Sysguard.exe

[jeycam]

Cześć,

Dopadł mnie ten wirus. ESET nic nie wykrywa, komputer już chodzi wolniej, wyskakują jakieś okienka - tragedia. Jak sobie z tym poradzić?

 

Log z HijackThis'a:

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 02:34:10, on 2009-07-06Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16850)Boot mode: NormalRunning processes:C:\windows\System32\smss.exeC:\windows\system32\winlogon.exeC:\windows\system32\services.exeC:\windows\system32\lsass.exeC:\windows\system32\svchost.exeC:\windows\System32\svchost.exeC:\Program Files\Ahead\InCD\InCDsrv.exeC:\windows\system32\spoolsv.exeC:\windows\Explorer.EXEC:\windows\system32\RUNDLL32.EXEC:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exeC:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exeC:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exeC:\Program Files\ESET\ESET Smart Security\egui.exeC:\Program Files\Brother\Brmfcmon\BrMfcWnd.exeC:\Program Files\Java\jre1.6.0_07\bin\jusched.exeC:\Program Files\Brother\ControlCenter3\brccMCtl.exeC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exeC:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exeC:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exeC:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exeC:\Program Files\Razer\DeathAdder\razerhid.exeC:\Program Files\iTunes\iTunesHelper.exeC:\windows\system32\ctfmon.exeC:\Program Files\Gadu-Gadu\gg.exeC:\Program Files\Microsoft ActiveSync\Wcescomm.exeC:\PROGRA~1\MI3AA1~1\rapimgr.exeC:\Program Files\Air Mouse\Air Mouse\Air Mouse.exeC:\Documents and Settings\Maciek\Menu Start\Programy\Autostart\smgr32.exeC:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\system32\CTsvcCDA.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Razer\DeathAdder\razertra.exeC:\Program Files\Razer\DeathAdder\razerofa.exeC:\windows\system32\nvsvc32.exeC:\WINDOWS\system32\PnkBstrA.exeC:\WINDOWS\system32\PnkBstrB.exeC:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exeC:\windows\system32\svchost.exeC:\WINDOWS\wanmpsvc.exeC:\Program Files\TightVNC-Jaadu\WinVNC.exeC:\WINDOWS\system32\MsPMSPSv.exeC:\Program Files\iPod\bin\iPodService.exeC:\windows\system32\wuauclt.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Java\jre1.6.0_07\bin\jucheck.exeC:\Program Files\mIRC\mirc.exeC:\Program Files\Windows Live\Messenger\msnmsgr.exeC:\Program Files\Windows Live\Messenger\usnsvc.exeC:\Program Files\DAEMON Tools Pro\DTProShellHlp.exeC:\Program Files\foobar2000\foobar2000.exeC:\windows\RTHDCPL.EXEc:\windows\ld12.exeC:\windows\system32\svchost.exeC:\Program Files\ESET\ESET Smart Security\ekrn.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://codecs.r8.org/R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ŁączaO1 - Hosts: ::1 localhostO1 - Hosts: 209.44.111.62 surety.microsoft.comO1 - Hosts: 209.44.111.62 aware-protect.comO1 - Hosts: 209.44.111.62 www.aware-protect.comO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dllO2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dllO2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O2 - BHO: BHO - {8567EDFA-408C-43e9-B929-4C25C04F5003} - C:\windows\system32\iehelper.dllO2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dllO2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dllO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDEO4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitserviceO4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUNO4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorunO4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exeO4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXEO4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNCO4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNCO4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMENameO4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXEO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [DeathAdder] C:\Program Files\Razer\DeathAdder\razerhid.exeO4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -kO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottimeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [sysldtray] c:\windows\ld12.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exeO4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /trayO4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" -autorunO4 - HKCU\..\Run: [ALLUpdate] "C:\Program Files\ALLPlayer\ALLUpdate.exe" "sleep"O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exeO4 - HKCU\..\Run: [RGSC] D:\GTA\Rockstar Games Social Club\RGSCLauncher.exe /silentO4 - HKCU\..\Run: [LowRiskFileTypes] C:\windows\sysguard.exeO4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Startup: smgr32.exeO4 - Global Startup: Air Mouse.lnk = C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exeO8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htmO8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htmO8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000O8 - Extra context menu item: Pobierz wszystkie VIdeo za pomocą BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htmO8 - Extra context menu item: Pobierz wszystko za pomocą BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htmO8 - Extra context menu item: Pobierz za pomocą BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htmO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dllO9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dllO9 - Extra 'Tools' menuitem: Utw?z Ulubione dla urz?dzenia przeno?ego... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLLO9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exeO9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exeO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dllO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1219083104828O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dllO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exeO23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exeO23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exeO23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exeO23 - Service: Usługa iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exeO23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exeO23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exeO23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exeO23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exeO23 - Service: VNC Server (winvnc) - TightVNC Group - C:\Program Files\TightVNC-Jaadu\WinVNC.exe--End of file - 13647 bytes

Z góry dzięki

[Kolobos]

Jaki DOKLADNIE wirus, jakie DOKLADNIE okienka? Daj log z combofix. Zrob skan przy pomocy Dr.Web CureIt oraz Malwarebytes Anti-Malware.

[jeycam]

Z tego co wyczytałem to wirus się po prostu nazywa "sysguard.exe"

 

Log z ComboFix'a:

ComboFix 09-07-05.01 - Maciek 2009-07-06  3:17.1 - NTFSx86Microsoft Windows XP Professional  5.1.2600.3.1250.48.1045.18.2047.986 [GMT 2:00]Uruchomiony z: c:\documents and settings\Maciek\Pulpit\ComboFix.exeAV: ESET Smart Security 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0} * Rezydentny antywirus jest aktywnyUWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!.(((((((((((((((((((((((((((((((((((((((   Usunięto   ))))))))))))))))))))))))))))))))))))))))))))))))).c:\documents and settings\Maciek\Ustawienia lokalne\Temporary Internet Files\PLauncher.exec:\windows\010112010146118114.datc:\windows\0101120101464849.datc:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdbc:\windows\Downloaded Program Files\PurpleBean.exec:\windows\Installer\733f0.msic:\windows\Installer\7a1639.msic:\windows\ld12.exec:\windows\system32\iehelper.dllc:\windows\system32\micr0st.dllc:\windows\system32\msvcsv60.dllc:\windows\system32\wbem\proquota.exec:\windows\system32\proquota.exe - brakowało pliku Plik odzyskano z - c:\system volume information\_restore{F5A0E974-D6F1-49B8-B8AA-53B888F90450}\RP353\A0093156.exe.(((((((((((((((((((((((((   Pliki utworzone od 2009-06-06 do 2009-07-06  ))))))))))))))))))))))))))))))).2009-07-06 01:20 . 2008-04-14 20:51	50688	----a-w-	c:\windows\system32\proquota.exe2009-07-06 00:33 . 2009-07-06 00:33	--------	d-----w-	c:\program files\Trend Micro2009-07-05 23:23 . 2009-07-05 23:23	71552	---ha-w-	c:\windows\system32\mlfcache.dat2009-07-03 23:25 . 2009-07-03 23:39	--------	d-----w-	c:\program files\AGEIA Technologies2009-07-03 23:25 . 2009-07-03 23:25	--------	d-----w-	c:\windows\system32\AGEIA2009-07-03 23:25 . 2009-07-03 23:40	--------	d-----w-	c:\program files\Common Files\Wise Installation Wizard2009-07-02 14:00 . 2009-07-02 14:00	--------	d-----w-	c:\program files\BDE5Setup2009-07-02 14:00 . 2009-07-02 14:00	--------	d-----w-	c:\program files\Borland2009-07-02 14:00 . 2009-07-02 14:02	--------	d-----w-	C:\WinKalk2009-07-01 19:22 . 2009-07-01 19:22	--------	d-sh--w-	c:\windows\ftpcache2009-07-01 17:20 . 2009-07-01 17:28	--------	d-----w-	c:\documents and settings\Maciek\Ustawienia lokalne\Dane aplikacji\Rockstar Games2009-07-01 17:17 . 2009-07-01 17:26	--------	d-----w-	c:\program files\Microsoft Games for Windows - LIVE2009-07-01 17:17 . 2009-07-01 17:17	--------	d-----w-	c:\windows\system32\xlive2009-06-30 21:32 . 2006-11-14 13:28	86016	----a-w-	c:\windows\system32\cttele.dll2009-06-30 21:32 . 2008-03-20 13:35	2560	----a-w-	c:\windows\CTXFIRES.DLL2009-06-25 11:06 . 2009-06-25 11:06	--------	d-----w-	c:\program files\ALLPlayer2009-06-23 19:21 . 2009-06-23 19:21	--------	d-----w-	c:\program files\iPod2009-06-23 19:21 . 2009-06-23 19:22	--------	d-----w-	c:\program files\iTunes2009-06-23 19:21 . 2009-06-23 19:22	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}2009-06-23 19:19 . 2009-06-23 19:19	--------	d-----w-	c:\program files\QuickTime2009-06-17 14:32 . 2009-06-17 14:32	--------	d-----w-	c:\program files\Real Alternative2009-06-16 21:37 . 2009-06-17 08:46	--------	d-----w-	c:\program files\Super DVD Ripper2009-06-08 14:51 . 2009-06-08 14:51	--------	d-----w-	c:\program files\Gameforge4D.((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-07-05 21:59 . 2008-10-29 13:49	--------	d-----w-	c:\documents and settings\Maciek\Dane aplikacji\mIRC2009-07-05 21:59 . 2008-12-11 12:32	--------	d-----w-	c:\program files\mIRC2009-07-05 15:21 . 2009-01-02 16:51	--------	d-----w-	c:\documents and settings\Maciek\Dane aplikacji\Creative2009-07-05 14:52 . 2008-08-19 18:49	--------	d-----w-	c:\documents and settings\Maciek\Dane aplikacji\Skype2009-07-05 13:36 . 2008-11-22 16:53	--------	d-----w-	c:\documents and settings\Maciek\Dane aplikacji\foobar20002009-07-05 12:14 . 2009-03-27 19:40	16	----a-w-	c:\windows\msocreg32.dat2009-07-05 12:11 . 2008-08-22 21:11	--------	d-----w-	c:\documents and settings\Maciek\Dane aplikacji\skypePM2009-07-03 18:57 . 2008-08-23 20:09	--------	d-----w-	c:\documents and settings\Maciek\Dane aplikacji\uTorrent2009-07-02 03:05 . 2009-02-25 16:27	2885632	----a-w-	c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat2009-07-01 19:21 . 2008-08-18 17:55	--------	d--h--w-	c:\program files\InstallShield Installation Information2009-06-25 11:06 . 2008-11-22 20:07	--------	d-----w-	c:\program files\NAPI-PROJEKT2009-06-25 10:59 . 2008-10-24 15:06	--------	d-----w-	c:\program files\thriXXX2009-06-23 19:21 . 2008-08-19 18:50	--------	d-----w-	c:\program files\Common Files\Apple2009-06-23 19:17 . 2008-08-19 18:50	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Apple2009-06-14 02:56 . 2008-11-02 21:39	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Microsoft Help2009-06-05 11:57 . 2009-06-05 11:57	75048	----a-w-	c:\documents and settings\All Users\Dane aplikacji\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe2009-06-05 09:42 . 2009-03-14 21:57	2060288	----a-w-	c:\windows\system32\usbaaplrc.dll2009-06-05 09:42 . 2008-08-19 18:50	39424	----a-w-	c:\windows\system32\drivers\usbaapl.sys2009-05-30 16:26 . 2009-05-30 16:26	--------	d-----w-	c:\program files\Unity2009-05-29 08:16 . 2008-08-18 18:38	95088	----a-w-	c:\documents and settings\Maciek\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT2009-05-24 10:30 . 2008-08-19 18:48	--------	d-----w-	c:\program files\Tibia2009-05-14 21:31 . 2008-11-22 16:52	--------	d-----w-	c:\program files\foobar20002009-05-13 09:35 . 2009-05-13 09:35	4608	----a-w-	c:\windows\system32\w95inf32.dll2009-05-13 09:35 . 2009-05-13 09:35	2272	----a-w-	c:\windows\system32\w95inf16.dll2009-05-10 12:42 . 2008-08-23 13:33	137992	----a-w-	c:\windows\system32\drivers\PnkBstrK.sys2009-05-10 12:41 . 2008-08-23 13:33	201816	----a-w-	c:\windows\system32\PnkBstrB.exe2009-05-10 00:22 . 2009-05-10 00:11	--------	d-----w-	c:\program files\Yahoo!2009-05-10 00:02 . 2009-05-10 00:02	--------	d-----w-	c:\documents and settings\Maciek\Dane aplikacji\Launchy2009-05-10 00:02 . 2009-05-10 00:01	--------	d-----w-	c:\program files\Launchy2009-05-07 15:34 . 2008-04-14 20:50	347648	----a-w-	c:\windows\system32\localspl.dll2009-05-07 11:25 . 2009-05-07 11:25	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Logitech2009-04-29 04:47 . 2008-03-01 14:02	827392	----a-w-	c:\windows\system32\wininet.dll2009-04-29 04:47 . 2008-05-02 06:47	78336	----a-w-	c:\windows\system32\ieencode.dll2009-04-21 22:20 . 2009-04-21 22:20	14311680	----a-w-	c:\windows\system32\xlive.dll2009-04-21 22:20 . 2009-04-21 22:20	13642496	----a-w-	c:\windows\system32\xlivefnt.dll2009-04-19 19:51 . 2008-04-14 19:35	1847424	----a-w-	c:\windows\system32\win32k.sys2009-04-15 17:40 . 2001-10-26 16:15	90620	----a-w-	c:\windows\system32\perfc015.dat2009-04-15 17:40 . 2001-10-26 16:15	503726	----a-w-	c:\windows\system32\perfh015.dat2009-04-15 14:54 . 2008-04-14 20:50	585216	----a-w-	c:\windows\system32\rpcrt4.dll2004-10-01 13:00 . 2008-08-18 19:21	40960	----a-w-	c:\program files\Uninstall_CDS.exe.(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2008-03-20 2127296]"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2008-10-09 200136]"ALLUpdate"="c:\program files\ALLPlayer\ALLUpdate.exe" [2008-11-24 869888]"SetDefaultMIDI"="MIDIDef.exe" - c:\windows\system32\MIDIDEF.EXE [2008-03-20 31232][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]"RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 32768]"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-12-13 2051096]"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-12-13 2095640]"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-03-01 1443072]"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-03-28 622592]"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-04-10 61440]"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-13 177472]"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-13 208952]"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2001-08-17 44032]"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-13 59392]"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-13 455168]"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-13 455168]"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]"DeathAdder"="c:\program files\Razer\DeathAdder\razerhid.exe" [2007-09-07 159744]"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]"nltide_2"="shell32" [X]"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-04-29 124928]c:\documents and settings\Maciek\Menu Start\Programy\Autostart\Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]smgr32.exe [2009-3-19 39424]c:\documents and settings\All Users\Menu Start\Programy\Autostart\Air Mouse.lnk - c:\program files\Air Mouse\Air Mouse\Air Mouse.exe [2009-2-16 269824][HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^America Online 9.0 Tray Icon.lnk]path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\America Online 9.0 Tray Icon.lnkbackup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Launchy.lnk]path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Launchy.lnkbackup=c:\windows\pss\Launchy.lnkCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^Maciek^Menu Start^Programy^Autostart^smgr32.exe]path=c:\documents and settings\Maciek\Menu Start\Programy\Autostart\smgr32.exebackup=c:\windows\pss\smgr32.exeStartup[HKLM\~\startupfolder\C:^Documents and Settings^Maciek^Menu Start^Programy^Autostart^Yahoo! Widgets.lnk]path=c:\documents and settings\Maciek\Menu Start\Programy\Autostart\Yahoo! Widgets.lnkbackup=c:\windows\pss\Yahoo! Widgets.lnkStartup[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Tlen.pl\\tlen.exe"="c:\\Program Files\\America Online 9.0\\waol.exe"="c:\\Program Files\\uTorrent\\uTorrent.exe"="c:\\Program Files\\Messenger\\msmsgs.exe"="c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="c:\\Program Files\\FlashFXP\\FlashFXP.exe"="c:\\Program Files\\ApexDC++\\ApexDC.exe"="c:\\Program Files\\Google\\Google Talk\\googletalk.exe"="c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="c:\\Program Files\\Orb Networks\\Orb\\bin\\Orb.exe"="c:\\Program Files\\Orb Networks\\Orb\\bin\\OrbTray.exe"="c:\\Program Files\\Orb Networks\\Orb\\bin\\OrbStreamerClient.exe"="c:\\Program Files\\Orb Networks\\Orb\\bin\\xmltv.exe"="c:\\Program Files\\FlashGet\\flashget.exe"="c:\\WINDOWS\\system32\\PnkBstrA.exe"="c:\\WINDOWS\\system32\\PnkBstrB.exe"="c:\\Program Files\\Bonjour\\mDNSResponder.exe"="c:\\Program Files\\iTunes\\iTunes.exe"="d:\\COD\\iw3mp.exe"="d:\\ME\\Binaries\\MirrorsEdge.exe"="c:\\Program Files\\Skype\\Phone\\Skype.exe"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service"14473:TCP"= 14473:TCP:BitComet 14473 TCP"14473:UDP"= 14473:UDP:BitComet 14473 UDPR0 AFPAnsi;G-DATA UkrywaczAnsi;c:\windows\system32\drivers\AFPAnsi.sys [2009-03-27 31776]R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2007-12-21 468224]R2 PfDetNT;PfDetNT;c:\windows\system32\drivers\PfModNT.sys [2008-03-20 15896]R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [2009-05-05 22784]S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.SYS [2008-03-20 98328]S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.SYS [2008-03-20 171032]S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.SYS [2008-03-20 528920]S3 CTEAPSFX.SYS;CTEAPSFX.SYS;c:\windows\system32\drivers\CTEAPSFX.SYS [2008-03-20 163352]S3 CTEDSPFX.SYS;CTEDSPFX.SYS;c:\windows\system32\drivers\CTEDSPFX.SYS [2008-03-20 259096]S3 CTEDSPIO.SYS;CTEDSPIO.SYS;c:\windows\system32\drivers\CTEDSPIO.SYS [2008-03-20 134168]S3 CTEDSPSY.SYS;CTEDSPSY.SYS;c:\windows\system32\drivers\CTEDSPSY.SYS [2008-03-20 309784]S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.SYS [2008-03-20 99352]S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.SYS [2008-03-20 1324056]S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.SYS [2008-03-20 72728]S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.SYS [2008-03-20 534040].Zawartość folderu 'Zaplanowane zadania'2009-01-05 c:\windows\Tasks\14 Wonderwall (live 2nd July 2005 Ci.job- d:\mjuzik\Oasis\Lord Don't Slow Me Down\14 Wonderwall (live 2nd July 2005 Ci.mp3 [2008-09-13 07:53]2009-06-27 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 11:34].- - - - USUNIĘTO PUSTE WPISY - - - -BHO-{8567EDFA-408C-43e9-B929-4C25C04F5003} - c:\windows\system32\iehelper.dllHKCU-Run-RGSC - d:\gta\Rockstar Games Social Club\RGSCLauncher.exeHKCU-Run-LowRiskFileTypes - c:\windows\sysguard.exe.------- Skan uzupełniający -------.uStart Page = about:blankuInternet Connection Wizard,ShellNext = hxxp://codecs.r8.org/IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htmIE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htmIE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000IE: Pobierz wszystkie VIdeo za pomocą BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htmIE: Pobierz wszystko za pomocą BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htmIE: Pobierz za pomocą BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htmFF - ProfilePath - c:\documents and settings\Maciek\Dane aplikacji\Mozilla\Firefox\Profiles\oie6t5qm.default\FF - prefs.js: browser.search.selectedEngine - AllegroFF - prefs.js: browser.startup.homepage - hxxp://www.google.com/igFF - plugin: c:\documents and settings\All Users\Dane aplikacji\id Software\QuakeLive\npquakezero.dllFF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dllFF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dllFF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dllFF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dllFF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dllFF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dllFF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}.**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-07-06 03:20Windows 5.1.2600 Dodatek Service Pack 3 NTFSskanowanie ukrytych procesów ...  skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ...  skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************.Czas ukończenia: 2009-07-06  3:21ComboFix-quarantined-files.txt  2009-07-06 01:21Przed: 7 773 077 504 bajtów wolnychPo: 8 416 825 344 bajtów wolnych249	--- E O F ---	2009-06-14 02:56

A okienka wyglądają tak, z tym, że jest to nowa wersja tego crapu i zamiast Spyware pisało Antyivirus:

http://www.precisesecurity.com/blogs/2008/...e-protect-2009/

[ULLISSES]

Z HijackThis usuń to:

» Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - 1

C:\windows\system32\ctfmon.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

O1 - Hosts: 209.44.111.62 surety.microsoft.com

O1 - Hosts: 209.44.111.62 aware-protect.com

O1 - Hosts: 209.44.111.62 www.aware-protect.com

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" (chyba że używasz tego do czegoś)

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe

O4 - HKCU\..\Run: [LowRiskFileTypes] C:\windows\sysguard.exe

 

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA SIECIOWA')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

Podejrzane dla mnie są:

» Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - 2

C:\Documents and Settings\Maciek\Menu Start\Programy\Autostart\smgr32.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe

c:\windows\ld12.exe

C:\WINDOWS\system32\MsPMSPSv.exe

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [sysldtray] c:\windows\ld12.exe

O4 - HKCU\..\Run: [setDefaultMIDI] MIDIDef.exe

O4 - Startup: smgr32.exe

Używasz Internet Explorer? Jeśli nie, to wywal:

» Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - 3

1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://codecs.r8.org/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: BHO - {8567EDFA-408C-43e9-B929-4C25C04F5003} - C:\windows\system32\iehelper.dll

O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll

O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll

O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm

O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Pobierz wszystkie VIdeo za pomocą BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: Pobierz wszystko za pomocą BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Pobierz za pomocą BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra 'Tools' menuitem: Utw?z Ulubione dla urz?dzenia przeno?ego... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1219083104828

Zamiast Adobe Reader proponuję zapoznać się z FoxitReader - mniejszy, szybszy i wirusy się za niego nie podają.

 

Proponuję też zapomnieć o IE i zapoznać się z Firefoxem lub Operą.

 

Potem jeszcze:

- wyłącznie przywracania systemu i paru innych zbędnych usług (temat o Windows XP)

- oczyszczenie systemu przy pomocy Spybot S&D oraz NOD32 (pełne skanowanie)

- posprzątanie przy pomocy CCleaner

- zrobienie kopii systemu w postaci obrazu (programy w Google)

[Kolobos]

Usun:

c:\documents and settings\Maciek\Menu Start\Programy\Autostart\smgr32.exe