Prozba o sprawdzene loga :D

przez **Maciak Plock** » 06 Cze 2007, 21:47

Dziś złapałem trojanka =] obecnie robie skanowanko Avast!'em =]

Kod: Zaznacz wszystko: Logfile of HijackThis v1.99.1 Scan saved at 21:45:05, on 2007-06-06 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\explorer.exe d:\Programy\Alwil Software\Avast4\aswUpdSv.exe d:\Programy\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe D:\Programy\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\svchost.exe d:\Programy\Alwil Software\Avast4\ashMaiSv.exe d:\Programy\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\services.exe C:\WINDOWS\services.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\ALCWZRD.EXE D:\Programy\ALWILS~1\Avast4\ashDisp.exe D:\Programy\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Styler\Styler.exe D:\Programy\INSTALKI.pl\InstalkiLite\InstalkiLite.exe D:\Program y\WebServ\WebServ.exe C:\windows\services.exe C:\windows\services.exe D:\Programy\AutoConnect\AutoConnect.exe D:\Programy\Gadu-Gadu\gg.exe D:\Programy\Internet Download Manager\IDMan.exe D:\Programy\DAEMON Tools\daemon.exe D:\Program y\WebServ\no-ip\No-IP DUC20.exe D:\Programy\Internet Download Manager\IEMonitor.exe D:\Program y\WebServ\apache2\bin\WebServ(apache).exe C:\DOCUME~1\MARIUS~1.DOM\USTAWI~1\Temp\{DCE3E0CD-36AF-4D12-8055-2380D3A267E0}\sidebar.exe C:\WINDOWS\system32\wuauclt.exe D:\Program y\WebServ\apache2\bin\WebServ(apache).exe d:\Programy\Alwil Software\Avast4\ashSimpl.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE D:\instalki\anty wirus\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL (file missing) R3 - URLSearchHook: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - (no file) F2 - REG:system.ini: Shell=explorer.exe C:/windows/services.exe O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Programy\Internet Download Manager\IDMIECC.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - D:\Programy\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - d:\Programy\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Expressivo - {85F685C3-20D9-4943-95E4-EB4224056C3F} - d:\Programy\ivo\Expressivo Demo\IH_iexplore.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\pl-pl\msntb.dll O2 - BHO: MU Online Toolbar Helper - {D3138B39-C8A6-440B-9D42-50F766AEA8C7} - C:\Program Files\MU Online Toolbar\v3.2.0.0\MU_Online_Toolbar.dll O2 - BHO: XBTP01621 - {F6104497-54FD-4688-9162-5115CC8AB0FB} - C:\PROGRA~1\BEARSH~1\BEARSH~2\MediaBar.dll O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL O3 - Toolbar: MU Online Toolbar - {B9D1647F-A66A-4695-B249-07901A45FF59} - C:\Program Files\MU Online Toolbar\v3.2.0.0\MU_Online_Toolbar.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\pl-pl\msntb.dll O3 - Toolbar: Expressivo - {85F685C3-20D9-4943-95E4-EB4224056C3F} - d:\Programy\ivo\Expressivo Demo\IH_iexplore.dll O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Skrót do strony właściwości High Definition Audio] HDAShCut.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [avast!] d:\Programy\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [AVFX Engine] C:\Programy\Creative\Creative Live! Cam\VideoFX\StartFX.exe O4 - HKLM\..\Run: [V0230Mon.exe] C:\WINDOWS\system32\V0230Mon.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\pl-pl\msnappau.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [ZoneAlarm Client] "d:\Programy\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [Vista Sidebar] C:\Program Files\Vista Sidebar\sidebar.exe O4 - HKLM\..\Run: [Blaero Start Orb] C:\Program Files\Blaero Start Orb\Blaero Start Orb.exe O4 - HKLM\..\Run: [Styler] C:\Program Files\Styler\Styler.exe O4 - HKLM\..\Run: [InstalkiLite] d:\Programy\INSTALKI.pl\InstalkiLite\InstalkiLite.exe O4 - HKLM\..\Run: [WebServ] D:\Program y\WebServ\WebServ.exe -winstart O4 - HKLM\..\Run: [services] C:\\windows\services.exe O4 - HKCU\..\Run: [AutoConnect] d:\Programy\AutoConnect\AutoConnect.exe O4 - HKCU\..\Run: [Gadu-Gadu] "D:\Programy\Gadu-Gadu\gg.exe" /tray O4 - HKCU\..\Run: [Creative Live! Cam Manager] "d:\Programy\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" O4 - HKCU\..\Run: [Steam] "D:\gry\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [IDMan] D:\Programy\Internet Download Manager\IDMan.exe /onboot O4 - HKCU\..\Run: [DAEMON Tools] "D:\Programy\DAEMON Tools\daemon.exe" -lang 1045 O4 - Global Startup: Kalendarz XP.lnk = C:\Programy\Kalendarz XP\Kalendarz.exe O8 - Extra context menu item: Download All Links with IDM - D:\Programy\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Download with IDM - D:\Programy\Internet Download Manager\IEExt.htm O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - D:\Programy\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{4945957D-7F6C-4759-A711-3EFA14784991}: NameServer = 194.204.159.1 217.98.63.164 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\ O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - d:\Programy\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - d:\Programy\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - d:\Programy\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - d:\Programy\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: BlueSoleil Hid Service - Unknown owner - D:\Programy\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Z góry thx (szczególnie pp3088 =])

przez **pp3088** » 06 Cze 2007, 21:53

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb
R3 - URLSearchHook: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - (no file)
F2 - REG:system.ini: Shell=explorer.exe C:/windows/services.exe
O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
O2 - BHO: XBTP01621 - {F6104497-54FD-4688-9162-5115CC8AB0FB} - C:\PROGRA~1\BEARSH~1\BEARSH~2\MediaBar.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll
O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
O4 - HKLM\..\Run: [V0230Mon.exe] C:\WINDOWS\system32\V0230Mon.exe
O4 - HKLM\..\Run: [services] C:\\windows\services.exe
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\

Startujesz do trybu awaryjnego usuwasz pliki poprzez fix. Pogrubione ręcznie. Nie pomyl lokacji.

przez **Maciak Plock** » 06 Cze 2007, 22:29

Kod: Zaznacz wszystko: Logfile of HijackThis v1.99.1 Scan saved at 22:27:58, on 2007-06-06 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE d:\Programy\Alwil Software\Avast4\aswUpdSv.exe d:\Programy\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe D:\Programy\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe d:\Programy\Alwil Software\Avast4\ashMaiSv.exe d:\Programy\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\ALCWZRD.EXE D:\Programy\ALWILS~1\Avast4\ashDisp.exe C:\Programy\Creative\Creative Live! Cam\VideoFX\StartFX.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\MSN Apps\Updater\01.02.3000.1001\pl-pl\msnappau.exe C:\Program Files\Styler\Styler.exe C:\DOCUME~1\MARIUS~1.DOM\USTAWI~1\Temp\{50F2F358-2942-47D3-BF9A-F693DE40922C}\Blaero Start Orb.exe D:\Programy\INSTALKI.pl\InstalkiLite\InstalkiLite.exe D:\Program y\WebServ\WebServ.exe D:\Programy\AutoConnect\AutoConnect.exe D:\Programy\Gadu-Gadu\gg.exe D:\Programy\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe D:\Programy\Internet Download Manager\IDMan.exe D:\Programy\DAEMON Tools\daemon.exe D:\Program y\WebServ\no-ip\No-IP DUC20.exe C:\WINDOWS\system32\wuauclt.exe C:\DOCUME~1\MARIUS~1.DOM\USTAWI~1\Temp\{13778B82-D2E2-4794-BEDE-62099767E6AD}\sidebar.exe D:\Programy\Internet Download Manager\IEMonitor.exe D:\Program y\WebServ\apache2\bin\WebServ(apache).exe C:\WINDOWS\system32\wuauclt.exe D:\Program y\WebServ\apache2\bin\WebServ(apache).exe D:\instalki\anty wirus\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL (file missing) O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Programy\Internet Download Manager\IDMIECC.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - D:\Programy\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - d:\Programy\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Expressivo - {85F685C3-20D9-4943-95E4-EB4224056C3F} - d:\Programy\ivo\Expressivo Demo\IH_iexplore.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\pl-pl\msntb.dll O2 - BHO: MU Online Toolbar Helper - {D3138B39-C8A6-440B-9D42-50F766AEA8C7} - C:\Program Files\MU Online Toolbar\v3.2.0.0\MU_Online_Toolbar.dll O3 - Toolbar: MU Online Toolbar - {B9D1647F-A66A-4695-B249-07901A45FF59} - C:\Program Files\MU Online Toolbar\v3.2.0.0\MU_Online_Toolbar.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\pl-pl\msntb.dll O3 - Toolbar: Expressivo - {85F685C3-20D9-4943-95E4-EB4224056C3F} - d:\Programy\ivo\Expressivo Demo\IH_iexplore.dll O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Skrót do strony właściwości High Definition Audio] HDAShCut.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [avast!] d:\Programy\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [AVFX Engine] C:\Programy\Creative\Creative Live! Cam\VideoFX\StartFX.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\pl-pl\msnappau.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [ZoneAlarm Client] "d:\Programy\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [Vista Sidebar] C:\Program Files\Vista Sidebar\sidebar.exe O4 - HKLM\..\Run: [Blaero Start Orb] C:\Program Files\Blaero Start Orb\Blaero Start Orb.exe O4 - HKLM\..\Run: [Styler] C:\Program Files\Styler\Styler.exe O4 - HKLM\..\Run: [InstalkiLite] d:\Programy\INSTALKI.pl\InstalkiLite\InstalkiLite.exe O4 - HKLM\..\Run: [WebServ] D:\Program y\WebServ\WebServ.exe -winstart O4 - HKCU\..\Run: [AutoConnect] d:\Programy\AutoConnect\AutoConnect.exe O4 - HKCU\..\Run: [Gadu-Gadu] "D:\Programy\Gadu-Gadu\gg.exe" /tray O4 - HKCU\..\Run: [Creative Live! Cam Manager] "d:\Programy\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" O4 - HKCU\..\Run: [Steam] "D:\gry\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [IDMan] D:\Programy\Internet Download Manager\IDMan.exe /onboot O4 - HKCU\..\Run: [DAEMON Tools] "D:\Programy\DAEMON Tools\daemon.exe" -lang 1045 O4 - Global Startup: Kalendarz XP.lnk = C:\Programy\Kalendarz XP\Kalendarz.exe O8 - Extra context menu item: Download All Links with IDM - D:\Programy\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Download with IDM - D:\Programy\Internet Download Manager\IEExt.htm O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - D:\Programy\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{4945957D-7F6C-4759-A711-3EFA14784991}: NameServer = 194.204.159.1 217.98.63.164 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - d:\Programy\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - d:\Programy\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - d:\Programy\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - d:\Programy\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: BlueSoleil Hid Service - Unknown owner - D:\Programy\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

przez **pp3088** » 06 Cze 2007, 22:34

C:\DOCUME~1\MARIUS~1.DOM\USTAWI~1\Temp\{50F2F358-2942-47D3-BF9A-F693DE40922C}\Blaero Start Orb.exe
C:\DOCUME~1\MARIUS~1.DOM\USTAWI~1\Temp\{13778B82-D2E2-4794-BEDE-62099767E6AD}\sidebar.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\pl-pl\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\pl-pl\msntb.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\pl-pl\msntb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

Fix.

przez **Maciak Plock** » 06 Cze 2007, 23:04

Kod: Zaznacz wszystko: Logfile of HijackThis v1.99.1 Scan saved at 23:01:40, on 2007-06-06 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE d:\Programy\Alwil Software\Avast4\aswUpdSv.exe d:\Programy\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe D:\Programy\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe d:\Programy\Alwil Software\Avast4\ashMaiSv.exe d:\Programy\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\ALCWZRD.EXE D:\Programy\ALWILS~1\Avast4\ashDisp.exe C:\Programy\Creative\Creative Live! Cam\VideoFX\StartFX.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\MSN Apps\Updater\01.02.3000.1001\pl-pl\msnappau.exe C:\Program Files\Styler\Styler.exe D:\Programy\INSTALKI.pl\InstalkiLite\InstalkiLite.exe C:\DOCUME~1\MARIUS~1.DOM\USTAWI~1\Temp\{F346937D-4B90-4501-B2F8-792E656FFF41}\Blaero Start Orb.exe D:\Program y\WebServ\WebServ.exe D:\Programy\AutoConnect\AutoConnect.exe D:\Programy\Gadu-Gadu\gg.exe D:\Programy\Internet Download Manager\IDMan.exe D:\Programy\DAEMON Tools\daemon.exe D:\Programy\Internet Download Manager\IEMonitor.exe D:\Program y\WebServ\no-ip\No-IP DUC20.exe D:\Program y\WebServ\apache2\bin\WebServ(apache).exe C:\DOCUME~1\MARIUS~1.DOM\USTAWI~1\Temp\{22F32D43-0A4E-4946-84BE-CABB9F3C798D}\sidebar.exe C:\WINDOWS\system32\wuauclt.exe D:\Program y\WebServ\apache2\bin\WebServ(apache).exe C:\WINDOWS\system32\wuauclt.exe D:\instalki\anty wirus\HijackThis.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL (file missing) O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Programy\Internet Download Manager\IDMIECC.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - D:\Programy\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - d:\Programy\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Expressivo - {85F685C3-20D9-4943-95E4-EB4224056C3F} - d:\Programy\ivo\Expressivo Demo\IH_iexplore.dll O2 - BHO: MU Online Toolbar Helper - {D3138B39-C8A6-440B-9D42-50F766AEA8C7} - C:\Program Files\MU Online Toolbar\v3.2.0.0\MU_Online_Toolbar.dll O3 - Toolbar: MU Online Toolbar - {B9D1647F-A66A-4695-B249-07901A45FF59} - C:\Program Files\MU Online Toolbar\v3.2.0.0\MU_Online_Toolbar.dll O3 - Toolbar: Expressivo - {85F685C3-20D9-4943-95E4-EB4224056C3F} - d:\Programy\ivo\Expressivo Demo\IH_iexplore.dll O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Skrót do strony właściwości High Definition Audio] HDAShCut.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [avast!] d:\Programy\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [AVFX Engine] C:\Programy\Creative\Creative Live! Cam\VideoFX\StartFX.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\pl-pl\msnappau.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [ZoneAlarm Client] "d:\Programy\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [Vista Sidebar] C:\Program Files\Vista Sidebar\sidebar.exe O4 - HKLM\..\Run: [Blaero Start Orb] C:\Program Files\Blaero Start Orb\Blaero Start Orb.exe O4 - HKLM\..\Run: [Styler] C:\Program Files\Styler\Styler.exe O4 - HKLM\..\Run: [InstalkiLite] d:\Programy\INSTALKI.pl\InstalkiLite\InstalkiLite.exe O4 - HKLM\..\Run: [WebServ] D:\Program y\WebServ\WebServ.exe -winstart O4 - HKCU\..\Run: [AutoConnect] d:\Programy\AutoConnect\AutoConnect.exe O4 - HKCU\..\Run: [Gadu-Gadu] "D:\Programy\Gadu-Gadu\gg.exe" /tray O4 - HKCU\..\Run: [Creative Live! Cam Manager] "d:\Programy\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" O4 - HKCU\..\Run: [Steam] "D:\gry\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [IDMan] D:\Programy\Internet Download Manager\IDMan.exe /onboot O4 - HKCU\..\Run: [DAEMON Tools] "D:\Programy\DAEMON Tools\daemon.exe" -lang 1045 O4 - Global Startup: Kalendarz XP.lnk = C:\Programy\Kalendarz XP\Kalendarz.exe O8 - Extra context menu item: Download All Links with IDM - D:\Programy\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Download with IDM - D:\Programy\Internet Download Manager\IEExt.htm O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - D:\Programy\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{4945957D-7F6C-4759-A711-3EFA14784991}: NameServer = 194.204.159.1 217.98.63.164 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - d:\Programy\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - d:\Programy\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - d:\Programy\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - d:\Programy\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: BlueSoleil Hid Service - Unknown owner - D:\Programy\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

thinks...

przez **Maciak Plock** » 06 Cze 2007, 23:39

Kod: Zaznacz wszystko: L2MFIX find log 032106 These are the registry keys present ********************************************************************************** Winlogon/notify: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 "Logoff"="ChainWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Logoff"="CryptnetWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] "DLLName"="cscdll.dll" "Logon"="WinlogonLogonEvent" "Logoff"="WinlogonLogoffEvent" "ScreenSaver"="WinlogonScreenSaverEvent" "Startup"="WinlogonStartupEvent" "Shutdown"="WinlogonShutdownEvent" "StartShell"="WinlogonStartShellEvent" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] "DLLName"="wlnotify.dll" "Logon"="SCardStartCertProp" "Logoff"="SCardStopCertProp" "Lock"="SCardSuspendCertProp" "Unlock"="SCardResumeCertProp" "Enabled"=dword:00000001 "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "StartShell"="SchedStartShell" "Logoff"="SchedEventLogOff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] "Logoff"="WLEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] "DLLName"="WlNotify.dll" "Lock"="SensLockEvent" "Logon"="SensLogonEvent" "Logoff"="SensLogoffEvent" "Safe"=dword:00000001 "MaxWait"=dword:00000258 "StartScreenSaver"="SensStartScreenSaverEvent" "StopScreenSaver"="SensStopScreenSaverEvent" "Startup"="SensStartupEvent" "Shutdown"="SensShutdownEvent" "StartShell"="SensStartShellEvent" "PostShell"="SensPostShellEvent" "Disconnect"="SensDisconnectEvent" "Reconnect"="SensReconnectEvent" "Unlock"="SensUnlockEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "Logoff"="TSEventLogoff" "Logon"="TSEventLogon" "PostShell"="TSEventPostShell" "Shutdown"="TSEventShutdown" "StartShell"="TSEventStartShell" "Startup"="TSEventStartup" "MaxWait"=dword:00000258 "Reconnect"="TSEventReconnect" "Disconnect"="TSEventDisconnect" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] "DLLName"="wlnotify.dll" "Logon"="RegisterTicketExpiredNotificationEvent" "Logoff"="UnregisterTicketExpiredNotificationEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 ********************************************************************************** useragent: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] "SV1"="" ********************************************************************************** Shell Extension key: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] "{00022613-0000-0000-C000-000000000046}"="Karta wˆa˜ciwo˜ci pliku multimedialnego" "{176d6597-26d3-11d1-b350-080036a75b03}"="ZarzĄdzanie skanerem ICM" "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Strona zabezpieczeä NTFS" "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Strona wˆa˜ciwo˜ci OLE Docfile" "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Rozszerzenia powˆoki dla udost©pniania zasob˘w" "{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension" "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Rozszerzenie CPL karty graficznej" "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Rozszerzenie CPL monitora wy˜wietlania" "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Rozszerzenie CPL kadrowania wy˜wietlania" "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Strona zabezpieczeä usˆugi DS" "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Strona zgodno˜ci" "{56117100-C0CD-101B-81E2-00AA004AE837}"="Program obsˆugi danych wycinkowych powˆoki" "{59099400-57FF-11CE-BD94-0020AF85B590}"="Rozszerzenie Disc Copy" "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Rozszerzenia powˆoki dla obiekt˘w Microsoft Windows Network" "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ZarzĄdzanie monitorem ICM" "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ZarzĄdzanie drukarkĄ ICM" "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Rozszerzenia powˆoki dla kompresji plik˘w" "{77597368-7b15-11d0-a0c2-080036af3f03}"="Rozszerzenie powˆoki drukarek sieci Web" "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI" "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu kontekstowe szyfrowania" "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Akt˘wka" "{88895560-9AA2-1069-930E-00AA0030EBC8}"="Rozszerzenie ikony HyperTerminalu" "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts" "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC" "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Strona zabezpieczeä drukarek" "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Rozszerzenia powˆoki dla udost©pniania zasob˘w" "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension" "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Rozszerzenie Crypto PKO" "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Rozszerzenie Crypto Sign" "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="PoˆĄczenia sieciowe" "{992CFFA0-F557-101A-88EC-00DD010CCC48}"="PoˆĄczenia sieciowe" "{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Skanery i aparaty fotograficzne" "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Skanery i aparaty fotograficzne" "{905667aa-acd6-11d2-8080-00805f6596d2}"="&Skanery i aparaty fotograficzne" "{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Skanery i aparaty fotograficzne" "{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Skanery i aparaty fotograficzne" "{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension" "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Rozszerzenia powˆoki dla hosta skrypt˘w systemu Windows" "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link" "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler" "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension" "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Zaplanowane zadania" "{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults" "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension" "{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Pasek zadaä i menu Start" "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Wyszukaj" "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Pomoc i obsˆuga techniczna" "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Pomoc i obsˆuga techniczna" "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Uruchom..." "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet" "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail" "{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Czcionki" "{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Narz©dzia administracyjne" "{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Strona wˆa˜ciwo˜ci Poprzednie wersje" "{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Poprzednie wersje" "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler" "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler" "{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler" "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler" "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler" "{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor" "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Pasek narz©dzi programu Microsoft Internet" "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Stan pobierania" "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Folder powˆoki zwi©kszonej" "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Folder powˆoki zwi©kszonej 2" "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy" "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Pasek przeglĄdarki Microsoft" "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Pasek wyszukiwania" "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Wyszukiwanie w okienku" "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Wyszukiwanie w sieci Web" "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Narz©dzie opcji drzewa rejestru" "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adres" "{A08C11D2-A228-11d0-825B-00AA005B4383}"="Pole edycji adresu" "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Autouzupeˆnianie Microsoft" "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="Wyodr©bnianie obraz˘w Trident" "{6756A641-DE71-11d0-831B-00AA005B4383}"="Lista autouzupeˆniania MRU" "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Niestandardowa lista autouzupeˆniania MRU" "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Dost©pny" "{acf35015-526e-4230-9596-becbe19f0ac9}"="Pasek podr©czny ˜ledzenia" "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Lista autouzupeˆniania historii Microsoft" "{03C036F1-A186-11D0-824A-00AA005B4383}"="Lista autouzupeˆniania folderu powˆoki Microsoft" "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Kontener wielu list autouzupeˆniania Microsoft" "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu witryny paska powˆoki" "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp" "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Pasek pulpitu powˆoki" "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite" "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Pomoc dla uľytkownika" "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Globalne ustawienia folder˘w" "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band" "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service" "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer" "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture" "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut" "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service" "{FF393560-C2A7-11CF-BFF4-444553540000}"="Historia" "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Tymczasowe pliki internetowe" "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Tymczasowe pliki internetowe" "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook" "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Ekran powitalny pakietu IE4" "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook" "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC" "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC" "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet" "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space" "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Pasek eksploratora" "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{88C6C381-2E85-11D0-94DE-444553540000}"="Folder pami©ci podr©cznej ActiveX" "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck" "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr" "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Folder subskrypcji" "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler" "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent" "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent" "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent" "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent" "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent" "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler" "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Menedľer aplikacji powˆoki" "{0B124F8F-91F0-11D1-B8B5-006008059382}"="Wyliczanie zainstalowanych aplikacji" "{CFCCC7A0-A282-11D1-9082-006008059382}"="Publikator aplikacji Darwin" "{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs" "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory" "{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}"="Autoplay for SlideShow" "{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+program wyodr©bniajĄcy miniatury plik˘w" "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Informacje podsumowujĄce obsˆugi miniatur (DOCFILES)" "{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Wyodr©bnianie miniatur HTML" "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler" "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Kreator publikacji w sieci Web" "{add36aa8-751a-4579-a266-d66f5202ccbb}"="Zamawianie odbitek w sieci Web" "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Obiekt powˆoki kreatora publikacji" "{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Kreator uzyskiwania profilu usˆugi Passport" "{7A9D77BD-5403-11d2-8785-2E0420524153}"="Konta uľytkownik˘w" "{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler" "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target" "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Plik kanaˆu" "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Skr˘t kanaˆu" "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Obiekt obsˆugi kanaˆu" "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu" "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties" "{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder" "{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview" "{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext" "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control" "{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control" "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control" "{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control" "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control" "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI" "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object" "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find" "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find" "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI" "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs" "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook" "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target" "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties" "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu" "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options" "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Folder plik˘w trybu offline" "{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler" "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell" "{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%" "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler" "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer" "{32714800-2E5F-11d0-8B85-00AA0044F941}"="&Do os˘b..." "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler" "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler" "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler" "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension" "{A70C977A-BF00-412C-90B7-034C51DA2439}"="NvCpl DesktopContext Class" "{FFB699E0-306A-11d3-8BD1-00104B6F7516}"="Play on my TV helper" "{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer" "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu" "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}"="nView Desktop Context Menu" "{472083B0-C522-11CF-8763-00608CC02F24}"="avast" "{2B3453E4-49DF-11D3-8229-0080BE509050}"="Nap©d GMail" "{2B3453E4-49DF-11D3-8229-0080BE509052}"="GMailFS Property Sheet" "{2B3453E4-49DF-11D3-8229-0080BE509054}"="GMailFS Drop Handler" "{2B3453E4-49DF-11D3-8229-0080BE509056}"="GMailFS Context Menu" "{21569614-B795-46b1-85F4-E737A8DC09AD}"="Shell Search Band" "{D9872D13-7651-4471-9EEE-F0A00218BEBB}"="Multiscan" "{e82a2d71-5b2f-43a0-97b8-81be15854de8}"="ShellLink for Application References" "{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}"="Shell Icon Handler for Application References" "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player" "{AD392E40-428C-459F-961E-9B147782D099}"="UltraISO" @="ImageResizer Shell Extension" ********************************************************************************** HKEY ROOT CLASSIDS: ********************************************************************************** Files Found are not all bad files: C:\WINDOWS\SYSTEM32\ gdi32.dll Thu 2007-03-08 17:38:48 A.... 281 600 275,00 K libeay32.dll Wed 2007-06-06 22:18:44 A.... 684 032 668,00 K libeay~1.dll Fri 2007-03-09 1:01:16 A.... 796 312 777,65 K mf3216.dll Thu 2007-03-08 17:38:48 A.... 40 960 40,00 K msi.dll Wed 2007-04-18 18:14:32 A.... 2 854 400 2,72 M pncrt.dll Sun 2007-05-20 21:01:32 A.... 278 528 272,00 K pndx5016.dll Sun 2007-05-20 21:01:32 A.... 6 656 6,50 K pndx5032.dll Sun 2007-05-20 21:01:32 A.... 5 632 5,50 K rmoc3260.dll Sun 2007-05-20 21:01:38 A.... 176 167 172,04 K ssleay32.dll Wed 2007-06-06 22:18:46 A.... 155 648 152,00 K user32.dll Thu 2007-03-08 17:38:48 A.... 579 072 565,50 K vsdata.dll Fri 2007-03-09 1:01:24 A.... 83 696 81,73 K vsinit.dll Wed 2007-06-06 22:18:44 A.... 75 032 73,27 K vsmonapi.dll Fri 2007-03-09 1:01:26 A.... 104 176 101,73 K vspubapi.dll Fri 2007-03-09 1:01:26 A.... 276 208 269,73 K vsregexp.dll Fri 2007-03-09 1:01:26 A.... 71 408 69,73 K vsutil.dll Fri 2007-03-09 1:01:28 A.... 472 816 461,73 K vswmi.dll Fri 2007-03-09 1:01:30 A.... 46 832 45,73 K vsxml.dll Fri 2007-03-09 1:01:30 A.... 100 080 97,73 K winsrv.dll Sat 2007-03-17 15:45:36 A.... 293 376 286,50 K xpsp3res.dll Fri 2007-03-09 12:24:18 A.... 122 368 119,50 K zlcomm.dll Fri 2007-03-09 1:01:30 A.... 83 696 81,73 K zlcommdb.dll Fri 2007-03-09 1:01:32 A.... 71 408 69,73 K zpeng24.dll Fri 2007-03-09 1:01:42 A.... 1 087 216 1,04 M 24 items found: 24 files, 0 directories. Total of file sizes: 8 747 319 bytes 8,34 M Locate .tmp files: No matches found. ********************************************************************************** Directory Listing of system files: Wolumin w stacji C nie ma etykiety. Numer seryjny woluminu: 58FD-CBDD Katalog: C:\WINDOWS\System32 2007-05-25 17:17 <DIR> dllcache 2006-08-27 20:27 <DIR> Microsoft 0 plik(˘w) 0 bajt˘w 2 katalog(˘w) 9˙924˙235˙264 bajt˘w wolnych

przez **pp3088** » 06 Cze 2007, 23:41

Czysto.

przez **Maciak Plock** » 07 Cze 2007, 13:34

Troche sie pobawiłem w combofixie i pousuwałem te dziadostwa, przeglondarka sie nadal wali... czyli po ok 5 minutach po uruchomieniu przestaje funkcjoniwac (tak samo jak IE, urzywam Fire foxa) daje logi specjaliscie... =]

Kod: Zaznacz wszystko: MaRiUsZ - 07-06-07 13:22:05,32 Dodatek Service Pack 2 ComboFix 06.11.27 - Running from: "D:\instalki\anty wirus" ((((((((((((((((((((((((((((((( Files Created from 2007-05-07 to 2007-06-07 )))))))))))))))))))))))))))))))))) 2007-06-07 13:17 745,600 --a------ C:\WINDOWS\system32\aswBoot.exe 2007-06-07 12:50 87,040 --a------ C:\WINDOWS\catchme.exe 2007-06-07 12:50 49,152 --a------ C:\WINDOWS\system32\vfind.exe 2007-06-07 12:50 428,032 --a------ C:\WINDOWS\system32\swreg.exe 2007-06-07 12:50 370,688 --a------ C:\WINDOWS\system32\swsc.exe 2007-06-07 12:50 212,480 --a------ C:\WINDOWS\system32\swxcacls.exe 2007-06-06 23:12 <DIR> d-------- C:\!KillBox 2007-06-06 21:25 684,032 --a------ C:\WINDOWS\system32\libeay32.dll 2007-06-06 21:25 155,648 --a------ C:\WINDOWS\system32\ssleay32.dll 2007-06-06 21:25 <DIR> d-a------ C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\TEMP 2007-06-05 18:00 348,160 --a------ C:\WINDOWS\eSellerateEngine.dll 2007-06-05 16:49 <DIR> d-------- C:\Documents and Settings\MaRiUsZ.DOMEK\Dane aplikacji\Vso 2007-05-25 17:19 <DIR> d-------- C:\Documents and Settings\MaRiUsZ.DOMEK\Dane aplikacji\Styler 2007-05-25 17:17 <DIR> d-------- C:\Program Files\Vista Sidebar 2007-05-25 17:17 <DIR> d-------- C:\Program Files\Styler 2007-05-25 17:17 <DIR> d-------- C:\Documents and Settings\MaRiUsZ.DOMEK\Dane aplikacji\Stardock 2007-05-25 17:13 8,636 --a------ C:\WINDOWS\system32\modifype.exe 2007-05-25 17:13 69,632 --a------ C:\WINDOWS\system32\moveex.exe 2007-05-25 17:13 19,968 --a------ C:\WINDOWS\system32\reico.exe 2007-05-25 17:13 111,104 --a------ C:\WINDOWS\system32\Uharc.exe 2007-05-25 17:13 <DIR> d-------- C:\WINDOWS\system32\VITrans 2007-05-22 22:01 75,512 --a------ C:\WINDOWS\zllsputility.exe 2007-05-22 22:00 1,087,216 --a------ C:\WINDOWS\system32\zpeng24.dll 2007-05-22 22:00 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs 2007-05-22 21:05 1,867,776 --a------ C:\WINDOWS\system32\python24.dll 2007-05-22 21:05 1,867,776 --a------ C:\WINDOWS\python24.dll 2007-05-22 18:07 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe 2007-05-22 18:06 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll 2007-05-22 18:06 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll 2007-05-22 18:06 38,912 --------- C:\WINDOWS\system32\picn20.dll 2007-05-22 18:06 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll 2007-05-22 18:06 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll 2007-05-22 18:06 24,064 --------- C:\WINDOWS\system32\msxml3a.dll 2007-05-22 18:06 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll 2007-05-22 18:06 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Ahead 2007-05-22 18:01 <DIR> d-------- C:\Program Files\DaemonTools_WhenUSave_Installer 2007-05-22 17:08 682,232 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-05-22 16:43 <DIR> d-------- C:\Program Files\Common Files\EZB Systems 2007-05-20 20:59 <DIR> d-------- C:\Documents and Settings\MaRiUsZ.DOMEK\Dane aplikacji\Real 2007-05-20 18:35 <DIR> d-------- C:\Program Files\HighGrow 2007-05-20 18:35 <DIR> d-------- C:\Documents and Settings\MaRiUsZ.DOMEK\Desktop 2007-05-12 23:11 <DIR> d-------- C:\Documents and Settings\MaRiUsZ.DOMEK\Dane aplikacji\Media Player Classic 2007-05-12 22:25 <DIR> d-------- C:\Documents and Settings\MaRiUsZ.DOMEK\Dane aplikacji\IDM 2007-05-12 22:25 <DIR> d-------- C:\Documents and Settings\MaRiUsZ.DOMEK\Dane aplikacji\DMCache 2007-05-09 17:53 <DIR> d-------- C:\Program Files\Skype 2007-05-07 17:34 <DIR> d-------- C:\Program Files\QuickTime 2007-05-07 17:34 <DIR> d-------- C:\Program Files\Apple Software Update 2007-05-07 17:33 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Apple Computer 2007-05-07 17:25 <DIR> d-------- C:\Program Files\Common Files\muvee Technologies 2007-05-07 17:11 6,272 -ra------ C:\WINDOWS\system32\drivers\V0230Vfx.sys 2007-05-07 17:11 498,464 -ra------ C:\WINDOWS\system32\drivers\V0230VID.sys 2007-05-07 17:11 36,961 -ra------ C:\WINDOWS\system32\V0230Mon.exe 2007-05-07 17:11 36,864 -ra------ C:\WINDOWS\system32\CtCamMgr.dll 2007-05-07 17:11 253,952 -ra------ C:\WINDOWS\system32\V0230CVW.dll 2007-05-07 17:11 25,600 -ra------ C:\WINDOWS\system32\V0230Pin.dll 2007-05-07 17:11 18,432 -ra------ C:\WINDOWS\system32\V0230Hwx.dll 2007-05-07 17:11 122,880 -ra------ C:\WINDOWS\system32\V0230Vfw.dll 2007-05-07 17:08 <DIR> d-------- C:\Program Files\SightSpeed 2007-05-07 17:06 <DIR> d-------- C:\Program Files\Creative 2007-05-07 16:25 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Creative 2007-05-07 16:23 <DIR> d-------- C:\Documents and Settings\MaRiUsZ.DOMEK\Dane aplikacji\muvee Technologies 2007-05-07 16:12 <DIR> d-------- C:\Documents and Settings\MaRiUsZ.DOMEK\Dane aplikacji\Creative 2007-05-07 16:10 86,016 -ra------ C:\WINDOWS\CtDrvIns.exe 2007-05-07 16:10 8,192 -ra------ C:\WINDOWS\system32\V0230Srv.exe 2007-05-07 16:10 54,784 --a------ C:\WINDOWS\system32\vfwwdm32.dll 2007-05-07 16:10 41,984 --------- C:\WINDOWS\Ctregrun.exe 2007-05-07 16:09 <DIR> d-------- C:\WINDOWS\CtDrvInstall 2007-05-07 16:08 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\muvee Technologies 2007-05-07 16:05 306,688 --a------ C:\WINDOWS\IsUninst.exe (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-06-06 22:08 -------- d-------- C:\Documents and Settings\MaRiUsZ.DOMEK\Dane aplikacji\Skype 2007-05-31 22:00 -------- d-------- C:\Program Files\Mozilla Firefox 2007-05-25 17:18 -------- d-------- C:\Program Files\Windows Media Player 2007-05-25 17:18 -------- d-------- C:\Program Files\Outlook Express 2007-05-25 17:18 -------- d-------- C:\Program Files\Internet Explorer 2007-05-22 22:39 -------- d-------- C:\Program Files\Silkroad 2007-05-22 18:08 -------- d-------- C:\Program Files\Common Files\LightScribe 2007-05-22 16:43 -------- d-------- C:\Program Files\Common Files 2007-05-19 21:49 -------- d-------- C:\Program Files\Common Files\Skype 2007-05-07 17:25 -------- d--h----- C:\Program Files\InstallShield Installation Information 2007-05-06 22:24 -------- d-------- C:\Program Files\MSN Messenger 2007-04-30 17:41 94552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2007-04-30 17:41 85952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2007-04-30 17:39 23416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2007-04-30 17:38 43176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2007-04-30 17:37 26888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2007-04-30 17:35 95872 --a------ C:\WINDOWS\system32\AVASTSS.scr 2007-04-26 14:02 231249 --a------ C:\WINDOWS\MU_Online_Toolbar_Uninstaller_8046.exe 2007-04-26 14:02 -------- d-------- C:\Program Files\MU Online Toolbar 2007-04-26 14:01 -------- d-------- C:\Documents and Settings\MaRiUsZ.DOMEK\Dane aplikacji\InstallShield 2007-04-26 12:58 -------- d-------- C:\Program Files\IrfanView 2007-04-26 12:58 -------- d-------- C:\Program Files\Google 2007-04-22 15:33 -------- d-------- C:\Documents and Settings\MaRiUsZ.DOMEK\Dane aplikacji\Gadu-Gadu 2007-04-19 20:32 -------- d-------- C:\Documents and Settings\MaRiUsZ.DOMEK\Dane aplikacji\Macromedia 2007-04-18 22:41 -------- d-------- C:\Documents and Settings\MaRiUsZ.DOMEK\Dane aplikacji\foobar2000 2007-04-18 21:15 -------- d-------- C:\Program Files\BearShare Applications 2007-04-18 18:14 2854400 --a------ C:\WINDOWS\system32\msi.dll 2007-04-16 17:23 -------- d-------- C:\Program Files\Messenger 2007-04-16 15:55 -------- d-------- C:\Program Files\Common Files\System 2007-04-16 12:25 -------- d-------- C:\Program Files\Adobe 2007-04-16 12:25 -------- d-------- C:\Documents and Settings\MaRiUsZ.DOMEK\Dane aplikacji\Adobe 2007-04-14 18:56 -------- d-------- C:\Program Files\Neostrada TP 2007-04-14 12:55 -------- d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-04-14 12:54 -------- d---s---- C:\Documents and Settings\MaRiUsZ.DOMEK\Dane aplikacji\Microsoft 2007-04-14 12:00 -------- d-------- C:\Documents and Settings\MaRiUsZ.DOMEK\Dane aplikacji\Lavasoft 2007-04-14 11:57 62 --ahs---- C:\Documents and Settings\MaRiUsZ.DOMEK\Dane aplikacji\desktop.ini 2007-04-14 11:22 -------- d-------- C:\Program Files\Winamp 2007-04-14 11:13 -------- d-------- C:\Program Files\Realtek 2007-04-14 11:11 -------- d-------- C:\Program Files\Intel 2007-04-14 11:00 -------- d-------- C:\Documents and Settings\MaRiUsZ.DOMEK\Dane aplikacji\Talkback 2007-04-14 10:36 -------- d-------- C:\Documents and Settings\MaRiUsZ.DOMEK\Dane aplikacji\Help 2007-04-14 10:31 -------- d-------- C:\Program Files\Thomson 2007-04-14 10:23 -------- d-------- C:\Documents and Settings\MaRiUsZ.DOMEK\Dane aplikacji\Mozilla 2007-04-14 10:14 -------- d-------- C:\Documents and Settings\MaRiUsZ.DOMEK\Dane aplikacji\Identities 2007-04-14 10:09 0 -rahs---- C:\MSDOS.SYS 2007-04-14 10:09 0 -rahs---- C:\IO.SYS 2007-04-14 10:09 0 --a------ C:\CONFIG.SYS 2007-03-17 15:45 293376 --a------ C:\WINDOWS\system32\winsrv.dll 2007-03-08 17:38 579072 --a------ C:\WINDOWS\system32\user32.dll 2007-03-08 17:38 40960 --a------ C:\WINDOWS\system32\mf3216.dll 2007-03-08 17:38 281600 --a------ C:\WINDOWS\system32\gdi32.dll 2007-03-08 17:37 1843840 --a------ C:\WINDOWS\system32\win32k.sys (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "AutoConnect"="d:\\Programy\\AutoConnect\\AutoConnect.exe" "Gadu-Gadu"="\"D:\\Programy\\Gadu-Gadu\\gg.exe\" /tray" "Creative Live! Cam Manager"="\"d:\\Programy\\Creative\\Creative Live! Cam\\Live! Cam Manager\\CTLCMgr.exe\"" "Steam"="\"D:\\gry\\Steam\\Steam.exe\" -silent" "IDMan"="D:\\Programy\\Internet Download Manager\\IDMan.exe /onboot" "DAEMON Tools"="\"D:\\Programy\\DAEMON Tools\\daemon.exe\" -lang 1045" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent" "SpeedTouch USB Diagnostics"="\"C:\\Program Files\\Thomson\\SpeedTouch USB\\Dragdiag.exe\" /icon" "nwiz"="nwiz.exe /install" "Skrót do strony właściwości High Definition Audio"="HDAShCut.exe" "SoundMan"="SOUNDMAN.EXE" "AlcWzrd"="ALCWZRD.EXE" "Alcmtr"="ALCMTR.EXE" "avast!"="d:\\Programy\\ALWILS~1\\Avast4\\ashDisp.exe" "AVFX Engine"="C:\\Programy\\Creative\\Creative Live! Cam\\VideoFX\\StartFX.exe" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "msnappau"="\"C:\\Program Files\\MSN Apps\\Updater\\01.02.3000.1001\\pl-pl\\msnappau.exe\"" "ZoneAlarm Client"="\"d:\\Programy\\Zone Labs\\ZoneAlarm\\zlclient.exe\"" "Vista Sidebar"="C:\\Program Files\\Vista Sidebar\\sidebar.exe" "Blaero Start Orb"="C:\\Program Files\\Blaero Start Orb\\Blaero Start Orb.exe" "Styler"="C:\\Program Files\\Styler\\Styler.exe" "InstalkiLite"="d:\\Programy\\INSTALKI.pl\\InstalkiLite\\InstalkiLite.exe" "WebServ"="D:\\Program y\\WebServ\\WebServ.exe -winstart" "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup" [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000001 [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Moja bieżąca strona główna" "Flags"=dword:00000002 "Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\ 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:04,00,00,40 "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\ ff,ff,04,00,00,00 "RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\ 00,00,01,00,00,00 [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Moduł wstępnego ładowania interfejsu Browseui" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Demon buforu kategorii składników" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=hex:95,00,00,00 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\run] [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer\run] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\AppleSoftwareUpdate.job Completion time: 07-06-07 13:22:57.65 C:\ComboFix.txt ... 07-06-07 13:22

Oczywiscie jak mówiłes daje z Combofixa...

przez **pp3088** » 07 Cze 2007, 21:43

C:\WINDOWS\system32\aswBoot.exe
C:\Program Files\DaemonTools_WhenUSave_Installer

W Killbox. Do usunięcia.

przez **piotrek234** » 08 Cze 2007, 09:52

a czy ty nie masz 2 antyvirów ?? (bo ja tak miałem że po jakimś czasie FF się zawieszał bo właśnie 2 antyviry były (nawet jak jest 1 rezydent ochrony to i tak np. jak w moim przypadku avast skanował a nie miał włączonego rezydenta)

Prozba o sprawdzene loga :D

Prozba o sprawdzene loga :D

Kto jest na forum