Regulamin forum
1. Każdy temat powinien odzwierciedlać treść wątku.2. W przypadku wklejania logów; należy je wykonać od razu przynajmniej z dwóch narzędzi: FRST oraz z GMER
3. Wszelkie logi proszę publikować na przeznaczonych do tego stronach a w poście wklejać tylko link.
4. Nie wskazane jest skracanie logów, należy wkleić cały - od początku, do końca.
5. Nie wskazane jest podczepianie się do tematów innych użytkowników - proszę założyć nowy temat w dziale Bezpieczeństwo, ułatwi to pomoc sprawdzającemu.
6. Osoby nie posiadające odpowiedniej wiedzy, nie powinny sprawdzać logów, ponieważ grozi to poważnym uszkodzeniem systemu lub aplikacji zainstalowanych na komputerze.
7. Należy dokładnie opisać problem, występujące objawy oraz wszelkie podjęte działania.
8. Każdy skrypt jest unikatowy, napisany dla każdego przypadku z osobna, więc nie może być stosowany przez innych.
9. W przypadku zamieszczenia zrzutu ekranu (screenshot'a) proszę korzystać z zewnętrznego serwisu oferującego hosting zdjęć.
Sprawdzenie loga
15 Cze 2008, 14:55
Witam i pozdrawiam wszystkich jestem nowy na tym forum mam taka prośbe czy mógłby mi ktoś sprawdzić loga
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:41:37, on 2008-06-15
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\COMPANY_NAME\Disc Master 2.5\DirectCD.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/pl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: MyPlayCity Toolbar - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Program Files\MyPlayCity\tbMyPl.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: MyPlayCity Toolbar - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Program Files\MyPlayCity\tbMyPl.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
O3 - Toolbar: MyPlayCity Toolbar - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Program Files\MyPlayCity\tbMyPl.dll
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ScreenManager Pro for LCD] C:\Program Files\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [DIRECTCD] "C:\Program Files\COMPANY_NAME\Disc Master 2.5\DirectCD.exe"
O4 - HKLM\..\Run: [WINCINEMAMGR] "C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.16\AsRunHelp.exe
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "D:\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: COMPANY_NAME WinCinema Manager.lnk = C:\Program Files\COMPANY_NAME\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\COMPANY_NAME\Common\Bin\WinCinemaMgr.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/ ... leId=19588
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Kaspersky Anti-Virus Service (kavsvc) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
--
End of file - 7507 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:41:37, on 2008-06-15
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\COMPANY_NAME\Disc Master 2.5\DirectCD.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/pl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: MyPlayCity Toolbar - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Program Files\MyPlayCity\tbMyPl.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: MyPlayCity Toolbar - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Program Files\MyPlayCity\tbMyPl.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
O3 - Toolbar: MyPlayCity Toolbar - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Program Files\MyPlayCity\tbMyPl.dll
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ScreenManager Pro for LCD] C:\Program Files\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [DIRECTCD] "C:\Program Files\COMPANY_NAME\Disc Master 2.5\DirectCD.exe"
O4 - HKLM\..\Run: [WINCINEMAMGR] "C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.16\AsRunHelp.exe
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "D:\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: COMPANY_NAME WinCinema Manager.lnk = C:\Program Files\COMPANY_NAME\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\COMPANY_NAME\Common\Bin\WinCinemaMgr.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/ ... leId=19588
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Kaspersky Anti-Virus Service (kavsvc) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
--
End of file - 7507 bytes
15 Cze 2008, 15:43
FIX w HijackThis:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/pl
Usuń w: Panel Sterowania
Dodaj/usuń programy My Global Search Bar
Pokaż log z ComboFix
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/pl
Usuń w: Panel Sterowania
Dodaj/usuń programy My Global Search BarPokaż log z ComboFix
15 Cze 2008, 16:33
dzieki za pomoc juz to zrobiłem a to log z ComboFix
ComboFix 08-06-12.2 - Andrzej Lis 2008-06-15 16:21:34.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1635 [GMT 2:00]
Running from: C:\Program Files\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\myglobalsearch
C:\Program Files\myglobalsearch\bar\1.bin\M9FFXTBR.JAR
C:\Program Files\myglobalsearch\bar\1.bin\M9FFXTBR.MANIFEST
C:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.JAR
C:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.MANIFEST
C:\Program Files\myglobalsearch\bar\1.bin\M9PLUGIN.DLL
C:\Program Files\myglobalsearch\bar\1.bin\MGSBAR.DLL
C:\Program Files\myglobalsearch\bar\Cache\00FA51F8
C:\Program Files\myglobalsearch\bar\Cache\00FA542A
C:\Program Files\myglobalsearch\bar\Cache\00FA5563.bin
C:\Program Files\myglobalsearch\bar\Cache\00FA5747.bin
C:\Program Files\myglobalsearch\bar\Cache\00FA5880.bin
C:\Program Files\myglobalsearch\bar\Cache\files.ini
C:\Program Files\myglobalsearch\bar\History\search
C:\Program Files\myglobalsearch\bar\Settings\prevcfg.htm
.
((((((((((((((((((((((((( Files Created from 2008-05-15 to 2008-06-15 )))))))))))))))))))))))))))))))
.
2008-06-15 16:18 . 2008-06-15 16:18 1,979,425 --a------ C:\Program Files\ComboFix.exe
2008-06-15 14:38 . 2008-06-15 14:38 401,720 --a------ C:\Documents and Settings\HiJackThis.exe
2008-06-15 00:34 . 2008-06-15 00:58 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-06-11 12:17 . 2008-04-14 17:53 273,024 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 12:17 . 2008-04-14 17:53 273,024 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-10 21:45 . 2008-06-10 21:45 <DIR> d-------- C:\Program Files\Edgard
2008-06-10 21:24 . 2008-06-10 23:27 48 --a------ C:\WINDOWS\EL0103.dat
2008-06-10 21:01 . 2008-06-10 21:24 <DIR> d-------- C:\Program Files\EasyLanguage
2008-06-10 16:39 . 2008-06-10 16:39 <DIR> d-------- C:\Program Files\MyPlayCity.com
2008-06-10 16:39 . 2008-06-10 16:39 <DIR> d-------- C:\Program Files\MyPlayCity
2008-06-10 16:39 . 2008-06-10 16:39 <DIR> d-------- C:\Program Files\Conduit
2008-06-09 16:42 . 2008-06-09 16:42 65,790 --a------ C:\iranf wiew polski.zip
2008-06-09 14:54 . 2008-06-09 14:55 <DIR> d-------- C:\Program Files\Opera
2008-06-09 14:53 . 2008-06-09 14:53 6,666,408 --a------ C:\Program Files\Opera_9.27_International_Setup.exe
2008-06-06 18:51 . 2008-06-13 22:20 264 --a------ C:\WINDOWS\system32\drivers\fwdrv.err
2008-06-06 14:58 . 2008-06-06 14:58 <DIR> d-------- C:\Documents and Settings\Andrzej Lis\Dane aplikacji\AdobeAUM
2008-06-05 22:59 . 2008-06-05 22:59 <DIR> d-------- C:\TEMP
2008-06-05 22:12 . 2008-06-09 18:08 <DIR> d-------- C:\Program Files\IrfanView
2008-06-05 19:27 . 2008-05-14 00:05 3,663,208 --a------ C:\BSPL_5.2.5_[www.POBIERALNIA.org].exe
2008-06-03 23:21 . 2008-06-03 23:21 <DIR> d-------- C:\Program Files\Avira
2008-06-03 23:21 . 2008-06-03 23:21 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Avira
2008-06-03 23:05 . 2008-06-03 23:05 <DIR> d-------- C:\Program Files\Sunbelt Software
2008-06-01 16:48 . 2008-06-01 16:48 <DIR> d-------- C:\Documents and Settings\Andrzej Lis\Dane aplikacji\Media Player Classic
2008-06-01 16:47 . 2008-06-01 16:47 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-06-01 16:47 . 2007-11-29 23:30 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-05-30 19:55 . 2008-05-30 19:56 <DIR> d-------- C:\Program Files\Winamp
2008-05-30 19:55 . 2008-05-30 19:58 <DIR> d-------- C:\Documents and Settings\Andrzej Lis\Dane aplikacji\Winamp
2008-05-18 22:13 . 2008-05-18 22:13 <DIR> d-------- C:\Program Files\MarBit
2008-05-18 15:53 . 2001-10-26 17:29 99,328 --a------ C:\WINDOWS\system32\srusd.dll
2008-05-18 15:53 . 2001-10-26 17:29 99,328 --a--c--- C:\WINDOWS\system32\dllcache\srusd.dll
2008-05-18 15:53 . 2001-10-26 17:29 71,680 --a------ C:\WINDOWS\system32\fnfilter.dll
2008-05-18 15:53 . 2001-10-26 17:29 71,680 --a--c--- C:\WINDOWS\system32\dllcache\fnfilter.dll
2008-05-18 15:53 . 2001-10-26 17:05 6,912 --a------ C:\WINDOWS\system32\drivers\serscan.sys
2008-05-18 15:53 . 2001-10-26 17:05 6,912 --a--c--- C:\WINDOWS\system32\dllcache\serscan.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-15 14:19 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-06-15 14:13 --------- d-----w C:\Program Files\BearShare
2008-06-09 12:44 --------- d-----w C:\Program Files\Google
2008-06-03 17:49 --------- d-----w C:\Documents and Settings\Monika Lis\Dane aplikacji\Winamp
2008-05-28 14:10 --------- d-----w C:\Documents and Settings\Andrzej Lis\Dane aplikacji\AdobeUM
2008-05-24 20:39 --------- d-----w C:\Program Files\eMule
2008-05-18 13:23 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-18 13:23 --------- d-----w C:\Program Files\COMPANY_NAME
2008-05-16 16:01 --------- d-----w C:\Program Files\Spyware Doctor
2008-05-13 20:50 --------- d-----w C:\Program Files\Gadu-Gadu
2008-05-13 20:35 --------- d-----w C:\Documents and Settings\Monika Lis\Dane aplikacji\ACD Systems
2008-05-11 08:39 --------- d-----w C:\Program Files\Common Files\ACD Systems
2008-05-11 08:39 --------- d-----w C:\Program Files\ACD Systems
2008-05-11 08:39 --------- d-----w C:\Documents and Settings\Andrzej Lis\Dane aplikacji\ACD Systems
2008-05-11 08:39 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\ACD Systems
2008-05-10 13:27 --------- d-----w C:\Documents and Settings\Monika Lis\Dane aplikacji\Gadu-Gadu
2008-05-09 12:54 --------- d-----w C:\Documents and Settings\Monika Lis\Dane aplikacji\Leadertech
2008-05-09 12:22 --------- d-----w C:\Documents and Settings\Andrzej Lis\Dane aplikacji\Leadertech
2008-05-09 06:15 86,016 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-05-09 06:15 262,144 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2008-05-09 06:13 --------- d-----w C:\Program Files\Futuremark
2008-05-09 06:10 --------- d-----w C:\Program Files\ASUS
2008-05-09 05:15 --------- d-----w C:\Program Files\InterVideo
2008-05-09 05:14 65 ----a-w C:\Program Files\Common Files\appop.log
2008-05-09 05:08 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-09 04:32 --------- d-----w C:\Program Files\Kaspersky Lab
2008-05-09 04:32 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Anti-Virus Personal
2008-05-08 17:11 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\Winamp
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-08 11:27 --------- d-----w C:\Program Files\EIZO
2008-05-08 06:04 --------- d-----w C:\Program Files\MSXML 4.0
2008-05-07 22:48 --------- d-----w C:\Documents and Settings\Monika Lis\Dane aplikacji\Teleca
2008-05-07 19:05 --------- d-----w C:\Documents and Settings\Andrzej Lis\Dane aplikacji\PC Tools
2008-05-07 17:14 --------- d-----w C:\Program Files\Java
2008-05-07 17:14 --------- d-----w C:\Program Files\Common Files\Java
2008-05-07 14:59 --------- d-----w C:\Documents and Settings\Andrzej Lis\Dane aplikacji\Gadu-Gadu
2008-05-07 11:57 --------- d-----w C:\Program Files\Analog Devices
2008-05-07 11:53 --------- d-----w C:\Program Files\NVIDIA Corporation
2008-05-07 11:51 --------- d-----w C:\Program Files\DIFX
2008-05-07 05:16 1,291,264 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-06 20:55 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-06 20:52 --------- d-----w C:\Program Files\Sony Ericsson
2008-05-06 20:52 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2008-05-06 20:52 --------- d-----w C:\Documents and Settings\Andrzej Lis\Dane aplikacji\Teleca
2008-05-06 20:52 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Teleca
2008-05-06 20:52 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Sony Ericsson
2008-05-06 20:51 6,144 ----a-w C:\WINDOWS\system32\drivers\k750cm.sys
2008-05-06 20:51 5,744 ----a-w C:\WINDOWS\system32\drivers\k750wh.sys
2008-05-06 20:18 --------- d-----w C:\Program Files\Philips
2008-05-06 20:17 --------- d-----w C:\Documents and Settings\Andrzej Lis\Dane aplikacji\InstallShield
2008-05-06 20:06 --------- d-----w C:\Program Files\microsoft frontpage
2008-05-06 20:05 --------- d-----w C:\Program Files\Usługi online
2008-04-21 07:03 662,016 ----a-w C:\WINDOWS\system32\wininet.dll
2008-03-25 04:52 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:52 178,976 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]
2008-03-04 13:44 1470488 --a------ C:\Program Files\MyPlayCity\tbMyPl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4724C5D8-DFA7-417A-A2F5-1EABFEE9B4AC}"= "C:\Program Files\MyPlayCity\tbMyPl.dll" [2008-03-04 13:44 1470488]
[HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4724C5D8-DFA7-417A-A2F5-1EABFEE9B4AC}"= C:\Program Files\MyPlayCity\tbMyPl.dll [2008-03-04 13:44 1470488]
[HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2007-10-29 14:00 15360]
"Gadu-Gadu"="D:\Gadu-Gadu\gg.exe" [2008-03-20 12:04 2127296]
"eMuleAutoStart"="C:\Program Files\eMule\emule.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 16:17 159744]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-11-06 11:30 8523776]
"nwiz"="nwiz.exe" [2007-11-06 11:30 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-11-06 11:30 81920]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"ScreenManager Pro for LCD"="C:\Program Files\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe" [2006-06-08 10:33 8953856]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 20:49 36352]
"KAVPersonal50"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" [2006-03-27 17:55 94350]
"DIRECTCD"="C:\Program Files\COMPANY_NAME\Disc Master 2.5\DirectCD.exe" [2005-10-25 00:49 299008]
"WINCINEMAMGR"="C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe" [2005-01-21 02:47 270336]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-10-05 14:25 868352]
"AsusStartupHelp"="C:\Program Files\ASUS\AASP\1.00.16\AsRunHelp.exe" [2006-11-14 08:25 363008]
"BearShare"="C:\Program Files\BearShare\BearShare.exe" [ ]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2007-10-29 14:00 15360]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
COMPANY_NAME WinCinema Manager.lnk - C:\Program Files\COMPANY_NAME\Common\Bin\WinCinemaMgr.exe [2008-05-09 07:11:28 229376]
InterVideo WinCinema Manager.lnk - C:\Program Files\COMPANY_NAME\Common\Bin\WinCinemaMgr.exe [2008-05-09 07:11:28 229376]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\mohpa.exe"=
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"C:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
R0 ivicd;Ivi CDVD Filter Driver;C:\WINDOWS\system32\drivers\ivicd.sys [2005-01-12 06:29]
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 10:21]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-04-26 10:21]
R1 Klmc;Klmc;C:\WINDOWS\system32\drivers\klmc.sys [2006-03-20 19:22]
S2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe" [2007-04-26 10:21]
S3 {DEF85C80-216A-43ab-AF70-1665EDBE2780};{DEF85C80-216A-43ab-AF70-1665EDBE2780};C:\WINDOWS\TEMP\E2.tmp []
S3 iviudf;iviudf;C:\WINDOWS\system32\drivers\IviUdf.sys [2005-06-23 02:09]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{11712b1d-9965-11db-af56-806d6172696f}]
\Shell\AutoRun\command - E:\.\Bin\ASSETUP.exe
*Newly Created Service* - CATCHME
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-15 16:25:36
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{DEF85C80-216A-43ab-AF70-1665EDBE2780}]
"ImagePath"="\??\C:\WINDOWS\TEMP\E2.tmp"
.
Completion time: 2008-06-15 16:26:59
ComboFix-quarantined-files.txt 2008-06-15 14:26:54
Pre-Run: 232,864,346,112 bajtów wolnych
Post-Run: 232,981,544,960 bajtów wolnych
196 --- E O F --- 2008-06-11 17:54:35
ComboFix 08-06-12.2 - Andrzej Lis 2008-06-15 16:21:34.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1635 [GMT 2:00]
Running from: C:\Program Files\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\myglobalsearch
C:\Program Files\myglobalsearch\bar\1.bin\M9FFXTBR.JAR
C:\Program Files\myglobalsearch\bar\1.bin\M9FFXTBR.MANIFEST
C:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.JAR
C:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.MANIFEST
C:\Program Files\myglobalsearch\bar\1.bin\M9PLUGIN.DLL
C:\Program Files\myglobalsearch\bar\1.bin\MGSBAR.DLL
C:\Program Files\myglobalsearch\bar\Cache\00FA51F8
C:\Program Files\myglobalsearch\bar\Cache\00FA542A
C:\Program Files\myglobalsearch\bar\Cache\00FA5563.bin
C:\Program Files\myglobalsearch\bar\Cache\00FA5747.bin
C:\Program Files\myglobalsearch\bar\Cache\00FA5880.bin
C:\Program Files\myglobalsearch\bar\Cache\files.ini
C:\Program Files\myglobalsearch\bar\History\search
C:\Program Files\myglobalsearch\bar\Settings\prevcfg.htm
.
((((((((((((((((((((((((( Files Created from 2008-05-15 to 2008-06-15 )))))))))))))))))))))))))))))))
.
2008-06-15 16:18 . 2008-06-15 16:18 1,979,425 --a------ C:\Program Files\ComboFix.exe
2008-06-15 14:38 . 2008-06-15 14:38 401,720 --a------ C:\Documents and Settings\HiJackThis.exe
2008-06-15 00:34 . 2008-06-15 00:58 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-06-11 12:17 . 2008-04-14 17:53 273,024 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 12:17 . 2008-04-14 17:53 273,024 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-10 21:45 . 2008-06-10 21:45 <DIR> d-------- C:\Program Files\Edgard
2008-06-10 21:24 . 2008-06-10 23:27 48 --a------ C:\WINDOWS\EL0103.dat
2008-06-10 21:01 . 2008-06-10 21:24 <DIR> d-------- C:\Program Files\EasyLanguage
2008-06-10 16:39 . 2008-06-10 16:39 <DIR> d-------- C:\Program Files\MyPlayCity.com
2008-06-10 16:39 . 2008-06-10 16:39 <DIR> d-------- C:\Program Files\MyPlayCity
2008-06-10 16:39 . 2008-06-10 16:39 <DIR> d-------- C:\Program Files\Conduit
2008-06-09 16:42 . 2008-06-09 16:42 65,790 --a------ C:\iranf wiew polski.zip
2008-06-09 14:54 . 2008-06-09 14:55 <DIR> d-------- C:\Program Files\Opera
2008-06-09 14:53 . 2008-06-09 14:53 6,666,408 --a------ C:\Program Files\Opera_9.27_International_Setup.exe
2008-06-06 18:51 . 2008-06-13 22:20 264 --a------ C:\WINDOWS\system32\drivers\fwdrv.err
2008-06-06 14:58 . 2008-06-06 14:58 <DIR> d-------- C:\Documents and Settings\Andrzej Lis\Dane aplikacji\AdobeAUM
2008-06-05 22:59 . 2008-06-05 22:59 <DIR> d-------- C:\TEMP
2008-06-05 22:12 . 2008-06-09 18:08 <DIR> d-------- C:\Program Files\IrfanView
2008-06-05 19:27 . 2008-05-14 00:05 3,663,208 --a------ C:\BSPL_5.2.5_[www.POBIERALNIA.org].exe
2008-06-03 23:21 . 2008-06-03 23:21 <DIR> d-------- C:\Program Files\Avira
2008-06-03 23:21 . 2008-06-03 23:21 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Avira
2008-06-03 23:05 . 2008-06-03 23:05 <DIR> d-------- C:\Program Files\Sunbelt Software
2008-06-01 16:48 . 2008-06-01 16:48 <DIR> d-------- C:\Documents and Settings\Andrzej Lis\Dane aplikacji\Media Player Classic
2008-06-01 16:47 . 2008-06-01 16:47 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-06-01 16:47 . 2007-11-29 23:30 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-05-30 19:55 . 2008-05-30 19:56 <DIR> d-------- C:\Program Files\Winamp
2008-05-30 19:55 . 2008-05-30 19:58 <DIR> d-------- C:\Documents and Settings\Andrzej Lis\Dane aplikacji\Winamp
2008-05-18 22:13 . 2008-05-18 22:13 <DIR> d-------- C:\Program Files\MarBit
2008-05-18 15:53 . 2001-10-26 17:29 99,328 --a------ C:\WINDOWS\system32\srusd.dll
2008-05-18 15:53 . 2001-10-26 17:29 99,328 --a--c--- C:\WINDOWS\system32\dllcache\srusd.dll
2008-05-18 15:53 . 2001-10-26 17:29 71,680 --a------ C:\WINDOWS\system32\fnfilter.dll
2008-05-18 15:53 . 2001-10-26 17:29 71,680 --a--c--- C:\WINDOWS\system32\dllcache\fnfilter.dll
2008-05-18 15:53 . 2001-10-26 17:05 6,912 --a------ C:\WINDOWS\system32\drivers\serscan.sys
2008-05-18 15:53 . 2001-10-26 17:05 6,912 --a--c--- C:\WINDOWS\system32\dllcache\serscan.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-15 14:19 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-06-15 14:13 --------- d-----w C:\Program Files\BearShare
2008-06-09 12:44 --------- d-----w C:\Program Files\Google
2008-06-03 17:49 --------- d-----w C:\Documents and Settings\Monika Lis\Dane aplikacji\Winamp
2008-05-28 14:10 --------- d-----w C:\Documents and Settings\Andrzej Lis\Dane aplikacji\AdobeUM
2008-05-24 20:39 --------- d-----w C:\Program Files\eMule
2008-05-18 13:23 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-18 13:23 --------- d-----w C:\Program Files\COMPANY_NAME
2008-05-16 16:01 --------- d-----w C:\Program Files\Spyware Doctor
2008-05-13 20:50 --------- d-----w C:\Program Files\Gadu-Gadu
2008-05-13 20:35 --------- d-----w C:\Documents and Settings\Monika Lis\Dane aplikacji\ACD Systems
2008-05-11 08:39 --------- d-----w C:\Program Files\Common Files\ACD Systems
2008-05-11 08:39 --------- d-----w C:\Program Files\ACD Systems
2008-05-11 08:39 --------- d-----w C:\Documents and Settings\Andrzej Lis\Dane aplikacji\ACD Systems
2008-05-11 08:39 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\ACD Systems
2008-05-10 13:27 --------- d-----w C:\Documents and Settings\Monika Lis\Dane aplikacji\Gadu-Gadu
2008-05-09 12:54 --------- d-----w C:\Documents and Settings\Monika Lis\Dane aplikacji\Leadertech
2008-05-09 12:22 --------- d-----w C:\Documents and Settings\Andrzej Lis\Dane aplikacji\Leadertech
2008-05-09 06:15 86,016 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-05-09 06:15 262,144 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2008-05-09 06:13 --------- d-----w C:\Program Files\Futuremark
2008-05-09 06:10 --------- d-----w C:\Program Files\ASUS
2008-05-09 05:15 --------- d-----w C:\Program Files\InterVideo
2008-05-09 05:14 65 ----a-w C:\Program Files\Common Files\appop.log
2008-05-09 05:08 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-09 04:32 --------- d-----w C:\Program Files\Kaspersky Lab
2008-05-09 04:32 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Anti-Virus Personal
2008-05-08 17:11 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\Winamp
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-08 11:27 --------- d-----w C:\Program Files\EIZO
2008-05-08 06:04 --------- d-----w C:\Program Files\MSXML 4.0
2008-05-07 22:48 --------- d-----w C:\Documents and Settings\Monika Lis\Dane aplikacji\Teleca
2008-05-07 19:05 --------- d-----w C:\Documents and Settings\Andrzej Lis\Dane aplikacji\PC Tools
2008-05-07 17:14 --------- d-----w C:\Program Files\Java
2008-05-07 17:14 --------- d-----w C:\Program Files\Common Files\Java
2008-05-07 14:59 --------- d-----w C:\Documents and Settings\Andrzej Lis\Dane aplikacji\Gadu-Gadu
2008-05-07 11:57 --------- d-----w C:\Program Files\Analog Devices
2008-05-07 11:53 --------- d-----w C:\Program Files\NVIDIA Corporation
2008-05-07 11:51 --------- d-----w C:\Program Files\DIFX
2008-05-07 05:16 1,291,264 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-06 20:55 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-06 20:52 --------- d-----w C:\Program Files\Sony Ericsson
2008-05-06 20:52 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2008-05-06 20:52 --------- d-----w C:\Documents and Settings\Andrzej Lis\Dane aplikacji\Teleca
2008-05-06 20:52 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Teleca
2008-05-06 20:52 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Sony Ericsson
2008-05-06 20:51 6,144 ----a-w C:\WINDOWS\system32\drivers\k750cm.sys
2008-05-06 20:51 5,744 ----a-w C:\WINDOWS\system32\drivers\k750wh.sys
2008-05-06 20:18 --------- d-----w C:\Program Files\Philips
2008-05-06 20:17 --------- d-----w C:\Documents and Settings\Andrzej Lis\Dane aplikacji\InstallShield
2008-05-06 20:06 --------- d-----w C:\Program Files\microsoft frontpage
2008-05-06 20:05 --------- d-----w C:\Program Files\Usługi online
2008-04-21 07:03 662,016 ----a-w C:\WINDOWS\system32\wininet.dll
2008-03-25 04:52 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:52 178,976 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]
2008-03-04 13:44 1470488 --a------ C:\Program Files\MyPlayCity\tbMyPl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4724C5D8-DFA7-417A-A2F5-1EABFEE9B4AC}"= "C:\Program Files\MyPlayCity\tbMyPl.dll" [2008-03-04 13:44 1470488]
[HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4724C5D8-DFA7-417A-A2F5-1EABFEE9B4AC}"= C:\Program Files\MyPlayCity\tbMyPl.dll [2008-03-04 13:44 1470488]
[HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2007-10-29 14:00 15360]
"Gadu-Gadu"="D:\Gadu-Gadu\gg.exe" [2008-03-20 12:04 2127296]
"eMuleAutoStart"="C:\Program Files\eMule\emule.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 16:17 159744]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-11-06 11:30 8523776]
"nwiz"="nwiz.exe" [2007-11-06 11:30 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-11-06 11:30 81920]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"ScreenManager Pro for LCD"="C:\Program Files\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe" [2006-06-08 10:33 8953856]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 20:49 36352]
"KAVPersonal50"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" [2006-03-27 17:55 94350]
"DIRECTCD"="C:\Program Files\COMPANY_NAME\Disc Master 2.5\DirectCD.exe" [2005-10-25 00:49 299008]
"WINCINEMAMGR"="C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe" [2005-01-21 02:47 270336]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-10-05 14:25 868352]
"AsusStartupHelp"="C:\Program Files\ASUS\AASP\1.00.16\AsRunHelp.exe" [2006-11-14 08:25 363008]
"BearShare"="C:\Program Files\BearShare\BearShare.exe" [ ]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2007-10-29 14:00 15360]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
COMPANY_NAME WinCinema Manager.lnk - C:\Program Files\COMPANY_NAME\Common\Bin\WinCinemaMgr.exe [2008-05-09 07:11:28 229376]
InterVideo WinCinema Manager.lnk - C:\Program Files\COMPANY_NAME\Common\Bin\WinCinemaMgr.exe [2008-05-09 07:11:28 229376]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\mohpa.exe"=
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"C:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
R0 ivicd;Ivi CDVD Filter Driver;C:\WINDOWS\system32\drivers\ivicd.sys [2005-01-12 06:29]
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 10:21]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-04-26 10:21]
R1 Klmc;Klmc;C:\WINDOWS\system32\drivers\klmc.sys [2006-03-20 19:22]
S2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe" [2007-04-26 10:21]
S3 {DEF85C80-216A-43ab-AF70-1665EDBE2780};{DEF85C80-216A-43ab-AF70-1665EDBE2780};C:\WINDOWS\TEMP\E2.tmp []
S3 iviudf;iviudf;C:\WINDOWS\system32\drivers\IviUdf.sys [2005-06-23 02:09]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{11712b1d-9965-11db-af56-806d6172696f}]
\Shell\AutoRun\command - E:\.\Bin\ASSETUP.exe
*Newly Created Service* - CATCHME
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-15 16:25:36
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{DEF85C80-216A-43ab-AF70-1665EDBE2780}]
"ImagePath"="\??\C:\WINDOWS\TEMP\E2.tmp"
.
Completion time: 2008-06-15 16:26:59
ComboFix-quarantined-files.txt 2008-06-15 14:26:54
Pre-Run: 232,864,346,112 bajtów wolnych
Post-Run: 232,981,544,960 bajtów wolnych
196 --- E O F --- 2008-06-11 17:54:35
15 Cze 2008, 18:03
Wklej do notatnika:
Plik zapisz jako CFScript.txt (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)
Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu
Rozpocznie się usuwanie i powstanie log, daj ten log na forum + log z HijackThis
Pokaz tez log z Kaspersky Online Scanner: http://kaspersky.pl/virusscanner.html
- Kod:
Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]
Plik
zapisz jako CFScript.txt (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu
Rozpocznie się usuwanie i powstanie log, daj ten log na forum + log z HijackThis
Pokaz tez log z Kaspersky Online Scanner: http://kaspersky.pl/virusscanner.html
15 Cze 2008, 18:54
dzięki ten raport to jest to?
pushd "C:\327882R2FWJFW\"
=============================================
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Andrzej Lis\Dane aplikacji
cfldr=327882R2FWJFW
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=LIS-CE11CCBB06B
ComSpec=C:\WINDOWS\system32\cmd.exe
DEFAULT_CA_NR=CA6
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Andrzej Lis
kmd=CF10053.exe
LOGONSERVER=\\LIS-CE11CCBB06B
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\327882R2FWJFW;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Teleca Shared
PATHEXT=.cfexe;.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 67 Stepping 3, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=4303
ProgramFiles=C:\Program Files
PROMPT=$
SESSIONNAME=Console
sfxname=C:\Documents and Settings\Andrzej Lis\Pulpit\ComboFix.exe
system=C:\WINDOWS\system32
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ANDRZE~1\USTAWI~1\Temp
TMP=C:\DOCUME~1\ANDRZE~1\USTAWI~1\Temp
USERDOMAIN=LIS-CE11CCBB06B
USERNAME=Andrzej Lis
USERPROFILE=C:\Documents and Settings\Andrzej Lis
windir=C:\WINDOWS
=============================================
if not defined sfxname goto END
If ["C:\Documents and Settings\Andrzej Lis\Pulpit\CFScript.txt"] == [] Set "SfxCmd="
if /I "C:\327882R2FWJFW" NEQ "C:\327882R2FWJFW" goto Abort
if exist "C:\DOCUME~1\ANDRZE~1\USTAWI~1\Temp\327882R2FWJFW327882R2FWJFW.log" del "C:\DOCUME~1\ANDRZE~1\USTAWI~1\Temp\327882R2FWJFW327882R2FWJFW.log"
SteelWerX Extended Configuration Access Control Lists
Written by Bobbi Flekman 2006 (C)
Ownerchange for "C:\WINDOWS\system32\cmd.exe" to Administrators group was successful
copy /y "C:\WINDOWS\system32\cmd.exe" "C:\WINDOWS\system32\CF10053.exe"
Liczba skopiowanych plik˘w: 1.
if not exist "C:\WINDOWS\system32\CF10053.exe" catchme -l nul -c "C:\WINDOWS\system32\cmd.exe" "C:\WINDOWS\system32\CF10053.exe"
For /F "tokens=*" %g in ("C:\Documents and Settings\Andrzej Lis\Pulpit\ComboFix.exe") do @(
set "FileName=%~ng"
set "FilePath=%~dpg"
)
Set FileName 1>FileName 2>nul
GREP -Gisqx "FileName=[-[:alnum:]@.]*" FileName || (
nircmd infobox "You cannot rename ComboFix as ComboFix~n~nPlease use another name, preferbaly made up of alphanumeric characters" ""
goto END
)
DIR /AD/B C:\* | Findstr -IVX ComboFix 1>dirname00
Findstr -LIXC:"ComboFix" dirname00 1>nul && call :NameChk
If exist dirname0? del /Q dirname0?
If exist "\ComboFix" DIR /AD "\ComboFix" 1>nul && (
rd /s/q "\ComboFix"
If exist "\ComboFix" (
PV -kf Findstr *.cfexe
rd /s/q "\ComboFix"
)
If exist "\ComboFix" (
handle "C:\ComboFix" | SED -r "/pid:/!d; s/.*: (.*): .*/\1/" 1>temp00
for /F "tokens=1,2" %g in (temp00) do @echo.y | Handle -p %g -c %h
del /q temp00
rd /s/q "\ComboFix"
)
)
Killing 'Findstr'
Killing '*.cfexe'
If exist "\ComboFix" rd /s/q "\ComboFix"
If exist "\ComboFix" goto :eof
pushd "C:\327882R2FWJFW\"
=============================================
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Andrzej Lis\Dane aplikacji
cfldr=327882R2FWJFW
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=LIS-CE11CCBB06B
ComSpec=C:\WINDOWS\system32\cmd.exe
DEFAULT_CA_NR=CA6
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Andrzej Lis
kmd=CF10053.exe
LOGONSERVER=\\LIS-CE11CCBB06B
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\327882R2FWJFW;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Teleca Shared
PATHEXT=.cfexe;.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 67 Stepping 3, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=4303
ProgramFiles=C:\Program Files
PROMPT=$
SESSIONNAME=Console
sfxname=C:\Documents and Settings\Andrzej Lis\Pulpit\ComboFix.exe
system=C:\WINDOWS\system32
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ANDRZE~1\USTAWI~1\Temp
TMP=C:\DOCUME~1\ANDRZE~1\USTAWI~1\Temp
USERDOMAIN=LIS-CE11CCBB06B
USERNAME=Andrzej Lis
USERPROFILE=C:\Documents and Settings\Andrzej Lis
windir=C:\WINDOWS
=============================================
if not defined sfxname goto END
If ["C:\Documents and Settings\Andrzej Lis\Pulpit\CFScript.txt"] == [] Set "SfxCmd="
if /I "C:\327882R2FWJFW" NEQ "C:\327882R2FWJFW" goto Abort
if exist "C:\DOCUME~1\ANDRZE~1\USTAWI~1\Temp\327882R2FWJFW327882R2FWJFW.log" del "C:\DOCUME~1\ANDRZE~1\USTAWI~1\Temp\327882R2FWJFW327882R2FWJFW.log"
SteelWerX Extended Configuration Access Control Lists
Written by Bobbi Flekman 2006 (C)
Ownerchange for "C:\WINDOWS\system32\cmd.exe" to Administrators group was successful
copy /y "C:\WINDOWS\system32\cmd.exe" "C:\WINDOWS\system32\CF10053.exe"
Liczba skopiowanych plik˘w: 1.
if not exist "C:\WINDOWS\system32\CF10053.exe" catchme -l nul -c "C:\WINDOWS\system32\cmd.exe" "C:\WINDOWS\system32\CF10053.exe"
For /F "tokens=*" %g in ("C:\Documents and Settings\Andrzej Lis\Pulpit\ComboFix.exe") do @(
set "FileName=%~ng"
set "FilePath=%~dpg"
)
Set FileName 1>FileName 2>nul
GREP -Gisqx "FileName=[-[:alnum:]@.]*" FileName || (
nircmd infobox "You cannot rename ComboFix as ComboFix~n~nPlease use another name, preferbaly made up of alphanumeric characters" ""
goto END
)
DIR /AD/B C:\* | Findstr -IVX ComboFix 1>dirname00
Findstr -LIXC:"ComboFix" dirname00 1>nul && call :NameChk
If exist dirname0? del /Q dirname0?
If exist "\ComboFix" DIR /AD "\ComboFix" 1>nul && (
rd /s/q "\ComboFix"
If exist "\ComboFix" (
PV -kf Findstr *.cfexe
rd /s/q "\ComboFix"
)
If exist "\ComboFix" (
handle "C:\ComboFix" | SED -r "/pid:/!d; s/.*: (.*): .*/\1/" 1>temp00
for /F "tokens=1,2" %g in (temp00) do @echo.y | Handle -p %g -c %h
del /q temp00
rd /s/q "\ComboFix"
)
)
Killing 'Findstr'
Killing '*.cfexe'
If exist "\ComboFix" rd /s/q "\ComboFix"
If exist "\ComboFix" goto :eof
15 Cze 2008, 18:58
a drugi log to
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:54:02, on 2008-06-15
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\CF13405.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/pl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: MyPlayCity Toolbar - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Program Files\MyPlayCity\tbMyPl.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: MyPlayCity Toolbar - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Program Files\MyPlayCity\tbMyPl.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (file missing)
O3 - Toolbar: MyPlayCity Toolbar - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Program Files\MyPlayCity\tbMyPl.dll
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ScreenManager Pro for LCD] C:\Program Files\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [DIRECTCD] "C:\Program Files\COMPANY_NAME\Disc Master 2.5\DirectCD.exe"
O4 - HKLM\..\Run: [WINCINEMAMGR] "C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.16\AsRunHelp.exe
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "D:\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: COMPANY_NAME WinCinema Manager.lnk = C:\Program Files\COMPANY_NAME\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\COMPANY_NAME\Common\Bin\WinCinemaMgr.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/ ... leId=19588
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Kaspersky Anti-Virus Service (kavsvc) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
--
End of file - 7562 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:54:02, on 2008-06-15
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\CF13405.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/pl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: MyPlayCity Toolbar - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Program Files\MyPlayCity\tbMyPl.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: MyPlayCity Toolbar - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Program Files\MyPlayCity\tbMyPl.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (file missing)
O3 - Toolbar: MyPlayCity Toolbar - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Program Files\MyPlayCity\tbMyPl.dll
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ScreenManager Pro for LCD] C:\Program Files\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [DIRECTCD] "C:\Program Files\COMPANY_NAME\Disc Master 2.5\DirectCD.exe"
O4 - HKLM\..\Run: [WINCINEMAMGR] "C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.16\AsRunHelp.exe
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "D:\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: COMPANY_NAME WinCinema Manager.lnk = C:\Program Files\COMPANY_NAME\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\COMPANY_NAME\Common\Bin\WinCinemaMgr.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/ ... leId=19588
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Kaspersky Anti-Virus Service (kavsvc) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
--
End of file - 7562 bytes
15 Cze 2008, 19:07
log powinien zawierac nazwy znalezionych wirusów (jesli byly) ale mysle ze jest wszystko dobrze
Jedynie FIX w HijackThis:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/pl
O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (file missing)
Jedynie FIX w HijackThis:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/pl
O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (file missing)
15 Cze 2008, 19:37
raport z kasperski online
KASPERSKY ONLINE SCANNER REPORT
15 czerwiec 2008 19:32:16
System operacyjny: Microsoft Windows XP Professional, Dodatek Service Pack 2 (Build 2600)
Kaspersky Online Scanner wersja: 5.0.98.0
Ostatnia aktualizacja Kaspersky Anti-Virus15/06/2008
Liczba wpisów w bazie danych Kaspersky Anti-Virus867762
Ustawienia skanowania
Skanowanie przy użyciu następujących baz danych rozszerzone
Skanuj archiwa tak
Skanuj pocztowe bazy danych tak
Obszar skanowania Mój komputer
A:\
C:\
D:\
E:\
Statystyki skanowania
Liczba skanowanych obiektów 55864
Liczba wykrytych wirusów 0
Liczba zainfekowanych obiektów 0
Liczba podejrzanych obiektów 0
Czas trwania skanowania 00:22:12
Nazwa zainfekowanego obiektu Nazwa wirusa Ostatnie działanie
C:\Documents and Settings\All Users\Dane aplikacji\Microsoft\Network\Downloader\qmgr0.dat Object is locked pominięty
C:\Documents and Settings\All Users\Dane aplikacji\Microsoft\Network\Downloader\qmgr1.dat Object is locked pominięty
C:\Documents and Settings\Andrzej Lis\Cookies\index.dat Object is locked pominięty
C:\Documents and Settings\Andrzej Lis\Dane aplikacji\Teleca\Telecalib\Logging\Application logs\SpecificUSB_log.txt Object is locked pominięty
C:\Documents and Settings\Andrzej Lis\NTUSER.DAT Object is locked pominięty
C:\Documents and Settings\Andrzej Lis\ntuser.dat.LOG Object is locked pominięty
C:\Documents and Settings\Andrzej Lis\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat Object is locked pominięty
C:\Documents and Settings\Andrzej Lis\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG Object is locked pominięty
C:\Documents and Settings\Andrzej Lis\Ustawienia lokalne\Historia\History.IE5\index.dat Object is locked pominięty
C:\Documents and Settings\Andrzej Lis\Ustawienia lokalne\Temp\~DFBE4.tmp Object is locked pominięty
C:\Documents and Settings\Andrzej Lis\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat Object is locked pominięty
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked pominięty
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked pominięty
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked pominięty
C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat Object is locked pominięty
C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG Object is locked pominięty
C:\Documents and Settings\LocalService\Ustawienia lokalne\Historia\History.IE5\index.dat Object is locked pominięty
C:\Documents and Settings\LocalService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat Object is locked pominięty
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked pominięty
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked pominięty
C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat Object is locked pominięty
C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG Object is locked pominięty
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked pominięty
C:\System Volume Information\_restore{4ECB4873-555F-4B4B-8B76-50161E5965F1}\RP54\change.log Object is locked pominięty
C:\WINDOWS\Debug\PASSWD.LOG Object is locked pominięty
C:\WINDOWS\SchedLgU.Txt Object is locked pominięty
C:\WINDOWS\SoftwareDistribution\EventCache\{7646BDE9-488F-4F2A-8BAD-427919FAB7EA}.bin Object is locked pominięty
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked pominięty
C:\WINDOWS\Sti_Trace.log Object is locked pominięty
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked pominięty
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked pominięty
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked pominięty
C:\WINDOWS\system32\config\default Object is locked pominięty
C:\WINDOWS\system32\config\default.LOG Object is locked pominięty
C:\WINDOWS\system32\config\SAM Object is locked pominięty
C:\WINDOWS\system32\config\SAM.LOG Object is locked pominięty
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked pominięty
C:\WINDOWS\system32\config\SECURITY Object is locked pominięty
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked pominięty
C:\WINDOWS\system32\config\software Object is locked pominięty
C:\WINDOWS\system32\config\software.LOG Object is locked pominięty
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked pominięty
C:\WINDOWS\system32\config\system Object is locked pominięty
C:\WINDOWS\system32\config\system.LOG Object is locked pominięty
C:\WINDOWS\system32\h323log.txt Object is locked pominięty
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked pominięty
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked pominięty
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked pominięty
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked pominięty
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked pominięty
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked pominięty
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked pominięty
C:\WINDOWS\Temp\bca4e2da.$$$ Object is locked pominięty
C:\WINDOWS\Temp\fa56d7ec.$$$ Object is locked pominięty
C:\WINDOWS\wiadebug.log Object is locked pominięty
C:\WINDOWS\wiaservc.log Object is locked pominięty
C:\WINDOWS\WindowsUpdate.log Object is locked pominięty
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked pominięty
D:\System Volume Information\_restore{4ECB4873-555F-4B4B-8B76-50161E5965F1}\RP54\change.log Object is locked pominięty
Proces skanowania został zakończony.
KASPERSKY ONLINE SCANNER REPORT
15 czerwiec 2008 19:32:16
System operacyjny: Microsoft Windows XP Professional, Dodatek Service Pack 2 (Build 2600)
Kaspersky Online Scanner wersja: 5.0.98.0
Ostatnia aktualizacja Kaspersky Anti-Virus15/06/2008
Liczba wpisów w bazie danych Kaspersky Anti-Virus867762
Ustawienia skanowania
Skanowanie przy użyciu następujących baz danych rozszerzone
Skanuj archiwa tak
Skanuj pocztowe bazy danych tak
Obszar skanowania Mój komputer
A:\
C:\
D:\
E:\
Statystyki skanowania
Liczba skanowanych obiektów 55864
Liczba wykrytych wirusów 0
Liczba zainfekowanych obiektów 0
Liczba podejrzanych obiektów 0
Czas trwania skanowania 00:22:12
Nazwa zainfekowanego obiektu Nazwa wirusa Ostatnie działanie
C:\Documents and Settings\All Users\Dane aplikacji\Microsoft\Network\Downloader\qmgr0.dat Object is locked pominięty
C:\Documents and Settings\All Users\Dane aplikacji\Microsoft\Network\Downloader\qmgr1.dat Object is locked pominięty
C:\Documents and Settings\Andrzej Lis\Cookies\index.dat Object is locked pominięty
C:\Documents and Settings\Andrzej Lis\Dane aplikacji\Teleca\Telecalib\Logging\Application logs\SpecificUSB_log.txt Object is locked pominięty
C:\Documents and Settings\Andrzej Lis\NTUSER.DAT Object is locked pominięty
C:\Documents and Settings\Andrzej Lis\ntuser.dat.LOG Object is locked pominięty
C:\Documents and Settings\Andrzej Lis\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat Object is locked pominięty
C:\Documents and Settings\Andrzej Lis\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG Object is locked pominięty
C:\Documents and Settings\Andrzej Lis\Ustawienia lokalne\Historia\History.IE5\index.dat Object is locked pominięty
C:\Documents and Settings\Andrzej Lis\Ustawienia lokalne\Temp\~DFBE4.tmp Object is locked pominięty
C:\Documents and Settings\Andrzej Lis\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat Object is locked pominięty
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked pominięty
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked pominięty
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked pominięty
C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat Object is locked pominięty
C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG Object is locked pominięty
C:\Documents and Settings\LocalService\Ustawienia lokalne\Historia\History.IE5\index.dat Object is locked pominięty
C:\Documents and Settings\LocalService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat Object is locked pominięty
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked pominięty
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked pominięty
C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat Object is locked pominięty
C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG Object is locked pominięty
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked pominięty
C:\System Volume Information\_restore{4ECB4873-555F-4B4B-8B76-50161E5965F1}\RP54\change.log Object is locked pominięty
C:\WINDOWS\Debug\PASSWD.LOG Object is locked pominięty
C:\WINDOWS\SchedLgU.Txt Object is locked pominięty
C:\WINDOWS\SoftwareDistribution\EventCache\{7646BDE9-488F-4F2A-8BAD-427919FAB7EA}.bin Object is locked pominięty
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked pominięty
C:\WINDOWS\Sti_Trace.log Object is locked pominięty
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked pominięty
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked pominięty
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked pominięty
C:\WINDOWS\system32\config\default Object is locked pominięty
C:\WINDOWS\system32\config\default.LOG Object is locked pominięty
C:\WINDOWS\system32\config\SAM Object is locked pominięty
C:\WINDOWS\system32\config\SAM.LOG Object is locked pominięty
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked pominięty
C:\WINDOWS\system32\config\SECURITY Object is locked pominięty
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked pominięty
C:\WINDOWS\system32\config\software Object is locked pominięty
C:\WINDOWS\system32\config\software.LOG Object is locked pominięty
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked pominięty
C:\WINDOWS\system32\config\system Object is locked pominięty
C:\WINDOWS\system32\config\system.LOG Object is locked pominięty
C:\WINDOWS\system32\h323log.txt Object is locked pominięty
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked pominięty
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked pominięty
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked pominięty
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked pominięty
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked pominięty
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked pominięty
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked pominięty
C:\WINDOWS\Temp\bca4e2da.$$$ Object is locked pominięty
C:\WINDOWS\Temp\fa56d7ec.$$$ Object is locked pominięty
C:\WINDOWS\wiadebug.log Object is locked pominięty
C:\WINDOWS\wiaservc.log Object is locked pominięty
C:\WINDOWS\WindowsUpdate.log Object is locked pominięty
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked pominięty
D:\System Volume Information\_restore{4ECB4873-555F-4B4B-8B76-50161E5965F1}\RP54\change.log Object is locked pominięty
Proces skanowania został zakończony.
15 Cze 2008, 20:27
Więc wszystko OK 
15 Cze 2008, 21:01
Dzięki za pomoc 