Zaloguj się

Markizz · 09.09.2007, 20:49

Mam klopot otoz gdy uruchamiam jakis program czy gre obojetnie co czy nawet wlacze komputer wyskakuja mi komunikaty o znalezionym wirusie TR/Renos.8192.2.Prosze o pomoc z gory dzieki.

I co dam delete w komunikacie to on powraca co mam zrobic??

Serafin · 10.09.2007, 15:39

Najpierw musisz nam dać logi z

[Aby zobaczyć linki, zarejestruj się tutaj]

i

[Aby zobaczyć linki, zarejestruj się tutaj]

Markizz · 11.09.2007, 06:08

Log z Hijackthis

Cytat: Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:00:28, on 2007-09-11
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
Crogram FilesAnalog DevicesCoresmax4pnp.exe
Crogram FilesAnalog DevicesSoundMAXSmax4.exe
C:WINDOWSsystem32RunDLL32.exe
Crogram FilesCyberLinkPowerDVDPDVDServ.exe
Crogram FilesAntiVir PersonalEdition Classicavgnt.exe
Crogram FilesJavajre1.5.0_03binjusched.exe
Crogram FilesDAEMON Toolsdaemon.exe
Crogram FilesPowerISOPWRISOVM.EXE
Crogram FilesWinampwinampa.exe
C:WINDOWSsystem32ctfmon.exe
Crogram FilesSpybot - Search & DestroyTeaTimer.exe
Crogram FilesMessengermsmsgs.exe
Crogram FilesAntiVir PersonalEdition Classicsched.exe
Crogram FilesAntiVir PersonalEdition Classicavguard.exe
Crogram FilesCommon FilesLightScribeLSSrvc.exe
C:WINDOWSsystem32nvsvc32.exe
C:WINDOWSsystem32wscntfy.exe
Crogram FilesAntiVir PersonalEdition ClassicGUARDGUI.EXE
Crogram FilesAntiVir PersonalEdition ClassicGUARDGUI.EXE
Crogram FilesAntiVir PersonalEdition ClassicGUARDGUI.EXE
Crogram FilesAntiVir PersonalEdition ClassicGUARDGUI.EXE
Crogram FilesAntiVir PersonalEdition ClassicGUARDGUI.EXE
Crogram FilesAntiVir PersonalEdition ClassicGUARDGUI.EXE
Crogram FilesAntiVir PersonalEdition ClassicGUARDGUI.EXE
Crogram FilesAntiVir PersonalEdition ClassicGUARDGUI.EXE
Crogram FilesAntiVir PersonalEdition ClassicGUARDGUI.EXE
Crogram FilesAntiVir PersonalEdition ClassicGUARDGUI.EXE
Crogram FilesAntiVir PersonalEdition ClassicGUARDGUI.EXE
Crogram FilesAntiVir PersonalEdition ClassicGUARDGUI.EXE
Crogram FilesAntiVir PersonalEdition ClassicGUARDGUI.EXE
Crogram FilesAntiVir PersonalEdition ClassicGUARDGUI.EXE
Crogram FilesAntiVir PersonalEdition ClassicGUARDGUI.EXE
Crogram FilesOutlook Expressmsimn.exe
Eozapisu na plyteHiJackThis.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,SearchAssistant =
[Aby zobaczyć linki, zarejestruj się tutaj]
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = aboutblank
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ĺącza
O1 - Hosts: 88.198.33.114 l2authd.lineage2.com
O1 - Hosts: 88.198.33.114 l2testauthd.lineage2.com
O1 - Hosts: 88.198.33.114 nprotect.lineage2.com
O1 - Hosts: 88.198.33.114 update.nProtect.com
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - Crogram FilesBitComettoolsBitCometBHO_1.1.3.28.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - CROGRA~1SPYBOT~1SDHelper.dll
O4 - HKLM..Run: [High Definition Audio Property Page Shortcut]HDAShCut.exe
O4 - HKLM..Run: [SoundMAXPnP]Crogram FilesAnalog DevicesCoresmax4pnp.exe
O4 - HKLM..Run: [SoundMAX]"Crogram FilesAnalog DevicesSoundMAXSmax4.exe" /tray
O4 - HKLM..Run: [NvCplDaemon]RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [nwiz]nwiz.exe /install
O4 - HKLM..Run: [NvMediaCenter]RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM..Run: [NeroFilterCheck]C:WINDOWSsystem32NeroCheck.exe
O4 - HKLM..Run: [RemoteControl]"Crogram FilesCyberLinkPowerDVDPDVDServ.exe"
O4 - HKLM..Run: [avgnt]"Crogram FilesAntiVir PersonalEdition Classicavgnt.exe" /min
O4 - HKLM..Run: [SunJavaUpdateSched]Crogram FilesJavajre1.5.0_03binjusched.exe
O4 - HKLM..Run: [DAEMON Tools]"Crogram FilesDAEMON Toolsdaemon.exe" -lang 1033
O4 - HKLM..Run: [PWRISOVM.EXE]Crogram FilesPowerISOPWRISOVM.EXE
O4 - HKLM..Run: [KernelFaultCheck]%systemroot%system32dumprep 0 -k
O4 - HKLM..Run: [WinampAgent]Crogram FilesWinampwinampa.exe
O4 - HKCU..Run: [ctfmon.exe]C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [SpybotSD TeaTimer]Crogram FilesSpybot - Search & DestroyTeaTimer.exe
O4 - HKCU..Run: [Gadu-Gadu]"Crogram FilesGadu-Gadugg.exe" /tray
O4 - HKCU..Run: [MSMSGS]"Crogram FilesMessengermsmsgs.exe" /background
O4 - HKCU..Run: [swg]Crogram FilesGoogleGoogleToolbarNotifier1.2.1128.5462GoogleToolbarNotifier.exe
O4 - HKCU..Run: [ares]"Crogram FilesAresAres.exe" -h
O8 - Extra context menu item: Download all links using BitComet -
[Aby zobaczyć linki, zarejestruj się tutaj]
FilesBitCometBitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download link using &BitComet -
[Aby zobaczyć linki, zarejestruj się tutaj]
FilesBitCometBitComet.exe/AddLink.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Crogram FilesMessengermsmsgs.exe
O9 - Extra ''Tools'' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Crogram FilesMessengermsmsgs.exe
O10 - Unknown file in Winsock LSP: c:windowssystem32nwprovau.dll
O17 - HKLMSystemCCSServicesTcpip..{4039998C-DD44-4386-8010-19A5F5BEF211}: NameServer = 194.204.159.1,194.204.152.34
O20 - AppInit_DLLs: C:WINDOWSsystem32systems.txt
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - Crogram FilesAntiVir PersonalEdition Classicsched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - Crogram FilesAntiVir PersonalEdition Classicavguard.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - Crogram FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - Crogram FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - Crogram FilesCommon FilesLightScribeLSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:WINDOWSsystem32sfrem01.exe

--
End of file - 6388 bytes

Silent runners

Cytat: "Silent Runners.vbs", revision 52,
[Aby zobaczyć linki, zarejestruj się tutaj]
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:
---------------------------------

HKCUSoftwareMicrosoftWindowsCurrentVersionRun {++}
"ctfmon.exe" = "C:WINDOWSsystem32ctfmon.exe" [MS]
"SpybotSD TeaTimer" = "Crogram FilesSpybot - Search & DestroyTeaTimer.exe" ["Safer Networking Limited"]
"Gadu-Gadu" = ""Crogram FilesGadu-Gadugg.exe" /tray" ["Gadu-Gadu S.A."]
"MSMSGS" = ""Crogram FilesMessengermsmsgs.exe" /background" [MS]
"swg" = "Crogram FilesGoogleGoogleToolbarNotifier1.2.1128.5462GoogleToolbarNotifier.exe" [file not found]
"ares" = ""Crogram FilesAresAres.exe" -h" [file not found]

HKLMSoftwareMicrosoftWindowsCurrentVersionRun {++}
"High Definition Audio Property Page Shortcut" = "HDAShCut.exe" ["Windows ® Server 2003 DDK provider"]
"SoundMAXPnP" = "Crogram FilesAnalog DevicesCoresmax4pnp.exe" ["Analog Devices, Inc."]
"SoundMAX" = ""Crogram FilesAnalog DevicesSoundMAXSmax4.exe" /tray" ["Analog Devices, Inc."]
"NvCplDaemon" = "RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NvMediaCenter" = "RunDLL32.exe NvMCTray.dll,NvTaskbarInit" [MS]
"NeroFilterCheck" = "C:WINDOWSsystem32NeroCheck.exe" ["Nero AG"]
"RemoteControl" = ""Crogram FilesCyberLinkPowerDVDPDVDServ.exe"" ["Cyberlink Corp."]
"avgnt" = ""Crogram FilesAntiVir PersonalEdition Classicavgnt.exe" /min" ["Avira GmbH"]
"SunJavaUpdateSched" = "Crogram FilesJavajre1.5.0_03binjusched.exe" ["Sun Microsystems, Inc."]
"DAEMON Tools" = ""Crogram FilesDAEMON Toolsdaemon.exe" -lang 1033" ["DT Soft Ltd."]
"PWRISOVM.EXE" = "Crogram FilesPowerISOPWRISOVM.EXE" ["PowerISO Computing, Inc."]
"KernelFaultCheck" = "C:WINDOWSsystem32dumprep 0 -k"
"WinampAgent" = "Crogram FilesWinampwinampa.exe" [null data]
"NWEReboot" = "(empty string)" [file not found]

HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}(Default) = "BitComet ClickCapture"
-> {HKLM...CLSID} = "BitComet Helper"
InProcServer32(Default) = "Crogram FilesBitComettoolsBitCometBHO_1.1.3.28.dll" [file not found]
{53707962-6F74-2D53-2644-206D7942484F}(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
InProcServer32(Default) = "CROGRA~1SPYBOT~1SDHelper.dll" ["Safer Networking Limited"]

HKLMSoftwareMicrosoftWindowsCurrentVersionShell ExtensionsApproved
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
InProcServer32(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
InProcServer32(Default) = "C:WINDOWSsystem32hticons.dll" ["Hilgraeve, Inc."]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
InProcServer32(Default) = "C:WINDOWSsystem32nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
InProcServer32(Default) = "C:WINDOWSsystem32nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
InProcServer32(Default) = "C:WINDOWSsystem32nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
InProcServer32(Default) = "C:WINDOWSsystem32nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
InProcServer32(Default) = "C:WINDOWSsystem32nvshell.dll" ["NVIDIA Corporation"]
"{CA5FEE26-14C1-4B5A-86E9-233FC0EE2682}" = "IZArc DragDrop Menu"
-> {HKLM...CLSID} = "IZArc DragDrop Menu"
InProcServer32(Default) = "CROGRA~1IZArcIZArcCM.dll" [null data]
"{8D9D4D0D-FDDD-44CB-AAB2-6161FA0757C5}" = "IZArc Shell Context Menu"
-> {HKLM...CLSID} = "IZArc Shell Context Menu"
InProcServer32(Default) = "CROGRA~1IZArcIZArcCM.dll" [null data]
"{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" = "Shell Extension for Malware scanning"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
InProcServer32(Default) = "Crogram FilesAntiVir PersonalEdition Classicshlext.dll" ["Avira GmbH"]
"{e57ce731-33e8-4c51-8354-bb4de9d215d1}" = "Uniwersalne urządzenia Plug and Play"
-> {HKLM...CLSID} = "Uniwersalne urządzenia Plug and Play"
InProcServer32(Default) = "C:WINDOWSsystem32upnpui.dll" [MS]
"{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}" = "PowerISO"
-> {HKLM...CLSID} = "PowerISO"
InProcServer32(Default) = "Crogram FilesPowerISOPWRISOSH.DLL" ["PowerISO Computing, Inc."]

HKLMSoftwareMicrosoftWindows NTCurrentVersionWindows
<<!>> "AppInit_DLLs" = "C:WINDOWSsystem32systems.txt" [file not found]

HKLMSoftwareClasses*shellexContextMenuHandlers
IZArcCM(Default) = "{8D9D4D0D-FDDD-44CB-AAB2-6161FA0757C5}"
-> {HKLM...CLSID} = "IZArc Shell Context Menu"
InProcServer32(Default) = "CROGRA~1IZArcIZArcCM.dll" [null data]
PowerISO(Default) = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}"
-> {HKLM...CLSID} = "PowerISO"
InProcServer32(Default) = "Crogram FilesPowerISOPWRISOSH.DLL" ["PowerISO Computing, Inc."]
Shell Extension for Malware scanning(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
InProcServer32(Default) = "Crogram FilesAntiVir PersonalEdition Classicshlext.dll" ["Avira GmbH"]

HKLMSoftwareClassesDirectoryshellexContextMenuHandlers
IZArcCM(Default) = "{8D9D4D0D-FDDD-44CB-AAB2-6161FA0757C5}"
-> {HKLM...CLSID} = "IZArc Shell Context Menu"
InProcServer32(Default) = "CROGRA~1IZArcIZArcCM.dll" [null data]
PowerISO(Default) = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}"
-> {HKLM...CLSID} = "PowerISO"
InProcServer32(Default) = "Crogram FilesPowerISOPWRISOSH.DLL" ["PowerISO Computing, Inc."]

HKLMSoftwareClassesFoldershellexContextMenuHandlers
PowerISO(Default) = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}"
-> {HKLM...CLSID} = "PowerISO"
InProcServer32(Default) = "Crogram FilesPowerISOPWRISOSH.DLL" ["PowerISO Computing, Inc."]
Shell Extension for Malware scanning(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
InProcServer32(Default) = "Crogram FilesAntiVir PersonalEdition Classicshlext.dll" ["Avira GmbH"]

Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}

Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCUSoftwareMicrosoftInternet ExplorerDesktopGeneral
"Wallpaper" = "%APPDATA%MicrosoftInternet ExplorerTapeta programu Internet Explorer.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCUControl PanelDesktop
"Wallpaper" = "Cocuments and SettingsuserDane aplikacjiMicrosoftInternet ExplorerTapeta programu Internet Explorer.bmp"

Enabled Screen Saver:
---------------------

HKCUControl PanelDesktop
"SCRNSAVE.EXE" = "C:WINDOWSsystem32sstext3d.scr" [MS]

Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLMSystemCurrentControlSetServicesWinsock2ParametersNameSpace_Catalog5Catalog_Entries {++}
000000000001LibraryPath = "%SystemRoot%System32mswsock.dll" [MS]
000000000002LibraryPath = "%SystemRoot%System32winrnr.dll" [MS]
000000000003LibraryPath = "%SystemRoot%System32mswsock.dll" [MS]
000000000004LibraryPath = "%SystemRoot%System32nwprovau.dll" [MS]

Transport Service Providers

HKLMSystemCurrentControlSetServicesWinsock2ParametersProtocol_Catalog9Catalog_Entries {++}
0000000000##PackedCatalogItem (contains) DLL [Company Name] , (at) ## range:
%SystemRoot%system32mswsock.dll [MS] , 01 - 03, 06 - 20
%SystemRoot%system32rsvpsp.dll [MS] , 04 - 05

Toolbars, Explorer Bars, Extensions:
------------------------------------

Extensions (Tools menu items, main toolbar menu buttons)

HKLMSoftwareMicrosoftInternet ExplorerExtensions
{FB5F1910-F110-11D2-BB9E-00C04F795683}
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "Crogram FilesMessengermsmsgs.exe" [MS]

HOSTS file
----------

C:WINDOWSSystem32driversetcHOSTS

maps: 5 domain names to IP addresses,
4 of the IP addresses are *not* localhost!

Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

AntiVir PersonalEdition Classic Guard, AntiVirService, "Crogram FilesAntiVir PersonalEdition Classicavguard.exe" ["Avira GmbH"]
AntiVir PersonalEdition Classic Scheduler, AntiVirScheduler, "Crogram FilesAntiVir PersonalEdition Classicsched.exe" ["Avira GmbH"]
LightScribeService Direct Disc Labeling Service, LightScribeService, ""Crogram FilesCommon FilesLightScribeLSSrvc.exe"" ["Hewlett-Packard Company"]
NVIDIA Display Driver Service, NVSvc, "C:WINDOWSsystem32nvsvc32.exe" ["NVIDIA Corporation"]
Windows User Mode Driver Framework, UMWdf, "C:WINDOWSsystem32wdfmgr.exe" [MS]

---------- (launch time: 2007-09-11 07:05:24)
<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 82 seconds.
---------- (total run time: 110 seconds)

Serafin · 11.09.2007, 15:26

Cytat: R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,SearchAssistant =
[Aby zobaczyć linki, zarejestruj się tutaj]
O4 - HKLM..Run: [KernelFaultCheck]%systemroot%system32dumprep 0 -k
O20 - AppInit_DLLs: C:WINDOWSsystem32 systems.txt

Startujesz trybu awaryjnego wyłączasz przywracanie systemu kasujesz pogrubionepliki foldery ręcznie z dysku wpisy kasujesz hijackiem

Tryb awaryjny

Cytat: Uruchom komputer i naciśnij klawisz F8 na klawiaturze. Na komputerze, którego konfiguracja umożliwia rozruch w wielu systemach operacyjnych, klawisz F8 należy nacisnąć po wyświetleniu menu Wybierz system operacyjny do uruchomienia.
Gdy pojawi się menu Menu opcji zaawansowanych systemu Windows, wybierz opcję, a następnie naciśnij klawisz ENTER.
Gdy ponownie pojawi się menu Wybierz system operacyjny do uruchomienia, zawierające u dołu ekranu niebieskie wyrazy „Tryb awaryjny”, zaznacz wybraną instalację i naciśnij klawisz ENTER.

Wyłączanie przywracania systemu

Cytat: Kliknij przycisk Start, kliknij prawym przyciskiem myszy polecenie Mój komputer, a następnie kliknij polecenie Właściwości.
W oknie dialogowym Właściwości systemu kliknij kartę Przywracanie systemu.
Kliknij, aby zaznaczyć pole wyboru Wyłącz Przywracanie systemu. Można także zaznaczyć pole wyboru Wyłącz Przywracanie systemu na wszystkich dyskach.
Kliknij przycisk OK.
Gdy pojawi się następujący komunikat, kliknij przycisk Tak, aby potwierdzić, że chcesz wyłączyć Przywracanie systemu

Po zabiegach dajesz log z hijackasilent runners i log z

[Aby zobaczyć linki, zarejestruj się tutaj]

Markizz · 11.09.2007, 16:20

Cytat: Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:07:58, on 2007-09-11
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
Crogram FilesAnalog DevicesCoresmax4pnp.exe
Crogram FilesAnalog DevicesSoundMAXSmax4.exe
C:WINDOWSsystem32RunDLL32.exe
Crogram FilesCyberLinkPowerDVDPDVDServ.exe
Crogram FilesAntiVir PersonalEdition Classicavgnt.exe
Crogram FilesJavajre1.5.0_03binjusched.exe
Crogram FilesDAEMON Toolsdaemon.exe
Crogram FilesPowerISOPWRISOVM.EXE
Crogram FilesWinampwinampa.exe
C:WINDOWSsystem32ctfmon.exe
Crogram FilesSpybot - Search & DestroyTeaTimer.exe
Crogram FilesMessengermsmsgs.exe
Crogram FilesAntiVir PersonalEdition Classicsched.exe
Crogram FilesAntiVir PersonalEdition Classicavguard.exe
Crogram FilesCommon FilesLightScribeLSSrvc.exe
C:WINDOWSsystem32nvsvc32.exe
C:WINDOWSsystem32wscntfy.exe
Crogram FilesInternet ExplorerIEXPLORE.EXE
C:WINDOWSsystem32wuauclt.exe
Crogram FilesGadu-Gadugg.exe
Crogram FilesWinampwinamp.exe
Eozapisu na plyteHiJackThis.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,SearchAssistant =
[Aby zobaczyć linki, zarejestruj się tutaj]
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = aboutblank
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ĺącza
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - Crogram FilesBitComettoolsBitCometBHO_1.1.3.28.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - CROGRA~1SPYBOT~1SDHelper.dll
O4 - HKLM..Run: [High Definition Audio Property Page Shortcut]HDAShCut.exe
O4 - HKLM..Run: [SoundMAXPnP]Crogram FilesAnalog DevicesCoresmax4pnp.exe
O4 - HKLM..Run: [SoundMAX]"Crogram FilesAnalog DevicesSoundMAXSmax4.exe" /tray
O4 - HKLM..Run: [NvCplDaemon]RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [nwiz]nwiz.exe /install
O4 - HKLM..Run: [NvMediaCenter]RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM..Run: [NeroFilterCheck]C:WINDOWSsystem32NeroCheck.exe
O4 - HKLM..Run: [RemoteControl]"Crogram FilesCyberLinkPowerDVDPDVDServ.exe"
O4 - HKLM..Run: [avgnt]"Crogram FilesAntiVir PersonalEdition Classicavgnt.exe" /min
O4 - HKLM..Run: [SunJavaUpdateSched]Crogram FilesJavajre1.5.0_03binjusched.exe
O4 - HKLM..Run: [DAEMON Tools]"Crogram FilesDAEMON Toolsdaemon.exe" -lang 1033
O4 - HKLM..Run: [PWRISOVM.EXE]Crogram FilesPowerISOPWRISOVM.EXE
O4 - HKLM..Run: [WinampAgent]Crogram FilesWinampwinampa.exe
O4 - HKLM..Run: [KernelFaultCheck]%systemroot%system32dumprep 0 -k
O4 - HKCU..Run: [ctfmon.exe]C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [SpybotSD TeaTimer]Crogram FilesSpybot - Search & DestroyTeaTimer.exe
O4 - HKCU..Run: [Gadu-Gadu]"Crogram FilesGadu-Gadugg.exe" /tray
O4 - HKCU..Run: [MSMSGS]"Crogram FilesMessengermsmsgs.exe" /background
O4 - HKCU..Run: [swg]Crogram FilesGoogleGoogleToolbarNotifier1.2.1128.5462GoogleToolbarNotifier.exe
O4 - HKCU..Run: [ares]"Crogram FilesAresAres.exe" -h
O8 - Extra context menu item: Download all links using BitComet -
[Aby zobaczyć linki, zarejestruj się tutaj]
FilesBitCometBitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download link using &BitComet -
[Aby zobaczyć linki, zarejestruj się tutaj]
FilesBitCometBitComet.exe/AddLink.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Crogram FilesMessengermsmsgs.exe
O9 - Extra ''Tools'' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Crogram FilesMessengermsmsgs.exe
O10 - Unknown file in Winsock LSP: c:windowssystem32nwprovau.dll
O17 - HKLMSystemCCSServicesTcpip..{4039998C-DD44-4386-8010-19A5F5BEF211}: NameServer = 194.204.159.1,194.204.152.34
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - Crogram FilesAntiVir PersonalEdition Classicsched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - Crogram FilesAntiVir PersonalEdition Classicavguard.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - Crogram FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - Crogram FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - Crogram FilesCommon FilesLightScribeLSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:WINDOWSsystem32sfrem01.exe

--
End of file - 5303 bytes

_____________________________________________________________

Cytat: "Silent Runners.vbs", revision 52,
[Aby zobaczyć linki, zarejestruj się tutaj]
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:
---------------------------------

HKCUSoftwareMicrosoftWindowsCurrentVersionRun {++}
"ctfmon.exe" = "C:WINDOWSsystem32ctfmon.exe" [MS]
"SpybotSD TeaTimer" = "Crogram FilesSpybot - Search & DestroyTeaTimer.exe" ["Safer Networking Limited"]
"Gadu-Gadu" = ""Crogram FilesGadu-Gadugg.exe" /tray" ["Gadu-Gadu S.A."]
"MSMSGS" = ""Crogram FilesMessengermsmsgs.exe" /background" [MS]
"swg" = "Crogram FilesGoogleGoogleToolbarNotifier1.2.1128.5462GoogleToolbarNotifier.exe" [file not found]
"ares" = ""Crogram FilesAresAres.exe" -h" [file not found]

HKLMSoftwareMicrosoftWindowsCurrentVersionRun {++}
"High Definition Audio Property Page Shortcut" = "HDAShCut.exe" ["Windows ® Server 2003 DDK provider"]
"SoundMAXPnP" = "Crogram FilesAnalog DevicesCoresmax4pnp.exe" ["Analog Devices, Inc."]
"SoundMAX" = ""Crogram FilesAnalog DevicesSoundMAXSmax4.exe" /tray" ["Analog Devices, Inc."]
"NvCplDaemon" = "RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NvMediaCenter" = "RunDLL32.exe NvMCTray.dll,NvTaskbarInit" [MS]
"NeroFilterCheck" = "C:WINDOWSsystem32NeroCheck.exe" ["Nero AG"]
"RemoteControl" = ""Crogram FilesCyberLinkPowerDVDPDVDServ.exe"" ["Cyberlink Corp."]
"avgnt" = ""Crogram FilesAntiVir PersonalEdition Classicavgnt.exe" /min" ["Avira GmbH"]
"SunJavaUpdateSched" = "Crogram FilesJavajre1.5.0_03binjusched.exe" ["Sun Microsystems, Inc."]
"DAEMON Tools" = ""Crogram FilesDAEMON Toolsdaemon.exe" -lang 1033" ["DT Soft Ltd."]
"PWRISOVM.EXE" = "Crogram FilesPowerISOPWRISOVM.EXE" ["PowerISO Computing, Inc."]
"WinampAgent" = "Crogram FilesWinampwinampa.exe" [null data]
"NWEReboot" = "(empty string)" [file not found]
"KernelFaultCheck" = "C:WINDOWSsystem32dumprep 0 -k"

HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}(Default) = "BitComet ClickCapture"
-> {HKLM...CLSID} = "BitComet Helper"
InProcServer32(Default) = "Crogram FilesBitComettoolsBitCometBHO_1.1.3.28.dll" [file not found]
{53707962-6F74-2D53-2644-206D7942484F}(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
InProcServer32(Default) = "CROGRA~1SPYBOT~1SDHelper.dll" ["Safer Networking Limited"]

HKLMSoftwareMicrosoftWindowsCurrentVersionShell ExtensionsApproved
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
InProcServer32(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
InProcServer32(Default) = "C:WINDOWSsystem32hticons.dll" ["Hilgraeve, Inc."]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
InProcServer32(Default) = "C:WINDOWSsystem32nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
InProcServer32(Default) = "C:WINDOWSsystem32nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
InProcServer32(Default) = "C:WINDOWSsystem32nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
InProcServer32(Default) = "C:WINDOWSsystem32nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
InProcServer32(Default) = "C:WINDOWSsystem32nvshell.dll" ["NVIDIA Corporation"]
"{CA5FEE26-14C1-4B5A-86E9-233FC0EE2682}" = "IZArc DragDrop Menu"
-> {HKLM...CLSID} = "IZArc DragDrop Menu"
InProcServer32(Default) = "CROGRA~1IZArcIZArcCM.dll" [null data]
"{8D9D4D0D-FDDD-44CB-AAB2-6161FA0757C5}" = "IZArc Shell Context Menu"
-> {HKLM...CLSID} = "IZArc Shell Context Menu"
InProcServer32(Default) = "CROGRA~1IZArcIZArcCM.dll" [null data]
"{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" = "Shell Extension for Malware scanning"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
InProcServer32(Default) = "Crogram FilesAntiVir PersonalEdition Classicshlext.dll" ["Avira GmbH"]
"{e57ce731-33e8-4c51-8354-bb4de9d215d1}" = "Uniwersalne urządzenia Plug and Play"
-> {HKLM...CLSID} = "Uniwersalne urządzenia Plug and Play"
InProcServer32(Default) = "C:WINDOWSsystem32upnpui.dll" [MS]
"{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}" = "PowerISO"
-> {HKLM...CLSID} = "PowerISO"
InProcServer32(Default) = "Crogram FilesPowerISOPWRISOSH.DLL" ["PowerISO Computing, Inc."]

HKLMSoftwareClasses*shellexContextMenuHandlers
IZArcCM(Default) = "{8D9D4D0D-FDDD-44CB-AAB2-6161FA0757C5}"
-> {HKLM...CLSID} = "IZArc Shell Context Menu"
InProcServer32(Default) = "CROGRA~1IZArcIZArcCM.dll" [null data]
PowerISO(Default) = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}"
-> {HKLM...CLSID} = "PowerISO"
InProcServer32(Default) = "Crogram FilesPowerISOPWRISOSH.DLL" ["PowerISO Computing, Inc."]
Shell Extension for Malware scanning(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
InProcServer32(Default) = "Crogram FilesAntiVir PersonalEdition Classicshlext.dll" ["Avira GmbH"]

HKLMSoftwareClassesDirectoryshellexContextMenuHandlers
IZArcCM(Default) = "{8D9D4D0D-FDDD-44CB-AAB2-6161FA0757C5}"
-> {HKLM...CLSID} = "IZArc Shell Context Menu"
InProcServer32(Default) = "CROGRA~1IZArcIZArcCM.dll" [null data]
PowerISO(Default) = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}"
-> {HKLM...CLSID} = "PowerISO"
InProcServer32(Default) = "Crogram FilesPowerISOPWRISOSH.DLL" ["PowerISO Computing, Inc."]

HKLMSoftwareClassesFoldershellexContextMenuHandlers
PowerISO(Default) = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}"
-> {HKLM...CLSID} = "PowerISO"
InProcServer32(Default) = "Crogram FilesPowerISOPWRISOSH.DLL" ["PowerISO Computing, Inc."]
Shell Extension for Malware scanning(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
InProcServer32(Default) = "Crogram FilesAntiVir PersonalEdition Classicshlext.dll" ["Avira GmbH"]

Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}

Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCUSoftwareMicrosoftInternet ExplorerDesktopGeneral
"Wallpaper" = "%APPDATA%MicrosoftInternet ExplorerTapeta programu Internet Explorer.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCUControl PanelDesktop
"Wallpaper" = "Cocuments and SettingsuserDane aplikacjiMicrosoftInternet ExplorerTapeta programu Internet Explorer.bmp"

Enabled Screen Saver:
---------------------

HKCUControl PanelDesktop
"SCRNSAVE.EXE" = "C:WINDOWSsystem32sstext3d.scr" [MS]

Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLMSystemCurrentControlSetServicesWinsock2ParametersNameSpace_Catalog5Catalog_Entries {++}
000000000001LibraryPath = "%SystemRoot%System32mswsock.dll" [MS]
000000000002LibraryPath = "%SystemRoot%System32winrnr.dll" [MS]
000000000003LibraryPath = "%SystemRoot%System32mswsock.dll" [MS]
000000000004LibraryPath = "%SystemRoot%System32nwprovau.dll" [MS]

Transport Service Providers

HKLMSystemCurrentControlSetServicesWinsock2ParametersProtocol_Catalog9Catalog_Entries {++}
0000000000##PackedCatalogItem (contains) DLL [Company Name] , (at) ## range:
%SystemRoot%system32mswsock.dll [MS] , 01 - 03, 06 - 20
%SystemRoot%system32rsvpsp.dll [MS] , 04 - 05

Toolbars, Explorer Bars, Extensions:
------------------------------------

Extensions (Tools menu items, main toolbar menu buttons)

HKLMSoftwareMicrosoftInternet ExplorerExtensions
{FB5F1910-F110-11D2-BB9E-00C04F795683}
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "Crogram FilesMessengermsmsgs.exe" [MS]

Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

AntiVir PersonalEdition Classic Guard, AntiVirService, "Crogram FilesAntiVir PersonalEdition Classicavguard.exe" ["Avira GmbH"]
AntiVir PersonalEdition Classic Scheduler, AntiVirScheduler, "Crogram FilesAntiVir PersonalEdition Classicsched.exe" ["Avira GmbH"]
LightScribeService Direct Disc Labeling Service, LightScribeService, ""Crogram FilesCommon FilesLightScribeLSSrvc.exe"" ["Hewlett-Packard Company"]
NVIDIA Display Driver Service, NVSvc, "C:WINDOWSsystem32nvsvc32.exe" ["NVIDIA Corporation"]
Windows User Mode Driver Framework, UMWdf, "C:WINDOWSsystem32wdfmgr.exe" [MS]

---------- (launch time: 2007-09-11 17:08:02)
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 68 seconds.
---------- (total run time: 90 seconds)

_____________________________________________________________

Cytat: ComboFix 07-09-10.6 - "user" 2007-09-11 17:18:00.2 - NTFSx86
Microsoft Windows XP Professional5.1.2600.2.1250.1.1045.18.690 [GMT 2:00]
.

((((((((((((((((((((((((( Files Created from 2007-08-11 to 2007-09-11)))))))))))))))))))))))))))))))
.

2007-09-09 21:15 53,248 --a------ C:WINDOWSsystem32Process.exe
2007-09-09 21:15 51,200 --a------ C:WINDOWSsystem32dumphive.exe
2007-09-09 21:15 289,144 --a------ C:WINDOWSsystem32VCCLSID.exe
2007-09-09 21:15 288,417 --a------ C:WINDOWSsystem32SrchSTS.exe
2007-09-09 21:06 <DIR> dr-h----- COCUME~1ADMINI~1Dane aplikacji
2007-09-09 21:06 <DIR> dr------- COCUME~1ADMINI~1Menu Start
2007-09-09 21:06 <DIR> d--h----- COCUME~1ADMINI~1Ustawienia lokalne
2007-09-09 21:06 <DIR> d--h----- COCUME~1ADMINI~1Szablony
2007-09-09 21:06 <DIR> d-------- COCUME~1ADMINI~1Ulubione
2007-09-09 21:06 <DIR> d-------- COCUME~1ADMINI~1Pulpit
2007-09-09 21:06 <DIR> d-------- COCUME~1ADMINI~1Moje dokumenty
2007-09-09 20:47 2,472 --a------ C:WINDOWSsystem32tmp.reg
2007-09-08 16:56 <DIR> d-------- Crogram FilesTeam17
2007-09-03 12:36 53,248 --a------ C:WINDOWSsystem32unrar.dll
2007-09-03 12:36 4,296,704 -ra------ C:WINDOWSunasetup.exe
2007-08-31 18:12 <DIR> d-------- C:Nowy folder
2007-08-28 11:34 <DIR> d-------- Crogram FilesGothic III
2007-08-25 11:06 442,368 -ra------ C:WINDOWSsystem32vp6vfw.dll
2007-08-24 14:39 443,752 --a------ C:WINDOWSsystem32d3dx10_33.dll
2007-08-24 14:39 3,495,784 --a------ C:WINDOWSsystem32d3dx9_33.dll
2007-08-24 14:39 261,480 --a------ C:WINDOWSsystem32xactengine2_7.dll
2007-08-24 14:39 255,848 --a------ C:WINDOWSsystem32xactengine2_6.dll
2007-08-24 14:39 1,123,696 --a------ C:WINDOWSsystem32D3DCompiler_33.dll
2007-08-17 12:02 <DIR> d-------- C:games
2007-08-12 03:05 <DIR> d-------- Crogram FilesLanguage Localizator 6
2007-08-11 17:55 60,273 --a------ C:WINDOWSsystem32pthreadGC2.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-09 22:06 --------- d-------- COCUME~1userDANEAP~1uTorrent
2007-09-09 18:24 --------- d-------- COCUME~1userDANEAP~1LimeWire
2007-09-08 16:56 --------- d--h----- Crogram FilesInstallShield Installation Information
2007-09-08 11:56 --------- d-------- Crogram FilesuTorrent
2007-09-07 21:40 --------- d-------- Crogram FilesGameJack 5
2007-09-07 18:15 --------- d-------- COCUME~1userDANEAP~1teamspeak2
2007-08-24 14:41 --------- d-------- COCUME~1userDANEAP~1InstallShield Installation Information
2007-08-15 13:58 --------- d-------- Crogram FilesWarcraft III
2007-08-15 00:29 --------- d-------- Crogram FilesLineage II
2007-08-14 20:03 --------- d-------- Crogram FilesAhead
2007-08-12 03:05 --------- d-------- Crogram FilesHeroesOfAE
2007-08-10 23:26 --------- d-------- COCUME~1userDANEAP~1My Games
2007-08-10 23:07 --------- d-------- COCUME~1userDANEAP~1Firaxis Games
2007-08-10 20:44 --------- d-------- COCUME~1userDANEAP~1Engelmann Media
2007-08-10 20:41 --------- d-------- COCUME~1userDANEAP~1Ahead
2007-08-10 20:12 685816 --a------ C:WINDOWSsystem32driverssptd.sys
2007-08-02 20:20 --------- d-------- COCUME~1userDANEAP~1Help
2007-07-13 09:21 --------- d-------- Crogram FilesMicroids
2007-07-12 20:37 --------- d-------- Crogram FilesCity Interactive
2007-07-12 20:36 --------- d-------- Crogram FilesLucasArts
2007-07-11 13:20 --------- d-------- Crogram FilesStarcraft
2007-05-20 18:05 87608 --a------ COCUME~1userDANEAP~1inst.exe
2007-05-20 18:05 47360 --a------ COCUME~1userDANEAP~1pcouffin.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 16:21 C:WINDOWSsystem32HdAShCut.exe]
"SoundMAXPnP"="Crogram FilesAnalog DevicesCoresmax4pnp.exe" [2005-05-20 11:11]
"SoundMAX"="Crogram FilesAnalog DevicesSoundMAXSmax4.exe" [2005-09-07 16:35]
"NvCplDaemon"="C:WINDOWSsystem32NvCpl.dll" [2006-06-01 11:22]
"nwiz"="nwiz.exe" [2006-06-01 11:22 C:WINDOWSsystem32nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 11:22 C:WINDOWSsystem32nvmctray.dll]
"NeroFilterCheck"="C:WINDOWSsystem32NeroCheck.exe" [2006-01-12 17:40]
"RemoteControl"="Crogram FilesCyberLinkPowerDVDPDVDServ.exe" [2004-11-02 21:24]
"avgnt"="Crogram FilesAntiVir PersonalEdition Classicavgnt.exe" [2007-09-07 22:11]
"SunJavaUpdateSched"="Crogram FilesJavajre1.5.0_03binjusched.exe" [2005-04-13 03:48]
"DAEMON Tools"="Crogram FilesDAEMON Toolsdaemon.exe" [2007-04-04 00:29]
"PWRISOVM.EXE"="Crogram FilesPowerISOPWRISOVM.EXE" [2007-04-09 14:23]
"WinampAgent"="Crogram FilesWinampwinampa.exe" [2007-05-15 00:22]
"NWEReboot"="" []

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"ctfmon.exe"="C:WINDOWSsystem32ctfmon.exe" [2004-08-04 00:44]
"SpybotSD TeaTimer"="Crogram FilesSpybot - Search & DestroyTeaTimer.exe" [2005-05-31 01:04]
"Gadu-Gadu"="Crogram FilesGadu-Gadugg.exe" [2007-05-10 16:36]
"MSMSGS"="Crogram FilesMessengermsmsgs.exe" [2004-08-04 01:55]
"swg"="Crogram FilesGoogleGoogleToolbarNotifier1.2.1128.5462GoogleToolbarNotifier.exe" []
"ares"="Crogram FilesAresAres.exe" []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]
path=Cocuments and SettingsAll UsersMenu StartProgramyAutostartAdobe Reader Speed Launch.lnk
backup=C:WINDOWSpssAdobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^user^Menu Start^Programy^Autostart^Registration Heroes of Might & Magic 5 - Hammers of Fate.LNK]
path=Cocuments and SettingsuserMenu StartProgramyAutostartRegistration Heroes of Might & Magic 5 - Hammers of Fate.LNK
backup=C:WINDOWSpssRegistration Heroes of Might & Magic 5 - Hammers of Fate.LNKStartup

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^user^Menu Start^Programy^Autostart^Registration Heroes of Might & Magic 5.LNK]
path=Cocuments and SettingsuserMenu StartProgramyAutostartRegistration Heroes of Might & Magic 5.LNK
backup=C:WINDOWSpssRegistration Heroes of Might & Magic 5.LNKStartup

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^user^Menu Start^Programy^Autostart^Registration SETTLERS - Dziedzictwo Królów.LNK]
path=Cocuments and SettingsuserMenu StartProgramyAutostartRegistration SETTLERS - Dziedzictwo Królów.LNK
backup=C:WINDOWSpssRegistration SETTLERS - Dziedzictwo Królów.LNKStartup

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^user^Menu Start^Programy^Autostart^Registration THE SETTLERS - Dziedzictwo królów - Legendy.LNK]
path=Cocuments and SettingsuserMenu StartProgramyAutostartRegistration THE SETTLERS - Dziedzictwo królów - Legendy.LNK
backup=C:WINDOWSpssRegistration THE SETTLERS - Dziedzictwo królów - Legendy.LNKStartup

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^user^Menu Start^Programy^Autostart^Registration THE SETTLERS - Dziedzictwo Królów - Misje Dodatkowe.LNK]
path=Cocuments and SettingsuserMenu StartProgramyAutostartRegistration THE SETTLERS - Dziedzictwo Królów - Misje Dodatkowe.LNK
backup=C:WINDOWSpssRegistration THE SETTLERS - Dziedzictwo Królów - Misje Dodatkowe.LNKStartup

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregares]
"Crogram FilesAresAres.exe" -h

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregMSMSGS]
"Crogram FilesMessengermsmsgs.exe" /background

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNWEReboot]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregswg]
Crogram FilesGoogleGoogleToolbarNotifier1.2.1128.5462GoogleToolbarNotifier.exe

R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);C:WINDOWSsystem32driverssfdrv01a.sys
R3 AEAudioService;AEAudio Service;C:WINDOWSsystem32driversAEAudio.sys
R3 SenFiltService;SenFilt Service;C:WINDOWSsystem32driversSenfilt.sys
S3 GVCplDrv;GVCplDrv;C:WINDOWSsystem32driversGVCplDrv.sys
S3 kbeepm;kbeepm;??COCUME~1userUSTAWI~1Tempkbeepm.sys
S3 uscbs108;uscbs108;C:WINDOWSsystem32DRIVERSuscbs108.sys

.
**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

**************************************************************************
.
Completion time: 2007-09-11 17:18:37
C:ComboFix-quarantined-files.txt ... 2007-09-11 17:18
C:ComboFix2.txt ... 2007-09-11 17:01
.
--- E O F ---

Serafin · 11.09.2007, 17:24

Już jest ok

Na wszelki wypadek użyj jeszcze

[Aby zobaczyć linki, zarejestruj się tutaj]

Jest jeszcze jedna zasada wklejania logów o której zapomniałem Ci powiedzieć. Mianowicie logi obejmujemy w tagi Quote lub Code

Markizz · 13.11.2011, 10:42

e spoko niewiedzialem Tongue

I tak wogole dzieki ;]

Zaloguj się
Login:
Hasło:	Nie pamiętam hasła
	Zapamiętaj mnie