Zawieszanie sie kompa, prosze o sprawdzenie loga

Kod:: Logfile of HijackThis v1.99.1 Scan saved at 14:45:36, on 2007-07-24 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\WINDOWS\autoclk.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\PROGRA~1\Wanadoo\TaskbarIcon.exe D:\Winamp\winampa.exe C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\UAService7.exe D:\kamera\QuickCam10.exe C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe D:\Qucik Time\qttask.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\mozilla.org\Mozilla\Mozilla.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Gadu-Gadu\gg.exe C:\Program Files\Tlen.pl\tlen.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe D:\kamera\COCIManager.exe C:\Program Files\AntiVir PersonalEdition Classic\avscan.exe C:\Program Files\Wanadoo\EspaceWanadoo.exe C:\Program Files\Wanadoo\ComComp.exe C:\Program Files\Wanadoo\Watch.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\kompik\USTAWI~1\Temp\Rar$EX00.000\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada Plus wita Cie w Internecie R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O1 - Hosts: 66.232.98.113 L2authd.lineage2.com O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - D:\FlashFXP\IEFlash.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe O4 - HKLM\..\Run: [autoclk] autoclk.exe O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [WinampAgent] D:\Winamp\winampa.exe O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "D:\kamera\QuickCam10.exe" /hide O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" O4 - HKLM\..\Run: [QuickTime Task] "D:\Qucik Time\qttask.exe" -atboottime O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\mozilla.org\Mozilla\Mozilla.exe" -turbo O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Gadu-Gadu\gg.exe" /tray O4 - HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe O4 - Startup: MetaCafe.lnk = D:\Metacafe\MetacafeAgent.exe O4 - Startup: The Matrix_ Path of Neo Registration.lnk = C:\Documents and Settings\kompik\Ustawienia lokalne\Temp\{008BEAF4-80F2-43CC-B7B0-2C209C717A63}\{E571E8B1-9771-465D-9DE0-3BA2D1BDAE99}\ATR1.exe O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: Metacafe.lnk = D:\Metacafe\MetacafeAgent.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{450D6190-83A1-4339-9EC9-2FD8D46FC4F7}: NameServer = 194.204.159.1 217.98.63.164 O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing) O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe

Log czysty.

Pokaż log z Silent Runners i ComboFix.

a gdzie sie zapisuje log z silent runners ?? bo nie moge znalesc

ale ze mnie ciol

znalazlem

Kod:: "Silent Runners.vbs", revision R50, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS] "Mozilla Quick Launch" = ""C:\mozilla.org\Mozilla\Mozilla.exe" -turbo" ["Mozilla Foundation"] "MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS] "Skype" = ""C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."] "LDM" = "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" ["Logitech Inc."] "Gadu-Gadu" = ""C:\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu S.A."] "Komunikator" = "C:\Program Files\Tlen.pl\tlen.exe" ["o2.pl Sp. z o.o."] HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ {++} "user32.dll" = "C:\Program Files\Video ActiveX Access\iesmn.exe" [file not found] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."] "ATIPTA" = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."] "ATICCC" = ""C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime" [null data] "HP Software Update" = "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" ["Hewlett-Packard Co."] "HPDJ Taskbar Utility" = "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe" ["HP"] "DeviceDiscovery" = "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" ["Hewlett-Packard"] "autoclk" = "autoclk.exe" [empty string] "WOOWATCH" = "C:\PROGRA~1\Wanadoo\Watch.exe" ["France Télécom R&D"] "WOOTASKBARICON" = "C:\PROGRA~1\Wanadoo\TaskbarIcon.exe" ["France Télécom R&D"] "NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"] "WinampAgent" = "D:\Winamp\winampa.exe" [null data] "LogitechCommunicationsManager" = ""C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"" ["Logitech Inc."] "LogitechQuickCamRibbon" = ""D:\kamera\QuickCam10.exe" /hide" ["Logitech Inc."] "LVCOMSX" = ""C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"" ["Logitech Inc."] "QuickTime Task" = ""D:\Qucik Time\qttask.exe" -atboottime" ["Apple Computer, Inc."] "DAEMON Tools" = ""C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033" ["DT Soft Ltd."] "ccApp" = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" ["Symantec Corporation"] "Symantec PIF AlertEng" = ""C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"" ["Symantec Corporation"] "avgnt" = ""C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min" ["Avira GmbH"] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "AcroIEHlprObj Class" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx" [empty string] {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}\(Default) = (no title provided) -> {HKLM...CLSID} = "Megaupload Toolbar" \InProcServer32\(Default) = "C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL" ["MegaUpload"] {E5A1691B-D188-4419-AD02-90002030B8EE}\(Default) = (no title provided) -> {HKLM...CLSID} = "FlashFXP Helper for Internet Explorer" \InProcServer32\(Default) = "D:\FlashFXP\IEFlash.dll" ["IniCom Networks, Inc."] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania" -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."] "{5E2121EE-0300-11D4-8D3B-444553540000}" = "Catalyst Context Menu extension" -> {HKLM...CLSID} = "SimpleShlExt Class" \InProcServer32\(Default) = "C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll" [empty string] "{E0D79300-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\WinZip\wzshlext.dll" [null data] "{E0D79301-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\WinZip\wzshlext.dll" [null data] "{E0D79302-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\WinZip\wzshlext.dll" [null data] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook" \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL" [MS] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] "{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx" -> {HKLM...CLSID} = "AlcoholShellEx" \InProcServer32\(Default) = "C:\ALCOHO~1\ALCOHO~1\AXShlEx.dll" ["Alcohol Soft Development Team"] "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" = "Shell Extension for Malware scanning" -> {HKLM...CLSID} = "Shell Extension for Malware scanning" \InProcServer32\(Default) = "C:\Program Files\AntiVir PersonalEdition Classic\shlext.dll" ["Avira GmbH"] HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ "WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" -> {HKLM...CLSID} = "WPDShServiceObj Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <<!>> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ AWMAWShlExt\(Default) = "{165C5F53-C785-435D-A7A0-4F3E50A6CA1F}" -> {HKLM...CLSID} = "AWMAWShlExt Class" \InProcServer32\(Default) = "D:\Advanced WMA Workshop\awmaw_shellext.dll" ["LitexMedia, Inc."] Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" -> {HKLM...CLSID} = "Shell Extension for Malware scanning" \InProcServer32\(Default) = "C:\Program Files\AntiVir PersonalEdition Classic\shlext.dll" ["Avira GmbH"] Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}" -> {HKLM...CLSID} = "IEContextMenu Class" \InProcServer32\(Default) = "C:\PROGRA~1\NORTON~1\NavShExt.dll" ["Symantec Corporation"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] WinZip\(Default) = "{E0D79300-84BE-11CE-9641-444553540000}" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\WinZip\wzshlext.dll" [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ AWMAWShlExt\(Default) = "{165C5F53-C785-435D-A7A0-4F3E50A6CA1F}" -> {HKLM...CLSID} = "AWMAWShlExt Class" \InProcServer32\(Default) = "D:\Advanced WMA Workshop\awmaw_shellext.dll" ["LitexMedia, Inc."] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] WinZip\(Default) = "{E0D79300-84BE-11CE-9641-444553540000}" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\WinZip\wzshlext.dll" [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" -> {HKLM...CLSID} = "Shell Extension for Malware scanning" \InProcServer32\(Default) = "C:\Program Files\AntiVir PersonalEdition Classic\shlext.dll" ["Avira GmbH"] Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}" -> {HKLM...CLSID} = "IEContextMenu Class" \InProcServer32\(Default) = "C:\PROGRA~1\NORTON~1\NavShExt.dll" ["Symantec Corporation"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] WinZip\(Default) = "{E0D79300-84BE-11CE-9641-444553540000}" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\WinZip\wzshlext.dll" [null data] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ "shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp" Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Documents and Settings\kompik\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp" Startup items in "kompik" & "All Users" startup folders: -------------------------------------------------------- C:\Documents and Settings\kompik\Menu Start\Programy\Autostart "MetaCafe" -> shortcut to: "D:\Metacafe\MetacafeAgent.exe /startup" ["Metacafe"] "The Matrix_ Path of Neo Registration" -> shortcut to: "C:\Documents and Settings\kompik\Ustawienia lokalne\Temp\{008BEAF4-80F2-43CC-B7B0-2C209C717A63}\{E571E8B1-9771-465D-9DE0-3BA2D1BDAE99}\ATR1.exe /remind /language=PLK /PRNM="The Matrix: Path of Neo" /PRMP="MPON" /SKUN="PCXX" /GTYP="ACTN"" [file not found] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart "ATI CATALYST System Tray" -> shortcut to: "C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe SystemTray" [null data] "DSLMON" -> shortcut to: "C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe /W" [empty string] "Logitech Desktop Messenger" -> shortcut to: "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe -startup" ["Logitech Inc."] "Metacafe" -> shortcut to: "D:\Metacafe\MetacafeAgent.exe /startup" ["Metacafe"] "Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l" [MS] Enabled Scheduled Tasks: ------------------------ "AFEE287D9185D999" -> launches: "c:\docume~1\kompik\daneap~1\closes~1\load ref mpeg.exe" [file not found] "Norton AntiVirus - Run Full System Scan - kompik" -> launches: "C:\PROGRA~1\NORTON~1\Navw32.exe /TASK:"C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Norton AntiVirus\Tasks\mycomp.sca"" ["Symantec Corporation"] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 18 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" -> {HKLM...CLSID} = "Yahoo! Toolbar" \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."] "{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}" -> {HKLM...CLSID} = "Megaupload Toolbar" \InProcServer32\(Default) = "C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL" ["MegaUpload"] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided) -> {HKLM...CLSID} = "Yahoo! Toolbar" \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."] "{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}" = (no title provided) -> {HKLM...CLSID} = "Megaupload Toolbar" \InProcServer32\(Default) = "C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL" ["MegaUpload"] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {FB5F1910-F110-11D2-BB9E-00C04F795683}\ "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS] HOSTS file ---------- C:\WINDOWS\System32\drivers\etc\HOSTS maps: 2 domain names to IP addresses, 1 of the IP addresses is *not* localhost! Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ AntiVir PersonalEdition Classic Guard, AntiVirService, ""C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe"" ["Avira GmbH"] AntiVir PersonalEdition Classic Scheduler, AntiVirScheduler, ""C:\Program Files\AntiVir PersonalEdition Classic\sched.exe"" ["Avira GmbH"] Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."] Automatic LiveUpdate Scheduler, Automatic LiveUpdate Scheduler, ""C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"" ["Symantec Corporation"] LiveUpdate Notice Service Ex, LiveUpdate Notice Ex, ""C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon" ["Symantec Corporation"] Logitech Process Monitor, LVPrcSrv, "c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe" ["Logitech Inc."] Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"" [MS] SecuROM User Access Service (V7), UserAccess7, "C:\WINDOWS\system32\UAService7.exe" ["Sony DADC Austria AG."] Symantec AppCore Service, SymAppCore, ""C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe"" ["Symantec Corporation"] Symantec Event Manager, ccEvtMgr, ""C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon" ["Symantec Corporation"] Symantec Lic NetConnect service, CLTNetCnService, ""C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon" ["Symantec Corporation"] Symantec Settings Manager, ccSetMgr, ""C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon" ["Symantec Corporation"] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ hpzsnt08\Driver = "hpzsnt08.dll" ["HP"] ---------- <<!>>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer "No" at the first message box and "Yes" at the second message box. ---------- (total run time: 67 seconds, including 8 seconds for message boxes)

kolejny log

Kod:: "kompik" - 2007-07-24 15:50:21 - ComboFix 07-07-23.6 - Dodatek Service Pack 2 NTFS ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\Program Files\SC C:\Program Files\SC\SpyCrush 3.3\blacklist.txt C:\Program Files\SC\SpyCrush 3.3\Lang\English.ini C:\Program Files\SC\SpyCrush 3.3\msvcp71.dll C:\Program Files\SC\SpyCrush 3.3\msvcr71.dll C:\Program Files\SC\SpyCrush 3.3\sc.dat C:\Program Files\SC\SpyCrush 3.3\uninst.exe ((((((((((((((((((((((((( Files Created from 2007-06-24 to 2007-07-24 ))))))))))))))))))))))))))))))) 2007-07-24 15:50 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-07-21 17:06 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\AntiVir PersonalEdition Classic 2007-07-21 16:49 23 --ahs---- C:\WINDOWS\system32\effac6_r.dll 2007-07-21 16:49 <DIR> d-------- C:\Program Files\jv16 PowerTools 2007 2007-07-21 16:15 <DIR> d-------- C:\Program Files\Windows Media Connect 2 2007-07-21 16:13 <DIR> d-------- C:\WINDOWS\system32\LogFiles 2007-07-21 16:13 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF 2007-07-15 13:22 <DIR> d-------- C:\Program Files\MarBit 2007-07-12 12:42 <DIR> d-------- C:\Program Files\WinAVI Video Converter (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-07-24 13:49:28 -------- d-----w C:\DOCUME~1\kompik\DANEAP~1\Skype 2007-07-24 13:37:52 -------- d-----w C:\Program Files\Wanadoo 2007-07-24 11:23:18 -------- d-----w C:\DOCUME~1\kompik\DANEAP~1\MetaCafe 2007-07-22 16:26:57 -------- d-----w C:\DOCUME~1\kompik\DANEAP~1\Tlen.pl 2007-07-21 15:02:56 -------- d-----w C:\Program Files\Google 2007-07-11 09:50:12 496,226 ----a-w C:\WINDOWS\system32\perfh015.dat 2007-07-11 09:50:12 100,016 ----a-w C:\WINDOWS\system32\perfc015.dat 2007-07-03 09:59:57 -------- d--h--w C:\Program Files\InstallShield Installation Information 2007-06-21 13:11:43 -------- d-----w C:\Program Files\DAEMON Tools 2007-06-19 02:12:39 -------- d-----w C:\Program Files\Common Files\Symantec Shared 2007-06-11 22:24:28 10,484 ----a-w C:\WINDOWS\mozver.dat 2007-06-11 18:24:28 -------- d-----w C:\Program Files\Symantec 2007-06-11 18:24:23 806 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF 2007-06-11 18:24:23 8,014 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT 2007-06-11 18:24:23 48,776 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL 2007-06-11 18:24:23 115,000 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2007-06-11 16:39:48 -------- d-----w C:\Program Files\Norton AntiVirus 2007-06-02 11:45:15 -------- d-----w C:\Program Files\NitroFamily OfficialDemo 2007-05-30 22:28:49 -------- d-----w C:\Program Files\directx 2007-05-16 15:18:58 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-04-25 14:23:30 144,896 ----a-w C:\WINDOWS\system32\schannel.dll 2007-04-16 08:52:16 44,072 ----a-w C:\DOCUME~1\kompik\DANEAP~1\GDIPFONTCACHEV1.DAT ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2004-12-22 11:09 C:\WINDOWS\SOUNDMAN.EXE] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-11-30 22:10] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2004-12-01 01:25] "HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-02-17 00:11] "DeviceDiscovery"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2002-12-02 21:56] "autoclk"="autoclk.exe" [2003-01-30 09:48 C:\WINDOWS\autoclk.exe] "WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2002-12-09 19:24] "WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\TaskbarIcon.exe" [2002-12-09 19:24] "WinampAgent"="D:\Winamp\winampa.exe" [2006-06-21 19:14] "LogitechCommunicationsManager"="C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-06-26 10:46] "LogitechQuickCamRibbon"="D:\kamera\QuickCam10.exe" [2006-06-26 11:34] "LVCOMSX"="C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-06-26 11:33] "QuickTime Task"="D:\Qucik Time\qttask.exe" [2007-02-15 11:32] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 16:57] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 22:59] "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30] "avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-04-02 10:35] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44] "Mozilla Quick Launch"="C:\mozilla.org\Mozilla\Mozilla.exe" [2005-09-15 19:41] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-11-24 18:16] "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-02-18 02:21] "Gadu-Gadu"="C:\Gadu-Gadu\gg.exe" [2007-05-10 16:36] "Komunikator"="C:\Program Files\Tlen.pl\tlen.exe" [2007-02-12 12:01] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "<NO NAME>"= "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime C:\Documents and Settings\kompik\Menu Start\Programy\Autostart\ MetaCafe.lnk - D:\Metacafe\MetacafeAgent.exe [2007-02-22 01:43:46] R0 a347bus;a347bus;C:\WINDOWS\system32\DRIVERS\a347bus.sys R0 a347scsi;a347scsi;C:\WINDOWS\system32\Drivers\a347scsi.sys R1 AFS2K;AFS2k;C:\WINDOWS\system32\drivers\AFS2K.sys R1 avgio;avgio;\??\C:\Program Files\AntiVir PersonalEdition Classic\avgio.sys R1 avipbb;avipbb;C:\WINDOWS\system32\DRIVERS\avipbb.sys R1 SRTSP;SRTSP;C:\WINDOWS\system32\Drivers\SRTSP.SYS R1 SRTSPX;SRTSPX;C:\WINDOWS\system32\Drivers\SRTSPX.SYS R1 ssmdrv;ssmdrv;C:\WINDOWS\system32\DRIVERS\ssmdrv.sys R2 atksgt;atksgt;C:\WINDOWS\system32\DRIVERS\atksgt.sys R2 lirsgt;lirsgt;C:\WINDOWS\system32\DRIVERS\lirsgt.sys R3 adiusbaw;USB ADSL WAN Adapter;C:\WINDOWS\system32\DRIVERS\adiusbaw.sys R3 avgntflt;avgntflt;\??\C:\Program Files\AntiVir PersonalEdition Classic\avgntflt.sys R3 dtscsi;dtscsi;C:\WINDOWS\system32\Drivers\dtscsi.sys R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys R3 ms_mpu401;Sterownik portu MIDI UART Microsoft MPU-401;C:\WINDOWS\system32\drivers\msmpu401.sys R3 MxlW2k;MxlW2k;C:\WINDOWS\system32\drivers\MxlW2k.sys R3 NVENET;NVIDIA nForce Networking Controller Driver;C:\WINDOWS\system32\DRIVERS\NVENET.sys S2 ADILOADER;General Purpose USB Driver (adildr.sys);C:\WINDOWS\system32\Drivers\adildr.sys S3 hidgame;WˆĄcznik Microsoft HID do portu joysticka;C:\WINDOWS\system32\DRIVERS\hidgame.sys S3 sony_ssm.sys;sony_ssm.sys;\??\C:\DOCUME~1\kompik\USTAWI~1\Temp\sony_ssm.sys S3 SRTSPL;SRTSPL;C:\WINDOWS\system32\Drivers\SRTSPL.SYS S3 STIrUsb;Klucz szyfrujĄcy SigmaTel USB-IrDA;C:\WINDOWS\system32\DRIVERS\irstusb.sys S3 vaxscsi;vaxscsi;C:\WINDOWS\system32\Drivers\vaxscsi.sys [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{638dcb29-79e3-11da-9999-806d6172696f}] AutoRun\command- F:\autorun2.exe Contents of the 'Scheduled Tasks' folder 2007-07-24 13:00:00 C:\WINDOWS\tasks\AFEE287D9185D999.job 2007-07-20 18:00:16 C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - kompik.job

Masz za dużo usług uruchamianych przy starcie systemu. Dlatego radzę wyłączyć niektóre z nich ( w logu mają początek 04 ). start > uruchom > msconfig > usługi ( i tu wyłącz niepotrzebne ). To zawieszanie kompa to na pewno wina tych usług.

Użyj SmitFraudFix z opcji 2.

Następnie pokaż nowe logi.

Kod:: "Silent Runners.vbs", revision R50, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS] "Mozilla Quick Launch" = ""C:\mozilla.org\Mozilla\Mozilla.exe" -turbo" ["Mozilla Foundation"] "MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS] "Skype" = ""C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."] "LDM" = "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" ["Logitech Inc."] "Gadu-Gadu" = ""C:\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu S.A."] "Komunikator" = "C:\Program Files\Tlen.pl\tlen.exe" ["o2.pl Sp. z o.o."] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."] "ATIPTA" = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."] "ATICCC" = ""C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime" [null data] "HP Software Update" = "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" ["Hewlett-Packard Co."] "DeviceDiscovery" = "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" ["Hewlett-Packard"] "autoclk" = "autoclk.exe" [empty string] "WOOWATCH" = "C:\PROGRA~1\Wanadoo\Watch.exe" ["France Télécom R&D"] "WOOTASKBARICON" = "C:\PROGRA~1\Wanadoo\TaskbarIcon.exe" ["France Télécom R&D"] "WinampAgent" = "D:\Winamp\winampa.exe" [null data] "LogitechCommunicationsManager" = ""C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"" ["Logitech Inc."] "LogitechQuickCamRibbon" = ""D:\kamera\QuickCam10.exe" /hide" ["Logitech Inc."] "LVCOMSX" = ""C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"" ["Logitech Inc."] "QuickTime Task" = ""D:\Qucik Time\qttask.exe" -atboottime" ["Apple Computer, Inc."] "DAEMON Tools" = ""C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033" ["DT Soft Ltd."] "ccApp" = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" ["Symantec Corporation"] "Symantec PIF AlertEng" = ""C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"" ["Symantec Corporation"] "avgnt" = ""C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min" ["Avira GmbH"] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "AcroIEHlprObj Class" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx" [empty string] {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}\(Default) = (no title provided) -> {HKLM...CLSID} = "Megaupload Toolbar" \InProcServer32\(Default) = "C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL" ["MegaUpload"] {E5A1691B-D188-4419-AD02-90002030B8EE}\(Default) = (no title provided) -> {HKLM...CLSID} = "FlashFXP Helper for Internet Explorer" \InProcServer32\(Default) = "D:\FlashFXP\IEFlash.dll" ["IniCom Networks, Inc."] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania" -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."] "{5E2121EE-0300-11D4-8D3B-444553540000}" = "Catalyst Context Menu extension" -> {HKLM...CLSID} = "SimpleShlExt Class" \InProcServer32\(Default) = "C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll" [empty string] "{E0D79300-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\WinZip\wzshlext.dll" [null data] "{E0D79301-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\WinZip\wzshlext.dll" [null data] "{E0D79302-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\WinZip\wzshlext.dll" [null data] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook" \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL" [MS] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] "{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx" -> {HKLM...CLSID} = "AlcoholShellEx" \InProcServer32\(Default) = "C:\ALCOHO~1\ALCOHO~1\AXShlEx.dll" ["Alcohol Soft Development Team"] "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" = "Shell Extension for Malware scanning" -> {HKLM...CLSID} = "Shell Extension for Malware scanning" \InProcServer32\(Default) = "C:\Program Files\AntiVir PersonalEdition Classic\shlext.dll" ["Avira GmbH"] HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ "WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" -> {HKLM...CLSID} = "WPDShServiceObj Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <<!>> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ AWMAWShlExt\(Default) = "{165C5F53-C785-435D-A7A0-4F3E50A6CA1F}" -> {HKLM...CLSID} = "AWMAWShlExt Class" \InProcServer32\(Default) = "D:\Advanced WMA Workshop\awmaw_shellext.dll" ["LitexMedia, Inc."] Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" -> {HKLM...CLSID} = "Shell Extension for Malware scanning" \InProcServer32\(Default) = "C:\Program Files\AntiVir PersonalEdition Classic\shlext.dll" ["Avira GmbH"] Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}" -> {HKLM...CLSID} = "IEContextMenu Class" \InProcServer32\(Default) = "C:\PROGRA~1\NORTON~1\NavShExt.dll" ["Symantec Corporation"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] WinZip\(Default) = "{E0D79300-84BE-11CE-9641-444553540000}" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\WinZip\wzshlext.dll" [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ AWMAWShlExt\(Default) = "{165C5F53-C785-435D-A7A0-4F3E50A6CA1F}" -> {HKLM...CLSID} = "AWMAWShlExt Class" \InProcServer32\(Default) = "D:\Advanced WMA Workshop\awmaw_shellext.dll" ["LitexMedia, Inc."] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] WinZip\(Default) = "{E0D79300-84BE-11CE-9641-444553540000}" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\WinZip\wzshlext.dll" [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" -> {HKLM...CLSID} = "Shell Extension for Malware scanning" \InProcServer32\(Default) = "C:\Program Files\AntiVir PersonalEdition Classic\shlext.dll" ["Avira GmbH"] Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}" -> {HKLM...CLSID} = "IEContextMenu Class" \InProcServer32\(Default) = "C:\PROGRA~1\NORTON~1\NavShExt.dll" ["Symantec Corporation"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] WinZip\(Default) = "{E0D79300-84BE-11CE-9641-444553540000}" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\WinZip\wzshlext.dll" [null data] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ "shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp" Startup items in "kompik" & "All Users" startup folders: -------------------------------------------------------- C:\Documents and Settings\kompik\Menu Start\Programy\Autostart "MetaCafe" -> shortcut to: "D:\Metacafe\MetacafeAgent.exe /startup" ["Metacafe"] "The Matrix_ Path of Neo Registration" -> shortcut to: "C:\Documents and Settings\kompik\Ustawienia lokalne\Temp\{008BEAF4-80F2-43CC-B7B0-2C209C717A63}\{E571E8B1-9771-465D-9DE0-3BA2D1BDAE99}\ATR1.exe /remind /language=PLK /PRNM="The Matrix: Path of Neo" /PRMP="MPON" /SKUN="PCXX" /GTYP="ACTN"" [file not found] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart "ATI CATALYST System Tray" -> shortcut to: "C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe SystemTray" [null data] "DSLMON" -> shortcut to: "C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe /W" [empty string] "Logitech Desktop Messenger" -> shortcut to: "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe -startup" ["Logitech Inc."] "Metacafe" -> shortcut to: "D:\Metacafe\MetacafeAgent.exe /startup" ["Metacafe"] "Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l" [MS] Enabled Scheduled Tasks: ------------------------ "AFEE287D9185D999" -> launches: "c:\docume~1\kompik\daneap~1\closes~1\load ref mpeg.exe" [file not found] "Norton AntiVirus - Run Full System Scan - kompik" -> launches: "C:\PROGRA~1\NORTON~1\Navw32.exe /TASK:"C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Norton AntiVirus\Tasks\mycomp.sca"" ["Symantec Corporation"] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 18 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" -> {HKLM...CLSID} = "Yahoo! Toolbar" \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."] "{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}" -> {HKLM...CLSID} = "Megaupload Toolbar" \InProcServer32\(Default) = "C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL" ["MegaUpload"] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided) -> {HKLM...CLSID} = "Yahoo! Toolbar" \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."] "{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}" = (no title provided) -> {HKLM...CLSID} = "Megaupload Toolbar" \InProcServer32\(Default) = "C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL" ["MegaUpload"] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {FB5F1910-F110-11D2-BB9E-00C04F795683}\ "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS] HOSTS file ---------- C:\WINDOWS\System32\drivers\etc\HOSTS maps: 2 domain names to IP addresses, 1 of the IP addresses is *not* localhost! Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ AntiVir PersonalEdition Classic Guard, AntiVirService, ""C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe"" ["Avira GmbH"] AntiVir PersonalEdition Classic Scheduler, AntiVirScheduler, ""C:\Program Files\AntiVir PersonalEdition Classic\sched.exe"" ["Avira GmbH"] Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."] Automatic LiveUpdate Scheduler, Automatic LiveUpdate Scheduler, ""C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"" ["Symantec Corporation"] LiveUpdate Notice Service Ex, LiveUpdate Notice Ex, ""C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon" ["Symantec Corporation"] Logitech Process Monitor, LVPrcSrv, "c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe" ["Logitech Inc."] Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"" [MS] SecuROM User Access Service (V7), UserAccess7, "C:\WINDOWS\system32\UAService7.exe" ["Sony DADC Austria AG."] Symantec AppCore Service, SymAppCore, ""C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe"" ["Symantec Corporation"] Symantec Event Manager, ccEvtMgr, ""C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon" ["Symantec Corporation"] Symantec Lic NetConnect service, CLTNetCnService, ""C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon" ["Symantec Corporation"] Symantec Settings Manager, ccSetMgr, ""C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon" ["Symantec Corporation"] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ hpzsnt08\Driver = "hpzsnt08.dll" ["HP"] ---------- <<!>>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer "No" at the first message box and "Yes" at the second message box. ---------- (total run time: 69 seconds, including 11 seconds for message boxes)

Kod:: kompik" - 2007-07-24 16:29:34 - ComboFix 07-07-23.6 - Dodatek Service Pack 2 NTFS ((((((((((((((((((((((((( Files Created from 2007-06-24 to 2007-07-24 ))))))))))))))))))))))))))))))) 2007-07-24 16:25 3,802 --a------ C:\WINDOWS\system32\tmp.reg 2007-07-24 16:24 53,248 --a------ C:\WINDOWS\system32\Process.exe 2007-07-24 16:24 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-07-24 16:24 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2007-07-24 16:00 <DIR> d-------- C:\WINDOWS\pss 2007-07-24 15:50 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-07-21 17:06 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\AntiVir PersonalEdition Classic 2007-07-21 16:49 23 --ahs---- C:\WINDOWS\system32\effac6_r.dll 2007-07-21 16:49 <DIR> d-------- C:\Program Files\jv16 PowerTools 2007 2007-07-21 16:15 <DIR> d-------- C:\Program Files\Windows Media Connect 2 2007-07-21 16:13 <DIR> d-------- C:\WINDOWS\system32\LogFiles 2007-07-21 16:13 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF 2007-07-15 13:22 <DIR> d-------- C:\Program Files\MarBit 2007-07-12 12:42 <DIR> d-------- C:\Program Files\WinAVI Video Converter (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-07-24 14:14:29 -------- d-----w C:\DOCUME~1\kompik\DANEAP~1\Skype 2007-07-24 14:13:01 -------- d-----w C:\Program Files\Wanadoo 2007-07-24 11:23:18 -------- d-----w C:\DOCUME~1\kompik\DANEAP~1\MetaCafe 2007-07-22 16:26:57 -------- d-----w C:\DOCUME~1\kompik\DANEAP~1\Tlen.pl 2007-07-21 15:02:56 -------- d-----w C:\Program Files\Google 2007-07-11 09:50:12 496,226 ----a-w C:\WINDOWS\system32\perfh015.dat 2007-07-11 09:50:12 100,016 ----a-w C:\WINDOWS\system32\perfc015.dat 2007-07-03 09:59:57 -------- d--h--w C:\Program Files\InstallShield Installation Information 2007-06-21 13:11:43 -------- d-----w C:\Program Files\DAEMON Tools 2007-06-19 02:12:39 -------- d-----w C:\Program Files\Common Files\Symantec Shared 2007-06-11 22:24:28 10,484 ----a-w C:\WINDOWS\mozver.dat 2007-06-11 18:24:28 -------- d-----w C:\Program Files\Symantec 2007-06-11 18:24:23 806 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF 2007-06-11 18:24:23 8,014 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT 2007-06-11 18:24:23 48,776 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL 2007-06-11 18:24:23 115,000 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2007-06-11 16:39:48 -------- d-----w C:\Program Files\Norton AntiVirus 2007-06-02 11:45:15 -------- d-----w C:\Program Files\NitroFamily OfficialDemo 2007-05-30 22:28:49 -------- d-----w C:\Program Files\directx 2007-05-16 15:18:58 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-04-25 14:23:30 144,896 ----a-w C:\WINDOWS\system32\schannel.dll 2007-04-16 08:52:16 44,072 ----a-w C:\DOCUME~1\kompik\DANEAP~1\GDIPFONTCACHEV1.DAT ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2004-12-22 11:09 C:\WINDOWS\SOUNDMAN.EXE] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-11-30 22:10] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2004-12-01 01:25] "HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-02-17 00:11] "DeviceDiscovery"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2002-12-02 21:56] "autoclk"="autoclk.exe" [2003-01-30 09:48 C:\WINDOWS\autoclk.exe] "WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2002-12-09 19:24] "WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\TaskbarIcon.exe" [2002-12-09 19:24] "WinampAgent"="D:\Winamp\winampa.exe" [2006-06-21 19:14] "LogitechCommunicationsManager"="C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-06-26 10:46] "LogitechQuickCamRibbon"="D:\kamera\QuickCam10.exe" [2006-06-26 11:34] "LVCOMSX"="C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-06-26 11:33] "QuickTime Task"="D:\Qucik Time\qttask.exe" [2007-02-15 11:32] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 16:57] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 22:59] "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30] "avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-04-02 10:35] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44] "Mozilla Quick Launch"="C:\mozilla.org\Mozilla\Mozilla.exe" [2005-09-15 19:41] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-11-24 18:16] "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-02-18 02:21] "Gadu-Gadu"="C:\Gadu-Gadu\gg.exe" [2007-05-10 16:36] "Komunikator"="C:\Program Files\Tlen.pl\tlen.exe" [2007-02-12 12:01] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "<NO NAME>"= "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime C:\Documents and Settings\kompik\Menu Start\Programy\Autostart\ MetaCafe.lnk - D:\Metacafe\MetacafeAgent.exe [2007-02-22 01:43:46] R0 a347bus;a347bus;C:\WINDOWS\system32\DRIVERS\a347bus.sys R0 a347scsi;a347scsi;C:\WINDOWS\system32\Drivers\a347scsi.sys R1 AFS2K;AFS2k;C:\WINDOWS\system32\drivers\AFS2K.sys R1 avgio;avgio;\??\C:\Program Files\AntiVir PersonalEdition Classic\avgio.sys R1 avipbb;avipbb;C:\WINDOWS\system32\DRIVERS\avipbb.sys R1 SRTSP;SRTSP;C:\WINDOWS\system32\Drivers\SRTSP.SYS R1 SRTSPX;SRTSPX;C:\WINDOWS\system32\Drivers\SRTSPX.SYS R1 ssmdrv;ssmdrv;C:\WINDOWS\system32\DRIVERS\ssmdrv.sys R2 atksgt;atksgt;C:\WINDOWS\system32\DRIVERS\atksgt.sys R2 lirsgt;lirsgt;C:\WINDOWS\system32\DRIVERS\lirsgt.sys R3 adiusbaw;USB ADSL WAN Adapter;C:\WINDOWS\system32\DRIVERS\adiusbaw.sys R3 avgntflt;avgntflt;\??\C:\Program Files\AntiVir PersonalEdition Classic\avgntflt.sys R3 dtscsi;dtscsi;C:\WINDOWS\system32\Drivers\dtscsi.sys R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys R3 ms_mpu401;Sterownik portu MIDI UART Microsoft MPU-401;C:\WINDOWS\system32\drivers\msmpu401.sys R3 MxlW2k;MxlW2k;C:\WINDOWS\system32\drivers\MxlW2k.sys R3 NVENET;NVIDIA nForce Networking Controller Driver;C:\WINDOWS\system32\DRIVERS\NVENET.sys S2 ADILOADER;General Purpose USB Driver (adildr.sys);C:\WINDOWS\system32\Drivers\adildr.sys S3 hidgame;WˆĄcznik Microsoft HID do portu joysticka;C:\WINDOWS\system32\DRIVERS\hidgame.sys S3 sony_ssm.sys;sony_ssm.sys;\??\C:\DOCUME~1\kompik\USTAWI~1\Temp\sony_ssm.sys S3 SRTSPL;SRTSPL;C:\WINDOWS\system32\Drivers\SRTSPL.SYS S3 STIrUsb;Klucz szyfrujĄcy SigmaTel USB-IrDA;C:\WINDOWS\system32\DRIVERS\irstusb.sys S3 vaxscsi;vaxscsi;C:\WINDOWS\system32\Drivers\vaxscsi.sys [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{638dcb29-79e3-11da-9999-806d6172696f}] AutoRun\command- F:\autorun2.exe Contents of the 'Scheduled Tasks' folder 2007-07-24 14:00:00 C:\WINDOWS\tasks\AFEE287D9185D999.job 2007-07-20 18:00:16 C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - kompik.job ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-07-24 16:30:42 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}] "DisplayName"="Alcohol 120" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher] "TracesProcessed"=dword:00000210 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A\1\5\1c] "Order"=hex:08,00,00,00,02,00,00,00,b8,01,00,00,01,00,00,00,04,00,00,00,8c,..

Kod:: Logfile of HijackThis v1.99.1 Scan saved at 16:32, on 2007-07-24 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\UAService7.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\WINDOWS\autoclk.exe C:\PROGRA~1\Wanadoo\TaskbarIcon.exe D:\Winamp\winampa.exe C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe D:\kamera\QuickCam10.exe C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\mozilla.org\Mozilla\Mozilla.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Gadu-Gadu\gg.exe C:\Program Files\Tlen.pl\tlen.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\Program Files\Wanadoo\EspaceWanadoo.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe D:\kamera\COCIManager.exe C:\Program Files\Wanadoo\ComComp.exe C:\Program Files\Wanadoo\Watch.exe C:\WINDOWS\explorer.exe C:\DOCUME~1\kompik\USTAWI~1\Temp\Rar$EX00.563\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O1 - Hosts: 66.232.98.113 L2authd.lineage2.com O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - D:\FlashFXP\IEFlash.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe O4 - HKLM\..\Run: [autoclk] autoclk.exe O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe O4 - HKLM\..\Run: [WinampAgent] D:\Winamp\winampa.exe O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "D:\kamera\QuickCam10.exe" /hide O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" O4 - HKLM\..\Run: [QuickTime Task] "D:\Qucik Time\qttask.exe" -atboottime O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\mozilla.org\Mozilla\Mozilla.exe" -turbo O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Gadu-Gadu\gg.exe" /tray O4 - HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe O4 - Startup: MetaCafe.lnk = D:\Metacafe\MetacafeAgent.exe O4 - Startup: The Matrix_ Path of Neo Registration.lnk = C:\Documents and Settings\kompik\Ustawienia lokalne\Temp\{008BEAF4-80F2-43CC-B7B0-2C209C717A63}\{E571E8B1-9771-465D-9DE0-3BA2D1BDAE99}\ATR1.exe O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: Metacafe.lnk = D:\Metacafe\MetacafeAgent.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{450D6190-83A1-4339-9EC9-2FD8D46FC4F7}: NameServer = 194.204.159.1 217.98.63.164 O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing) O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe

Odinstaluj Desktop Messenger, jeżeli jest on Ci nie potrzebny.

C:\WINDOWS\system32\effac6_r.dll

Plik przeskanuj na http://virusscan.jotti.org i podaj wynik skanowania.

Zawieszanie sie kompa, prosze o sprawdzenie loga

Regulamin forum

Zawieszanie sie kompa, prosze o sprawdzenie loga