Rozsyłanie spamu

**Posty:** 276 · przez **regis_tarnow** 28 Maj 2009, 22:06

Witam, zostałem poinformowany przez dostawce internetu ze z mojego komputera rozsyłany jest spam.
zrobiłem skan online kasperskim, wklejam raport a potem loga ale tylko z Silent Runners gdyż z hijack nie chce mi sie uruchomic.

Kod: Zaznacz wszystko: -------------------------------------------------------------------------------- RAPORT KASPERSKY ONLINE SCANNER 7.0 czwartek, 28 maj 2009 System operacyjny: Microsoft Windows XP Professional Dodatek Service Pack 2 (build 2600) Wersja Kaspersky Online Scanner: 7.0.26.12 Data ostatniej aktualizacji bazy danych: Thursday, May 28, 2009 21:45:09 Liczba wpisów: 2267101 -------------------------------------------------------------------------------- Ustawienia skanowania: Typ bazy danych użytej do skanowania: rozszerzona Skanuj archiwa: tak Skanuj pocztowe bazy danych: tak Obszar skanowania - Obszary krytyczne: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart C:\Documents and Settings\xxxxxxx\Menu Start\Programy\Autostart C:\Program Files C:\WINDOWS Statystyki skanowania: Przeskanowanych plików: 31078 Nazwa zagrożenia: 5 Zainfekowanych obiektów: 7 Podejrzanych obiektów: 0 Czas skanowania: 00:30:28 Nazwa pliku / Nazwa zagrożenia / Liczba zagrożeń svchost.exe\qoskim.dll/svchost.exe\qoskim.dll Zainfekowany: Trojan.Win32.Agent.cchq 1 c:\documents and settings\all users\qoskim.dll/c:\documents and settings\all users\qoskim.dll Zainfekowany: Trojan.Win32.Agent.cchq 1 C:\WINDOWS\system32\12520850b.dll/C:\WINDOWS\system32\12520850b.dll Zainfekowany: Backdoor.Win32.Agent.tzl 1 C:\WINDOWS\system32\12520850b.dll Zainfekowany: Backdoor.Win32.Agent.tzl 1 C:\WINDOWS\system32\digiwet.dll Zainfekowany: Backdoor.Win32.Zdoogu.cg 1 C:\WINDOWS\system32\drivers\159dd4a8.sys Zainfekowany: Backdoor.Win32.NewRest.z 1 C:\WINDOWS\Temp\FC.tmp Zainfekowany: Trojan-Downloader.Win32.Boltolog.ess 1 Wybrany obszar został przeskanowany.

Kod: Zaznacz wszystko: "Silent Runners.vbs", revision 59, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS] "Gadu-Gadu" = ""C:\Program Files\Gadu-Gadu\gg.exe.bin" /tray" ["Gadu-Gadu S.A."] "uTorrent" = ""C:\Program Files\uTorrent\uTorrent.exe"" ["BitTorrent, Inc."] "DAEMON Tools Lite" = ""C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun" ["DT Soft Ltd"] "Nokia.PCSync" = ""C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog" ["Time Information Services Ltd."] "PC Suite Tray" = ""C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray" ["Nokia"] "Picasa Media Detector" = "C:\Program Files\Picasa2\PicasaMediaDetector.exe" [file not found] "MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS] "ares" = ""C:\Program Files\Ares\Ares.exe" -h" [file not found] "swg" = "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" ["Google Inc."] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."] "Alcmtr" = "ALCMTR.EXE" ["Realtek Semiconductor Corp."] "Adobe Reader Speed Launcher" = ""C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"" ["Adobe Systems Incorporated"] "WinampAgent" = ""C:\Program Files\Winamp\winampa.exe"" [null data] "Samsung Common SM" = ""C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun" ["Samsung Electronics."] "QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Inc."] "StartCCC" = ""C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun" ["Advanced Micro Devices, Inc."] "Samsung PanelMgr" = "C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun" [empty string] "svchost" = "c:\WINDOWS\svchost.exe" [null data] "SunJavaUpdateSched" = ""C:\Program Files\Java\jre6\bin\jusched.exe"" ["Sun Microsystems, Inc."] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "Adobe PDF Reader Link Helper" \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\(Default) = (no title provided) -> {HKLM...CLSID} = "Google Toolbar Notifier BHO" \InProcServer32\(Default) = "C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll" ["Google Inc."] {DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided) -> {HKLM...CLSID} = "Java(tm) Plug-In 2 SSV Helper" \InProcServer32\(Default) = "C:\Program Files\Java\jre6\bin\jp2ssv.dll" ["Sun Microsystems, Inc."] {E7E6F031-17CE-4C07-BC86-EABFE594F69C}\(Default) = "JQSIEStartDetectorImpl" -> {HKLM...CLSID} = "JQSIEStartDetectorImpl Class" \InProcServer32\(Default) = "C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll" ["Sun Microsystems, Inc."] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania" -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] "{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}" = "Nokia Phone Browser" -> {HKLM...CLSID} = "Nokia Phone Browser" \InProcServer32\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 7\phonebrowser.dll" ["Nokia"] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\msohevi.dll" [MS] "{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler" -> {HKLM...CLSID} = "Microsoft Office Metadata Handler" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS] "{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler" -> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS] "{5B9C04C2-5EB5-4B60-8B71-46964DB8CDBF}" = "IVB Shl Ext" -> {HKLM...CLSID} = "IIVBShlExt Class" \InProcServer32\(Default) = "C:\Program Files\Photo!\Photo! Editor\IvBar\ivbshlext.dll" [null data] "{5E2121EE-0300-11D4-8D3B-444553540000}" = "Catalyst Context Menu extension" -> {HKLM...CLSID} = "SimpleShlExt Class" \InProcServer32\(Default) = "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll" ["Advanced Micro Devices, Inc."] HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\ <<!>> ("digiwet.dll" [MS]) "SecurityProviders" = "msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digiwet.dll" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <<!>> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ <<!>> a2service.exe\Debugger = "ntsd -d" [MS] <<!>> ArcaCheck.exe\Debugger = "ntsd -d" [MS] <<!>> arcavir.exe\Debugger = "ntsd -d" [MS] <<!>> ashDisp.exe\Debugger = "ntsd -d" [MS] <<!>> ashEnhcd.exe\Debugger = "ntsd -d" [MS] <<!>> ashServ.exe\Debugger = "ntsd -d" [MS] <<!>> ashUpd.exe\Debugger = "ntsd -d" [MS] <<!>> aswUpdSv.exe\Debugger = "ntsd -d" [MS] <<!>> autoruns.exe\Debugger = "ntsd -d" [MS] <<!>> avadmin.exe\Debugger = "ntsd -d" [MS] <<!>> avcenter.exe\Debugger = "ntsd -d" [MS] <<!>> avcls.exe\Debugger = "ntsd -d" [MS] <<!>> avconfig.exe\Debugger = "ntsd -d" [MS] <<!>> avconsol.exe\Debugger = "ntsd -d" [MS] <<!>> avgnt.exe\Debugger = "ntsd -d" [MS] <<!>> avgrssvc.exe\Debugger = "ntsd -d" [MS] <<!>> avguard.exe\Debugger = "ntsd -d" [MS] <<!>> AvMonitor.exe\Debugger = "ntsd -d" [MS] <<!>> avp.com\Debugger = "ntsd -d" [MS] <<!>> avp.exe\Debugger = "ntsd -d" [MS] <<!>> AVP32.EXE\Debugger = "ntsd -d" [MS] <<!>> avscan.exe\Debugger = "ntsd -d" [MS] <<!>> avz.exe\Debugger = "ntsd -d" [MS] <<!>> avz4.exe\Debugger = "ntsd -d" [MS] <<!>> avz_se.exe\Debugger = "ntsd -d" [MS] <<!>> bdagent.exe\Debugger = "ntsd -d" [MS] <<!>> bdinit.exe\Debugger = "ntsd -d" [MS] <<!>> caav.exe\Debugger = "ntsd -d" [MS] <<!>> caavguiscan.exe\Debugger = "ntsd -d" [MS] <<!>> casecuritycenter.exe\Debugger = "ntsd -d" [MS] <<!>> CCenter.exe\Debugger = "ntsd -d" [MS] <<!>> ccupdate.exe\Debugger = "ntsd -d" [MS] <<!>> cfp.exe\Debugger = "ntsd -d" [MS] <<!>> cfpupdat.exe\Debugger = "ntsd -d" [MS] <<!>> cmdagent.exe\Debugger = "ntsd -d" [MS] <<!>> drwadins.exe\Debugger = "ntsd -d" [MS] <<!>> DRWEB32.EXE\Debugger = "ntsd -d" [MS] <<!>> drwebupw.exe\Debugger = "ntsd -d" [MS] <<!>> ekrn.exe\Debugger = "ntsd -d" [MS] <<!>> FAMEH32.EXE\Debugger = "ntsd -d" [MS] <<!>> filemon.exe\Debugger = "ntsd -d" [MS] <<!>> FPAVServer.exe\Debugger = "ntsd -d" [MS] <<!>> fpscan.exe\Debugger = "ntsd -d" [MS] <<!>> FPWin.exe\Debugger = "ntsd -d" [MS] <<!>> fsav32.exe\Debugger = "ntsd -d" [MS] <<!>> fsgk32st.exe\Debugger = "ntsd -d" [MS] <<!>> FSMA32.EXE\Debugger = "ntsd -d" [MS] <<!>> GFRing3.exe\Debugger = "ntsd -d" [MS] <<!>> guardgui.exe\Debugger = "ntsd -d" [MS] <<!>> guardxservice.exe\Debugger = "ntsd -d" [MS] <<!>> guardxup.exe\Debugger = "ntsd -d" [MS] <<!>> HijackThis.exe\Debugger = "ntsd -d" [MS] <<!>> KASMain.exe\Debugger = "ntsd -d" [MS] <<!>> KASTask.exe\Debugger = "ntsd -d" [MS] <<!>> KAV32.exe\Debugger = "ntsd -d" [MS] <<!>> KAVDX.exe\Debugger = "ntsd -d" [MS] <<!>> KAVPF.exe\Debugger = "ntsd -d" [MS] <<!>> KAVPFW.exe\Debugger = "ntsd -d" [MS] <<!>> KAVStart.exe\Debugger = "ntsd -d" [MS] <<!>> KPFW32.exe\Debugger = "ntsd -d" [MS] <<!>> KPFW32X.exe\Debugger = "ntsd -d" [MS] <<!>> Navapsvc.exe\Debugger = "ntsd -d" [MS] <<!>> Navapw32.exe\Debugger = "ntsd -d" [MS] <<!>> navigator.exe\Debugger = "ntsd -d" [MS] <<!>> NAVNT.EXE\Debugger = "ntsd -d" [MS] <<!>> NAVSTUB.EXE\Debugger = "ntsd -d" [MS] <<!>> NAVW32.EXE\Debugger = "ntsd -d" [MS] <<!>> NAVWNT.EXE\Debugger = "ntsd -d" [MS] <<!>> niu.exe\Debugger = "ntsd -d" [MS] <<!>> nod32.exe\Debugger = "ntsd -d" [MS] <<!>> nod32krn.exe\Debugger = "ntsd -d" [MS] <<!>> Nvcc.exe\Debugger = "ntsd -d" [MS] <<!>> OllyDBG.EXE\Debugger = "ntsd -d" [MS] <<!>> outpost.exe\Debugger = "ntsd -d" [MS] <<!>> preupd.exe\Debugger = "ntsd -d" [MS] <<!>> procexp.exe\Debugger = "ntsd -d" [MS] <<!>> pskdr.exe\Debugger = "ntsd -d" [MS] <<!>> regedit.exe\Debugger = "ntsd -d" [MS] <<!>> regmon.exe\Debugger = "ntsd -d" [MS] <<!>> RegTool.exe\Debugger = "ntsd -d" [MS] <<!>> scan32.exe\Debugger = "ntsd -d" [MS] <<!>> SfFnUp.exe\Debugger = "ntsd -d" [MS] <<!>> Vba32arkit.exe\Debugger = "ntsd -d" [MS] <<!>> vba32ldr.exe\Debugger = "ntsd -d" [MS] <<!>> vsserv.exe\Debugger = "ntsd -d" [MS] <<!>> Zanda.exe\Debugger = "ntsd -d" [MS] <<!>> zapro.exe\Debugger = "ntsd -d" [MS] <<!>> Zlh.exe\Debugger = "ntsd -d" [MS] <<!>> zonealarm.exe\Debugger = "ntsd -d" [MS] <<!>> zoneband.dll\Debugger = "ntsd -d" [MS] HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\ <<!>> text/xml\CLSID = "{807563E5-5146-11D5-A672-00B0D022E945}" -> {HKLM...CLSID} = "Microsoft Office InfoPath XML Mime Filter" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL" [MS] HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."] HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\ WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\ IVBShlExt\(Default) = "{5B9C04C2-5EB5-4B60-8B71-46964DB8CDBF}" -> {HKLM...CLSID} = "IIVBShlExt Class" \InProcServer32\(Default) = "C:\Program Files\Photo!\Photo! Editor\IvBar\ivbshlext.dll" [null data] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ "DisallowRun" = (REG_DWORD) dword:0x00000001 {unrecognized setting} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ "shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "C:\WINDOWS\Web\Wallpaper\Idylla.bmp" Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Documents and Settings\dawid\Dane aplikacji\Opera\Opera\profile\skin\97095.1.bmp" Windows Portable Device AutoPlay Handlers ----------------------------------------- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ MPCPlayCDAudioOnArrival\ "Provider" = "Media Player Classic" "InvokeProgID" = "MediaPlayerClassic.Autorun" "InvokeVerb" = "PlayCDAudio" HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayCDAudio\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1 /cd" ["Gabest"] MPCPlayDVDMovieOnArrival\ "Provider" = "Media Player Classic" "InvokeProgID" = "MediaPlayerClassic.Autorun" "InvokeVerb" = "PlayDVDMovie" HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayDVDMovie\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1 /dvd" ["Gabest"] MPCPlayMusicFilesOnArrival\ "Provider" = "Media Player Classic" "InvokeProgID" = "MediaPlayerClassic.Autorun" "InvokeVerb" = "PlayMusicFiles" HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayMusicFiles\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1" ["Gabest"] MPCPlayVideoFilesOnArrival\ "Provider" = "Media Player Classic" "InvokeProgID" = "MediaPlayerClassic.Autorun" "InvokeVerb" = "PlayVideoFiles" HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayVideoFiles\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1" ["Gabest"] NMMPlayCDAudioOnArrival\ "Provider" = "Nokia Music Manager" "InvokeProgID" = "NokiaMusicManager" "InvokeVerb" = "NMMPlayCD" HKLM\SOFTWARE\Classes\NokiaMusicManager\shell\NMMPlayCD\command\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 7\MusicManager.exe /playCD "%L"" ["Nokia"] NMMRipCDAudioOnArrival\ "Provider" = "Nokia Music Manager" "InvokeProgID" = "NokiaMusicManager" "InvokeVerb" = "NMMRipCD" HKLM\SOFTWARE\Classes\NokiaMusicManager\shell\NMMRipCD\command\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 7\MusicManager.exe /ripCD "%L"" ["Nokia"] Picasa2ImportPicturesOnArrival\ "Provider" = "Picasa3" "InvokeProgID" = "picasa2.autoplay" "InvokeVerb" = "import" HKLM\SOFTWARE\Classes\picasa2.autoplay\shell\import\command\(Default) = "C:\Program Files\Google\Picasa3\Picasa3.exe "%1"" ["Google Inc."] VLCPlayCDAudioOnArrival\ "Provider" = "VideoLAN VLC media player" "InvokeProgID" = "VLC.CDAudio" "InvokeVerb" = "play" HKLM\SOFTWARE\Classes\VLC.CDAudio\shell\play\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file cdda://%1" ["the VideoLAN Team"] VLCPlayDVDMovieOnArrival\ "Provider" = "VideoLAN VLC media player" "InvokeProgID" = "VLC.DVDMovie" "InvokeVerb" = "play" HKLM\SOFTWARE\Classes\VLC.DVDMovie\shell\play\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file dvd://%1" ["the VideoLAN Team"] WinampPlayMediaOnArrival\ "Provider" = "Winamp" "InvokeProgID" = "Winamp.File" "InvokeVerb" = "Play" HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\command\(Default) = ""C:\Program Files\Winamp\winamp.exe" "%1"" ["Nullsoft"] HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\DropTarget\CLSID = "{46986115-84D6-459c-8F95-52DD653E532E}" -> {HKLM...CLSID} = (no title provided) \LocalServer32\(Default) = ""C:\Program Files\Winamp\winamp.exe"" ["Nullsoft"] Enabled Scheduled Tasks: ------------------------ "Google Software Updater" -> launches: "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe scheduled_start" ["Google"] "GoogleUpdateTaskMachine" -> launches: "C:\Program Files\Google\Update\GoogleUpdate.exe /c" ["Google Inc."] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000004\LibraryPath = "C:\Program Files\Bonjour\mdnsNSP.dll" ["Apple Inc."] Transport Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 04, 07 - 12 %SystemRoot%\system32\rsvpsp.dll [MS], 05 - 06 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{32099AAC-C132-4136-9E9A-4E364A424E17}" -> {HKLM...CLSID} = "DAEMON Tools Toolbar" \InProcServer32\(Default) = "C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll" [null data] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ "{32099AAC-C132-4136-9E9A-4E364A424E17}" = (no title provided) -> {HKLM...CLSID} = "DAEMON Tools Toolbar" \InProcServer32\(Default) = "C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll" [null data] Explorer Bars HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Poszukaj" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL" [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\ {3AD14F0C-ED16-4E43-B6D8-661B03F6A1EF}\ "ButtonText" = "PokerStars" "Exec" = "C:\Program Files\PokerStars\PokerStarsUpdate.exe" ["PokerStars"] {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ "ButtonText" = "Research" {FB5F1910-F110-11D2-BB9E-00C04F795683}\ "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."] Bonjour Service, Bonjour Service, ""C:\Program Files\Bonjour\mDNSResponder.exe"" ["Apple Inc."] Java Quick Starter, JavaQuickStarterService, ""C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"" ["Sun Microsystems, Inc."] PostgreSQL Database Server 8.3, pgsql-8.3, ""C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe" runservice -w -N "pgsql-8.3" -D "C:\Program Files\PostgreSQL\8.3\data\"" ["PostgreSQL Global Development Group"] ServiceLayer, ServiceLayer, ""C:\Program Files\PC Connectivity Solution\ServiceLayer.exe"" ["Nokia."] Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS] Print Monitors: --------------- HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\ SSP2M Langmon\Driver = "ssp2ml3.dll" [empty string] SUGS2 Langmon\Driver = "SUGS2LMK.DLL" ["Samsung Electronics."] ---------- (launch time: 2009-05-28 22:00:19) <<!>>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 31 seconds. ---------- (total run time: 65 seconds)

**Posty:** 18165 · przez **wojtas** 29 Maj 2009, 00:44

Wykonaj to co jest podane w tym temacie

Zastosuj SDFix . Po pobraniu uruchom go a rozpakuje się do C:\SDFix. Uruchom komputer w trybie awaryjnym (F8 przy stracie systemu). Będąc w awaryjnym uruchom plik RunThis.bat z folderu SDFixa. Zatwierdź czyszczenie przez Y. Poczekaj aż ukończy i komputer zresetuje

Potem wejdz do folderu C:\SDFix wrzuc zawartość pliku Report.txt + log z OTListIt2

**Posty:** 276 · przez **regis_tarnow** 29 Maj 2009, 11:18

zablokowalem te porty przez wwdc,

raport z SDFix:

Kod: Zaznacz wszystko: [b]SDFix: Version 1.240 [/b] Run by dawid on 2009-05-29 at 11:06 Microsoft Windows XP [Wersja 5.1.2600] Running From: C:\SDFix [b]Checking Services [/b]: Restoring Default Security Values Restoring Default Hosts File Rebooting [b]Checking Files [/b]: Trojan Files Found: C:\WINDOWS\svchost.exe - Deleted Removing Temp Files [b]ADS Check [/b]: [b]Final Check [/b]: catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-05-29 11:09:56 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] "s1"=dword:2df9c43f "s2"=dword:110480d0 "h0"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="C:\Program Files\DAEMON Tools Lite\" "h0"=dword:00000000 "khjeh"=hex:2a,4e,ce,25,29,19,04,eb,36,a6,d7,01,dc,87,aa,2e,fa,44,a6,4c,e9,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,98,6d,d7,e1,d8,31,24,01,18,d4,1d,f8,1c,bc,38,41,be,.. "khjeh"=hex:dd,83,91,79,01,40,79,d1,75,f1,7c,0c,e2,a1,b8,ae,fb,e8,39,11,a6,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:b5,f4,05,3f,09,fc,a6,e7,f3,b9,a0,8f,d4,84,3d,25,b4,c8,21,a6,d9,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41] "khjeh"=hex:9d,0a,ef,72,2f,43,64,98,e3,f2,0b,6f,74,db,bc,57,23,1d,9e,62,f1,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="C:\Program Files\DAEMON Tools Lite\" "h0"=dword:00000000 "khjeh"=hex:2a,4e,ce,25,29,19,04,eb,36,a6,d7,01,dc,87,aa,2e,fa,44,a6,4c,e9,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,98,6d,d7,e1,d8,31,24,01,18,d4,1d,f8,1c,bc,38,41,be,.. "khjeh"=hex:dd,83,91,79,01,40,79,d1,75,f1,7c,0c,e2,a1,b8,ae,fb,e8,39,11,a6,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:b5,f4,05,3f,09,fc,a6,e7,f3,b9,a0,8f,d4,84,3d,25,b4,c8,21,a6,d9,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41] "khjeh"=hex:9d,0a,ef,72,2f,43,64,98,e3,f2,0b,6f,74,db,bc,57,23,1d,9e,62,f1,.. scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 [b]Remaining Services [/b]: Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:uTorrent" "C:\\Program Files\\DC++\\DCPlusPlus.exe"="C:\\Program Files\\DC++\\DCPlusPlus.exe:*:Enabled:DC++" "C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour" "C:\\Program Files\\Gadu-Gadu\\gg.exe"="C:\\Program Files\\Gadu-Gadu\\gg.exe:*:Enabled:Gadu-Gadu - program g˘wny" "C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule" "C:\\Program Files\\SopCast\\adv\\SopAdver.exe"="C:\\Program Files\\SopCast\\adv\\SopAdver.exe:*:Enabled:SopCast Adver" "C:\\Program Files\\SopCast\\SopCast.exe"="C:\\Program Files\\SopCast\\SopCast.exe:*:Enabled:SopCast Main Application" "C:\\Program Files\\Java\\jre6\\bin\\java.exe"="C:\\Program Files\\Java\\jre6\\bin\\java.exe:*:Enabled:Java(TM) Platform SE binary" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" [b]Remaining Files [/b]: File Backups: - C:\SDFix\backups\backups.zip [b]Files with Hidden Attributes [/b]: Wed 27 May 2009 20,480 A.SH. --- "C:\WINDOWS\system32\12520850b.dll" Fri 15 May 2009 50,176 ..SHR --- "C:\WINDOWS\system32\adsnwh.exe" Tue 13 Jan 2009 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Sat 31 Jan 2009 9,934,392 A..H. --- "C:\Program Files\Google\Picasa3\setup.exe" Tue 13 Jan 2009 4,348 ...H. --- "C:\Documents and Settings\dawid\Moje dokumenty\Moja muzyka\Kopia zapasowa licencji\drmv1key.bak" Mon 6 Apr 2009 20 A..H. --- "C:\Documents and Settings\dawid\Moje dokumenty\Moja muzyka\Kopia zapasowa licencji\drmv1lic.bak" Tue 13 Jan 2009 9,654 A.SH. --- "C:\Documents and Settings\dawid\Moje dokumenty\Moja muzyka\Kopia zapasowa licencji\drmv2key.bak" [b]Finished![/b]

OtListIt.txt

Kod: Zaznacz wszystko: OTListIt logfile created on: 2009-05-29 11:14:40 - Run 1 OTListIt2 by OldTimer - Version 2.0.15.8 Folder = F:\Download Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1023,36 Mb Total Physical Memory | 552,21 Mb Available Physical Memory | 53,96% Memory free 2,40 Gb Paging File | 1,91 Gb Available in Paging File | 79,39% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 14,65 Gb Total Space | 1,02 Gb Free Space | 6,97% Space Free | Partition Type: NTFS Drive D: | 7,81 Gb Total Space | 2,51 Gb Free Space | 32,08% Space Free | Partition Type: NTFS Drive E: | 14,18 Gb Total Space | 9,46 Gb Free Space | 66,69% Space Free | Partition Type: NTFS Drive F: | 37,88 Gb Total Space | 19,46 Gb Free Space | 51,37% Space Free | Partition Type: NTFS G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: DS-CEE3AA7C0E02 Current User Name: dawid Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Output = Standard File Age = 30 Days Company Name Whitelist: On [color=orange]========== Processes (SafeList) ==========[/color] PRC - [2008-12-01 22:38:42 | 00,598,016 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe PRC - [2008-12-01 22:38:42 | 00,598,016 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe PRC - [2004-08-04 00:44:20 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE PRC - [2009-05-02 18:30:57 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe PRC - [2008-08-29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe PRC - [2009-05-28 21:04:10 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe PRC - [2008-02-01 04:02:26 | 00,065,536 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe PRC - [2008-02-01 04:00:54 | 03,661,824 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.3\bin\postgres.exe PRC - [2005-01-28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe PRC - [2008-02-01 04:00:54 | 03,661,824 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.3\bin\postgres.exe PRC - [2008-02-01 04:00:54 | 03,661,824 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.3\bin\postgres.exe PRC - [2008-02-01 04:00:54 | 03,661,824 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.3\bin\postgres.exe PRC - [2008-02-01 04:00:54 | 03,661,824 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.3\bin\postgres.exe PRC - [2008-02-01 04:00:54 | 03,661,824 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.3\bin\postgres.exe PRC - [2006-04-04 11:44:58 | 16,120,832 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE PRC - [2008-01-11 22:16:00 | 00,039,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe PRC - [2008-08-04 01:02:20 | 00,036,352 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe PRC - [2005-07-03 09:20:48 | 00,372,736 | ---- | M] (Samsung Electronics.) -- C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe PRC - [2008-09-02 12:48:12 | 00,049,152 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe PRC - [2008-04-14 07:19:46 | 00,536,576 | ---- | M] () -- C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe PRC - [2009-05-28 21:04:10 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe PRC - [2009-04-10 21:12:45 | 00,270,128 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe PRC - [2008-07-24 17:02:06 | 00,490,952 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\daemon.exe PRC - [2008-06-17 16:00:34 | 01,249,280 | ---- | M] (Time Information Services Ltd.) -- C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe PRC - [2008-08-11 08:31:54 | 01,124,352 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe PRC - [2004-08-04 00:55:54 | 01,667,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe PRC - [2008-08-07 11:17:30 | 00,575,488 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe PRC - [2008-09-02 12:40:46 | 00,049,152 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe PRC - [2008-05-22 15:05:06 | 00,474,624 | ---- | M] (Nokia Corporation) -- C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe PRC - [2008-08-05 14:11:04 | 00,130,560 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe PRC - [2008-01-04 13:36:10 | 00,089,088 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe PRC - [2008-08-05 14:10:58 | 00,120,320 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe PRC - [2009-05-03 12:21:00 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2009-05-29 11:14:34 | 00,501,248 | ---- | M] (OldTimer Tools) -- F:\Download\OTListIt2.exe [color=orange]========== Win32 Services (SafeList) ==========[/color] SRV - [2008-07-25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped]) SRV - [2008-12-01 22:38:42 | 00,598,016 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running]) SRV - [2008-12-01 15:35:00 | 00,593,920 | ---- | M] () -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart [Auto | Stopped]) SRV - [2009-05-15 16:36:18 | 00,050,176 | RHS- | M] () -- C:\WINDOWS\system32\adsnwh.exe -- (BITSSchedule [Auto | Stopped]) SRV - [2008-08-29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running]) SRV - [2008-07-25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) SRV - [2009-05-15 16:36:28 | 00,033,792 | ---- | M] () -- C:\Documents and Settings\All Users\qoskim.dll -- (euktvywu [Auto | Stopped]) SRV - [2008-07-29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped]) SRV - [2009-05-02 18:30:57 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c9cb4360db4540 [Auto | Stopped]) SRV - [2009-05-02 18:30:43 | 00,183,280 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Stopped]) SRV - [2004-08-04 00:44:08 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running]) SRV - [2008-07-29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped]) SRV - [2004-08-04 02:44:02 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\irmon.dll -- (Irmon [Auto | Running]) SRV - [2009-05-28 21:04:10 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running]) SRV - [2008-07-29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped]) SRV - [2006-10-26 19:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped]) SRV - [2006-10-26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped]) SRV - [2008-02-01 04:02:26 | 00,065,536 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe -- (pgsql-8.3 [Auto | Running]) SRV - [2008-08-07 11:17:30 | 00,575,488 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer [On_Demand | Running]) SRV - [2005-01-28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [Auto | Running]) [color=orange]========== Driver Services (SafeList) ==========[/color] DRV - [2005-03-09 08:53:00 | 00,036,352 | R--- | M] (Advanced Micro Devices) -- C:\WINDOWS\system32\DRIVERS\AmdK8.sys -- (AmdK8 [System | Running]) DRV - [2008-12-02 00:13:40 | 03,452,928 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running]) DRV - File not found -- -- (catchme [On_Demand | Running]) DRV - [2008-01-10 03:34:57 | 00,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\WINDOWS\System32\Drivers\DgiVecp.sys -- (DgiVecp [Auto | Running]) DRV - [2005-01-07 17:07:18 | 00,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running]) DRV - [2006-04-06 08:20:44 | 04,258,816 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running]) DRV - [2001-08-17 23:51:32 | 00,018,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\irsir.sys -- (irsir [On_Demand | Running]) DRV - [2008-05-07 07:38:20 | 00,017,536 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd [On_Demand | Stopped]) DRV - [2008-05-07 07:38:20 | 00,020,864 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc [On_Demand | Stopped]) DRV - [2006-03-16 12:51:32 | 00,099,840 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata [Boot | Running]) DRV - [2006-03-22 07:24:00 | 00,052,736 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\NVENETFD.sys -- (NVENETFD [On_Demand | Running]) DRV - [2006-03-22 07:24:02 | 00,018,944 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nvnetbus.sys -- (nvnetbus [On_Demand | Running]) DRV - [2007-09-17 15:53:26 | 00,021,632 | ---- | M] (Nokia) -- C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys -- (pccsmcfd [On_Demand | Stopped]) DRV - [2001-08-17 21:49:56 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running]) DRV - [2008-08-01 00:17:04 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running]) DRV - [2004-07-17 11:36:38 | 00,027,440 | ---- | M] () -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped]) DRV - [2008-09-18 14:35:07 | 00,717,296 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running]) DRV - [2008-06-06 09:24:44 | 00,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys -- (upperdev [On_Demand | Stopped]) DRV - [2004-08-03 23:08:44 | 00,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbser.sys -- (usbser [On_Demand | Stopped]) DRV - [2008-05-07 07:38:36 | 00,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys -- (UsbserFilt [On_Demand | Stopped]) [color=orange]========== Standard Registry (SafeList) ==========[/color] [color=orange]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1177238915-1767777339-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie IE - HKU\S-1-5-21-1177238915-1767777339-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKU\S-1-5-21-1177238915-1767777339-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKU\S-1-5-21-1177238915-1767777339-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome IE - HKU\S-1-5-21-1177238915-1767777339-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKU\S-1-5-21-1177238915-1767777339-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKU\S-1-5-21-1177238915-1767777339-839522115-1003\S-1-5-21-1177238915-1767777339-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1177238915-1767777339-839522115-1003\S-1-5-21-1177238915-1767777339-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local [color=orange]========== FireFox ==========[/color] FF - prefs.js..browser.startup.homepage: "www.tlpoker.pl" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0.2 FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0 FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2 FF - prefs.js..extensions.enabledItems: 4 FF - prefs.js..extensions.enabledItems: 5 FF - prefs.js..extensions.enabledItems: 1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10 FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2008-09-22 17:37:44 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009-05-28 21:04:10 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009-05-03 12:21:03 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009-05-28 21:04:21 | 00,000,000 | ---D | M] [2008-09-13 22:56:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\dawid\Dane aplikacji\mozilla\Extensions [2008-09-13 22:56:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\dawid\Dane aplikacji\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009-05-28 22:43:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\dawid\Dane aplikacji\mozilla\Firefox\Profiles\jpxf05c3.default\extensions [2009-05-03 11:59:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\dawid\Dane aplikacji\mozilla\Firefox\Profiles\jpxf05c3.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2009-04-14 20:51:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\dawid\Dane aplikacji\mozilla\Firefox\Profiles\jpxf05c3.default\extensions\firefox@tvunetworks.com [2009-05-28 22:43:28 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions [2009-05-03 12:21:03 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009-05-28 21:04:22 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [2009-05-03 12:21:00 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll [2009-05-03 12:21:00 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll [2009-04-10 13:47:06 | 00,000,896 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2009-04-10 13:47:06 | 00,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2009-04-10 13:47:06 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml [2009-04-10 13:47:06 | 00,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2009-04-10 13:47:06 | 00,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2009-04-10 13:47:06 | 00,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2009-04-10 13:47:06 | 00,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml O1 HOSTS File: (686 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKU\S-1-5-21-1177238915-1767777339-839522115-1003\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated) O4 - HKLM..\Run: [Alcmtr] ALCMTR.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto (Microsoft Corporation) O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.) O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [Samsung Common SM] "C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun (Samsung Electronics.) O4 - HKLM..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun () O4 - HKLM..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.) O4 - HKLM..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" () O4 - HKU\S-1-5-21-1177238915-1767777339-839522115-1003..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun (DT Soft Ltd) O4 - HKU\S-1-5-21-1177238915-1767777339-839522115-1003..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe.bin" /tray (Gadu-Gadu S.A.) O4 - HKU\S-1-5-21-1177238915-1767777339-839522115-1003..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation) O4 - HKU\S-1-5-21-1177238915-1767777339-839522115-1003..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog (Time Information Services Ltd.) O4 - HKU\S-1-5-21-1177238915-1767777339-839522115-1003..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray (Nokia) O4 - HKU\S-1-5-21-1177238915-1767777339-839522115-1003..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe File not found O4 - HKU\S-1-5-21-1177238915-1767777339-839522115-1003..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKU\S-1-5-21-1177238915-1767777339-839522115-1003..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" (BitTorrent, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-21-1177238915-1767777339-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-21-1177238915-1767777339-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1177238915-1767777339-839522115-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-21-1177238915-1767777339-839522115-1004\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-21-1177238915-1767777339-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1177238915-1767777339-839522115-1004_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 (Google Inc.) O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 (Microsoft Corporation) O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl.sun.com/webapps/download/AutoDL?BundleId=29223 (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{76AA1933-E812-483E-99DB-007DE845CAB8}\\NameServer = 80.85.224.2,80.85.224.50 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O29 - HKLM SecurityProviders - (digiwet.dll) - C:\WINDOWS\system32\digiwet.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008-09-13 22:47:39 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{1a0f652e-0766-11de-bf9a-0016176c00aa}\Shell - "" = Autorun O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - * [2009-05-29 11:11:13 | 00,000,000 | ---D | M] [color=orange]========== Files/Folders - Created Within 30 Days ==========[/color] [4 C:\WINDOWS\*.tmp files] [2009-05-29 11:11:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss [2009-05-29 11:05:55 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERUNT [2009-05-29 11:04:49 | 00,000,000 | ---D | C] -- C:\WINDOWS\CSC [2009-05-29 11:02:59 | 00,000,000 | ---D | C] -- C:\SDFix [2009-05-28 21:50:56 | 00,400,192 | ---- | C] () -- C:\Documents and Settings\dawid\Pulpit\Silent Runners.vbs [2009-05-28 21:04:34 | 00,000,000 | ---D | C] -- C:\WINDOWS\Sun [2009-05-28 21:04:09 | 00,000,000 | ---D | C] -- C:\Program Files\Java [2009-05-28 21:03:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\dawid\Dane aplikacji\Sun [2009-05-28 20:57:57 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\dawid\Pulpit\HijackThis.lnk [2009-05-28 20:57:57 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2009-05-27 14:53:16 | 00,014,617 | ---- | C] () -- C:\Documents and Settings\dawid\Pulpit\950541.JPG [2009-05-27 13:29:17 | 00,020,480 | -HS- | C] () -- C:\WINDOWS\System32\12520850b.dll [2009-05-26 22:45:33 | 00,097,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\159dd4a8.sys [2009-05-22 09:24:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\dawid\Dane aplikacji\DC++ [2009-05-22 08:21:51 | 00,018,957 | ---- | C] () -- C:\Documents and Settings\dawid\Pulpit\7.jpg [2009-05-22 07:01:40 | 00,661,375 | ---- | C] () -- C:\Documents and Settings\dawid\Pulpit\Wady wzroku i ich korekty.pptx [2009-05-19 21:30:14 | 00,058,880 | -HS- | C] () -- C:\Documents and Settings\dawid\Pulpit\Thumbs.db [2009-05-19 20:45:34 | 00,077,140 | ---- | C] () -- C:\Documents and Settings\dawid\Pulpit\W�glowodany.pptx ** - C:\Documents and Settings\dawid\Pulpit\W?glowodany.pptx [2009-05-18 09:47:49 | 00,001,836 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Google Earth.lnk [2009-05-15 16:36:49 | 00,000,150 | --S- | C] () -- C:\WINDOWS\System32\3760311825.dat [2009-05-15 16:36:26 | 00,050,176 | RHS- | C] () -- C:\WINDOWS\System32\adsnwh.exe [2009-05-15 16:36:05 | 00,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\digiwet.dll [2009-05-02 18:31:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\dawid\Dane aplikacji\Google [2009-05-02 18:31:00 | 00,001,032 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job [2009-05-02 18:30:43 | 00,000,972 | ---- | C] () -- C:\WINDOWS\tasks\Google Software Updater.job [2009-05-02 18:30:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Google Updater [2009-05-02 09:33:23 | 00,001,621 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Everest Poker.lnk [2009-05-02 09:29:34 | 00,000,000 | ---D | C] -- C:\Program Files\Everest Poker [2009-04-03 18:28:53 | 00,022,723 | ---- | C] () -- C:\WINDOWS\System32\ssp2ml3.dll [2008-11-02 20:10:39 | 00,000,083 | ---- | C] () -- C:\WINDOWS\mp3wavcon.ini [2008-11-02 20:10:08 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll [2008-10-19 11:18:30 | 00,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2008-09-18 14:35:06 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2008-09-14 11:25:27 | 00,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2008-09-14 11:25:27 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini [2008-09-14 11:25:26 | 00,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2008-09-14 11:25:25 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2008-09-14 11:25:25 | 00,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2008-09-14 11:25:24 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2008-09-14 11:25:24 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2008-09-13 23:02:46 | 00,135,168 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll [2007-03-29 23:00:40 | 00,203,264 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll [2004-08-04 00:44:00 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll [2004-07-17 11:36:38 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys [2001-07-21 22:16:20 | 00,000,522 | ---- | C] () -- C:\WINDOWS\win.ini [2001-07-21 22:15:52 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini [color=orange]========== Files - Modified Within 30 Days ==========[/color] [1 C:\WINDOWS\System32\*.tmp files] [4 C:\WINDOWS\*.tmp files] [2009-05-29 11:12:02 | 00,000,522 | ---- | M] () -- C:\WINDOWS\win.ini [2009-05-29 11:12:02 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2009-05-29 11:09:05 | 00,000,972 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job [2009-05-29 11:08:49 | 00,001,032 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job [2009-05-29 11:08:45 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\dawid\Ustawienia lokalne\desktop.ini [2009-05-29 11:08:45 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009-05-29 11:08:44 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009-05-29 11:07:05 | 00,000,686 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS [2009-05-28 21:50:58 | 00,400,192 | ---- | M] () -- C:\Documents and Settings\dawid\Pulpit\Silent Runners.vbs [2009-05-28 20:57:57 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\dawid\Pulpit\HijackThis.lnk [2009-05-27 13:29:18 | 00,000,150 | --S- | M] () -- C:\WINDOWS\System32\3760311825.dat [2009-05-27 13:29:17 | 00,020,480 | -HS- | M] () -- C:\WINDOWS\System32\12520850b.dll [2009-05-26 22:53:30 | 00,097,216 | ---- | M] () -- C:\WINDOWS\System32\drivers\159dd4a8.sys [2009-05-26 21:45:43 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009-05-22 08:26:45 | 00,661,375 | ---- | M] () -- C:\Documents and Settings\dawid\Pulpit\Wady wzroku i ich korekty.pptx [2009-05-22 08:21:55 | 00,058,880 | -HS- | M] () -- C:\Documents and Settings\dawid\Pulpit\Thumbs.db [2009-05-22 08:21:51 | 00,018,957 | ---- | M] () -- C:\Documents and Settings\dawid\Pulpit\7.jpg [2009-05-19 21:51:36 | 00,077,140 | ---- | M] () -- C:\Documents and Settings\dawid\Pulpit\W�glowodany.pptx ** - C:\Documents and Settings\dawid\Pulpit\W?glowodany.pptx [2009-05-18 09:47:49 | 00,001,836 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Google Earth.lnk [2009-05-17 13:04:09 | 00,000,038 | ---- | M] () -- C:\WINDOWS\avisplitter.ini [2009-05-16 18:45:58 | 35,191,6524 | ---- | M] () -- C:\Documents and Settings\dawid\Pulpit\aaa.rar [2009-05-15 16:36:18 | 00,050,176 | RHS- | M] () -- C:\WINDOWS\System32\adsnwh.exe [2009-05-15 16:36:05 | 00,022,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\digiwet.dll [2009-05-02 09:33:23 | 00,001,621 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Everest Poker.lnk < End of report >

Extras.txt

Kod: Zaznacz wszystko: OTListIt Extras logfile created on: 2009-05-29 11:14:40 - Run 1 OTListIt2 by OldTimer - Version 2.0.15.8 Folder = F:\Download Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1023,36 Mb Total Physical Memory | 552,21 Mb Available Physical Memory | 53,96% Memory free 2,40 Gb Paging File | 1,91 Gb Available in Paging File | 79,39% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 14,65 Gb Total Space | 1,02 Gb Free Space | 6,97% Space Free | Partition Type: NTFS Drive D: | 7,81 Gb Total Space | 2,51 Gb Free Space | 32,08% Space Free | Partition Type: NTFS Drive E: | 14,18 Gb Total Space | 9,46 Gb Free Space | 66,69% Space Free | Partition Type: NTFS Drive F: | 37,88 Gb Total Space | 19,46 Gb Free Space | 51,37% Space Free | Partition Type: NTFS G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: DS-CEE3AA7C0E02 Current User Name: dawid Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Output = Standard File Age = 30 Days Company Name Whitelist: On [color=orange]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .html [@ = SafariHTML] -- Reg Error: Key error. File not found .url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [HKEY_USERS\S-1-5-21-1177238915-1767777339-839522115-1003\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=orange]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 1 "FirewallDisableNotify" = 1 "UpdatesDisableNotify" = 1 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 "8461:TCP" = 8461:TCP:*:Enabled:GoD High Port "8462:TCP" = 8462:TCP:*:Enabled:GoD Low Port [color=orange]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] [2009-04-10 21:12:45 | 00,270,128 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent File not found -- C:\Program Files\DC++\DCPlusPlus.exe:*:Enabled:DC++ [2008-08-29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour [2009-05-17 22:05:21 | 03,165,120 | ---- | M] () -- C:\Program Files\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program główny [2008-08-01 19:41:24 | 05,480,448 | ---- | M] (http://www.emule-project.net) -- C:\Program Files\eMule\emule.exe:*:Enabled:eMule [2007-03-07 12:27:12 | 00,567,384 | ---- | M] (www.sopcast.com) -- C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver [2008-04-30 10:32:48 | 01,892,352 | ---- | M] (www.sopcast.com) -- C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application [2009-05-28 21:04:10 | 00,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary [color=orange]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center "{1A524CFE-DF85-4555-8BC2-0C89DBD8BC2C}" = PC Connectivity Solution "{1ED6E4D0-8DB0-A333-DEA6-188F957F5A43}" = Catalyst Control Center Graphics Light "{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86 "{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13 "{2D43FD89-B225-4334-B4AA-0983400BE61B}" = Windows Presentation Foundation Language Pack (PLK) "{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{407E0CBD-D6BF-F243-6DE9-F1EEA525BA1C}" = Catalyst Control Center Graphics Full Existing "{495998C4-FC8A-4302-82E0-53DE4D7A8F56}" = Windows Communication Foundation Language Pack - PLK "{5AF71003-1797-4D93-9F37-4F2125CBF539}" = Microsoft .NET Framework 2.0 Language Pack - PLK "{5EC634FA-5047-38B2-A53A-15963D9BD872}" = CCC Help English "{651AFCC8-2F1A-8132-0A33-FA5F041380BA}" = Catalyst Control Center Graphics Full New "{69EF33D7-3425-1409-0BE1-C4F3A6FB57A8}" = ccc-utility "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7510EF8C-99B9-8533-524E-BF41BDC04188}" = Skins "{773040E1-3B60-6507-C387-71F8F0A03C59}" = ccc-core-static "{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour "{90120000-0010-0415-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Polish) 12 "{90120000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2007 "{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007 "{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007 "{90120000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2007 "{90120000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2007 "{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007 "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007 "{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0044-0415-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2007 "{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007 "{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007 "{90120000-00BA-0415-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Polish) 2007 "{92DEC792-A722-5991-2607-3EE3A4BD502B}" = Catalyst Control Center HydraVision Full "{96793032-8651-805A-67EF-E1759C1A8E3D}" = Catalyst Control Center Graphics Previews Common "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A8C3710A-0BCA-4F10-9EC3-A302A1F1FA82}" = Nokia PC Suite "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1045-7B44-A81200000003}" = Adobe Reader 8 - Polish "{AC76BA86-7AD7-5670-0000-800000000003}" = Korean Fonts Support For Adobe Reader 8 "{B094F70F-2CC2-5062-8534-D3830FC4B018}" = Catalyst Control Center Core Implementation "{B823632F-3B72-4514-8861-B961CE263224}" = PostgreSQL 8.3 "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C3F19A5F-35A8-4FDB-A6ED-0F4CE398DA48}" = Nokia Connectivity Cable Driver "{CA42C38C-B369-B190-AD06-76D3AC95CFAC}" = ccc-core-preinstall "{CC016F21-3970-11DE-B878-005056806466}" = Google Earth "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding "{DB76863D-D4D9-4AB3-AFDC-26717BA1E11C}" = Windows Workflow Foundation PL Language Pack "{E1A88DE8-BD36-4DEA-8DD8-E35EF475ADC7}" = Opera 9.52 "{E33EAB77-A36A-4FBF-BB15-2BBF74C7A796}" = iPhoneBrowser "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime "{FD593DE6-C3A0-4722-8E86-9DEEF0A93290}" = Microsoft .NET Framework 3.0 Polish Language Pack "3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Pakiet sterowników systemu Windows - Nokia pccsmcfd (10/12/2007 6.85.4.0) "9CD348AE9C64C4B939B624E8E24F3903EFDFC82B" = Pakiet sterowników systemu Windows - Nokia Modem (05/22/2008 7.00.0.1) "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player Plugin "All ATI Software" = ATI - Software Uninstall Utility "ALLPlayer V3.4.6.2_is1" = ALLPlayer V3.X "ATI Display Driver" = ATI Display Driver "Audacity_is1" = Audacity 1.2.6 "AutoHotkey" = AutoHotkey 1.0.48.00 "Betsafe Poker" = Betsafe Poker (remove only) "C5A76DC11BABDA0A881E7BE8DDEB641365A77FFD" = Pakiet sterowników systemu Windows - Nokia Modem (05/22/2008 3.8) "CDex" = CDex extraction audio "Chilipoker" = Chilipoker "DAEMON Tools Toolbar" = DAEMON Tools Toolbar "EarMaster Pro 4_is1" = EarMaster Pro 4 "eMule" = eMule "ENTERPRISE" = Microsoft Office Enterprise 2007 "Everest Poker" = Everest Poker (Remove Only) "Gadu-Gadu" = Gadu-Gadu 7.7 "Google Updater" = Aktualizator Google "HollywoodPoker" = HollywoodPoker.com (remove only) "KLiteCodecPack_is1" = K-Lite Codec Pack 4.1.7 (Full) "Microsoft .NET Framework 2.0 Language Pack - PLK" = Microsoft .NET Framework 2.0 — pakiet języka polskiego "Microsoft .NET Framework 3.0 Polish Language Pack" = Pakiet języka polskiego dla systemu Microsoft .NET Framework 3.0 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox (3.0.10)" = Mozilla Firefox (3.0.10) "NAPIPROJEKT_is1" = NAPIPROJEKT 1.0.6.2 "Nokia PC Suite" = Nokia PC Suite "NVIDIA Drivers" = NVIDIA Drivers "PhotoToolkit_is1" = Photo! Editor 1.1 "Picasa 3" = Picasa 3 "PokerStars" = PokerStars "PokerTracker3" = PokerTracker 3 (remove only) "RealAlt_is1" = Real Alternative 1.51 "Samsung ML-1640 Series" = Samsung ML-1640 Series "Samsung ML-2010 Series" = Samsung ML-2010 Series "SopCast" = SopCast 3.0.3 "Testy gimnazjalne" = Testy gimnazjalne "Testy gimnazjalne Mat-przyrodnicze (wersja demonstracyjna)" = Testy gimnazjalne Mat-przyrodnicze (wersja demonstracyjna) "TowerGaming" = Tower Gaming Poker Room (remove only) "TVUPlayer" = TVUPlayer 2.4.5.1 "VLC media player" = VLC media player 0.9.2 "WAV MP3 Converter_is1" = WAV MP3 Converter 1.30 "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 "WIC" = Windows Imaging Component "Winamp" = Winamp "Windows Media Format Runtime" = Windows Media Format Runtime "WinRAR archiver" = Archiwizator WinRAR "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0 "XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0 [color=orange]========== HKEY_CURRENT_USER Uninstall List ==========[/color] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "uTorrent" = µTorrent [color=orange]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-1177238915-1767777339-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "uTorrent" = µTorrent [color=orange]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 2009-03-31 07:06:58 | Computer Name = DS-CEE3AA7C0E02 | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd opera.exe, wersja 9.52.10108.0, moduł powodujący błąd opera.dll, wersja 9.52.10108.0, adres błędu 0x004ee37e. Error - 2009-04-03 15:18:46 | Computer Name = DS-CEE3AA7C0E02 | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd opera.exe, wersja 9.52.10108.0, moduł powodujący błąd opera.dll, wersja 9.52.10108.0, adres błędu 0x004cd4b2. Error - 2009-05-05 05:08:58 | Computer Name = DS-CEE3AA7C0E02 | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca opera.exe, wersja 9.52.10108.0, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 2009-05-05 05:09:00 | Computer Name = DS-CEE3AA7C0E02 | Source = Application Hang | ID = 1001 Description = Pakiet błędów 886781296. Error - 2009-05-19 14:59:05 | Computer Name = DS-CEE3AA7C0E02 | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca gg.exe.bin, wersja 7.7.0.3746, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 2009-05-20 11:06:33 | Computer Name = DS-CEE3AA7C0E02 | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd svchost.exe, wersja 5.1.2600.2180, moduł powodujący błąd unknown, wersja 0.0.0.0, adres błędu 0x0040a3a8. Error - 2009-05-28 15:06:08 | Computer Name = DS-CEE3AA7C0E02 | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca IEXPLORE.EXE, wersja 6.0.2900.2180, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. [ System Events ] Error - 2009-05-27 15:07:36 | Computer Name = DS-CEE3AA7C0E02 | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi SSPORT z powodu następującego błędu: %%2 Error - 2009-05-28 10:34:45 | Computer Name = DS-CEE3AA7C0E02 | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi SSPORT z powodu następującego błędu: %%2 Error - 2009-05-28 12:54:44 | Computer Name = DS-CEE3AA7C0E02 | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi SSPORT z powodu następującego błędu: %%2 Error - 2009-05-28 15:00:42 | Computer Name = DS-CEE3AA7C0E02 | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi SSPORT z powodu następującego błędu: %%2 Error - 2009-05-29 04:54:50 | Computer Name = DS-CEE3AA7C0E02 | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi SSPORT z powodu następującego błędu: %%2 Error - 2009-05-29 05:01:21 | Computer Name = DS-CEE3AA7C0E02 | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi SSPORT z powodu następującego błędu: %%2 Error - 2009-05-29 05:05:07 | Computer Name = DS-CEE3AA7C0E02 | Source = DCOM | ID = 10005 Description = Model DCOM odebrał błąd „%1084” podczas próby uruchomienia usługi StiSvc z argumentami „” w celu uruchomienia serwera: {A1F4E726-8CF1-11D1-BF92-0060081ED811} Error - 2009-05-29 05:05:14 | Computer Name = DS-CEE3AA7C0E02 | Source = DCOM | ID = 10005 Description = Model DCOM odebrał błąd „%1084” podczas próby uruchomienia usługi EventSystem z argumentami „” w celu uruchomienia serwera: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 2009-05-29 05:06:32 | Computer Name = DS-CEE3AA7C0E02 | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: AmdK8 Fips Error - 2009-05-29 05:08:59 | Computer Name = DS-CEE3AA7C0E02 | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi SSPORT z powodu następującego błędu: %%2 < End of report >

**Posty:** 18165 · przez **wojtas** 29 Maj 2009, 11:24

Uruchom OTListIt2 i w oknie Custom Scans/Fixes wklej :

:OTLI
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digiwet.dll) - C:\WINDOWS\system32\digiwet.dll (Microsoft Corporation)

:Files
C:\Documents and Settings\All Users\qoskim.dll
C:\WINDOWS\System32\12520850b.dll
C:\WINDOWS\System32\drivers\159dd4a8.sys
C:\WINDOWS\System32\3760311825.dat
C:\WINDOWS\System32\adsnwh.exe
C:\WINDOWS\system32\digiwet.dll

:Services
euktvywu

:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

:Commands
[emptytemp]
[start explorer]
[Reboot]

Kliknij w Run Fix. I potwierdz reset kompa .

Następnie uruchamiasz OTListIt2 z opcją Run Scan. Pokazujesz nowy log OTListIt.txt oraz raport z czyszczenia kompa

**Posty:** 276 · przez **regis_tarnow** 29 Maj 2009, 11:31

jeszcze dodam ze przy kazdym zamykaniu systemu wyskakuje mi oknienko zakonczanie zadania pliku "SSMMgr.exe" nie mam pojecia co to moze byc.

Kod: Zaznacz wszystko: ========== OTLISTIT ========== Process explorer.exe killed successfully! Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders:digiwet.dll deleted successfully. DllUnregisterServer procedure not found in C:\WINDOWS\system32\digiwet.dll C:\WINDOWS\system32\digiwet.dll NOT unregistered. C:\WINDOWS\system32\digiwet.dll moved successfully. ========== FILES ========== DllUnregisterServer procedure not found in C:\Documents and Settings\All Users\qoskim.dll C:\Documents and Settings\All Users\qoskim.dll NOT unregistered. C:\Documents and Settings\All Users\qoskim.dll moved successfully. DllUnregisterServer procedure not found in C:\WINDOWS\System32\12520850b.dll C:\WINDOWS\System32\12520850b.dll NOT unregistered. C:\WINDOWS\System32\12520850b.dll moved successfully. C:\WINDOWS\System32\drivers\159dd4a8.sys moved successfully. File move failed. C:\WINDOWS\System32\3760311825.dat scheduled to be moved on reboot. File move failed. C:\WINDOWS\System32\adsnwh.exe scheduled to be moved on reboot. File\Folder C:\WINDOWS\system32\digiwet.dll not found. ========== SERVICES/DRIVERS ========== Service\Driver euktvywu deleted successfully. ========== REGISTRY ========== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\"SecurityProviders"|"msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" /E : value set successfully! ========== COMMANDS ========== File delete failed. C:\Documents and Settings\dawid\Ustawienia lokalne\Temp\etilqs_SQhGbwIzJkjZqxy5y0dP scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\dawid\Ustawienia lokalne\Temp\NGLALog.txt scheduled to be deleted on reboot. User's Temp folder emptied. User's Internet Explorer cache folder emptied. File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_2b4.dat scheduled to be deleted on reboot. Windows Temp folder emptied. Java cache emptied. Temp folders emptied. Explorer started successfully OTListIt2 by OldTimer - Version 2.0.15.8 log created on 05292009_112635 Files moved on Reboot... File move failed. C:\WINDOWS\System32\3760311825.dat scheduled to be moved on reboot. File move failed. C:\WINDOWS\System32\adsnwh.exe scheduled to be moved on reboot. File C:\Documents and Settings\dawid\Ustawienia lokalne\Temp\etilqs_SQhGbwIzJkjZqxy5y0dP not found! C:\Documents and Settings\dawid\Ustawienia lokalne\Temp\NGLALog.txt moved successfully. File C:\WINDOWS\temp\Perflib_Perfdata_2b4.dat not found! Registry entries deleted on Reboot...

Kod: Zaznacz wszystko: OTListIt logfile created on: 2009-05-29 11:30:47 - Run 2 OTListIt2 by OldTimer - Version 2.0.15.8 Folder = F:\Download Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1023,36 Mb Total Physical Memory | 573,30 Mb Available Physical Memory | 56,02% Memory free 2,40 Gb Paging File | 1,97 Gb Available in Paging File | 82,05% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 14,65 Gb Total Space | 1,08 Gb Free Space | 7,37% Space Free | Partition Type: NTFS Drive D: | 7,81 Gb Total Space | 2,51 Gb Free Space | 32,08% Space Free | Partition Type: NTFS Drive E: | 14,18 Gb Total Space | 9,46 Gb Free Space | 66,69% Space Free | Partition Type: NTFS Drive F: | 37,88 Gb Total Space | 19,46 Gb Free Space | 51,37% Space Free | Partition Type: NTFS G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: DS-CEE3AA7C0E02 Current User Name: dawid Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Output = Standard File Age = 30 Days Company Name Whitelist: On [color=orange]========== Processes (SafeList) ==========[/color] PRC - [2008-12-01 22:38:42 | 00,598,016 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe PRC - [2008-12-01 22:38:42 | 00,598,016 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe PRC - [2004-08-04 00:44:20 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE PRC - [2009-05-02 18:30:57 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe PRC - [2008-08-29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe PRC - [2009-05-28 21:04:10 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe PRC - [2008-02-01 04:02:26 | 00,065,536 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe PRC - [2005-01-28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe PRC - [2008-02-01 04:00:54 | 03,661,824 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.3\bin\postgres.exe PRC - [2008-02-01 04:00:54 | 03,661,824 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.3\bin\postgres.exe PRC - [2008-02-01 04:00:54 | 03,661,824 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.3\bin\postgres.exe PRC - [2008-02-01 04:00:54 | 03,661,824 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.3\bin\postgres.exe PRC - [2008-02-01 04:00:54 | 03,661,824 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.3\bin\postgres.exe PRC - [2008-02-01 04:00:54 | 03,661,824 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.3\bin\postgres.exe PRC - [2004-08-04 00:44:26 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\notepad.exe PRC - [2006-04-04 11:44:58 | 16,120,832 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE PRC - [2008-01-11 22:16:00 | 00,039,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe PRC - [2008-08-04 01:02:20 | 00,036,352 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe PRC - [2005-07-03 09:20:48 | 00,372,736 | ---- | M] (Samsung Electronics.) -- C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe PRC - [2008-09-02 12:48:12 | 00,049,152 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe PRC - [2008-04-14 07:19:46 | 00,536,576 | ---- | M] () -- C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe PRC - [2009-05-28 21:04:10 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe PRC - [2009-05-29 11:20:31 | 01,037,824 | RH-- | M] () -- C:\WINDOWS\svchost.exe PRC - [2009-04-10 21:12:45 | 00,270,128 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe PRC - [2008-07-24 17:02:06 | 00,490,952 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\daemon.exe PRC - [2008-06-17 16:00:34 | 01,249,280 | ---- | M] (Time Information Services Ltd.) -- C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe PRC - [2008-08-11 08:31:54 | 01,124,352 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe PRC - [2004-08-04 00:55:54 | 01,667,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe PRC - [2008-08-07 11:17:30 | 00,575,488 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe PRC - [2008-05-22 15:05:06 | 00,474,624 | ---- | M] (Nokia Corporation) -- C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe PRC - [2008-08-05 14:11:04 | 00,130,560 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe PRC - [2008-01-04 13:36:10 | 00,089,088 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe PRC - [2008-09-02 12:40:46 | 00,049,152 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe PRC - [2008-08-05 14:10:58 | 00,120,320 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe PRC - [2009-05-03 12:21:00 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2009-05-29 11:14:34 | 00,501,248 | ---- | M] (OldTimer Tools) -- F:\Download\OTListIt2.exe [color=orange]========== Win32 Services (SafeList) ==========[/color] SRV - [2008-07-25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped]) SRV - [2008-12-01 22:38:42 | 00,598,016 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running]) SRV - [2008-12-01 15:35:00 | 00,593,920 | ---- | M] () -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart [Auto | Stopped]) SRV - [2009-05-15 16:36:18 | 00,050,176 | RHS- | M] () -- C:\WINDOWS\system32\adsnwh.exe -- (BITSSchedule [Auto | Stopped]) SRV - [2008-08-29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running]) SRV - [2008-07-25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) SRV - [2009-05-15 16:36:28 | 00,033,792 | ---- | M] () -- C:\Documents and Settings\All Users\qoskim.dll -- (euktvywu [Auto | Running]) SRV - [2008-07-29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped]) SRV - [2009-05-02 18:30:57 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c9cb4360db4540 [Auto | Stopped]) SRV - [2009-05-02 18:30:43 | 00,183,280 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Stopped]) SRV - [2004-08-04 00:44:08 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running]) SRV - [2008-07-29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped]) SRV - [2004-08-04 02:44:02 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\irmon.dll -- (Irmon [Auto | Running]) SRV - [2009-05-28 21:04:10 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running]) SRV - [2008-07-29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped]) SRV - [2006-10-26 19:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped]) SRV - [2006-10-26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped]) SRV - [2008-02-01 04:02:26 | 00,065,536 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe -- (pgsql-8.3 [Auto | Running]) SRV - [2008-08-07 11:17:30 | 00,575,488 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer [On_Demand | Running]) SRV - [2005-01-28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [Auto | Running]) [color=orange]========== Driver Services (SafeList) ==========[/color] DRV - [2005-03-09 08:53:00 | 00,036,352 | R--- | M] (Advanced Micro Devices) -- C:\WINDOWS\system32\DRIVERS\AmdK8.sys -- (AmdK8 [System | Running]) DRV - [2008-12-02 00:13:40 | 03,452,928 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running]) DRV - [2008-01-10 03:34:57 | 00,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\WINDOWS\System32\Drivers\DgiVecp.sys -- (DgiVecp [Auto | Running]) DRV - [2005-01-07 17:07:18 | 00,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running]) DRV - [2006-04-06 08:20:44 | 04,258,816 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running]) DRV - [2001-08-17 23:51:32 | 00,018,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\irsir.sys -- (irsir [On_Demand | Running]) DRV - [2008-05-07 07:38:20 | 00,017,536 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd [On_Demand | Stopped]) DRV - [2008-05-07 07:38:20 | 00,020,864 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc [On_Demand | Stopped]) DRV - [2006-03-16 12:51:32 | 00,099,840 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata [Boot | Running]) DRV - [2006-03-22 07:24:00 | 00,052,736 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\NVENETFD.sys -- (NVENETFD [On_Demand | Running]) DRV - [2006-03-22 07:24:02 | 00,018,944 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nvnetbus.sys -- (nvnetbus [On_Demand | Running]) DRV - [2007-09-17 15:53:26 | 00,021,632 | ---- | M] (Nokia) -- C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys -- (pccsmcfd [On_Demand | Stopped]) DRV - [2001-08-17 21:49:56 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running]) DRV - [2008-08-01 00:17:04 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running]) DRV - [2004-07-17 11:36:38 | 00,027,440 | ---- | M] () -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped]) DRV - [2008-09-18 14:35:07 | 00,717,296 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running]) DRV - [2008-06-06 09:24:44 | 00,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys -- (upperdev [On_Demand | Stopped]) DRV - [2004-08-03 23:08:44 | 00,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbser.sys -- (usbser [On_Demand | Stopped]) DRV - [2008-05-07 07:38:36 | 00,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys -- (UsbserFilt [On_Demand | Stopped]) [color=orange]========== Standard Registry (SafeList) ==========[/color] [color=orange]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1177238915-1767777339-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie IE - HKU\S-1-5-21-1177238915-1767777339-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKU\S-1-5-21-1177238915-1767777339-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKU\S-1-5-21-1177238915-1767777339-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome IE - HKU\S-1-5-21-1177238915-1767777339-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKU\S-1-5-21-1177238915-1767777339-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKU\S-1-5-21-1177238915-1767777339-839522115-1003\S-1-5-21-1177238915-1767777339-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1177238915-1767777339-839522115-1003\S-1-5-21-1177238915-1767777339-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local [color=orange]========== FireFox ==========[/color] FF - prefs.js..browser.startup.homepage: "www.tlpoker.pl" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0.2 FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0 FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2 FF - prefs.js..extensions.enabledItems: 4 FF - prefs.js..extensions.enabledItems: 5 FF - prefs.js..extensions.enabledItems: 1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10 FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2008-09-22 17:37:44 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009-05-28 21:04:10 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009-05-03 12:21:03 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009-05-28 21:04:21 | 00,000,000 | ---D | M] [2008-09-13 22:56:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\dawid\Dane aplikacji\mozilla\Extensions [2008-09-13 22:56:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\dawid\Dane aplikacji\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009-05-28 22:43:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\dawid\Dane aplikacji\mozilla\Firefox\Profiles\jpxf05c3.default\extensions [2009-05-03 11:59:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\dawid\Dane aplikacji\mozilla\Firefox\Profiles\jpxf05c3.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2009-04-14 20:51:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\dawid\Dane aplikacji\mozilla\Firefox\Profiles\jpxf05c3.default\extensions\firefox@tvunetworks.com [2009-05-28 22:43:28 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions [2009-05-03 12:21:03 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009-05-28 21:04:22 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [2009-05-03 12:21:00 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll [2009-05-03 12:21:00 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll [2009-04-10 13:47:06 | 00,000,896 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2009-04-10 13:47:06 | 00,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2009-04-10 13:47:06 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml [2009-04-10 13:47:06 | 00,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2009-04-10 13:47:06 | 00,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2009-04-10 13:47:06 | 00,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2009-04-10 13:47:06 | 00,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml O1 HOSTS File: (686 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKU\S-1-5-21-1177238915-1767777339-839522115-1003\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated) O4 - HKLM..\Run: [Alcmtr] ALCMTR.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto (Microsoft Corporation) O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.) O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [Samsung Common SM] "C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun (Samsung Electronics.) O4 - HKLM..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun () O4 - HKLM..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.) O4 - HKLM..\Run: [svchost] c:\WINDOWS\svchost.exe () O4 - HKLM..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" () O4 - HKU\S-1-5-21-1177238915-1767777339-839522115-1003..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun (DT Soft Ltd) O4 - HKU\S-1-5-21-1177238915-1767777339-839522115-1003..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe.bin" /tray (Gadu-Gadu S.A.) O4 - HKU\S-1-5-21-1177238915-1767777339-839522115-1003..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation) O4 - HKU\S-1-5-21-1177238915-1767777339-839522115-1003..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog (Time Information Services Ltd.) O4 - HKU\S-1-5-21-1177238915-1767777339-839522115-1003..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray (Nokia) O4 - HKU\S-1-5-21-1177238915-1767777339-839522115-1003..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe File not found O4 - HKU\S-1-5-21-1177238915-1767777339-839522115-1003..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKU\S-1-5-21-1177238915-1767777339-839522115-1003..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" (BitTorrent, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-21-1177238915-1767777339-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-21-1177238915-1767777339-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1177238915-1767777339-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1 O7 - HKU\S-1-5-21-1177238915-1767777339-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: msconfig.exe = msconfig.exe O7 - HKU\S-1-5-21-1177238915-1767777339-839522115-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-21-1177238915-1767777339-839522115-1004\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-21-1177238915-1767777339-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1177238915-1767777339-839522115-1004_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 (Google Inc.) O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 (Microsoft Corporation) O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl.sun.com/webapps/download/AutoDL?BundleId=29223 (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{76AA1933-E812-483E-99DB-007DE845CAB8}\\NameServer = 80.85.224.2,80.85.224.50 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008-09-13 22:47:39 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{1a0f652e-0766-11de-bf9a-0016176c00aa}\Shell - "" = Autorun O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - * [2009-05-29 11:29:09 | 00,000,000 | ---D | M] [color=orange]========== Files/Folders - Created Within 30 Days ==========[/color] [4 C:\WINDOWS\*.tmp files] [2009-05-29 11:20:31 | 01,037,824 | RH-- | C] () -- C:\WINDOWS\svchost.exe [2009-05-29 11:11:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss [2009-05-29 11:05:55 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERUNT [2009-05-29 11:04:49 | 00,000,000 | ---D | C] -- C:\WINDOWS\CSC [2009-05-29 11:02:59 | 00,000,000 | ---D | C] -- C:\SDFix [2009-05-28 21:50:56 | 00,400,192 | ---- | C] () -- C:\Documents and Settings\dawid\Pulpit\Silent Runners.vbs [2009-05-28 21:04:34 | 00,000,000 | ---D | C] -- C:\WINDOWS\Sun [2009-05-28 21:04:09 | 00,000,000 | ---D | C] -- C:\Program Files\Java [2009-05-28 21:03:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\dawid\Dane aplikacji\Sun [2009-05-28 20:57:57 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\dawid\Pulpit\HijackThis.lnk [2009-05-28 20:57:57 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2009-05-27 14:53:16 | 00,014,617 | ---- | C] () -- C:\Documents and Settings\dawid\Pulpit\950541.JPG [2009-05-27 13:29:17 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\12520850b.dll [2009-05-22 09:24:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\dawid\Dane aplikacji\DC++ [2009-05-22 08:21:51 | 00,018,957 | ---- | C] () -- C:\Documents and Settings\dawid\Pulpit\7.jpg [2009-05-22 07:01:40 | 00,661,375 | ---- | C] () -- C:\Documents and Settings\dawid\Pulpit\Wady wzroku i ich korekty.pptx [2009-05-19 21:30:14 | 00,058,880 | -HS- | C] () -- C:\Documents and Settings\dawid\Pulpit\Thumbs.db [2009-05-19 20:45:34 | 00,077,140 | ---- | C] () -- C:\Documents and Settings\dawid\Pulpit\W�glowodany.pptx ** - C:\Documents and Settings\dawid\Pulpit\W?glowodany.pptx [2009-05-18 09:47:49 | 00,001,836 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Google Earth.lnk [2009-05-15 16:36:49 | 00,000,150 | --S- | C] () -- C:\WINDOWS\System32\3760311825.dat [2009-05-15 16:36:26 | 00,050,176 | RHS- | C] () -- C:\WINDOWS\System32\adsnwh.exe [2009-05-02 18:31:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\dawid\Dane aplikacji\Google [2009-05-02 18:31:00 | 00,001,032 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job [2009-05-02 18:30:43 | 00,000,972 | ---- | C] () -- C:\WINDOWS\tasks\Google Software Updater.job [2009-05-02 18:30:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Google Updater [2009-05-02 09:33:23 | 00,001,621 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Everest Poker.lnk [2009-05-02 09:29:34 | 00,000,000 | ---D | C] -- C:\Program Files\Everest Poker [2009-04-03 18:28:53 | 00,022,723 | ---- | C] () -- C:\WINDOWS\System32\ssp2ml3.dll [2008-11-02 20:10:39 | 00,000,083 | ---- | C] () -- C:\WINDOWS\mp3wavcon.ini [2008-11-02 20:10:08 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll [2008-10-19 11:18:30 | 00,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2008-09-18 14:35:06 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2008-09-14 11:25:27 | 00,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2008-09-14 11:25:27 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini [2008-09-14 11:25:26 | 00,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2008-09-14 11:25:25 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2008-09-14 11:25:25 | 00,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2008-09-14 11:25:24 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2008-09-14 11:25:24 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2008-09-13 23:02:46 | 00,135,168 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll [2007-03-29 23:00:40 | 00,203,264 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll [2004-08-04 00:44:00 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll [2004-07-17 11:36:38 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys [2001-07-21 22:16:20 | 00,000,522 | ---- | C] () -- C:\WINDOWS\win.ini [2001-07-21 22:15:52 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini [color=orange]========== Files - Modified Within 30 Days ==========[/color] [1 C:\WINDOWS\System32\*.tmp files] [4 C:\WINDOWS\*.tmp files] [2009-05-29 11:28:38 | 00,000,972 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job [2009-05-29 11:28:24 | 00,001,032 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job [2009-05-29 11:28:20 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\dawid\Ustawienia lokalne\desktop.ini [2009-05-29 11:28:20 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009-05-29 11:28:19 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009-05-29 11:20:31 | 01,037,824 | RH-- | M] () -- C:\WINDOWS\svchost.exe [2009-05-29 11:12:02 | 00,000,522 | ---- | M] () -- C:\WINDOWS\win.ini [2009-05-29 11:12:02 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2009-05-29 11:07:05 | 00,000,686 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS [2009-05-28 21:50:58 | 00,400,192 | ---- | M] () -- C:\Documents and Settings\dawid\Pulpit\Silent Runners.vbs [2009-05-28 20:57:57 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\dawid\Pulpit\HijackThis.lnk [2009-05-27 13:29:18 | 00,000,150 | --S- | M] () -- C:\WINDOWS\System32\3760311825.dat [2009-05-27 13:29:17 | 00,020,480 | ---- | M] () -- C:\WINDOWS\System32\12520850b.dll [2009-05-26 21:45:43 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009-05-22 08:26:45 | 00,661,375 | ---- | M] () -- C:\Documents and Settings\dawid\Pulpit\Wady wzroku i ich korekty.pptx [2009-05-22 08:21:55 | 00,058,880 | -HS- | M] () -- C:\Documents and Settings\dawid\Pulpit\Thumbs.db [2009-05-22 08:21:51 | 00,018,957 | ---- | M] () -- C:\Documents and Settings\dawid\Pulpit\7.jpg [2009-05-19 21:51:36 | 00,077,140 | ---- | M] () -- C:\Documents and Settings\dawid\Pulpit\W�glowodany.pptx ** - C:\Documents and Settings\dawid\Pulpit\W?glowodany.pptx [2009-05-18 09:47:49 | 00,001,836 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Google Earth.lnk [2009-05-17 13:04:09 | 00,000,038 | ---- | M] () -- C:\WINDOWS\avisplitter.ini [2009-05-16 18:45:58 | 35,191,6524 | ---- | M] () -- C:\Documents and Settings\dawid\Pulpit\aaa.rar [2009-05-15 16:36:18 | 00,050,176 | RHS- | M] () -- C:\WINDOWS\System32\adsnwh.exe [2009-05-02 09:33:23 | 00,001,621 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Everest Poker.lnk < End of report >

**Posty:** 18165 · przez **wojtas** 29 Maj 2009, 12:06

daj loga z http://download.bleepingcomputer.com/sUBs/ComboFix.exe

**Posty:** 276 · przez **regis_tarnow** 29 Maj 2009, 12:14

Kod: Zaznacz wszystko: ComboFix 09-05-28.07 - dawid 2009-05-29 12:08.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.1023.503 [GMT 2:00] Uruchomiony z: f:\download\ComboFix.exe UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !! . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\qoskim.dll c:\windows\svchost.exe c:\windows\system32\adsnwh.exe . ((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_BITSSCHEDULE -------\Legacy_EUKTVYWU -------\Service_BITSSchedule -------\Service_euktvywu ((((((((((((((((((((((((( Pliki utworzone od 2009-04-28 do 2009-05-29 ))))))))))))))))))))))))))))))) . 2009-05-29 09:05 . 2009-05-29 09:05 -------- d-----w c:\windows\ERUNT 2009-05-29 09:02 . 2009-05-29 09:11 -------- d-----w C:\SDFix 2009-05-28 19:04 . 2009-05-28 19:04 -------- d-----w c:\windows\Sun 2009-05-28 19:04 . 2009-05-28 19:04 410984 ----a-w c:\windows\system32\deploytk.dll 2009-05-28 19:04 . 2009-05-28 19:04 -------- d-----w c:\program files\Java 2009-05-28 19:03 . 2009-05-28 19:03 152576 ----a-w c:\documents and settings\dawid\Dane aplikacji\Sun\Java\jre1.6.0_13\lzma.dll 2009-05-28 18:57 . 2009-05-28 18:57 -------- d-----w c:\program files\Trend Micro 2009-05-27 11:29 . 2009-05-27 11:29 20480 ------w c:\windows\system32\12520850b.dll 2009-05-22 07:24 . 2009-05-22 07:25 -------- d-----w c:\documents and settings\dawid\Dane aplikacji\DC++ 2009-05-22 07:24 . 2009-05-22 07:24 -------- d-----w c:\documents and settings\dawid\Ustawienia lokalne\Dane aplikacji\DC++ 2009-05-15 14:36 . 2009-05-27 11:29 150 --s-a-w c:\windows\system32\3760311825.dat 2009-05-03 08:46 . 2009-05-03 08:46 -------- d-----w c:\documents and settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Google 2009-05-02 16:30 . 2009-05-28 14:34 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Google Updater 2009-05-02 07:29 . 2009-05-03 11:45 -------- d-----w c:\program files\Everest Poker . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-05-29 10:09 . 2008-09-13 20:59 -------- d-----w c:\documents and settings\dawid\Dane aplikacji\uTorrent 2009-05-28 19:48 . 2008-09-14 09:24 -------- d-----w c:\program files\PokerStars 2009-05-22 07:19 . 2009-02-27 06:31 -------- d-----w c:\program files\eMule 2009-05-18 07:47 . 2008-10-31 19:56 -------- d-----w c:\program files\Google 2009-05-17 21:44 . 2009-04-13 13:12 -------- d-----w c:\program files\Betsafe Poker 2009-05-17 20:05 . 2008-09-13 20:55 -------- d-----w c:\program files\Gadu-Gadu 2009-05-17 10:17 . 2008-09-14 14:53 -------- d-----w c:\program files\NAPI-PROJEKT 2009-04-23 12:33 . 2008-09-29 10:16 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Microsoft Help 2009-04-22 15:05 . 2008-09-14 12:18 -------- d-----w c:\documents and settings\dawid\Dane aplikacji\BESTplayer 2009-04-14 19:01 . 2009-04-14 19:00 -------- d-----w c:\program files\SopCast 2009-04-14 18:50 . 2009-04-14 18:50 -------- d-----w c:\program files\TVUPlayer 2009-04-14 18:50 . 2009-04-14 18:50 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\TVU Networks 2009-04-14 10:05 . 2008-09-14 11:27 -------- d-----w c:\program files\AutoHotkey 2009-04-05 14:20 . 2009-04-05 14:20 1878984 ----a-w c:\documents and settings\dawid\Dane aplikacji\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe 2009-04-03 18:33 . 2009-04-03 18:33 -------- d-----w c:\program files\Audacity 2009-04-03 17:49 . 2009-04-03 17:49 -------- d-----w c:\program files\AidemMedia 2009-04-03 16:28 . 2009-04-03 16:28 -------- d-----w c:\program files\Samsung 2009-03-29 14:58 . 2001-10-26 14:15 83660 ----a-w c:\windows\system32\perfc015.dat 2009-03-29 14:58 . 2001-10-26 14:15 490284 ----a-w c:\windows\system32\perfh015.dat 2009-03-26 03:11 . 2009-03-26 03:11 2082104 ----a-w c:\documents and settings\dawid\Dane aplikacji\Mozilla\Firefox\Profiles\jpxf05c3.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360] "Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe.bin" [2009-05-29 2127296] "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-04-10 270128] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952] "Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280] "PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-08-11 1124352] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-03 1667584] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-02 39408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352] "Samsung Common SM"="c:\windows\Samsung\ComSMMgr\ssmmgr.exe" [2005-07-03 372736] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440] "Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2008-04-14 536576] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-28 148888] "MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-03 159744] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-04-04 16120832] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\disallowrun] "msconfig.exe"= msconfig.exe "regedit.exe"= regedit.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32 "aux"= ctwdm32.dll "aux1"= ctwdm32.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Gadu-Gadu\\gg.exe"= "c:\\Program Files\\eMule\\emule.exe"= "c:\\Program Files\\SopCast\\adv\\SopAdver.exe"= "c:\\Program Files\\SopCast\\SopCast.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "8461:TCP"= 8461:TCP:GoD High Port "8462:TCP"= 8462:TCP:GoD Low Port R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\PostgreSQL\8.3\bin\pg_ctl.exe [2008-02-01 65536] S2 gupdate1c9cb4360db4540;Usługa Google Update (gupdate1c9cb4360db4540);c:\program files\Google\Update\GoogleUpdate.exe [2009-05-02 133104] S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?] . Zawartość folderu 'Zaplanowane zadania' 2009-05-29 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-31 16:30] 2009-05-29 c:\windows\Tasks\GoogleUpdateTaskMachine.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-02 16:30] . - - - - USUNIĘTO PUSTE WPISY - - - - HKCU-Run-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe SafeBoot-procexp90.Sys . ------- Skan uzupełniający ------- . uDefault_Search_URL = hxxp://www.google.com/ie uInternet Connection Wizard,ShellNext = hxxp://www.everestpoker.com/EA00E7/pl/promo/ uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: {76AA1933-E812-483E-99DB-007DE845CAB8} = 80.85.224.2,80.85.224.50 FF - ProfilePath - c:\documents and settings\dawid\Dane aplikacji\Mozilla\Firefox\Profiles\jpxf05c3.default\ FF - prefs.js: browser.startup.homepage - www.tlpoker.pl FF - plugin: c:\documents and settings\dawid\Dane aplikacji\Mozilla\Firefox\Profiles\jpxf05c3.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa2.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-05-29 12:10 Windows 5.1.2600 Dodatek Service Pack 2 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'winlogon.exe'(764) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(3584) c:\windows\system32\msi.dll . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\windows\system32\ati2evxx.exe c:\windows\system32\ati2evxx.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\wdfmgr.exe c:\program files\PostgreSQL\8.3\bin\postgres.exe c:\program files\PostgreSQL\8.3\bin\postgres.exe c:\program files\PostgreSQL\8.3\bin\postgres.exe c:\program files\PostgreSQL\8.3\bin\postgres.exe c:\program files\PostgreSQL\8.3\bin\postgres.exe c:\program files\PostgreSQL\8.3\bin\postgres.exe c:\program files\PC Connectivity Solution\ServiceLayer.exe c:\program files\Common Files\Nokia\MPAPI\MPAPI3s.exe c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe c:\program files\PC Connectivity Solution\Transports\NclIrSrv.exe c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe . ************************************************************************** . Czas ukończenia: 2009-05-29 12:12 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2009-05-29 10:12 Przed: 1 112 555 520 bajtów wolnych Po: 1 084 076 032 bajtów wolnych 182

**Posty:** 18165 · przez **wojtas** 29 Maj 2009, 12:18

co do tego bledu to przeinstaluj oprogramowanie od samsunga

Otworz notatnik i wklej w nim to:

File::
c:\windows\system32\12520850b.dll
c:\windows\system32\3760311825.dat

>>Plik>>Zapisz jako... >>> CFScript
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe
-->

Ma się rozpocząć usuwanie. (i powstanie log).Daj ten log, który powstanie w trakcie usuwania.

**Posty:** 276 · przez **regis_tarnow** 29 Maj 2009, 12:25

Kod: Zaznacz wszystko: ComboFix 09-05-28.07 - dawid 2009-05-29 12:23.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.1023.553 [GMT 2:00] Uruchomiony z: f:\download\ComboFix.exe Użyto następujących komend :: f:\download\CFScript.txt UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !! FILE :: "c:\windows\system32\12520850b.dll" "c:\windows\system32\3760311825.dat" . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\12520850b.dll c:\windows\system32\3760311825.dat . ((((((((((((((((((((((((( Pliki utworzone od 2009-04-28 do 2009-05-29 ))))))))))))))))))))))))))))))) . 2009-05-29 09:05 . 2009-05-29 09:05 -------- d-----w c:\windows\ERUNT 2009-05-29 09:02 . 2009-05-29 09:11 -------- d-----w C:\SDFix 2009-05-28 19:04 . 2009-05-28 19:04 -------- d-----w c:\windows\Sun 2009-05-28 19:04 . 2009-05-28 19:04 410984 ----a-w c:\windows\system32\deploytk.dll 2009-05-28 19:04 . 2009-05-28 19:04 -------- d-----w c:\program files\Java 2009-05-28 19:03 . 2009-05-28 19:03 152576 ----a-w c:\documents and settings\dawid\Dane aplikacji\Sun\Java\jre1.6.0_13\lzma.dll 2009-05-28 18:57 . 2009-05-28 18:57 -------- d-----w c:\program files\Trend Micro 2009-05-22 07:24 . 2009-05-22 07:25 -------- d-----w c:\documents and settings\dawid\Dane aplikacji\DC++ 2009-05-22 07:24 . 2009-05-22 07:24 -------- d-----w c:\documents and settings\dawid\Ustawienia lokalne\Dane aplikacji\DC++ 2009-05-03 08:46 . 2009-05-03 08:46 -------- d-----w c:\documents and settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Google 2009-05-02 16:30 . 2009-05-28 14:34 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Google Updater 2009-05-02 07:29 . 2009-05-03 11:45 -------- d-----w c:\program files\Everest Poker . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-05-29 10:21 . 2008-09-13 21:01 -------- d--h--w c:\program files\InstallShield Installation Information 2009-05-29 10:20 . 2008-09-13 20:59 -------- d-----w c:\documents and settings\dawid\Dane aplikacji\uTorrent 2009-05-28 19:48 . 2008-09-14 09:24 -------- d-----w c:\program files\PokerStars 2009-05-22 07:19 . 2009-02-27 06:31 -------- d-----w c:\program files\eMule 2009-05-18 07:47 . 2008-10-31 19:56 -------- d-----w c:\program files\Google 2009-05-17 21:44 . 2009-04-13 13:12 -------- d-----w c:\program files\Betsafe Poker 2009-05-17 20:05 . 2008-09-13 20:55 -------- d-----w c:\program files\Gadu-Gadu 2009-05-17 10:17 . 2008-09-14 14:53 -------- d-----w c:\program files\NAPI-PROJEKT 2009-04-23 12:33 . 2008-09-29 10:16 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Microsoft Help 2009-04-22 15:05 . 2008-09-14 12:18 -------- d-----w c:\documents and settings\dawid\Dane aplikacji\BESTplayer 2009-04-14 19:01 . 2009-04-14 19:00 -------- d-----w c:\program files\SopCast 2009-04-14 18:50 . 2009-04-14 18:50 -------- d-----w c:\program files\TVUPlayer 2009-04-14 18:50 . 2009-04-14 18:50 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\TVU Networks 2009-04-14 10:05 . 2008-09-14 11:27 -------- d-----w c:\program files\AutoHotkey 2009-04-05 14:20 . 2009-04-05 14:20 1878984 ----a-w c:\documents and settings\dawid\Dane aplikacji\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe 2009-04-03 18:33 . 2009-04-03 18:33 -------- d-----w c:\program files\Audacity 2009-04-03 17:49 . 2009-04-03 17:49 -------- d-----w c:\program files\AidemMedia 2009-04-03 16:28 . 2009-04-03 16:28 -------- d-----w c:\program files\Samsung 2009-03-29 14:58 . 2001-10-26 14:15 83660 ----a-w c:\windows\system32\perfc015.dat 2009-03-29 14:58 . 2001-10-26 14:15 490284 ----a-w c:\windows\system32\perfh015.dat 2009-03-26 03:11 . 2009-03-26 03:11 2082104 ----a-w c:\documents and settings\dawid\Dane aplikacji\Mozilla\Firefox\Profiles\jpxf05c3.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll . ((((((((((((((((((((((((((((( SnapShot@2009-05-29_10.10.57 ))))))))))))))))))))))))))))))))))))))))) . + 2008-10-18 11:12 . 2005-03-14 05:01 41984 c:\windows\system32\drivers\DGIVECP.SYS - 2008-10-18 11:12 . 2008-01-10 01:34 41984 c:\windows\system32\drivers\DGIVECP.SYS . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360] "Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe.bin" [2009-05-29 2127296] "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-04-10 270128] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952] "Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280] "PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-08-11 1124352] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-03 1667584] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-02 39408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440] "Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2008-04-14 536576] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-28 148888] "MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-03 159744] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-04-04 16120832] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\disallowrun] "msconfig.exe"= msconfig.exe "regedit.exe"= regedit.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32 "aux"= ctwdm32.dll "aux1"= ctwdm32.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Gadu-Gadu\\gg.exe"= "c:\\Program Files\\eMule\\emule.exe"= "c:\\Program Files\\SopCast\\adv\\SopAdver.exe"= "c:\\Program Files\\SopCast\\SopCast.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "8461:TCP"= 8461:TCP:GoD High Port "8462:TCP"= 8462:TCP:GoD Low Port R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\PostgreSQL\8.3\bin\pg_ctl.exe [2008-02-01 65536] S2 gupdate1c9cb4360db4540;Usługa Google Update (gupdate1c9cb4360db4540);c:\program files\Google\Update\GoogleUpdate.exe [2009-05-02 133104] S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?] . Zawartość folderu 'Zaplanowane zadania' 2009-05-29 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-31 16:30] 2009-05-29 c:\windows\Tasks\GoogleUpdateTaskMachine.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-02 16:30] . - - - - USUNIĘTO PUSTE WPISY - - - - HKLM-Run-Samsung Common SM - c:\windows\Samsung\ComSMMgr\ssmmgr.exe . ------- Skan uzupełniający ------- . uDefault_Search_URL = hxxp://www.google.com/ie uInternet Connection Wizard,ShellNext = hxxp://www.everestpoker.com/EA00E7/pl/promo/ uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: {76AA1933-E812-483E-99DB-007DE845CAB8} = 80.85.224.2,80.85.224.50 FF - ProfilePath - c:\documents and settings\dawid\Dane aplikacji\Mozilla\Firefox\Profiles\jpxf05c3.default\ FF - prefs.js: browser.startup.homepage - www.tlpoker.pl FF - plugin: c:\documents and settings\dawid\Dane aplikacji\Mozilla\Firefox\Profiles\jpxf05c3.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa2.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-05-29 12:24 Windows 5.1.2600 Dodatek Service Pack 2 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'winlogon.exe'(764) c:\windows\system32\Ati2evxx.dll . Czas ukończenia: 2009-05-29 12:25 ComboFix-quarantined-files.txt 2009-05-29 10:24 ComboFix2.txt 2009-05-29 10:12 Przed: 1 093 017 600 bajtów wolnych Po: 1 081 532 416 bajtów wolnych 155

**Posty:** 18165 · przez **wojtas** 29 Maj 2009, 14:04

1.Uruchom OTListIt2 z opcji CleanUp
2. wykonaj optymalizację windowsa
3.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem
4. Wykonaj skan Dr. Web CureIt
5. Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum.

i tym (skasuj co znajdzie)

Malwarebytes Anti-Malware

Jeśli masz Adobe Reader to zaaktualizuj go do najnowszej wersji

**Posty:** 276 · przez **regis_tarnow** 30 Maj 2009, 11:19

zrobilem wszystko, dr web curelt nic nie znalazl, kaspersky rowniez. wrzucic jeszcze jakies logi czy juz wszystko ok?

**Posty:** 18165 · przez **wojtas** 30 Maj 2009, 12:49

ok.

Autor postu otrzymał pochwałę

Kto jest na forum