Skocz do zawartości

falar

Stały użytkownik
  • Liczba zawartości

    36
  • Rejestracja

  • Ostatnia wizyta

Zawartość dodana przez falar

  1. Witam Dostałem pendrive'a, który według informacji podanych przez avasta był zawirusowany. Aby oczyścić pendrive'a użyłem USBFix (przeniósł pliki do kwarantanny, gdzie zaraz zostały zablokowane przez avasta)). Czy komp tez został zawirusowany? Malwarebytes' Antimalware znalazł: No i jeszcze plik autorun.inf na pendrivie był zawirusowany. Wirus: Vbs:Malware-gen Logi: OTL: Wklejka #404546 | Wklej.org Wklejka #404547 | Wklej.org GMER: Wklejka #404653 | Wklej.org USBFix: http://wklej.org/id/404836/
  2. Witam Poszukuję płyty głównej pod Intel E5200. Wiem, że często jest polecana płyta Asus P5B, ale ona nie obsługuje standardowo FSB 1333Mhz, a możliwe, że w przyszłości będzie wymieniony sam procesor. Co polecacie? (zakres cenowy 300 zł i lepiej, żeby zbytnio nie przekroczyć tej ceny) I jeszcze jest problem z zasilaczem. 450 W powinno wystarczyć z nadwyżka do zestawu, ale jest problem, który wybrać (ogranicza sklep, w którym będzie robiony zakup). Jedyne, które wyglądają w miarę sensownie (moc, cena i marka): http://arest.pl/index.php?inc=produkt&...33&katid=14 http://arest.pl/index.php?inc=produkt&...50&katid=14 http://arest.pl/index.php?inc=produkt&...49&katid=14 http://arest.pl/index.php?inc=produkt&...54&katid=14 Który warto wybrać?
  3. Avasta używam jako AV. Z Comodo mam zainstalowane jedynie firewall'a (no i ten ich Defense+) A ta linijka jest w porządku?
  4. Witam Do mojego komputera podłączony był pendrive, na którym znajdował się trojan. Proszę o sprawdzenie logów. » Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - "HijackThis" Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:18:13, on 2009-04-25 Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16827) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\COMODO\Firewall\cmdagent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\antivirus\aswUpdSv.exe C:\antivirus\ashServ.exe C:\WINDOWS\RTHDCPL.EXE C:\ANTIVI~1\ashDisp.exe C:\Program Files\COMODO\Firewall\cfp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\explorer.exe C:\antivirus\ashWebSv.exe C:\Program Files\Mozilla Firefox\firefox.exe F:\instalatory\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - F:\Free Download Manager\iefdm2.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [avast!] C:\ANTIVI~1\ashDisp.exe O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\Firewall\cfp.exe" -h O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Download video with Free Download Manager - file://F:\Free Download Manager\dlfvideo.htm O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://F:\OFFICE\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Pobierz w Free Download Manager - file://F:\Free Download Manager\dllink.htm O8 - Extra context menu item: Pobierz wszystkie pliki w Free Download Manager - file://F:\Free Download Manager\dlall.htm O8 - Extra context menu item: Pobierz zaznaczone w Free Download Manager - file://F:\Free Download Manager\dlselected.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\OFFICE\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virussca...can_unicode.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1193779393968 O17 - HKLM\System\CCS\Services\Tcpip\..\{1C190836-0C23-4653-B98F-362834B21FA8}: NameServer = 10.101.1.1,62.233.128.17,194.204.159.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{1C190836-0C23-4653-B98F-362834B21FA8}: NameServer = 10.101.1.1,62.233.128.17,194.204.159.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{1C190836-0C23-4653-B98F-362834B21FA8}: NameServer = 10.101.1.1,62.233.128.17,194.204.159.1 O17 - HKLM\System\CS3\Services\Tcpip\..\{1C190836-0C23-4653-B98F-362834B21FA8}: NameServer = 10.101.1.1,62.233.128.17,194.204.159.1 O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O20 - AppInit_DLLs: O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\antivirus\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\antivirus\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\antivirus\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\antivirus\ashWebSv.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing) O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 6898 bytes » Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - "Combofix" ComboFix 09-04-25.A3 - użytkownik 2009-04-25 22:13.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.2047.1556 [GMT 2:00] Uruchomiony z: f:\instalatory\ComboFix.exe AV: avast! antivirus 4.8.1335 [VPS 090425-0] *On-access scanning disabled* (Updated) FW: COMODO Firewall *enabled* * Utworzono nowy punkt przywracania UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !! . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\IE4 Error Log.txt . ((((((((((((((((((((((((( Pliki utworzone od 2009-05-25 do 2009-4-25 ))))))))))))))))))))))))))))))) . 2009-04-23 20:45 . 2009-04-23 20:45 -------- d-----w c:\program files\Common Files\PCSuite 2009-04-23 20:45 . 2009-04-23 20:45 -------- d-----w c:\program files\Common Files\Nokia 2009-04-23 20:44 . 2008-08-26 08:26 18816 ----a-w c:\windows\system32\drivers\pccsmcfd.sys 2009-04-23 20:44 . 2009-04-23 20:44 -------- d-----w c:\program files\PC Connectivity Solution 2009-04-22 19:02 . 2009-04-22 19:02 -------- d-----w c:\program files\FormatFactory 2009-04-19 16:13 . 2009-04-19 16:13 -------- d-----w c:\documents and settings\użytkownik\Ustawienia lokalne\Dane aplikacji\Opera 2009-04-19 16:13 . 2009-04-19 16:13 -------- d-----w c:\program files\Opera 2009-04-18 22:12 . 2009-04-18 22:12 -------- d-----w c:\program files\VUGames 2009-04-18 16:29 . 2009-04-18 16:29 52216 ---ha-w c:\windows\system32\mlfcache.dat 2009-04-18 16:27 . 2009-04-18 16:27 -------- d-----w c:\program files\Safari 2009-04-18 16:26 . 2009-04-18 16:26 -------- d-----w c:\documents and settings\użytkownik\Ustawienia lokalne\Dane aplikacji\Apple 2009-04-18 16:26 . 2009-04-18 16:26 -------- d-----w c:\program files\Apple Software Update 2009-04-18 16:26 . 2009-04-18 16:26 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Apple 2009-04-16 15:30 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe 2009-04-16 15:30 . 2009-03-06 14:22 285696 -c----w c:\windows\system32\dllcache\pdh.dll 2009-04-16 15:30 . 2009-02-09 11:25 111104 -c----w c:\windows\system32\dllcache\services.exe 2009-04-16 15:30 . 2009-02-09 10:53 401408 -c----w c:\windows\system32\dllcache\rpcss.dll 2009-04-16 15:30 . 2009-02-09 10:53 731136 -c----w c:\windows\system32\dllcache\lsasrv.dll 2009-04-16 15:30 . 2009-02-09 10:53 686592 -c----w c:\windows\system32\dllcache\advapi32.dll 2009-04-16 15:30 . 2009-02-09 10:53 473600 -c----w c:\windows\system32\dllcache\fastprox.dll 2009-04-16 15:30 . 2009-02-09 10:53 722944 -c----w c:\windows\system32\dllcache\ntdll.dll 2009-04-16 15:30 . 2009-02-09 10:53 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll 2009-04-16 15:29 . 2009-03-27 06:58 1203922 -c----w c:\windows\system32\dllcache\sysmain.sdb 2009-04-16 15:29 . 2008-04-21 21:16 218112 -c----w c:\windows\system32\dllcache\wordpad.exe 2009-03-29 19:42 . 2009-03-29 19:56 -------- d-----w c:\program files\Battle for Wesnoth 1.6 . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-25 20:05 . 2001-10-26 18:15 99364 ----a-w c:\windows\system32\perfc015.dat 2009-04-25 20:05 . 2001-10-26 18:15 526266 ----a-w c:\windows\system32\perfh015.dat 2009-04-23 20:45 . 2008-11-23 11:25 -------- d-----w c:\program files\Nokia 2009-04-23 20:43 . 2008-11-23 11:23 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Installations 2009-04-22 17:48 . 2009-03-22 16:55 -------- d-----w c:\documents and settings\użytkownik\Dane aplikacji\DC++ 2009-04-18 22:21 . 2007-09-12 18:04 -------- d--h--w c:\program files\InstallShield Installation Information 2009-04-18 16:27 . 2007-09-17 17:53 -------- d-----w c:\documents and settings\użytkownik\Dane aplikacji\Apple Computer 2009-04-10 13:12 . 2008-12-20 22:00 -------- d-----w c:\program files\Odkurzacz 2009-04-10 13:07 . 2009-03-14 17:10 -------- d-----w c:\program files\Onimedia 2009-03-13 13:46 . 2007-09-30 16:14 -------- d-----w c:\program files\Common Files\Wise Installation Wizard 2009-03-13 13:45 . 2008-04-19 12:05 -------- d-----w c:\program files\AGEIA Technologies 2009-03-06 14:22 . 2004-08-03 22:44 285696 ----a-w c:\windows\system32\pdh.dll 2009-03-03 14:22 . 2008-07-10 15:00 155384 ----a-w c:\windows\system32\guard32.dll 2009-03-03 14:22 . 2008-07-10 15:00 110992 ----a-w c:\windows\system32\drivers\cmdguard.sys 2009-03-03 00:10 . 2004-08-03 22:44 826368 ----a-w c:\windows\system32\wininet.dll 2009-02-27 12:17 . 2008-03-07 20:14 -------- d-----w c:\program files\Microsoft Silverlight 2009-02-20 17:13 . 2004-08-03 22:44 78336 ----a-w c:\windows\system32\ieencode.dll 2009-02-09 14:07 . 2004-08-03 22:37 1847040 ----a-w c:\windows\system32\win32k.sys 2009-02-09 11:26 . 2004-08-04 00:39 2025472 ----a-w c:\windows\system32\ntkrnlpa.exe 2009-02-09 11:26 . 2004-08-03 22:38 2146816 ----a-w c:\windows\system32\ntoskrnl.exe 2009-02-09 11:25 . 2004-08-03 22:44 111104 ----a-w c:\windows\system32\services.exe 2009-02-09 10:53 . 2004-08-03 22:44 401408 ----a-w c:\windows\system32\rpcss.dll 2009-02-09 10:53 . 2004-08-03 22:44 731136 ----a-w c:\windows\system32\lsasrv.dll 2009-02-09 10:53 . 2004-08-03 22:43 686592 ----a-w c:\windows\system32\advapi32.dll 2009-02-09 10:53 . 2004-08-03 22:43 722944 ----a-w c:\windows\system32\ntdll.dll 2009-02-09 05:37 . 2008-11-23 11:25 91136 ----a-w c:\windows\system32\nmwcdcls.dll 2009-02-06 10:39 . 2001-10-26 19:30 35328 ----a-w c:\windows\system32\sc.exe 2009-02-03 19:58 . 2004-08-03 22:44 56832 ----a-w c:\windows\system32\secur32.dll 2008-09-24 16:47 . 2007-09-14 17:46 72296 ----a-w c:\documents and settings\użytkownik\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT 2008-03-20 21:56 . 2008-03-20 21:56 22328 ----a-w c:\documents and settings\użytkownik\Dane aplikacji\PnkBstrK.sys 2008-03-07 20:02 . 2008-03-07 20:02 161824 ----a-w c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat 2007-09-15 09:38 . 2007-09-15 09:38 135 ----a-w c:\documents and settings\użytkownik\Ustawienia lokalne\Dane aplikacji\fusioncache.dat 2008-09-23 17:48 . 2008-09-23 17:49 32768 --sha-w c:\windows\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\MSHist012008092320080924\index.dat . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-03-20 1312256] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144] "avast!"="c:\antivi~1\ashDisp.exe" [2009-02-05 81000] "COMODO Firewall Pro"="c:\program files\COMODO\Firewall\cfp.exe" [2009-03-03 1851128] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016] "COMODO Internet Security"="c:\program files\COMODO\Firewall\cfp.exe" [2009-03-03 1851128] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-03-21 16126464] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2008-05-02 00:42 72208 ----a-w c:\program files\common files\logitech\bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"= [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Synchronizer.lnk] path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Synchronizer.lnk backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^DualCoreCenter.lnk] path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\DualCoreCenter.lnk backup=c:\windows\pss\DualCoreCenter.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Image Zone - szybkie uruchamianie.lnk] path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\HP Image Zone - szybkie uruchamianie.lnk backup=c:\windows\pss\HP Image Zone - szybkie uruchamianie.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Logitech Desktop Messenger.lnk] path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Logitech Desktop Messenger.lnk backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Logitech SetPoint.lnk] path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Logitech SetPoint.lnk backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk] path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Windows Search.lnk] path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Windows Search.lnk backup=c:\windows\pss\Windows Search.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^użytkownik^Pulpit^skróty^Autostart^Adobe Gamma.lnk] path=c:\documents and settings\użytkownik\Pulpit\skróty\Autostart\Adobe Gamma.lnk backup=c:\windows\pss\Adobe Gamma.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "UPS"=3 (0x3) "TapiSrv"=3 (0x3) "RDSessMgr"=3 (0x3) "RasMan"=3 (0x3) "RasAuto"=3 (0x3) "ose"=3 (0x3) "iPod Service"=3 (0x3) "Harmonogram automatycznej usługi LiveUpdate"=2 (0x2) "FastUserSwitchingCompatibility"=3 (0x3) "Apple Mobile Device"=2 (0x2) "CLTNetCnService"=2 (0x2) "Adobe LM Service"=3 (0x3) "WMPNetworkSvc"=3 (0x3) "RichVideo"=2 (0x2) "nTuneService"=2 (0x2) "LBTServ"=3 (0x3) "ERSvc"=2 (0x2) "helpsvc"=2 (0x2) "RemoteRegistry"=2 (0x2) "seclogon"=2 (0x2) "SCardSvr"=3 (0x3) "idsvc"=3 (0x3) "IDriverT"=3 (0x3) "FLEXnet Licensing Service"=3 (0x3) [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "f:\\DC++\\DCPlusPlus.exe"= "f:\\Gadu-Gadu\\gg.exe"= "f:\\totalcmd\\TOTALCMD.EXE"= "f:\\gry\\burn\\BurnoutLauncher.exe"= "f:\\gry\\burn\\BurnoutConfigTool.exe"= "f:\\gry\\burn\\BurnoutParadise.exe"= "c:\\Program Files\\VUGames\\SWAT 4\\ContentExpansion\\System\\Swat4X.exe"= "c:\\Program Files\\VUGames\\SWAT 4\\ContentExpansion\\System\\Swat4XDedicatedServer.exe"= R3 CrystalSysInfo;CrystalSysInfo; [x] R3 EverestDriver;Lavalys EVEREST Kernel Driver; [x] S1 aswSP;avast! Self Protection; [x] S1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2009-03-03 110992] S1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2009-02-22 24336] S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{caa51aa2-25aa-11dd-9076-0019dbb544af}] \Shell\AutoRun\command - G:\LaunchU3.exe -a . . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.wp.pl/ uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local IE: Download video with Free Download Manager - file://f:\free download manager\dlfvideo.htm IE: E&ksport do programu Microsoft Excel - f:\office\OFFICE11\EXCEL.EXE/3000 IE: Pobierz w Free Download Manager - file://f:\free download manager\dllink.htm IE: Pobierz wszystkie pliki w Free Download Manager - file://f:\free download manager\dlall.htm IE: Pobierz zaznaczone w Free Download Manager - file://f:\free download manager\dlselected.htm TCP: {1C190836-0C23-4653-B98F-362834B21FA8} = 10.101.1.1,62.233.128.17,194.204.159.1 Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll FF - ProfilePath - c:\documents and settings\użytkownik\Dane aplikacji\Mozilla\Firefox\Profiles\wyuf9n5d.default\ FF - prefs.js: browser.startup.homepage - dobreprogramy.pl FF - component: c:\documents and settings\użytkownik\Dane aplikacji\Mozilla\Firefox\Profiles\wyuf9n5d.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll FF - plugin: f:\adobe\Reader\browser\nppdf32.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-25 22:15 Windows 5.1.2600 Dodatek Service Pack 3 NTFS detected NTDLL code modification: ZwClose, ZwOpenFile skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver] "ImagePath"="\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt" . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- [HKEY_USERS\S-1-5-21-343818398-1336601894-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) [HKEY_USERS\S-1-5-21-343818398-1336601894-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:aa,cf,30,64,9f,aa,3f,b5,69,4c,60,93,86,a7,14,7f,55,4f,c6,68,53,14,63, 82,e5,b4,ed,5b,55,34,12,e2,dc,eb,75,26,94,36,6d,fa,6d,49,e2,17,f1,a9,f0,b3,\ "??"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb [HKEY_USERS\S-1-5-21-343818398-1336601894-839522115-1003\Software\SecuROM\License information*] "datasecu"=hex:44,90,63,7d,c6,7f,c8,5d,c0,ba,4f,4b,be,e4,d7,4f,e1,e0,77,be,d0, 87,2a,79,6b,3a,49,21,59,00,4e,45,a9,b8,ab,c3,94,87,b7,d1,72,2b,18,eb,99,ee,\ "rkeysecu"=hex:bb,9d,a4,3d,54,9a,9b,c9,99,4c,3f,f7,0c,43,a9,03 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,c3,11,74,f5,63, 3a,f0,1e,c8,28,51,af,b0,29,a3,98,af,d2,4f,b1,23,f6,71,e7,e2,63,26,f1,3f,c8,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,aa,7a,a1,dc,78, b2,34,9f,71,3b,04,66,8b,46,0d,96,91,cf,6f,12,0e,35,3f,61,6a,9c,d6,61,af,45,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,9c,6b,13,22,38, 67,b8,24,25,da,ec,7e,55,20,c9,26,d9,4d,dd,dd,94,1d,64,ce,ff,7c,85,e0,43,d4,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,07,48,81,52,a9, d2,99,47,3e,1e,9e,e0,57,5a,93,61,27,1f,bf,7d,20,59,49,52,86,8c,21,01,be,91,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,aa,0c,4f,9d,65, 88,c7,de,cd,44,cd,b9,a6,33,6c,cd,13,b3,8e,b8,ed,c0,26,58,f5,1d,4d,73,a8,13,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,8a,a2,8c,6a,9c, 78,44,7f,b0,18,ed,a7,3f,8d,37,a4,2e,16,01,2a,f2,6a,7d,6b,df,20,58,62,78,6b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,09,67,87,90,4d, f7,79,28,31,77,e1,ba,b1,f8,68,02,47,07,d6,4f,ef,06,8a,8c,fb,a7,78,e6,12,2f,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,45,81,07,c0,90, 8f,8c,d6,83,6c,56,8b,a0,85,96,ab,1d,b5,1f,9d,7e,6a,2b,3b,01,3a,48,fc,e8,04,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,ce,19,4a,8b,fa, 9a,2d,d8,51,fa,6e,91,28,9e,14,cc,ba,f5,88,43,5e,f6,9f,ce,f6,0f,4e,58,98,5b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,e7,95,12,a2,a6, 5d,b6,51,b1,cd,45,5a,a8,c4,f8,b9,9e,8c,0f,9f,da,9c,af,46,3d,ce,ea,26,2d,45,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,5d,5f,95,2a,a9, 34,f6,34,e3,0e,66,d5,eb,bc,2f,6b,97,35,80,54,a5,e7,c5,e5,2a,b7,cc,b5,b9,7f,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,d0,f9,d7,0f,12, 9b,17,d7,fa,ea,66,7f,d4,3b,6b,70,9e,3a,8b,f9,01,4e,17,4d,6c,43,2d,1e,aa,22,\ . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'winlogon.exe'(872) c:\windows\system32\guard32.dll c:\program files\common files\logitech\bluetooth\LBTWlgn.dll c:\program files\common files\logitech\bluetooth\LBTServ.dll - - - - - - - > 'lsass.exe'(936) c:\windows\system32\guard32.dll . Czas ukończenia: 2009-04-25 22:16 ComboFix-quarantined-files.txt 2009-04-25 20:16 ComboFix2.txt 2008-12-18 21:56 Przed: 22 209 593 344 bajtów wolnych Po: 22 403 371 008 bajtów wolnych 305 --- E O F --- 2009-04-16 17:36 » Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - "Silent Runners" "Silent Runners.vbs", revision 58, http://www.silentrunners.org/ Operating System: Windows XP Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS] "PC Suite Tray" = ""C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray" ["Nokia"] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."] "NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS] "avast!" = "C:\ANTIVI~1\ashDisp.exe" ["ALWIL Software"] "Logitech Hardware Abstraction Layer" = "KHALMNPR.EXE" ["Logitech, Inc."] "COMODO Firewall Pro" = ""C:\Program Files\COMODO\Firewall\cfp.exe" -h" ["COMODO"] "Kernel and Hardware Abstraction Layer" = "KHALMNPR.EXE" ["Logitech, Inc."] "NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS] "COMODO Internet Security" = ""C:\Program Files\COMODO\Firewall\cfp.exe" -h" ["COMODO"] HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\ >{881dd1c5-3dcf-431b-b061-f3f88e8be88a}\(Default) = "Outlook Express" \StubPath = "C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE" [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "Adobe PDF Reader Link Helper" \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = "SSVHelper Class" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."] {CC59E0F9-7E43-44FA-9FAA-8377850BF205}\(Default) = (no title provided) -> {HKLM...CLSID} = "FDMIECookiesBHO Class" \InProcServer32\(Default) = "F:\Free Download Manager\iefdm2.dll" [null data] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania" -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."] "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class" -> {HKLM...CLSID} = "DesktopContext Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer" -> {HKLM...CLSID} = "Desktop Explorer" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu" -> {HKLM...CLSID} = "nView Desktop Context Menu" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{59850401-6664-101B-B21C-00AA004BA90B}" = "Microsoft Office Binder Unbind" -> {HKLM...CLSID} = "Microsoft Office Binder Unbind" \InProcServer32\(Default) = "F:\OFFICE\Office\1045\UNBIND.DLL" [MS] "{FEB7DAE0-E111-11D0-BFD7-444553540000}" = "ICEOWS" -> {HKLM...CLSID} = "Folder Iceows" \InProcServer32\(Default) = "C:\WINDOWS\system32\ShellExt\IceGUI.dll" ["Raphaël MOUNIER"] "{23170F69-40C1-278A-1000-000100020000}" = "7-Zip Shell Extension" -> {HKLM...CLSID} = "7-Zip Shell Extension" \InProcServer32\(Default) = "F:\7-Zip\7-zip.dll" ["Igor Pavlov"] "{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler" -> {HKLM...CLSID} = "Microsoft Office Outlook" \InProcServer32\(Default) = "F:\OFFICE\OFFICE11\MLSHEXT.DLL" [MS] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook" \InProcServer32\(Default) = "F:\OFFICE\OFFICE11\OLKFSTUB.DLL" [MS] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "F:\OFFICE\OFFICE11\msohev.dll" [MS] "{472083B0-C522-11CF-8763-00608CC02F24}" = "avast" -> {HKLM...CLSID} = "avast" \InProcServer32\(Default) = "C:\antivirus\ashShell.dll" ["ALWIL Software"] "{F49C55B9-D417-45A1-A6E7-D6E057946280}" = "FdmUplShlExt" -> {HKLM...CLSID} = "FdmUplShlExt Class" \InProcServer32\(Default) = "F:\Free Download Manager\FUM\fumshext.dll" [null data] "{DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C}" = "Logitech Setpoint Extension" -> {HKLM...CLSID} = "KbLogiExt Class" \InProcServer32\(Default) = "C:\Program Files\Logitech\SetPoint\kbcplext.dll" ["Logitech, Inc."] "{B9B9F083-2B04-452A-8691-83694AC1037B}" = "Logitech Setpoint Extension" -> {HKLM...CLSID} = "LogiExt Class" \InProcServer32\(Default) = "C:\Program Files\Logitech\SetPoint\mcplext.dll" ["Logitech, Inc."] "{97090E2F-3062-4459-855B-014F0D3CDBB1}" = "Windows Search Deskbar" -> {HKCU...CLSID} = "Pasek pulpitu programu Windows Search" \InProcServer32\(Default) = "C:\Program Files\Windows Desktop Search\deskbar.dll" [MS] -> {HKLM...CLSID} = "Windows Search Deskbar" \InProcServer32\(Default) = "C:\Program Files\Windows Desktop Search\deskbar.dll" [MS] "{13E7F612-F261-4391-BEA2-39DF4F3FA311}" = "Windows Desktop Search" -> {HKLM...CLSID} = "Windows Desktop Search" \InProcServer32\(Default) = "C:\Program Files\Windows Desktop Search\msnlExt.dll" [MS] "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper" -> {HKLM...CLSID} = "NVIDIA CPL Extension" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}" = "Nokia Phone Browser" -> {HKLM...CLSID} = "Nokia Phone Browser" \InProcServer32\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll" ["Nokia"] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ <<!>> "{56F9679E-7826-4C84-81F3-532071A8BCC5}" = (no title provided) -> {HKLM...CLSID} = "Windows Desktop Search Namespace Manager" \InProcServer32\(Default) = "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ "WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" -> {HKLM...CLSID} = "WPDShServiceObj Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS] HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\ <<!>> "BootExecute" = "autocheck autochk *"|"lsdelete" [null data] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <<!>> dimsntfy\DLLName = "C:\WINDOWS\System32\dimsntfy.dll" [MS] <<!>> LBTWlgn\DLLName = "c:\program files\common files\logitech\bluetooth\LBTWlgn.dll" ["Logitech, Inc."] HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\ <<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS] HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."] HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ 7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}" -> {HKLM...CLSID} = "7-Zip Shell Extension" \InProcServer32\(Default) = "F:\7-Zip\7-zip.dll" ["Igor Pavlov"] avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}" -> {HKLM...CLSID} = "avast" \InProcServer32\(Default) = "C:\antivirus\ashShell.dll" ["ALWIL Software"] ICEOWS\(Default) = "{FEB7DAE0-E111-11D0-BFD7-444553540000}" -> {HKLM...CLSID} = "Folder Iceows" \InProcServer32\(Default) = "C:\WINDOWS\system32\ShellExt\IceGUI.dll" ["Raphaël MOUNIER"] HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ 7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}" -> {HKLM...CLSID} = "7-Zip Shell Extension" \InProcServer32\(Default) = "F:\7-Zip\7-zip.dll" ["Igor Pavlov"] ICEOWS\(Default) = "{FEB7DAE0-E111-11D0-BFD7-444553540000}" -> {HKLM...CLSID} = "Folder Iceows" \InProcServer32\(Default) = "C:\WINDOWS\system32\ShellExt\IceGUI.dll" ["Raphaël MOUNIER"] HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\ avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}" -> {HKLM...CLSID} = "avast" \InProcServer32\(Default) = "C:\antivirus\ashShell.dll" ["ALWIL Software"] HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\ FdmUplShlExt\(Default) = "{F49C55B9-D417-45A1-A6E7-D6E057946280}" -> {HKLM...CLSID} = "FdmUplShlExt Class" \InProcServer32\(Default) = "F:\Free Download Manager\FUM\fumshext.dll" [null data] Default executables: -------------------- <<!>> HKLM\SOFTWARE\Classes\.com\(Default) = "ComFile" Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ "NoDrives" = (REG_DWORD) dword:0x00000000 {unrecognized setting} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ "NoDrives" = (REG_DWORD) dword:0x00000000 {unrecognized setting} "HonorAutoRunSetting" = (REG_DWORD) dword:0x00000001 {unrecognized setting} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ "shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} "DisableRegistryTools" = (REG_DWORD) dword:0x00000000 {unrecognized setting} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp" Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Documents and Settings\użytkownik\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp" Windows Portable Device AutoPlay Handlers ----------------------------------------- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ BridgeCS3ImportMediaOnArrival\ "Provider" = "Adobe Bridge CS3" "InvokeProgID" = "Adobe.adobebridge" "InvokeVerb" = "launch" HKLM\SOFTWARE\Classes\Adobe.adobebridge\shell\launch\command\(Default) = "F:\dreamwavear\Adobe Bridge CS3\bridgeproxy.exe -v %1" ["Adobe Systems, Inc."] HPUnloadAutoplay\ "Provider" = "Przesyłanie HP i Szybki wydruk" "InvokeProgID" = "HpqUnApl.Autoplay" "InvokeVerb" = "Play" HKLM\SOFTWARE\Classes\HpqUnApl.Autoplay\shell\Play\DropTarget\CLSID = "{E1A1C814-FD09-4c9d-BB4A-0394B836A1F0}" -> {HKLM...CLSID} = (no title provided) \LocalServer32\(Default) = "F:\DRUKARKA\Digital Imaging\Unload\HpqUnApl.exe" ["Hewlett-Packard"] MPCPlayCDAudioOnArrival\ "Provider" = "Media Player Classic" "InvokeProgID" = "MediaPlayerClassic.Autorun" "InvokeVerb" = "PlayCDAudio" HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayCDAudio\command\(Default) = ""F:\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1 /cd" ["Gabest"] MPCPlayDVDMovieOnArrival\ "Provider" = "Media Player Classic" "InvokeProgID" = "MediaPlayerClassic.Autorun" "InvokeVerb" = "PlayDVDMovie" HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayDVDMovie\command\(Default) = ""F:\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1 /dvd" ["Gabest"] MPCPlayMusicFilesOnArrival\ "Provider" = "Media Player Classic" "InvokeProgID" = "MediaPlayerClassic.Autorun" "InvokeVerb" = "PlayMusicFiles" HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayMusicFiles\command\(Default) = ""F:\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1" ["Gabest"] MPCPlayVideoFilesOnArrival\ "Provider" = "Media Player Classic" "InvokeProgID" = "MediaPlayerClassic.Autorun" "InvokeVerb" = "PlayVideoFiles" HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayVideoFiles\command\(Default) = ""F:\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1" ["Gabest"] MSWPDShellNamespaceHandler\ "Provider" = "@%SystemRoot%\System32\WPDShextRes.dll,-501" "CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}" "InitCmdLine" = " " -> {HKLM...CLSID} = "WPDShextAutoplay" \LocalServer32\(Default) = "C:\WINDOWS\system32\WPDShextAutoplay.exe" [MS] NeroAutoPlay7CDAudio\ "Provider" = "Nero Express Essentials" "InvokeProgID" = "Nero.AutoPlay7" "InvokeVerb" = "CDAudio_HandleCDBurningOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\CDAudio_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe -w /New:AudioCD" ["Nero AG"] NeroAutoPlay7CopyCD\ "Provider" = "Nero Express Essentials" "InvokeProgID" = "Nero.AutoPlay7" "InvokeVerb" = "CopyCD_PlayMusicFilesOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\CopyCD_PlayMusicFilesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe -w /New:DiscCopy" ["Nero AG"] NeroAutoPlay7DataDisc\ "Provider" = "Nero Express Essentials" "InvokeProgID" = "Nero.AutoPlay7" "InvokeVerb" = "DataDisc_HandleCDBurningOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\DataDisc_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe -w /New:ISODisc" ["Nero AG"] NeroAutoPlay7LaunchNeroStartSmart\ "Provider" = "Nero StartSmart Essentials" "InvokeProgID" = "Nero.AutoPlay7" "InvokeVerb" = "LaunchNeroStartSmart_HandleCDBurningOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\LaunchNeroStartSmart_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe /AutoPlay" ["Nero AG"] NMMPlayCDAudioOnArrival\ "Provider" = "Nokia Music Manager" "InvokeProgID" = "NokiaMusicManager" "InvokeVerb" = "NMMPlayCD" HKLM\SOFTWARE\Classes\NokiaMusicManager\shell\NMMPlayCD\command\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 7\MusicManager.exe /playCD "%L"" ["Nokia"] NMMRipCDAudioOnArrival\ "Provider" = "Nokia Music Manager" "InvokeProgID" = "NokiaMusicManager" "InvokeVerb" = "NMMRipCD" HKLM\SOFTWARE\Classes\NokiaMusicManager\shell\NMMRipCD\command\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 7\MusicManager.exe /ripCD "%L"" ["Nokia"] PDVDPlayCDAudioOnArrival\ "Provider" = "PowerDVD" "InvokeProgID" = "AudioCD" "InvokeVerb" = "PlayWithPowerDVD" HKLM\SOFTWARE\Classes\AudioCD\shell\PlayWithPowerDVD\Command\(Default) = ""C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" "%L"" ["CyberLink Corp."] PDVDPlayDVDMovieOnArrival\ "Provider" = "PowerDVD" "InvokeProgID" = "DVD" "InvokeVerb" = "PlayWithPowerDVD" HKLM\SOFTWARE\Classes\DVD\shell\PlayWithPowerDVD\Command\(Default) = ""C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" "%l"" ["CyberLink Corp."] PDVDPlayVCDMovieOnArrival\ "Provider" = "PowerDVD" "InvokeProgID" = "VCD" "InvokeVerb" = "PlayWithPowerDVD" HKLM\SOFTWARE\Classes\VCD\shell\PlayWithPowerDVD\Command\(Default) = ""C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" "%l"" ["CyberLink Corp."] PPCDBurningOnArrival\ "Provider" = "PowerProducer" "InvokeProgID" = "Picture" "InvokeVerb" = "OpenWithPowerProducer" HKLM\SOFTWARE\Classes\Picture\shell\OpenWithPowerProducer\Command\(Default) = ""C:\Program Files\CyberLink\PowerProducer\Producer.exe"" ["CyberLink"] PPDCameraArrival\ "Provider" = "PowerProducer" "InvokeProgID" = "Picture" "InvokeVerb" = "OpenWithPowerProducer" HKLM\SOFTWARE\Classes\Picture\shell\OpenWithPowerProducer\Command\(Default) = ""C:\Program Files\CyberLink\PowerProducer\Producer.exe"" ["CyberLink"] PPDVArrival\ "Provider" = "PowerProducer" "ProgID" = "Shell.HWEventHandlerShellExecute" "InitCmdLine" = ""C:\Program Files\CyberLink\PowerProducer\Producer.exe"" HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" -> {HKLM...CLSID} = "ShellExecute HW Event Handler" \LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS] PStarterBlankCDArrival\ "Provider" = "DVD Suite" "InvokeProgID" = "Picture" "InvokeVerb" = "OpenWithPowerStarter" HKLM\SOFTWARE\Classes\Picture\shell\OpenWithPowerStarter\Command\(Default) = ""C:\Program Files\CyberLink\DVD Suite\PowerStarter.exe"" [empty string] PStarterDVDBurningOnArrival\ "Provider" = "DVD Suite" "InvokeProgID" = "BlankDVD" "InvokeVerb" = "OpenWithPowerStarter" HKLM\SOFTWARE\Classes\BlankDVD\shell\OpenWithPowerStarter\Command\(Default) = ""C:\Program Files\CyberLink\DVD Suite\PowerStarter.exe"" [empty string] PStarterMixedCDArrival\ "Provider" = "DVD Suite" "InvokeProgID" = "MixedContent" "InvokeVerb" = "OpenWithPowerStarter" HKLM\SOFTWARE\Classes\MixedContent\shell\OpenWithPowerStarter\Command\(Default) = ""C:\Program Files\CyberLink\DVD Suite\PowerStarter.exe"" [empty string] PStarterMusicFilesArrival\ "Provider" = "DVD Suite" "InvokeProgID" = "MusicFiles" "InvokeVerb" = "OpenWithPowerStarter" HKLM\SOFTWARE\Classes\MusicFiles\shell\OpenWithPowerStarter\Command\(Default) = ""C:\Program Files\CyberLink\DVD Suite\PowerStarter.exe"" [empty string] PStarterPicturesArrival\ "Provider" = "DVD Suite" "InvokeProgID" = "Picture" "InvokeVerb" = "OpenWithPowerStarter" HKLM\SOFTWARE\Classes\Picture\shell\OpenWithPowerStarter\Command\(Default) = ""C:\Program Files\CyberLink\DVD Suite\PowerStarter.exe"" [empty string] PStarterPlayCDAudioOnArrival\ "Provider" = "DVD Suite" "InvokeProgID" = "AudioCD" "InvokeVerb" = "PlayWithPowerStarter" HKLM\SOFTWARE\Classes\AudioCD\shell\PlayWithPowerStarter\Command\(Default) = ""C:\Program Files\CyberLink\DVD Suite\PowerStarter.exe" "%L"" [empty string] PStarterPlayDVDMovieOnArrival\ "Provider" = "DVD Suite" "InvokeProgID" = "DVD" "InvokeVerb" = "PlayWithPowerStarter" HKLM\SOFTWARE\Classes\DVD\shell\PlayWithPowerStarter\Command\(Default) = ""C:\Program Files\CyberLink\DVD Suite\PowerStarter.exe" "%L"" [empty string] PStarterVideoFilesArrival\ "Provider" = "DVD Suite" "InvokeProgID" = "VideoFiles" "InvokeVerb" = "OpenWithPowerStarter" HKLM\SOFTWARE\Classes\VideoFiles\shell\OpenWithPowerStarter\Command\(Default) = ""C:\Program Files\CyberLink\DVD Suite\PowerStarter.exe"" [empty string] WinampMTPHandler\ "Provider" = "Winamp" "ProgID" = "Shell.HWEventHandlerShellExecute" "InitCmdLine" = "F:\Winamp\winamp.exe" HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" -> {HKLM...CLSID} = "ShellExecute HW Event Handler" \LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS] WinampPlayMediaOnArrival\ "Provider" = "Winamp" "InvokeProgID" = "Winamp.File" "InvokeVerb" = "Play" HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\command\(Default) = ""F:\Winamp\winamp.exe" "%1"" ["Nullsoft"] HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\DropTarget\CLSID = "{46986115-84D6-459c-8F95-52DD653E532E}" -> {HKLM...CLSID} = (no title provided) \LocalServer32\(Default) = ""F:\Winamp\winamp.exe"" ["Nullsoft"] DESKTOP.INI DLL launch in local fixed drive directories: -------------------------------------------------------- WARNING! D: is an unreadable partition! Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000004\LibraryPath = "C:\Program Files\Bonjour\mdnsNSP.dll" ["Apple Computer, Inc."] Transport Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 11 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Explorer Bars HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Badanie" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "F:\OFFICE\OFFICE11\REFIEBAR.DLL" [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ "MenuText" = "Sun Java Console" "CLSIDExtension" = "{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}" -> {HKCU...CLSID} = "Java Plug-in 1.6.0_06" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."] -> {HKLM...CLSID} = "Java Plug-in 1.6.0_06" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_06\bin\npjpi160_06.dll" ["Sun Microsystems, Inc."] {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ "ButtonText" = "Badanie" {FB5F1910-F110-11D2-BB9E-00C04F795683}\ "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ avast! Antivirus, avast! Antivirus, ""C:\antivirus\ashServ.exe"" ["ALWIL Software"] avast! iAVS4 Control Service, aswUpdSv, ""C:\antivirus\aswUpdSv.exe"" ["ALWIL Software"] avast! Web Scanner, avast! Web Scanner, ""C:\antivirus\ashWebSv.exe" /service" ["ALWIL Software"] COMODO Internet Security Helper Service, cmdAgent, ""C:\Program Files\COMODO\Firewall\cmdagent.exe"" ["COMODO"] Lavasoft Ad-Aware Service, aawservice, ""C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe"" ["Lavasoft"] Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS] NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"] Pml Driver HPZ12, Pml Driver HPZ12, "C:\WINDOWS\system32\HPZipm12.exe" ["HP"] ServiceLayer, ServiceLayer, ""C:\Program Files\PC Connectivity Solution\ServiceLayer.exe"" ["Nokia."] Windows Driver Foundation - User-mode Driver Framework, WudfSvc, "C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup" {"C:\WINDOWS\System32\WUDFSvc.dll" [MS]} Windows Search, WSearch, "C:\WINDOWS\system32\SearchIndexer.exe /Embedding" [MS] Print Monitors: --------------- HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\ Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS] Monitor 2 języka BJ\Driver = "CNBJMON2.DLL" [MS] PCL Language Monitor\Driver = "hpz3l3xu.dll" ["Hewlett-Packard Company"] ---------- (launch time: 2009-04-25 22:19:42) <<!>>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 69 seconds. ---------- (total run time: 106 seconds)
  5. Ok, może faktycznie całkowicie pasywne chłodzenie to popadanie ze skrajności w skrajność. Ten OCZ wygląda nawet ciekawie (przeglądając fora odnośnie Xigmateka znalazłem oponie, że jest on dosyć głośny). Jedyną wadą tego OCZ jest jego mała dostępność (a wtedy sie okazuje, że jednak ten Scythe jest tańszy-mogę mieć za 129 zł). jeszcze jedno pytanie: jaka jest waga tego OCZ, bo nigdzie nie mogę jej znaleźć.
  6. Witam. Zamierzam wymienić swoje boxowe chłodzenie na coś cichszego i wydajniejszego. Obecnie posiadam e6550 (za jakiś czas chciałbym wymienić na jakiegoś quada). Chciałbym chłodzić pasywnie (bo boxowe do najcichszych nie należy). Zastanawiam się, czy brać Scythe Ninja 2, czy może coś innego? Potrzeba wymieniać te plastikowe kołeczki na backplate'a ze śrubami? (to wydatek ok. 30 zł) No i jeszcze byłoby mi miło, żeby to chłodzenie zmieściło się mi w obudowie (mam COOLER MASTER ELITE RC-331-producent podaje, że szerokość, to jest 20 cm, jednak tyle to ma na przedniej osłonie, dalej jest już tylko 18 cm, a od tego by trzeba odjąć pewnie jeszcze kilka mm na sama płytę).
  7. falar

    Szpieg W Kompie

    A tego Trojana nie byłoby widać w logach?
  8. Witam po raz kolejny (jako, że nie jest to mój pierwszy post w tym dziale). Znowu nie jest to problem z moim komputerem. Nie miałem możliwości zobaczenia "pacjenta", więc wszystkie informacje dostałem przez gg. a wiec kolega podejrzewa, że ma w komputerze jakiegoś spyware'a. Objawy, o których wiem to wysyłanie wiadomości na gg (tzn. wychodzą z numeru kolegi, mimo że on nie wysyłał) i nieznane próby zalogowania się na konto na allegro na jego konto. » Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - "silent runners" "Silent Runners.vbs", revision 59, http://www.silentrunners.org/ Operating System: Windows XP Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS] "Gadu-Gadu" = ""C:\Program Files\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu S.A."] "Shareaza" = ""C:\Program Files\Shareaza\Shareaza.exe" -tray" ["Shareaza Development Team"] "SpybotSD TeaTimer" = "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" ["Safer Networking Limited"] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."] "NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS] "nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"] "NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS] "Six Engine" = ""C:\Program Files\ASUS\Six Engine\SixEngine.exe" -r" [empty string] "Drive Xpert" = "C:\Program Files\ASUS\Drive Xpert\DriveXpert.exe" ["Silicon Image, Inc."] "Launch Direct Link" = ""C:\Program Files\ASUS\AI Direct Link\AsShare.exe"" [empty string] "Launch As Cmd Runner" = ""C:\Program Files\ASUS\AI Direct Link\AsCmd.exe" -reg" [null data] "Adobe Reader Speed Launcher" = ""C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"" ["Adobe Systems Incorporated"] "mcagent_exe" = "C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey" ["McAfee, Inc."] "SpeedTouch USB Diagnostics" = ""C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon" ["THOMSON Telecom Belgium"] "WOOWATCH" = "C:\PROGRA~1\NEOSTR~1\Watch.exe" ["France Télécom R&D"] "WOOTASKBARICON" = "C:\PROGRA~1\NEOSTR~1\GestMaj.exe TaskBarIcon.exe" ["France Télécom R&D"] "HP Software Update" = "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" ["Hewlett-Packard Co."] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {18DF081C-E8AD-4283-A596-FA578C2EBDC3}\(Default) = "AcroIEHelperStub" -> {HKLM...CLSID} = "Adobe PDF Link Helper" \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll" ["Adobe Systems Incorporated"] {377C180E-6F0E-4D4C-980F-F45BD3D40CF4}\(Default) = "McAntiPhishingBHO" -> {HKLM...CLSID} = "McAfee Phishing Filter" \InProcServer32\(Default) = "c:\PROGRA~1\mcafee\msk\mcapbho.dll" ["McAfee, Inc."] {53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided) -> {HKLM...CLSID} = "Spybot-S&D IE Protection" \InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"] {7DB2D5A0-7241-4E79-B68D-6309F01C5231}\(Default) = "scriptproxy" -> {HKLM...CLSID} = "scriptproxy" \InProcServer32\(Default) = "C:\Program Files\McAfee\VirusScan\scriptsn.dll" ["McAfee, Inc."] {CFC4F59B-A2DA-4e12-B337-52A4F871E10C}\(Default) = (no title provided) -> {HKLM...CLSID} = "UrlHelper Class" \InProcServer32\(Default) = "C:\Program Files\Shareaza Applications\Shareaza MediaBar\ShareazaIEHelper.dll" [null data] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wy wietlania" -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wy wietlania" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class" -> {HKLM...CLSID} = "DesktopContext Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper" -> {HKLM...CLSID} = "NVIDIA CPL Extension" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer" -> {HKLM...CLSID} = "Desktop Explorer" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu" -> {HKLM...CLSID} = "nView Desktop Context Menu" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler" -> {HKLM...CLSID} = "Microsoft Office Outlook" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS] "{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler" -> {HKLM...CLSID} = "Microsoft Office Metadata Handler" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS] "{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler" -> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ "WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" -> {HKLM...CLSID} = "WPDShServiceObj Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS] HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\ <<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS] HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."] HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ McCtxMenu\(Default) = "{01576F39-90DE-4D6E-A068-5B20C22BAAEE}" -> {HKLM...CLSID} = "CtxMenu Class" \InProcServer32\(Default) = "c:\PROGRA~1\mcafee\VIRUSS~1\mcctxmnu.dll" ["McAfee, Inc."] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\ McCtxMenu\(Default) = "{01576F39-90DE-4D6E-A068-5B20C22BAAEE}" -> {HKLM...CLSID} = "CtxMenu Class" \InProcServer32\(Default) = "c:\PROGRA~1\mcafee\VIRUSS~1\mcctxmnu.dll" ["McAfee, Inc."] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] Default executables: -------------------- <<!>> HKLM\SOFTWARE\Classes\.com\(Default) = "ComFile" Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ "NoDrives" = (REG_DWORD) dword:0x00000000 {unrecognized setting} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ "NoDrives" = (REG_DWORD) dword:0x00000000 {unrecognized setting} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ "shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} "DisableRegistryTools" = (REG_DWORD) dword:0x00000000 {unrecognized setting} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp" Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp" Windows Portable Device AutoPlay Handlers ----------------------------------------- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ HPUnloadAutoplay\ "Provider" = "Przesyłanie HP i Szybki wydruk" "InvokeProgID" = "HpqUnApl.Autoplay" "InvokeVerb" = "Play" HKLM\SOFTWARE\Classes\HpqUnApl.Autoplay\shell\Play\DropTarget\CLSID = "{E1A1C814-FD09-4c9d-BB4A-0394B836A1F0}" -> {HKLM...CLSID} = (no title provided) \LocalServer32\(Default) = "C:\Program Files\HP\Digital Imaging\Unload\HpqUnApl.exe" ["Hewlett-Packard"] MPCPlayCDAudioOnArrival\ "Provider" = "Media Player Classic" "InvokeProgID" = "MediaPlayerClassic.Autorun" "InvokeVerb" = "PlayCDAudio" HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayCDAudio\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1 /cd" ["Gabest"] MPCPlayDVDMovieOnArrival\ "Provider" = "Media Player Classic" "InvokeProgID" = "MediaPlayerClassic.Autorun" "InvokeVerb" = "PlayDVDMovie" HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayDVDMovie\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1 /dvd" ["Gabest"] MPCPlayMusicFilesOnArrival\ "Provider" = "Media Player Classic" "InvokeProgID" = "MediaPlayerClassic.Autorun" "InvokeVerb" = "PlayMusicFiles" HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayMusicFiles\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1" ["Gabest"] MPCPlayVideoFilesOnArrival\ "Provider" = "Media Player Classic" "InvokeProgID" = "MediaPlayerClassic.Autorun" "InvokeVerb" = "PlayVideoFiles" HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayVideoFiles\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1" ["Gabest"] MSWPDShellNamespaceHandler\ "Provider" = "@%SystemRoot%\System32\WPDShextRes.dll,-501" "CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}" "InitCmdLine" = " " -> {HKLM...CLSID} = "WPDShextAutoplay" \LocalServer32\(Default) = "C:\WINDOWS\system32\WPDShextAutoplay.exe" [MS] Startup items in "Administrator" & "All Users" startup folders: --------------------------------------------------------------- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart "HP Digital Imaging Monitor" -> shortcut to: "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" ["Hewlett-Packard Co."] Enabled Scheduled Tasks: ------------------------ "McDefragTask" -> launches: "c:\PROGRA~1\mcafee\mqc\QcConsol.exe "C:\WINDOWS\system32\defrag.exe" C: -f" ["McAfee, Inc."] "McQcTask" -> launches: "c:\PROGRA~1\mcafee\mqc\QcConsol.exe 14 0" ["McAfee, Inc."] "WebReg Officejet 5600 series" -> launches: "C:\Program Files\HP\Digital Imaging\bin\hpqwrg.exe "Officejet 5600 series"" ["Hewlett-Packard Co."] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 17 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{196C3A46-4758-433D-A600-802C804AF39C}" -> {HKLM...CLSID} = "Shareaza MediaBar" \InProcServer32\(Default) = "C:\Program Files\Shareaza Applications\Shareaza MediaBar\ShareazaMediaBar.dll" ["Shareaza"] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ "{196C3A46-4758-433D-A600-802C804AF39C}" = (no title provided) -> {HKLM...CLSID} = "Shareaza MediaBar" \InProcServer32\(Default) = "C:\Program Files\Shareaza Applications\Shareaza MediaBar\ShareazaMediaBar.dll" ["Shareaza"] Explorer Bars HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Badanie" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\ {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ "ButtonText" = "Badanie" {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\ "MenuText" = "Spybot - Search & Destroy Configuration" "CLSIDExtension" = "{53707962-6F74-2D53-2644-206D7942484F}" -> {HKLM...CLSID} = "Spybot-S&D IE Protection" \InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"] {E2E2DD38-D088-4134-82B7-F2BA38496583}\ "MenuText" = "@xpsp3res.dll,-20001" "Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS] Miscellaneous IE Hijack Points ------------------------------ HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\ <<H>> "{08C06D61-F1F3-4799-86F8-BE1A89362C85}" = (no title provided) -> {HKLM...CLSID} = "Search Class" \InProcServer32\(Default) = "C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL" [empty string] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ 57xx SteelVine, 57xx SteelVine Manager, "C:\Program Files\ASUS\Drive Xpert\SteelVine.exe" [null data] France Telecom Routing Table Service, FTRTSVC, "C:\WINDOWS\System32\FTRTSVC.exe" ["France Telecom"] McAfee Anti-Spam Service, MSK80Service, ""C:\Program Files\McAfee\MSK\MskSrver.exe"" ["McAfee, Inc."] McAfee Network Agent, McNASvc, ""c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe"" ["McAfee, Inc."] McAfee Personal Firewall Service, MpfService, ""C:\Program Files\McAfee\MPF\MPFSrv.exe"" ["McAfee, Inc."] McAfee Proxy Service, McProxy, "c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe" ["McAfee, Inc."] McAfee Real-time Scanner, McShield, "C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe" ["McAfee, Inc."] McAfee Services, mcmscsvc, "C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe" ["McAfee, Inc."] McAfee SystemGuards, McSysmon, "C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe" ["McAfee, Inc."] NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"] Print Monitors: --------------- HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\ HP Standard TCP/IP Port\Driver = "HpTcpMon.dll" ["Hewlett Packard"] hpzsnt12\Driver = "hpzsnt12.dll" ["HP"] Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS] ---------- (launch time: 2009-01-08 19:50:25) <<!>>: Suspicious data at a malware launch point. <<H>>: Suspicious data at a browser hijack point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 20 seconds. ---------- (total run time: 46 seconds) » Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - "ComboFix" ComboFix 09-01-08.01 - Administrator 2009-01-08 19:41:00.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.2047.1540 [GMT 1:00] Uruchomiony z: c:\documents and settings\Administrator\Pulpit\ComboFix.exe * Utworzono nowy punkt przywracania * Resident AV is active . ((((((((((((((((((((((((( Pliki utworzone od 2008-12-08 do 2009-01-08 ))))))))))))))))))))))))))))))) . 2009-01-03 10:38 . 2009-01-04 11:18 <DIR> d-------- c:\program files\Spybot - Search & Destroy 2009-01-03 10:38 . 2009-01-04 11:19 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Spybot - Search & Destroy 2009-01-03 10:34 . 2009-01-03 10:36 15,083,520 --a------ c:\program files\spybotsd160.exe 2009-01-02 21:57 . 2009-01-02 21:57 <DIR> d-------- c:\program files\Trend Micro 2009-01-02 21:56 . 2009-01-02 21:56 812,344 --a------ c:\program files\HJTInstall.exe 2009-01-02 08:26 . 2009-01-02 08:26 <DIR> d-------- c:\program files\MSXML 4.0 2009-01-02 08:26 . 2009-01-02 08:26 <DIR> d-------- c:\program files\Microsoft CAPICOM 2.1.0.2 2008-12-31 14:21 . 2008-12-31 14:21 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\HP 2008-12-31 14:20 . 2008-12-31 14:21 <DIR> d-------- c:\program files\Common Files\HP 2008-12-31 14:19 . 2008-12-31 14:19 <DIR> d-------- c:\program files\Hewlett-Packard 2008-12-31 14:18 . 2008-12-31 14:18 <DIR> d-------- c:\program files\Common Files\Hewlett-Packard 2008-12-31 14:14 . 2008-04-13 19:45 15,104 --a------ c:\windows\system32\drivers\usbscan.sys 2008-12-31 14:14 . 2008-04-13 19:45 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys 2008-12-31 14:13 . 1998-10-29 16:45 306,688 --a------ c:\windows\IsUninst.exe 2008-12-31 14:13 . 2004-09-29 12:12 278,584 --a------ c:\windows\system32\HPZidr12.dll 2008-12-31 14:13 . 2004-09-29 12:15 204,800 --a------ c:\windows\system32\HPZipr12.dll 2008-12-31 14:13 . 2004-09-29 12:09 94,208 --a------ c:\windows\system32\HPZipt12.dll 2008-12-31 14:13 . 2004-09-29 12:14 69,632 --a------ c:\windows\system32\HPZipm12.exe 2008-12-31 14:13 . 2004-09-29 12:08 61,440 --a------ c:\windows\system32\HPZinw12.exe 2008-12-31 14:13 . 2004-09-29 12:09 57,344 --a------ c:\windows\system32\HPZisn12.dll 2008-12-31 14:12 . 2008-12-31 14:21 <DIR> d-------- c:\program files\HP 2008-12-31 14:10 . 2008-12-31 14:10 <DIR> d-------- c:\documents and settings\Administrator\Dane aplikacji\HP 2008-12-31 14:10 . 2008-12-31 14:31 113,856 --a------ c:\windows\hpoins07.dat 2008-12-31 14:10 . 2005-05-24 09:22 21,124 --------- c:\windows\hpomdl07.dat 2008-12-31 13:48 . 2008-04-13 19:47 25,856 --a------ c:\windows\system32\drivers\usbprint.sys 2008-12-31 13:48 . 2008-04-13 19:47 25,856 --a--c--- c:\windows\system32\dllcache\usbprint.sys 2008-12-31 13:47 . 2008-04-13 19:45 32,128 --a------ c:\windows\system32\drivers\usbccgp.sys 2008-12-31 13:47 . 2008-04-13 19:45 32,128 --a--c--- c:\windows\system32\dllcache\usbccgp.sys 2008-12-26 19:16 . 2008-12-26 19:16 <DIR> d-------- c:\program files\Shareaza 2008-12-26 19:16 . 2008-12-26 19:16 <DIR> d-------- c:\documents and settings\Administrator\Dane aplikacji\Shareaza 2008-12-26 19:13 . 2008-12-26 19:13 <DIR> d-------- c:\program files\Shareaza Applications 2008-12-26 19:10 . 2008-12-26 19:16 6,744,741 --a------ c:\program files\ShareazaV4pl.exe 2008-12-26 17:06 . 2008-12-26 17:06 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\363B9 2008-12-25 16:48 . 2008-12-25 16:48 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\B94 2008-12-24 09:33 . 2008-12-24 09:33 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\1B1B5 2008-12-23 23:13 . 2006-11-12 12:39 483,328 --a------ c:\windows\system32\actskn45.ocx 2008-12-21 16:10 . 2008-12-21 16:10 <DIR> d-------- c:\program files\ai 2008-12-21 14:43 . 2008-12-21 14:43 <DIR> d-------- c:\documents and settings\Administrator\Dane aplikacji\Media Player Classic 2008-12-21 00:54 . 2008-12-23 00:00 652 --a------ c:\windows\eReg.dat 2008-12-21 00:40 . 2008-12-21 00:40 <DIR> d-------- c:\program files\GameSpy Arcade 2008-12-21 00:39 . 2008-12-21 00:39 <DIR> d-------- c:\program files\EA GAMES 2008-12-20 23:05 . 2009-01-01 14:17 <DIR> d-------- c:\documents and settings\Administrator\.jpi_cache 2008-12-20 23:05 . 2008-12-20 23:05 <DIR> d-------- c:\documents and settings\Administrator\.java 2008-12-19 22:44 . 2008-12-19 22:44 <DIR> d-------- c:\documents and settings\Administrator\Dane aplikacji\Gadu-Gadu 2008-12-19 22:11 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll 2008-12-19 22:11 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui 2008-12-19 21:45 . 2008-12-19 21:45 <DIR> d-------- c:\program files\Gadu-Gadu 2008-12-19 21:45 . 2008-12-31 11:37 <DIR> d-------- c:\documents and settings\Administrator\Gadu-Gadu 2008-12-19 21:40 . 2008-12-31 11:27 4,350,416 --a------ c:\program files\gg77.exe 2008-12-19 17:05 . 2004-08-23 14:50 32,768 --a------ c:\windows\system32\WooDial2000.dll 2008-12-19 17:04 . 2008-12-19 17:04 <DIR> d-------- c:\windows\system32\alertModule 2008-12-19 17:04 . 2008-12-19 17:04 <DIR> d-------- c:\program files\Thomson 2008-12-19 17:04 . 2003-12-08 11:53 70,688 --a------ c:\windows\system32\drivers\alcaudsl.sys 2008-12-19 17:04 . 2003-12-08 11:53 53,600 --a------ c:\windows\system32\drivers\alcan5wn.sys 2008-12-19 17:04 . 2003-12-08 11:53 5,606 --a------ c:\windows\system32\stci.dll 2008-12-19 17:04 . 2003-12-08 11:53 5,280 --a------ c:\windows\system32\drivers\alcawh.sys 2008-12-19 17:04 . 2003-12-08 11:53 3,968 --a------ c:\windows\system32\drivers\alcacr.sys 2008-12-19 17:03 . 2008-12-19 17:03 <DIR> d-------- c:\program files\Java 2008-12-19 17:03 . 2003-08-04 14:22 94,208 --a------ c:\windows\system32\W32n50.dll 2008-12-19 17:03 . 2002-11-01 20:15 45,175 --------- c:\windows\system32\plugincpl140_03.cpl 2008-12-19 17:03 . 2002-11-01 20:15 41,068 --------- c:\windows\system32\ActPanel.dll 2008-12-19 17:03 . 2004-08-23 14:49 40,960 --a------ c:\windows\system32\FTRTSVC.exe 2008-12-19 17:03 . 2005-10-06 15:55 36,864 --a------ c:\windows\system32\IfHelper.dll 2008-12-19 17:03 . 2003-08-04 14:22 16,128 --------- c:\windows\system32\PCANDIS5.SYS 2008-12-19 17:02 . 2009-01-08 17:46 <DIR> d-------- c:\program files\neostrada tp 2008-12-19 17:01 . 2008-12-19 17:01 <DIR> d--hs---- c:\windows\ftpcache 2008-12-18 15:05 . 2009-01-08 17:47 9,447 --a------ c:\windows\system32\Config.MPF 2008-12-18 15:04 . 2008-12-18 15:04 <DIR> d-------- c:\program files\K-Lite Codec Pack 2008-12-18 15:03 . 2007-11-22 06:44 201,320 --a------ c:\windows\system32\drivers\mfehidk.sys 2008-12-18 15:03 . 2007-07-13 06:20 113,952 --a------ c:\windows\system32\drivers\Mpfp.sys 2008-12-18 15:03 . 2007-11-22 06:44 79,304 --a------ c:\windows\system32\drivers\mfeavfk.sys 2008-12-18 15:03 . 2007-12-02 12:51 40,488 --a------ c:\windows\system32\drivers\mfesmfk.sys 2008-12-18 15:03 . 2007-11-22 06:44 35,240 --a------ c:\windows\system32\drivers\mfebopk.sys 2008-12-18 15:03 . 2007-11-22 06:44 33,832 --a------ c:\windows\system32\drivers\mferkdk.sys 2008-12-18 15:02 . 2008-12-18 15:02 <DIR> d-------- c:\program files\McAfee.com 2008-12-18 15:02 . 2009-01-06 08:57 <DIR> d-------- c:\program files\McAfee 2008-12-18 15:02 . 2008-12-18 15:03 <DIR> d-------- c:\program files\Common Files\McAfee 2008-12-18 13:44 . 2008-12-18 15:05 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\McAfee 2008-12-18 13:38 . 2008-12-18 13:38 0 --a------ c:\windows\nsreg.dat 2008-12-18 13:30 . 2008-12-18 13:30 <DIR> d-------- c:\program files\MSECache 2008-12-18 13:16 . 2008-12-18 13:16 <DIR> d-------- c:\program files\Common Files\Adobe 2008-12-18 13:04 . 2007-04-09 13:23 28,040 --a------ c:\windows\system32\mdimon.dll 2008-12-18 13:04 . 2008-12-18 13:04 421 --a------ c:\windows\ODBC.INI 2008-12-18 13:03 . 2008-12-18 13:03 <DIR> d-------- c:\program files\Microsoft.NET 2008-12-18 13:01 . 2008-12-18 13:03 <DIR> d-------- c:\windows\SHELLNEW 2008-12-18 12:37 . 2008-12-18 12:37 <DIR> d-------- c:\windows\system32\pl 2008-12-18 12:37 . 2008-12-18 12:37 <DIR> d-------- c:\windows\system32\bits 2008-12-18 12:37 . 2008-12-18 12:37 <DIR> d-------- c:\windows\l2schemas 2008-12-18 12:36 . 2008-12-18 12:36 <DIR> d-------- c:\windows\ServicePackFiles 2008-12-18 12:30 . 2004-08-04 00:35 701,440 --------- c:\windows\system32\drivers\ati2mtag.sys 2008-12-18 12:24 . 2008-12-18 12:24 <DIR> d-------- c:\program files\Windows Media Connect 2 2008-12-18 12:24 . 2006-10-04 15:06 1,197,294 --a--c--- c:\windows\system32\dllcache\sysmain.sdb 2008-12-18 12:23 . 2008-12-18 12:23 <DIR> d-------- c:\windows\system32\LogFiles 2008-12-18 12:23 . 2008-12-18 12:24 <DIR> d-------- c:\windows\system32\drivers\UMDF . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-02 11:43 139,264 ----a-w c:\windows\system32\hpzjrd01.dll 2008-12-31 12:36 881 ----a-w c:\program files\pekoa24.prv 2008-12-22 22:53 --------- d--h--w c:\program files\InstallShield Installation Information 2008-12-18 10:44 --------- d-----w c:\program files\ASUS 2008-12-18 10:39 --------- d-----w c:\program files\Downloaded Installations 2008-12-18 10:34 --------- d-----w c:\program files\Common Files\InstallShield 2008-12-18 10:34 --------- d-----w c:\program files\AGEIA Technologies 2008-12-18 10:33 --------- d-----w c:\program files\Common Files\Wise Installation Wizard 2008-12-18 10:18 319,488 ----a-w c:\windows\HideWin.exe 2008-12-18 10:18 --------- d-----w c:\program files\Realtek 2008-12-18 10:15 --------- d-----w c:\program files\Intel 2008-12-18 09:38 --------- d-----w c:\program files\microsoft frontpage 2008-12-18 09:36 --------- d-----w c:\program files\Usługi online 2008-11-24 14:32 57,344 ----a-w c:\windows\system32\ff_vfw.dll 2008-11-12 12:45 453,152 ----a-w c:\windows\system32\NVUNINST.EXE 2008-10-28 22:35 684,032 ----a-w c:\windows\system32\divx.dll 2008-10-23 12:42 286,720 ----a-w c:\windows\system32\gdi32.dll 2008-10-16 20:33 826,368 ----a-w c:\windows\system32\wininet.dll 2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll 2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll 2008-10-16 13:07 208,744 ----a-w c:\windows\system32\muweb.dll 2008-10-13 08:56 70,936 ----a-w c:\windows\system32\PhysXLoader.dll . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domy lne, prawidłowe wpisy nie sš pokazane REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CFC4F59B-A2DA-4e12-B337-52A4F871E10C}] 2008-07-15 12:33 394688 --a------ c:\program files\Shareaza Applications\Shareaza MediaBar\ShareazaIEHelper.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{196C3A46-4758-433D-A600-802C804AF39C}"= "c:\program files\Shareaza Applications\Shareaza MediaBar\ShareazaMediaBar.dll" [2008-07-15 480704] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{196C3A46-4758-433D-A600-802C804AF39C}"= "c:\program files\Shareaza Applications\Shareaza MediaBar\ShareazaMediaBar.dll" [2008-07-15 480704] [HKEY_CLASSES_ROOT\clsid\{196c3a46-4758-433d-a600-802c804af39c}] [HKEY_CLASSES_ROOT\ShareazaMediaBar.StockBar.1] [HKEY_CLASSES_ROOT\TypeLib\{89807A16-AC31-4449-AB91-06A753813543}] [HKEY_CLASSES_ROOT\ShareazaMediaBar.StockBar] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2008-03-20 2127296] "Shareaza"="c:\program files\Shareaza\Shareaza.exe" [2008-10-01 5723136] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-12 13672448] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-11-12 86016] "Six Engine"="c:\program files\ASUS\Six Engine\SixEngine.exe" [2008-05-14 5958656] "Drive Xpert"="c:\program files\ASUS\Drive Xpert\DriveXpert.exe" [2008-05-22 10235904] "Launch Direct Link"="c:\program files\ASUS\AI Direct Link\AsShare.exe" [2007-11-16 1209856] "Launch As Cmd Runner"="c:\program files\ASUS\AI Direct Link\AsCmd.exe" [2007-04-11 376832] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992] "SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816] "WOOWATCH"="c:\progra~1\NEOSTR~1\Watch.exe" [2004-08-23 20480] "WOOTASKBARICON"="c:\progra~1\NEOSTR~1\GestMaj.exe" [2004-10-14 32768] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152] "RTHDCPL"="RTHDCPL.EXE" [2008-07-03 c:\windows\RTHDCPL.exe] "nwiz"="nwiz.exe" [2008-11-12 c:\windows\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Menu Start\Programy\Autostart\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 282624] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"= "c:\\Program Files\\Gadu-Gadu\\gg.exe"= "e:\\GRY\\MOHAA.exe"= "c:\\Program Files\\Shareaza\\Shareaza.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1e51x86.sys [2008-12-18 38400] R4 57xx SteelVine Manager;57xx SteelVine;c:\program files\ASUS\Drive Xpert\SteelVine.exe [2008-05-22 1286144] . Zawarto ć folderu 'Zaplanowane zadania' 2008-12-18 c:\windows\Tasks\McDefragTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32] 2009-01-01 c:\windows\Tasks\McQcTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32] 2009-01-07 c:\windows\Tasks\WebReg Officejet 5600 series.job - c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2005-05-12 00:21] . . ------- Skan uzupełniajšcy ------- . uStart Page = hxxp://search.shareazaweb.com/pl/ IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: { - c:\program files\Messenger\msmsgs.exe TCP: {4AE7D711-2E31-48C8-A479-EE4875F1B5CA} = 194.204.159.1 217.98.63.164 FF - ProfilePath - c:\documents and settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\kcfz0spt.default\ FF - prefs.js: browser.startup.homepage - hxxp://search.shareazaweb.com/pl/ FF - plugin: c:\documents and settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\kcfz0spt.default\extensions\SignPlugin@pekao.pl\plugins\NPSignPluginPEKAO.dll FF - plugin: c:\program files\Java\j2re1.4.0_03\bin\NPJava11.dll FF - plugin: c:\program files\Java\j2re1.4.0_03\bin\NPJava12.dll FF - plugin: c:\program files\Java\j2re1.4.0_03\bin\NPJava13.dll FF - plugin: c:\program files\Java\j2re1.4.0_03\bin\NPJava32.dll FF - plugin: c:\program files\Java\j2re1.4.0_03\bin\NPJPI140_03.dll FF - plugin: c:\program files\Java\j2re1.4.0_03\bin\NPOJI610.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPJava11.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPJava12.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPJava13.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPJava32.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPJPI140_03.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPOJI610.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-08 19:41:59 Windows 5.1.2600 Dodatek Service Pack 3 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomy lnie ukończone ukryte pliki: 0 ************************************************************************** . Czas ukończenia: 2009-01-08 19:42:44 ComboFix-quarantined-files.txt 2009-01-08 18:42:41 Przed: 153 185 931 264 bajtów wolnych Po: 153,229,758,464 bajtów wolnych WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 257 --- E O F --- 2009-01-02 07:26:16 » Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - "HijackThis" Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:59:08, on 2009-01-08 Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ASUS\Drive Xpert\SteelVine.exe C:\WINDOWS\System32\FTRTSVC.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\McAfee\MSK\MskSrver.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\ASUS\Six Engine\SixEngine.exe C:\Program Files\ASUS\Drive Xpert\DriveXpert.exe C:\Program Files\ASUS\AI Direct Link\AsShare.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\PROGRA~1\NEOSTR~1\TaskBarIcon.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\neostrada tp\neostradatp.exe C:\Program Files\neostrada tp\ComComp.exe C:\PROGRA~1\NEOSTR~1\Toaster.exe C:\PROGRA~1\NEOSTR~1\Inactivity.exe C:\PROGRA~1\NEOSTR~1\PollingModule.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe C:\Program Files\neostrada tp\Watch.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.shareazaweb.com/pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: UrlHelper Class - {CFC4F59B-A2DA-4e12-B337-52A4F871E10C} - C:\Program Files\Shareaza Applications\Shareaza MediaBar\ShareazaIEHelper.dll O3 - Toolbar: Shareaza MediaBar - {196C3A46-4758-433D-A600-802C804AF39C} - C:\Program Files\Shareaza Applications\Shareaza MediaBar\ShareazaMediaBar.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [six Engine] "C:\Program Files\ASUS\Six Engine\SixEngine.exe" -r O4 - HKLM\..\Run: [Drive Xpert] C:\Program Files\ASUS\Drive Xpert\DriveXpert.exe O4 - HKLM\..\Run: [Launch Direct Link] "C:\Program Files\ASUS\AI Direct Link\AsShare.exe" O4 - HKLM\..\Run: [Launch As Cmd Runner] "C:\Program Files\ASUS\AI Direct Link\AsCmd.exe" -reg O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\GestMaj.exe TaskBarIcon.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray O4 - HKCU\..\Run: [shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1229602726890 O17 - HKLM\System\CCS\Services\Tcpip\..\{4AE7D711-2E31-48C8-A479-EE4875F1B5CA}: NameServer = 194.204.159.1 217.98.63.164 O17 - HKLM\System\CS1\Services\Tcpip\..\{4AE7D711-2E31-48C8-A479-EE4875F1B5CA}: NameServer = 194.204.159.1 217.98.63.164 O23 - Service: 57xx SteelVine (57xx SteelVine Manager) - Unknown owner - C:\Program Files\ASUS\Drive Xpert\SteelVine.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe -- End of file - 7886 bytes
  9. w takim razie muszę wyjaśnić pewne sprawy. Jako, ze nie jest to mój komputer, więc nie mogę wyrzucić, ani zablokować działania IE, więc dźwięk Java i ochrona powininy zostać. Nie chodzi mi o przyspieszenie tego komputera, mam go tylko doprowadzić do stanu normalnej używalności. Z tego co wiem, to nie ma problemów z nadmiernym zżeraniem zasobów przez antywirusa, więc ten powód raczej można wyeliminować. Co do nie zamkniętych programów, to racja-mój błąd. Odnośnie HdTune, to jako iż to nie jest mój komputer, ani fizycznie nie znajduje się u mnie obecnie, więc nie mam chwilowo się do niego dostać, żeby uruchomić ten program, będę miał taką możliwość w piątek, więc wtedy postaram się wrzucić screeny, ale właśnie obawiam się, że wina leży po stronie dysku.
  10. Witam. Proszę o sprawdzenie logów, ponieważ komputer ten bardzo wolno pracuje. (Combofix działa przez 4,5h, co raczej nie jest normalne). Dysk nie jest aż tak duży, żeby wymagał tak długiej pracy-ma chyba 40 GB (dokładnie nie jestem w stanie podac, bo to nie jest mój komputer) Logi: » Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - "HijackThis" Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:32:55, on 2008-12-29 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINDOWS\System32\RunDll32.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Gadu-Gadu1\gg.exe C:\WINDOWS\system32\mmc.exe C:\WINDOWS\system32\DfrgNtfs.exe E:\mira\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.o2.pl/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (file missing) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (file missing) O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu1\gg.exe" /tray O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1203714359164 O16 - DPF: {76EE578D-314B-4755-8365-6E1722C001A2} (Bahu Photo Uploader) - http://www.bahu.com/BahuPhotoUploader.cab O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) - O20 - Winlogon Notify: nucdrvdll - nucdrvdll. (file missing) O20 - Winlogon Notify: style32 - C:\WINDOWS\q1756726.dll (file missing) O22 - SharedTaskScheduler: style 2 - {7A7E6D97-B492-4884-9ABB-C31281DCC4F2} - (no file) O22 - SharedTaskScheduler: z - {C7CF1142-0785-4B12-A280-B64681E4D45E} - (no file) O23 - Service: AVG7 alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe -- End of file - 4898 bytes » Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - "ComboFix" ComboFix 08-12-28.03 - ABC 2008-12-29 16:25:34.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.0.1250.1.1045.18.511.154 [GMT 1:00] Uruchomiony z: c:\documents and settings\ABC\Pulpit\ComboFix.exe * Utworzono nowy punkt przywracania UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !! . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\mdm.exe . ((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_MSUDP4 -------\Legacy_NUCDRV -------\Service_nucdrv ((((((((((((((((((((((((( Pliki utworzone od 2008-11-28 do 2008-12-29 ))))))))))))))))))))))))))))))) . 2008-12-29 14:34 . 2008-12-29 14:34 16,319,896 --a------ C:\jre-6u11-windows-i586-p-s.exe 2008-12-29 14:21 . 2008-12-29 14:21 1,851,544 --a------ C:\install_flash_player.exe 2008-12-29 13:50 . 2008-12-29 13:56 8,230,488 --a------ C:\Firefox Setup 3.0.5.exe . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-29 13:00 --------- d-----w c:\program files\Testy gimnazjalne 2005 2008-12-29 13:00 --------- d-----w c:\program files\Testy gimnazjalne 2008-12-29 12:57 --------- d-----w c:\program files\eduROM 2008-12-29 12:57 --------- d-----w c:\program files\Common Files\GraphBoard 2.50 2008-12-29 12:47 --------- d--h--w c:\program files\InstallShield Installation Information 2008-12-29 12:45 --------- d-----w c:\program files\Cyanide 2008-12-29 12:42 --------- d-----w c:\program files\Wapster 2008-12-08 19:43 --------- d-----w c:\documents and settings\ABC\Dane aplikacji\U3 2005-11-08 18:37 5,496,440 ----a-w c:\program files\Firefox Setup 1.0.7.exe 2005-11-08 18:21 1,426,540 ----a-w c:\program files\mozilla-1.7.12.pl-PL.langpack.xpi 2005-11-08 18:18 11,802,153 ----a-w c:\program files\mozilla-1.7.12.pl-PL.win32.installer.exe 2001-11-23 04:08 712,704 ----a-w c:\windows\inf\OTHER\AUDIO3D.DLL 1999-05-17 20:58 99,840 ----a-w c:\program files\Common Files\IRAABOUT.DLL 1998-12-09 08:53 70,144 ----a-w c:\program files\Common Files\IRAMDMTR.DLL 1998-12-09 08:53 48,640 ----a-w c:\program files\Common Files\IRALPTTR.DLL 1998-12-09 08:53 31,744 ----a-w c:\program files\Common Files\IRAWEBTR.DLL 1998-12-09 08:53 186,368 ----a-w c:\program files\Common Files\IRAREG.DLL 1998-12-09 08:53 17,920 ----a-w c:\program files\Common Files\IRASRIAL.DLL . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 2097488] "Gadu-Gadu"="c:\program files\Gadu-Gadu1\gg.exe" [2008-03-20 2127296] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVG7_EMC"="c:\progra~1\Grisoft\AVGFRE~1\avgemc.exe" [2007-12-30 406528] "AVG7_CC"="c:\progra~1\Grisoft\AVGFRE~1\avgcc.exe" [2008-10-16 590848] "NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2006-10-22 7700480] "NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2006-10-22 86016] "nwiz"="nwiz.exe" [2006-10-22 c:\windows\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2001-10-26 13312] "AVG7_Run"="c:\progra~1\Grisoft\AVGFRE~1\avgw.exe" [2007-11-06 219136] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.AP41"= APmpg4v1.dll "vidc.DIV3"= DivXc32.dll "vidc.DIV4"= DivXc32f.dll "msacm.divxa32"= DivXa32.acm "msacm.l3codecp"= l3codecp.acm [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk] path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] --a------ 2005-06-06 23:46 57344 c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeviceDiscovery] --a------ 2002-12-02 19:56 40960 c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gcasServ] --a------ 2005-06-24 14:24 473928 c:\program files\Microsoft AntiSpyware\gcasServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] -ra------ 2002-12-17 10:40 49152 c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility] --a------ 2003-03-26 08:19 172032 c:\windows\system32\spool\drivers\w32x86\3\hpztsb08.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --a------ 2001-08-02 06:14 1077277 c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck] --a------ 2001-07-09 11:50 155648 c:\windows\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2007-09-25 01:11 132496 c:\program files\Java\jre1.6.0_03\bin\jusched.exe S3 V90drv;v90drv;c:\windows\System32\DRIVERS\v90drv.sys [2001-11-29 1432836] . - - - - USUNIĘTO PUSTE WPISY - - - - HKLM-Run-Cmaudio - cmicnfg.cpl Notify-nucdrvdll - (no file) Notify-style32 - (no file) MSConfigStartUp-avast! - c:\progra~1\ALWILS~1\Avast4\ashDisp.exe MSConfigStartUp-Komunikator - c:\program files\Tlen.pl\tlen.exe MSConfigStartUp-Nowe Gadu-Gadu - c:\program files\Nowe Gadu-Gadu\gg.exe MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.o2.pl/ uSearch Bar = hxxp://www.google.com/ie mLocal Page = about:blank mStart Page = about:blank mSearchAssistant = hxxp://www.google.com/ie IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm c:\windows\System32\unicows.dll - c:\windows\Downloaded Program Files\BahuPhotoUploader.ocx O16 -: {76EE578D-314B-4755-8365-6E1722C001A2} hxxp://www.bahu.com/BahuPhotoUploader.cab c:\windows\Downloaded Program Files\BahuPhotoUploader.inf . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-29 21:00:43 Windows 5.1.2600 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... ************************************************************************** . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'winlogon.exe'(640) c:\windows\system32\ODBC32.dll c:\windows\System32\l3codeca.acm c:\windows\system32\DivXa32.acm c:\windows\system32\l3codecp.acm - - - - - - - > 'lsass.exe'(696) c:\windows\System32\dssenh.dll . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\progra~1\Grisoft\AVGFRE~1\avgamsvr.exe c:\progra~1\Grisoft\AVGFRE~1\avgupsvc.exe c:\windows\system32\locator.exe c:\windows\system32\wdfmgr.exe c:\windows\system32\rundll32.exe . ************************************************************************** . Czas ukończenia: 2008-12-29 21:08:17 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2008-12-29 20:06:57 Przed: 10 274 693 120 bajtów wolnych Po: 17,916,289,024 bajtów wolnych 140 » Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - "Silent Runners" "Silent Runners.vbs", revision 58, http://www.silentrunners.org/ Operating System: Windows XP Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "SpybotSD TeaTimer" = "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" ["Safer Networking Limited"] "Gadu-Gadu" = ""C:\Program Files\Gadu-Gadu1\gg.exe" /tray" ["Gadu-Gadu S.A."] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "AVG7_EMC" = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe" ["GRISOFT, s.r.o."] "Cmaudio" = "RunDll32 cmicnfg.cpl,CMICtrlWnd" [MS] "AVG7_CC" = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."] "NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS] "nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"] "NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit" [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided) -> {HKLM...CLSID} = "Spybot-S&D IE Protection" \InProcServer32\(Default) = "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = "SSVHelper Class" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."] {AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided) -> {HKLM...CLSID} = "Google Toolbar Helper" \InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" [file not found] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania" -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."] "{59850401-6664-101B-B21C-00AA004BA90B}" = "Microsoft Office Binder Unbind" -> {HKLM...CLSID} = "Microsoft Office Binder Unbind" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office\1045\UNBIND.DLL" [MS] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL" [MS] "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension" -> {HKLM...CLSID} = "AVG7 Shell Extension Class" \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."] "{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension" -> {HKLM...CLSID} = "AVG7 Find Extension Class" \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."] "{ED65AB21-B24F-11d3-BA80-00C0CA16AA37}" = "Mobile" -> {HKLM...CLSID} = "Mobile" \InProcServer32\(Default) = "C:\Program Files\Siemens Data Suite\DES\DESShellExt.dll" ["Siemens AG"] "{ED65AB22-B24F-11d3-BA80-00C0CA16AA37}" = "Mobile ContextMenuHandler" -> {HKLM...CLSID} = "Mobile ContextMenuHandler" \InProcServer32\(Default) = "C:\Program Files\Siemens Data Suite\DES\DESShellExt.dll" ["Siemens AG"] "{ED65AB23-B24F-11d3-BA80-00C0CA16AA37}" = "Mobile PropertySheetHandler" -> {HKLM...CLSID} = "Mobile PropertySheetHandler" \InProcServer32\(Default) = "C:\Program Files\Siemens Data Suite\DES\DESShellExt.dll" ["Siemens AG"] "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu" -> {HKLM...CLSID} = "Portable Media Devices Menu" \InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS] "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class" -> {HKLM...CLSID} = "DesktopContext Class" \InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"] "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer" -> {HKLM...CLSID} = "Desktop Explorer" \InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu" -> {HKLM...CLSID} = "nView Desktop Context Menu" \InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"] "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper" -> {HKLM...CLSID} = "NVIDIA CPL Extension" \InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"] "{792F0537-F929-4eb7-AC1D-FB6334C71550}" = "LG Phone" -> {HKLM...CLSID} = "LG Phone" \InProcServer32\(Default) = "C:\PROGRA~1\LGPCSU~1\LGPHON~1\Phone.dll" ["LG Electornics"] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ <<!>> "{9EF34FF2-3396-4527-9D27-04C8C1C67806}" = "Microsoft AntiSpyware Service Hook" -> {HKLM...CLSID} = "Microsoft.AntiSpyware.ShellExecuteHook.1" \InProcServer32\(Default) = "C:\Program Files\Microsoft AntiSpyware\shellextension.dll" [MS] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <<!>> nucdrvdll\DLLName = "nucdrvdll." [file not found] <<!>> style32\DLLName = "C:\WINDOWS\q1756726.dll" [file not found] HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" -> {HKLM...CLSID} = "AVG7 Shell Extension Class" \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\ AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" -> {HKLM...CLSID} = "AVG7 Shell Extension Class" \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\ "DisableRegistryTools" = (REG_DWORD) dword:0x00000000 {User Configuration|Administrative Templates|System| Prevent access to registry editing tools} HKCU\Software\Policies\Microsoft\Windows\System\ "DisableCMD" = (REG_DWORD) dword:0x00000000 {User Configuration|Administrative Templates|System| Disable the command prompt} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ "shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "C:\Documents and Settings\ABC\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp" Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Documents and Settings\ABC\Dane aplikacji\Microsoft\Internet Explorer\Tapeta programu Internet Explorer.bmp" Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ "SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS] Windows Portable Device AutoPlay Handlers ----------------------------------------- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ BlankCDHandler\ "Provider" = "@C:\Program Files\Ahead\Nero\APHandler.dll,-101" "InvokeProgID" = "APHandler.Handler.1" "InvokeVerb" = "BlankCD" HKLM\SOFTWARE\Classes\APHandler.Handler.1\shell\BlankCD\command\(Default) = "C:\Program Files\Ahead\Nero\\nero.exe /BlankCD" ["Ahead Software AG Karlsbad Germany Phone: ++49-7248-911-800 Fax: ++49-7248-911-888 e-mail: info@nero.com"] CDAudioHandler\ "Provider" = "@C:\Program Files\Ahead\Nero\APHandler.dll,-101" "InvokeProgID" = "APHandler.Handler.1" "InvokeVerb" = "CDAudio" HKLM\SOFTWARE\Classes\APHandler.Handler.1\shell\CDAudio\command\(Default) = "C:\Program Files\Ahead\Nero\\nero.exe /CDAudio" ["Ahead Software AG Karlsbad Germany Phone: ++49-7248-911-800 Fax: ++49-7248-911-888 e-mail: info@nero.com"] PDVDPlayDVDMovieOnArrival\ "Provider" = "PowerDVD" "InvokeProgID" = "DVD" "InvokeVerb" = "PlayWithPowerDVD" HKLM\SOFTWARE\Classes\DVD\shell\PlayWithPowerDVD\Command\(Default) = ""C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" "%l"" ["CyberLink Corp."] PSASE30ImportPicturesOnArrival\ "Provider" = "Adobe Photoshop Album Starter Edition" "InvokeProgID" = "PSASE30.autoplay" "InvokeVerb" = "launch" HKLM\SOFTWARE\Classes\PSASE30.autoplay\shell\launch\command\(Default) = ""C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\psaproxy.exe" -v %1\" ["Adobe Systems Incorporated"] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 11 %SystemRoot%\system32\rsvpsp.dll [null data], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" -> {HKLM...CLSID} = "&Google" \InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" [file not found] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided) -> {HKLM...CLSID} = "&Google" \InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" [file not found] Extensions (Tools menu items, main toolbar menu buttons) HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ "MenuText" = "Sun Java Console" "CLSIDExtension" = "{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}" -> {HKCU...CLSID} = "Java Plug-in 1.6.0_03" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."] -> {HKLM...CLSID} = "Java Plug-in 1.6.0_03" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll" ["Sun Microsystems, Inc."] {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\ "MenuText" = "Spybot - Search && Destroy Configuration" "CLSIDExtension" = "{53707962-6F74-2D53-2644-206D7942484F}" -> {HKLM...CLSID} = "Spybot-S&D IE Protection" \InProcServer32\(Default) = "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ AVG7 alert Manager Server, Avg7Alrt, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe" ["GRISOFT, s.r.o."] AVG7 Update Service, Avg7UpdSvc, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe" ["GRISOFT, s.r.o."] Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\System32\wdfmgr.exe" [MS] Print Monitors: --------------- HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\ hpzlnt08\Driver = "hpzlnt08.dll" ["HP"] OLFax Ports\Driver = "OLFMNT40.DLL" [MS] ---------- (launch time: 2008-12-29 15:34:41) <<!>>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 1338 seconds. ---------- (total run time: 2919 seconds)
  11. mam więc przez to rozumieć, że logi są czyste? (bo skoro już wrzuciłem, to może jakieś porady co usunąć z nich?)
  12. powodem był avast, który widział na każdej stronie wirusy (bez względu jaka to była strona-nawet na takich co do których jestem pewien, że jest czysta). Po skanowaniu dysków twardych komunikaty się uspokoiły (nic nie znalazł, podobnie jak kaspersky) i chciałbym być pewien, że to był rzeczywiście błąd programu/fałszywy alarm. A w logu avasta mam zapisane, że widział "HTML:Script-inf".
  13. Uprzejmie proszę o sprawdzenie logów, combofix hijackthis silent runners
  14. Witam. Przymierzam się do zakupu LG KC 550 i byłbym wdzięczny za opinie o nim (czy jakieś inne telefony w tym przedziale cenowym?) Bo kilka postów wyżej było, ze nad telefonami LG się nie rozmawia-aż tak źle z nimi jest? Konkretnie chodzi mi, żeby aparat miał dużą rozdzielczość (jest mi czasami to potrzebne). I żeby można było odtwarzać mp3 (ale to ma już każdy telefon), reszta bajerów i tak nie będzie używana. I nie chce mieć joysticka do sterowania komórką :D
  15. » Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - "Combofix." ComboFix 08-09-05.11 - użytkownik 2008-09-09 16:39:45.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1589 [GMT 2:00] Running from: F:\instalatory\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\mdm.exe C:\WINDOWS\system32\tmp65.tmp C:\WINDOWS\system32\tmp66.tmp . ((((((((((((((((((((((((( Files Created from 2008-08-09 to 2008-09-09 ))))))))))))))))))))))))))))))) . 2008-09-08 19:27 . 2008-09-08 19:27 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab 2008-09-08 19:26 . 2008-09-08 19:26 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-09-04 08:34 . 2004-08-04 00:44 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll 2008-09-04 08:34 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys 2008-09-04 08:34 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys 2008-09-04 08:34 . 2001-10-26 17:29 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-07 12:21 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft 2008-09-07 12:19 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-09-05 15:23 --------- d-----w C:\Program Files\Counter-Strike 1.6 2008-08-28 06:51 --------- d-----w C:\Program Files\PRO100 2008-08-23 16:48 --------- d-----w C:\Program Files\Microsoft Silverlight 2008-08-05 14:26 --------- d-----w C:\Program Files\Kolekcja Klasyki 2008-08-04 08:36 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-08-04 08:35 --------- d-----w C:\Program Files\Kyodai Mahjongg 2006 2008-08-03 14:47 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Test Drive Unlimited 2008-08-01 19:25 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Codemasters 2008-08-01 19:24 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2008-08-01 19:21 444,952 ----a-w C:\WINDOWS\system32\wrap_oal.dll 2008-08-01 19:21 109,080 ----a-w C:\WINDOWS\system32\OpenAL32.dll 2008-08-01 19:21 --------- d-----w C:\Program Files\OpenAL 2008-08-01 19:01 --------- d-----w C:\Program Files\Codemasters 2008-07-21 15:26 --------- d-----w C:\Documents and Settings\użytkownik\Dane aplikacji\Free Download Manager 2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll 2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll 2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll 2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll 2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll 2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll 2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll 2008-07-14 16:34 --------- d-----w C:\Program Files\EA SPORTS 2008-07-10 15:23 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\comodo 2008-07-10 15:00 87,056 ----a-w C:\WINDOWS\system32\drivers\cmdguard.sys 2008-07-10 15:00 24,208 ----a-w C:\WINDOWS\system32\drivers\cmdhlp.sys 2008-07-10 15:00 143,104 ----a-w C:\WINDOWS\system32\guard32.dll 2008-07-10 15:00 --------- d-----w C:\Program Files\COMODO 2008-07-10 15:00 --------- d-----w C:\Documents and Settings\użytkownik\Dane aplikacji\Comodo 2008-07-09 13:00 --------- d-----w C:\Program Files\Odkurzacz 2008-07-07 20:33 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-06-30 19:16 76,712 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2008_06_30_21_11_29_small.dmp.zip 2008-06-30 19:16 66,786 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2008_06_30_21_11_23_small.dmp.zip 2008-06-30 19:16 65,650 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2008_06_30_21_11_30_small.dmp.zip 2008-06-30 19:16 46,903 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2008_06_30_21_11_22_small.dmp.zip 2008-06-24 16:24 74,240 ----a-w C:\WINDOWS\system32\mscms.dll 2008-06-23 16:42 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-06-20 17:42 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-03-20 21:56 22,328 ----a-w C:\Documents and Settings\użytkownik\Dane aplikacji\PnkBstrK.sys 2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll 2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-16 13529088] "avast!"="C:\ANTIVI~1\ashDisp.exe" [2008-07-19 78008] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-16 86016] "COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2008-07-10 1655552] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 286720] "RTHDCPL"="RTHDCPL.EXE" [2007-03-21 C:\WINDOWS\RTHDCPL.exe] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 C:\WINDOWS\KHALMNPR.Exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ DualCoreCenter.lnk - C:\Program Files\MSI\DualCoreCenter\StartUpDualCoreCenter.exe [2008-02-05 192512] Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-02-01 67128] Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-02-01 692224] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"= C:\WINDOWS\system32\guard32.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.YV12"= yv12vfw.dll "msacm.ac3filter"= ac3filter.acm [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Synchronizer.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Synchronizer.lnk backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Digital Imaging Monitor.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Image Zone - szybkie uruchamianie.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\HP Image Zone - szybkie uruchamianie.lnk backup=C:\WINDOWS\pss\HP Image Zone - szybkie uruchamianie.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^użytkownik^Pulpit^skróty^Autostart^Adobe Gamma.lnk] path=C:\Documents and Settings\użytkownik\Pulpit\skróty\Autostart\Adobe Gamma.lnk backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] --a------ 2006-12-23 18:05 143360 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] --a------ 2005-05-11 23:12 49152 F:\DRUKARKA\HP Software Update\hpwuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut] --a------ 2006-12-05 22:55 54832 C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2006-01-12 15:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune] --a------ 2007-07-03 13:32 81920 C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2007-06-29 06:24 286720 C:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] --------- 2006-11-23 15:10 56928 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2007-07-12 04:00 132496 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2008-05-16 14:01 1630208 C:\WINDOWS\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "UPS"=3 (0x3) "TapiSrv"=3 (0x3) "RDSessMgr"=3 (0x3) "RasMan"=3 (0x3) "RasAuto"=3 (0x3) "ose"=3 (0x3) "iPod Service"=3 (0x3) "Harmonogram automatycznej usługi LiveUpdate"=2 (0x2) "FastUserSwitchingCompatibility"=3 (0x3) "Apple Mobile Device"=2 (0x2) "CLTNetCnService"=2 (0x2) "Adobe LM Service"=3 (0x3) [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "F:\\DC++\\DCPlusPlus.exe"= "F:\\Gadu-Gadu\\gg.exe"= "F:\\gry\\battlefiel2\\BF2.exe"= "C:\\Program Files\\Counter-Strike 1.6\\hl.exe"= "C:\\Program Files\\Codemasters\\GRID\\GRID.exe"= "F:\\totalcmd\\TOTALCMD.EXE"= R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416] R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-07-10 87056] R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-07-10 24208] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560] R3 DualCoreCenter;DualCoreCenter;C:\Program Files\MSI\DualCoreCenter\NTGLM7X.sys [2007-12-18 28160] R3 RushTopDevice2;RushTopDevice2;C:\Program Files\MSI\DualCoreCenter\RushTop.sys [2007-12-24 52736] S3 CrystalSysInfo;CrystalSysInfo;C:\Program Files\OCCT\SysInfo.sys [ ] S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [ ] S3 SetupNTGLM7X;SetupNTGLM7X;E:\NTGLM7X.sys [ ] S3 UCORESYS;UCORESYS;C:\PROGRA~1\MSI\LIVEUP~1\FlashUty\AMI\AFUWIN\UCORESYS.SYS [ ] S3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104] S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496] S4 Harmonogram automatycznej usługi LiveUpdate;Harmonogram automatycznej usługi LiveUpdate;C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [ ] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{caa51aa2-25aa-11dd-9076-0019dbb544af}] \Shell\AutoRun\command - G:\LaunchU3.exe -a *Newly Created Service* - PROCEXP90 . - - - - ORPHANS REMOVED - - - - MSConfigStartUp-iTunesHelper - F:\iTunes\iTunesHelper.exe . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\użytkownik\Dane aplikacji\Mozilla\Firefox\Profiles\wyuf9n5d.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - dobreprogramy.pl FF -: plugin - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll FF -: plugin - F:\adobe\Reader\browser\nppdf32.dll FF -: plugin - F:\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF -: plugin - F:\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll . . ------- File Associations (Beta) ------- . . ************************************************************************** scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EverestDriver] "ImagePath"="\??\C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt" . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\WINDOWS\system32\guard32.dll PROCESS: C:\WINDOWS\system32\lsass.exe -> C:\WINDOWS\system32\guard32.dll . Completion time: 2008-09-09 16:46:26 ComboFix-quarantined-files.txt 2008-09-09 14:43:44 Pre-Run: 14,103,224,320 bajtów wolnych Post-Run: 14,983,225,344 bajtów wolnych 214 --- E O F --- 2008-08-23 16:52:41 Zgodnie z życzeniem 8O
  16. Witam mam dwie prośby. Po pierwsze o sprawdzenie loga » Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - "Hijack This" Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:51:41, on 2008-09-08 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\ANTIVI~1\ashDisp.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\COMODO\Firewall\cfp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE C:\antivirus\aswUpdSv.exe C:\antivirus\ashServ.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\COMODO\Firewall\cmdagent.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\MSI\DualCoreCenter\DualCoreCenter.exe C:\antivirus\ashMaiSv.exe C:\antivirus\ashWebSv.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Program Files\Mozilla Firefox\firefox.exe F:\OFFICE\OFFICE11\WINWORD.EXE C:\WINDOWS\msagent\AgentSvr.exe F:\Winamp\winamp.exe F:\instalatory\HiJackThis.exe C:\WINDOWS\system32\taskmgr.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - F:\Free Download Manager\iefdm2.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [avast!] C:\ANTIVI~1\ashDisp.exe O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: DualCoreCenter.lnk = C:\Program Files\MSI\DualCoreCenter\StartUpDualCoreCenter.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: Download video with Free Download Manager - file://F:\Free Download Manager\dlfvideo.htm O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://F:\OFFICE\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Pobierz w Free Download Manager - file://F:\Free Download Manager\dllink.htm O8 - Extra context menu item: Pobierz wszystkie pliki w Free Download Manager - file://F:\Free Download Manager\dlall.htm O8 - Extra context menu item: Pobierz zaznaczone w Free Download Manager - file://F:\Free Download Manager\dlselected.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\OFFICE\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virussca...can_unicode.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1193779393968 O17 - HKLM\System\CCS\Services\Tcpip\..\{1C190836-0C23-4653-B98F-362834B21FA8}: NameServer = 10.101.1.1,62.233.128.17,194.204.159.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{1C190836-0C23-4653-B98F-362834B21FA8}: NameServer = 10.101.1.1,62.233.128.17,194.204.159.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{1C190836-0C23-4653-B98F-362834B21FA8}: NameServer = 10.101.1.1,62.233.128.17,194.204.159.1 O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\antivirus\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\antivirus\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\antivirus\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\antivirus\ashWebSv.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- End of file - 8183 bytes » Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - "Sillent Runners" "Silent Runners.vbs", revision 58, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."] "NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS] "avast!" = "C:\ANTIVI~1\ashDisp.exe" ["ALWIL Software"] "Logitech Hardware Abstraction Layer" = "KHALMNPR.EXE" ["Logitech Inc."] "NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS] "COMODO Firewall Pro" = ""C:\Program Files\COMODO\Firewall\cfp.exe" -h" ["COMODO"] "QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Inc."] "KernelFaultCheck" = "C:\WINDOWS\system32\dumprep 0 -k" HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\ >{881dd1c5-3dcf-431b-b061-f3f88e8be88a}\(Default) = "Outlook Express" \StubPath = "C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE" [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "Adobe PDF Reader Link Helper" \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = "SSVHelper Class" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."] {CC59E0F9-7E43-44FA-9FAA-8377850BF205}\(Default) = (no title provided) -> {HKLM...CLSID} = "FDMIECookiesBHO Class" \InProcServer32\(Default) = "F:\Free Download Manager\iefdm2.dll" [null data] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania" -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."] "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class" -> {HKLM...CLSID} = "DesktopContext Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer" -> {HKLM...CLSID} = "Desktop Explorer" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu" -> {HKLM...CLSID} = "nView Desktop Context Menu" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{59850401-6664-101B-B21C-00AA004BA90B}" = "Microsoft Office Binder Unbind" -> {HKLM...CLSID} = "Microsoft Office Binder Unbind" \InProcServer32\(Default) = "F:\OFFICE\Office\1045\UNBIND.DLL" [MS] "{FEB7DAE0-E111-11D0-BFD7-444553540000}" = "ICEOWS" -> {HKLM...CLSID} = "Folder Iceows" \InProcServer32\(Default) = "C:\WINDOWS\system32\ShellExt\IceGUI.dll" ["Raphaël MOUNIER"] "{23170F69-40C1-278A-1000-000100020000}" = "7-Zip Shell Extension" -> {HKLM...CLSID} = "7-Zip Shell Extension" \InProcServer32\(Default) = "F:\7-Zip\7-zip.dll" ["Igor Pavlov"] "{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler" -> {HKLM...CLSID} = "Microsoft Office Outlook" \InProcServer32\(Default) = "F:\OFFICE\OFFICE11\MLSHEXT.DLL" [MS] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook" \InProcServer32\(Default) = "F:\OFFICE\OFFICE11\OLKFSTUB.DLL" [MS] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "F:\OFFICE\OFFICE11\msohev.dll" [MS] "{472083B0-C522-11CF-8763-00608CC02F24}" = "avast" -> {HKLM...CLSID} = "avast" \InProcServer32\(Default) = "C:\antivirus\ashShell.dll" ["ALWIL Software"] "{F49C55B9-D417-45A1-A6E7-D6E057946280}" = "FdmUplShlExt" -> {HKLM...CLSID} = "FdmUplShlExt Class" \InProcServer32\(Default) = "F:\Free Download Manager\FUM\fumshext.dll" [null data] "{DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C}" = "Logitech Setpoint Extension" -> {HKLM...CLSID} = "KbLogiExt Class" \InProcServer32\(Default) = "C:\Program Files\Logitech\SetPoint\kbcplext.dll" ["Logitech Inc."] "{B9B9F083-2B04-452A-8691-83694AC1037B}" = "Logitech Setpoint Extension" -> {HKLM...CLSID} = "LogiExt Class" \InProcServer32\(Default) = "C:\Program Files\Logitech\SetPoint\mcplext.dll" ["Logitech Inc."] "{79BC0345-1015-11D2-A299-006008312725}" = "blue.shell" -> {HKLM...CLSID} = "Studio.Project" \InProcServer32\(Default) = "C:\Program Files\Pinnacle\Studio 11\programs\BlueShellExt.dll" [file not found] "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper" -> {HKLM...CLSID} = "NVIDIA CPL Extension" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ "WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" -> {HKLM...CLSID} = "WPDShServiceObj Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS] HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\ <<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS] HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."] HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ 7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}" -> {HKLM...CLSID} = "7-Zip Shell Extension" \InProcServer32\(Default) = "F:\7-Zip\7-zip.dll" ["Igor Pavlov"] avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}" -> {HKLM...CLSID} = "avast" \InProcServer32\(Default) = "C:\antivirus\ashShell.dll" ["ALWIL Software"] ICEOWS\(Default) = "{FEB7DAE0-E111-11D0-BFD7-444553540000}" -> {HKLM...CLSID} = "Folder Iceows" \InProcServer32\(Default) = "C:\WINDOWS\system32\ShellExt\IceGUI.dll" ["Raphaël MOUNIER"] HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ 7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}" -> {HKLM...CLSID} = "7-Zip Shell Extension" \InProcServer32\(Default) = "F:\7-Zip\7-zip.dll" ["Igor Pavlov"] ICEOWS\(Default) = "{FEB7DAE0-E111-11D0-BFD7-444553540000}" -> {HKLM...CLSID} = "Folder Iceows" \InProcServer32\(Default) = "C:\WINDOWS\system32\ShellExt\IceGUI.dll" ["Raphaël MOUNIER"] HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\ avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}" -> {HKLM...CLSID} = "avast" \InProcServer32\(Default) = "C:\antivirus\ashShell.dll" ["ALWIL Software"] A teraz pojawia się moja druga prosba, a raczej pytanie. Kaspersky wykrył mi wirusa w pliku: C:\WINDOWS\system32\ati2sgav.exe . Co to jest za plik? Czy mogę go usunąć bez szkody dla systemu, czy muszę go podmienić na jakąś zdrową wersję? Pozdrawiam.
  17. Musze zrobić stronę w asp i mam taki problem: chcę zrobić, żeby ładowało do jednego z div'ów różne podstrony. Zrobiłem to za pomocą <object>. Dane odnośnie tego, jaka to ma być podstrona wysyłam za pomocą metody GET i tutaj pojawia się problem, bo w momencie, kiedy adres strony jest w postaci .../index.asp to nie wiem, jak zrobić, żeby on wczytywał domyślną stronę. Próbowałem za pomocą: If IsEmpty(Request("strona")) Thenstrona=GlownaElsestrona=Request("strona")End Ifa w divie dałem:<object data=".../Podstrony/<% =strona %>.html" type="text/html" width="100%" height="100%"></object>, ale nie działa :/ Jakieś sugestie lub porady? (tylko nie radźcie mi przejście na php, bo musze w asp :/)
  18. falar

    Zasilacz Pod 8800gt

    Czytając reklamę tego zasilacza, to można dojść do wniosku, że to jeden z najlepszych zasilaczy na rynku ;] A tak na serio, to nowe zasilacze nigdy nie są aż tak tanie (w tym przypadku cena świadczy o jakości) ja też polecam jakiś Chieftec-mam i jestem zadowolony, nie jest nawet głośny (co prawda ma pewnie więcej niż tamten, który ma 18 dB, ale też jest cichy). I tak sie zastanawiam, że jeżeli faktycznie osiągnąłby te 18 dB, to ciekawe, jaki przepływ powietrza byłby, bo 80mm zazwyczaj są głośniejsze.
  19. Może chodziło Ci o nadprzewodniki? bo magnes nad nimi lewituje (w drugą stronę nie sprawdzałem), tylko, że z nimi jest ten problem, że nawet te wysoko temperaturowe wymagają ciekłego azotu do chłodzenia
  20. No właśnie z Orthosem mam taką dziwną rzecz, ze po 20 minutach za każdym razem jakiś dziwny cichy pisk zaczyna dochodzić z kompa (płyta MSI p35 neo2-fr) jak pisałem w temacie o płycie, to nikt nie odpowiedział, co to może być. Ale po tych 20 minutach, to widziałem juz ok 30-34 stopnie na rdzeniach (i mniej więcej tak to się trzymało), ale ze wzgledu na ten dziwny dźwiek wyłączałem orthosa
  21. Mam taki "problem". Core temp pokazuje mi temperaturę rdzeni na poziomie 17-19 stopni na boxowym chłodzeniu przy ok 1750 RPM wiatraka na procu (speedfan). Procesor to c2d e6550 nie kręcony. Wszelkie funkcje typu EIST wyłączone,a na kompie zwykły użytek (firefox, gg, winamp, antivirus). Czy to jest normalna temp, czy coś nie tak z czujnikiem? Bo bios pokazuje mi podobne temp.
  22. Parowane do duala i naprzemiennie włożone. Taki mój pech :/ Może spróbuję nie w pierwszego duala, tylko w drugiego, to zadziała (nie zaszkodzi spróbować).
  23. To jeszcze raz ja :P Może jednak jest ktoś w stanie odpowiedź na moje pytanie kilka postów wyżej, co i czemu tak piszczy (i co można z tym zrobić). I mam jeszcze jedno pytanie: mam Ram KINGSTON 667 MHz/ 2 x1 GB i nie wykrywa mi w trybie dual chanel, tylko ciągle jest single (na pewno są dobrze wsadzone na płycie) coś trzeba zmieniać w biosie, żeby dobrze wykrywało?
  24. Mam pewien problem z płytką MSI P35 NEO2 FR. Jak włączam ORTHOS to po ok 20 minutach (+- 10 sec.) zaczynam słyszeć jakieś dziwne piski z kompa. Screen do temperatur: Procesor to C2D E6550 (nie kręcony), chłodzenie boxowe (jeszcze) i teraz moje pytanie-co to może piszczeć? procesor czy płyta? Można coś z tym zrobić? Aha-to jedyny przypadek kiedy to "coś" piszczy-w zwykłym użytku słychać tylko ciszę :)
  25. falar

    Komp Za 3500 (2 Zestawy)

    Ja bym jednak radził zmienic ten dysk na WD (http://znak.pl/index.php?cid=69&scid=1646&prid=hddsatWD320+WD3200AAKS) Jest moze nieznacznie droższy, ale za to masz wiecej miejsca i jest cichy (chociaz ten seagate też nie jest zbytnio słyszalny w dobrej budzie. a miguel chyba się pomylił przy wpisywaniu tej mobo-chyba mu chodziło o MSI P35 NEO2-FR lub FIR (jesli chcesz FireWire)
×
×
  • Dodaj nową pozycję...