Liczba postów: 2
Liczba wątków: 1
Dołączył: 02.08.2008
Reputacja:
0
Więc podaję tutaj screen oraz logi.
1. Po usunięciu tym programem , zmienia on nazwę (tylko tą co na czerwono zaznaczone.
[Aby zobaczyć linki, zarejestruj się tutaj]
2. Logi HiJackThis :
Cytat: Logfile of HijackThis v1.99.1
Scan saved at 09:14:51, on 2008-08-02
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C rogram FilesAlwil SoftwareAvast4aswUpdSv.exe
Crogram FilesAlwil SoftwareAvast4ashServ.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
CROGRA~1ALWILS~1Avast4ashDisp.exe
Crogram FilesJavajre1.6.0_05binjusched.exe
C:WINDOWSSOUNDMAN.EXE
Crogram FilesHPHP Software UpdateHPWuSchd2.exe
C:WINDOWSFixCamera.exe
Crogram FilesCorelCorel Paint Shop Pro Photo X2CorelIOMonitor.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32crypserv.exe
Crogram FilesCommon FilesLightScribeLSSrvc.exe
C:WINDOWSsystem32HPZipm12.exe
C:WINDOWSsystem32PSIService.exe
C:WINDOWSSystem32svchost.exe
Crogram FilesCanonCALCALMAIN.exe
Crogram FilesAlwil SoftwareAvast4ashMaiSv.exe
Crogram FilesAlwil SoftwareAvast4ashWebSv.exe
C:WINDOWSsystem32wscntfy.exe
C ocuments and SettingsBasia & KołekPulpitPOBIERALNIAhijackthisHijackThis.exe
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = [Aby zobaczyć linki, zarejestruj się tutaj]
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - Frogram FilesFlashgetjccatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - CROGRA~1SPYBOT~1SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - Crogram FilesJavajre1.6.0_05binssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - (no file)
O4 - HKLM..Run: [avast!]CROGRA~1ALWILS~1Avast4ashDisp.exe
O4 - HKLM..Run: [SunJavaUpdateSched]"Crogram FilesJavajre1.6.0_05binjusched.exe"
O4 - HKLM..Run: [SoundMan]SOUNDMAN.EXE
O4 - HKLM..Run: [NeroFilterCheck]C:WINDOWSsystem32NeroCheck.exe
O4 - HKLM..Run: [ATIPTA]Crogram FilesATI TechnologiesATI Control Panelatiptaxx.exe
O4 - HKLM..Run: [HP Software Update]Crogram FilesHPHP Software UpdateHPWuSchd2.exe
O4 - HKLM..Run: [FixCamera]C:WINDOWSFixCamera.exe
O4 - HKLM..Run: [Corel File Shell Monitor]Crogram FilesCorelCorel Paint Shop Pro Photo X2CorelIOMonitor.exe
O4 - HKLM..Run: [KernelFaultCheck]%systemroot%system32dumprep 0 -k
O4 - HKCU..Run: [NBJ]"Crogram FilesAheadNero BackItUpNBJ.exe"
O4 - Global Startup: HP Digital Imaging Monitor.lnk = Crogram FilesHPDigital Imagingbinhpqtra08.exe
O4 - Global Startup: HP Image Zone - szybkie uruchamianie.lnk = Crogram FilesHPDigital Imagingbinhpqthb08.exe
O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet''a - Frogram FilesFlashgetjc_link.htm
O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet''a - Frogram FilesFlashgetjc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Crogram FilesJavajre1.6.0_05binssv.dll
O9 - Extra ''Tools'' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Crogram FilesJavajre1.6.0_05binssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - Frogram FilesFlashGet.exe (file missing)
O9 - Extra ''Tools'' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - Frogram FilesFlashGet.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe (file missing)
O9 - Extra ''Tools'' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Crogram FilesMessengermsmsgs.exe
O9 - Extra ''Tools'' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Crogram FilesMessengermsmsgs.exe
O17 - HKLMSystemCCSServicesTcpip..{F50C124F-9084-480A-B10D-4BC7F65D02F8}: NameServer = 194.204.159.1,194.204.152.34
O20 - Winlogon Notify: dimsntfy - %SystemRoot%System32dimsntfy.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - Crogram FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - Crogram FilesAlwil SoftwareAvast4aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:WINDOWSsystem32Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:WINDOWSsystem32ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - Crogram FilesAlwil SoftwareAvast4ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - Crogram FilesAlwil SoftwareAvast4ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - Crogram FilesAlwil SoftwareAvast4ashWebSv.exe" /service (file missing)
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - Crogram FilesCanonCALCALMAIN.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:WINDOWSSYSTEM32crypserv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - Crogram FilesCommon FilesLightScribeLSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:WINDOWSsystem32HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:WINDOWSsystem32PSIService.exe
3. logi SilentRunners :
Cytat: "Silent Runners.vbs", revision 58, [Aby zobaczyć linki, zarejestruj się tutaj]
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCUSoftwareMicrosoftWindowsCurrentVersionRun {++}
"NBJ" = ""Crogram FilesAheadNero BackItUpNBJ.exe"" ["Ahead Software AG"]
HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun {++}
"avast!" = "CROGRA~1ALWILS~1Avast4ashDisp.exe" ["ALWIL Software"]
"SunJavaUpdateSched" = ""Crogram FilesJavajre1.6.0_05binjusched.exe"" ["Sun Microsystems, Inc."]
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"NeroFilterCheck" = "C:WINDOWSsystem32NeroCheck.exe" ["Ahead Software Gmbh"]
"ATIPTA" = "Crogram FilesATI TechnologiesATI Control Panelatiptaxx.exe" ["ATI Technologies, Inc."]
"HP Software Update" = "Crogram FilesHPHP Software UpdateHPWuSchd2.exe" ["Hewlett-Packard Co."]
"FixCamera" = "C:WINDOWSFixCamera.exe" [empty string]
"Corel File Shell Monitor" = "Crogram FilesCorelCorel Paint Shop Pro Photo X2CorelIOMonitor.exe" ["Corel, Inc."]
"KernelFaultCheck" = "C:WINDOWSsystem32dumprep 0 -k"
HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}(Default) = "flashget urlcatch"
-> {HKLM...CLSID} = "FGCatchUrl"
InProcServer32(Default) = "Frogram FilesFlashgetjccatch.dll" ["www.flashget.com"]
{53707962-6F74-2D53-2644-206D7942484F}(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
InProcServer32(Default) = "CROGRA~1SPYBOT~1SDHelper.dll" ["Safer Networking Limited"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
InProcServer32(Default) = "Crogram FilesJavajre1.6.0_05binssv.dll" ["Sun Microsystems, Inc."]
HKLMSOFTWAREMicrosoftWindowsCurrentVersionShell ExtensionsApproved
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
InProcServer32(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
InProcServer32(Default) = "C:WINDOWSSystem32hticons.dll" ["Hilgraeve, Inc."]
"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
-> {HKLM...CLSID} = "avast"
InProcServer32(Default) = "Crogram FilesAlwil SoftwareAvast4ashShell.dll" ["ALWIL Software"]
"{23170F69-40C1-278A-1000-000100020000}" = "7-Zip Shell Extension"
-> {HKLM...CLSID} = "7-Zip Shell Extension"
InProcServer32(Default) = "Crogram Files7-Zip7-zip.dll" ["Igor Pavlov"]
"{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5}" = "dBpoweramp Music Converter"
-> {HKLM...CLSID} = "dMCIShell Class"
InProcServer32(Default) = "Crogram FilesIllustratedBpowerampdMCShell.dll" ["Illustrate"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
InProcServer32(Default) = "Frogram FilesWinRARrarext.dll" [null data]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
InProcServer32(Default) = "CROGRA~1MICROS~2OFFICE11msohev.dll" [MS]
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotify
<<!>> dimsntfyDLLName = "C:WINDOWSSystem32dimsntfy.dll" [MS]
HKLMSOFTWAREClassesFoldershellexColumnHandlers
{FED7043D-346A-414D-ACD7-550D052499A7}(Default) = "dBpoweramp Column Handler"
-> {HKLM...CLSID} = "dBpShell Class"
InProcServer32(Default) = "Crogram FilesIllustratedBpowerampdBShell.dll" ["Illustrate"]
HKLMSOFTWAREClasses*shellexContextMenuHandlers
7-ZIP(Default) = "{23170F69-40C1-278A-1000-000100020000}"
-> {HKLM...CLSID} = "7-Zip Shell Extension"
InProcServer32(Default) = "Crogram Files7-Zip7-zip.dll" ["Igor Pavlov"]
avast(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
InProcServer32(Default) = "Crogram FilesAlwil SoftwareAvast4ashShell.dll" ["ALWIL Software"]
WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
InProcServer32(Default) = "Frogram FilesWinRARrarext.dll" [null data]
HKLMSOFTWAREClassesDirectoryshellexContextMenuHandlers
7-ZIP(Default) = "{23170F69-40C1-278A-1000-000100020000}"
-> {HKLM...CLSID} = "7-Zip Shell Extension"
InProcServer32(Default) = "Crogram Files7-Zip7-zip.dll" ["Igor Pavlov"]
WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
InProcServer32(Default) = "Frogram FilesWinRARrarext.dll" [null data]
HKLMSOFTWAREClassesFoldershellexContextMenuHandlers
avast(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
InProcServer32(Default) = "Crogram FilesAlwil SoftwareAvast4ashShell.dll" ["ALWIL Software"]
WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
InProcServer32(Default) = "Frogram FilesWinRARrarext.dll" [null data]
Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------
Note: detected settings may not have any effect.
HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem
"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}
"undockwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCUSoftwareMicrosoftInternet ExplorerDesktopGeneral
"Wallpaper" = "C:WINDOWSsystem32configsystemprofileUstawienia lokalneDane aplikacjiMicrosoftWallpaper1.bmp"
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCUControl PanelDesktop
"Wallpaper" = "Cocuments and SettingsBasia & KołekUstawienia lokalneDane aplikacjiMicrosoftWallpaper1.bmp"
Windows Portable Device AutoPlay Handlers
-----------------------------------------
HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerAutoplayHandlersHandlers
CanonCW50PicturesOnArrival
"Provider" = "Canon CameraWindow"
"InvokeProgID" = "Cw50.AutoplayHandler"
"InvokeVerb" = "open"
HKLMSOFTWAREClassesCw50.AutoplayHandlershellopencommand(Default) = "Frogram FilesCANONCameraWindowCameraWindowMCCameraLauncherMC.exe" [null data]
CanonZB4PicturesOnArrival
"Provider" = "ZoomBrowser EX"
"InvokeProgID" = "Zb.AutoplayHandler"
"InvokeVerb" = "open"
HKLMSOFTWAREClassesZb.AutoplayHandlershellopencommand(Default) = "Frogram FilesCANONZoomBrowser EXProgramZoomBrowser.exe /AUTOPLAY ""%1"""" [empty string]
Corel Paint Shop Pro Photo X2ShowPicturesOnArrivalHandler
"Provider" = "Corel Paint Shop Pro Photo X2"
"InvokeProgID" = "PaintShopProPhotoX2.Image"
"InvokeVerb" = "Przejrzyj"
HKLMSOFTWAREClassesPaintShopProPhotoX2.ImageshellPrzejrzyjcommand(Default) = ""Crogram FilesCorelCorel Paint Shop Pro Photo X2Corel Paint Shop Pro Photo.exe" /Review "%1"" ["Corel, Inc."]
dMCAudioCDInput
"Provider" = "dBpoweramp CD Ripper"
"InvokeProgID" = "dMC.AudioCD.Autorun"
"InvokeVerb" = "open"
HKLMSOFTWAREClassesdMC.AudioCD.Autorunshellopencommand(Default) = ""Crogram FilesIllustratedBpowerampCDGrab.exe" %1" ["Illustrate"]
DVDFabDecrypterOnDVDArrival
"Provider" = "DVDFab Decrypter"
"InvokeProgID" = "DVDFabDecrypterOpen"
"InvokeVerb" = "Open"
HKLMSOFTWAREClassesDVDFabDecrypterOpenshellOpencommand(Default) = "CROGRA~1DVDFAB~1DVDFAB~1.EXE" ["Fengtao Software Inc."]
HPUnloadAutoplay
"Provider" = "Przesyłanie HP i Szybki wydruk"
"InvokeProgID" = "HpqUnApl.Autoplay"
"InvokeVerb" = "Play"
HKLMSOFTWAREClassesHpqUnApl.AutoplayshellPlayDropTargetCLSID = "{E1A1C814-FD09-4c9d-BB4A-0394B836A1F0}"
-> {HKLM...CLSID} = (no title provided)
LocalServer32(Default) = "Crogram FilesHPDigital ImagingUnloadHpqUnApl.exe" ["Hewlett-Packard"]
ImgBurnBluRayBurningOnArrival_BuildImage
"Provider" = "ImgBurn"
"InvokeProgID" = "ImgBurn.AutoPlay.1"
"InvokeVerb" = "HandleBluRayBurningOnArrival_BuildImage"
HKLMSOFTWAREClassesImgBurn.AutoPlay.1shellHandleBluRayBurningOnArrival_BuildImageCommand(Default) = ""Crogram FilesImgBurnImgBurn.exe" /MODE BUILD /BUILDMODE DEVICE /DEST "%1"" ["LIGHTNING UK!"]
ImgBurnBluRayBurningOnArrival_BurnImage
"Provider" = "ImgBurn"
"InvokeProgID" = "ImgBurn.AutoPlay.1"
"InvokeVerb" = "HandleBluRayBurningOnArrival_BurnImage"
HKLMSOFTWAREClassesImgBurn.AutoPlay.1shellHandleBluRayBurningOnArrival_BurnImageCommand(Default) = ""Crogram FilesImgBurnImgBurn.exe" /MODE WRITE /DEST "%1"" ["LIGHTNING UK!"]
ImgBurnCDBurningOnArrival_BuildImage
"Provider" = "ImgBurn"
"InvokeProgID" = "ImgBurn.AutoPlay.1"
"InvokeVerb" = "HandleCDBurningOnArrival_BuildImage"
HKLMSOFTWAREClassesImgBurn.AutoPlay.1shellHandleCDBurningOnArrival_BuildImageCommand(Default) = ""Crogram FilesImgBurnImgBurn.exe" /MODE BUILD /BUILDMODE DEVICE /DEST "%1"" ["LIGHTNING UK!"]
ImgBurnCDBurningOnArrival_BurnImage
"Provider" = "ImgBurn"
"InvokeProgID" = "ImgBurn.AutoPlay.1"
"InvokeVerb" = "HandleCDBurningOnArrival_BurnImage"
HKLMSOFTWAREClassesImgBurn.AutoPlay.1shellHandleCDBurningOnArrival_BurnImageCommand(Default) = ""Crogram FilesImgBurnImgBurn.exe" /MODE WRITE /DEST "%1"" ["LIGHTNING UK!"]
ImgBurnDVDBurningOnArrival_BuildImage
"Provider" = "ImgBurn"
"InvokeProgID" = "ImgBurn.AutoPlay.1"
"InvokeVerb" = "HandleDVDBurningOnArrival_BuildImage"
HKLMSOFTWAREClassesImgBurn.AutoPlay.1shellHandleDVDBurningOnArrival_BuildImageCommand(Default) = ""Crogram FilesImgBurnImgBurn.exe" /MODE BUILD /BUILDMODE DEVICE /DEST "%1"" ["LIGHTNING UK!"]
ImgBurnDVDBurningOnArrival_BurnImage
"Provider" = "ImgBurn"
"InvokeProgID" = "ImgBurn.AutoPlay.1"
"InvokeVerb" = "HandleDVDBurningOnArrival_BurnImage"
HKLMSOFTWAREClassesImgBurn.AutoPlay.1shellHandleDVDBurningOnArrival_BurnImageCommand(Default) = ""Crogram FilesImgBurnImgBurn.exe" /MODE WRITE /DEST "%1"" ["LIGHTNING UK!"]
ImgBurnHDDVDBurningOnArrival_BuildImage
"Provider" = "ImgBurn"
"InvokeProgID" = "ImgBurn.AutoPlay.1"
"InvokeVerb" = "HandleHDDVDBurningOnArrival_BuildImage"
HKLMSOFTWAREClassesImgBurn.AutoPlay.1shellHandleHDDVDBurningOnArrival_BuildImageCommand(Default) = ""Crogram FilesImgBurnImgBurn.exe" /MODE BUILD /BUILDMODE DEVICE /DEST "%1"" ["LIGHTNING UK!"]
ImgBurnHDDVDBurningOnArrival_BurnImage
"Provider" = "ImgBurn"
"InvokeProgID" = "ImgBurn.AutoPlay.1"
"InvokeVerb" = "HandleHDDVDBurningOnArrival_BurnImage"
HKLMSOFTWAREClassesImgBurn.AutoPlay.1shellHandleHDDVDBurningOnArrival_BurnImageCommand(Default) = ""Crogram FilesImgBurnImgBurn.exe" /MODE WRITE /DEST "%1"" ["LIGHTNING UK!"]
ImgBurnPlayBluRayOnArrival_ReadDisc
"Provider" = "ImgBurn"
"InvokeProgID" = "ImgBurn.AutoPlay.1"
"InvokeVerb" = "PlayBluRayOnArrival_ReadDisc"
HKLMSOFTWAREClassesImgBurn.AutoPlay.1shellPlayBluRayOnArrival_ReadDiscCommand(Default) = ""Crogram FilesImgBurnImgBurn.exe" /MODE READ /SRC "%1"" ["LIGHTNING UK!"]
ImgBurnPlayCDAudioOnArrival_ReadDisc
"Provider" = "ImgBurn"
"InvokeProgID" = "ImgBurn.AutoPlay.1"
"InvokeVerb" = "PlayCDAudioOnArrival_ReadDisc"
HKLMSOFTWAREClassesImgBurn.AutoPlay.1shellPlayCDAudioOnArrival_ReadDiscCommand(Default) = ""Crogram FilesImgBurnImgBurn.exe" /MODE READ /SRC "%1"" ["LIGHTNING UK!"]
ImgBurnPlayDVDMovieOnArrival_ReadDisc
"Provider" = "ImgBurn"
"InvokeProgID" = "ImgBurn.AutoPlay.1"
"InvokeVerb" = "PlayDVDMovieOnArrival_ReadDisc"
HKLMSOFTWAREClassesImgBurn.AutoPlay.1shellPlayDVDMovieOnArrival_ReadDiscCommand(Default) = ""Crogram FilesImgBurnImgBurn.exe" /MODE READ /SRC "%1"" ["LIGHTNING UK!"]
ImgBurnPlayHDDVDOnArrival_ReadDisc
"Provider" = "ImgBurn"
"InvokeProgID" = "ImgBurn.AutoPlay.1"
"InvokeVerb" = "PlayHDDVDOnArrival_ReadDisc"
HKLMSOFTWAREClassesImgBurn.AutoPlay.1shellPlayHDDVDOnArrival_ReadDiscCommand(Default) = ""Crogram FilesImgBurnImgBurn.exe" /MODE READ /SRC "%1"" ["LIGHTNING UK!"]
LightScribeOnArrivalAP
"Provider" = "LightScribe Direct Disc Labeling"
"InvokeProgID" = "LightScribe.AutoPlayHandler"
"InvokeVerb" = "LabelLightScribeDisc"
HKLMSOFTWAREClassesLightScribe.AutoPlayHandlershellLabelLightScribeDisccommand(Default) = "Crogram FilesCommon FilesLightScribeLsLauncher.exe" ["Hewlett-Packard Company"]
NeroAutoPlay2CDAudio
"Provider" = "Nero Express"
"InvokeProgID" = "Nero.AutoPlay2"
"InvokeVerb" = "HandleCDBurningOnArrival_CDAudio"
HKLMSOFTWAREClassesNero.AutoPlay2shellHandleCDBurningOnArrival_CDAudiocommand(Default) = "Crogram FilesAheadneronero.exe /w /New:AudioCD /Drive:%L" ["Ahead Software AG"]
NeroAutoPlay2CopyCD
"Provider" = "Nero Express"
"InvokeProgID" = "Nero.AutoPlay2"
"InvokeVerb" = "PlayCDAudioOnArrival_CopyCD"
HKLMSOFTWAREClassesNero.AutoPlay2shellPlayCDAudioOnArrival_CopyCDcommand(Default) = "Crogram FilesAheadneronero.exe /w /DialogiscCopy /Drive:%L" ["Ahead Software AG"]
NeroAutoPlay2DataDisc
"Provider" = "Nero Express"
"InvokeProgID" = "Nero.AutoPlay2"
"InvokeVerb" = "HandleCDBurningOnArrival_DataDisc"
HKLMSOFTWAREClassesNero.AutoPlay2shellHandleCDBurningOnArrival_DataDisccommand(Default) = "Crogram FilesAheadneronero.exe /w /New:ISODisc /Drive:%L" ["Ahead Software AG"]
NeroAutoPlay2LaunchNeroStartSmart
"Provider" = "Nero StartSmart"
"InvokeProgID" = "Nero.AutoPlay2"
"InvokeVerb" = "HandleCDBurningOnArrival_LaunchNeroStartSmart"
HKLMSOFTWAREClassesNero.AutoPlay2shellHandleCDBurningOnArrival_LaunchNeroStartSmartcommand(Default) = "Crogram FilesAheadNero StartSmartNeroStartSmart.exe /AutoPlay /Drive:%L" ["Ahead Software AG"]
Startup items in "Basia & Kołek" & "All Users" startup folders:
---------------------------------------------------------------
Cocuments and SettingsAll UsersMenu StartProgramyAutostart
"HP Digital Imaging Monitor" -> shortcut to: "Crogram FilesHPDigital Imagingbinhpqtra08.exe" ["Hewlett-Packard Co."]
"HP Image Zone - szybkie uruchamianie" -> shortcut to: "Crogram FilesHPDigital Imagingbinhpqthb08.exe -s" [null data]
Enabled Scheduled Tasks:
------------------------
"HPpromotions journeysoftware" -> launches: "Crogram Fileshpdigital imagingbinhp promotionsjourneysoftwareHPpromo.exe /N "journeysoftware" -r" ["hp"]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLMSYSTEMCurrentControlSetServicesWinsock2ParametersNameSpace_Catalog5Catalog_Entries {++}
000000000001LibraryPath = "%SystemRoot%System32mswsock.dll" [MS]
000000000002LibraryPath = "%SystemRoot%System32winrnr.dll" [MS]
000000000003LibraryPath = "%SystemRoot%System32mswsock.dll" [MS]
Transport Service Providers
HKLMSYSTEMCurrentControlSetServicesWinsock2ParametersProtocol_Catalog9Catalog_Entries {++}
0000000000##PackedCatalogItem (contains) DLL [Company Name] , (at) ## range:
%SystemRoot%system32mswsock.dll [MS] , 01 - 03, 06 - 13
%SystemRoot%system32rsvpsp.dll [MS] , 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Extensions (Tools menu items, main toolbar menu buttons)
HKLMSOFTWAREMicrosoftInternet ExplorerExtensions
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in 1.6.0_05"
InProcServer32(Default) = "Crogram FilesJavajre1.6.0_05binssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.6.0_05"
InProcServer32(Default) = "Crogram FilesJavajre1.6.0_05binnpjpi160_05.dll" ["Sun Microsystems, Inc."]
{D6E814A0-E0C5-11D4-8D29-0050BA6940E3}
"ButtonText" = "FlashGet"
"MenuText" = "FlashGet"
"Exec" = "Frogram FilesFlashGet.exe" [file not found]
{E2E2DD38-D088-4134-82B7-F2BA38496583}
"MenuText" = "@xpsp3res.dll,-20001"
"Exec" = "%windir%Network Diagnosticxpnetdiag.exe" [MS]
{FB5F1910-F110-11D2-BB9E-00C04F795683}
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "Crogram FilesMessengermsmsgs.exe" [MS]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
Ati HotKey Poller, Ati HotKey Poller, "C:WINDOWSsystem32Ati2evxx.exe" ["ATI Technologies Inc."]
avast! Antivirus, avast! Antivirus, ""Crogram FilesAlwil SoftwareAvast4ashServ.exe"" ["ALWIL Software"]
avast! iAVS4 Control Service, aswUpdSv, ""Crogram FilesAlwil SoftwareAvast4aswUpdSv.exe"" ["ALWIL Software"]
avast! Mail Scanner, avast! Mail Scanner, ""Crogram FilesAlwil SoftwareAvast4ashMaiSv.exe" /service" ["ALWIL Software"]
avast! Web Scanner, avast! Web Scanner, ""Crogram FilesAlwil SoftwareAvast4ashWebSv.exe" /service" ["ALWIL Software"]
Canon Camera Access Library 8, CCALib8, "Crogram FilesCanonCALCALMAIN.exe" ["Canon Inc."]
Crypkey License, Crypkey License, "crypserv.exe" ["CrypKey (Canada) Ltd."]
LightScribeService Direct Disc Labeling Service, LightScribeService, ""Crogram FilesCommon FilesLightScribeLSSrvc.exe"" ["Hewlett-Packard Company"]
Pml Driver HPZ12, Pml Driver HPZ12, "C:WINDOWSsystem32HPZipm12.exe" ["HP"]
ProtexisLicensing, ProtexisLicensing, "C:WINDOWSsystem32PSIService.exe" [null data]
Windows User Mode Driver Framework, UMWdf, "C:WINDOWSsystem32wdfmgr.exe" [MS]
Print Monitors:
---------------
HKLMSYSTEMCurrentControlSetControlPrintMonitors
PCL Language MonitorDriver = "hpz3l3xu.dll" ["Hewlett-Packard Company"]
---------- (launch time: 2008-08-02 09:18:31)
<<!>>: Suspicious data at a malware launch point.
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 15 seconds.
---------- (total run time: 49 seconds)
4.WinDBG wykrył, że coś nie tak z :
ati2dvag+2076d
5.Objawy :
Otóż za każdym razem gdy mam uruchomiony komputer, i włączę sobie przeglądarkę (FIREFOX 3) to co pewien czas z bliżej nieznanych powodów , podczas przeglądania obojętnie jakiej strony internetowej w pewnym momencie zawiesza się i strona i cały system (i tutaj jedynie restart i odpalam kompa na nowo). Mam tak z kilkanaście razy w ciągu dnia, a czasem to zawiesi się raz na kilka dni - tutaj nie ma reguły, w którym momencie się zawiesi i kiedy.
========
Proszę uprzejmie o pomoc w rozwiązaniu problemu.
Liczba postów: 850
Liczba wątków: 12
Dołączył: 15.07.2006
Reputacja:
0
Cytat: O4 - HKLM..Run: [KernelFaultCheck]%systemroot%system32dumprep 0 -k
O20 - Winlogon Notify: dimsntfy - %SystemRoot%System32dimsntfy.dll (file missing)
Możesz skasować w hijacku. Po za tym nic nie widać.
Możesz dać loga z [Aby zobaczyć linki, zarejestruj się tutaj]
"Nie jestem konsumentem mieszczącym się w standardzie
Nie jestem gatunkiem skazanym na wymarcie
Nie jestem obiektem medialnego hałasu
Jestem nielegalnym zabójcą czasu"
Liczba postów: 2
Liczba wątków: 1
Dołączył: 02.08.2008
Reputacja:
0
Skasowano wedle zaleceń, a poniżej prezentuję loga z ComboFix :
Cytat:
ComboFix 08-08-01.04 - Basia & Kołek 2008-08-02 22:25:51.2 - NTFSx86 NETWORK
Microsoft Windows XP Professional5.1.2600.3.1250.1.1045.18.607 [GMT 2:00]
Running from: Cocuments and SettingsBasia & KołekPulpitPOBIERALNIAComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-07-02 to 2008-08-02)))))))))))))))))))))))))))))))
.
2008-08-02 08:18 . 2008-08-02 08:18 <DIR> d-------- C:GG PassBrute 3.1
2008-08-01 23:28 . 2008-08-01 23:28 <DIR> d--hs---- C:WINDOWSftpcache
2008-08-01 22:43 . 2005-04-13 18:54 331,184 --------- C:WINDOWSsystem32difxapi.dll
2008-08-01 22:42 . 2007-09-21 17:49 9,216 --a------ C:WINDOWSsystem32driversvideX32.sys
2008-08-01 12:02 . 2008-08-01 12:02 <DIR> d-------- Crogram FilesThe FilmMachine
2008-07-31 12:20 . 2008-07-31 12:20 <DIR> d-------- Cocuments and SettingsBasia & KołekDane aplikacjiImgBurn
2008-07-31 12:18 . 2008-07-31 12:19 <DIR> d-------- Crogram FilesImgBurn
2008-07-30 16:31 . 2008-07-30 16:31 43,907 --a------ C:WINDOWSsystem32FlashMenu.sys
2008-07-30 09:36 . 2008-07-30 09:36 <DIR> d-------- C:ATI
2008-07-30 08:15 . 2008-07-30 09:14 <DIR> d-------- Crogram FilesDebugging Tools for Windows (x86)
2008-07-29 16:11 . 2002-09-17 12:55 3,548 --a------ C:WINDOWSsystem32driversWinFlash.sys
2008-07-27 12:04 . 2008-07-27 12:04 <DIR> d-------- Crogram FilesCAPCOM
2008-07-19 07:41 . 2008-04-11 15:58 81,116 --------- C:WINDOWShpfins05.dat.temp
2008-07-19 07:41 . 2005-05-27 16:18 1,547 --------- C:WINDOWShpfmdl05.dat.temp
2008-07-07 18:16 . 2008-04-14 22:50 13 --a------ C:WINDOWSsystem32OIJ.JKH
2008-07-04 04:48 . 2008-07-04 04:48 3,107,788 --a------ C:WINDOWSsystem32ativvaxx.dat
2008-07-04 04:48 . 2008-07-04 04:48 3,107,788 --a------ C:WINDOWSsystem32ativva5x.dat
2008-07-04 04:48 . 2008-07-04 04:48 887,724 --a------ C:WINDOWSsystem32ativva6x.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-01 20:46 --------- d--h--w Crogram FilesInstallShield Installation Information
2008-08-01 13:13 --------- d-----w Cocuments and SettingsBasia & KołekDane aplikacjifoobar2000
2008-07-31 08:33 --------- d-----w Crogram FilesPeerGuardian2
2008-07-30 18:49 --------- d-----w Crogram FilesHD Tune
2008-07-19 17:57 2,828 --sha-w C:WINDOWSsystem32KGyGaAvL.sys
2008-07-10 15:47 --------- d-----w Cocuments and SettingsAll UsersDane aplikacjiDVD Shrink
2008-07-08 18:38 --------- d-----w Crogram FilesSUPERAntiSpyware
2008-07-08 18:38 --------- d-----w Cocuments and SettingsBasia & KołekDane aplikacjiSUPERAntiSpyware.com
2008-07-08 18:37 --------- d-----w Crogram FilesSMPlayer
2008-06-29 13:58 --------- d-----w Crogram FilesReal Alternative
2008-06-29 13:57 --------- d-----w Crogram FilesCommon FilesReal
2008-06-22 15:58 --------- d-----w Crogram FilesImage-Line
2008-06-22 15:58 --------- d-----w Crogram FilesASIO4ALL v2
2008-06-18 16:40 --------- d-----w Cocuments and SettingsAll UsersDane aplikacjiWorkshopData
2008-06-18 16:33 --------- d--h--w Crogram FilesZero G Registry
2008-06-15 08:19 --------- d-----w Cocuments and SettingsAll UsersDane aplikacjiPhenomedia
2008-06-14 06:28 --------- d-----w Crogram FilesAC3Filter
2008-06-12 18:36 7,680 ----a-w C:WINDOWSsystem32ff_vfw.dll
2008-06-10 19:37 --------- d-----w Cocuments and SettingsBasia & KołekDane aplikacjiNCH Swift Sound
2008-06-10 19:02 --------- d-----w Cocuments and SettingsAll UsersDane aplikacjiNCH Swift Sound
2008-06-09 13:29 --------- d-----w Cocuments and SettingsBasia & KołekDane aplikacjiPetroglyph
2008-06-09 13:28 --------- d-----w Cocuments and SettingsBasia & KołekDane aplikacjiLucasArts
2008-06-09 04:46 --------- d-----w Crogram FilesVstPlugins
2008-06-07 19:09 --------- d-----w Cocuments and SettingsBasia & KołekDane aplikacjiU3
2008-06-03 20:19 --------- d-----w Crogram FilesBurrrn
2008-05-04 10:28 60,273 ----a-w C:WINDOWSsystem32pthreadGC2.dll
2008-04-05 15:54 88 --sh--r C:WINDOWSsystem32F224B3CAC4.sys
.
------- Sigcheck -------
2004-08-04 01:4414336ba98327e90022dbd6ee76490e0622e2e C:WINDOWS$NtServicePackUninstall$svchost.exe
2008-04-14 22:51143368607d35d92528e2df386f19a960d23ce C:WINDOWSServicePackFilesi386svchost.exe
2008-04-14 22:51143368607d35d92528e2df386f19a960d23ce C:WINDOWSsystem32svchost.exe
2005-03-02 20:215785606a93565be9b8422eb7538c66ac732d76 C:WINDOWS$hf_mig$KB890859SP2QFEuser32.dll
2007-03-08 17:5157958411abdecc02efc1d2b6a6a0fa46c26594 C:WINDOWS$hf_mig$KB925902SP2QFEuser32.dll
2007-03-08 17:38579072a37a4637f84f8dd771274eaf8d17fa65 C:WINDOWS$NtServicePackUninstall$user32.dll
2004-08-04 01:445785600c81764f50f32d376e6e4b9e9f4b01a0 C:WINDOWS$NtUninstallKB890859$user32.dll
2005-03-02 20:18578560b7eeb1a1af740306049241ddf61f21ff C:WINDOWS$NtUninstallKB925902$user32.dll
2008-04-14 22:50580096a435c5c069afd901751ac323ad238793 C:WINDOWSServicePackFilesi386user32.dll
2008-04-14 22:50580096a435c5c069afd901751ac323ad238793 C:WINDOWSsystem32user32.dll
2004-08-04 01:4482944ab82237486b727dd7dab36a76f38a3a2 C:WINDOWS$NtServicePackUninstall$ws2_32.dll
2008-04-14 22:5182432c0aa2ab856680c44739b41e01f5bd4e9 C:WINDOWSServicePackFilesi386ws2_32.dll
2008-04-14 22:5182432c0aa2ab856680c44739b41e01f5bd4e9 C:WINDOWSsystem32ws2_32.dll
2007-04-18 14:4666816096e30dc9bf788de16a305e52fcac47ef C:WINDOWS$NtServicePackUninstall$wininet.dll
2004-08-04 01:44658944d37dafb534ac8343d59a1b501abe852c C:WINDOWS$NtUninstallKB928090$wininet.dll
2007-01-04 16:05667648b9cd00815effa790279a1d2f0d07323f C:WINDOWS$NtUninstallKB933566$wininet.dll
2008-04-14 22:506686720457f0afd6ee10445d8cf721fb5fa4eb C:WINDOWSServicePackFilesi386wininet.dll
2008-04-14 22:506686720457f0afd6ee10445d8cf721fb5fa4eb C:WINDOWSsystem32wininet.dll
2006-04-20 14:18360576b2220c618b42a2212a59d91ebd6fc4b4 C:WINDOWS$NtServicePackUninstall$tcpip.sys
2004-08-04 00:143590409f4b36614a0fc234525ba224957de55c C:WINDOWS$NtUninstallKB884020$tcpip.sys
2004-08-14 00:503590404092c56967175f009dc8458dc434358e C:WINDOWS$NtUninstallKB889527$tcpip.sys
2005-05-25 21:0735993663fdfea54eb53de2d863ee454937ce1e C:WINDOWS$NtUninstallKB917953$tcpip.sys
2008-04-14 00:5036134493ea8d04ec73a85db02eb8805988f733 C:WINDOWSServicePackFilesi386tcpip.sys
2008-04-14 00:5036134493ea8d04ec73a85db02eb8805988f733 C:WINDOWSsystem32driverstcpip.sys
2004-08-04 01:445048320344407089b08548d4feba62bb0f32d0 C:WINDOWS$NtServicePackUninstall$winlogon.exe
2008-04-14 22:5151046451fd2e13d723857b9ca239ae77150f48 C:WINDOWSServicePackFilesi386winlogon.exe
2008-04-14 22:5151046451fd2e13d723857b9ca239ae77150f48 C:WINDOWSsystem32winlogon.exe
2004-08-04 00:14182912558635d3af1c7546d26067d5d9b6959e C:WINDOWS$NtServicePackUninstall$ndis.sys
2008-04-14 00:501826561df7f42665c94b825322fae71721130d C:WINDOWSServicePackFilesi386ndis.sys
2008-04-14 00:501826561df7f42665c94b825322fae71721130d C:WINDOWSsystem32dllcachendis.sys
2008-04-14 00:501826561df7f42665c94b825322fae71721130d C:WINDOWSsystem32driversndis.sys
2004-08-04 00:00290564448006b6bc60e6c027932cfc38d6855 C:WINDOWS$NtServicePackUninstall$ip6fw.sys
2008-04-14 00:23366083bb22519a194418d5fec05d800a19ad0 C:WINDOWSServicePackFilesi386ip6fw.sys
2008-04-14 00:23366083bb22519a194418d5fec05d800a19ad0 C:WINDOWSsystem32driversip6fw.sys
2005-03-02 11:14205824035d11fdc381536ab95e3005489131f44 C:WINDOWS$hf_mig$KB890859SP2QFEntkrnlpa.exe
2006-10-30 07:032060544f1b0ab04f3893688735e77dd8c79d8f4 C:WINDOWS$hf_mig$KB896256SP2QFEntkrnlpa.exe
2006-12-19 20:4720606724a447a38f3d164bb634d20d0a2c6833b C:WINDOWS$hf_mig$KB929338SP2QFEntkrnlpa.exe
2007-02-28 09:0920606722f4a36b1b03d64fb176cb0f3eb597118 C:WINDOWS$hf_mig$KB931784SP2QFEntkrnlpa.exe
2007-02-28 18:0420588802bdc1a6cefe320e9c39fabf1961ebb9d C:WINDOWS$NtServicePackUninstall$ntkrnlpa.exe
2004-08-04 01:38205811244d1bc1b05e0c7c82e81687b79c653c7 C:WINDOWS$NtUninstallKB890859$ntkrnlpa.exe
2005-03-02 20:0820581120f6990820c6ce0a7a911fae5937ef1f6 C:WINDOWS$NtUninstallKB896256$ntkrnlpa.exe
2006-10-30 15:422058880380a8eb6a3e68fc070254849bdf1aa00 C:WINDOWS$NtUninstallKB929338$ntkrnlpa.exe
2006-12-19 11:2420588803d50d5db6343c789a75523714c8ab8c2 C:WINDOWS$NtUninstallKB931784$ntkrnlpa.exe
2008-04-14 21:5920672004bba965664faa56b187c27f4cad7e7c5 C:WINDOWSServicePackFilesi386ntkrnlpa.exe
2008-04-14 21:5920672004bba965664faa56b187c27f4cad7e7c5 C:WINDOWSsystem32ntkrnlpa.exe
2005-03-02 20:142180864dba3e4215279c8012b37d2135b531258 C:WINDOWS$hf_mig$KB890859SP2QFEntoskrnl.exe
2006-10-30 16:032183296da47e147bc4628588e82fd7509fe2033 C:WINDOWS$hf_mig$KB896256SP2QFEntoskrnl.exe
2006-12-19 20:472183296745c1a081aa663ea324e87432c244f70 C:WINDOWS$hf_mig$KB929338SP2QFEntoskrnl.exe
2007-02-28 18:092183424c450518ef9acc02a2d799698021e31a8 C:WINDOWS$hf_mig$KB931784SP2QFEntoskrnl.exe
2007-02-28 18:042181632c378be3a1edc5e4421d428655ac4a48c C:WINDOWS$NtServicePackUninstall$ntoskrnl.exe
2004-08-04 01:392182272dcf53422b7edded3b7431fbae4a7ee3f C:WINDOWS$NtUninstallKB890859$ntoskrnl.exe
2005-03-02 20:0921806083f3612846d67352468d2286fc23fb0c2 C:WINDOWS$NtUninstallKB896256$ntoskrnl.exe
2006-10-30 15:4221815046354e0579c3797354074cfdceab72d8e C:WINDOWS$NtUninstallKB929338$ntoskrnl.exe
2006-12-19 20:2421816320de4e7f68803b29526ed89f6c0dd013c C:WINDOWS$NtUninstallKB931784$ntoskrnl.exe
2008-04-14 22:0021903368ca14ecf04594eabbe93c9ff2e3cbfb1 C:WINDOWSServicePackFilesi386ntoskrnl.exe
2008-04-14 22:0021903368ca14ecf04594eabbe93c9ff2e3cbfb1 C:WINDOWSsystem32ntoskrnl.exe
2008-04-14 22:511035264c791ed9eac5e76d9525e157b1d7a599a C:WINDOWSexplorer.exe
2005-04-07 20:48103372805412646fa6ea684af560d9984ae4e88 C:WINDOWS$NtServicePackUninstall$explorer.exe
2004-08-04 01:441033728379098a96e6c165b659de7e4328010ea C:WINDOWS$NtUninstallKB884883$explorer.exe
2008-04-14 22:511035264c791ed9eac5e76d9525e157b1d7a599a C:WINDOWSServicePackFilesi386explorer.exe
2004-08-04 01:441085443da8d964d2cc12ef8e8c342471a37917 C:WINDOWS$NtServicePackUninstall$services.exe
2008-04-14 22:511090563e3ae424e27c4cefe4cab368c7b570ea C:WINDOWSServicePackFilesi386services.exe
2008-04-14 22:511090563e3ae424e27c4cefe4cab368c7b570ea C:WINDOWSsystem32services.exe
2004-08-04 01:4413312f485fefc8cc4fd29243d800be5d275d1 C:WINDOWS$NtServicePackUninstall$lsass.exe
2008-04-14 22:511331288296f7943f30a1ee3af735440b92268 C:WINDOWSServicePackFilesi386lsass.exe
2008-04-14 22:511331288296f7943f30a1ee3af735440b92268 C:WINDOWSsystem32lsass.exe
2004-08-04 01:4415360cbfa30492d70ce3938d8a7783d0c0436 C:WINDOWS$NtServicePackUninstall$ctfmon.exe
2008-04-14 22:51153601bd41eda5b869afc99895c39a8de36e1 C:WINDOWSServicePackFilesi386ctfmon.exe
2008-04-14 22:51153601bd41eda5b869afc99895c39a8de36e1 C:WINDOWSsystem32ctfmon.exe
2005-06-11 02:1757856ad3d9d191aea7b5445fe1d82ffbb4788 C:WINDOWS$hf_mig$KB896423SP2QFEspoolsv.exe
2005-06-11 01:5357856da81ec57acd4cdc3d4c51cf3d409af9f C:WINDOWS$NtServicePackUninstall$spoolsv.exe
2004-08-04 01:4457856bebe8a85954ff460374fd5a0cd21e19b C:WINDOWS$NtUninstallKB896423$spoolsv.exe
2008-04-14 22:5157856dd69ec597ab942c39b950d9c3ce1375d C:WINDOWSServicePackFilesi386spoolsv.exe
2008-04-14 22:5157856dd69ec597ab942c39b950d9c3ce1375d C:WINDOWSsystem32spoolsv.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"NBJ"="Crogram FilesAheadNero BackItUpNBJ.exe" [2006-02-10 21:40 2048000]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"avast!"="CROGRA~1ALWILS~1Avast4ashDisp.exe" [2008-07-19 16:38 78008]
"SunJavaUpdateSched"="Crogram FilesJavajre1.6.0_05binjusched.exe" [2008-02-22 05:25 144784]
"NeroFilterCheck"="C:WINDOWSsystem32NeroCheck.exe" [2001-07-09 11:50 155648]
"ATIPTA"="Crogram FilesATI TechnologiesATI Control Panelatiptaxx.exe" [2003-02-28 21:00 315392]
"HP Software Update"="Crogram FilesHPHP Software UpdateHPWuSchd2.exe" [2005-05-11 23:12 49152]
"FixCamera"="C:WINDOWSFixCamera.exe" [2007-02-12 14:50 20480]
"Corel File Shell Monitor"="Crogram FilesCorelCorel Paint Shop Pro Photo X2CorelIOMonitor.exe" [2008-01-15 15:18 16200]
"MSConfig"="C:WINDOWSpchealthhelpctrBinariesMSCONFIG.EXE" [2008-04-14 22:51 171520]
"SoundMan"="SOUNDMAN.EXE" [2004-07-01 12:23 67584 C:WINDOWSSOUNDMAN.EXE]
[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
"CTFMON.EXE"="C:WINDOWSSystem32CTFMON.EXE" [2008-04-14 22:51 15360]
Cocuments and SettingsAll UsersMenu StartProgramyAutostart
HP Digital Imaging Monitor.lnk - Crogram FilesHPDigital Imagingbinhpqtra08.exe [2005-05-11 23:23:26 282624]
HP Image Zone - szybkie uruchamianie.lnk - Crogram FilesHPDigital Imagingbinhpqthb08.exe [2005-05-12 00:49:24 73728]
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
"vidc.CDVC"= cdvccodc.dll
"msacm.ac3filter"= ac3filter.acm
[HKLM~startupfolderC:^Documents and Settings^Basia & Kołek^Menu Start^Programy^Autostart^Adobe Gamma.lnk]
backup=C:WINDOWSpssAdobe Gamma.lnkStartup
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregDAEMON Tools Lite]
--a------ 2008-02-14 01:09 486856 Crogram FilesDAEMON Tools Litedaemon.exe
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupreg{0228e555-4f9c-4e35-a3ec-b109a192b4c2}]
--a------ 2005-07-15 23:48 479232 Crogram FilesGoogleGmail Notifiergnotify.exe
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
"%windir%\system32\sessmgr.exe"=
"%windir%\Network Diagnostic\xpnetdiag.exe"=
"C:\Program Files\Gadu-Gadu\gg.exe"=
"C:\Program Files\ABIT\FlashMenu\FlashMenu.exe"=
"F:\Program Files\Flashget\flashget.exe"=
"C:\WINDOWS\system32\dpvsetup.exe"=
"C:\WINDOWS\system32\dxdiag.exe"=
"C:\WINDOWS\system32\dpnsvr.exe"=
"F:\Program Files\saga\Saga.exe"=
R0 videX32;videX32;C:WINDOWSsystem32DRIVERSvideX32.sys [2007-09-21 17:49]
R3 GETNDIS;VIA Networking Velocity Family Giga-bit Ethernet Adapter Driver;C:WINDOWSsystem32DRIVERSgetnd5b.sys [2004-01-29 08:32]
S1 aswSP;avast! Self Protection;C:WINDOWSsystem32driversaswSP.sys [2008-07-19 16:35]
S2 aswFsBlk;aswFsBlk;C:WINDOWSsystem32DRIVERSaswFsBlk.sys [2008-07-19 16:37]
S2 nxsIO32;NextSensor Kernel I/O Driver;C:WINDOWSSystem32DRIVERSnxsIO32.sys [2008-04-04 23:01]
S3 Memctl;Memctl;Crogram FilesABITFlashMenuMemctl.sys [2001-11-29 19:49]
S3 SNP325;USB PC Camera (SNPSTD325);C:WINDOWSsystem32DRIVERSsnp325.sys []
S3 usbscan;Sterownik skanera USB;C:WINDOWSsystem32DRIVERSusbscan.sys [2008-04-14 00:15]
S3 USBSTOR;Sterownik magazynu masowego USB;C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2008-04-14 00:15]
[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2H]
ShellAutoRuncommand - H:LaunchU3.exe -a
[HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled components{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"Crogram FilesCommon FilesLightScribeLSRunOnce.exe"
.
Contents of the ''Scheduled Tasks'' folder
2008-08-02 C:WINDOWSTasksHPpromotions journeysoftware.job
- Crogram Fileshpdigital imagingbinhp promotionsjourneysoftwareHPpromo.exe [2005-04-22 17:36]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - Cocuments and SettingsBasia & KołekDane aplikacjiMozillaFirefoxProfilesfhehhppk.default
FireFox -: prefs.js - STARTUP.HOMEPAGE - [Aby zobaczyć linki, zarejestruj się tutaj]
FF -: plugin - Frogram FilesREALNetscape6nppl3260.dll
FF -: plugin - Frogram FilesREALNetscape6nprjplug.dll
FF -: plugin - Frogram FilesREALNetscape6nprpjplug.dll
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Aby zobaczyć linki, zarejestruj się tutaj]
Rootkit scan 2008-08-02 22:28:20
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
Completion time: 2008-08-02 22:32:17
ComboFix-quarantined-files.txt2008-08-02 20:31:16
ComboFix2.txt2008-08-02 15:08:50
Pre-Run: 4,481,708,032 bajtów wolnych
Post-Run: 4,467,929,088 bajtów wolnych
213
Liczba postów: 850
Liczba wątków: 12
Dołączył: 15.07.2006
Reputacja:
0
Otwórz notatnik i wklej w nim to:
Kod: Windows Registry Editor Version 5.00
[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints 2H]
Plik>>>zapisz jako...>>>zmień rozszerzenie na: wszystkie pliki>>>zapisz pod nazwą FIX.REG . Odpal plik FIX.REG, potwierdź dodanie do rejestru i zresetuj komputer.
Przeskanuj ten plik:
Kod: C:WINDOWSsystem32F224B3CAC4.sys
Po zabiegu nowy log z combofix.
"Nie jestem konsumentem mieszczącym się w standardzie
Nie jestem gatunkiem skazanym na wymarcie
Nie jestem obiektem medialnego hałasu
Jestem nielegalnym zabójcą czasu"
|
