ďťż
chomiki
jak i gdzie sprawdzić ładowanie alternatora + pytanie o akku
Dysk Twardy: nowy czy "z odzysku"_jak sprawdzić?
Prosze o pomoc w usunieciu win32 small EPJ
BARDZO PROSZE O SZYBKA POMOC, SPECJALISTY CO SIE ZNA ;]]]
głośniki blaupunkta JBL i GROUND ZERO..prosze o opinie
sprawdzie moje logi plx
moje logi - sprawdzcie plis
Prośba o sprawdzenie konfiguracji komputera
jak sprawdzić ilu bitowy jest mój procesor?
[delphi] sprawdzanie poprawności adresu
  • zanotowane.pl
  • doc.pisz.pl
  • pdf.pisz.pl
  • apv88.opx.pl
    		•

    chomiki


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:56:59, on 2008-07-09
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16681)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    C:\Program Files\Hp\QuickPlay\QPService.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Windows\FixCamera.exe
    C:\Windows\tsnp2std.exe
    C:\Windows\vsnp2std.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Internet Explorer\ieuser.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Users\Paweł\Desktop\New Folder (2)\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.pl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com...ilion&pf=laptop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com...ilion&pf=laptop
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
    O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
    O3 - Toolbar: (no name) - {80123684-A222-4009-8220-A867294D6DE8} - (no file)
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
    O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
    O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [FixCamera] C:\Windows\FixCamera.exe
    O4 - HKLM\..\Run: [tsnp2std] C:\Windows\tsnp2std.exe
    O4 - HKLM\..\Run: [snp2std] C:\Windows\vsnp2std.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\fccbAQjj.dll,#1
    O4 - HKLM\..\Run: [DelayLoad] C:\Users\PAWE~1\AppData\Local\Temp\atmadm2.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
    O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\PAWE~1\AppData\Local\Temp\lJaWPgfg.dll,#1
    O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\PAWE~1\AppData\Local\Temp\jkkHBQhe.dll,c
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec....bin/AvSniff.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec....n/bin/cabsa.cab
    O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
    O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O21 - SSODL: axrfgvek - {AD14D33D-80DF-4CFA-9932-1292F988137F} - C:\Windows\axrfgvek.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
    O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 10331 bytes



    ComboFix 08-07-08.9 - Paweł 2008-07-09 18:58:42.1 - NTFSx86
    Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1250.1.1033.18.1038 [GMT 1:00]
    Running from: C:\Users\Paweł\Desktop\programy\ComboFix.exe
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Windows\axrfgvek.dll
    C:\Windows\esrp.exe
    C:\Windows\mrvtdpqe.exe
    C:\Windows\system32\KBL.LOG

    .
    ((((((((((((((((((((((((( Files Created from 2008-06-09 to 2008-07-09 )))))))))))))))))))))))))))))))
    .

    2008-07-09 18:19 . 2008-06-19 17:24 28,544 --a------ C:\Windows\System32\drivers\pavboot.sys
    2008-07-09 18:18 . 2008-07-09 18:18 <DIR> d-------- C:\Program Files\Panda Security
    2008-07-08 16:33 . 2008-07-08 16:39 <DIR> d-------- C:\Program Files\SkanerOnline
    2008-07-07 19:24 . 2008-07-07 19:24 2,560 --a------ C:\Windows\_MSRSTRT.EXE
    2008-07-07 17:38 . 2008-07-07 17:38 <DIR> d-------- C:\Program Files\Alwil Software
    2008-07-07 17:38 . 2008-05-16 00:18 50,768 --a------ C:\Windows\System32\drivers\aswMonFlt.sys
    2008-07-06 22:58 . 2008-03-03 14:25 5,702 --ah----- C:\Windows\nod32restoretemdono.reg
    2008-07-06 22:55 . 2008-07-06 22:55 <DIR> d-------- C:\Users\All Users\ESET
    2008-07-06 22:55 . 2008-07-06 22:55 <DIR> d-------- C:\ProgramData\ESET
    2008-07-06 22:02 . 2008-07-06 15:20 <DIR> d-------- C:\SDFix
    2008-07-06 15:41 . 2008-07-06 15:41 28,800 --a------ C:\Windows\System32\fccbAQjj.dll
    2008-06-16 17:06 . 2008-07-07 17:16 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
    2008-06-16 17:06 . 2008-07-07 17:16 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
    2008-06-15 18:59 . 2008-06-15 18:59 <DIR> d-------- C:\Program Files\Common Files\Adobe
    2008-06-15 11:18 . 2008-06-15 11:18 <DIR> d-------- C:\Program Files\Sun

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-07-09 18:02 3,145,728 --sha-w C:\Users\Paweł\NTUSER.DAT
    2008-07-09 18:02 3,145,728 --sha-w C:\Users\Paweł\NTUSER.DAT
    2008-07-09 02:14 174 --sha-w C:\Program Files\desktop.ini
    2008-07-08 17:47 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-07-08 17:44 --------- d-----w C:\ProgramData\WildTangent
    2008-07-07 21:34 --------- d-----w C:\Program Files\Programs
    2008-07-07 19:45 --------- d-----w C:\ProgramData\Kaspersky Lab
    2008-07-07 18:28 --------- d-----w C:\Users\Paweł\AppData\Roaming\Skype
    2008-07-07 15:07 --------- d-----w C:\Users\Paweł\AppData\Roaming\skypePM
    2008-07-06 14:40 --------- d-----w C:\Users\Paweł\AppData\Roaming\uTorrent
    2008-07-03 17:46 27,335 ----a-w C:\Users\Paweł\AppData\Roaming\nvModes.dat
    2008-06-25 18:40 --------- d-----w C:\ProgramData\Kaspersky Lab Setup Files
    2008-06-15 10:17 --------- d-----w C:\Program Files\Java
    2008-06-15 09:43 --------- d-s---w C:\Users\Paweł\AppData\Roaming\Microsoft
    2008-06-03 21:20 --------- d-----w C:\Program Files\uTorrent
    2008-06-03 21:19 --------- d-----w C:\Users\Paweł\AppData\Roaming\Azureus
    2008-06-01 11:16 --------- d-----w C:\Program Files\SopCast
    2008-05-31 22:54 --------- d-----w C:\Users\Paweł\AppData\Roaming\GanymedeNet
    2008-05-31 15:19 --------- d-----w C:\Program Files\Ganymede
    2008-05-31 12:22 --------- d-----w C:\Program Files\Ultra RM Converter
    2008-05-31 12:07 --------- d-----w C:\Users\Paweł\AppData\Roaming\streamripper
    2008-05-31 12:06 --------- d-----w C:\Program Files\Streamripper
    2008-05-28 14:04 --------- d-----w C:\ProgramData\Azureus
    2008-05-25 14:04 --------- d-----w C:\Users\Paweł\AppData\Roaming\Real
    2008-05-25 14:03 --------- d-----w C:\Users\Paweł\AppData\Roaming\vlc
    2008-05-25 12:46 --------- d-----w C:\Program Files\VideoLAN
    2008-05-19 15:39 --------- d-----w C:\Program Files\Real Alternative
    2008-05-19 15:38 --------- d-----w C:\Program Files\Media Player Classic
    2008-05-19 15:37 --------- d-----w C:\Program Files\AC3Filter
    2008-05-19 15:36 --------- d-----w C:\Program Files\QuickTime Alternative
    2008-05-19 15:33 36,734 ----a-w C:\Windows\System32\OggDSuninst.exe
    2008-05-19 15:32 --------- d-----w C:\Program Files\ffdshow
    2008-05-19 15:08 --------- d-----w C:\Program Files\SubEdit-Player
    2008-05-18 21:31 --------- d-----w C:\Users\Paweł\AppData\Roaming\Gadu-Gadu
    2008-05-18 16:41 --------- d-----w C:\ProgramData\OrbNetworks
    2008-05-18 16:40 --------- d-----w C:\Program Files\Winamp
    2008-05-18 16:39 --------- d-----w C:\ProgramData\Winamp Toolbar
    2008-05-18 16:39 --------- d-----w C:\Program Files\Winamp Toolbar
    2008-05-18 16:39 --------- d-----w C:\Program Files\Winamp Remote
    2008-05-18 16:36 --------- d-----w C:\Users\Paweł\AppData\Roaming\Winamp
    2008-05-18 15:11 --------- d-----w C:\ProgramData\CyberLink
    2008-05-18 14:26 --------- d-----w C:\Program Files\Windows Sidebar
    2008-05-18 13:57 --------- d-----w C:\ProgramData\Microsoft Help
    2008-05-18 13:56 194,560 ----a-w C:\Windows\System32\WebClnt.dll
    2008-05-18 13:56 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
    2008-05-18 13:55 86,016 ----a-w C:\Windows\System32\icfupgd.dll
    2008-05-18 13:55 63,488 ----a-w C:\Windows\system32\drivers\mpsdrv.sys
    2008-05-18 13:55 61,952 ----a-w C:\Windows\System32\cmifw.dll
    2008-05-18 13:55 396,800 ----a-w C:\Windows\System32\MPSSVC.dll
    2008-05-18 13:55 392,192 ----a-w C:\Windows\System32\FirewallAPI.dll
    2008-05-18 13:55 23,040 ----a-w C:\Windows\system32\drivers\tunnel.sys
    2008-05-18 13:55 178,688 ----a-w C:\Windows\System32\iphlpsvc.dll
    2008-05-18 13:55 16,896 ----a-w C:\Windows\System32\wfapigp.dll
    2008-05-18 13:55 15,360 ----a-w C:\Windows\system32\drivers\TUNMP.SYS
    2008-05-18 13:54 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
    2008-05-18 13:54 24,064 ----a-w C:\Windows\System32\netcfg.exe
    2008-05-18 13:54 22,016 ----a-w C:\Windows\System32\netiougc.exe
    2008-05-18 13:54 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
    2008-05-18 13:54 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
    2008-05-18 13:52 1,585,664 ----a-w C:\Windows\System32\setupapi.dll
    2008-05-18 13:49 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
    2008-05-18 13:49 223,232 ----a-w C:\Windows\System32\WMASF.DLL
    2008-05-18 13:49 2,048 ----a-w C:\Windows\System32\asferror.dll
    2008-05-18 13:49 2,027,008 ----a-w C:\Windows\System32\win32k.sys
    2008-05-18 13:48 84,480 ----a-w C:\Windows\System32\INETRES.dll
    2008-05-18 13:48 737,792 ----a-w C:\Windows\System32\inetcomm.dll
    2008-05-18 13:48 296,448 ----a-w C:\Windows\System32\gdi32.dll
    2008-05-18 13:47 11,776 ----a-w C:\Windows\System32\sbunattend.exe
    2008-05-18 13:46 83,968 ----a-w C:\Windows\System32\dnsrslvr.dll
    2008-05-18 13:46 24,576 ----a-w C:\Windows\System32\dnscacheugc.exe
    2008-05-18 13:42 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
    2008-05-18 13:42 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
    2008-05-18 13:42 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
    2008-05-18 13:42 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
    2008-05-18 13:41 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
    2008-05-18 13:38 --------- d-----w C:\Program Files\MSXML 4.0
    2008-05-18 13:37 3,504,824 ----a-w C:\Windows\System32\ntkrnlpa.exe
    2008-05-18 13:37 3,470,520 ----a-w C:\Windows\System32\ntoskrnl.exe
    2008-05-18 13:36 2,048 ----a-w C:\Windows\System32\tzres.dll
    2008-05-18 13:21 32 ----a-w C:\Users\All Users\ezsid.dat
    2008-05-18 13:21 32 ----a-w C:\ProgramData\ezsid.dat
    2008-05-18 13:13 --------- d-----w C:\Users\Paweł\AppData\Roaming\Adobe
    2008-05-18 12:35 53,080 ----a-w C:\Windows\System32\wuauclt.exe
    2008-05-18 12:35 43,352 ----a-w C:\Windows\System32\wups2.dll
    2008-05-18 12:35 1,712,984 ----a-w C:\Windows\System32\wuaueng.dll
    2008-05-18 12:35 1,524,224 ----a-w C:\Windows\System32\wucltux.dll
    2008-05-18 12:34 80,896 ----a-w C:\Windows\System32\wudriver.dll
    2008-05-18 12:34 549,720 ----a-w C:\Windows\System32\wuapi.dll
    2008-05-18 12:34 33,624 ----a-w C:\Windows\System32\wups.dll
    2008-05-18 12:34 31,232 ----a-w C:\Windows\System32\wuapp.exe
    2008-05-18 12:34 163,000 ----a-w C:\Windows\System32\wuwebv.dll
    2008-05-17 13:17 --------- d-----w C:\Program Files\Common Files\snp2std
    2008-05-17 13:16 --------- d-----w C:\Users\Paweł\AppData\Roaming\InstallShield
    2008-05-15 17:52 --------- d-----w C:\Program Files\NAPI-PROJEKT
    2008-05-10 03:30 14,848 ----a-w C:\Windows\System32\wshrm.dll
    2008-05-10 01:21 113,664 ----a-w C:\Windows\system32\drivers\rmcast.sys
    2008-04-26 08:02 1,327,104 ----a-w C:\Windows\System32\quartz.dll
    2008-04-25 04:23 826,368 ----a-w C:\Windows\System32\wininet.dll
    2008-04-25 04:23 56,320 ----a-w C:\Windows\System32\iesetup.dll
    2008-04-25 04:23 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-05-18 14:47 1232896]
    "HPAdvisor"="C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-10-02 00:10 1783136]
    "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
    "LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 18:36 455968]
    "Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" [2008-04-01 02:54 507904]
    "WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 13:34 2159104 C:\Windows\System32\oobefldr.dll]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-19 21:05 86016]
    "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-19 21:05 8497696]
    "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-19 21:05 81920]
    "SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 09:29 102400]
    "QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2007-10-01 04:34 181544]
    "UCam_Menu"="C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-17 08:13 218408]
    "HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 07:11 49152]
    "hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 16:47 480560]
    "WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 23:53 311296]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
    "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 19:49 36352]
    "FixCamera"="C:\Windows\FixCamera.exe" [2007-07-11 16:09 20480]
    "tsnp2std"="C:\Windows\tsnp2std.exe" [2007-05-10 17:05 270336]
    "snp2std"="C:\Windows\vsnp2std.exe" [2007-09-28 16:32 344064]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
    "MSServer"="C:\Windows\system32\fccbAQjj.dll" [2008-07-06 15:41 28800]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 00:19 79224]

    C:\Users\Paweˆ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 04:45:42 101784]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{3BA3028F-FD37-46BF-AD27-733734684F06}"= "C:\Windows\system32\fccbAQjj.dll" [2008-07-06 15:41 28800]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.l3codecp"= l3codecp.acm
    "msacm.avis"= ff_acm.acm
    "vidc.DIV3"= DivXc32.dll
    "msacm.divxa32"= DivXa32.acm

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{5191A9EB-D83B-46A2-A81C-07F66711C7C8}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
    "{715D1CA7-C01C-479C-9F71-DB42EE39C5C8}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
    "{88E6DF99-E159-4ABF-98B8-9B3A2E538CB9}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{4CAAE971-0114-479F-B15E-3579ADF55B91}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{5DFAF0BD-504C-495F-8BBE-5C79D95BF853}"= C:\Program Files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
    "{D2784C0D-D366-4092-B229-2D07125BD00B}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play
    "{14C50A36-8DB3-46D4-8613-399EA1C55E88}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
    "TCP Query User{3F20A39B-E495-43E5-B151-409ECB5FF5EF}C:\\program files\\gadu-gadu\\gg.exe"= UDP:C:\program files\gadu-gadu\gg.exe:Gadu-Gadu - program główny
    "UDP Query User{DD33642C-180D-4E79-9680-C14F2B02A094}C:\\program files\\gadu-gadu\\gg.exe"= TCP:C:\program files\gadu-gadu\gg.exe:Gadu-Gadu - program główny
    "{15FFC916-6FB7-4FC6-9FAC-6D72AF5EABDF}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
    "{CEB6E2C2-B186-46D0-99DC-D15C70E01E65}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
    "{5A32FC7B-F915-40C0-91D1-AB3E9988C80C}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
    "{0F682803-FAF7-4D09-856C-FCEF70693C8B}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
    "{BD769E79-3F6E-45A7-A883-9C0F592699C2}"= UDP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
    "{409CCDA0-8DAA-4600-BA8E-A05EDA5B5F6D}"= TCP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
    "{7DC553E1-4DEA-42B1-88F5-E505166778FB}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
    "{ACF0A18C-2335-48AC-8007-84463E64D338}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
    "TCP Query User{859B3203-2440-4BA1-B786-F584E3B5674C}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
    "UDP Query User{F76CB4CE-C9E6-4F5E-87E5-17E54AB3C548}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
    "TCP Query User{70BFB42B-280E-4232-8D0D-D03024C66546}C:\\program files\\bitcomet\\bitcomet.exe"= UDP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
    "UDP Query User{A76CD9E0-8E5A-461D-832B-ED3C46D72B29}C:\\program files\\bitcomet\\bitcomet.exe"= TCP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
    "TCP Query User{02655EF9-D98B-4C4C-8EB5-649D9A2A7486}C:\\program files\\gadu-gadu\\gg.exe"= UDP:C:\program files\gadu-gadu\gg.exe:Gadu-Gadu - program główny
    "UDP Query User{DCE0D74E-78F7-4B5C-8BBD-BD414479FBD8}C:\\program files\\gadu-gadu\\gg.exe"= TCP:C:\program files\gadu-gadu\gg.exe:Gadu-Gadu - program główny
    "TCP Query User{8441AC14-2556-4311-8530-80EB9E677372}C:\\programdata\\kaspersky lab setup files\\kaspersky anti-virus 7.0.1.321\\english\\setup.exe"= UDP:C:\programdata\kaspersky lab setup files\kaspersky anti-virus 7.0.1.321\english\setup.exe:Kaspersky Anti-Virus 7.0 Setup
    "UDP Query User{5E30C312-2684-4100-B2EC-8E3F3AAF39E6}C:\\programdata\\kaspersky lab setup files\\kaspersky anti-virus 7.0.1.321\\english\\setup.exe"= TCP:C:\programdata\kaspersky lab setup files\kaspersky anti-virus 7.0.1.321\english\setup.exe:Kaspersky Anti-Virus 7.0 Setup
    "TCP Query User{F04EAE22-2E56-4CF1-923F-9396EA2A0797}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
    "UDP Query User{4A1BC1CB-339D-41F5-ADF1-AE6180BE61FE}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus
    "TCP Query User{98283A43-8E73-43C6-B98C-DCDB7B28AE90}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
    "UDP Query User{9EC24670-4401-4B59-8D3C-0FD99E3894FB}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
    "TCP Query User{78A104A1-5214-47BE-9955-58E6872C1C4F}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
    "UDP Query User{36A4EA23-612D-47C7-81B1-0686C2168525}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus
    "TCP Query User{DD26C2DB-0F23-42CF-8931-C299C6934AF4}C:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver
    "UDP Query User{3F2C9C31-72B2-44DD-835D-617976ABEEA1}C:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver
    "TCP Query User{E797B685-981A-41DE-B5B9-3DB8FA58A051}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
    "UDP Query User{4560A276-919E-4BEC-8164-B9B8752E4EC2}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
    "TCP Query User{FC9BBB1F-CF6E-4183-A4A5-49A729CB355B}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
    "UDP Query User{BEF0F58C-9D96-4F0B-9B7F-BB97952D4EC1}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
    "TCP Query User{9EB777E0-4B4A-48E0-8791-DCF1033D1A84}C:\\program files\\opera\\opera.exe"= UDP:C:\program files\opera\opera.exe:Opera Internet Browser
    "UDP Query User{4CE7255F-0E71-4E20-834B-EE604303397E}C:\\program files\\opera\\opera.exe"= TCP:C:\program files\opera\opera.exe:Opera Internet Browser
    "TCP Query User{A88FE76D-2842-4C30-BA79-F7486363F4AB}C:\\program files\\sopcast\\sopcast.exe"= UDP:C:\program files\sopcast\sopcast.exe:SopCast Main Application
    "UDP Query User{DCA111A3-B06B-46A5-A4FC-3E3BE9C68DBE}C:\\program files\\sopcast\\sopcast.exe"= TCP:C:\program files\sopcast\sopcast.exe:SopCast Main Application
    "TCP Query User{67D466DC-2D97-4FC0-9F6C-2ED91195FB1B}C:\\programdata\\kaspersky lab setup files\\kaspersky anti-virus 2009\\polish\\setup.exe"= UDP:C:\programdata\kaspersky lab setup files\kaspersky anti-virus 2009\polish\setup.exe:Kaspersky Anti-Virus 2009 Setup
    "UDP Query User{F286B4F6-9329-4A5F-A205-0824BD9CA0BA}C:\\programdata\\kaspersky lab setup files\\kaspersky anti-virus 2009\\polish\\setup.exe"= TCP:C:\programdata\kaspersky lab setup files\kaspersky anti-virus 2009\polish\setup.exe:Kaspersky Anti-Virus 2009 Setup

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
    "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

    R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\Windows\system32\drivers\sfsync03.sys [2005-10-13 14:46]
    R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 00:20]
    R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 00:16]
    R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-16 00:18]
    R2 QPCapSvc;QuickPlay Background Capture Service (QBCS);C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe [2007-10-01 04:34]
    R2 QPSched;QuickPlay Task Scheduler (QTS);C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe [2007-10-01 04:34]
    R3 HpqRemHid;HP Remote Control HID Device;C:\Windows\system32\DRIVERS\HpqRemHid.sys [2007-07-11 19:30]
    S3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\Windows\system32\DRIVERS\snp2sxp.sys [2007-09-05 13:48]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
    \shell\AutoRun\command - G:\Launch.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{391351bf-ebcf-11dc-b036-001b24f56c7c}]
    \shell\AutoRun\command - RavMon.exe
    \shell\explore\Command - RavMon.exe -e
    \shell\open\Command - RavMon.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{96a058bd-e8c4-11dc-a474-001b24f56c7c}]
    \shell\AutoRun\command - G:\Launch.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c120fa21-dc08-11dc-b38f-001b24f56c7c}]
    \shell\AutoRun\command - F:\Launch.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb5850a0-dc2e-11dc-91d9-001b24f56c7c}]
    \shell\AutoRun\command - F:\Launch.exe

    *Newly Created Service* - CATCHME

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
    .
    - - - - ORPHANS REMOVED - - - -

    Toolbar-{80123684-A222-4009-8220-A867294D6DE8} - (no file)
    HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    SSODL-axrfgvek-{AD14D33D-80DF-4CFA-9932-1292F988137F} - C:\Windows\axrfgvek.dll

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-07-09 19:02:17
    Windows 6.0.6000 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-07-09 19:03:46
    ComboFix-quarantined-files.txt 2008-07-09 18:03:43

    Pre-Run: 30,771,646,464 bytes free
    Post-Run: 30,852,771,840 bytes free

    266 --- E O F --- 2008-07-09 02:05:00


    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
    O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
    O3 - Toolbar: (no name) - {80123684-A222-4009-8220-A867294D6DE8} - (no file)
    O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\fccbAQjj.dll,#1
    O4 - HKLM\..\Run: [DelayLoad] C:\Users\PAWE~1\AppData\Local\Temp\atmadm2.exe

    Pobierz Combofix: (nie wiem czy PAWE~, nie będziesz musiał podać pełnej ścieżki, bo obcięlo)
    C:\Users\PAWE~1\AppData\Local\Temp\atmadm2.exe

    Dalej FIX
    O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\PAWE~1\AppData\Local\Temp\lJaWPgfg.dll,#1

    O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\PAWE~1\AppData\Local\Temp\jkkHBQhe.dll,c
    O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
    O21 - SSODL: axrfgvek - {AD14D33D-80DF-4CFA-9932-1292F988137F} - C:\Windows\axrfgvek.dll

    PS// jeszcze raz hijacka daj....
    Ps_2//moze kots spr.. combofixa bo ja nie znam sie na nim
  • zanotowane.pl
  • doc.pisz.pl
  • pdf.pisz.pl
  • mandragora32.opx.pl
    • ďťż
    Wszelkie Prawa ZastrzeĹźone! chomiki Design by SZABLONY.maniak.pl.