproved "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania" -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania" InProcServer32(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" InProcServer32(Default) = "C:WINDOWSsystem32hticons.dll" ["Hilgraeve, Inc."] "{3028902F-6374-48b2-8DC6-9725E775B926}" = "IE Microsoft AutoComplete" -> {HKLM...CLSID} = "IE Microsoft AutoComplete" InProcServer32(Default) = "C:WINDOWSsystem32rowseui.dll" [MS] "{EFA24E62-B078-11d0-89E4-00C04FC9E26E}" = "History Band" -> {HKLM...CLSID} = "History Band" InProcServer32(Default) = "C:WINDOWSsystem32shdocvw.dll" [MS] "{A155339D-CCCD-4714-85EB-3754B804C9DF}" = "a-squared Free Context Menu Shell Extension" -> {HKLM...CLSID} = "a-squared Free Context Menu" InProcServer32(Default) = "C:PROGRA~1A-SQUA~1A2FREE~1.DLL" [file not found] "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" = "OpenOffice.org Column Handler" -> {HKLM...CLSID} = (no title provided) InProcServer32(Default) = ""C:Program FilesOpenOffice.org 2.0.3programshlxthdl.dll"" ["Sun Microsystems, Inc."] "{087B3AE3-E237-4467-B8DB-5A38AB959AC9}" = "OpenOffice.org Infotip Handler" -> {HKLM...CLSID} = (no title provided) InProcServer32(Default) = ""C:Program FilesOpenOffice.org 2.0.3programshlxthdl.dll"" ["Sun Microsystems, Inc."] "{63542C48-9552-494A-84F7-73AA6A7C99C1}" = "OpenOffice.org Property Sheet Handler" -> {HKLM...CLSID} = (no title provided) InProcServer32(Default) = ""C:Program FilesOpenOffice.org 2.0.3programshlxthdl.dll"" ["Sun Microsystems, Inc."] "{3B092F0C-7696-40E3-A80F-68D74DA84210}" = "OpenOffice.org Thumbnail Viewer" -> {HKLM...CLSID} = (no title provided) InProcServer32(Default) = ""C:Program FilesOpenOffice.org 2.0.3programshlxthdl.dll"" ["Sun Microsystems, Inc."] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" InProcServer32(Default) = "C:Program FilesWinRAR arext.dll" [null data] "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer" -> {HKLM...CLSID} = "Desktop Explorer" InProcServer32(Default) = "C:WINDOWSsystem32 vshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu" -> {HKLM...CLSID} = (no title provided) InProcServer32(Default) = "C:WINDOWSsystem32 vshell.dll" ["NVIDIA Corporation"] HKLMSoftwareMicrosoftWindows NTCurrentVersionWindows <<!>> "AppInit_DLLs" = " c:windowssystem32ldcore.dll" [null data] HKLMSoftwareMicrosoftWindows NTCurrentVersionWinlogonNotify <<!>> rpccDLLName = "C:WINDOWSsystem32 pcc.dll" [null data] HKLMSoftwareClassesFoldershellexColumnHandlers {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}(Default) = "OpenOffice.org Column Handler" -> {HKLM...CLSID} = (no title provided) InProcServer32(Default) = ""C:Program FilesOpenOffice.org 2.0.3programshlxthdl.dll"" ["Sun Microsystems, Inc."] {F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" InProcServer32(Default) = "C:Program FilesAdobeAcrobat 7.0ActiveXPDFShell.dll" ["Adobe Systems, Inc."] HKLMSoftwareClasses*shellexContextMenuHandlers WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" InProcServer32(Default) = "C:Program FilesWinRAR arext.dll" [null data] HKLMSoftwareClassesDirectoryshellexContextMenuHandlers WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" InProcServer32(Default) = "C:Program FilesWinRAR arext.dll" [null data] HKLMSoftwareClassesFoldershellexContextMenuHandlers a2FreeContMenu(Default) = "{A155339D-CCCD-4714-85EB-3754B804C9DF}" -> {HKLM...CLSID} = "a-squared Free Context Menu" InProcServer32(Default) = "C:PROGRA~1A-SQUA~1A2FREE~1.DLL" [file not found] WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" InProcServer32(Default) = "C:Program FilesWinRAR arext.dll" [null data] HKLMSoftwareClassesAllFilesystemObjectsshellexContextMenuHandlers a2FreeContMenu(Default) = "{A155339D-CCCD-4714-85EB-3754B804C9DF}" -> {HKLM...CLSID} = "a-squared Free Context Menu" InProcServer32(Default) = "C:PROGRA~1A-SQUA~1A2FREE~1.DLL" [file not found] Group Policies {policy setting}: -------------------------------- Note: detected settings may not have any effect. HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem "shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001 {Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) hex:0x00000001 {Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCUSoftwareMicrosoftInternet ExplorerDesktopGeneral "Wallpaper" = "C:WINDOWSsystem32configsystemprofileUstawienia lokalneDane aplikacjiMicrosoftWallpaper2.bmp" Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCUControl PanelDesktop "Wallpaper" = "C:Documents and SettingsBlackHawkDane aplikacjiMozillaFirefoxTapeta pulpitu.bmp" Startup items in "BlackHawk" & "All Users" startup folders: ----------------------------------------------------------- C:Documents and SettingsBlackHawkMenu StartProgramyAutostart "OpenOffice.org 2.0.3" -> shortcut to: "C:Program FilesOpenOffice.org 2.0.3programquickstart.exe" [null data] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLMSystemCurrentControlSetServicesWinsock2ParametersNameSpace_Catalog5Catalog_Entries {++} 000000000001LibraryPath = "%SystemRoot%System32mswsock.dll" [MS] 000000000002LibraryPath = "%SystemRoot%System32winrnr.dll" [MS] 000000000003LibraryPath = "%SystemRoot%System32mswsock.dll" [MS] Transport Service Providers HKLMSystemCurrentControlSetServicesWinsock2ParametersProtocol_Catalog9Catalog_Entries {++} 0000000000##PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%system32mswsock.dll [MS], 01 - 03, 06 - 17 %SystemRoot%system32 svpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCUSoftwareMicrosoftInternet ExplorerToolbarWebBrowser "{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}" -> {HKLM...CLSID} = "Megaupload Toolbar" InProcServer32(Default) = "C:PROGRA~1MEGAUP~1MEGAUP~1.DLL" ["MegaUpload"] HKLMSoftwareMicrosoftInternet ExplorerToolbar "{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}" = (no title provided) -> {HKLM...CLSID} = "Megaupload Toolbar" InProcServer32(Default) = "C:PROGRA~1MEGAUP~1MEGAUP~1.DLL" ["MegaUpload"] Extensions (Tools menu items, main toolbar menu buttons) HKLMSoftwareMicrosoftInternet ExplorerExtensions {FB5F1910-F110-11D2-BB9E-00C04F795683} "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "C:Program FilesMessengermsmsgs.exe" [MS] HOSTS file ---------- C:WINDOWSSystem32driversetcHOSTS maps: 223 domain names to IP addresses, 1 of the IP addresses is *not* localhost! Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ LightScribeService Direct Disc Labeling Service, LightScribeService, ""C:Program FilesCommon FilesLightScribeLSSrvc.exe"" ["Hewlett-Packard Company"] Microsoft authenticate service, MsaSvc, "C:WINDOWSsystem32msasvc.exe" [null data] NVIDIA Driver Helper Service, NVSvc, "C:WINDOWSsystem32 vsvc32.exe" ["NVIDIA Corporation"] Sunbelt Kerio Personal Firewall 4, KPF4, ""C:Program FilesSunbelt SoftwarePersonal Firewallkpf4ss.exe"" ["Sunbelt Software"] Windows User Mode Driver Framework, UMWdf, "C:WINDOWSsystem32wdfmgr.exe" [MS] Print Monitors: --------------- HKLMSystemCurrentControlSetControlPrintMonitors hpzlnt08Driver = "hpzlnt08.dll" ["HP"] ---------- <<!>>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer "No" at the first message box and "Yes" at the second message box. ---------- (total run time: 48 seconds, including 12 seconds for message boxes)

Jeżeli coś jeszcze będzie potrzebne to wrzucę, chociaż neta mam w kratkę i do tego skończył mi się limit w neo.
Jeżeli będzie można coś na to poradzić to poproszę o pomoc i wskazówki jak się zapespieczyć na przyszłość przed takimi gównami. Na kompie znalazłem rootkita huy32.sys, poszukałem i znalazłem jak go usunąć ale jak w CMD w Gmerze wpisuje to co trzeba to mi się zawiesza i nic nie robi.

Pozdrawiam i dzięki za pomoc.
BlackHawk

P.S.
No tak zapomniałem napisać jaki są objawy choroby. Więc tak resztki neta jakie zostały mi po przekroczeniu limitu zrzera mi jakis syf, co jakiś czas wyskakuje mi bluescreen ze zrzucaniem pamięci fizycznej ale tylko gdy mam podpiętego neta. Przeleciałem kompa Gmerem w poszukiwaniu rootkitów i oto co znalazł:

Gmer ze wzystkimi opcjami + pokaż wszystko:
[code]GMER 1.0.10.10122 - http://www.gmer.net
Rootkit 2007-01-29 13:16:40
Windows 5.1.2600 Dodatek Service Pack 2

---- System - GMER 1.0.10 ----

SSDT SystemRootsystem32driversfwdrv.sys ZwClose

- ROOTKIT !!!
SSDT SystemRootsystem32driversfwdrv.sys ZwCreateFile

- ROOTKIT !!!
SSDT SystemRootsystem32driversfwdrv.sys ZwCreateKey

- ROOTKIT !!!
SSDT SystemRootsystem32driversfwdrv.sys ZwCreateProcess

- ROOTKIT !!!
SSDT SystemRootsystem32driversfwdrv.sys ZwCreateProcessEx

- ROOTKIT !!!
SSDT SystemRootsystem32driversfwdrv.sys ZwCreateThread

- ROOTKIT !!!
SSDT SystemRootsystem32driversfwdrv.sys ZwDeleteFile

- ROOTKIT !!!
SSDT SystemRootsystem32driversfwdrv.sys ZwDeleteKey

- ROOTKIT !!!
SSDT SystemRootsystem32driversfwdrv.sys ZwDeleteValueKey

- ROOTKIT !!!
SSDT ??C:WINDOWSsystem32wincom32.sys ZwEnumerateKey

- ROOTKIT !!!
SSDT ??C:WINDOWSsystem32wincom32.sys ZwEnumerateValueKey

- ROOTKIT !!!
SSDT SystemRootsystem32driverskhips.sys ZwLoadDriver

- ROOTKIT !!!
SSDT SystemRootsystem32driverskhips.sys ZwMapViewOfSection

- ROOTKIT !!!
SSDT SystemRootsystem32driversfwdrv.sys ZwOpenFile

- ROOTKIT !!!
SSDT SystemRootsystem32driversfwdrv.sys ZwOpenKey

- ROOTKIT !!!
SSDT ??C:WINDOWSsystem32wincom32.sys ZwQueryDirectoryFile

- ROOTKIT !!!
SSDT sptd.sys ZwQueryKey

- ROOTKIT !!!
SSDT sptd.sys ZwQueryValueKey

- ROOTKIT !!!
SSDT SystemRootsystem32driversfwdrv.sys ZwResumeThread

- ROOTKIT !!!
SSDT SystemRootsystem32driversfwdrv.sys ZwSetInformationFile

- ROOTKIT !!!
SSDT SystemRootsystem32driversfwdrv.sys ZwSetValueKey

- ROOTKIT !!!
SSDT SystemRootsystem32driversfwdrv.sys ZwWriteFile

- ROOTKIT !!!

INT 0x00 WINDOWSsystem32
toskrnl.exe 804DFBFF
INT 0x01 WINDOWSsystem32
toskrnl.exe 804DFD7C
INT 0x03 WINDOWSsystem32
toskrnl.exe 804E015B
INT 0x04 WINDOWSsystem32
toskrnl.exe 804E02E0
INT 0x05 WINDOWSsystem32
toskrnl.exe 804E0441
INT 0x06 WINDOWSsystem32
toskrnl.exe 804E05BF
INT 0x07 WINDOWSsystem32
toskrnl.exe 804E0C33
INT 0x09 WINDOWSsystem32
toskrnl.exe 804E1060
INT 0x0A WINDOWSsystem32
toskrnl.exe 804E1185
INT 0x0B WINDOWSsystem32
toskrnl.exe 804E12CA
INT 0x0C WINDOWSsystem32
toskrnl.exe 804E1530
INT 0x0D WINDOWSsystem32
toskrnl.exe 804E1827
INT 0x0E WINDOWSsystem32
toskrnl.exe 804E1F25
INT 0x0F WINDOWSsystem32
toskrnl.exe 804E225A
INT 0x10 WINDOWSsystem32
toskrnl.exe 804E237F
INT 0x11 WINDOWSsystem32
toskrnl.exe 804E24BD
INT 0x12 WINDOWSsystem32
toskrnl.exe 804E225A
INT 0x13 WINDOWSsystem32
toskrnl.exe 804E262B
INT 0x14 WINDOWSsystem32
toskrnl.exe 804E225A
INT 0x15 WINDOWSsystem32
toskrnl.exe 804E225A
INT 0x16 WINDOWSsystem32
toskrnl.exe 804E225A
INT 0x17 WINDOWSsystem32
toskrnl.exe 804E225A
INT 0x18 WINDOWSsystem32
toskrnl.exe 804E225A
INT 0x19 WINDOWSsystem32
toskrnl.exe 804E225A
INT 0x1A WINDOWSsystem32
toskrnl.exe 804E225A
INT 0x1B WINDOWSsystem32
toskrnl.exe 804E225A
INT 0x1C WINDOWSsystem32
toskrnl.exe 804E225A
INT 0x1D WINDOWSsystem32
toskrnl.exe 804E225A
INT 0x1E WINDOWSsystem32
toskrnl.exe 804E225A
INT 0x1F WINDOWSsystem32hal.dll 806EDFD0
INT 0x2A WINDOWSsystem32
toskrnl.exe 804DF417
INT 0x2B WINDOWSsystem32
toskrnl.exe 804DF522
INT 0x2C WINDOWSsystem32
toskrnl.exe 804DF6C7
INT 0x2D WINDOWSsystem32
toskrnl.exe 804E0032
INT 0x2E WINDOWSsystem32
toskrnl.exe 806D8764
INT 0x2F WINDOWSsystem32
toskrnl.exe 804E225A
INT 0x30 WINDOWSsystem32
toskrnl.exe 804DE560
INT 0x31 WINDOWSsystem32
toskrnl.exe 804DE56A
INT 0x32 WINDOWSsystem32
toskrnl.exe 804DE574
INT 0x33 WINDOWSsystem32
toskrnl.exe 804DE57E
INT 0x34 WINDOWSsystem32
toskrnl.exe 804DE588
INT 0x35 WINDOWSsystem32
toskrnl.exe 804DE592
INT 0x36 WINDOWSsystem32
toskrnl.exe 804DE59C
INT 0x37 WINDOWSsystem32hal.dll 806ED728
INT 0x38 WINDOWSsystem32
toskrnl.exe 804DE5B0
INT 0x39 WINDOWSsystem32
toskrnl.exe 804DE5BA
INT 0x3A WINDOWSsystem32
toskrnl.exe 804DE5C4
INT 0x3B WINDOWSsystem32
toskrnl.exe 804DE5CE
INT 0x3C WINDOWSsystem32
toskrnl.exe 804DE5D8
INT 0x3D WINDOWSsystem32hal.dll 806EEB70
INT 0x3E WINDOWSsystem32
toskrnl.exe 804DE5EC
INT 0x3F WINDOWSsystem32
toskrnl.exe 804DE5F6
INT 0x40 WINDOWSsystem32
toskrnl.exe 804DE600
INT 0x41 WINDOWSsystem32hal.dll 806EE9CC
INT 0x42 WINDOWSsystem32
toskrnl.exe 804DE614
INT 0x43 WINDOWSsystem32
toskrnl.exe 804DE61E
INT 0x44 WINDOWSsystem32
toskrnl.exe 804DE628
INT 0x45 WINDOWSsystem32
toskrnl.exe 804DE632
INT 0x46 WINDOWSsystem32
toskrnl.exe 804DE63C
INT 0x47 WINDOWSsystem32
toskrnl.exe 804DE646
INT 0x48 WINDOWSsystem32
toskrnl.exe 804DE650
INT 0x49 WINDOWSsystem32
toskrnl.exe 804DE65A
INT 0x4A WINDOWSsystem32
toskrnl.exe 804DE664
INT 0x4B WINDOWSsystem32
toskrnl.exe 804DE66E
INT 0x4C WINDOWSsystem32
toskrnl.exe 804DE678
INT 0x4D WINDOWSsystem32
toskrnl.exe 804DE682
INT 0x4E WINDOWSsystem32
toskrnl.exe 804DE68C
INT 0x4F WINDOWSsystem32
toskrnl.exe 804DE696
INT 0x50 WINDOWSsystem32hal.dll 806ED800
INT 0x51 WINDOWSsystem32
toskrnl.exe 804DE6AA
INT 0x52 WINDOWSsystem32
toskrnl.exe 804DE6B4
INT 0x53 WINDOWSsystem32
toskrnl.exe 804DE6BE
INT 0x54 WINDOWSsystem32
toskrnl.exe 804DE6C8
INT 0x55 WINDOWSsystem32
toskrnl.exe 804DE6D2
INT 0x56 WINDOWSsystem32
toskrnl.exe 804DE6DC
INT 0x57 WINDOWSsystem32
toskrnl.exe 804DE6E6
INT 0x58 WINDOWSsystem32
toskrnl.exe 804DE6F0
INT 0x59 WINDOWSsystem32
toskrnl.exe 804DE6FA
INT 0x5A WINDOWSsystem32
toskrnl.exe 804DE704
INT 0x5B WINDOWSsystem32
toskrnl.exe 804DE70E
INT 0x5C WINDOWSsystem32
toskrnl.exe 804DE718
INT 0x5D WINDOWSsystem32
toskrnl.exe 804DE722
INT 0x5E WINDOWSsystem32
toskrnl.exe 804DE72C
INT 0x5F WINDOWSsystem32
toskrnl.exe 804DE736
INT 0x60 WINDOWSsystem32
toskrnl.exe 804DE740
INT 0x61 WINDOWSsystem32
toskrnl.exe 804DE74A
INT 0x64 WINDOWSsystem32
toskrnl.exe 804DE768
INT 0x65 WINDOWSsystem32
toskrnl.exe 804DE772
INT 0x66 WINDOWSsystem32
toskrnl.exe 804DE77C
INT 0x67 WINDOWSsystem32
toskrnl.exe 804DE786
INT 0x68 WINDOWSsystem32
toskrnl.exe 804DE790
INT 0x69 WINDOWSsystem32
toskrnl.exe 804DE79A
INT 0x6A WINDOWSsystem32
toskrnl.exe 804DE7A4
INT 0x6B WINDOWSsystem32
toskrnl.exe 804DE7AE
INT 0x6C WINDOWSsystem32
toskrnl.exe 804DE7B8
INT 0x6D WINDOWSsystem32
toskrnl.exe 804DE7C2
INT 0x6E WINDOWSsystem32
toskrnl.exe 804DE7CC
INT 0x6F WINDOWSsystem32
toskrnl.exe 804DE7D6
INT 0x70 WINDOWSsystem32
toskrnl.exe 804DE7E0
INT 0x71 WINDOWSsystem32
toskrnl.exe 804DE7EA
INT 0x72 WINDOWSsystem32
toskrnl.exe 804DE7F4
INT 0x74 WINDOWSsystem32
toskrnl.exe 804DE808
INT 0x75 WINDOWSsystem32
toskrnl.exe

przez **niunka** » 29 Sty 2007, 17:16

Otwórz notatnik i wklej w nim to:

SC STOP MsaSvc
SC DELETE MsaSvc
DEL C:WINDOWSSystem32msasvc.exe
DEL C:WINDOWSSystem32ctpmon.exe
DEL C:WINDOWSSystem32 pcc.dll

Plik

zapisz jako

zmień rozszerzenie na wszystkie pliki

zapisz nadawajac mu nazwe FIX.BAT
W trybie awaryjnym odpal plik FIX.BAT i restart kompa

C:WINDOWSsystem32msasvc.exe
C:WINDOWSsystem32ctpmon.exe
C:WINDOWSsystem32ctpmon.exe
O4 - HKLM..Run: [System] C:WINDOWSsystem32kernels1118.exe
O4 - HKLM..Run: [sysinter] C:WINDOWSsystem32adirss.exe
O20 - AppInit_DLLs: c:windowssystem32ldcore.dll
O20 - Winlogon Notify: rpcc - C:WINDOWSsystem32
pcc.dll

Pliki recznie wpisy fix,w awaryjnym bez przywracania systemu.

daj nowe logi

prosze o ponowne sprawdzenie logów

Kto jest na forum