Problem raz odpala raz nie ...
Spyware i problem z aktualizajcja bazy spyware i
Problem z zamykaniem Word 2007, Power Point 2007
ROUTER WIFI PLANET WRT-414 AP CLIENT - wielki problem
Problem z Corel Paint Shop Pro Photo XI
Problem z poprawnym działaniem gry Panzer Elite Action.
Problem z nowym ramem - ciągły zrzut pamięci i BSODy
Problem z płytą główną Gigabyte GA-M56S-S3
duzy problem. silnik charczy i grzeje sie nawet do 140st.
problem z mocą, itp na mono wtrysku z 1.6l i z 91'
chomiki
Witam,Problem dotyczy startu systemu (XP Prof.). Z nieznanej mi przyczyny uruchomieniu kompa pojawiał się komunikat "floppy disk error 80" (przed załadowaniem systemu) i na tym kończyła się praca... jednak nie za każdym razem. Po kilkunasty rst-ach systemowi udało się załadować, więc zrobiłam aktulizację (z płyty-opcja "napraw"). Pomogło to o tyle, że system ładuje się za każdym razem, jednak nieprawidłowo (pojawia się pulpit bez ikon, więc uruchamiam "mng zadań" usuwam plik QickDCF.exe, który moim zdaniem jest winowajcą i w tym momencie tapeta znika, pojawiają się ikony, a we właściwościach ekranu w zakładce "pulpit" lista jest niedostępna, "przeglądaj" również). Aplikacje GG, eMule, Skype uruchamiane przy starcie systemu również mają problem z załadowaniem... Komp sprawdzany ArcaMicroScan, Kaspersky, PC Tools i nic.
Pls help...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:35:30, on 2007-09-22
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
[quote]Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\soundman.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\NASZ\programy\nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\vsnpstd.exe
D:\NASZ\programy\antywirus\PC Tools AntiVirus\PCTAV.exe
C:\WINDOWS\system32\ctfmon.exe
D:\NASZ\programy\Gadu-Gadu\gg.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
D:\NASZ\programy\antywirus\PC Tools AntiVirus\PCTAVSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
D:\NASZ\programy\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tpi.pl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.interia.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: WebAssist - {85589B5D-D53D-4237-A677-46B82EA275F3} - C:\WINDOWS\WebAssist.dll
O2 - BHO: (no name) - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O4 - HKLM\..\Run: [C-Media Mixer] C:\Program Files\PCI Audio Applications\Bin\AudioRack.exe /MixerStartup
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [setup] E:\REGSET\Demo\Demo.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [QD FastAndSafe] C:\Program Files\Norton SystemWorks\Norton CleanSweep\QDCSFS.exe /scheduler
O4 - HKLM\..\Run: [QuickTime Task] "D:\nasz\programy\quicktime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [System] C:\WINDOWS\system32\kernels32.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\NASZ\programy\nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [PCTAVApp] "D:\NASZ\programy\antywirus\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [Gadu-Gadu] "D:\NASZ\programy\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\Run: [eMuleAutoStart] D:\NASZ\programy\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virusscanner/kavwebscan_unicode.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAccess/ie/bridge-c5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://arcaonline.arcabit.com/ArcaOnline.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1167774934584
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game10.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} - http://skaner.mks.com.pl/SkanerOnline.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - D:\NASZ\programy\antywirus\PC Tools AntiVirus\PCTAVSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: SymWMI Service (SymWSC) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (file missing)[/quote]--
End of file - 7976 bytes
Masz kamerkę internetową? > C:\WINDOWS\vsnpstd.exe
FIX
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O2 - BHO: WebAssist - {85589B5D-D53D-4237-A677-46B82EA275F3} - C:\WINDOWS\WebAssist.dll
O2 - BHO: (no name) - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - (no file)
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates...e/bridge-c5.cab
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
Usuń plik na czerwono i fix
O4 - HKLM\..\Run: [System] C:\WINDOWS\system32\kernels32.exe
Jeżeli używasz tego, OK, jeśli nie to uninstalyuj to dodaj usuń, bo to spowalnia neta…
To jest taki pasek w przeglądarce…
i FIX
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
jest kamerka w ścieżce.
Po usunięciu wskazanych wygląda to tak:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:57:22, on 2007-09-22
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\soundman.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\NASZ\programy\nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\vsnpstd.exe
D:\NASZ\programy\antywirus\PC Tools AntiVirus\PCTAV.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
D:\NASZ\programy\eMule\emule.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
D:\NASZ\programy\antywirus\PC Tools AntiVirus\PCTAVSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
D:\NASZ\programy\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tpi.pl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.interia.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O4 - HKLM\..\Run: [C-Media Mixer] C:\Program Files\PCI Audio Applications\Bin\AudioRack.exe /MixerStartup
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [setup] E:\REGSET\Demo\Demo.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [QD FastAndSafe] C:\Program Files\Norton SystemWorks\Norton CleanSweep\QDCSFS.exe /scheduler
O4 - HKLM\..\Run: [QuickTime Task] "D:\nasz\programy\quicktime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\NASZ\programy\nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [PCTAVApp] "D:\NASZ\programy\antywirus\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [Gadu-Gadu] "D:\NASZ\programy\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\Run: [eMuleAutoStart] D:\NASZ\programy\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virusscanner/kavwebscan_unicode.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAccess/ie/bridge-c5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://arcaonline.arcabit.com/ArcaOnline.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1167774934584
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game10.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} - http://skaner.mks.com.pl/SkanerOnline.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - D:\NASZ\programy\antywirus\PC Tools AntiVirus\PCTAVSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: SymWMI Service (SymWSC) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (file missing)
--
End of file - 7143 bytes
Poza tym roblem nie zniknął: nadal apl muszę odpalać "z łapy", pulpit jest pusty mimo ustawienia tapety (pojawia się na chwilę przed ikonami pulpitu przy ładowaniu), a wszystko w zakładce "pulpit" we "właściwościach ekranu" jest niedostępne. Ręce opadają...
a skanowałaś kompa antywirusem?
... a ze swojej strony zmień przeglądarke
pewnie, nie czytałeś pierwszego post'u!!
sorry zapomniałem...
fixowałeś to?? i usuń plik (miało być łaś, bo kobieta jesteś, hehe - sorry)
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
po za tym nie widzę nic, nich ktoś obluka bardziej doświadczony w tej kwestii, bo ja tu tylko sprzątam
PS//jesteś z tego samego miasta co JA, jak tu trafiłaś?
To
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) jest fragmentem tego - http://www.symantec.com/s...-091617-4648-99
Ściągnij i użyj http://securityresponse.s...er/FxNetOpt.exe
Dodatkowo nie zostało usunięte
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates...e/bridge-c5.cab
Po uzyciu narzędzia i kasacji tego co Asdef wskazał pokaż nowego loga Hijacka + loga Silent Runners (jak Symantec ma jakąś ochrone przed uruchamianiem skryptów to może być konieczność wyłączenia jej najpierw)
Resztą zajmiemy się po pokazaniu loga Silent Runners
Witam:)
FxNetOpt.exe nic nie znalazł, usunełam:
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} http://static.windupdates...e/bridge-c5.cab i
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe.
Jest jeszcze kwestia plików w ścieżce C:\WINDOWS\Prefetch. Jest ich tam 65, m. in. WUAUCLT.EXE-399A8E72.pf, ekspertem nie jestem, więc może się mylę, ale to "podwójne" rozszerzenie jakoś mi się nie podoba-pls oświćcie "łotsdys"?
PS. ASdef: bo to małe miasto i jest nawet duże pdp, że się znamy:)) a forum wyguglałam w akcie desperackiego poszukiwania pomocy;)
Logi wyglądają tak:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:02:05, on 2007-09-23
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\soundman.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\NASZ\programy\nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\vsnpstd.exe
D:\NASZ\programy\antywirus\PC Tools AntiVirus\PCTAV.exe
C:\WINDOWS\system32\ctfmon.exe
D:\NASZ\programy\Gadu-Gadu\gg.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
D:\NASZ\programy\antywirus\PC Tools AntiVirus\PCTAVSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\wscntfy.exe
D:\NASZ\programy\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tpi.pl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.interia.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O4 - HKLM\..\Run: [C-Media Mixer] C:\Program Files\PCI Audio Applications\Bin\AudioRack.exe /MixerStartup
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [setup] E:\REGSET\Demo\Demo.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [QD FastAndSafe] C:\Program Files\Norton SystemWorks\Norton CleanSweep\QDCSFS.exe /scheduler
O4 - HKLM\..\Run: [QuickTime Task] "D:\nasz\programy\quicktime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\NASZ\programy\nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [PCTAVApp] "D:\NASZ\programy\antywirus\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [Gadu-Gadu] "D:\NASZ\programy\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [eMuleAutoStart] D:\NASZ\programy\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/r...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://arcaonline.arcabit.com/ArcaOnline.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.c...b?1167774934584
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game10.zylom.com/a...gamesplayer.cab
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} - http://skaner.mks.com.pl/SkanerOnline.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - D:\NASZ\programy\antywirus\PC Tools AntiVirus\PCTAVSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: SymWMI Service (SymWSC) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (file missing)
--
End of file - 6991 bytes
"Silent Runners.vbs", revision 52, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"NBJ" = ""C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"" ["Ahead Software AG"]
"Gadu-Gadu" = ""D:\NASZ\programy\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu S.A."]
"Skype" = ""C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."]
"eMuleAutoStart" = "D:\NASZ\programy\eMule\emule.exe -AutoStart" ["http://www.emule-project.net"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"C-Media Mixer" = "C:\Program Files\PCI Audio Applications\Bin\AudioRack.exe /MixerStartup" ["C-Media Electronic Inc."]
"SoundMan" = "soundman.exe" ["Avance Logic, Inc."]
"Symantec NetDriver Monitor" = "C:\PROGRA~1\SYMNET~1\SNDMon.exe" [file not found]
"AcctMgr" = "C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup" ["Symantec Corporation"]
"RemoteControl" = ""C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"" ["Cyberlink Corp."]
"OrderReminder" = "C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe" ["Hewlett-Packard"]
"setup" = "E:\REGSET\Demo\Demo.exe" [file not found]
"REGSHAVE" = "C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN" ["FUJI PHOTO FILM CO., LTD."]
"SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"" ["Sun Microsystems, Inc."]
"QD FastAndSafe" = "C:\Program Files\Norton SystemWorks\Norton CleanSweep\QDCSFS.exe /scheduler" [file not found]
"QuickTime Task" = ""D:\nasz\programy\quicktime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"PCSuiteTrayApplication" = "D:\NASZ\programy\nokia\Nokia PC Suite 6\LaunchApplication.exe -startup" ["Nokia"]
"snpstd" = "C:\WINDOWS\vsnpstd.exe" [empty string]
"PCTAVApp" = ""D:\NASZ\programy\antywirus\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN" ["PC Tools Research Pty Ltd"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
{HKLM...CLSID} = "Adobe PDF Reader Link Helper"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
{HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll" ["Sun Microsystems, Inc."]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
{HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
{HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
{HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{57C51AF9-DEF7-11D3-A801-00C04F163490}" = "Ghost Shell Extension"
{HKLM...CLSID} = "PropPage Class"
\InProcServer32\(Default) = "C:\Program Files\Norton SystemWorks\Norton Ghost\GhoShExt.dll" ["Symantec Corporation"]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
{HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
{HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
{HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
{HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
{HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler"
{HKLM...CLSID} = "Microsoft Office Metadata Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]
"{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler"
{HKLM...CLSID} = "Microsoft Office Thumbnail Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Eksplorator pulpitów"
{HKLM...CLSID} = "Eksplorator pulpitów"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
{HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}" = "PhoneBrowser"
{HKLM...CLSID} = "Nokia Phone Browser"
\InProcServer32\(Default) = "D:\NASZ\programy\nokia\Nokia PC Suite 6\PhoneBrowser.dll" ["Nokia"]
HKLM\Software\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
{HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]
HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
{HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
PCTAVShellExtension\(Default) = "{AEEAEC2D-7EE9-4C66-937C-80BF8B03FD54}"
{HKLM...CLSID} = "PCTAVShlExt Class"
\InProcServer32\(Default) = "D:\NASZ\programy\antywirus\PC Tools AntiVirus\PCTAVShellExtension.dll" ["PC Tools Research Pty Ltd"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
{HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
PCTAVShellExtension\(Default) = "{AEEAEC2D-7EE9-4C66-937C-80BF8B03FD54}"
{HKLM...CLSID} = "PCTAVShlExt Class"
\InProcServer32\(Default) = "D:\NASZ\programy\antywirus\PC Tools AntiVirus\PCTAVShellExtension.dll" ["PC Tools Research Pty Ltd"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
{HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
{HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------
Note: detected settings may not have any effect.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
"NoActiveDesktop" = (REG_DWORD) hex:0x00000000
{User Configuration|Administrative Templates|Desktop|Desktop / Active Desktop|
Disable Active Desktop}
"ClassicShell" = (REG_DWORD) hex:0x00000000
{User Configuration|Administrative Templates|Windows Components|Windows Explorer|
Enable Classic Shell / Turn on Classic Shell}
"ForceActiveDesktopOn" = (REG_DWORD) hex:0x00000001
{User Configuration|Administrative Templates|Desktop|Desktop / Active Desktop|
Enable Active Desktop}
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\
"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}
"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be enabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Ania\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"
Enabled Screen Saver:
---------------------
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\system32\logon.scr" [MS]
Startup items in "Ania" & "All Users" startup folders:
------------------------------------------------------
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
"Adobe Reader Speed Launch" shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]
"Exif Launcher" shortcut to: "C:\Program Files\FinePixViewer\QuickDCF.exe" ["FUJI PHOTO FILM CO., LTD."]
Enabled Scheduled Tasks:
------------------------
"At1" launches: "C:\WINDOWS\system32\l0X60wB5.exe" [file not found]
"At10" launches: "C:\WINDOWS\system32\l0X60wB5.exe" [file not found]
"At11" launches: "C:\WINDOWS\system32\l0X60wB5.exe" [file not found]
"At12" launches: "C:\WINDOWS\system32\l0X60wB5.exe" [file not found]
"At13" launches: "C:\WINDOWS\system32\l0X60wB5.exe" [file not found]
"At14" launches: "C:\WINDOWS\system32\l0X60wB5.exe" [file not found]
"At15" launches: "C:\WINDOWS\system32\l0X60wB5.exe" [file not found]
"At16" launches: "C:\WINDOWS\system32\l0X60wB5.exe" [file not found]
"At17" launches: "C:\WINDOWS\system32\l0X60wB5.exe" [file not found]
"At18" launches: "C:\WINDOWS\system32\l0X60wB5.exe" [file not found]
"At19" launches: "C:\WINDOWS\system32\l0X60wB5.exe" [file not found]
"At2" launches: "C:\WINDOWS\system32\l0X60wB5.exe" [file not found]
"At20" launches: "C:\WINDOWS\system32\l0X60wB5.exe" [file not found]
"At21" launches: "C:\WINDOWS\system32\l0X60wB5.exe" [file not found]
"At22" launches: "C:\WINDOWS\system32\l0X60wB5.exe" [file not found]
"At23" launches: "C:\WINDOWS\system32\l0X60wB5.exe" [file not found]
"At24" launches: "C:\WINDOWS\system32\l0X60wB5.exe" [file not found]
"At25" launches: "C:\WINDOWS\system32\6L7HLW74.exe" [file not found]
"At26" launches: "C:\WINDOWS\system32\6L7HLW74.exe" [file not found]
"At27" launches: "C:\WINDOWS\system32\6L7HLW74.exe" [file not found]
"At28" launches: "C:\WINDOWS\system32\6L7HLW74.exe" [file not found]
"At29" launches: "C:\WINDOWS\system32\6L7HLW74.exe" [file not found]
"At3" launches: "C:\WINDOWS\system32\l0X60wB5.exe" [file not found]
"At30" launches: "C:\WINDOWS\system32\6L7HLW74.exe" [file not found]
"At31" launches: "C:\WINDOWS\system32\6L7HLW74.exe" [file not found]
"At32" launches: "C:\WINDOWS\system32\6L7HLW74.exe" [file not found]
"At33" launches: "C:\WINDOWS\system32\6L7HLW74.exe" [file not found]
"At34" launches: "C:\WINDOWS\system32\6L7HLW74.exe" [file not found]
"At35" launches: "C:\WINDOWS\system32\6L7HLW74.exe" [file not found]
"At36" launches: "C:\WINDOWS\system32\6L7HLW74.exe" [file not found]
"At37" launches: "C:\WINDOWS\system32\6L7HLW74.exe" [file not found]
"At38" launches: "C:\WINDOWS\system32\6L7HLW74.exe" [file not found]
"At39" launches: "C:\WINDOWS\system32\6L7HLW74.exe" [file not found]
"At4" launches: "C:\WINDOWS\system32\l0X60wB5.exe" [file not found]
"At40" launches: "C:\WINDOWS\system32\6L7HLW74.exe" [file not found]
"At41" launches: "C:\WINDOWS\system32\6L7HLW74.exe" [file not found]
"At42" launches: "C:\WINDOWS\system32\6L7HLW74.exe" [file not found]
"At43" launches: "C:\WINDOWS\system32\6L7HLW74.exe" [file not found]
"At44" launches: "C:\WINDOWS\system32\6L7HLW74.exe" [file not found]
"At45" launches: "C:\WINDOWS\system32\6L7HLW74.exe" [file not found]
"At46" launches: "C:\WINDOWS\system32\6L7HLW74.exe" [file not found]
"At47" launches: "C:\WINDOWS\system32\6L7HLW74.exe" [file not found]
"At48" launches: "C:\WINDOWS\system32\6L7HLW74.exe" [file not found]
"At5" launches: "C:\WINDOWS\system32\l0X60wB5.exe" [file not found]
"At6" launches: "C:\WINDOWS\system32\l0X60wB5.exe" [file not found]
"At7" launches: "C:\WINDOWS\system32\l0X60wB5.exe" [file not found]
"At8" launches: "C:\WINDOWS\system32\l0X60wB5.exe" [file not found]
"At9" launches: "C:\WINDOWS\system32\l0X60wB5.exe" [file not found]
"Funkcja One Button Checkup pakietu Norton SystemWorks" launches: "C:\Program Files\Norton SystemWorks\OBC.exe /CUSTOM /SCHEDULE" [file not found]
"Symantec Drmc" launches: "C:\Program Files\Common Files\Symantec Shared\SymDrmc.exe /CUSTOM /SCHEDULE" [file not found]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
{HKLM...CLSID} = "Yahoo! Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" [file not found]
Explorer Bars
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Badanie"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}"
{HKCU...CLSID} = "Java Plug-in 1.5.0_11"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll" ["Sun Microsystems, Inc."]
{HKLM...CLSID} = "Java Plug-in 1.5.0_11"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll" ["Sun Microsystems, Inc."]
{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Badanie"
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
Norton Unerase Protection, NProtectService, "C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE" ["Symantec Corporation"]
PC Tools AntiVirus Engine, PCTAVSvc, ""D:\NASZ\programy\antywirus\PC Tools AntiVirus\PCTAVSvc.exe"" ["PC Tools Research Pty Ltd"]
Remote Procedure Call (RPC) Extensions, gb, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {(missing data)}
ServiceLayer, ServiceLayer, ""C:\Program Files\PC Connectivity Solution\ServiceLayer.exe"" ["Nokia."]
Speed Disk service, Speed Disk service, "C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE" ["Symantec Corporation"]
Symantec Network Drivers Service, SNDSrvc, ""C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"" ["Symantec Corporation"]
Print Monitors:
---------------
HKLM\System\CurrentControlSet\Control\Print\Monitors\
HPLJ1020LM\Driver = "ZLhp1020.DLL" ["Zenographics, Inc."]
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]
---------- (launch time: 2007-09-23 13:02:33)
<<!>>: Suspicious data at a malware launch point.
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 134 seconds, including 18 seconds for message boxes)
Skasuj wpis ForceActiveDesktopOn z klucza HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
"Exif Launcher" shortcut to: "C:\Program Files\FinePixViewer\QuickDCF.exe" ["FUJI PHOTO FILM CO., LTD."]
"At1" launches: "C:\WINDOWS\system32\l0X60wB5.exe" [file not found]
"At10" launches: "C:\WINDOWS\system32\l0X60wB5.exe" [file not found]
"At11" launches: "C:\WINDOWS\system32\l0X60wB5.exe" [file not found]
"At12" launches: "C:\WINDOWS\system32\l0X60wB5.exe" [file not found]
"At13" launches: "C:\WINDOWS\system32\l0X60wB5.exe" [file not found]
"At14" launches: "C:\WINDOWS\system32\l0X60wB5.exe" [file not found]
"At15" launches: "C:\WINDOWS\system32\l0X60wB5.exe" [file not found]
"At16" launches: "C:\WINDOWS\system32\l0X60wB5.exe" [file not found]
"At17" launches: "C:\WINDOWS\system32\l0X60wB5.exe" [file not found]
"At18" launches: "C:\WINDOWS\system32\l0X60wB5.exe" [file not found]
"At19" launches: "C:\WINDOWS\system32\l0X60wB5.exe" [file not found]
"At2" launches: "C:\WINDOWS\system32\l0X60wB5.exe" [file not found]
"At20" launches: "C:\WINDOWS\system32\l0X60wB5.exe" [file not found]
"At21" launches: "C:\WINDOWS\system32\l0X60wB5.exe" [file not found]
"At22" launches: "C:\WINDOWS\system32\l0X60wB5.exe" [file not found]
"At23" launches: "C:\WINDOWS\system32\l0X60wB5.exe" [file not found]
"At24" launches: "C:\WINDOWS\system32\l0X60wB5.exe" [file not found]
"At25" launches: "C:\WINDOWS\system32\6L7HLW74.exe" [file not found]
"At26" launches: "C:\WINDOWS\system32\6L7HLW74.exe" [file not found]
"At27" launches: "C:\WINDOWS\system32\6L7HLW74.exe" [file not found]
"At28" launches: "C:\WINDOWS\system32\6L7HLW74.exe" [file not found]
"At29" launches: "C:\WINDOWS\system32\6L7HLW74.exe" [file not found]
"At3" launches: "C:\WINDOWS\system32\l0X60wB5.exe" [file not found]
"At30" launches: "C:\WINDOWS\system32\6L7HLW74.exe" [file not found]
"At31" launches: "C:\WINDOWS\system32\6L7HLW74.exe" [file not found]
"At32" launches: "C:\WINDOWS\system32\6L7HLW74.exe" [file not found]
"At33" launches: "C:\WINDOWS\system32\6L7HLW74.exe" [file not found]
"At34" launches: "C:\WINDOWS\system32\6L7HLW74.exe" [file not found]
"At35" launches: "C:\WINDOWS\system32\6L7HLW74.exe" [file not found]
"At36" launches: "C:\WINDOWS\system32\6L7HLW74.exe" [file not found]
"At37" launches: "C:\WINDOWS\system32\6L7HLW74.exe" [file not found]
"At38" launches: "C:\WINDOWS\system32\6L7HLW74.exe" [file not found]
"At39" launches: "C:\WINDOWS\system32\6L7HLW74.exe" [file not found]
"At4" launches: "C:\WINDOWS\system32\l0X60wB5.exe" [file not found]
"At40" launches: "C:\WINDOWS\system32\6L7HLW74.exe" [file not found]
"At41" launches: "C:\WINDOWS\system32\6L7HLW74.exe" [file not found]
"At42" launches: "C:\WINDOWS\system32\6L7HLW74.exe" [file not found]
"At43" launches: "C:\WINDOWS\system32\6L7HLW74.exe" [file not found]
"At44" launches: "C:\WINDOWS\system32\6L7HLW74.exe" [file not found]
"At45" launches: "C:\WINDOWS\system32\6L7HLW74.exe" [file not found]
"At46" launches: "C:\WINDOWS\system32\6L7HLW74.exe" [file not found]
"At47" launches: "C:\WINDOWS\system32\6L7HLW74.exe" [file not found]
"At48" launches: "C:\WINDOWS\system32\6L7HLW74.exe" [file not found]
"At5" launches: "C:\WINDOWS\system32\l0X60wB5.exe" [file not found]
"At6" launches: "C:\WINDOWS\system32\l0X60wB5.exe" [file not found]
"At7" launches: "C:\WINDOWS\system32\l0X60wB5.exe" [file not found]
"At8" launches: "C:\WINDOWS\system32\l0X60wB5.exe" [file not found]
"At9" launches: "C:\WINDOWS\system32\l0X60wB5.exe" [file not found]
Sprawdź czy w zaplanowanych zadaniach widać to co powyżej. Jak tak to skasuj te zadania. Upewnij się, że plików
"C:\WINDOWS\system32\6L7HLW74.exe"
"C:\WINDOWS\system32\l0X60wB5.exe"
reczywiście nie ma. Jak są to skasuj je.
Jak wpisów nie będzie widać to uruchom wpiersz polecenia (start uruchom cmd) i wydaj tam polecenia
cd c:\windows\tasks
attrib -h -r -s at*.*
del at*.*
Ściągnij plik http://www.kellys-korner-...displaytabs.reg i dwuklikiem scal go z rejestrem. Sprawdź czy zakładki ekranu powróciły.
Po robocie logi - HIjacka, Silent Runners i dodatkowo ComboFix http://cybertrash.pl/images/tata/ComboFix.html
...Wydaje się, że po bólu: zawartość zakładek dostępna - super:))
Jednak po rst dostałam komunikat:
1."Plik ConAPI.dll niedostępny. Nie można uruchomić aplikacji. Ponowne zainstalowanie powinno rozwiązać problem":o
2. Centrum zabezpieczeń: czy nadal blokować eMule.exe - odblokowałąm.
Poniżej logi po "operacji-reanimacji";)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:26:49, on 2007-09-23
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\soundman.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
D:\nasz\programy\quicktime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\NASZ\programy\nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\vsnpstd.exe
D:\NASZ\programy\antywirus\PC Tools AntiVirus\PCTAV.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
D:\NASZ\programy\eMule\emule.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
D:\NASZ\programy\antywirus\PC Tools AntiVirus\PCTAVSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\wscntfy.exe
D:\NASZ\programy\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tpi.pl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.interia.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O4 - HKLM\..\Run: [C-Media Mixer] C:\Program Files\PCI Audio Applications\Bin\AudioRack.exe /MixerStartup
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [setup] E:\REGSET\Demo\Demo.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [QD FastAndSafe] C:\Program Files\Norton SystemWorks\Norton CleanSweep\QDCSFS.exe /scheduler
O4 - HKLM\..\Run: [QuickTime Task] "D:\nasz\programy\quicktime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\NASZ\programy\nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [PCTAVApp] "D:\NASZ\programy\antywirus\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [Gadu-Gadu] "D:\NASZ\programy\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [eMuleAutoStart] D:\NASZ\programy\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/r...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://arcaonline.arcabit.com/ArcaOnline.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.c...b?1167774934584
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game10.zylom.com/a...gamesplayer.cab
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} - http://skaner.mks.com.pl/SkanerOnline.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - D:\NASZ\programy\antywirus\PC Tools AntiVirus\PCTAVSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: SymWMI Service (SymWSC) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (file missing)
--
End of file - 6939 bytes
"Silent Runners.vbs", revision 52, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"NBJ" = ""C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"" ["Ahead Software AG"]
"Gadu-Gadu" = ""D:\NASZ\programy\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu S.A."]
"Skype" = ""C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."]
"eMuleAutoStart" = "D:\NASZ\programy\eMule\emule.exe -AutoStart" ["http://www.emule-project.net"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"C-Media Mixer" = "C:\Program Files\PCI Audio Applications\Bin\AudioRack.exe /MixerStartup" ["C-Media Electronic Inc."]
"SoundMan" = "soundman.exe" ["Avance Logic, Inc."]
"Symantec NetDriver Monitor" = "C:\PROGRA~1\SYMNET~1\SNDMon.exe" [file not found]
"AcctMgr" = "C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup" ["Symantec Corporation"]
"RemoteControl" = ""C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"" ["Cyberlink Corp."]
"OrderReminder" = "C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe" ["Hewlett-Packard"]
"setup" = "E:\REGSET\Demo\Demo.exe" [file not found]
"REGSHAVE" = "C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN" ["FUJI PHOTO FILM CO., LTD."]
"SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"" ["Sun Microsystems, Inc."]
"QD FastAndSafe" = "C:\Program Files\Norton SystemWorks\Norton CleanSweep\QDCSFS.exe /scheduler" [file not found]
"QuickTime Task" = ""D:\nasz\programy\quicktime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"PCSuiteTrayApplication" = "D:\NASZ\programy\nokia\Nokia PC Suite 6\LaunchApplication.exe -startup" ["Nokia"]
"snpstd" = "C:\WINDOWS\vsnpstd.exe" [empty string]
"PCTAVApp" = ""D:\NASZ\programy\antywirus\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN" ["PC Tools Research Pty Ltd"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
{HKLM...CLSID} = "Adobe PDF Reader Link Helper"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
{HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll" ["Sun Microsystems, Inc."]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
{HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
{HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
{HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{57C51AF9-DEF7-11D3-A801-00C04F163490}" = "Ghost Shell Extension"
{HKLM...CLSID} = "PropPage Class"
\InProcServer32\(Default) = "C:\Program Files\Norton SystemWorks\Norton Ghost\GhoShExt.dll" ["Symantec Corporation"]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
{HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
{HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
{HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
{HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
{HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler"
{HKLM...CLSID} = "Microsoft Office Metadata Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]
"{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler"
{HKLM...CLSID} = "Microsoft Office Thumbnail Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Eksplorator pulpitów"
{HKLM...CLSID} = "Eksplorator pulpitów"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
{HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}" = "PhoneBrowser"
{HKLM...CLSID} = "Nokia Phone Browser"
\InProcServer32\(Default) = "D:\NASZ\programy\nokia\Nokia PC Suite 6\PhoneBrowser.dll" ["Nokia"]
HKLM\Software\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
{HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]
HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
{HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
PCTAVShellExtension\(Default) = "{AEEAEC2D-7EE9-4C66-937C-80BF8B03FD54}"
{HKLM...CLSID} = "PCTAVShlExt Class"
\InProcServer32\(Default) = "D:\NASZ\programy\antywirus\PC Tools AntiVirus\PCTAVShellExtension.dll" ["PC Tools Research Pty Ltd"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
{HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
PCTAVShellExtension\(Default) = "{AEEAEC2D-7EE9-4C66-937C-80BF8B03FD54}"
{HKLM...CLSID} = "PCTAVShlExt Class"
\InProcServer32\(Default) = "D:\NASZ\programy\antywirus\PC Tools AntiVirus\PCTAVShellExtension.dll" ["PC Tools Research Pty Ltd"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
{HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
{HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------
Note: detected settings may not have any effect.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
"ClassicShell" = (REG_DWORD) hex:0x00000000
{User Configuration|Administrative Templates|Windows Components|Windows Explorer|
Enable Classic Shell / Turn on Classic Shell}
"NoActiveDesktopChanges" = (REG_BINARY) hex:00 00 00 00
{User Configuration|Administrative Templates|Desktop|Desktop / Active Desktop|
Prohibit changes}
"NoSaveSettings" = (REG_DWORD) hex:0x00000000
{User Configuration|Administrative Templates|Desktop|
Don't save settings at exit}
"NoThemesTab" = (REG_DWORD) hex:0x00000000
{unrecognized setting}
"NoActiveDesktop" = (REG_DWORD) hex:0x00000000
{User Configuration|Administrative Templates|Desktop|Desktop / Active Desktop|
Disable Active Desktop}
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\
"NoColorChoice" = (REG_DWORD) hex:0x00000000
{unrecognized setting}
"NoSizeChoice" = (REG_DWORD) hex:0x00000000
{unrecognized setting}
"NoDispScrSavPage" = (REG_DWORD) hex:0x00000000
{unrecognized setting}
"NoDispCPL" = (REG_DWORD) hex:0x00000000
{User Configuration|Administrative Templates|Control Panel|Display|
Remove Display in Control Panel}
"NoVisualStyleChoice" = (REG_DWORD) hex:0x00000000
{unrecognized setting}
"NoDispAppearancePage" = (REG_DWORD) hex:0x00000000
{unrecognized setting}
"NoDispBackgroundPage" = (REG_DWORD) hex:0x00000000
{User Configuration|Administrative Templates|Control Panel|Display|
Hide Desktop tab}
"NoDispSettingsPage" = (REG_DWORD) hex:0x00000000
{unrecognized setting}
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\
"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}
"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be enabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Ania\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"
Enabled Screen Saver:
---------------------
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\system32\logon.scr" [MS]
Startup items in "Ania" & "All Users" startup folders:
------------------------------------------------------
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
"Adobe Reader Speed Launch" shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]
"Exif Launcher" shortcut to: "C:\Program Files\FinePixViewer\QuickDCF.exe" ["FUJI PHOTO FILM CO., LTD."]
Enabled Scheduled Tasks:
------------------------
"Funkcja One Button Checkup pakietu Norton SystemWorks" launches: "C:\Program Files\Norton SystemWorks\OBC.exe /CUSTOM /SCHEDULE" [file not found]
"Symantec Drmc" launches: "C:\Program Files\Common Files\Symantec Shared\SymDrmc.exe /CUSTOM /SCHEDULE" [file not found]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
{HKLM...CLSID} = "Yahoo! Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" [file not found]
Explorer Bars
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Badanie"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}"
{HKCU...CLSID} = "Java Plug-in 1.5.0_11"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll" ["Sun Microsystems, Inc."]
{HKLM...CLSID} = "Java Plug-in 1.5.0_11"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll" ["Sun Microsystems, Inc."]
{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Badanie"
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
Norton Unerase Protection, NProtectService, "C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE" ["Symantec Corporation"]
PC Tools AntiVirus Engine, PCTAVSvc, ""D:\NASZ\programy\antywirus\PC Tools AntiVirus\PCTAVSvc.exe"" ["PC Tools Research Pty Ltd"]
Remote Procedure Call (RPC) Extensions, gb, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {(missing data)}
ServiceLayer, ServiceLayer, ""C:\Program Files\PC Connectivity Solution\ServiceLayer.exe"" ["Nokia."]
Speed Disk service, Speed Disk service, "C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE" ["Symantec Corporation"]
Symantec Network Drivers Service, SNDSrvc, ""C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"" ["Symantec Corporation"]
Print Monitors:
---------------
HKLM\System\CurrentControlSet\Control\Print\Monitors\
HPLJ1020LM\Driver = "ZLhp1020.DLL" ["Zenographics, Inc."]
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]
---------- (launch time: 2007-09-23 22:27:22)
<<!>>: Suspicious data at a malware launch point.
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 149 seconds, including 9 seconds for message boxes)
ComboFix 07-09-21.2 - "Ania" 2007-09-23 22:34:50.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.192 [GMT 2:00]
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\DOCUME~1\Ania\DANEAP~1\install.dat
C:\DOCUME~1\Ania\DANEAP~1\macromedia\Flash Player\#SharedObjects\TUZCS2RC\www.broadcaster.com
C:\DOCUME~1\Ania\DANEAP~1\macromedia\Flash Player\#SharedObjects\TUZCS2RC\www.broadcaster.com\played_list.sol
C:\DOCUME~1\Ania\DANEAP~1\macromedia\Flash Player\#SharedObjects\TUZCS2RC\www.broadcaster.com\video_queue.sol
C:\DOCUME~1\Ania\DANEAP~1\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\DOCUME~1\Ania\DANEAP~1\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\WINDOWS\system32\dlh9jkd1q8.exe
C:\WINDOWS\system32\svcp.csv
C:\WINDOWS\system32\system
C:\WINDOWS\system32\system\msxml4.dll
C:\WINDOWS\system32\system\msxml4r.dll
C:\WINDOWS\system32\vx.tll
C:\WINDOWS\system32\windev-peers.ini
C:\WINDOWS\system32\winsub.xml
C:\WINDOWS\WebAssist.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_GB
-------\gb
((((((((((((((((((((((((( Files Created from 2007-08-23 to 2007-09-23 )))))))))))))))))))))))))))))))
.
2007-09-23 22:34 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-23 21:49 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2007-09-17 07:37 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-09-13 19:32 <DIR> d-------- C:\DOCUME~1\Ania\DANEAP~1\U3
2007-09-12 19:16 <DIR> d-------- C:\DOCUME~1\Ania\DANEAP~1\PC Tools
2007-09-12 19:15 22,528 --a------ C:\WINDOWS\system32\drivers\AVHook.sys
2007-09-12 19:15 15,872 --a------ C:\WINDOWS\system32\drivers\AVRec.sys
2007-09-12 19:15 15,872 --a------ C:\WINDOWS\system32\drivers\AVFilter.sys
2007-09-12 19:15 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\PC Tools
2007-09-09 11:52 20,992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys
2007-09-09 11:47 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-09-09 11:47 13,312 --a------ C:\WINDOWS\system32\irclass.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-23 22:40 136 --a------ C:\WINDOWS\system32\drivers\ALCICH.DAT
2007-09-23 22:21 --------- d-------- C:\DOCUME~1\Ania\DANEAP~1\Skype
2007-09-16 23:22 --------- d-------- C:\Program Files\ArcaMicroScan
2007-08-22 15:20 --------- d-------- C:\Program Files\Skype
2007-08-22 15:20 --------- d-------- C:\Program Files\Common Files\Skype
2007-08-16 15:36 --------- d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Skype
2007-08-16 12:21 --------- d-------- C:\DOCUME~1\Ania\DANEAP~1\Nokia
2007-08-06 12:29 --------- d-------- C:\Program Files\NCH Swift Sound
2007-08-06 08:55 --------- d-------- C:\Program Files\Winamp
2007-08-04 23:01 --------- d-------- C:\DOCUME~1\Ania\DANEAP~1\ACD Systems
2007-08-04 22:59 --------- d-------- C:\Program Files\Common Files\ACD Systems
2007-08-04 22:59 --------- d-------- C:\Program Files\ACD Systems
2007-08-04 22:59 --------- d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\ACD Systems
2007-08-04 22:38 --------- d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\BVRP Software
2007-08-04 22:33 --------- d-------- C:\Program Files\Motorola Phone Tools
2007-08-04 22:32 25600 --a------ C:\DOCUME~1\Ania\usbsermptxp.sys
2007-08-04 22:32 22768 --a------ C:\WINDOWS\system32\drivers\usbsermpt.sys
2007-08-04 22:32 22768 --a------ C:\DOCUME~1\Ania\usbsermpt.sys
2007-08-04 22:29 --------- d-------- C:\Program Files\Avanquest update
2007-08-04 22:29 --------- d-------- C:\DOCUME~1\Ania\DANEAP~1\InstallShield
2007-08-04 22:27 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-04 21:15 --------- d-------- C:\Program Files\FinePixViewer
2007-08-04 21:09 --------- d-------- C:\DOCUME~1\Ania\DANEAP~1\Nokia Multimedia Player
2007-08-03 21:48 --------- d-------- C:\DOCUME~1\Ania\DANEAP~1\NCH Swift Sound
2007-08-03 21:48 --------- d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\NCH Swift Sound
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-05-07 19:54 122 --a------ C:\Program Files\Robinson.ini
2007-05-07 17:29 8303 --a------ C:\Program Files\install.ini
2005-10-26 09:26 44 --a------ C:\Program Files\BlooMoo.ini
2005-08-18 12:28 11761360 --a------ C:\Program Files\muza5.wav
2005-08-18 12:24 849218 --a------ C:\Program Files\muza6.wav
2005-08-18 12:24 3140800 --a------ C:\Program Files\muza2.wav
2005-08-18 12:24 1284172 --a------ C:\Program Files\muza3.wav
2005-08-18 12:23 7493412 --a------ C:\Program Files\muza1.wav
2004-11-10 15:23 90112 --a------ C:\Program Files\Robinson.exe
2004-11-10 15:23 73728 --a------ C:\Program Files\Sekai.dll
2004-11-10 15:23 118784 --a------ C:\Program Files\World.dll
2004-11-10 15:22 1826816 --a------ C:\Program Files\Piklib8.dll
2004-11-10 15:22 126976 --a------ C:\Program Files\Kolorowanka.dll
2004-11-02 15:27 159744 --a------ C:\Program Files\Uninstall.exe
2004-09-16 14:54 89080 --a------ C:\Program Files\install.bmp
2002-06-20 15:22 51 --a------ C:\Program Files\am.url
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C-Media Mixer"="C:\Program Files\PCI Audio Applications\Bin\AudioRack.exe" [2001-06-14 10:08]
"SoundMan"="soundman.exe" [2001-05-29 11:02 C:\WINDOWS\soundman.exe]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" []
"AcctMgr"="C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe" [2003-11-27 11:18]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24]
"OrderReminder"="C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2004-12-14 19:28]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 23:32]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 04:23]
"QD FastAndSafe"="C:\Program Files\Norton SystemWorks\Norton CleanSweep\QDCSFS.exe" []
"QuickTime Task"="D:\nasz\programy\quicktime\qttask.exe" [2006-12-06 23:19]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-12-09 15:45]
"PCSuiteTrayApplication"="D:\NASZ\programy\nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-11-28 14:12]
"snpstd"="C:\WINDOWS\vsnpstd.exe" [2003-12-31 16:39]
"PCTAVApp"="D:\NASZ\programy\antywirus\PC Tools AntiVirus\PCTAV.exe" [2007-08-30 11:34]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-02-10 17:00]
"Gadu-Gadu"="D:\NASZ\programy\Gadu-Gadu\gg.exe" [2006-11-14 11:12]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-08-06 12:43]
"eMuleAutoStart"="D:\NASZ\programy\eMule\emule.exe" [2007-05-13 16:57]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ALUAlert"=C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe
"PcSync"=D:\NASZ\programy\nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
C:\DOCUME~1\ALLUSE~1\MENUST~1\Programy\AUTOST~1\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26]
Exif Launcher.lnk - C:\Program Files\FinePixViewer\QuickDCF.exe [2006-03-05 20:45:26]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=0 (0x0)
R1 GhPciScan;GhostPciScanner;\??\C:\Program Files\Norton SystemWorks\Norton Ghost\ghpciscan.sys
R2 713xTVCard;SAA7134 TV Card;C:\WINDOWS\system32\DRIVERS\SAA713x.sys
S2 windev-5d56-72d2;windev-5d56-72d2;\??\C:\WINDOWS\system32\windev-5d56-72d2.sys
S3 Amps2prt;A4Tech PS/2 Port Mouse Driver;C:\WINDOWS\system32\DRIVERS\Amps2prt.sys
S3 Cap7134;TV Capture Card WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys
S3 k600bus;Sony Ericsson 600i driver (WDM);C:\WINDOWS\system32\DRIVERS\k600bus.sys
S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k600mdfl.sys
S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\k600mdm.sys
S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\k600mgmt.sys
S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\k600obex.sys
S3 NPDriver;Norton Unerase Protection Driver;\??\C:\WINDOWS\system32\Drivers\NPDRIVER.SYS
S3 PhTVTune;TV Capture Card WDM TVTuner;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys
S3 SDdriver;SDdriver;\??\C:\WINDOWS\system32\Drivers\sddriver.sys
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
AutoRun\command- G:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
"2007-08-17 15:30:00 C:\WINDOWS\Tasks\Funkcja One Button Checkup pakietu Norton SystemWorks.job"
"2007-09-23 18:00:00 C:\WINDOWS\Tasks\Symantec Drmc.job"
.
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-23 22:41:47
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-09-23 22:45:10 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-23 22:44
.
--- E O F ---
ComboFix zrobił swoje - skasował parę rzeczy i usługe syfa. Ale mógłby to zrobic lepiej
Jestes pewna, że ConAPI.dll A nie ConnAPI.dll
ConnAPI.dll jest on Nokia PC Suite - sprawdź czy aktualizacja softu do najnowszej wersji nie załatwi sprawy.
Interesuje mnie silnie ten C:\WINDOWS\system32\windev-5d56-72d2.sys plik. Okrutnie mi sie nie podoba a i całe google go nie zna. Skasuj plik za pomoca Killboxa albo Hijacka (delete file on reboot)
Odinstaluj jednego antywirusa bezwzglednie.
Jak sytuacja z explorerem przedstawia się Startuje wszystko jak trzeba czy dalej jakąś gimnastykę uprawiasz aby ikony i pulpit sie pojawiły
Jak skasujesz tego windev-5d56-72d2.sys to pokaż loga ComboFix.
ConnAPI.dll czy ConAPI.dll pewności nie mam, więc nic uciąć za to sobie nie dam
Na wszelki wypadek aktualizacja softu do Nokii, ok.
C:\WINDOWS\system32\windev-5d56-72d2.sys nie ma w ścieżce i nigdzie go nie widać.
Jest jeszcze kwestia plików w ścieżce C:\WINDOWS\Prefetch. Jest ich tam 65, m. in. WUAUCLT.EXE-399A8E72.pf, czy te "pdwójne" rozszerzenia są ok? Co to jest?
A explorer działa bez zarzutu: wszystko na swoim miejscu dzięki.
Poniżej log z ComboFix:
ComboFix 07-09-21.2 - "Ania" 2007-09-24 20:58:01.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.182 [GMT 2:00]
.
((((((((((((((((((((((((( Files Created from 2007-08-24 to 2007-09 24 )))))))))))))))))))))))))))))))
.
2007-09-23 22:34 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-23 21:49 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2007-09-17 07:37 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-09-13 19:32 <DIR> d-------- C:\DOCUME~1\Ania\DANEAP~1\U3
2007-09-12 19:16 <DIR> d-------- C:\DOCUME~1\Ania\DANEAP~1\PC Tools
2007-09-12 19:15 22,528 --a------ C:\WINDOWS\system32\drivers\AVHook.sys
2007-09-12 19:15 15,872 --a------ C:\WINDOWS\system32\drivers\AVRec.sys
2007-09-12 19:15 15,872 --a------ C:\WINDOWS\system32\drivers\AVFilter.sys
2007-09-12 19:15 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\PC Tools
2007-09-09 11:52 20,992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys
2007-09-09 11:47 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-09-09 11:47 13,312 --a------ C:\WINDOWS\system32\irclass.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-24 20:57 --------- d-------- C:\DOCUME~1\Ania\DANEAP~1\Skype
2007-09-24 20:42 136 --a------ C:\WINDOWS\system32\drivers\ALCICH.DAT
2007-09-16 23:22 --------- d-------- C:\Program Files\ArcaMicroScan
2007-08-22 15:20 --------- d-------- C:\Program Files\Skype
2007-08-22 15:20 --------- d-------- C:\Program Files\Common Files\Skype
2007-08-16 15:36 --------- d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Skype
2007-08-16 12:21 --------- d-------- C:\DOCUME~1\Ania\DANEAP~1\Nokia
2007-08-06 12:29 --------- d-------- C:\Program Files\NCH Swift Sound
2007-08-06 08:55 --------- d-------- C:\Program Files\Winamp
2007-08-04 23:01 --------- d-------- C:\DOCUME~1\Ania\DANEAP~1\ACD Systems
2007-08-04 22:59 --------- d-------- C:\Program Files\Common Files\ACD Systems
2007-08-04 22:59 --------- d-------- C:\Program Files\ACD Systems
2007-08-04 22:59 --------- d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\ACD Systems
2007-08-04 22:38 --------- d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\BVRP Software
2007-08-04 22:33 --------- d-------- C:\Program Files\Motorola Phone Tools
2007-08-04 22:32 25600 --a------ C:\DOCUME~1\Ania\usbsermptxp.sys
2007-08-04 22:32 22768 --a------ C:\WINDOWS\system32\drivers\usbsermpt.sys
2007-08-04 22:32 22768 --a------ C:\DOCUME~1\Ania\usbsermpt.sys
2007-08-04 22:29 --------- d-------- C:\Program Files\Avanquest update
2007-08-04 22:29 --------- d-------- C:\DOCUME~1\Ania\DANEAP~1\InstallShield
2007-08-04 22:27 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-04 21:15 --------- d-------- C:\Program Files\FinePixViewer
2007-08-04 21:09 --------- d-------- C:\DOCUME~1\Ania\DANEAP~1\Nokia Multimedia Player
2007-08-03 21:48 --------- d-------- C:\DOCUME~1\Ania\DANEAP~1\NCH Swift Sound
2007-08-03 21:48 --------- d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\NCH Swift Sound
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-05-07 19:54 122 --a------ C:\Program Files\Robinson.ini
2007-05-07 17:29 8303 --a------ C:\Program Files\install.ini
2005-10-26 09:26 44 --a------ C:\Program Files\BlooMoo.ini
2005-08-18 12:28 11761360 --a------ C:\Program Files\muza5.wav
2005-08-18 12:24 849218 --a------ C:\Program Files\muza6.wav
2005-08-18 12:24 3140800 --a------ C:\Program Files\muza2.wav
2005-08-18 12:24 1284172 --a------ C:\Program Files\muza3.wav
2005-08-18 12:23 7493412 --a------ C:\Program Files\muza1.wav
2004-11-10 15:23 90112 --a------ C:\Program Files\Robinson.exe
2004-11-10 15:23 73728 --a------ C:\Program Files\Sekai.dll
2004-11-10 15:23 118784 --a------ C:\Program Files\World.dll
2004-11-10 15:22 1826816 --a------ C:\Program Files\Piklib8.dll
2004-11-10 15:22 126976 --a------ C:\Program Files\Kolorowanka.dll
2004-11-02 15:27 159744 --a------ C:\Program Files\Uninstall.exe
2004-09-16 14:54 89080 --a------ C:\Program Files\install.bmp
2002-06-20 15:22 51 --a------ C:\Program Files\am.url
.
((((((((((((((((((((((((((((( snapshot_2007-09-23_224332.95 )))))))))))))))))))))))))))))))))))))))))
.
----a-r 27,200 2001-07-22 00:15:50 C:\WINDOWS\system32\ctl3dv2.dll
.
----a-w 27,200 2001-07-22 00:15:50 C:\WINDOWS\system32\ctl3dv2.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C-Media Mixer"="C:\Program Files\PCI Audio Applications\Bin\AudioRack.exe" [2001-06-14 10:08]
"SoundMan"="soundman.exe" [2001-05-29 11:02 C:\WINDOWS\soundman.exe]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" []
"AcctMgr"="C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe" [2003-11-27 11:18]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24]
"OrderReminder"="C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2004-12-14 19:28]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 23:32]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 04:23]
"QD FastAndSafe"="C:\Program Files\Norton SystemWorks\Norton CleanSweep\QDCSFS.exe" []
"QuickTime Task"="D:\nasz\programy\quicktime\qttask.exe" [2006-12-06 23:19]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-12-09 15:45]
"PCSuiteTrayApplication"="D:\NASZ\programy\nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-11-28 14:12]
"snpstd"="C:\WINDOWS\vsnpstd.exe" [2003-12-31 16:39]
"PCTAVApp"="D:\NASZ\programy\antywirus\PC Tools AntiVirus\PCTAV.exe" [2007-08-30 11:34]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-02-10 17:00]
"Gadu-Gadu"="D:\NASZ\programy\Gadu-Gadu\gg.exe" [2006-11-14 11:12]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-08-06 12:43]
"eMuleAutoStart"="D:\NASZ\programy\eMule\emule.exe" [2007-05-13 16:57]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ALUAlert"=C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe
"PcSync"=D:\NASZ\programy\nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
C:\DOCUME~1\ALLUSE~1\MENUST~1\Programy\AUTOST~1\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26]
Exif Launcher.lnk - C:\Program Files\FinePixViewer\QuickDCF.exe [2006-03-05 20:45:26]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=0 (0x0)
R1 GhPciScan;GhostPciScanner;\??\C:\Program Files\Norton SystemWorks\Norton Ghost\ghpciscan.sys
R2 713xTVCard;SAA7134 TV Card;C:\WINDOWS\system32\DRIVERS\SAA713x.sys
S2 windev-5d56-72d2;windev-5d56-72d2;\??\C:\WINDOWS\system32\windev-5d56-72d2.sys
S3 Amps2prt;A4Tech PS/2 Port Mouse Driver;C:\WINDOWS\system32\DRIVERS\Amps2prt.sys
S3 Cap7134;TV Capture Card WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys
S3 k600bus;Sony Ericsson 600i driver (WDM);C:\WINDOWS\system32\DRIVERS\k600bus.sys
S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k600mdfl.sys
S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\k600mdm.sys
S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\k600mgmt.sys
S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\k600obex.sys
S3 NPDriver;Norton Unerase Protection Driver;\??\C:\WINDOWS\system32\Drivers\NPDRIVER.SYS
S3 PhTVTune;TV Capture Card WDM TVTuner;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys
S3 SDdriver;SDdriver;\??\C:\WINDOWS\system32\Drivers\sddriver.sys
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
AutoRun\command- G:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
"2007-08-17 15:30:00 C:\WINDOWS\Tasks\Funkcja One Button Checkup pakietu Norton SystemWorks.job"
"2007-09-24 18:00:00 C:\WINDOWS\Tasks\Symantec Drmc.job"
.
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-24 21:01:07
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-09-24 21:02:32
C:\ComboFix-quarantined-files.txt ... 2007-09-24 21:02
C:\ComboFix2.txt ... 2007-09-23 22:45
.
--- E O F ---
