Sprawdzenie Logów

[VampirLord]

Nie było mnie w domu b.długo wracam a tu bałagan net wolno chodzi torrenty też czyli standard a formata mi się nie chce robić

LOG OD ANTYWIRA



CAŁY KOMP przeskanowany w www.mks.com.pl/skaner nic nie wykrył

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:57:46, on 2008-05-17
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Anti-Virus\avp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O9 - Extra button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Anti-Virus\scieplugin.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virus ... nicode.cab
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Anti-Virus\avp.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Unknown owner - C:\Program Files\Agnitum\Outpost Firewall\outpost.exe (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O24 - Desktop Component 0: (no name) - http://www.antoranz.net/CURIOSA/ZBIOR4/ ... loo-pp.jpg

--
End of file - 2672 bytes


KOLEJNE LOGI ITD dodam po skończeniu skanowania Kaspersky online

[huber2t]

Podaj log z Combofix

Przeskanuj Kasperskim, daj log

[VampirLord]

Kaspersky Online nic nie wykrył...

[center]ComboFix[/center]

ComboFix 08-05-15.3 - VampirLord 2008-05-18 7:20:11.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1650 [GMT 2:00]
Running from: D:\ComboFix\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\winsys.exe

.
((((((((((((((((((((((((( Files Created from 2008-04-18 to 2008-05-18 )))))))))))))))))))))))))))))))
.

2008-05-17 19:02 . 2008-05-17 19:08 <DIR> d-------- C:\Fraps
2008-05-17 18:45 . 2008-05-17 18:45 <DIR> d-------- C:\WINDOWS\LastGood
2008-05-17 18:43 . 2008-05-17 18:43 <DIR> d-------- C:\WINDOWS\system32\Futuremark
2008-05-17 18:43 . 2008-05-17 18:43 <DIR> d-------- C:\Program Files\Futuremark
2008-05-17 18:43 . 2004-10-25 20:02 21,664 --a------ C:\WINDOWS\system32\drivers\Entech.sys
2008-05-17 18:43 . 2004-06-22 15:44 5,632 --a------ C:\WINDOWS\system32\drivers\Entech64.sys
2008-05-17 18:43 . 2001-11-19 19:05 3,972 --a------ C:\WINDOWS\system32\drivers\PciBus.sys
2008-05-17 15:33 . 2008-05-17 15:44 <DIR> d-------- C:\Documents and Settings\VampirLord\Dane aplikacji\PingTesterDataBas
2008-05-17 15:32 . 2008-05-17 15:32 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-17 13:43 . 2008-05-17 13:46 <DIR> d-------- C:\Program Files\SpeedFan
2008-05-17 13:43 . 2008-05-17 13:45 45 --a------ C:\WINDOWS\system32\initdebug.nfo
2008-05-17 11:45 . 2008-05-17 12:33 49 --a------ C:\WINDOWS\transp.gif
2008-05-17 00:23 . 2008-05-17 00:23 <DIR> d-------- C:\Program Files\Advanced Port Scanner
2008-05-17 00:21 . 2008-05-17 00:21 50 --a------ C:\WINDOWS\winzipme.ini
2008-05-16 21:33 . 2008-05-16 22:32 <DIR> d-------- C:\Program Files\SkanerOnline
2008-04-29 19:30 . 2008-04-29 19:30 <DIR> d-------- C:\Program Files\WMV9_VCM

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-18 05:21 337,952 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-05-18 05:20 9,461,792 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-05-17 16:43 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-17 16:25 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2008-05-17 15:45 35,168 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-05-17 15:45 136,160 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-05-15 22:14 --------- d-----w C:\Program Files\CCleaner
2008-04-18 11:10 96,645 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-04-18 11:10 87,941 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-04-12 16:19 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-12 10:18 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\FLEXnet
2008-04-12 10:00 --------- d-----w C:\Program Files\Bonjour
2008-04-12 09:55 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-04-12 09:50 --------- d-----w C:\Program Files\Paint Shop Pro 9
2008-04-12 09:50 --------- d-----w C:\Program Files\Common Files\Jasc Software Inc
2008-04-12 09:50 --------- d-----w C:\Documents and Settings\VampirLord\Dane aplikacji\Jasc Software Inc
2008-04-12 08:36 --------- d-----w C:\Program Files\PORTY
2008-03-25 08:22 --------- d-----w C:\Program Files\Kalendarz XP
2008-03-25 04:52 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:52 178,976 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-23 14:50 --------- d-----w C:\Program Files\MagicISO
2008-03-23 08:23 --------- d-----w C:\Program Files\Alcohol Soft
2008-03-21 20:32 --------- d-----w C:\Program Files\Gadu-Gadu
2008-03-21 18:23 --------- d-----w C:\Program Files\Winamp
2008-03-21 18:23 --------- d-----w C:\Program Files\Mjuice Media Player
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-09 09:47 691,545 ----a-w C:\WINDOWS\unins000.exe
2008-03-01 13:02 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:38 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
.

------- Sigcheck -------

2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2007-10-30 19:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-30 19:20 360064 ef7834c1d9ddf4c7da697d8c24a03791 C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="C:\Program Files\Kaspersky Anti-Virus\avp.exe" [2007-03-09 21:50 200768]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-12 17:44 8429568]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3fhg"= mp3fhg.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.YV12"= yv12vfw.dll
"msacm.divxa32"= divxa32.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\BitSpirit\\BitSpirit.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundMaskRequest"= 0 (0x0)
"AllowInboundRouterRequest"= 0 (0x0)
"AllowOutboundSourceQuench"= 0 (0x0)

S1 SandBox;Outpost Firewall Sandbox Driver;C:\Program Files\Agnitum\Outpost Firewall\kernel\Sandbox.SYS []
S1 VFILT;Outpost Firewall Kernel Driver;C:\Program Files\Agnitum\Outpost Firewall\kernel\FILTNT.SYS []
S3 ADBLOCK.DLL;Outpost Firewall PlugIn (ADBLOCK.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\ADBLOCK.DLL []
S3 ARP.DLL;Outpost Firewall PlugIn (ARP.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\ARP.DLL []
S3 CONTENT.DLL;Outpost Firewall PlugIn (CONTENT.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\CONTENT.DLL []
S3 DNSCACHE.DLL;Outpost Firewall PlugIn (DNSCACHE.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\DNSCACHE.DLL []
S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Program Files\EVEREST Ultimate Edition\kerneld.wnt [2007-10-17 01:00]
S3 FTPFILT.DLL;Outpost Firewall PlugIn (FTPFILT.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\FTPFILT.DLL []
S3 HTMLFILT.DLL;Outpost Firewall PlugIn (HTMLFILT.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\HTMLFILT.DLL []
S3 HTTPFILT.DLL;Outpost Firewall PlugIn (HTTPFILT.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\HTTPFILT.DLL []
S3 IMAPFILT.DLL;Outpost Firewall PlugIn (IMAPFILT.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\IMAPFILT.DLL []
S3 MAILFILT.DLL;Outpost Firewall PlugIn (MAILFILT.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\MAILFILT.DLL []
S3 NNTPFILT.DLL;Outpost Firewall PlugIn (NNTPFILT.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\NNTPFILT.DLL []
S3 POP3FILT.DLL;Outpost Firewall PlugIn (POP3FILT.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\POP3FILT.DLL []
S3 PROTECT.DLL;Outpost Firewall PlugIn (PROTECT.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\PROTECT.DLL []
S3 SECRET.DLL;Outpost Firewall PlugIn (SECRET.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\SECRET.DLL []
S3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 23:58]
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]

*Newly Created Service* - CATCHME
*Newly Created Service* - SPEEDFAN
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-18 07:21:12
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\C:\Program Files\EVEREST Ultimate Edition\kerneld.wnt"
.
Completion time: 2008-05-18 7:22:21
ComboFix-quarantined-files.txt 2008-05-18 05:21:40

Pre-Run: 70,426,480,640 bajtów wolnych
Post-Run: 70,416,498,688 bajtów wolnych

136 --- E O F --- 2008-05-16 02:00:17


[center]Silent Runner[/center]


"Silent Runners.vbs", revision 52, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"AVP" = ""C:\Program Files\Kaspersky Anti-Virus\avp.exe"" ["Kaspersky Lab"]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
{HKLM...CLSID} = "Spybot-S&D IE Protection"
\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
{HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
{HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
{HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
{HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
{HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
{HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
{HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
{HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{85E0B171-04FA-11D1-B7DA-00A0C90348D6}" = "Statystyki ochrony WWW"
{HKLM...CLSID} = "Statystyki ochrony WWW"
\InProcServer32\(Default) = "C:\Program Files\Kaspersky Anti-Virus\scieplugin.dll" ["Kaspersky Lab"]
"{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx"
{HKLM...CLSID} = "AlcoholShellEx"
\InProcServer32\(Default) = "C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll" ["Alcohol Soft Development Team"]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> klogon\DLLName = "C:\WINDOWS\system32\klogon.dll" ["Kaspersky Lab"]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
{HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
{HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Kaspersky Anti-Virus\ShellEx.dll" ["Kaspersky Lab"]
MagicISO\(Default) = "{DB85C504-C730-49DD-BEC1-7B39C6103B7A}"
{HKLM...CLSID} = "MShellExtMenu Class"
\InProcServer32\(Default) = "C:\Program Files\MagicISO\misosh.dll" ["MagicISO, Inc."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
{HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
MagicISO\(Default) = "{DB85C504-C730-49DD-BEC1-7B39C6103B7A}"
{HKLM...CLSID} = "MShellExtMenu Class"
\InProcServer32\(Default) = "C:\Program Files\MagicISO\misosh.dll" ["MagicISO, Inc."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
{HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
{HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Kaspersky Anti-Virus\ShellEx.dll" ["Kaspersky Lab"]
MagicISO\(Default) = "{DB85C504-C730-49DD-BEC1-7B39C6103B7A}"
{HKLM...CLSID} = "MShellExtMenu Class"
\InProcServer32\(Default) = "C:\Program Files\MagicISO\misosh.dll" ["MagicISO, Inc."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
{HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be enabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\VampirLord\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"

Active Desktop web content (hidden if disabled):

HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\0\
"FriendlyName" = ""
"Source" = "http://www.antoranz.net/CURIOSA/ZBIOR4/C0403/26-QZD00022_ART30-003p197_igloo-pp.jpg"
"SubscribedURL" = "http://www.antoranz.net/CURIOSA/ZBIOR4/C0403/26-QZD00022_ART30-003p197_igloo-pp.jpg"


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000004\LibraryPath = "C:\Program Files\Bonjour\mdnsNSP.dll" ["Apple Computer, Inc."]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 04, 07 - 16
%SystemRoot%\system32\rsvpsp.dll [MS], 05 - 06


Toolbars, Explorer Bars, Extensions:
------------------------------------

Explorer Bars

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\

HKLM\Software\Classes\CLSID\{85E0B171-04FA-11D1-B7DA-00A0C90348D6}\(Default) = "Statystyki ochrony WWW"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\Program Files\Kaspersky Anti-Virus\scieplugin.dll" ["Kaspersky Lab"]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}\
"ButtonText" = "Statystyki ochrony WWW"


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
StarWind iSCSI Service, StarWindService, "C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe" ["Rocket Division Software"]


Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
Canon BJ Language Monitor MP510\Driver = "CNMLM85.DLL" ["CANON INC."]


---------- (launch time: 2008-05-17 18:40:08)
<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 33 seconds.
---------- (total run time: 68 seconds)

[huber2t]

W logach czysto

Wyłącz przywracanie systemu na wszystkich dyskach. Instrukcja

Przeskanuj komputer tym (uruchom przez IE) http://www.kaspersky.pl/virusscanner.html Daj raport z niego na forum

Włącz przywracanie systemu.

[VampirLord]

http://www.sendspace.com/file/d0p81f

RAPORT Z KASPERSKY ANTYWIRUS ONLINE

43Kb

[huber2t]

Liczba skanowanych obiektów 73134
Liczba wykrytych wirusów 0
Liczba zainfekowanych obiektów 0
Liczba podejrzanych obiektów 0
Czas trwania skanowania 00:38:25

Komputer nie ma wirusów

[VampirLord]

fajnie wiesz że w raporcie jest taka motka obiekty nie przeskanowane

ponoć się znasz ...

[huber2t]

Tak jest i nazywa się to: Object is locked

A w czymś problem?

[VampirLord]

jak widać wiele plików w systemie nie przeskanował czyli mogą być zainfekowane ..

bo przy moim łączu 1Mbit sciąganie z instalek jest na poziomie 64KB/sek

podejżewam ze moge miec porty poblokowane przez admina ...

[buzu]

W jakim katalogu znajdują się te nieprzeskanowane pliki ?
Ogólnie zrób troche porządków w rejestrze w usługach itd.

[huber2t]

Tamtych plików skaner nie mógł przeskanować gdyż byli aktualnie w użyciu (cookie,pliki systemowe)
Nie masz się o co martwić

[VampirLord]

C:\Documents and Settings\All Users\Dane aplikacji\Microsoft\Network\Downloader\qmgr0.dat Object is locked pominięty
C:\Documents and Settings\All Users\Dane aplikacji\Microsoft\Network\Downloader\qmgr1.dat Object is locked pominięty
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked pominięty
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked pominięty
C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat Object is locked pominięty
C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG Object is locked pominięty
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked pominięty
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked pominięty
C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat Object is locked pominięty
C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG Object is locked pominięty
C:\Documents and Settings\VampirLord\Cookies\index.dat Object is locked pominięty
C:\Documents and Settings\VampirLord\Dane aplikacji\Mozilla\Firefox\Profiles\icrff2y5.default\cert8.db Object is locked pominięty
C:\Documents and Settings\VampirLord\Dane aplikacji\Mozilla\Firefox\Profiles\icrff2y5.default\formhistory.dat Object is locked pominięty
C:\Documents and Settings\VampirLord\Dane aplikacji\Mozilla\Firefox\Profiles\icrff2y5.default\history.dat Object is locked pominięty
C:\Documents and Settings\VampirLord\Dane aplikacji\Mozilla\Firefox\Profiles\icrff2y5.default\key3.db Object is locked pominięty
C:\Documents and Settings\VampirLord\Dane aplikacji\Mozilla\Firefox\Profiles\icrff2y5.default\parent.lock Object is locked pominięty
C:\Documents and Settings\VampirLord\Dane aplikacji\Mozilla\Firefox\Profiles\icrff2y5.default\search.sqlite Object is locked pominięty
C:\Documents and Settings\VampirLord\Dane aplikacji\Mozilla\Firefox\Profiles\icrff2y5.default\urlclassifier2.sqlite Object is locked pominięty
C:\Documents and Settings\VampirLord\NTUSER.DAT Object is locked pominięty
C:\Documents and Settings\VampirLord\ntuser.dat.LOG Object is locked pominięty
C:\Documents and Settings\VampirLord\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat Object is locked pominięty
C:\Documents and Settings\VampirLord\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG Object is locked pominięty
C:\Documents and Settings\VampirLord\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\icrff2y5.default\Cache\_CACHE_001_ Object is locked pominięty
C:\Documents and Settings\VampirLord\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\icrff2y5.default\Cache\_CACHE_002_ Object is locked pominięty
C:\Documents and Settings\VampirLord\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\icrff2y5.default\Cache\_CACHE_003_ Object is locked pominięty
C:\Documents and Settings\VampirLord\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\icrff2y5.default\Cache\_CACHE_MAP_ Object is locked pominięty
C:\Documents and Settings\VampirLord\Ustawienia lokalne\Historia\History.IE5\index.dat Object is locked pominięty
C:\Documents and Settings\VampirLord\Ustawienia lokalne\Historia\History.IE5\MSHist012008051820080519\index.dat Object is locked pominięty
C:\Documents and Settings\VampirLord\Ustawienia lokalne\Temp\~DF311C.tmp Object is locked pominięty
C:\Documents and Settings\VampirLord\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat Object is locked pominięty
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked pominięty
C:\WINDOWS\Debug\PASSWD.LOG Object is locked pominięty
C:\WINDOWS\SchedLgU.Txt Object is locked pominięty
C:\WINDOWS\SoftwareDistribution\EventCache\{C3B84A7E-FDCA-4F94-AD08-516C2EBB96D0}.bin Object is locked pominięty
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked pominięty
C:\WINDOWS\Sti_Trace.log Object is locked pominięty
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked pominięty
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked pominięty
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked pominięty
C:\WINDOWS\system32\config\default Object is locked pominięty
C:\WINDOWS\system32\config\default.LOG Object is locked pominięty
C:\WINDOWS\system32\config\Internet.evt Object is locked pominięty
C:\WINDOWS\system32\config\SAM Object is locked pominięty
C:\WINDOWS\system32\config\SAM.LOG Object is locked pominięty
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked pominięty
C:\WINDOWS\system32\config\SECURITY Object is locked pominięty
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked pominięty
C:\WINDOWS\system32\config\software Object is locked pominięty
C:\WINDOWS\system32\config\software.LOG Object is locked pominięty
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked pominięty
C:\WINDOWS\system32\config\system Object is locked pominięty
C:\WINDOWS\system32\config\system.LOG Object is locked pominięty
C:\WINDOWS\system32\drivers\fidbox.dat Object is locked pominięty
C:\WINDOWS\system32\drivers\fidbox.idx Object is locked pominięty
C:\WINDOWS\system32\drivers\fidbox2.dat Object is locked pominięty
C:\WINDOWS\system32\drivers\fidbox2.idx Object is locked pominięty
C:\WINDOWS\system32\h323log.txt Object is locked pominięty
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked pominięty
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked pominięty
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked pominięty
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked pominięty
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked pominięty
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked pominięty
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked pominięty
C:\WINDOWS\wiadebug.log Object is locked pominięty
C:\WINDOWS\wiaservc.log Object is locked pominięty
C:\WINDOWS\WindowsUpdate.log Object is locked pominięty
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked pominięty
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked pominięty
E:\[Ayako]_Wolf_and_Spice_-_[BATCH]_1-13_[H264][1280x720]\[Ayako]_Wolf_and_Spice_-_10v2_[H264][1280x720]_[A76268B9].mkv.bt! Object is locked pominięty
E:\[Ayako]_Wolf_and_Spice_-_[BATCH]_1-13_[H264][1280x720]\[Ayako]_Wolf_and_Spice_-_12_[H264][1280x720]_[33B5890A].mkv.bt! Object is locked pominięty
E:\[Ayako]_Wolf_and_Spice_-_[BATCH]_1-13_[H264][1280x720]\[Ayako]_Wolf_and_Spice_-_13_-_END_[H264][1280x720]_[F734FD37].mkv.bt! Object is locked pominięty
E:\[I-Z]Dragonaut -The Resonance- 01-25 (Complete)\[I-Z]Dragonaut -The Resonance- 03 (5DABD245).mp4.bt! Object is locked pominięty
E:\[I-Z]Dragonaut -The Resonance- 01-25 (Complete)\[I-Z]Dragonaut -The Resonance- 08 (EDB1ED80).mp4.bt! Object is locked pominięty
E:\[I-Z]Dragonaut -The Resonance- 01-25 (Complete)\[I-Z]Dragonaut -The Resonance- 09 (3CBCD7D6).mp4.bt! Object is locked pominięty
E:\[I-Z]Dragonaut -The Resonance- 01-25 (Complete)\[I-Z]Dragonaut -The Resonance- 12 (327937DB).mp4.bt! Object is locked pominięty
E:\[I-Z]Dragonaut -The Resonance- 01-25 (Complete)\[I-Z]Dragonaut -The Resonance- 19 (CB882D03).mp4.bt! Object is locked pominięty
Proces skanowania został zakończony.


tek które były w użyciu to wiem ale pozostałe ...