Daj z niego raport na forum
Pobierz System Repair Engineer
https://www.instalki.pl/download/programy/windows/narzedzia/narzedzia-systemowe/system-repair-engineer/
przeskanuj daj log
Prosze o sprawdzenie logów z ComboFix i HijackThis
Regulamin forum
1. Każdy temat powinien odzwierciedlać treść wątku.
2. W przypadku wklejania logów; należy je wykonać od razu przynajmniej z dwóch narzędzi: FRST oraz z GMER
3. Wszelkie logi proszę publikować na przeznaczonych do tego stronach a w poście wklejać tylko link.
4. Nie wskazane jest skracanie logów, należy wkleić cały - od początku, do końca.
5. Nie wskazane jest podczepianie się do tematów innych użytkowników - proszę założyć nowy temat w dziale Bezpieczeństwo, ułatwi to pomoc sprawdzającemu.
6. Osoby nie posiadające odpowiedniej wiedzy, nie powinny sprawdzać logów, ponieważ grozi to poważnym uszkodzeniem systemu lub aplikacji zainstalowanych na komputerze.
7. Należy dokładnie opisać problem, występujące objawy oraz wszelkie podjęte działania.
8. Każdy skrypt jest unikatowy, napisany dla każdego przypadku z osobna, więc nie może być stosowany przez innych.
9. W przypadku zamieszczenia zrzutu ekranu (screenshot'a) proszę korzystać z zewnętrznego serwisu oferującego hosting zdjęć.
1. Każdy temat powinien odzwierciedlać treść wątku.
2. W przypadku wklejania logów; należy je wykonać od razu przynajmniej z dwóch narzędzi: FRST oraz z GMER
3. Wszelkie logi proszę publikować na przeznaczonych do tego stronach a w poście wklejać tylko link.
4. Nie wskazane jest skracanie logów, należy wkleić cały - od początku, do końca.
5. Nie wskazane jest podczepianie się do tematów innych użytkowników - proszę założyć nowy temat w dziale Bezpieczeństwo, ułatwi to pomoc sprawdzającemu.
6. Osoby nie posiadające odpowiedniej wiedzy, nie powinny sprawdzać logów, ponieważ grozi to poważnym uszkodzeniem systemu lub aplikacji zainstalowanych na komputerze.
7. Należy dokładnie opisać problem, występujące objawy oraz wszelkie podjęte działania.
8. Każdy skrypt jest unikatowy, napisany dla każdego przypadku z osobna, więc nie może być stosowany przez innych.
9. W przypadku zamieszczenia zrzutu ekranu (screenshot'a) proszę korzystać z zewnętrznego serwisu oferującego hosting zdjęć.
27 posty(ów)
• Strona 2 z 2 • 1, 2
Re: Prosze o sprawdzenie logów z ComboFix i HijackThis
przez huber2t » 21 Paź 2008, 16:09
UA: Opera/9.60 (Windows NT 5.1; U; pl) Presto/2.1.1
-
huber2t - Zasłużony działacz forum
- Posty: 2798
- Dołączenie: 21 Mar 2008, 10:07
- Pochwały: 42
Re: Prosze o sprawdzenie logów z ComboFix i HijackThis
przez czare » 22 Paź 2008, 22:46
UA: Opera/9.24 (Windows NT 5.1; U; pl)
Kaspersky znalazł wirusy : Hoax.Win32.Renos.etc oraz not-a-virus: Win32.Reboot.t
- czare
- Forumowicz
- Posty: 43
- Dołączenie: 18 Paź 2008, 14:08
Re: Prosze o sprawdzenie logów z ComboFix i HijackThis
przez huber2t » 23 Paź 2008, 06:15
UA: Opera/9.61 (Windows NT 5.1; U; pl) Presto/2.1.1
Daj raport z Kasperskiego
-
huber2t - Zasłużony działacz forum
- Posty: 2798
- Dołączenie: 21 Mar 2008, 10:07
- Pochwały: 42
Re: Prosze o sprawdzenie logów z ComboFix i HijackThis
przez czare » 29 Paź 2008, 23:04
UA: Opera/9.24 (Windows NT 5.1; U; pl)
Proszę jeszcze o sprawdzenie logów
- Kod: Zaznacz wszystko
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:49:25, on 2008-10-29
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\PDFCreatorMessages.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Czarek\Pulpit\Antywirusy\HijackThis\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Subskrybuj w MoneyRss - file://C:\Program Files\MoneyRss\add_feed.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Utwórz łącze Ulubione dla urządzenia przenośnego... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virusscanner/kavwebscan_unicode.cab
O16 - DPF: {1F831FAC-42FC-11D4-95A6-0080AD30DCE1} (InstaFred) - file://C:\Program Files\AutoCAD LT 2002 Plk\InstFred.ocx
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {65D72393-E210-4A2A-B8E0-10AC45986770} (GWebInstallControl Object) - http://megapanel.gem.pl/WebInstaller.dll
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {737D14F8-4090-11D4-AE0E-0010830243BD} (SysVerChk Control) - file://C:\Program Files\AutoCAD LT 2002 Plk\SysVerChk.ocx
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday) - file://C:\Program Files\AutoCAD LT 2002 Plk\AcDcToday.ocx
O16 - DPF: {AE56372C-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD LT 2002 Plk\InstBanr.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD LT 2002 Plk\AcPreview.ocx
O18 - Protocol: HPDCS - {BA135F49-A12C-4E26-A2C4-6EA945999072} - C:\Program Files\Common Files\Hewlett-Packard\HP Device Communication Services\APP\hpdcsapp.dll
O18 - Protocol: hppfile - {C4E2084B-ED27-4893-A43D-488CA3F370E2} - C:\Program Files\Hewlett-Packard\HP Easy Printer Care\HPPCtrls.dll
O18 - Protocol: hppsam - {C4E2084B-ED27-4893-A43D-488CA3F370E2} - C:\Program Files\Hewlett-Packard\HP Easy Printer Care\HPPCtrls.dll
O18 - Protocol: hppzip - {C4E2084B-ED27-4893-A43D-488CA3F370E2} - C:\Program Files\Hewlett-Packard\HP Easy Printer Care\HPPCtrls.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PDFCreatorMessages - Global Graphics Software Ltd - C:\WINDOWS\system32\PDFCreatorMessages.exe
--
End of file - 6884 bytes
- Kod: Zaznacz wszystko
ComboFix 08-10-29.06 - Czarek 2008-10-29 17:12:37.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.221 [GMT 1:00]
Uruchomiony z: C:\Documents and Settings\Czarek\Pulpit\Antywirusy\ComboFix.exe
* Utworzono nowy punkt przywracania
* Resident AV is active
.
((((((((((((((((((((((((( Pliki utworzone od 2008-09-28 do 2008-10-29 )))))))))))))))))))))))))))))))
.
2008-10-27 14:39 . 2008-10-27 14:39 <DIR> d-------- C:\Documents and Settings\Czarek\DoctorWeb
2008-10-23 13:22 . 2008-10-23 13:45 <DIR> d-------- C:\Program Files\AutoCAD 2005
2008-10-21 11:46 . 2008-10-21 11:49 <DIR> d-------- C:\Program Files\RegCleaner
2008-10-20 23:28 . 2008-10-20 23:28 <DIR> d-------- C:\WINDOWS\ERUNT
2008-10-20 23:24 . 2008-10-20 23:38 <DIR> d-------- C:\SDFix
2008-10-18 17:55 . 2008-10-18 17:55 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-10-18 17:55 . 2008-10-18 17:55 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2008-10-18 17:52 . 2008-10-18 17:52 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Yahoo! Companion
2008-10-18 14:53 . 2008-10-18 14:53 <DIR> d-------- C:\Program Files\Yahoo!
2008-10-18 14:53 . 2008-10-18 14:53 <DIR> d-------- C:\Program Files\CCleaner
2008-10-17 10:47 . 2008-10-17 10:48 <DIR> d-------- C:\Program Files\SkanerOnline
2008-10-16 13:14 . 2004-08-03 22:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-10-16 13:14 . 2004-08-03 22:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-10-10 21:44 . 2008-10-10 21:44 <DIR> d-------- C:\Voipinfo
2008-10-10 21:42 . 2008-10-14 14:49 <DIR> d-------- C:\Documents and Settings\Czarek\Dane aplikacji\VoipDiscount
2008-10-10 21:39 . 2008-10-10 21:39 <DIR> d-------- C:\Program Files\VoipDiscount.com
2008-10-10 07:44 . 2008-10-10 07:45 <DIR> d-------- C:\Program Files\RogueRemover FREE
2008-10-09 21:51 . 2008-10-09 21:51 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\SUPERAntiSpyware.com
2008-10-09 20:38 . 2008-10-09 21:51 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-10-09 20:38 . 2008-10-09 20:38 <DIR> d-------- C:\Documents and Settings\Czarek\Dane aplikacji\SUPERAntiSpyware.com
2008-10-08 21:58 . 2008-10-23 11:03 1,092 --a------ C:\WINDOWS\system32\tmp.reg
2008-10-06 22:54 . 2008-10-06 23:25 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-29 16:14 --------- d-----w C:\Documents and Settings\Czarek\Dane aplikacji\Skype
2008-10-29 16:06 --------- d-----w C:\Program Files\Common Files\Akamai
2008-10-27 16:36 --------- d-----w C:\Program Files\MF8-2007
2008-10-23 12:45 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2008-10-23 12:45 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Autodesk
2008-10-23 12:27 --------- d-----w C:\Program Files\AnswerWorks 4.0
2008-10-23 12:22 --------- d-----w C:\Documents and Settings\Czarek\Dane aplikacji\Autodesk
2008-10-22 14:49 --------- d-----w C:\Documents and Settings\Czarek\Dane aplikacji\Metacafe
2008-10-21 06:44 --------- d-----w C:\Program Files\IPSPI
2008-10-21 06:42 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-10-09 19:37 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-10-02 19:55 --------- d-----w C:\Program Files\ESET
2008-09-27 10:40 --------- d-----w C:\Program Files\MyPortal
2008-09-24 22:42 512,096 ----a-w C:\WINDOWS\system32\drivers\amon.sys
2008-09-24 22:42 298,104 ----a-w C:\WINDOWS\system32\imon.dll
2008-09-15 15:40 1,846,272 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-04 20:05 --------- d-----w C:\Program Files\MyConnection Server
2008-08-28 10:04 333,056 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-08-28 08:05 74,752 ----a-w C:\WINDOWS\system32\msw3prt.dll
2008-08-28 08:05 104,960 ----a-w C:\WINDOWS\system32\win32spl.dll
2008-08-26 08:27 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-08-14 13:46 2,181,632 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 13:46 2,059,008 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2005-11-15 1204224]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-03 1576176]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 15:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^AutoCAD Startup Accelerator.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\AutoCAD Startup Accelerator.lnk
backup=C:\WINDOWS\pss\AutoCAD Startup Accelerator.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Metacafe.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Metacafe.lnk
backup=C:\WINDOWS\pss\Metacafe.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Czarek^Menu Start^Programy^Autostart^Picture Motion Browser Media Check Tool.lnk]
path=C:\Documents and Settings\Czarek\Menu Start\Programy\Autostart\Picture Motion Browser Media Check Tool.lnk
backup=C:\WINDOWS\pss\Picture Motion Browser Media Check Tool.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2007-07-02 16:10 23237416 C:\Program Files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipDiscount]
--a------ 2007-05-31 15:22 7419456 C:\Program Files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Hewlett-Packard\\HP Easy Printer Care\\HPPRun.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Opera\\Opera.exe"=
"C:\\Program Files\\VoipDiscount.com\\VoipDiscount\\VoipDiscount.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"9420:TCP"= 9420:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
R2 Akamai;Akamai;C:\WINDOWS\System32\svchost.exe [2006-03-02 14336]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 58320]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 8304]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 94000]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
Akamai REG_MULTI_SZ Akamai
.
Zawartość folderu 'Zaplanowane zadania'
2008-10-23 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe []
2007-08-11 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe []
.
.
------- Skan uzupełniający -------
.
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
O8 -: E&ksport do programu Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 -: Subskrybuj w MoneyRss - file://C:\Program Files\MoneyRss\add_feed.htm
O18 -: Handler: HPDCS - {ba135f49-a12c-4e26-a2c4-6ea945999072} - C:\Program Files\Common Files\Hewlett-Packard\HP Device Communication Services\APP\hpdcsapp.dll
O18 -: Handler: hppfile - {C4E2084B-ED27-4893-A43D-488CA3F370E2} - C:\Program Files\Hewlett-Packard\HP Easy Printer Care\HPPCtrls.dll
O18 -: Handler: hppsam - {C4E2084B-ED27-4893-A43D-488CA3F370E2} - C:\Program Files\Hewlett-Packard\HP Easy Printer Care\HPPCtrls.dll
O18 -: Handler: hppzip - {C4E2084B-ED27-4893-A43D-488CA3F370E2} - C:\Program Files\Hewlett-Packard\HP Easy Printer Care\HPPCtrls.dll
O16 -: {1F831FAC-42FC-11D4-95A6-0080AD30DCE1} - file://C:\Program Files\AutoCAD LT 2002 Plk\InstFred.ocx
C:\WINDOWS\Downloaded Program Files\InstFred.ocx
O16 -: {65D72393-E210-4A2A-B8E0-10AC45986770} - hxxp://megapanel.gem.pl/WebInstaller.dll
C:\WINDOWS\Downloaded Program Files\WebInstaller.dll
O16 -: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cab
C:\WINDOWS\Downloaded Program Files\SkanerOnline.inf
C:\WINDOWS\system32\SkanerOnlineUninstall.exe
C:\WINDOWS\system32\SkanerOnline.dll
O16 -: {AE56372C-B4F5-11D4-A415-00108302FDFD} - file://C:\Program Files\AutoCAD LT 2002 Plk\InstBanr.ocx
C:\WINDOWS\Downloaded Program Files\InstBanr.ocx
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-29 17:14:43
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
PROCES: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\Eset\pr_imon.dll
.
Czas ukończenia: 2008-10-29 17:15:40
ComboFix-quarantined-files.txt 2008-10-29 16:15:34
ComboFix2.txt 2008-10-22 14:30:59
Przed: 35 683 532 800 bajtów wolnych
Po: 35,734,614,016 bajtów wolnych
159 --- E O F --- 2008-10-24 22:22:01
- czare
- Forumowicz
- Posty: 43
- Dołączenie: 18 Paź 2008, 14:08
Re: Prosze o sprawdzenie logów z ComboFix i HijackThis
przez huber2t » 29 Paź 2008, 23:45
UA: Opera/9.61 (Windows NT 5.1; U; pl) Presto/2.1.1
W logach nic nie widze
-
huber2t - Zasłużony działacz forum
- Posty: 2798
- Dołączenie: 21 Mar 2008, 10:07
- Pochwały: 42
Re: Prosze o sprawdzenie logów z ComboFix i HijackThis
przez czare » 31 Paź 2008, 02:18
UA: Opera/9.24 (Windows NT 5.1; U; pl)
Daję log z System Repair Engineer
- Kod: Zaznacz wszystko
70025 C:\WINDOWS\INF\MSMSGS.INF
70012 C:\PROGRAM FILES\ADOBE\ACROBAT 5.0 CE\READER\ACTIVEX\ACROIEHELPER.OCX
70000 C:\WINDOWS\SYSTEM32\PDFCREATORMESSAGES.EXE
70023 C:\PROGRAM FILES\SUPERANTISPYWARE\SASWINLO.DLL
70017 C:\WINDOWS\SYSTEM32\SSGB3MON.DLL
70017 C:\WINDOWS\SYSTEM32\MDIMON.DLL
70011 C:\PROGRAM FILES\COMMON FILES\AKAMAI\RSWIN_3447.DLL
70017 C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\MDIPPR.DLL
70012 C:\WINDOWS\SYSTEM32\ACSIGNICON.DLL
70000 C:\WINDOWS\SYSTEM32\ATI2SGAG.EXE
70010 C:\WINDOWS\SYSTEM32\IMON.DLL
70012 C:\PROGRAM FILES\ESET\NODSHEX.DLL
70004 C:\PROGRAM FILES\SKYPE\PHONE\SKYPE.EXE
70000 C:\PROGRAM FILES\ESET\NOD32KRN.EXE
70012 C:\PROGRAM FILES\ABBYY PDF TRANSFORMER 2.0\PDFTCONTEXTMENU.DLL
70017 C:\WINDOWS\SYSTEM32\PDFCREATOR.DLL
71001 C:\PROGRA~1\MICROS~3\RAPIMGR.EXE
70025 C:\WINDOWS\INF\MSNETMTG.INF
70011 C:\WINDOWS\SYSTEM32\HPZINW12.DLL
70004 C:\PROGRAM FILES\SUPERANTISPYWARE\SUPERANTISPYWARE.EXE
70000 C:\PROGRAM FILES\COMMON FILES\AUTODESK SHARED\SERVICE\ADSKSCSRV.EXE
70012 C:\PROGRAM FILES\JAVA\JRE1.6.0_03\BIN\SSV.DLL
70012 C:\PROGRAM FILES\JAVA\JRE1.6.0_03\BIN\MSVCR71.DLL
70012 C:\PROGRAM FILES\COMMON FILES\AUTODESK SHARED\ACSIGNCORE16.DLL
71001 C:\PROGRAM FILES\OPERA\OPERA.EXE
70000 C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE
70009 C:\WINDOWS\APPPATCH\ACADPROC.DLL
70025 C:\WINDOWS\INF\WMP11.INF
70021 C:\PROGRAM FILES\SUPERANTISPYWARE\SASSEH.DLL
70012 C:\PROGRAM FILES\WINRAR\RAREXT.DLL
70012 C:\PROGRAM FILES\ADOBE\ACROBAT 7.0\ACTIVEX\PDFSHELL.DLL
70017 C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\HPZPP5HB.DLL
70017 C:\WINDOWS\SYSTEM32\PXC25PM.DLL
70015 C:\WINDOWS\SYSTEM32\ATI2EVXX.DLL
- czare
- Forumowicz
- Posty: 43
- Dołączenie: 18 Paź 2008, 14:08
Re: Prosze o sprawdzenie logów z ComboFix i HijackThis
przez huber2t » 31 Paź 2008, 06:40
UA: Opera/9.61 (Windows NT 5.1; U; pl) Presto/2.1.1
To nie jest log który potrzebujemy
Pobierz System Repair Engineer
https://www.instalki.pl/download/programy/windows/narzedzia/narzedzia-systemowe/system-repair-engineer/
przeskanuj daj log
Pobierz System Repair Engineer
https://www.instalki.pl/download/programy/windows/narzedzia/narzedzia-systemowe/system-repair-engineer/
przeskanuj daj log
-
huber2t - Zasłużony działacz forum
- Posty: 2798
- Dołączenie: 21 Mar 2008, 10:07
- Pochwały: 42
Re: Prosze o sprawdzenie logów z ComboFix i HijackThis
przez czare » 31 Paź 2008, 11:23
UA: Opera/9.24 (Windows NT 5.1; U; pl)
Log z System Repair Engineer
- Kod: Zaznacz wszystko
2008-10-31,10:11:28
System Repair Engineer 2.6.12.1018
Smallfrogs (http://www.KZTechs.com)
Windows XP Home Edition Dodatek Service Pack 2 (Build 2600) - Administrative User - Completed Functions Allowed
Follow item(s) have been selected:
All Boot Items (Including Registry, Startup Folders, Services and so on)
Browser Add-ons
Running Processes (Including process model information)
File Associations
Winsock Provider
Autorun.Inf
HOSTS File
Process Privileges Scan
Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<CTFMON.EXE><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher]
<MSMSGS><"C:\Program Files\Messenger\msmsgs.exe" /background> [(Verified)Microsoft Windows Component Publisher]
<H/PC Connection Agent><"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"> [Microsoft Corporation]
<SUPERAntiSpyware><C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe> [(Verified)SuperAdBlocker.com]
<Skype><; "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized> [(Verified)Skype Technologies SA]
<VoipDiscount><; "C:\Program Files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe" -nosplash -minimized> [(Verified)Finarea SA]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows Component Publisher]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}><C:\Program Files\SUPERAntiSpyware\SASSEH.DLL> [SuperAdBlocker.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
<WinlogonNotify: !SASWinLogon><C:\Program Files\SUPERAntiSpyware\SASWINLO.dll> [SUPERAntiSpyware.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
<WinlogonNotify: WgaLogon><WgaLogon.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
<IE7 Uninstall Stub><C:\WINDOWS\system32\ieudinit.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<Książka adresowa 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
<N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install> [(Verified)Microsoft Corporation]
==================================
Startup Folders
N/A
==================================
Services
[Lavasoft Ad-Aware Service / aawservice][Running/Auto Start]
<"C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe"><Lavasoft>
[Akamai / Akamai][Running/Auto Start]
<C:\WINDOWS\System32\svchost.exe -k Akamai-->c:\program files\common files\akamai\rswin_3447.dll><N/A>
[Zarządzanie aplikacjami / AppMgmt][Stopped/Manual Start]
<C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
<C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
[ATI Smart / ATI Smart][Stopped/Auto Start]
<C:\WINDOWS\system32\ati2sgag.exe><>
[Autodesk Licensing Service / Autodesk Licensing Service][Stopped/Manual Start]
<"C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe"><Autodesk>
[Dostęp do urządzeń interfejsu HID / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[NOD32 Kernel Service / NOD32krn][Running/Auto Start]
<"C:\Program Files\Eset\nod32krn.exe"><Eset>
[PDFCreatorMessages / PDFCreatorMessages][Running/Auto Start]
<C:\WINDOWS\system32\PDFCreatorMessages.exe><Global Graphics Software Ltd>
==================================
Drivers
[Sterownik procesora AMD / AmdK8][Running/System Start]
<system32\DRIVERS\AmdK8.sys><Advanced Micro Devices>
[AMON / AMON][Running/Auto Start]
<\SystemRoot\system32\drivers\amon.sys><Eset>
[ati2mtag / ati2mtag][Running/Manual Start]
<system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[Sterownik magistrali Microsoft UAA dla High Definition Audio / HDAudBus][Running/Manual Start]
<system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Running/Manual Start]
<system32\drivers\RtkHDAud.sys><Realtek Semiconductor Corp.>
[nvata / nvata][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\nvata.sys><NVIDIA Corporation>
[NVIDIA nForce Networking Controller Driver / NVENETFD][Running/Manual Start]
<system32\DRIVERS\NVENETFD.sys><NVIDIA Corporation>
[NVIDIA Network Bus Enumerator / nvnetbus][Running/Manual Start]
<system32\DRIVERS\nvnetbus.sys><NVIDIA Corporation>
[Sterownik bezpośredniego połączenia kablowego / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20][Running/Boot Start]
<\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
[SASDIFSV / SASDIFSV][Running/System Start]
<\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS><SUPERAdBlocker.com and SUPERAntiSpyware.com>
[SASENUM / SASENUM][Running/Manual Start]
<\??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS><SUPERAdBlocker.com and SUPERAntiSpyware.com>
[SASKUTIL / SASKUTIL][Running/System Start]
<\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys><SUPERAdBlocker.com and SUPERAntiSpyware.com>
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[SAMSUNG Mobile USB Device 1.0 driver (WDM) / ss_bus][Stopped/Manual Start]
<system32\DRIVERS\ss_bus.sys><MCCI>
[SAMSUNG Mobile USB Modem 1.0 Filter / ss_mdfl][Stopped/Manual Start]
<system32\DRIVERS\ss_mdfl.sys><MCCI>
[SAMSUNG Mobile USB Modem 1.0 Drivers / ss_mdm][Stopped/Manual Start]
<system32\DRIVERS\ss_mdm.sys><MCCI>
==================================
Browser Add-ons
[Yahoo! Toolbar Helper]
{02478D38-C3F9-4EFB-9B51-7695ECA05670} <C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll, (Signed) Yahoo! Inc.>
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx, (Signed) >
[SSVHelper Class]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, (Signed) Sun Microsystems, Inc.>
[Java Plug-in 1.6.0_03]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, (Signed) Sun Microsystems, Inc.>
[Create Mobile Favorite]
{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} <C:\PROGRA~1\MICROS~3\INetRepl.dll, Microsoft Corporation>
[Create Mobile Favorite]
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} <C:\PROGRA~1\MICROS~3\INetRepl.dll, Microsoft Corporation>
[&Badanie]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, (Signed) Microsoft Corporation>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, (Signed) Microsoft Corporation>
[Yahoo! Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} <C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll, (Signed) Yahoo! Inc.>
[CKAVWebScan Object]
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} <C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll, Kaspersky Lab>
[InstaFred]
{1F831FAC-42FC-11D4-95A6-0080AD30DCE1} <C:\WINDOWS\DOWNLO~1\InstFred.ocx, (Signed) Autodesk, Inc.>
[YInstStarter Class]
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} <C:\PROGRA~1\Yahoo!\Common\yinsthelper.dll, (Signed) Yahoo! Inc.>
[]
{33564D57-0000-0010-8000-00AA00389B71} <, >
[GWebInstallControl Object]
{65D72393-E210-4A2A-B8E0-10AC45986770} <C:\WINDOWS\Downloaded Program Files\WebInstaller.dll, (Signed) TODO: <Company name>>
[MksSkanerOnline Class]
{68282C51-9459-467B-95BF-3C0E89627E55} <C:\WINDOWS\system32\SkanerOnline.dll, MKS Sp. z o. o.>
[SysVerChk Control]
{737D14F8-4090-11D4-AE0E-0010830243BD} <C:\WINDOWS\DOWNLO~1\SYSVER~1.OCX, (Signed) Autodesk, Inc.>
[AcDcToday]
{78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} <C:\WINDOWS\DOWNLO~1\ACDCTO~1.OCX, (Signed) Autodesk>
[Java Plug-in 1.6.0_03]
{8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, (Signed) Sun Microsystems, Inc.>
[NOXLATE-BANR]
{AE56372C-B4F5-11D4-A415-00108302FDFD} <C:\WINDOWS\DOWNLO~1\InstBanr.ocx, (Signed) Autodesk, Inc.>
[Java Plug-in 1.5.0_09]
{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, (Signed) Sun Microsystems, Inc.>
[Java Plug-in 1.6.0_01]
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, (Signed) Sun Microsystems, Inc.>
[Java Plug-in 1.6.0_02]
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, (Signed) Sun Microsystems, Inc.>
[Java Plug-in 1.6.0_03]
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, (Signed) Sun Microsystems, Inc.>
[Java Plug-in 1.6.0_03]
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll, (Signed) Sun Microsystems, Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx, (Signed) Adobe Systems, Inc.>
[AcPreview Control]
{F281A59C-7B65-11D3-8617-0010830243BD} <C:\WINDOWS\DOWNLO~1\ACPREV~1.OCX, (Signed) Autodesk>
[Yahoo! Toolbar Helper]
{02478D38-C3F9-4EFB-9B51-7695ECA05670} <C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll, (Signed) Yahoo! Inc.>
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx, (Signed) >
[]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} <, >
[CKAVWebScan Object]
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} <C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll, Kaspersky Lab>
[DHTML Edit Control Safe for Scripting for IE5]
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, (Signed) Microsoft Corporation>
[]
{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} <, >
[]
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} <, >
[CKAVReportCtrl Object]
{6117669B-8C2D-41FA-A6D9-9E484B999CF0} <C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll, Kaspersky Lab>
[MksSkanerOnline Class]
{68282C51-9459-467B-95BF-3C0E89627E55} <C:\WINDOWS\system32\SkanerOnline.dll, MKS Sp. z o. o.>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[SSVHelper Class]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, (Signed) Sun Microsystems, Inc.>
[Microsoft Web Browser]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\ieframe.dll, (Signed) Microsoft Corporation>
[]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} <, >
[]
{92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} <, >
[NOL3OCXCTRLBPH Control]
{C751F8DF-CE96-4750-974F-1C6598EF453C} <C:\PROGRA~1\COMMON~1\NOL3\NOL3OCX.ocx, COMARCH S.A.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx, (Signed) Adobe Systems, Inc.>
[XML HTTP Request]
{ED8C108E-4349-11D2-91A4-00C04F7969E8} <%SystemRoot%\system32\msxml3.dll, (Signed) N/A>
[Yahoo! Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} <C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll, (Signed) Yahoo! Inc.>
[]
{FB5F1910-F110-11D2-BB9E-00C04F795683} <, >
[E&ksport do programu Microsoft Excel]
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[Subskrybuj w MoneyRss]
<file://C:\Program Files\MoneyRss\add_feed.htm, N/A>
==================================
Running Processes
[PID: 580 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 652 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 680 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\SUPERAntiSpyware\SASWINLO.dll] [SUPERAntiSpyware.com, 1, 0, 0, 1048]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16735 (vista_gdr.080820-1506)]
[C:\WINDOWS\system32\Ati2evxx.dll] [ATI Technologies Inc., 6.14.10.4133]
[C:\WINDOWS\system32\WgaLogon.dll] [Microsoft Corporation, 1.7.0018.5]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 724 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\AppPatch\AcAdProc.dll] [Microsoft Corporation, 5.1.2600.3008 (xpsp.061004-0027)]
[PID: 736 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\imon.dll] [Eset , 2, 70, 31 ]
[C:\Program Files\Eset\pr_imon.dll] [N/A, ]
[PID: 888 / SYSTEM][C:\WINDOWS\system32\Ati2evxx.exe] [ATI Technologies Inc., 6.14.10.4133]
[C:\WINDOWS\system32\Ati2edxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2500]
[PID: 900 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1008 / USŁUGA SIECIOWA][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\imon.dll] [Eset , 2, 70, 31 ]
[C:\Program Files\Eset\pr_imon.dll] [N/A, ]
[PID: 1108 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\imon.dll] [Eset , 2, 70, 31 ]
[C:\Program Files\Eset\pr_imon.dll] [N/A, ]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16735 (vista_gdr.080820-1506)]
[C:\WINDOWS\system32\wups2.dll] [Microsoft Corporation, 7.2.6001.784 (winmain_oob/wu_wsuswlc(wmbla).080718-1904)]
[PID: 1256 / USŁUGA SIECIOWA][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\imon.dll] [Eset , 2, 70, 31 ]
[C:\Program Files\Eset\pr_imon.dll] [N/A, ]
[PID: 1368 / USŁUGA LOKALNA][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16735 (vista_gdr.080820-1506)]
[C:\WINDOWS\system32\imon.dll] [Eset , 2, 70, 31 ]
[C:\Program Files\Eset\pr_imon.dll] [N/A, ]
[PID: 1456 / SYSTEM][C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe] [Lavasoft, 7,1,0,12]
[C:\Program Files\Lavasoft\Ad-Aware\CEAPI.dll] [Lavasoft, 7,1,0,12]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16735 (vista_gdr.080820-1506)]
[C:\Program Files\Lavasoft\Ad-Aware\PKArchive85u.dll] [PKWARE, Inc., 8.4.1045.0]
[PID: 1536 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[C:\WINDOWS\system32\PDFCreator.DLL] [Global Graphics Software Ltd., 3, 4, 0, 1834]
[C:\WINDOWS\system32\mdimon.dll] [Microsoft Corporation, 11.3.1897.0]
[C:\WINDOWS\system32\pxc25pm.dll] [Tracker Software, 3.50.0098]
[C:\WINDOWS\system32\Ssgb3mon.dll] [Samsung Electronics., 1, 0, 0, 0]
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\hpzpp5hb.DLL] [Hewlett-Packard Corporation, 61.071.344.00]
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll] [Microsoft Corporation, 11.3.1897.0]
[PID: 1648 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[c:\program files\common files\akamai\rswin_3447.dll] [N/A, ]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16735 (vista_gdr.080820-1506)]
[C:\WINDOWS\system32\imon.dll] [Eset , 2, 70, 31 ]
[C:\Program Files\Eset\pr_imon.dll] [N/A, ]
[PID: 1692 / USŁUGA LOKALNA][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[c:\windows\system32\hpzinw12.dll] [Hewlett-Packard, 12,1,1,52]
[PID: 1788 / SYSTEM][C:\Program Files\Eset\nod32krn.exe] [Eset , 2, 70, 31 ]
[C:\Program Files\Eset\nod32krr.dll] [Eset , 2, 70, 31 ]
[C:\Program Files\Eset\ps_amon.dll] [Eset , 2, 70, 31 ]
[C:\Program Files\Eset\pr_amon.dll] [Eset , 2, 70, 31 ]
[C:\Program Files\Eset\ps_dmon.dll] [Eset , 2, 70, 31 ]
[C:\Program Files\Eset\pr_dmon.dll] [N/A, ]
[C:\Program Files\Eset\ps_emon.dll] [Eset , 2, 70, 31 ]
[C:\Program Files\Eset\pr_emon.dll] [N/A, ]
[C:\WINDOWS\system32\imon.dll] [Eset , 2, 70, 31 ]
[C:\Program Files\Eset\pr_imon.dll] [N/A, ]
[C:\Program Files\Eset\ps_nod32.dll] [Eset , 2, 70, 31 ]
[C:\Program Files\Eset\pr_nod32.dll] [Eset , 2, 70, 31 ]
[C:\Program Files\Eset\ps_upd.dll] [Eset , 2, 70, 31 ]
[C:\Program Files\Eset\pr_upd.dll] [N/A, ]
[PID: 1816 / SYSTEM][C:\WINDOWS\system32\PDFCreatorMessages.exe] [Global Graphics Software Ltd, 3, 1, 0, 0]
[PID: 1828 / USŁUGA LOKALNA][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[c:\windows\system32\hpzipm12.dll] [Hewlett-Packard, 12,1,1,52]
[PID: 656 / USŁUGA LOKALNA][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\imon.dll] [Eset , 2, 70, 31 ]
[C:\Program Files\Eset\pr_imon.dll] [N/A, ]
[PID: 408 / Czarek][C:\WINDOWS\system32\Ati2evxx.exe] [ATI Technologies Inc., 6.14.10.4133]
[C:\WINDOWS\system32\Ati2edxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2500]
[PID: 624 / Czarek][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16735 (vista_gdr.080820-1506)]
[C:\WINDOWS\system32\AcSignIcon.dll] [Autodesk, 16.2.54.0]
[C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll] [Autodesk, 16.2.54.0]
[C:\WINDOWS\system32\ieframe.dll] [Microsoft Corporation, 7.00.6000.16757 (vista_gdr.081001-1509)]
[C:\WINDOWS\system32\imon.dll] [Eset , 2, 70, 31 ]
[C:\Program Files\Eset\pr_imon.dll] [N/A, ]
[C:\WINDOWS\system32\WPDShServiceObj.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[C:\WINDOWS\system32\PortableDeviceTypes.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[C:\WINDOWS\system32\PortableDeviceApi.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\SUPERAntiSpyware\SASSEH.DLL] [SuperAdBlocker.com, 1, 0, 0, 1012]
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 7.0.0.0]
[C:\WINDOWS\system32\dfshim.dll] [Microsoft Corporation, 2.0.50727.1433 (REDBITS.050727-1400)]
[C:\WINDOWS\system32\mscoree.dll] [Microsoft Corporation, 2.0.50727.1433 (REDBITS.050727-1400)]
[C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll] [Microsoft Corporation, 2.0.50727.1433 (REDBITS.050727-1400)]
[PID: 1448 / Czarek][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1308 / Czarek][C:\Program Files\Messenger\msmsgs.exe] [Microsoft Corporation, 4.7.3001]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16735 (vista_gdr.080820-1506)]
[PID: 1004 / Czarek][C:\Program Files\Microsoft ActiveSync\wcescomm.exe] [Microsoft Corporation, 4.1.4841.0]
[C:\WINDOWS\system32\CEUTIL.dll] [Microsoft Corporation, 4.1.4841.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\system32\RAPI.dll] [Microsoft Corporation, 4.1.4841.0]
[C:\Program Files\Microsoft ActiveSync\TCP2UDP.dll] [Microsoft Corporation, 4.1.4841.0]
[C:\WINDOWS\system32\imon.dll] [Eset , 2, 70, 31 ]
[C:\Program Files\Eset\pr_imon.dll] [N/A, ]
[C:\Program Files\Microsoft ActiveSync\rapiproxystub.dll] [N/A, ]
[C:\Program Files\Microsoft ActiveSync\dtptdns.dll] [Microsoft Corporation, 4.1.4841.0]
[PID: 1796 / Czarek][C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe] [SUPERAntiSpyware.com, 4, 21, 0, 1004]
[C:\Program Files\SUPERAntiSpyware\deupx.dll] [SuperAntiSpyware.com, 1, 0, 0, 2]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16735 (vista_gdr.080820-1506)]
[C:\WINDOWS\system32\ieframe.dll] [Microsoft Corporation, 7.00.6000.16757 (vista_gdr.081001-1509)]
[C:\Program Files\SUPERAntiSpyware\SASSEH.DLL] [SuperAdBlocker.com, 1, 0, 0, 1012]
[PID: 2084 / Czarek][C:\PROGRA~1\MICROS~3\rapimgr.exe] [Microsoft Corporation, 4.1.4841.0]
[C:\WINDOWS\system32\CEUTIL.dll] [Microsoft Corporation, 4.1.4841.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\PROGRA~1\MICROS~3\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\Microsoft ActiveSync\rapiproxystub.dll] [N/A, ]
[C:\WINDOWS\system32\imon.dll] [Eset , 2, 70, 31 ]
[C:\Program Files\Eset\pr_imon.dll] [N/A, ]
[PID: 3108 / Czarek][C:\WINDOWS\system32\wuauclt.exe] [Microsoft Corporation, 7.2.6001.784 (winmain_oob/wu_wsuswlc(wmbla).080718-1904)]
[C:\WINDOWS\system32\wups2.dll] [Microsoft Corporation, 7.2.6001.784 (winmain_oob/wu_wsuswlc(wmbla).080718-1904)]
[PID: 3104 / Czarek][C:\Program Files\Opera\Opera.exe] [Opera Software, 8816]
[C:\Program Files\Opera\Opera.dll] [Opera Software, 8816]
[C:\WINDOWS\system32\imon.dll] [Eset , 2, 70, 31 ]
[C:\Program Files\Eset\pr_imon.dll] [N/A, ]
[C:\Program Files\Opera\Program\Plugins\NPSWF32.dll] [, ]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16735 (vista_gdr.080820-1506)]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\AcSignIcon.dll] [Autodesk, 16.2.54.0]
[C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll] [Autodesk, 16.2.54.0]
[PID: 2584 / Czarek][C:\Program Files\WinRAR\WinRAR.exe] [N/A, ]
[C:\WINDOWS\system32\AcSignIcon.dll] [Autodesk, 16.2.54.0]
[C:\WINDOWS\system32\wpdshext.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[C:\WINDOWS\system32\PortableDeviceApi.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[C:\WINDOWS\system32\Audiodev.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16735 (vista_gdr.080820-1506)]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\ieframe.dll] [Microsoft Corporation, 7.00.6000.16757 (vista_gdr.081001-1509)]
[PID: 1244 / Czarek][C:\DOCUME~1\Czarek\USTAWI~1\Temp\Rar$EX18.813\SREngLdr.EXE] [Smallfrogs Studio, 2.6.12.1018]
[PID: 3564 / Czarek][C:\DOCUME~1\Czarek\USTAWI~1\Temp\Rar$EX18.813\SREc24f8ece.EXE] [Smallfrogs Studio, 2.6.12.1018]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16735 (vista_gdr.080820-1506)]
[C:\DOCUME~1\Czarek\USTAWI~1\Temp\Rar$EX18.813\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]
[C:\WINDOWS\system32\imon.dll] [Eset , 2, 70, 31 ]
[C:\Program Files\Eset\pr_imon.dll] [N/A, ]
==================================
File Associations
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock Provider
NOD32 protected [MSAFD Tcpip [TCP/IP]]
C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32 protected [MSAFD Tcpip [UDP/IP]]
C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32 protected [MSAFD Tcpip [RAW/IP]]
C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32 protected [RSVP UDP Service Provider]
C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32 protected [RSVP TCP Service Provider]
C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32
C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
==================================
Autorun.Inf
N/A
==================================
HOSTS File
127.0.0.1 localhost
==================================
Process Privileges Scan
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 1004, C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\WCESCOMM.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 2084, C:\PROGRA~1\MICROS~3\RAPIMGR.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 3104, C:\PROGRAM FILES\OPERA\OPERA.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 2584, C:\PROGRAM FILES\WINRAR\WINRAR.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 1244, C:\DOCUME~1\CZAREK\USTAWI~1\TEMP\RAR$EX18.813\SRENGLDR.EXE]
==================================
API HOOK
N/A
==================================
Hidden Process
N/A
==================================
- czare
- Forumowicz
- Posty: 43
- Dołączenie: 18 Paź 2008, 14:08
Re: Prosze o sprawdzenie logów z ComboFix i HijackThis
przez huber2t » 31 Paź 2008, 17:12
UA: Opera/9.61 (Windows NT 5.1; U; pl) Presto/2.1.1
uruchom System Repair Engineer zakładka System Repair >> Browser Add-ons >> odszukaj i usuń
Poza tym ok{33564D57-0000-0010-8000-00AA00389B71}
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}
{92780B25-18CC-41C8-B9BE-3C9C571A8263}
{92ECE6FA-AC2E-4042-BFAE-0C8608E52A43}
{FB5F1910-F110-11D2-BB9E-00C04F795683}
-
huber2t - Zasłużony działacz forum
- Posty: 2798
- Dołączenie: 21 Mar 2008, 10:07
- Pochwały: 42
Re: Prosze o sprawdzenie logów z ComboFix i HijackThis
przez czare » 04 Lis 2008, 00:14
UA: Opera/9.62 (Windows NT 5.1; U; pl) Presto/2.1.1
Kaspersky nie wykrywa juz nic ! Jedynie Ad-Aware wciąż widzi infekcje które usuwa, chwilę jest czysto, ale po krótkim czasie serfowania w necie nadal sie pojawiają. I nie wiem czy sie tym przejmować bo tak jest juz od bardzo dawna.
- czare
- Forumowicz
- Posty: 43
- Dołączenie: 18 Paź 2008, 14:08
Re: Prosze o sprawdzenie logów z ComboFix i HijackThis
przez huber2t » 04 Lis 2008, 03:28
UA: Opera/9.61 (Windows NT 5.1; U; pl) Presto/2.1.1
jest to cookies ale to jest normalne, po porstu co jakiś czas trzeba czyscić system z tego
-
huber2t - Zasłużony działacz forum
- Posty: 2798
- Dołączenie: 21 Mar 2008, 10:07
- Pochwały: 42
Re: Prosze o sprawdzenie logów z ComboFix i HijackThis
przez czare » 05 Lis 2008, 12:55
UA: Opera/9.62 (Windows NT 5.1; U; pl) Presto/2.1.1
Bardzo dziekuję za pomoc ! Pozdrawiam. 
- czare
- Forumowicz
- Posty: 43
- Dołączenie: 18 Paź 2008, 14:08
27 posty(ów)
• Strona 2 z 2 • 1, 2
Kto jest na forum
Zarejestrowani użytkownicy: Bing [Bot]