ComboFix 08-04-12.8 - Shreku 2008-04-13 16:43:20.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.319 [GMT 2:00]
Running from: C:\Documents and Settings\Shreku\Pulpit\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\rpcc.dll
.
((((((((((((((((((((((((( Files Created from 2008-03-13 to 2008-04-13 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-13 14:39 --------- d-----w C:\Documents and Settings\Shreku\Dane aplikacji\uTorrent
2002-11-19 15:01 28,672 ----a-w C:\Program Files\opera\program\plugins\PlugDef.dll
2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 11:47 31,744 --sh--r C:\WINDOWS\system32\msfDX.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-05-15 16:40 20421672]
"WhenUSave"="C:\Program Files\Save\Save.exe" [ ]
"µTorrent"="F:\Programy\uTorrent\utorrent.exe" [2007-07-28 05:59 224048]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2006-09-05 06:18 81920]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-05-10 16:36 2111176]
"Komunikator"="C:\Program Files\Tlen.pl\tlen.exe" [2006-12-01 17:11 1118208]
"uTorrent"="F:\Programy\uTorrent\utorrent.exe" [2007-07-28 05:59 224048]
"C:\Program Files\NetMeter\NetMeter.exe"="C:\Program Files\NetMeter\NetMeter.exe" [2004-03-04 15:47 266240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="NvQTwk" []
"nwiz"="nwiz.exe" [2002-05-03 11:06 364544 C:\WINDOWS\system32\nwiz.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe" [2004-02-23 00:44 32881]
"WooCnxMon"="C:\PROGRA~1\NEOSTR~1\CnxMon.exe" [2003-10-16 20:07 24576]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 12:38 866816]
"WOOWATCH"="C:\PROGRA~1\NEOSTR~1\Watch.exe" [2003-10-16 20:07 20480]
"WOOTASKBARICON"="C:\PROGRA~1\NEOSTR~1\taskbaricon.exe" [2003-10-16 20:07 53248]
"UpdReg"="C:\WINDOWS\Updreg.exe" [2000-05-11 02:00 90112]
"AHQInit"="C:\Program Files\Creative\SBLive\Program\AHQInit.exe" [2001-05-10 18:49 102400]
"AudioHQ"="C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE" [2001-08-17 18:01 180224]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 13:00 49152]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 11:22 517768]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-03-22 18:36:19 1183744]
Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk - C:\Program Files\SAGEM WiFi manager\WLANUTL.exe [2007-09-13 12:11:26 950272]
QuickTV.lnk - C:\Program Files\AVerTV2K\QuickTV.exe [2007-05-08 22:48:55 147456]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Antiwpa]
antiwpa.dll 2006-11-21 13:24 5376 C:\WINDOWS\system32\antiwpa.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"F:\\Programy\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\TC PowerPack\\TOTALCMD.EXE"=
"C:\\Program Files\\Yahoo! Games\\Zuma Deluxe\\Zuma.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\cus\\Internet Module\\graphobj.exe"=
"C:\\Program Files\\Tlen.pl\\tlen.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"80:TCP"= 80:TCP:enable
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundRouterRequest"= 1 (0x1)
R2 BT848;AVerMedia, AVerTV WDM Video Capture;C:\WINDOWS\system32\drivers\BT848.sys [2002-05-14 11:40]
R2 BTTUNER;AVerMedia, AVerTV WDM TvTuner;C:\WINDOWS\system32\drivers\BTTUNER.sys [2002-01-27 20:57]
R2 BTXBAR;AVerMedia, AVerTV WDM Crossbar;C:\WINDOWS\system32\drivers\BTXBAR.sys [2002-01-27 21:02]
R2 Harmonogram automatycznej usługi LiveUpdate;Harmonogram automatycznej usługi LiveUpdate;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2006-09-13 14:54]
R3 axsaki;axsaki;C:\WINDOWS\system32\DRIVERS\axsaki.sys [2003-03-30 22:38]
R3 axskbus;axskbus;C:\WINDOWS\system32\DRIVERS\axskbus.sys [2003-03-28 12:58]
S3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;C:\WINDOWS\system32\DRIVERS\WlanBZXP.sys [2007-01-10 10:14]
S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c317b207-a1bd-11db-973d-0007954c40f6}]
\Shell\AutoRun\command - I:\setup.exe
*Newly Created Service* - CATCHME
.
**************************************************************************
catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-13 16:44:42
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C:\\Program Files\\NetMeter\\NetMeter.exe"="C:\\Program Files\\NetMeter\\NetMeter.exe"
.
Completion time: 2008-04-13 16:45:24
ComboFix-quarantined-files.txt 2008-04-13 14:45:06
Pre-Run: 1,883,656,192 bajtów wolnych
Post-Run: 1,911,611,392 bajtów wolnych
Prosze o przejrzenie loga z ComboFix
Regulamin forum
1. Każdy temat powinien odzwierciedlać treść wątku.
2. W przypadku wklejania logów; należy je wykonać od razu przynajmniej z dwóch narzędzi: FRST oraz z GMER
3. Wszelkie logi proszę publikować na przeznaczonych do tego stronach a w poście wklejać tylko link.
4. Nie wskazane jest skracanie logów, należy wkleić cały - od początku, do końca.
5. Nie wskazane jest podczepianie się do tematów innych użytkowników - proszę założyć nowy temat w dziale Bezpieczeństwo, ułatwi to pomoc sprawdzającemu.
6. Osoby nie posiadające odpowiedniej wiedzy, nie powinny sprawdzać logów, ponieważ grozi to poważnym uszkodzeniem systemu lub aplikacji zainstalowanych na komputerze.
7. Należy dokładnie opisać problem, występujące objawy oraz wszelkie podjęte działania.
8. Każdy skrypt jest unikatowy, napisany dla każdego przypadku z osobna, więc nie może być stosowany przez innych.
9. W przypadku zamieszczenia zrzutu ekranu (screenshot'a) proszę korzystać z zewnętrznego serwisu oferującego hosting zdjęć.
1. Każdy temat powinien odzwierciedlać treść wątku.
2. W przypadku wklejania logów; należy je wykonać od razu przynajmniej z dwóch narzędzi: FRST oraz z GMER
3. Wszelkie logi proszę publikować na przeznaczonych do tego stronach a w poście wklejać tylko link.
4. Nie wskazane jest skracanie logów, należy wkleić cały - od początku, do końca.
5. Nie wskazane jest podczepianie się do tematów innych użytkowników - proszę założyć nowy temat w dziale Bezpieczeństwo, ułatwi to pomoc sprawdzającemu.
6. Osoby nie posiadające odpowiedniej wiedzy, nie powinny sprawdzać logów, ponieważ grozi to poważnym uszkodzeniem systemu lub aplikacji zainstalowanych na komputerze.
7. Należy dokładnie opisać problem, występujące objawy oraz wszelkie podjęte działania.
8. Każdy skrypt jest unikatowy, napisany dla każdego przypadku z osobna, więc nie może być stosowany przez innych.
9. W przypadku zamieszczenia zrzutu ekranu (screenshot'a) proszę korzystać z zewnętrznego serwisu oferującego hosting zdjęć.
14 posty(ów)
• Strona 1 z 1
przez huber2t » 13 Kwi 2008, 17:08
UA:
otwórz wiersz poleceń (start >> uruchom >> wpisz cmd)
w oknie które się otworzy wpisz sc stop ZDCndis5 >> Enter
potem druga komenda sc delete ZDCndis5 >> Enter
Log czysty
Pokaż log z HijackThis
w oknie które się otworzy wpisz sc stop ZDCndis5 >> Enter
potem druga komenda sc delete ZDCndis5 >> Enter
Log czysty
Pokaż log z HijackThis
-
huber2t - Zasłużony działacz forum
- Posty: 2798
- Dołączenie: 21 Mar 2008, 10:07
- Pochwały: 42
przez Shreku_13 » 13 Kwi 2008, 17:18
UA:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:17:15, on 2008-04-13
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
C:\PROGRA~1\NEOSTR~1\taskbaricon.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\taskbaricon.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
O4 - HKCU\..\Run: [µTorrent] "F:\Programy\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe
O4 - HKCU\..\Run: [uTorrent] "F:\Programy\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [C:\Program Files\NetMeter\NetMeter.exe] C:\Program Files\NetMeter\NetMeter.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk = ?
O4 - Global Startup: QuickTV.lnk = C:\Program Files\AVerTV2K\QuickTV.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Harmonogram automatycznej usługi LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
--
End of file - 7867 bytes
Scan saved at 17:17:15, on 2008-04-13
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
C:\PROGRA~1\NEOSTR~1\taskbaricon.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\taskbaricon.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
O4 - HKCU\..\Run: [µTorrent] "F:\Programy\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe
O4 - HKCU\..\Run: [uTorrent] "F:\Programy\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [C:\Program Files\NetMeter\NetMeter.exe] C:\Program Files\NetMeter\NetMeter.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk = ?
O4 - Global Startup: QuickTV.lnk = C:\Program Files\AVerTV2K\QuickTV.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Harmonogram automatycznej usługi LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
--
End of file - 7867 bytes
- Shreku_13
- Forumowicz
- Posty: 8
- Dołączenie: 13 Kwi 2008, 16:55
przez huber2t » 13 Kwi 2008, 17:20
UA:
Wyłącz przywracanie systemu na wszystkich dyskach.http://support.microsoft.com/kb/310405/pl
Fix w hijackthis:
Pobierz ComboFix, ale nie uruchamiaj
Wklej do notatnika:
Plik
zapisz jako CFScript.txt (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)
Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu
Powinno się rozpocząć usuwanie i powstanie log, daj ten log na forum.
Jeśli wszystko pójdzie dobrze, to po restarcie usuń ręcznie folder C: \Qoobox
Fix w hijackthis:
O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
Pobierz ComboFix, ale nie uruchamiaj
Wklej do notatnika:
- Kod: Zaznacz wszystko
File::
C:\Program Files\Save\Save.exe
Plik
zapisz jako CFScript.txt (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu
Powinno się rozpocząć usuwanie i powstanie log, daj ten log na forum.
Jeśli wszystko pójdzie dobrze, to po restarcie usuń ręcznie folder C: \Qoobox
-
huber2t - Zasłużony działacz forum
- Posty: 2798
- Dołączenie: 21 Mar 2008, 10:07
- Pochwały: 42
przez Shreku_13 » 13 Kwi 2008, 17:39
UA:
ComboFix 08-04-12.8 - Shreku 2008-04-13 17:32:53.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.304 [GMT 2:00]
Running from: C:\Documents and Settings\Shreku\Pulpit\ComboFix.exe
Command switches used :: C:\Documents and Settings\Shreku\Pulpit\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
C:\Program Files\Save\Save.exe
.
((((((((((((((((((((((((( Files Created from 2008-03-13 to 2008-04-13 )))))))))))))))))))))))))))))))
.
2008-04-13 17:17 . 2008-04-13 17:17 <DIR> d-------- C:\Program Files\Trend Micro
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-13 14:39 --------- d-----w C:\Documents and Settings\Shreku\Dane aplikacji\uTorrent
2002-11-19 15:01 28,672 ----a-w C:\Program Files\opera\program\plugins\PlugDef.dll
2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 11:47 31,744 --sh--r C:\WINDOWS\system32\msfDX.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-05-15 16:40 20421672]
"µTorrent"="F:\Programy\uTorrent\utorrent.exe" [2007-07-28 05:59 224048]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2006-09-05 06:18 81920]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-05-10 16:36 2111176]
"Komunikator"="C:\Program Files\Tlen.pl\tlen.exe" [2006-12-01 17:11 1118208]
"uTorrent"="F:\Programy\uTorrent\utorrent.exe" [2007-07-28 05:59 224048]
"C:\Program Files\NetMeter\NetMeter.exe"="C:\Program Files\NetMeter\NetMeter.exe" [2004-03-04 15:47 266240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="NvQTwk" []
"nwiz"="nwiz.exe" [2002-05-03 11:06 364544 C:\WINDOWS\system32\nwiz.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe" [2004-02-23 00:44 32881]
"WooCnxMon"="C:\PROGRA~1\NEOSTR~1\CnxMon.exe" [2003-10-16 20:07 24576]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 12:38 866816]
"WOOWATCH"="C:\PROGRA~1\NEOSTR~1\Watch.exe" [2003-10-16 20:07 20480]
"WOOTASKBARICON"="C:\PROGRA~1\NEOSTR~1\taskbaricon.exe" [2003-10-16 20:07 53248]
"UpdReg"="C:\WINDOWS\Updreg.exe" [2000-05-11 02:00 90112]
"AHQInit"="C:\Program Files\Creative\SBLive\Program\AHQInit.exe" [2001-05-10 18:49 102400]
"AudioHQ"="C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE" [2001-08-17 18:01 180224]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 13:00 49152]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 11:22 517768]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-03-22 18:36:19 1183744]
Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk - C:\Program Files\SAGEM WiFi manager\WLANUTL.exe [2007-09-13 12:11:26 950272]
QuickTV.lnk - C:\Program Files\AVerTV2K\QuickTV.exe [2007-05-08 22:48:55 147456]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Antiwpa]
antiwpa.dll 2006-11-21 13:24 5376 C:\WINDOWS\system32\antiwpa.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"F:\\Programy\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\TC PowerPack\\TOTALCMD.EXE"=
"C:\\Program Files\\Yahoo! Games\\Zuma Deluxe\\Zuma.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\cus\\Internet Module\\graphobj.exe"=
"C:\\Program Files\\Tlen.pl\\tlen.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"80:TCP"= 80:TCP:enable
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundRouterRequest"= 1 (0x1)
R2 BT848;AVerMedia, AVerTV WDM Video Capture;C:\WINDOWS\system32\drivers\BT848.sys [2002-05-14 11:40]
R2 BTTUNER;AVerMedia, AVerTV WDM TvTuner;C:\WINDOWS\system32\drivers\BTTUNER.sys [2002-01-27 20:57]
R2 BTXBAR;AVerMedia, AVerTV WDM Crossbar;C:\WINDOWS\system32\drivers\BTXBAR.sys [2002-01-27 21:02]
R2 Harmonogram automatycznej usługi LiveUpdate;Harmonogram automatycznej usługi LiveUpdate;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2006-09-13 14:54]
R3 axsaki;axsaki;C:\WINDOWS\system32\DRIVERS\axsaki.sys [2003-03-30 22:38]
R3 axskbus;axskbus;C:\WINDOWS\system32\DRIVERS\axskbus.sys [2003-03-28 12:58]
S3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;C:\WINDOWS\system32\DRIVERS\WlanBZXP.sys [2007-01-10 10:14]
*Newly Created Service* - CATCHME
.
**************************************************************************
catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-13 17:34:02
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C:\\Program Files\\NetMeter\\NetMeter.exe"="C:\\Program Files\\NetMeter\\NetMeter.exe"
.
Completion time: 2008-04-13 17:34:42
ComboFix-quarantined-files.txt 2008-04-13 15:34:35
ComboFix2.txt 2008-04-13 14:45:25
Pre-Run: 2,034,995,200 bajtów wolnych
Post-Run: 2,026,094,592 bajtów wolnych
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.304 [GMT 2:00]
Running from: C:\Documents and Settings\Shreku\Pulpit\ComboFix.exe
Command switches used :: C:\Documents and Settings\Shreku\Pulpit\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
C:\Program Files\Save\Save.exe
.
((((((((((((((((((((((((( Files Created from 2008-03-13 to 2008-04-13 )))))))))))))))))))))))))))))))
.
2008-04-13 17:17 . 2008-04-13 17:17 <DIR> d-------- C:\Program Files\Trend Micro
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-13 14:39 --------- d-----w C:\Documents and Settings\Shreku\Dane aplikacji\uTorrent
2002-11-19 15:01 28,672 ----a-w C:\Program Files\opera\program\plugins\PlugDef.dll
2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 11:47 31,744 --sh--r C:\WINDOWS\system32\msfDX.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-05-15 16:40 20421672]
"µTorrent"="F:\Programy\uTorrent\utorrent.exe" [2007-07-28 05:59 224048]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2006-09-05 06:18 81920]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-05-10 16:36 2111176]
"Komunikator"="C:\Program Files\Tlen.pl\tlen.exe" [2006-12-01 17:11 1118208]
"uTorrent"="F:\Programy\uTorrent\utorrent.exe" [2007-07-28 05:59 224048]
"C:\Program Files\NetMeter\NetMeter.exe"="C:\Program Files\NetMeter\NetMeter.exe" [2004-03-04 15:47 266240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="NvQTwk" []
"nwiz"="nwiz.exe" [2002-05-03 11:06 364544 C:\WINDOWS\system32\nwiz.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe" [2004-02-23 00:44 32881]
"WooCnxMon"="C:\PROGRA~1\NEOSTR~1\CnxMon.exe" [2003-10-16 20:07 24576]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 12:38 866816]
"WOOWATCH"="C:\PROGRA~1\NEOSTR~1\Watch.exe" [2003-10-16 20:07 20480]
"WOOTASKBARICON"="C:\PROGRA~1\NEOSTR~1\taskbaricon.exe" [2003-10-16 20:07 53248]
"UpdReg"="C:\WINDOWS\Updreg.exe" [2000-05-11 02:00 90112]
"AHQInit"="C:\Program Files\Creative\SBLive\Program\AHQInit.exe" [2001-05-10 18:49 102400]
"AudioHQ"="C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE" [2001-08-17 18:01 180224]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 13:00 49152]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 11:22 517768]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-03-22 18:36:19 1183744]
Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk - C:\Program Files\SAGEM WiFi manager\WLANUTL.exe [2007-09-13 12:11:26 950272]
QuickTV.lnk - C:\Program Files\AVerTV2K\QuickTV.exe [2007-05-08 22:48:55 147456]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Antiwpa]
antiwpa.dll 2006-11-21 13:24 5376 C:\WINDOWS\system32\antiwpa.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"F:\\Programy\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\TC PowerPack\\TOTALCMD.EXE"=
"C:\\Program Files\\Yahoo! Games\\Zuma Deluxe\\Zuma.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\cus\\Internet Module\\graphobj.exe"=
"C:\\Program Files\\Tlen.pl\\tlen.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"80:TCP"= 80:TCP:enable
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundRouterRequest"= 1 (0x1)
R2 BT848;AVerMedia, AVerTV WDM Video Capture;C:\WINDOWS\system32\drivers\BT848.sys [2002-05-14 11:40]
R2 BTTUNER;AVerMedia, AVerTV WDM TvTuner;C:\WINDOWS\system32\drivers\BTTUNER.sys [2002-01-27 20:57]
R2 BTXBAR;AVerMedia, AVerTV WDM Crossbar;C:\WINDOWS\system32\drivers\BTXBAR.sys [2002-01-27 21:02]
R2 Harmonogram automatycznej usługi LiveUpdate;Harmonogram automatycznej usługi LiveUpdate;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2006-09-13 14:54]
R3 axsaki;axsaki;C:\WINDOWS\system32\DRIVERS\axsaki.sys [2003-03-30 22:38]
R3 axskbus;axskbus;C:\WINDOWS\system32\DRIVERS\axskbus.sys [2003-03-28 12:58]
S3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;C:\WINDOWS\system32\DRIVERS\WlanBZXP.sys [2007-01-10 10:14]
*Newly Created Service* - CATCHME
.
**************************************************************************
catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-13 17:34:02
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C:\\Program Files\\NetMeter\\NetMeter.exe"="C:\\Program Files\\NetMeter\\NetMeter.exe"
.
Completion time: 2008-04-13 17:34:42
ComboFix-quarantined-files.txt 2008-04-13 15:34:35
ComboFix2.txt 2008-04-13 14:45:25
Pre-Run: 2,034,995,200 bajtów wolnych
Post-Run: 2,026,094,592 bajtów wolnych
- Shreku_13
- Forumowicz
- Posty: 8
- Dołączenie: 13 Kwi 2008, 16:55
przez huber2t » 13 Kwi 2008, 17:41
UA:
Log jest czysty
Windows Worms Doors Cleaner (WWDC) jest programem, służącym do zamykania portów i usług, przez które często przedostają się robaki. Nie trzeba już męczyć się edycją rejestru, czy innymi bardziej skomplikowanym narzędziami.
Jeśli po uruchomieniu WWDC widnieje jakiś czerwony krzyżyk, to zmieniamy go na zielony, tak jak poniżej:
http://www.fotosik.pl/showFullSize.php? ... 9ceca1cff7
Następnie komputer powinien uruchomić się ponownie. Porty, przez które przedostają się robaki powinny już być zamknięte (wszystkie znaczki zielone).
Czasem występują problemy z zamknięciem NetBIOSu, dlatego może on zostać ewentualnie na żółto.
Windows Worms Doors Cleaner (WWDC) jest programem, służącym do zamykania portów i usług, przez które często przedostają się robaki. Nie trzeba już męczyć się edycją rejestru, czy innymi bardziej skomplikowanym narzędziami.
Jeśli po uruchomieniu WWDC widnieje jakiś czerwony krzyżyk, to zmieniamy go na zielony, tak jak poniżej:
http://www.fotosik.pl/showFullSize.php? ... 9ceca1cff7
Następnie komputer powinien uruchomić się ponownie. Porty, przez które przedostają się robaki powinny już być zamknięte (wszystkie znaczki zielone).
Czasem występują problemy z zamknięciem NetBIOSu, dlatego może on zostać ewentualnie na żółto.
-
huber2t - Zasłużony działacz forum
- Posty: 2798
- Dołączenie: 21 Mar 2008, 10:07
- Pochwały: 42
przez Shreku_13 » 13 Kwi 2008, 18:07
UA:
Wielkie dzięki!
mam jeszcze jedno pytanie czy jakbym wstawił później kolejne logi tylko ze z drugiego komputera też być mógł rzucić na nie okiem?
i jeszcze jedno czy combofix pójdzie na windows vista?
mam jeszcze jedno pytanie czy jakbym wstawił później kolejne logi tylko ze z drugiego komputera też być mógł rzucić na nie okiem?
i jeszcze jedno czy combofix pójdzie na windows vista?
- Shreku_13
- Forumowicz
- Posty: 8
- Dołączenie: 13 Kwi 2008, 16:55
-
huber2t - Zasłużony działacz forum
- Posty: 2798
- Dołączenie: 21 Mar 2008, 10:07
- Pochwały: 42
przez Shreku_13 » 13 Kwi 2008, 20:59
UA:
oto log z HijackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:56:45, on 2008-04-13
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Sony\SonicStage\SSAAD.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.daemonsearch.com/pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe"
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: Bluetooth Monitor.lnk = ?
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?PL (file missing)
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - (no file)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 9066 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:56:45, on 2008-04-13
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Sony\SonicStage\SSAAD.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.daemonsearch.com/pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe"
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: Bluetooth Monitor.lnk = ?
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?PL (file missing)
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - (no file)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 9066 bytes
- Shreku_13
- Forumowicz
- Posty: 8
- Dołączenie: 13 Kwi 2008, 16:55
przez Shreku_13 » 13 Kwi 2008, 21:04
UA:
a oto Silent Runners:
"Silent Runners.vbs", revision 56, http://www.silentrunners.org/
Operating System: Windows Vista
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"TOSCDSPD" = "TOSCDSPD.EXE" ["TOSHIBA"]
"ehTray.exe" = "C:\Windows\ehome\ehTray.exe" [MS]
"Gadu-Gadu" = ""C:\Program Files\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu S.A."]
"Skype" = ""C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."]
"uTorrent" = ""C:\Program Files\uTorrent\uTorrent.exe"" [null data]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = ""C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"" ["Nero AG"]
"SsAAD.exe" = "C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [null data]
"WMPNSCFG" = "C:\Program Files\Windows Media Player\WMPNSCFG.exe" [MS]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Windows Defender" = "C:\Program Files\Windows Defender\MSASCui.exe -hide"
"RtHDVCpl" = "RtHDVCpl.exe" ["Realtek Semiconductor"]
"TPwrMain" = "C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE"
"HSON" = "C:\Program Files\TOSHIBA\TBS\HSON.exe"
"SmoothView" = "C:\Program Files\Toshiba\SmoothView\SmoothView.exe"
"00TCrdMain" = "C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe"
"KeNotify" = "C:\Program Files\TOSHIBA\Utilities\KeNotify.exe" [empty string]
"HWSetup" = "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP" ["TOSHIBA Electronics, Inc."]
"SVPWUTIL" = "C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL" ["TOSHIBA"]
"NDSTray.exe" = "NDSTray.exe" ["TOSHIBA CORPORATION"]
"topi" = "C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup" [null data]
"SynTPEnh" = "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" ["Synaptics, Inc."]
"Toshiba Registration" = "C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe" [null data]
"Camera Assistant Software" = ""C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe"" ["Chicony"]
"SynTPStart" = "C:\Program Files\Synaptics\SynTP\SynTPStart.exe" ["Synaptics, Inc."]
"NeroFilterCheck" = "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" ["Nero AG"]
"NvSvc" = "RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart" [MS]
"NvCplDaemon" = "RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup" [MS]
"NvMediaCenter" = "RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit" [MS]
"PCSuiteTrayApplication" = "C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup" ["Nokia"]
"Symantec PIF AlertEng" = ""C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"" ["Symantec Corporation"]
"Windows Mobile-based device management" = "C:\Windows\WindowsMobile\wmdSync.exe"
"TrojanScanner" = "C:\Program Files\Trojan Remover\Trjscan.exe" ["Simply Super Software"]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
{HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
{HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0\bin\ssv.dll" ["Sun Microsystems, Inc."]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{00020d75-0000-0000-c000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
{HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
{HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\Windows\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{2F603045-309F-11CF-9774-0020AFD0CFF6}" = "Synaptics Control Panel"
{HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Synaptics\SynTP\SynTPCpl.dll" ["Synaptics, Inc."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
{HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2}" = "NeroCoverEd Live Icons"
{HKLM...CLSID} = "NeroCoverEdLiveIcons Class"
\InProcServer32\(Default) = "C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"]
"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"
{HKLM...CLSID} = "NeroDigitalIconHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"
{HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
{HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
{HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
{HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\Windows\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{8A0BC933-7552-42E2-A228-3BE055777227}" = "AutoCAD DWG Column Handler"
{HKLM...CLSID} = "AcColumnHandler"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll" ["Autodesk"]
"{5800AD5B-72C1-477B-9A08-CA112DF06D97}" = "AutoCAD DWG InfoTip Handler"
{HKLM...CLSID} = "AcInfoTipHandler"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll" ["Autodesk"]
"{36A21736-36C2-4C11-8ACB-D4136F2B57BD}" = "Uchwyt nakładania ikony podpisu cyfrowego"
{HKLM...CLSID} = "AcSignIcon"
\InProcServer32\(Default) = "C:\Windows\system32\AcSignIcon.dll" ["Autodesk, Inc."]
"{AC1DB655-4F9A-4c39-8AD2-A65324A4C446}" = "Autodesk Drawing Preview"
{HKLM...CLSID} = "ACTHUMBNAIL"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Autodesk Shared\Thumbnail\AcThumbnail16.dll" ["Autodesk, Inc."]
"{ADC46291-D8A1-4486-A24C-86FFB392AEFA}" = "Autodesk Dgn File Preview"
{HKLM...CLSID} = "AcDgnImageExtractor"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Autodesk Shared\AcDgnCOM17.dll" ["Autodesk"]
"{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}" = "PhoneBrowser"
{HKLM...CLSID} = "Nokia Phone Browser"
\InProcServer32\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll" ["Nokia"]
"{52B87208-9CCF-42C9-B88E-069281105805}" = "Trojan Remover Shell Extension"
{HKLM...CLSID} = "Trojan Remover Shell Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\TROJAN~1\Trshlex.dll" ["Simply Super Software"]
HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
{HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]
HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"
{HKLM...CLSID} = "NeroDigitalColumnHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
{8A0BC933-7552-42E2-A228-3BE055777227}\(Default) = "AutoCAD DWG column info"
{HKLM...CLSID} = "AcColumnHandler"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll" ["Autodesk"]
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
{HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]
HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
Autodesk.DWF.ContextMenu\(Default) = "{6C18531F-CA85-45F7-8278-FF33CF0A5964}"
{HKLM...CLSID} = "DWFShellExt Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Autodesk Shared\dwf Common\DWFShellExtension.dll" ["Autodesk, Inc."]
Cover Designer\(Default) = "{73FCA462-9BD5-4065-A73F-A8E5F6904EF7}"
{HKLM...CLSID} = "NeroCoverEdContextMenu Class"
\InProcServer32\(Default) = "C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"]
Trojan Remover\(Default) = "{52B87208-9CCF-42C9-B88E-069281105805}"
{HKLM...CLSID} = "Trojan Remover Shell Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\TROJAN~1\Trshlex.dll" ["Simply Super Software"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
{HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
{HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
Trojan Remover\(Default) = "{52B87208-9CCF-42C9-B88E-069281105805}"
{HKLM...CLSID} = "Trojan Remover Shell Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\TROJAN~1\Trshlex.dll" ["Simply Super Software"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
{HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
Default executables:
--------------------
<<!>> HKCU\Software\Classes\.scr\(Default) = "AutoCADScriptFile"
<<!>> HKCU\Software\Classes\AutoCADScriptFile\shell\open\command\(Default) = ""C:\Windows\system32\notepad.exe" "%1"" [MS]
Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------
Note: detected settings may not have any effect.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\
"ConsentPromptBehaviorAdmin" = (REG_DWORD) dword:0x00000002
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Behavior Of The Elevation Prompt For Administrators In Admin Approval Mode}
"ConsentPromptBehaviorUser" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Behavior Of The Elevation Prompt For Standard Users}
"EnableInstallerDetection" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Detect Application Installations And Prompt For Elevation}
"EnableLUA" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Run All Administrators In Admin Approval Mode}
"EnableSecureUIAPaths" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Only elevate UIAccess applications that are installed in secure locations}
"EnableVirtualization" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Virtualize file and registry write failures to per-user locations}
"PromptOnSecureDesktop" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Switch to the secure desktop when prompting for elevation}
"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}
"undockwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}
"FilterAdministratorToken" = (REG_DWORD) dword:0x00000000
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Admin Approval Mode for the Built-in Administrator Account}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "D:\Zdjecia\martyna\dzialka u macka\101_4742.JPG"
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "D:\Zdjecia\martyna\dzialka u macka\101_4742.JPG"
Startup items in "user" & "All Users" startup folders:
------------------------------------------------------
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
"Bluetooth Monitor" shortcut to: "C:\Program Files\TOSHIBA\Bluetooth Monitor\BtMon2.exe" [" TOSHIBA CORPORATION"]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\system32\NLAapi.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000004\LibraryPath = "%SystemRoot%\system32\napinsp.dll" [MS]
000000000005\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS]
000000000006\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS]
000000000007\LibraryPath = "%SystemRoot%\system32\wshbth.dll" [MS]
Transport Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 29
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{F2CF5485-4E02-4F68-819C-B92DE9277049}"
{HKLM...CLSID} = "&Links"
\InProcServer32\(Default) = "C:\Windows\system32\ieframe.dll" [MS]
Explorer Bars
HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Badanie"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}"
{HKLM...CLSID} = "Java Plug-in 1.6.0"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll" ["Sun Microsystems, Inc."]
{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Badanie"
{C08CAF1D-C0A3-40D5-9970-06D067EAC017}\
"ButtonText" = "eBay"
"Exec" = "http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?PL" [file not found]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
Autokonfiguracja sieci WLAN, Wlansvc, "C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\System32\wlansvc.dll" [MS]}
ConfigFree Service, CFSvcs, "C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe" ["TOSHIBA CORPORATION"]
Indexing Service, CISVC, "C:\Windows\system32\CISVC.EXE" [MS]
Izolacja klucza CNG, KeyIso, "C:\Windows\system32\lsass.exe" [MS]
Konfiguracja usług terminalowych, SessionEnv, "C:\Windows\System32\svchost.exe -k netsvcs" {"C:\Windows\system32\sessenv.dll" [MS]}
LiveUpdate Notice Service, LiveUpdate Notice Service, ""C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll"" ["Symantec Corporation"]
Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS]
NMIndexingService, NMIndexingService, ""C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe"" ["Nero AG"]
Propagacja certyfikatu, CertPropSvc, "C:\Windows\system32\svchost.exe -k netsvcs" {"C:\Windows\System32\certprop.dll" [MS]}
Protokół uwierzytelniania rozszerzonego (EAP), EapHost, "C:\Windows\System32\svchost.exe -k netsvcs" {"C:\Windows\System32\eapsvc.dll" [MS]}
Przeglądarka komputera, Browser, "C:\Windows\System32\svchost.exe -k netsvcs" {"C:\Windows\System32\browser.dll" [MS]}
Rejestr zdalny, RemoteRegistry, "C:\Windows\system32\svchost.exe -k regsvc" {"C:\Windows\system32\regsvc.dll" [MS]}
ServiceLayer, ServiceLayer, ""C:\Program Files\PC Connectivity Solution\ServiceLayer.exe"" ["Nokia."]
SonicStage SCSI Service, SSScsiSV, "C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe" ["Sony Corporation"]
TOSHIBA Optical Disc Drive Service, TODDSrv, "C:\Windows\system32\TODDSrv.exe" ["TOSHIBA Corporation"]
TOSHIBA Power Saver, TosCoSrv, ""C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe"" ["TOSHIBA Corporation"]
Udostępnianie połączenia internetowego (ICS), SharedAccess, "C:\Windows\System32\svchost.exe -k netsvcs" {"C:\Windows\System32\ipnathlp.dll" [MS]}
Ulead Burning Helper, UleadBurningHelper, "C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe" ["Ulead Systems, Inc."]
Usługa bramy warstwy aplikacji, ALG, "C:\Windows\System32\alg.exe" [MS]
Usługa buforowania czcionek platformy Windows Presentation Foundation, wersja 3.0.0.0, FontCache3.0.0.0, "C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe" [MS]
Usługa obsługi Bluetooth, BthServ, "C:\Windows\system32\svchost.exe -k bthsvcs" {"C:\Windows\System32\bthserv.dll" [MS]}
Usługa udostępniania w sieci programu Windows Media Player, WMPNetworkSvc, ""C:\Program Files\Windows Media Player\wmpnetwk.exe"" [MS]
Windows Driver Foundation — User-mode Driver Framework, wudfsvc, "C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\System32\WUDFSvc.dll" [MS]}
Windows Image Acquisition (WIA), stisvc, "C:\Windows\system32\svchost.exe -k imgsvc" {"C:\Windows\System32\wiaservc.dll" [MS]}
Łączność urządzeń z systemem Windows Mobile, RapiMgr, "C:\Windows\system32\svchost.exe -k WindowsMobile" {"C:\Windows\WindowsMobile\rapimgr.dll" [MS]}
Łączność z urządzeniem z systemem Windows Mobile 2003, WcesComm, "C:\Windows\system32\svchost.exe -k WindowsMobile" {"C:\Windows\WindowsMobile\wcescomm.dll" [MS]}
Print Monitors:
---------------
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]
---------- (launch time: 2008-04-13 20:59:36)
<<!>>: Suspicious data at a malware launch point.
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 61 seconds.
---------- (total run time: 107 seconds)
"Silent Runners.vbs", revision 56, http://www.silentrunners.org/
Operating System: Windows Vista
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"TOSCDSPD" = "TOSCDSPD.EXE" ["TOSHIBA"]
"ehTray.exe" = "C:\Windows\ehome\ehTray.exe" [MS]
"Gadu-Gadu" = ""C:\Program Files\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu S.A."]
"Skype" = ""C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."]
"uTorrent" = ""C:\Program Files\uTorrent\uTorrent.exe"" [null data]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = ""C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"" ["Nero AG"]
"SsAAD.exe" = "C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [null data]
"WMPNSCFG" = "C:\Program Files\Windows Media Player\WMPNSCFG.exe" [MS]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Windows Defender" = "C:\Program Files\Windows Defender\MSASCui.exe -hide"
"RtHDVCpl" = "RtHDVCpl.exe" ["Realtek Semiconductor"]
"TPwrMain" = "C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE"
"HSON" = "C:\Program Files\TOSHIBA\TBS\HSON.exe"
"SmoothView" = "C:\Program Files\Toshiba\SmoothView\SmoothView.exe"
"00TCrdMain" = "C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe"
"KeNotify" = "C:\Program Files\TOSHIBA\Utilities\KeNotify.exe" [empty string]
"HWSetup" = "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP" ["TOSHIBA Electronics, Inc."]
"SVPWUTIL" = "C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL" ["TOSHIBA"]
"NDSTray.exe" = "NDSTray.exe" ["TOSHIBA CORPORATION"]
"topi" = "C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup" [null data]
"SynTPEnh" = "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" ["Synaptics, Inc."]
"Toshiba Registration" = "C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe" [null data]
"Camera Assistant Software" = ""C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe"" ["Chicony"]
"SynTPStart" = "C:\Program Files\Synaptics\SynTP\SynTPStart.exe" ["Synaptics, Inc."]
"NeroFilterCheck" = "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" ["Nero AG"]
"NvSvc" = "RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart" [MS]
"NvCplDaemon" = "RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup" [MS]
"NvMediaCenter" = "RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit" [MS]
"PCSuiteTrayApplication" = "C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup" ["Nokia"]
"Symantec PIF AlertEng" = ""C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"" ["Symantec Corporation"]
"Windows Mobile-based device management" = "C:\Windows\WindowsMobile\wmdSync.exe"
"TrojanScanner" = "C:\Program Files\Trojan Remover\Trjscan.exe" ["Simply Super Software"]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
{HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
{HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0\bin\ssv.dll" ["Sun Microsystems, Inc."]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{00020d75-0000-0000-c000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
{HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
{HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\Windows\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{2F603045-309F-11CF-9774-0020AFD0CFF6}" = "Synaptics Control Panel"
{HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Synaptics\SynTP\SynTPCpl.dll" ["Synaptics, Inc."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
{HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2}" = "NeroCoverEd Live Icons"
{HKLM...CLSID} = "NeroCoverEdLiveIcons Class"
\InProcServer32\(Default) = "C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"]
"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"
{HKLM...CLSID} = "NeroDigitalIconHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"
{HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
{HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
{HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
{HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\Windows\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{8A0BC933-7552-42E2-A228-3BE055777227}" = "AutoCAD DWG Column Handler"
{HKLM...CLSID} = "AcColumnHandler"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll" ["Autodesk"]
"{5800AD5B-72C1-477B-9A08-CA112DF06D97}" = "AutoCAD DWG InfoTip Handler"
{HKLM...CLSID} = "AcInfoTipHandler"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll" ["Autodesk"]
"{36A21736-36C2-4C11-8ACB-D4136F2B57BD}" = "Uchwyt nakładania ikony podpisu cyfrowego"
{HKLM...CLSID} = "AcSignIcon"
\InProcServer32\(Default) = "C:\Windows\system32\AcSignIcon.dll" ["Autodesk, Inc."]
"{AC1DB655-4F9A-4c39-8AD2-A65324A4C446}" = "Autodesk Drawing Preview"
{HKLM...CLSID} = "ACTHUMBNAIL"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Autodesk Shared\Thumbnail\AcThumbnail16.dll" ["Autodesk, Inc."]
"{ADC46291-D8A1-4486-A24C-86FFB392AEFA}" = "Autodesk Dgn File Preview"
{HKLM...CLSID} = "AcDgnImageExtractor"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Autodesk Shared\AcDgnCOM17.dll" ["Autodesk"]
"{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}" = "PhoneBrowser"
{HKLM...CLSID} = "Nokia Phone Browser"
\InProcServer32\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll" ["Nokia"]
"{52B87208-9CCF-42C9-B88E-069281105805}" = "Trojan Remover Shell Extension"
{HKLM...CLSID} = "Trojan Remover Shell Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\TROJAN~1\Trshlex.dll" ["Simply Super Software"]
HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
{HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]
HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"
{HKLM...CLSID} = "NeroDigitalColumnHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
{8A0BC933-7552-42E2-A228-3BE055777227}\(Default) = "AutoCAD DWG column info"
{HKLM...CLSID} = "AcColumnHandler"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll" ["Autodesk"]
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
{HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]
HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
Autodesk.DWF.ContextMenu\(Default) = "{6C18531F-CA85-45F7-8278-FF33CF0A5964}"
{HKLM...CLSID} = "DWFShellExt Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Autodesk Shared\dwf Common\DWFShellExtension.dll" ["Autodesk, Inc."]
Cover Designer\(Default) = "{73FCA462-9BD5-4065-A73F-A8E5F6904EF7}"
{HKLM...CLSID} = "NeroCoverEdContextMenu Class"
\InProcServer32\(Default) = "C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"]
Trojan Remover\(Default) = "{52B87208-9CCF-42C9-B88E-069281105805}"
{HKLM...CLSID} = "Trojan Remover Shell Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\TROJAN~1\Trshlex.dll" ["Simply Super Software"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
{HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
{HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
Trojan Remover\(Default) = "{52B87208-9CCF-42C9-B88E-069281105805}"
{HKLM...CLSID} = "Trojan Remover Shell Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\TROJAN~1\Trshlex.dll" ["Simply Super Software"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
{HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
Default executables:
--------------------
<<!>> HKCU\Software\Classes\.scr\(Default) = "AutoCADScriptFile"
<<!>> HKCU\Software\Classes\AutoCADScriptFile\shell\open\command\(Default) = ""C:\Windows\system32\notepad.exe" "%1"" [MS]
Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------
Note: detected settings may not have any effect.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\
"ConsentPromptBehaviorAdmin" = (REG_DWORD) dword:0x00000002
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Behavior Of The Elevation Prompt For Administrators In Admin Approval Mode}
"ConsentPromptBehaviorUser" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Behavior Of The Elevation Prompt For Standard Users}
"EnableInstallerDetection" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Detect Application Installations And Prompt For Elevation}
"EnableLUA" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Run All Administrators In Admin Approval Mode}
"EnableSecureUIAPaths" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Only elevate UIAccess applications that are installed in secure locations}
"EnableVirtualization" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Virtualize file and registry write failures to per-user locations}
"PromptOnSecureDesktop" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Switch to the secure desktop when prompting for elevation}
"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}
"undockwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}
"FilterAdministratorToken" = (REG_DWORD) dword:0x00000000
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Admin Approval Mode for the Built-in Administrator Account}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "D:\Zdjecia\martyna\dzialka u macka\101_4742.JPG"
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "D:\Zdjecia\martyna\dzialka u macka\101_4742.JPG"
Startup items in "user" & "All Users" startup folders:
------------------------------------------------------
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
"Bluetooth Monitor"
shortcut to: "C:\Program Files\TOSHIBA\Bluetooth Monitor\BtMon2.exe" [" TOSHIBA CORPORATION"]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\system32\NLAapi.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000004\LibraryPath = "%SystemRoot%\system32\napinsp.dll" [MS]
000000000005\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS]
000000000006\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS]
000000000007\LibraryPath = "%SystemRoot%\system32\wshbth.dll" [MS]
Transport Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 29
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{F2CF5485-4E02-4F68-819C-B92DE9277049}"
{HKLM...CLSID} = "&Links"
\InProcServer32\(Default) = "C:\Windows\system32\ieframe.dll" [MS]
Explorer Bars
HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Badanie"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}"
{HKLM...CLSID} = "Java Plug-in 1.6.0"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll" ["Sun Microsystems, Inc."]
{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Badanie"
{C08CAF1D-C0A3-40D5-9970-06D067EAC017}\
"ButtonText" = "eBay"
"Exec" = "http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?PL" [file not found]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
Autokonfiguracja sieci WLAN, Wlansvc, "C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\System32\wlansvc.dll" [MS]}
ConfigFree Service, CFSvcs, "C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe" ["TOSHIBA CORPORATION"]
Indexing Service, CISVC, "C:\Windows\system32\CISVC.EXE" [MS]
Izolacja klucza CNG, KeyIso, "C:\Windows\system32\lsass.exe" [MS]
Konfiguracja usług terminalowych, SessionEnv, "C:\Windows\System32\svchost.exe -k netsvcs" {"C:\Windows\system32\sessenv.dll" [MS]}
LiveUpdate Notice Service, LiveUpdate Notice Service, ""C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll"" ["Symantec Corporation"]
Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS]
NMIndexingService, NMIndexingService, ""C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe"" ["Nero AG"]
Propagacja certyfikatu, CertPropSvc, "C:\Windows\system32\svchost.exe -k netsvcs" {"C:\Windows\System32\certprop.dll" [MS]}
Protokół uwierzytelniania rozszerzonego (EAP), EapHost, "C:\Windows\System32\svchost.exe -k netsvcs" {"C:\Windows\System32\eapsvc.dll" [MS]}
Przeglądarka komputera, Browser, "C:\Windows\System32\svchost.exe -k netsvcs" {"C:\Windows\System32\browser.dll" [MS]}
Rejestr zdalny, RemoteRegistry, "C:\Windows\system32\svchost.exe -k regsvc" {"C:\Windows\system32\regsvc.dll" [MS]}
ServiceLayer, ServiceLayer, ""C:\Program Files\PC Connectivity Solution\ServiceLayer.exe"" ["Nokia."]
SonicStage SCSI Service, SSScsiSV, "C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe" ["Sony Corporation"]
TOSHIBA Optical Disc Drive Service, TODDSrv, "C:\Windows\system32\TODDSrv.exe" ["TOSHIBA Corporation"]
TOSHIBA Power Saver, TosCoSrv, ""C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe"" ["TOSHIBA Corporation"]
Udostępnianie połączenia internetowego (ICS), SharedAccess, "C:\Windows\System32\svchost.exe -k netsvcs" {"C:\Windows\System32\ipnathlp.dll" [MS]}
Ulead Burning Helper, UleadBurningHelper, "C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe" ["Ulead Systems, Inc."]
Usługa bramy warstwy aplikacji, ALG, "C:\Windows\System32\alg.exe" [MS]
Usługa buforowania czcionek platformy Windows Presentation Foundation, wersja 3.0.0.0, FontCache3.0.0.0, "C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe" [MS]
Usługa obsługi Bluetooth, BthServ, "C:\Windows\system32\svchost.exe -k bthsvcs" {"C:\Windows\System32\bthserv.dll" [MS]}
Usługa udostępniania w sieci programu Windows Media Player, WMPNetworkSvc, ""C:\Program Files\Windows Media Player\wmpnetwk.exe"" [MS]
Windows Driver Foundation — User-mode Driver Framework, wudfsvc, "C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\System32\WUDFSvc.dll" [MS]}
Windows Image Acquisition (WIA), stisvc, "C:\Windows\system32\svchost.exe -k imgsvc" {"C:\Windows\System32\wiaservc.dll" [MS]}
Łączność urządzeń z systemem Windows Mobile, RapiMgr, "C:\Windows\system32\svchost.exe -k WindowsMobile" {"C:\Windows\WindowsMobile\rapimgr.dll" [MS]}
Łączność z urządzeniem z systemem Windows Mobile 2003, WcesComm, "C:\Windows\system32\svchost.exe -k WindowsMobile" {"C:\Windows\WindowsMobile\wcescomm.dll" [MS]}
Print Monitors:
---------------
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]
---------- (launch time: 2008-04-13 20:59:36)
<<!>>: Suspicious data at a malware launch point.
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 61 seconds.
---------- (total run time: 107 seconds)
- Shreku_13
- Forumowicz
- Posty: 8
- Dołączenie: 13 Kwi 2008, 16:55
przez huber2t » 14 Kwi 2008, 03:32
UA:
fix w hijackthis
W logu z SR nie widzę nic podejrzanego
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
O9 - Extra button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?PL (file missing)
O13 - Gopher Prefix:
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - (no file)
W logu z SR nie widzę nic podejrzanego
-
huber2t - Zasłużony działacz forum
- Posty: 2798
- Dołączenie: 21 Mar 2008, 10:07
- Pochwały: 42
przez Shreku_13 » 14 Kwi 2008, 05:08
UA:
oto jeszcze wyniki skanowania kasperskim online:
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
14 kwiecień 2008 05:05:03
System operacyjny: Microsoft Windows Vista Home Edition, (Build 6000)
Kaspersky Online Scanner wersja: 5.0.98.0
Ostatnia aktualizacja Kaspersky Anti-Virus13/04/2008
Liczba wpisów w bazie danych Kaspersky Anti-Virus702181
-------------------------------------------------------------------------------
Ustawienia skanowania:
Skanowanie przy użyciu następujących baz danych: rozszerzone
Skanuj archiwa: tak
Skanuj pocztowe bazy danych: tak
Obszar skanowania - Mój komputer:
C:\
D:\
F:\
G:\
Statystyki skanowania:
Liczba skanowanych obiektów: 123464
Liczba wykrytych wirusów: 3
Liczba zainfekowanych obiektów: 4
Liczba podejrzanych obiektów: 0
Czas trwania skanowania: 01:26:39
Nazwa zainfekowanego obiektu / Nazwa wirusa / Ostatnie działanie
C:\Boot\BCD Object is locked pominięty
C:\Boot\BCD.LOG Object is locked pominięty
C:\Program Files\AdVantage\TR.dll Zainfekowanych: not-a-virus:AdTool.Win32.WhenU.r pominięty
C:\Program Files\DAEMON Tools SearchBar\search.dll Zainfekowanych: not-a-virus:AdTool.Win32.WhenU.c pominięty
C:\Program Files\InstallShield Installation Information\{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}\Setup.ilg Object is locked pominięty
C:\Program Files\InstallShield Installation Information\{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}\Setup.ilg Object is locked pominięty
C:\Program Files\InstallShield Installation Information\{5279374D-87FE-4879-9385-F17278EBB9D3}\Setup.ilg Object is locked pominięty
C:\Program Files\InstallShield Installation Information\{620BBA5E-F848-4D56-8BDA-584E44584C5E}\Setup.ilg Object is locked pominięty
C:\Program Files\InstallShield Installation Information\{A644254B-92F6-4970-8635-AB0775371E72}\setup.ilg Object is locked pominięty
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4455ca6d155dc998fe1a3b3b54730b7f_920b701c-ce03-4625-b77b-40a34bc94e46 Object is locked pominięty
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9729c1d3ec7243ce22848408e50b636e_920b701c-ce03-4625-b77b-40a34bc94e46 Object is locked pominięty
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9cf35cd54af14bae7e8dd327f79d447e_920b701c-ce03-4625-b77b-40a34bc94e46 Object is locked pominięty
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f686aace6942fb7f7ceb231212eef4a4_920b701c-ce03-4625-b77b-40a34bc94e46 Object is locked pominięty
C:\ProgramData\Microsoft\Windows\DRM\drmstore.hds Object is locked pominięty
C:\Users\user\AppData\Local\Microsoft\Media Player\CurrentDatabase_360.wmdb Object is locked pominięty
C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1024.db Object is locked pominięty
C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db Object is locked pominięty
C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db Object is locked pominięty
C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db Object is locked pominięty
C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db Object is locked pominięty
C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db Object is locked pominięty
C:\Users\user\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked pominięty
C:\Users\user\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008041320080414\index.dat Object is locked pominięty
C:\Users\user\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat Object is locked pominięty
C:\Users\user\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012008041320080414\index.dat Object is locked pominięty
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked pominięty
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat Object is locked pominięty
C:\Users\user\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked pominięty
C:\Users\user\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked pominięty
C:\Users\user\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked pominięty
C:\Users\user\AppData\Local\Microsoft\Windows\UsrClass.dat{104bd9d4-45a3-11dc-8d31-001b3816c8ea}.TM.blf Object is locked pominięty
C:\Users\user\AppData\Local\Microsoft\Windows\UsrClass.dat{104bd9d4-45a3-11dc-8d31-001b3816c8ea}.TMContainer00000000000000000001.regtrans-ms Object is locked pominięty
C:\Users\user\AppData\Local\Microsoft\Windows\UsrClass.dat{104bd9d4-45a3-11dc-8d31-001b3816c8ea}.TMContainer00000000000000000002.regtrans-ms Object is locked pominięty
C:\Users\user\AppData\Local\Microsoft\Feeds Cache\index.dat Object is locked pominięty
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked pominięty
C:\Users\user\AppData\Local\Microsoft\Windows Defender\FileTracker\{AD802423-8716-4702-8FF6-F8AE6FF3F1D1} Object is locked pominięty
C:\Users\user\AppData\Local\Ahead\Nero Home\bl.db Object is locked pominięty
C:\Users\user\AppData\Local\Ahead\Nero Home\is2.db Object is locked pominięty
C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\e7sea8ha.default\Cache\_CACHE_001_ Object is locked pominięty
C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\e7sea8ha.default\Cache\_CACHE_002_ Object is locked pominięty
C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\e7sea8ha.default\Cache\_CACHE_003_ Object is locked pominięty
C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\e7sea8ha.default\Cache\_CACHE_MAP_ Object is locked pominięty
C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\e7sea8ha.default\XUL.mfl Object is locked pominięty
C:\Users\user\AppData\Local\Temp\IMG902D.tmp Object is locked pominięty
C:\Users\user\AppData\Local\Temp\~DF200.tmp Object is locked pominięty
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked pominięty
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat Object is locked pominięty
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\e7sea8ha.default\cert8.db Object is locked pominięty
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\e7sea8ha.default\formhistory.dat Object is locked pominięty
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\e7sea8ha.default\GoogleToolbarData\googlesafebrowsing.db Object is locked pominięty
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\e7sea8ha.default\history.dat Object is locked pominięty
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\e7sea8ha.default\key3.db Object is locked pominięty
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\e7sea8ha.default\parent.lock Object is locked pominięty
C:\Users\user\AppData\Roaming\Opera\Opera\Mail\store\account2\2006-03.mbs/[From "Marzena ...." <[email protected]>][Date Thu, 30 Mar 2006 22:10:22 +0200]/co.o.tobie.mysle.exe Zainfekowanych: Backdoor.Win32.Delf.acq pominięty
C:\Users\user\AppData\Roaming\Opera\Opera\Mail\store\account2\2006-03.mbs Mail Berkeley mbox: zainfekowany - 1 pominięty
C:\Users\user\AppData\Roaming\Skype\sosnowski_m\call256.dbb Object is locked pominięty
C:\Users\user\AppData\Roaming\Skype\sosnowski_m\callmember256.dbb Object is locked pominięty
C:\Users\user\AppData\Roaming\Skype\sosnowski_m\chat512.dbb Object is locked pominięty
C:\Users\user\AppData\Roaming\Skype\sosnowski_m\chatmember256.dbb Object is locked pominięty
C:\Users\user\AppData\Roaming\Skype\sosnowski_m\chatmsg1024.dbb Object is locked pominięty
C:\Users\user\AppData\Roaming\Skype\sosnowski_m\chatmsg16384.dbb Object is locked pominięty
C:\Users\user\AppData\Roaming\Skype\sosnowski_m\chatmsg256.dbb Object is locked pominięty
C:\Users\user\AppData\Roaming\Skype\sosnowski_m\chatmsg512.dbb Object is locked pominięty
C:\Users\user\AppData\Roaming\Skype\sosnowski_m\contactgroup256.dbb Object is locked pominięty
C:\Users\user\AppData\Roaming\Skype\sosnowski_m\dyncontent\bundle.dat Object is locked pominięty
C:\Users\user\AppData\Roaming\Skype\sosnowski_m\index2.dat Object is locked pominięty
C:\Users\user\AppData\Roaming\Skype\sosnowski_m\profile4096.dbb Object is locked pominięty
C:\Users\user\AppData\Roaming\Skype\sosnowski_m\transfer256.dbb Object is locked pominięty
C:\Users\user\AppData\Roaming\Skype\sosnowski_m\transfer512.dbb Object is locked pominięty
C:\Users\user\AppData\Roaming\Skype\sosnowski_m\user1024.dbb Object is locked pominięty
C:\Users\user\AppData\Roaming\Skype\sosnowski_m\user16384.dbb Object is locked pominięty
C:\Users\user\AppData\Roaming\Skype\sosnowski_m\user256.dbb Object is locked pominięty
C:\Users\user\AppData\Roaming\Skype\sosnowski_m\user4096.dbb Object is locked pominięty
C:\Users\user\AppData\Roaming\Skype\sosnowski_m\voicemail256.dbb Object is locked pominięty
C:\Users\user\ntuser.dat Object is locked pominięty
C:\Users\user\ntuser.dat.LOG1 Object is locked pominięty
C:\Users\user\ntuser.dat.LOG2 Object is locked pominięty
C:\Users\user\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf Object is locked pominięty
C:\Users\user\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms Object is locked pominięty
C:\Users\user\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms Object is locked pominięty
C:\Windows\bthservsdp.dat Object is locked pominięty
C:\Windows\Debug\PASSWD.LOG Object is locked pominięty
C:\Windows\Debug\sam.log Object is locked pominięty
C:\Windows\Debug\WIA\wiatrace.log Object is locked pominięty
C:\Windows\Installer\MSIDC33.tmp Object is locked pominięty
C:\Windows\Logs\CBS\CBS.log Object is locked pominięty
C:\Windows\Logs\CBS\CBS.persist.log Object is locked pominięty
C:\Windows\Logs\DPX\setupact.log Object is locked pominięty
C:\Windows\Logs\DPX\setuperr.log Object is locked pominięty
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe.config Object is locked pominięty
C:\Windows\Panther\UnattendGC\diagerr.xml Object is locked pominięty
C:\Windows\Panther\UnattendGC\diagwrn.xml Object is locked pominięty
C:\Windows\Panther\UnattendGC\setupact.log Object is locked pominięty
C:\Windows\Panther\UnattendGC\setuperr.log Object is locked pominięty
C:\Windows\security\database\secedit.sdb Object is locked pominięty
C:\Windows\SoftwareDistribution\ReportingEvents.log Object is locked pominięty
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 Object is locked pominięty
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 Object is locked pominięty
C:\Windows\System32\catroot2\edb.log Object is locked pominięty
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked pominięty
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked pominięty
C:\Windows\System32\config\components Object is locked pominięty
C:\Windows\System32\config\COMPONENTS.LOG1 Object is locked pominięty
C:\Windows\System32\config\COMPONENTS.LOG2 Object is locked pominięty
C:\Windows\System32\config\default Object is locked pominięty
C:\Windows\System32\config\DEFAULT.LOG1 Object is locked pominięty
C:\Windows\System32\config\DEFAULT.LOG2 Object is locked pominięty
C:\Windows\System32\config\sam Object is locked pominięty
C:\Windows\System32\config\SAM.LOG1 Object is locked pominięty
C:\Windows\System32\config\SAM.LOG2 Object is locked pominięty
C:\Windows\System32\config\security Object is locked pominięty
C:\Windows\System32\config\SECURITY.LOG1 Object is locked pominięty
C:\Windows\System32\config\SECURITY.LOG2 Object is locked pominięty
C:\Windows\System32\config\software Object is locked pominięty
C:\Windows\System32\config\SOFTWARE.LOG1 Object is locked pominięty
C:\Windows\System32\config\SOFTWARE.LOG2 Object is locked pominięty
C:\Windows\System32\config\system Object is locked pominięty
C:\Windows\System32\config\SYSTEM.LOG1 Object is locked pominięty
C:\Windows\System32\config\SYSTEM.LOG2 Object is locked pominięty
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TM.blf Object is locked pominięty
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000001.regtrans-ms Object is locked pominięty
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000002.regtrans-ms Object is locked pominięty
C:\Windows\System32\drivers\sptd.sys Object is locked pominięty
C:\Windows\System32\LogFiles\Scm\SCM.EVM Object is locked pominięty
C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl Object is locked pominięty
C:\Windows\System32\restore\MachineGuid.txt Object is locked pominięty
C:\Windows\System32\spool\SpoolerETW.etl Object is locked pominięty
C:\Windows\System32\sysprep\Panther\diagerr.xml Object is locked pominięty
C:\Windows\System32\sysprep\Panther\diagwrn.xml Object is locked pominięty
C:\Windows\System32\sysprep\Panther\setupact.log Object is locked pominięty
C:\Windows\System32\sysprep\Panther\setuperr.log Object is locked pominięty
C:\Windows\System32\wbem\AutoRecover\3460B7617E0429A960E481B197F238A3.mof Object is locked pominięty
C:\Windows\System32\wbem\AutoRecover\8A94AF24F162D580E3D9889344A3A317.mof Object is locked pominięty
C:\Windows\System32\wbem\Logs\WMITracing.log Object is locked pominięty
C:\Windows\System32\wbem\repository\INDEX.BTR Object is locked pominięty
C:\Windows\System32\wbem\repository\MAPPING1.MAP Object is locked pominięty
C:\Windows\System32\wbem\repository\MAPPING2.MAP Object is locked pominięty
C:\Windows\System32\wbem\repository\OBJECTS.DATA Object is locked pominięty
C:\Windows\System32\winevt\Logs\Application.evtx Object is locked pominięty
C:\Windows\System32\winevt\Logs\DFS Replication.evtx Object is locked pominięty
C:\Windows\System32\winevt\Logs\HardwareEvents.evtx Object is locked pominięty
C:\Windows\System32\winevt\Logs\Internet Explorer.evtx Object is locked pominięty
C:\Windows\System32\winevt\Logs\Key Management Service.evtx Object is locked pominięty
C:\Windows\System32\winevt\Logs\Media Center.evtx Object is locked pominięty
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx Object is locked pominięty
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx Object is locked pominięty
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CorruptedFileRecovery-Client%4Operational.evtx Object is locked pominięty
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CorruptedFileRecovery-Server%4Operational.evtx Object is locked pominięty
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DateTimeControlPanel%4Operational.evtx Object is locked pominięty
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx Object is locked pominięty
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-MSDT%4Operational.evtx Object is locked pominięty
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-PLA%4Operational.evtx Object is locked pominięty
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Networking%4Operational.evtx Object is locked pominięty
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx Object is locked pominięty
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnostic%4Operational.evtx Object is locked pominięty
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnosticDataCollector%4Operational.evtx Object is locked pominięty
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx Object is locked pominięty
C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx Object is locked pominięty
C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx Object is locked pominięty
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx Object is locked pominięty
C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx Object is locked pominięty
C:\Windows\System32\winevt\Logs\Microsoft-Windows-MUI%4Operational.evtx Object is locked pominięty
C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx Object is locked pominięty
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ParentalControls%4Operational.evtx Object is locked pominięty
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Program-Compatibility-Assistant%4Operational.evtx Object is locked pominięty
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx Object is locked pominięty
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx Object is locked pominięty
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RemoteAssistance%4Admin.evtx Object is locked pominięty
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RemoteAssistance%4Operational.evtx Object is locked pominięty
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx Object is locked pominięty
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx Object is locked pominięty
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Leak-Diagnostic%4Operational.evtx Object is locked pominięty
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx Object is locked pominięty
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx Object is locked pominięty
C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC%4Operational.evtx Object is locked pominięty
C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC-FileVirtualization%4Operational.evtx Object is locked pominięty
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx Object is locked pominięty
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Winsock-WS2HELP%4Operational.evtx Object is locked pominięty
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WLAN-AutoConfig%4Operational.evtx Object is locked pominięty
C:\Windows\System32\winevt\Logs\Security.evtx Object is locked pominięty
C:\Windows\System32\winevt\Logs\Setup.evtx Object is locked pominięty
C:\Windows\System32\winevt\Logs\System.evtx Object is locked pominięty
C:\Windows\Tasks\SCHEDLGU.TXT Object is locked pominięty
C:\Windows\WindowsUpdate.log Object is locked pominięty
C:\Windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6000.16386_none_cef7ceb03914a67f\dnary.xsd Object is locked pominięty
Proces skanowania został zakończony
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
14 kwiecień 2008 05:05:03
System operacyjny: Microsoft Windows Vista Home Edition, (Build 6000)
Kaspersky Online Scanner wersja: 5.0.98.0
Ostatnia aktualizacja Kaspersky Anti-Virus13/04/2008
Liczba wpisów w bazie danych Kaspersky Anti-Virus702181
-------------------------------------------------------------------------------
Ustawienia skanowania:
Skanowanie przy użyciu następujących baz danych: rozszerzone
Skanuj archiwa: tak
Skanuj pocztowe bazy danych: tak
Obszar skanowania - Mój komputer:
C:\
D:\
F:\
G:\
Statystyki skanowania:
Liczba skanowanych obiektów: 123464
Liczba wykrytych wirusów: 3
Liczba zainfekowanych obiektów: 4
Liczba podejrzanych obiektów: 0
Czas trwania skanowania: 01:26:39
Nazwa zainfekowanego obiektu / Nazwa wirusa / Ostatnie działanie
C:\Boot\BCD Object is locked pominięty
C:\Boot\BCD.LOG Object is locked pominięty
C:\Program Files\AdVantage\TR.dll Zainfekowanych: not-a-virus:AdTool.Win32.WhenU.r pominięty
C:\Program Files\DAEMON Tools SearchBar\search.dll Zainfekowanych: not-a-virus:AdTool.Win32.WhenU.c pominięty
C:\Program Files\InstallShield Installation Information\{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}\Setup.ilg Object is locked pominięty
C:\Program Files\InstallShield Installation Information\{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}\Setup.ilg Object is locked pominięty
C:\Program Files\InstallShield Installation Information\{5279374D-87FE-4879-9385-F17278EBB9D3}\Setup.ilg Object is locked pominięty
C:\Program Files\InstallShield Installation Information\{620BBA5E-F848-4D56-8BDA-584E44584C5E}\Setup.ilg Object is locked pominięty
C:\Program Files\InstallShield Installation Information\{A644254B-92F6-4970-8635-AB0775371E72}\setup.ilg Object is locked pominięty
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4455ca6d155dc998fe1a3b3b54730b7f_920b701c-ce03-4625-b77b-40a34bc94e46 Object is locked pominięty
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9729c1d3ec7243ce22848408e50b636e_920b701c-ce03-4625-b77b-40a34bc94e46 Object is locked pominięty
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9cf35cd54af14bae7e8dd327f79d447e_920b701c-ce03-4625-b77b-40a34bc94e46 Object is locked pominięty
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f686aace6942fb7f7ceb231212eef4a4_920b701c-ce03-4625-b77b-40a34bc94e46 Object is locked pominięty
C:\ProgramData\Microsoft\Windows\DRM\drmstore.hds Object is locked pominięty
C:\Users\user\AppData\Local\Microsoft\Media Player\CurrentDatabase_360.wmdb Object is locked pominięty
C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1024.db Object is locked pominięty
C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db Object is locked pominięty
C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db Object is locked pominięty
C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db Object is locked pominięty
C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db Object is locked pominięty
C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db Object is locked pominięty
C:\Users\user\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked pominięty
C:\Users\user\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008041320080414\index.dat Object is locked pominięty
C:\Users\user\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat Object is locked pominięty
C:\Users\user\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012008041320080414\index.dat Object is locked pominięty
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked pominięty
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat Object is locked pominięty
C:\Users\user\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked pominięty
C:\Users\user\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked pominięty
C:\Users\user\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked pominięty
C:\Users\user\AppData\Local\Microsoft\Windows\UsrClass.dat{104bd9d4-45a3-11dc-8d31-001b3816c8ea}.TM.blf Object is locked pominięty
C:\Users\user\AppData\Local\Microsoft\Windows\UsrClass.dat{104bd9d4-45a3-11dc-8d31-001b3816c8ea}.TMContainer00000000000000000001.regtrans-ms Object is locked pominięty
C:\Users\user\AppData\Local\Microsoft\Windows\UsrClass.dat{104bd9d4-45a3-11dc-8d31-001b3816c8ea}.TMContainer00000000000000000002.regtrans-ms Object is locked pominięty
C:\Users\user\AppData\Local\Microsoft\Feeds Cache\index.dat Object is locked pominięty
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked pominięty
C:\Users\user\AppData\Local\Microsoft\Windows Defender\FileTracker\{AD802423-8716-4702-8FF6-F8AE6FF3F1D1} Object is locked pominięty
C:\Users\user\AppData\Local\Ahead\Nero Home\bl.db Object is locked pominięty
C:\Users\user\AppData\Local\Ahead\Nero Home\is2.db Object is locked pominięty
C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\e7sea8ha.default\Cache\_CACHE_001_ Object is locked pominięty
C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\e7sea8ha.default\Cache\_CACHE_002_ Object is locked pominięty
C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\e7sea8ha.default\Cache\_CACHE_003_ Object is locked pominięty
C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\e7sea8ha.default\Cache\_CACHE_MAP_ Object is locked pominięty
C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\e7sea8ha.default\XUL.mfl Object is locked pominięty
C:\Users\user\AppData\Local\Temp\IMG902D.tmp Object is locked pominięty
C:\Users\user\AppData\Local\Temp\~DF200.tmp Object is locked pominięty
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked pominięty
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat Object is locked pominięty
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\e7sea8ha.default\cert8.db Object is locked pominięty
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\e7sea8ha.default\formhistory.dat Object is locked pominięty
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\e7sea8ha.default\GoogleToolbarData\googlesafebrowsing.db Object is locked pominięty
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\e7sea8ha.default\history.dat Object is locked pominięty
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\e7sea8ha.default\key3.db Object is locked pominięty
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\e7sea8ha.default\parent.lock Object is locked pominięty
C:\Users\user\AppData\Roaming\Opera\Opera\Mail\store\account2\2006-03.mbs/[From "Marzena ...." <[email protected]>][Date Thu, 30 Mar 2006 22:10:22 +0200]/co.o.tobie.mysle.exe Zainfekowanych: Backdoor.Win32.Delf.acq pominięty
C:\Users\user\AppData\Roaming\Opera\Opera\Mail\store\account2\2006-03.mbs Mail Berkeley mbox: zainfekowany - 1 pominięty
C:\Users\user\AppData\Roaming\Skype\sosnowski_m\call256.dbb Object is locked pominięty
C:\Users\user\AppData\Roaming\Skype\sosnowski_m\callmember256.dbb Object is locked pominięty
C:\Users\user\AppData\Roaming\Skype\sosnowski_m\chat512.dbb Object is locked pominięty
C:\Users\user\AppData\Roaming\Skype\sosnowski_m\chatmember256.dbb Object is locked pominięty
C:\Users\user\AppData\Roaming\Skype\sosnowski_m\chatmsg1024.dbb Object is locked pominięty
C:\Users\user\AppData\Roaming\Skype\sosnowski_m\chatmsg16384.dbb Object is locked pominięty
C:\Users\user\AppData\Roaming\Skype\sosnowski_m\chatmsg256.dbb Object is locked pominięty
C:\Users\user\AppData\Roaming\Skype\sosnowski_m\chatmsg512.dbb Object is locked pominięty
C:\Users\user\AppData\Roaming\Skype\sosnowski_m\contactgroup256.dbb Object is locked pominięty
C:\Users\user\AppData\Roaming\Skype\sosnowski_m\dyncontent\bundle.dat Object is locked pominięty
C:\Users\user\AppData\Roaming\Skype\sosnowski_m\index2.dat Object is locked pominięty
C:\Users\user\AppData\Roaming\Skype\sosnowski_m\profile4096.dbb Object is locked pominięty
C:\Users\user\AppData\Roaming\Skype\sosnowski_m\transfer256.dbb Object is locked pominięty
C:\Users\user\AppData\Roaming\Skype\sosnowski_m\transfer512.dbb Object is locked pominięty
C:\Users\user\AppData\Roaming\Skype\sosnowski_m\user1024.dbb Object is locked pominięty
C:\Users\user\AppData\Roaming\Skype\sosnowski_m\user16384.dbb Object is locked pominięty
C:\Users\user\AppData\Roaming\Skype\sosnowski_m\user256.dbb Object is locked pominięty
C:\Users\user\AppData\Roaming\Skype\sosnowski_m\user4096.dbb Object is locked pominięty
C:\Users\user\AppData\Roaming\Skype\sosnowski_m\voicemail256.dbb Object is locked pominięty
C:\Users\user\ntuser.dat Object is locked pominięty
C:\Users\user\ntuser.dat.LOG1 Object is locked pominięty
C:\Users\user\ntuser.dat.LOG2 Object is locked pominięty
C:\Users\user\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf Object is locked pominięty
C:\Users\user\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms Object is locked pominięty
C:\Users\user\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms Object is locked pominięty
C:\Windows\bthservsdp.dat Object is locked pominięty
C:\Windows\Debug\PASSWD.LOG Object is locked pominięty
C:\Windows\Debug\sam.log Object is locked pominięty
C:\Windows\Debug\WIA\wiatrace.log Object is locked pominięty
C:\Windows\Installer\MSIDC33.tmp Object is locked pominięty
C:\Windows\Logs\CBS\CBS.log Object is locked pominięty
C:\Windows\Logs\CBS\CBS.persist.log Object is locked pominięty
C:\Windows\Logs\DPX\setupact.log Object is locked pominięty
C:\Windows\Logs\DPX\setuperr.log Object is locked pominięty
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe.config Object is locked pominięty
C:\Windows\Panther\UnattendGC\diagerr.xml Object is locked pominięty
C:\Windows\Panther\UnattendGC\diagwrn.xml Object is locked pominięty
C:\Windows\Panther\UnattendGC\setupact.log Object is locked pominięty
C:\Windows\Panther\UnattendGC\setuperr.log Object is locked pominięty
C:\Windows\security\database\secedit.sdb Object is locked pominięty
C:\Windows\SoftwareDistribution\ReportingEvents.log Object is locked pominięty
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 Object is locked pominięty
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 Object is locked pominięty
C:\Windows\System32\catroot2\edb.log Object is locked pominięty
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked pominięty
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked pominięty
C:\Windows\System32\config\components Object is locked pominięty
C:\Windows\System32\config\COMPONENTS.LOG1 Object is locked pominięty
C:\Windows\System32\config\COMPONENTS.LOG2 Object is locked pominięty
C:\Windows\System32\config\default Object is locked pominięty
C:\Windows\System32\config\DEFAULT.LOG1 Object is locked pominięty
C:\Windows\System32\config\DEFAULT.LOG2 Object is locked pominięty
C:\Windows\System32\config\sam Object is locked pominięty
C:\Windows\System32\config\SAM.LOG1 Object is locked pominięty
C:\Windows\System32\config\SAM.LOG2 Object is locked pominięty
C:\Windows\System32\config\security Object is locked pominięty
C:\Windows\System32\config\SECURITY.LOG1 Object is locked pominięty
C:\Windows\System32\config\SECURITY.LOG2 Object is locked pominięty
C:\Windows\System32\config\software Object is locked pominięty
C:\Windows\System32\config\SOFTWARE.LOG1 Object is locked pominięty
C:\Windows\System32\config\SOFTWARE.LOG2 Object is locked pominięty
C:\Windows\System32\config\system Object is locked pominięty
C:\Windows\System32\config\SYSTEM.LOG1 Object is locked pominięty
C:\Windows\System32\config\SYSTEM.LOG2 Object is locked pominięty
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TM.blf Object is locked pominięty
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000001.regtrans-ms Object is locked pominięty
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000002.regtrans-ms Object is locked pominięty
C:\Windows\System32\drivers\sptd.sys Object is locked pominięty
C:\Windows\System32\LogFiles\Scm\SCM.EVM Object is locked pominięty
C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl Object is locked pominięty
C:\Windows\System32\restore\MachineGuid.txt Object is locked pominięty
C:\Windows\System32\spool\SpoolerETW.etl Object is locked pominięty
C:\Windows\System32\sysprep\Panther\diagerr.xml Object is locked pominięty
C:\Windows\System32\sysprep\Panther\diagwrn.xml Object is locked pominięty
C:\Windows\System32\sysprep\Panther\setupact.log Object is locked pominięty
C:\Windows\System32\sysprep\Panther\setuperr.log Object is locked pominięty
C:\Windows\System32\wbem\AutoRecover\3460B7617E0429A960E481B197F238A3.mof Object is locked pominięty
C:\Windows\System32\wbem\AutoRecover\8A94AF24F162D580E3D9889344A3A317.mof Object is locked pominięty
C:\Windows\System32\wbem\Logs\WMITracing.log Object is locked pominięty
C:\Windows\System32\wbem\repository\INDEX.BTR Object is locked pominięty
C:\Windows\System32\wbem\repository\MAPPING1.MAP Object is locked pominięty
C:\Windows\System32\wbem\repository\MAPPING2.MAP Object is locked pominięty
C:\Windows\System32\wbem\repository\OBJECTS.DATA Object is locked pominięty
C:\Windows\System32\winevt\Logs\Application.evtx Object is locked pominięty
C:\Windows\System32\winevt\Logs\DFS Replication.evtx Object is locked pominięty
C:\Windows\System32\winevt\Logs\HardwareEvents.evtx Object is locked pominięty
C:\Windows\System32\winevt\Logs\Internet Explorer.evtx Object is locked pominięty
C:\Windows\System32\winevt\Logs\Key Management Service.evtx Object is locked pominięty
C:\Windows\System32\winevt\Logs\Media Center.evtx Object is locked pominięty
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx Object is locked pominięty
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx Object is locked pominięty
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CorruptedFileRecovery-Client%4Operational.evtx Object is locked pominięty
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CorruptedFileRecovery-Server%4Operational.evtx Object is locked pominięty
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DateTimeControlPanel%4Operational.evtx Object is locked pominięty
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx Object is locked pominięty
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-MSDT%4Operational.evtx Object is locked pominięty
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-PLA%4Operational.evtx Object is locked pominięty
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Networking%4Operational.evtx Object is locked pominięty
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx Object is locked pominięty
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnostic%4Operational.evtx Object is locked pominięty
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnosticDataCollector%4Operational.evtx Object is locked pominięty
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx Object is locked pominięty
C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx Object is locked pominięty
C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx Object is locked pominięty
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx Object is locked pominięty
C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx Object is locked pominięty
C:\Windows\System32\winevt\Logs\Microsoft-Windows-MUI%4Operational.evtx Object is locked pominięty
C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx Object is locked pominięty
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ParentalControls%4Operational.evtx Object is locked pominięty
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Program-Compatibility-Assistant%4Operational.evtx Object is locked pominięty
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx Object is locked pominięty
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx Object is locked pominięty
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RemoteAssistance%4Admin.evtx Object is locked pominięty
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RemoteAssistance%4Operational.evtx Object is locked pominięty
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx Object is locked pominięty
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx Object is locked pominięty
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Leak-Diagnostic%4Operational.evtx Object is locked pominięty
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx Object is locked pominięty
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx Object is locked pominięty
C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC%4Operational.evtx Object is locked pominięty
C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC-FileVirtualization%4Operational.evtx Object is locked pominięty
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx Object is locked pominięty
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Winsock-WS2HELP%4Operational.evtx Object is locked pominięty
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WLAN-AutoConfig%4Operational.evtx Object is locked pominięty
C:\Windows\System32\winevt\Logs\Security.evtx Object is locked pominięty
C:\Windows\System32\winevt\Logs\Setup.evtx Object is locked pominięty
C:\Windows\System32\winevt\Logs\System.evtx Object is locked pominięty
C:\Windows\Tasks\SCHEDLGU.TXT Object is locked pominięty
C:\Windows\WindowsUpdate.log Object is locked pominięty
C:\Windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6000.16386_none_cef7ceb03914a67f\dnary.xsd Object is locked pominięty
Proces skanowania został zakończony
- Shreku_13
- Forumowicz
- Posty: 8
- Dołączenie: 13 Kwi 2008, 16:55
przez huber2t » 14 Kwi 2008, 05:20
UA:
Usuń te pliki z dysku:
C:\Program Files\DAEMON Tools SearchBar\search.dll
C:\Program Files\AdVantage\TR.dll
C:\Users\user\AppData\Roaming\Opera\Opera\Mail\store\account2\2006-03.mbs/[From "Marzena ...." <[email protected]>][Date Thu, 30 Mar 2006 22:10:22 +0200]/co.o.tobie.mysle.exe
C:\Users\user\AppData\Roaming\Opera\Opera\Mail\store\account2\2006-03.mbs
-
huber2t - Zasłużony działacz forum
- Posty: 2798
- Dołączenie: 21 Mar 2008, 10:07
- Pochwały: 42
14 posty(ów)
• Strona 1 z 1
Kto jest na forum
Zarejestrowani użytkownicy: Bing [Bot]