Skocz do zawartości


Zdjęcie

[Pomoc] Mam Wirusa !


  • Zaloguj się, aby dodać odpowiedź
5 odpowiedzi w tym temacie

#1 Jezierski

Jezierski

    Nie truć na gg.

  • 351 postów

Napisano 02 11 2008 - 17:55

Siema wszystkim, od wczoraj z moim kompem dzieje się coś dziwnego: Wczoraj chciałem sobie włączyć film ale niedziałał bo musiałem jakieś kodeki pobrać (film orginalny żeby niebyło0 :( ) No to pobrałem zainstalowałem i film działa- po filmie próbuje wejść przez internet explorer na strone startową google-wpisuje to co chce wyszuklać i wyszukuje sie ale jak znajdzie to nad wszystkim co wyszukało pisze takie cos:


Sieć Wyniki 1 - 10 spośród około 2,000,000,000 dla zapytania g. (Znaleziono w 0,07 sek.)
Error!
Your computer was hijacked by dangerous virus! Some results was changed by porn advertising, your passwords and other private info no more in safe! You must to clean your system immediately to prevent it. Download the newest anti-virus software!

Oprócz tego jak próbuje wejść na jakąkolwiek inną strone to albo wyskakuje biała karta (strona znika i mam pustą karte) albo wyskakuje że windows stopped working i mi sie próbuje restartować. na to forum wszedłem dzięki google chrome które zainstalowałem kilka dni temu (wygląda jakby cos siedziało na internet explorer) Uprzedzam że skanowałem : McAffe security center (mój antywirus),yahoo anty-spy,PC Tools spyware Doctor i jeszcze SpyHunter'em i nic niewykryło (kilka tylko tych co zawsze ) ale problem pozostał-czyściłem historie i usuwałem wszystkie pliki cookies i te inne.

Wyskakuje jeszcze takie cos jak wchodze na jakąkolwiek strone:

Warning - you are infected by this site! Please, read our suggestions!
You can learn more about harmful web content and protect your computer at Total Secure 2009.
Just download Total Secure 2009 Now and Protect your Business forever!

Suggestions:
Make backup of important files and documents!
Read more about Total Secure 2009
Return to the previous page and pick another result.
Try another search to find what you're looking for.
If nothing will help you - reinstall windows or e-mail Total Secure 2009 team.
Or you can continue to visit this site at your own risk.

If you are the owner of this web site, you can request a review of your site using Google's Webmasters Tools.

Próbowałem pobrać tego Total Secure ale to ma 1,61 mb i w dodatku nieda sie zainstalować (jakieś błędy)

Prosze o pomoc. wrazie co to niejestem zielony w kompach wiec śmiało piszcie jak trzeba cos w plikach pogrzebać albo cos bo z takimi żeczemi sobie radze-pierwszy raz mi takie cos sie zrobiło..... ;/

  • 0

#2 Macsch15

Macsch15

    Profesjonalista

  • 3 705 postów

Napisano 02 11 2008 - 17:59

daj log z combofixa i HijackThis

http://forum.idg.pl/bezpieczenstwo_kompute...ia-t118804.html

  • 0

#3 Jezierski

Jezierski

    Nie truć na gg.

  • 351 postów

Napisano 02 11 2008 - 18:31

ComboFix 08-11-01.06 - ANDRZEJ 2008-11-02 17:08:03.1 - NTFSx86
MicrosoftŸ Windows Vista™ Home Premium 6.0.6001.1.1250.1.1033.18.1976 [GMT 1:00]
Uruchomiony z: C:\Users\ANDRZEJ\Documents\Pobrane pliki\ComboFix.exe
* Utworzono nowy punkt przywracania
* Resident AV is active

.
/wow section - STAGE 1
Access is denied.


((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\myglobalsearch
C:\Program Files\myglobalsearch\bar\1.bin\M9FFXTBR.JAR
C:\Program Files\myglobalsearch\bar\1.bin\M9FFXTBR.MANIFEST
C:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.JAR
C:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.MANIFEST
C:\Program Files\myglobalsearch\bar\1.bin\M9PLUGIN.DLL
C:\Program Files\myglobalsearch\bar\1.bin\MGSBAR.DLL
C:\Program Files\myglobalsearch\bar\1.bin\NPMYGLSH.DLL
C:\Program Files\myglobalsearch\bar\Cache\02536B2C
C:\Program Files\myglobalsearch\bar\Cache\02536DFA
C:\Program Files\myglobalsearch\bar\Cache\02536F61.bin
C:\Program Files\myglobalsearch\bar\Cache\02537116.bin
C:\Program Files\myglobalsearch\bar\Cache\0253728C.bin
C:\Program Files\myglobalsearch\bar\Cache\files.ini
C:\Program Files\myglobalsearch\bar\History\search
C:\Program Files\myglobalsearch\bar\Settings\prevcfg.htm
C:\Users\ANDRZEJ\AppData\Local\Temp\install_flash_player.exe
C:\Users\ANDRZEJ\AppData\Roaming\Microsoft\Windows\Start Menu\Cheap Pharmacy Online.url
C:\Users\ANDRZEJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinDefender 2009.lnk
C:\Users\ANDRZEJ\AppData\Roaming\Microsoft\Windows\Start Menu\Search Online.url
C:\Users\ANDRZEJ\AppData\Roaming\Microsoft\Windows\Start Menu\VIP Casino.url
C:\Users\ANDRZEJ\Desktop\Cheap Pharmacy Online.url
C:\Users\ANDRZEJ\Desktop\Search Online.url
C:\Users\ANDRZEJ\FAVORI~1\Cheap Pharmacy Online.url
C:\Users\ANDRZEJ\FAVORI~1\Search Online.url
C:\Users\ANDRZEJ\Favorites\Cheap Pharmacy Online.url
C:\Users\ANDRZEJ\Favorites\Search Online.url
C:\Windows\k.txt
C:\Windows\system32\c.ico
C:\Windows\system32\Cfx32.lic
C:\Windows\system32\cfx32.ocx
C:\Windows\system32\Dvbpws.dll
C:\Windows\system32\gopfa.dll
C:\Windows\system32\m.ico
C:\Windows\system32\p.ico
C:\Windows\system32\s.ico
C:\Windows\system32\wztmscs.dll
C:\Windows\system32\x64

.
((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_NPF


((((((((((((((((((((((((( Pliki utworzone od 2008-10-02 do 2008-11-02 )))))))))))))))))))))))))))))))
.

2008-11-02 13:50 . 2008-11-02 13:50 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-11-01 17:20 . 2008-11-01 17:20 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-11-01 17:17 . 2008-11-01 17:17 <DIR> d-------- C:\Users\ANDRZEJ\AppData\Roaming\Download Manager
2008-11-01 16:53 . 2008-11-01 16:53 69,632 --a------ C:\Windows\System32\ifsndu.dll
2008-10-28 19:54 . 2008-08-12 04:39 443,392 --a------ C:\Windows\System32\win32spl.dll
2008-10-28 19:54 . 2008-09-18 05:56 147,456 --a------ C:\Windows\System32\Faultrep.dll
2008-10-28 19:54 . 2008-09-18 05:56 125,952 --a------ C:\Windows\System32\wersvc.dll
2008-10-24 20:04 . 2008-10-26 16:43 <DIR> d-------- C:\Program Files\Common Files\Real
2008-10-24 19:02 . 2008-10-24 19:02 <DIR> d-------- C:\Windows\System32\xlive
2008-10-23 21:01 . 2008-08-05 10:49 428,544 --a------ C:\Windows\System32\EncDec.dll
2008-10-23 21:01 . 2008-08-05 10:49 293,376 --a------ C:\Windows\System32\psisdecd.dll
2008-10-23 21:01 . 2008-08-05 10:48 217,088 --a------ C:\Windows\System32\psisrndr.ax
2008-10-23 21:01 . 2008-08-05 10:48 177,664 --a------ C:\Windows\System32\mpg2splt.ax
2008-10-23 21:01 . 2008-08-05 10:48 80,896 --a------ C:\Windows\System32\MSNP.ax
2008-10-21 14:24 . 2008-10-21 14:24 <DIR> d-------- C:\Users\Marcin\AppData\Roaming\DivX
2008-10-21 14:24 . 2008-10-21 14:24 <DIR> d-------- C:\Users\Marcin\AppData\Roaming\Ahead
2008-10-21 11:08 . 2008-10-21 11:08 <DIR> d-------- C:\Users\Marcin\AppData\Roaming\Yahoo!
2008-10-21 11:07 . 2008-10-21 11:07 <DIR> dr------- C:\Users\Marcin\Searches
2008-10-21 11:07 . 2008-10-21 11:07 <DIR> dr------- C:\Users\Marcin\Contacts
2008-10-21 11:07 . 2008-10-21 11:07 <DIR> d-------- C:\Users\Marcin\AppData\Roaming\HP
2008-10-21 11:07 . 2008-10-21 11:07 <DIR> d-------- C:\Users\Marcin\AppData\Roaming\Dell
2008-10-21 11:06 . 2008-10-21 11:07 <DIR> dr------- C:\Users\Marcin\Videos
2008-10-21 11:06 . 2008-10-21 11:07 <DIR> dr------- C:\Users\Marcin\Saved Games
2008-10-21 11:06 . 2008-10-21 11:07 <DIR> dr------- C:\Users\Marcin\Pictures
2008-10-21 11:06 . 2008-10-21 11:07 <DIR> dr------- C:\Users\Marcin\Music
2008-10-21 11:06 . 2008-10-21 11:07 <DIR> dr------- C:\Users\Marcin\Links
2008-10-21 11:06 . 2008-10-21 11:07 <DIR> dr------- C:\Users\Marcin\Downloads
2008-10-21 11:06 . 2008-10-21 11:07 <DIR> dr------- C:\Users\Marcin\Documents
2008-10-21 11:06 . 2006-11-02 13:37 <DIR> d-------- C:\Users\Marcin\AppData\Roaming\Media Center Programs
2008-10-21 11:06 . 2008-10-21 14:32 <DIR> d--h----- C:\Users\Marcin\AppData
2008-10-21 11:06 . 2008-10-21 11:07 <DIR> d-------- C:\Users\Marcin
2008-10-15 19:47 . 2008-10-15 19:47 <DIR> d-------- C:\Programs
2008-10-15 13:53 . 2008-09-18 06:09 3,601,464 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-10-15 13:53 . 2008-09-18 06:09 3,549,240 --a------ C:\Windows\System32\ntoskrnl.exe
2008-10-15 13:53 . 2008-09-18 03:16 2,032,640 --a------ C:\Windows\System32\win32k.sys
2008-10-15 13:53 . 2008-10-02 02:32 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-10-15 13:53 . 2008-10-02 04:49 827,392 --a------ C:\Windows\System32\wininet.dll
2008-10-15 13:53 . 2008-08-27 02:06 288,768 --a------ C:\Windows\System32\drivers\srv.sys
2008-10-10 19:39 . 2001-12-12 09:35 348,160 --a------ C:\Windows\System32\MEnc.ocx
2008-10-08 22:23 . 2008-10-08 22:23 <DIR> d-------- C:\Windows\System32\js
2008-10-08 22:23 . 2008-10-08 22:23 <DIR> d-------- C:\Windows\System32\images
2008-10-08 22:23 . 2008-10-08 22:23 <DIR> d-------- C:\Windows\System32\html
2008-10-08 22:23 . 2008-10-08 22:23 <DIR> d-------- C:\Windows\System32\css
2008-10-08 22:23 . 2008-10-08 22:23 <DIR> d-------- C:\Program Files\Business Objects
2008-10-08 22:23 . 2008-10-08 22:23 172 --a------ C:\Windows\ODBC.INI
2008-10-08 22:19 . 2008-10-08 22:22 <DIR> d-------- C:\Program Files\Microsoft SQL Server
2008-10-08 22:19 . 2008-10-08 22:19 <DIR> d-------- C:\Program Files\Microsoft Device Emulator
2008-10-08 22:17 . 2008-10-08 22:18 <DIR> d-------- C:\Program Files\Windows Mobile 5.0 SDK R2
2008-10-08 22:17 . 2008-10-08 22:17 <DIR> d-------- C:\Program Files\Microsoft Synchronization Services
2008-10-08 22:17 . 2008-10-08 22:17 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-10-08 22:09 . 2008-10-08 22:09 <DIR> d-------- C:\Users\All Users\PreEmptive Solutions
2008-10-08 22:09 . 2008-10-08 22:09 <DIR> d-------- C:\ProgramData\PreEmptive Solutions
2008-10-08 22:02 . 2008-10-08 22:02 <DIR> d-------- C:\Windows\symbols
2008-10-08 22:01 . 2008-10-08 22:01 <DIR> d-------- C:\Windows\System32\1033
2008-10-08 21:59 . 2008-10-08 22:23 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 9.0
2008-10-08 21:59 . 2008-10-08 21:59 <DIR> d-------- C:\Program Files\Microsoft SDKs
2008-10-08 21:59 . 2008-10-08 22:03 <DIR> d-------- C:\Program Files\HTML Help Workshop
2008-10-08 21:59 . 2008-10-08 22:09 <DIR> d-------- C:\Program Files\Common Files\Merge Modules
2008-10-08 21:59 . 2008-10-08 21:59 <DIR> d-------- C:\Program Files\CE Remote Tools
2008-10-08 21:57 . 2008-10-08 21:58 <DIR> d-------- C:\Program Files\Microsoft Web Designer Tools
2008-10-08 21:49 . 2008-10-08 21:49 <DIR> d-------- C:\Users\ANDRZEJ\AppData\Roaming\Roxio
2008-10-08 21:49 . 2008-10-08 21:50 <DIR> d-------- C:\Users\All Users\Roxio
2008-10-08 21:49 . 2008-10-08 21:50 <DIR> d-------- C:\ProgramData\Roxio
2008-10-05 22:12 . 2008-10-08 23:37 <DIR> d-------- C:\Users\ANDRZEJ\AppData\Roaming\codeblocks
2008-10-05 22:07 . 2008-10-05 22:07 <DIR> d-------- C:\Program Files\CodeBlocks
2008-10-05 21:46 . 2008-10-05 21:46 <DIR> d-------- C:\Program Files\Common Files\Borland Shared
2008-10-02 18:34 . 2008-10-02 18:34 <DIR> d-------- C:\Users\ANDRZEJ\AppData\Roaming\Printer Info Cache
2008-10-02 18:34 . 2008-10-02 18:34 <DIR> d-------- C:\Users\ANDRZEJ\AppData\Roaming\Image Zone Express

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-02 16:23 --------- d-----w C:\Users\ANDRZEJ\AppData\Roaming\Skype
2008-11-02 16:22 --------- d---a-w C:\ProgramData\TEMP
2008-11-02 16:22 --------- d-----w C:\Program Files\Spyware Doctor
2008-11-02 12:48 --------- d-----w C:\Users\ANDRZEJ\AppData\Roaming\skypePM
2008-11-01 16:29 --------- d-----w C:\ProgramData\Google Updater
2008-11-01 15:54 --------- d-----w C:\Program Files\DivX
2008-10-27 15:31 452 ----a-w C:\Users\ANDRZEJ\AppData\Roaming\wklnhst.dat
2008-10-23 17:43 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-23 17:43 --------- d-----w C:\Program Files\Google
2008-10-16 13:07 --------- d-----w C:\Program Files\Windows Mail
2008-10-15 20:30 --------- d-----w C:\ProgramData\Dell
2008-10-10 18:43 --------- d-----w C:\Program Files\Total Video Converter
2008-10-08 21:20 --------- d-----w C:\Program Files\Microsoft.NET
2008-10-08 21:14 --------- d-----w C:\ProgramData\Microsoft Help
2008-10-08 21:03 --------- d-----w C:\Program Files\MSBuild
2008-10-02 20:59 --------- d-----w C:\Program Files\Softick
2008-09-30 17:34 56 ---ha-w C:\Users\All Users\ezsidmv.dat
2008-09-30 17:34 56 ---ha-w C:\ProgramData\ezsidmv.dat
2008-09-30 17:33 --------- d-----w C:\ProgramData\Skype
2008-09-30 17:33 --------- d-----w C:\Program Files\Skype
2008-09-30 17:33 --------- d-----w C:\Program Files\Common Files\Skype
2008-09-29 16:15 --------- d-----w C:\Program Files\Alcohol Soft
2008-09-29 16:07 --------- d-----w C:\Program Files\Common Files\Nero
2008-09-29 16:06 --------- d-----w C:\ProgramData\Ahead
2008-09-29 16:06 --------- d-----w C:\Program Files\Ahead
2008-09-29 16:02 --------- d-----w C:\Program Files\Common Files\Ahead
2008-09-28 18:11 --------- d-----w C:\Program Files\Byxon Games
2008-09-28 18:10 --------- d-----w C:\Program Files\Sokoban 2.0
2008-09-28 18:00 --------- d-----w C:\Program Files\Docker Sokoban
2008-09-28 16:28 --------- d-----w C:\Users\ANDRZEJ\AppData\Roaming\HP
2008-09-28 16:28 --------- d-----w C:\ProgramData\WEBREG
2008-09-28 16:28 --------- d-----w C:\ProgramData\HP
2008-09-28 16:26 --------- d-----w C:\ProgramData\HPSSUPPLY
2008-09-28 16:26 --------- d-----w C:\Program Files\HP
2008-09-28 16:25 --------- d-----w C:\Program Files\Common Files\HP
2008-09-28 16:23 --------- d-----w C:\Program Files\Hewlett-Packard
2008-09-28 16:23 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard
2008-09-27 12:32 --------- d-----w C:\Users\ANDRZEJ\AppData\Roaming\Talkback
2008-09-24 13:06 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-09-14 17:38 --------- d-----w C:\Program Files\UltraVNC
2008-09-12 18:04 --------- d-----w C:\Program Files\Samsung
2008-09-12 10:14 --------- d-----w C:\Program Files\McAfee
2008-09-09 21:01 --------- d-----w C:\Program Files\WinPcap
2008-09-04 14:54 --------- d-----w C:\Users\ANDRZEJ\AppData\Roaming\SPORE
2008-09-04 14:30 --------- d-----w C:\ProgramData\Electronic Arts
2008-09-04 14:30 --------- d-----w C:\Program Files\Electronic Arts
2008-01-21 02:43 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3A303EF6-2598-4D2D-B4DA-DEFA7CD0DC51}]
2008-11-01 16:53 69632 --a------ C:\Windows\system32\ifsndu.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-21 125952]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"DAEMON Tools Lite"="C:\Programy\DAEMON Tools Lite\daemon.exe" [2008-07-17 490952]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-23 68856]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 221568]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-08-12 21741864]
"Google Update"="C:\Users\ANDRZEJ\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-10-12 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ECenter"="C:\Dell\E-Center\EULALauncher.exe" [2008-02-29 17920]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-02 582992]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2008-02-11 133656]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-08-25 1168264]
"SoftickPPP"="C:\Program Files\Softick\PPP\Bin\PPPGate.exe" [2006-07-06 195072]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"NeroFilterCheck"="C:\Windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-11 C:\Windows\RtHDVCpl.exe]

C:\Users\Marcin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - C:\Program Files\Dell\DellDock\DellDock.exe [2008-05-13 1058088]

C:\Users\ANDRZEJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - C:\Program Files\Dell\DellDock\DellDock.exe [2008-05-13 1058088]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-07-23 14:11 10536 C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2008-07-23 14:03 29744 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-07-23 14:03 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFast Schedule]
--a------ 2007-11-15 14:55 2850816 C:\Program Files\WinFast\WFDTV\WFWIZ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFastDTV]
--a------ 2007-11-16 15:13 90112 C:\Program Files\WinFast\WFDTV\DTVSchdl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 16:43 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{9D2F3776-FCCE-4CF5-A38A-A34DAFFC8533}"= Profile=Private|Profile=Public|C:\Program Files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{F48D5593-B0ED-45A1-9E62-95288A3515DF}"= UDP:C:\Users\ANDRZEJ\AppData\Local\Temp\stInstall.exe:SpeedTouch Home Install Wizard
"{AD7EDFAF-D13D-4E36-A805-8BE3959B77B1}"= TCP:C:\Users\ANDRZEJ\AppData\Local\Temp\stInstall.exe:SpeedTouch Home Install Wizard
"{C2E62D14-934B-4504-9DC7-4252886E44B0}"= UDP:C:\Program Files\Thomson\ST330\service\st330service.exe:ST330 service
"{BB27FF3B-1735-4A13-AEB9-C02DB69807D0}"= TCP:C:\Program Files\Thomson\ST330\service\st330service.exe:ST330 service
"{1E3676C9-CBD7-4C6D-BC53-132A21F7D765}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{5B4421AA-515F-492A-B600-420BAE9EE011}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{FB21FBB4-6D5D-4750-818D-0174BBF725A7}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{B7A30C65-F7F7-4144-9A02-E7982E6A374E}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{A3BB4C52-26E5-4198-A0D1-9E202C8781D3}"= UDP:C:\gry\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{2B8F0A0A-481C-4476-9855-D4CE64439B1C}"= TCP:C:\gry\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{FD827FC3-1798-473F-9526-849AAE2B7746}"= UDP:C:\gry\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{DD5576FA-35B2-4B71-BEDB-088E47F240BF}"= TCP:C:\gry\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{354AC1A5-B1E5-4D36-B7B4-15DAAA42BD0B}"= UDP:C:\gry\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{FAA28B62-56DA-4168-8BDA-5EC2A0D2081A}"= TCP:C:\gry\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{620BB0BF-C602-459F-BC0E-618BCFE8670F}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{DE26BACB-3D83-43FC-A03F-CC0B24E92FBA}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{E57B7CC4-7CC7-497D-B14C-8E2F388D8F74}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{D661EE66-52D9-4603-9AEC-86EAFA374C55}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{DE4D47AF-5C26-4B94-B495-4D76030ABFD2}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{142E3BAC-3B8F-4358-810B-982B323E699E}"= C:\Program Files\Skype\Phone\Skype.exe:Skype

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-04-28 161048]
S2 vnccom;vnccom;C:\Windows\system32\Drivers\vnccom.SYS [2004-06-26 6016]
S3 GoToAssist;GoToAssist;C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe Start=service [ ]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\Windows\system32\DRIVERS\ss_bus.sys [2007-05-02 83592]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\Windows\system32\DRIVERS\ss_mdfl.sys [2007-05-02 15112]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\Windows\system32\DRIVERS\ss_mdm.sys [2007-05-02 109704]
S3 WFIOCTL;WFIOCTL;C:\Program Files\WinFast\WFDTV\WFIOCTL.SYS [2005-01-06 9446]
S4 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR;C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Zawartość folderu 'Zaplanowane zadania'

2008-11-01 C:\Windows\Tasks\GoogleUpdateTaskUser.job
- C:\Users\ANDRZEJ\AppData\Local\Google\Update\GoogleUpdate.exe [2008-10-12 21:35]

2008-07-23 C:\Windows\Tasks\McDefragTask.job
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2007-12-04 18:32]

2008-07-23 C:\Windows\Tasks\McQcTask.job
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2007-12-04 18:32]
.
- - - - USUNIĘTO PUSTE WPISY - - - -

HKCU-Run-WinDefender2009 - C:\Program Files\WinDefender\windef.exe


.
------- Skan uzupełniający -------
.
FireFox -: Profile - C:\Users\ANDRZEJ\AppData\Roaming\Mozilla\Firefox\Profiles\ml8rfver.default\
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-02 17:22:49
Windows 6.0.6001 Service Pack 1 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...


C:\Windows\TEMP\mcafee_1gp2opgjylNuLYc 0 bytes
C:\Windows\TEMP\mcafee_1gp2opgjylNuLYc-journal 20 bytes
C:\Users\ANDRZEJ\AppData\Local\Temp\etilqs_bSJt5p9K1Oto539 12300 bytes
C:\Users\ANDRZEJ\AppData\Local\Temp\STSE446.tmp 82 bytes
C:\Users\ANDRZEJ\AppData\Local\Temp\~DFB4BA.tmp
C:\Users\ANDRZEJ\AppData\Local\Temp\MARAF80.tmp 1342 bytes
C:\Users\ANDRZEJ\AppData\Local\Temp\MARBD94.tmp 1285 bytes


**************************************************************************
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\Program Files\McAfee\MSK\msksrver.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Windows\System32\conime.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\WUDFHost.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Windows\System32\igfxsrvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe
C:\PROGRA~1\McAfee\MSC\mcuimgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Spyware Doctor\pctsGui.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\googletoolbar2user.exe
C:\Program Files\Yahoo!\Companion\Installs\cpn1\ytbb.exe
.
**************************************************************************
.
Czas ukończenia: 2008-11-02 17:29:40 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2008-11-02 16:29:29

Przed: 494 319 812 608 bytes free
Po: 494,922,522,624 bytes free

339 --- E O F --- 2008-10-28 19:42:43

a tu masz z Hijack'a

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:32:01, on 2008-11-02
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Windows\system32\svchost.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\conime.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\ehome\ehtray.exe
C:\Programy\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\ANDRZEJ\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Spyware Doctor\pctsGui.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\notepad.exe
C:\Users\ANDRZEJ\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ANDRZEJ\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Windows\ehome\mcupdate.EXE
C:\Windows\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (file missing)
O2 - BHO: Game.OS - {3A303EF6-2598-4D2D-B4DA-DEFA7CD0DC51} - C:\Windows\system32\ifsndu.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (file missing)
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [SoftickPPP] "C:\Program Files\Softick\PPP\Bin\PPPGate.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programy\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Google Update] "C:\Users\ANDRZEJ\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
O13 - Gopher Prefix:
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Futuremark Measurement Services Client) - http://www.yougamers.com/systeminfo/MSC3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 13170 bytes
  • 0

#4 Macsch15

Macsch15

    Profesjonalista

  • 3 705 postów

Napisano 02 11 2008 - 18:37

w HijackThis

O2 - BHO: Game.OS - {3A303EF6-2598-4D2D-B4DA-DEFA7CD0DC51} - C:\Windows\system32\ifsndu.dll


te powyższe wpisy sfiksuj"
>>Hijack>>scan(Do a system scan only)>>zaznacz je >>Fix checked.
  • 0

#5 Jezierski

Jezierski

    Nie truć na gg.

  • 351 postów

Napisano 02 11 2008 - 18:45

Jupi Dołączona grafika!Dołączona grafika!!!1 :( Dzięki Wielkie dla Ciebie, pomogło Dołączona grafika!Dołączona grafika!Dołączona grafika!Dołączona grafika!

PS.jak rozpoznać w przyszłości takie "wredne rejestry/programy"
  • 0

#6 Macsch15

Macsch15

    Profesjonalista

  • 3 705 postów

Napisano 02 11 2008 - 18:47

jeden z najprostrzych sposobów zainstaluj porządnego antywirusa i nie będzie problemów

Np

Kaspersky
ESET

  • 0




Użytkownicy przeglądający ten temat: 0

0 użytkowników, 0 gości, 0 anonimowych