Skocz do zawartości


Zdjęcie

spyware detected


  • Zamknięty Temat jest zamknięty
7 odpowiedzi w tym temacie

#1 Eyetooth

Eyetooth

    Początkujący

  • 25 postów

Napisano 17 08 2008 - 17:31

pokazuje mi sie taki pulpit i nie moge zmienic na inny, prosze o pomoc i wskazanie najlepszego programu ktory moglby to wyeliminowac, na dole pokaze screena. Dziekuje z gory za pomoc


Dołączona grafika

  • 0

#2 timmy

timmy

    Zaawansowany użytkownik

  • 624 postów

Napisano 17 08 2008 - 17:47

daj logi z Hijackthis i Combofix ..

  • 0

#3 Eyetooth

Eyetooth

    Początkujący

  • 25 postów

Napisano 17 08 2008 - 19:22

ComboFix 08-08-16.01 - Eyetooth 2008-08-18 17:13:49.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.658 [GMT 2:00]
Running from: D:\antyvir\combofix\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED Dołączona grafika
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\Documents and Settings\All Users\Desktop\Antivirus XP 2008.lnk
D:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008
D:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Antivirus XP 2008.lnk
D:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\How to Register Antivirus XP 2008.lnk
D:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\License Agreement.lnk
D:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Register Antivirus XP 2008.lnk
D:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Uninstall.lnk
D:\Documents and Settings\Eyetooth\Application Data\macromedia\Flash Player\#SharedObjects\WRCC6AX2\interclick.com
D:\Documents and Settings\Eyetooth\Application Data\macromedia\Flash Player\#SharedObjects\WRCC6AX2\interclick.com\ud.sol
D:\Documents and Settings\Eyetooth\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
D:\Documents and Settings\Eyetooth\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
D:\Documents and Settings\Eyetooth\Application Data\Microsoft\SystemCertificates\My
D:\Documents and Settings\Eyetooth\Application Data\rhccddj0e1fg
D:\Documents and Settings\Eyetooth\Cookies\eyetooth@213.180.137[2].txt
D:\Documents and Settings\Eyetooth\Cookies\eyetooth@ad.yieldmanager[1].txt
D:\Documents and Settings\Eyetooth\Cookies\eyetooth@ad.yieldmanager[3].txt
D:\Documents and Settings\Eyetooth\Cookies\eyetooth@ad2.pl.mediainter[2].txt
D:\Documents and Settings\Eyetooth\Cookies\eyetooth@adidm07.idmnet[2].txt
D:\Documents and Settings\Eyetooth\Cookies\eyetooth@ads.o2[2].txt
D:\Documents and Settings\Eyetooth\Cookies\eyetooth@connextra[8].txt
D:\Documents and Settings\Eyetooth\Cookies\eyetooth@ehg-globalgamingleague.hitbox[2].txt
D:\Documents and Settings\Eyetooth\Cookies\eyetooth@insightexpressai[2].txt
D:\Documents and Settings\Eyetooth\Cookies\eyetooth@metacafe[2].txt
D:\Documents and Settings\Eyetooth\Cookies\eyetooth@nuggad[2].txt
D:\Documents and Settings\Eyetooth\Cookies\eyetooth@onet[2].txt
D:\Documents and Settings\Eyetooth\Cookies\eyetooth@p2m.org[1].txt
D:\Documents and Settings\Eyetooth\Cookies\eyetooth@p2mforum[2].txt
D:\Documents and Settings\Eyetooth\Cookies\eyetooth@partners.webmasterplan[2].txt
D:\Documents and Settings\Eyetooth\Cookies\eyetooth@revsci[1].txt
D:\Documents and Settings\Eyetooth\Cookies\eyetooth@todlaciebie[2].txt
D:\Documents and Settings\Eyetooth\Cookies\eyetooth@vitalia[2].txt
D:\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My
D:\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My
D:\Program Files\rhccddj0e1fg
D:\WINDOWS\system32\actskn43.ocx
D:\WINDOWS\system32\blphc9ddj0e1fg.scr
D:\WINDOWS\system32\drivers\svchost.exe
D:\WINDOWS\system32\phc9ddj0e1fg.bmp
D:\WINDOWS\Sysvxd.exe

.
((((((((((((((((((((((((( Files Created from 2008-07-18 to 2008-08-18 )))))))))))))))))))))))))))))))
.

2008-08-18 11:23 . 2008-08-18 12:35 <DIR> d-------- D:\Program Files\BPS Remover
2008-08-18 11:19 . 2008-08-18 11:20 <DIR> d-------- D:\Program Files\Trojan Remover
2008-08-18 11:19 . 2008-08-18 11:19 <DIR> d-------- D:\Documents and Settings\Eyetooth\Application Data\Simply Super Software
2008-08-18 11:19 . 2008-08-18 11:19 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-08-18 11:19 . 2006-05-25 15:52 162,304 --a------ D:\WINDOWS\system32\ztvunrar36.dll
2008-08-18 11:19 . 2003-02-02 20:06 153,088 --a------ D:\WINDOWS\system32\UNRAR3.dll
2008-08-18 11:19 . 2005-08-26 01:50 77,312 --a------ D:\WINDOWS\system32\ztvunace26.dll
2008-08-18 11:19 . 2002-03-06 01:00 75,264 --a------ D:\WINDOWS\system32\unacev2.dll
2008-08-18 11:19 . 2006-06-19 13:01 69,632 --a------ D:\WINDOWS\system32\ztvcabinet.dll
2008-08-18 11:00 . 2008-08-18 11:00 <DIR> d-------- D:\Program Files\SAGEM
2008-08-17 23:55 . 2006-09-02 16:21 108,728 --a------ D:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-08-17 23:55 . 2006-09-02 16:21 48,824 --a------ D:\WINDOWS\system32\S32EVNT1.DLL
2008-08-16 23:27 . 2008-08-18 17:05 <DIR> d-------- D:\antyvir
2008-08-16 21:54 . 2008-08-18 17:16 109,150 --a------ D:\WINDOWS\system32\drivers\43170e2.sys
2008-08-12 13:26 . 2008-08-12 13:26 <DIR> d-------- D:\Program Files\Alwil Software

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-18 10:57 --------- d-----w D:\Program Files\Teamspeak2_RC2
2008-08-18 10:57 --------- d-----w D:\Documents and Settings\Eyetooth\Application Data\teamspeak2
2008-08-18 10:51 --------- d---a-w D:\Documents and Settings\All Users\Application Data\TEMP
2008-08-18 09:00 33 ----a-w D:\WINDOWS\system32\drivers\adidsl.cfg
2008-08-18 09:00 --------- d--h--w D:\Program Files\InstallShield Installation Information
2008-08-18 07:58 --------- d-----w D:\Program Files\Common Files\Symantec Shared
2008-08-17 22:12 --------- d-----w D:\Program Files\Symantec
2008-08-17 22:12 --------- d-----w D:\Documents and Settings\All Users\Application Data\Symantec
2008-08-16 21:58 --------- d-----w D:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-08-16 21:48 --------- d-----w D:\Program Files\Common Files\Panda Software
2008-08-16 21:27 --------- d-----w D:\Program Files\MoorHunt
2008-08-13 08:28 4,877,518 ----a-w D:\Warcraft III v1.21a Battle.net and No-CD Loader_rar.vir
2008-08-12 10:30 --------- d-----w D:\Program Files\SkanerOnline
2008-07-31 15:40 --------- d-----w D:\Documents and Settings\Eyetooth\Application Data\Skype
2008-07-31 14:46 --------- d-----w D:\Documents and Settings\Eyetooth\Application Data\skypePM
2008-07-02 07:37 2,829 ----a-w D:\WINDOWS\War3Unin.pif
2008-07-02 07:37 139,264 ----a-w D:\WINDOWS\War3Unin.exe
2008-06-26 23:36 --------- d-----w D:\Documents and Settings\Eyetooth\Application Data\Azureus
2008-06-24 18:09 21,292 ----a-w D:\EPLite_v100_Final_D2v112.zip
2008-06-21 16:58 --------- d-----w D:\Program Files\Azureus
2007-10-09 09:28 848 --sha-w D:\WINDOWS\system32\KGyGaAvL.sys
2007-07-08 17:39 32,768 --sha-w D:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012007070820070709\index.dat
.

((((((((((((((((((((((((((((( snapshot@2008-07-03_14.36.40.07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-02-16 05:44:46 143,360 ----a-w D:\WINDOWS\adiras.exe
+ 2006-02-15 08:15:30 176,128 ----a-w D:\WINDOWS\autoclk.exe
+ 2002-09-26 14:42:30 24,576 ----a-w D:\WINDOWS\enddisk32.exe
+ 2001-02-08 10:05:30 46,892 ----a-w D:\WINDOWS\system32\ADADIX16.DLL
+ 2001-02-09 09:43:10 4,981 ----a-w D:\WINDOWS\system32\ADADIX2K.DLL
+ 2002-05-09 13:12:54 155,648 ----a-w D:\WINDOWS\system32\adadix32.dll
+ 2006-02-15 12:51:14 126,976 ----a-w D:\WINDOWS\system32\coclassfast.dll
- 2007-11-08 01:50:44 32,768 --sha-w D:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-08-18 07:58:48 32,768 --sha-w D:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2007-11-08 01:50:44 32,768 --sha-w D:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-08-18 07:58:48 32,768 --sha-w D:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-11-08 01:50:44 32,768 --sha-w D:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-08-18 07:58:48 32,768 --sha-w D:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-08-16 11:42:30 262,144 ----a-w D:\WINDOWS\system32\config\systemprofile\NtUser.dat
+ 2004-03-02 06:26:58 50,007 ----a-w D:\WINDOWS\system32\drivers\adildr.sys
+ 2005-09-19 11:28:08 126,489 ----a-w D:\WINDOWS\system32\drivers\adiusbaw.sys
+ 2006-09-15 09:07:54 64,000 ----a-w D:\WINDOWS\system32\drivers\e4ldr.sys
+ 2006-09-19 09:03:28 116,992 ----a-w D:\WINDOWS\system32\drivers\e4usbaw.sys
+ 2001-05-24 13:24:40 22,395 ----a-w D:\WINDOWS\system32\drivers\fpga.bin
+ 2006-03-02 12:43:22 152,034 ----a-w D:\WINDOWS\system32\drivers\L1E4D0.BIN
+ 2006-03-02 12:43:22 152,034 ----a-w D:\WINDOWS\system32\drivers\L1E4D1.BIN
+ 2006-03-02 12:43:22 152,036 ----a-w D:\WINDOWS\system32\drivers\L1E4D2.BIN
+ 2006-03-14 07:44:14 152,220 ----a-w D:\WINDOWS\system32\drivers\L1E4I0.BIN
+ 2006-03-14 07:44:14 152,220 ----a-w D:\WINDOWS\system32\drivers\L1E4I1.BIN
+ 2006-03-14 07:44:14 152,220 ----a-w D:\WINDOWS\system32\drivers\L1E4I2.BIN
+ 2006-05-02 17:32:00 152,132 ----a-w D:\WINDOWS\system32\drivers\L1E4P0.BIN
+ 2006-05-02 17:32:00 152,132 ----a-w D:\WINDOWS\system32\drivers\L1E4P1.BIN
+ 2006-05-02 17:32:00 152,132 ----a-w D:\WINDOWS\system32\drivers\L1E4P2.BIN
+ 2006-04-10 11:43:58 152,126 ----a-w D:\WINDOWS\system32\drivers\L1E9I0.BIN
+ 2006-04-10 11:43:58 152,126 ----a-w D:\WINDOWS\system32\drivers\L1E9I1.BIN
+ 2006-04-10 11:43:58 152,126 ----a-w D:\WINDOWS\system32\drivers\L1E9I2.BIN
+ 2006-04-10 11:40:46 152,126 ----a-w D:\WINDOWS\system32\drivers\L1E9P0.BIN
+ 2006-04-10 11:40:46 152,126 ----a-w D:\WINDOWS\system32\drivers\L1E9P1.BIN
+ 2006-04-10 11:40:46 152,126 ----a-w D:\WINDOWS\system32\drivers\L1E9P2.BIN
+ 2006-08-22 12:48:24 243,376 ----a-w D:\WINDOWS\system32\drivers\srtsp.sys
+ 2006-08-22 12:48:24 275,120 ----a-w D:\WINDOWS\system32\drivers\srtspl.sys
+ 2006-08-22 12:48:24 24,240 ----a-w D:\WINDOWS\system32\drivers\srtspx.sys
+ 2001-07-27 10:25:20 127,456 ----a-w D:\WINDOWS\system32\IPDETECT.EXE
+ 2006-05-31 13:38:02 10,752 ----a-w D:\WINDOWS\system32\md5.dll
- 2008-04-04 08:46:13 63,862 ----a-w D:\WINDOWS\system32\perfc009.dat
+ 2008-08-18 10:41:48 63,862 ----a-w D:\WINDOWS\system32\perfc009.dat
- 2008-04-04 08:46:13 404,642 ----a-w D:\WINDOWS\system32\perfh009.dat
+ 2008-08-18 10:41:48 404,642 ----a-w D:\WINDOWS\system32\perfh009.dat
+ 2006-01-23 13:40:34 135,168 ----a-w D:\WINDOWS\system32\unaddrv.exe
+ 2000-07-15 03:00:00 101,888 ----a-w D:\WINDOWS\system32\VB6STKIT.DLL
+ 2004-05-11 07:56:54 423,784 ----a-w D:\WINDOWS\system32\XceedBkp.dll
+ 2003-11-19 11:59:36 512,688 ----a-w D:\WINDOWS\system32\XceedCry.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]
"ISUSPM"="D:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 04:40 218032]
"DAEMON Tools"="D:\Program Files\DAEMON Tools\daemon.exe" [2007-08-29 17:09 171464]
"BPS Remover"="D:\Program Files\BPS Remover\BPSRem.exe" [2008-03-24 12:40 610304]
"BPS Spyware Remover"="D:\Program Files\BPS Remover\BPSRem.exe" [2008-03-24 12:40 610304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVMixerTray"="D:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-04 05:51 131072]
"NvCplDaemon"="D:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22 7700480]
"NvMediaCenter"="D:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 12:22 86016]
"NeroFilterCheck"="D:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 19:50 155648]
"GrooveMonitor"="D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"USB Storage Toolbox"="D:\Program Files\USBToolbox\Res.EXE" [2004-08-12 05:42 122880]
"QuickTime Task"="D:\Program Files\QuickTime\qttask.exe" [2007-10-19 21:16 286720]
"ccApp"="D:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-09-03 01:04 84640]
"TrojanScanner"="D:\Program Files\Trojan Remover\Trjscan.exe" [2008-08-18 11:19 909904]
"nwiz"="nwiz.exe" [2006-10-22 12:22 1622016 D:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]

D:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 07:05:26 29696]
DSLMON.lnk - D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-08-18 11:00:45 839680]
Microsoft Office.lnk - D:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 22:05:56 65588]
SATARaid.lnk - D:\Program Files\Silicon Image\SiISATARaid\SATARaid.exe [2008-02-22 20:14:41 1019961]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Antiwpa]
2006-07-23 00:49 5376 D:\WINDOWS\system32\antiwpa.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= ctwdm32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"D:\\programy\\Ares\\Ares.exe"=
"D:\\programy\\Gadu-Gadu\\gg.exe"=
"D:\\Program Files\\Azureus\\Azureus.exe"=
"D:\\Program Files\\VoipDiscount.com\\VoipDiscount\\VoipDiscount.exe"=
"F:\\dysk d\\gry\\Warcraft III\\pickup.listchecker.exe"=
"D:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"D:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"D:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"D:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"D:\\Program Files\\mIRC\\mirc.exe"=
"D:\\Program Files\\NAPI-PROJEKT\\napisy.exe"=
"F:\\gry\\Tactical Ops\\System\\TacticalOps.exe"=
"D:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10225:TCP"= 10225:TCP:BitComet 10225 TCP
"10225:UDP"= 10225:UDP:BitComet 10225 UDP

R0 SI3112r;Silicon Image SiI 3112 SATARaid Controller;D:\WINDOWS\system32\DRIVERS\SI3112r.sys [2004-05-12 08:01]
R2 harmonogram automatycznej usługi liveupdate;Harmonogram automatycznej usługi LiveUpdate;D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-09-13 14:54]
R3 dsnpfd;DeskSoft Service;D:\WINDOWS\system32\DRIVERS\dsnpfd.sys [2007-11-23 14:17]
R3 e4usbaw;USB ADSL2 WAN Adapter;D:\WINDOWS\system32\DRIVERS\e4usbaw.sys [2006-09-19 11:03]
R3 NPF;NetGroup Packet Filter Driver;D:\WINDOWS\system32\drivers\npf.sys [2007-11-06 22:22]
S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys):):\WINDOWS\system32\Drivers\e4ldr.sys [2006-09-15 11:07]
S3 AC2003;AC2003;D:\WINDOWS\system32\Drivers\AC2003.sys [2004-07-12 05:57]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ab3befc0-3338-11dd-9926-00508ded2afa}]
\Shell\AutoRun\command - t.com
\Shell\explore\Command - t.com
\Shell\open\Command - t.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d2fb7501-0e6a-11dd-98e7-00508ded2afa}]
\Shell\AutoRun\command - H:\t.com
\Shell\explore\Command - H:\t.com
\Shell\open\Command - H:\t.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dc82dce7-6377-11dc-8361-4d6564696130}]
\Shell\AutoRun\command - L:\t.com
\Shell\explore\Command - L:\t.com
\Shell\open\Command - L:\t.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e586afe8-ce7f-11dc-83e3-00508ded2afa}]
\Shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e586afe9-ce7f-11dc-83e3-00508ded2afa}]
\Shell\AutoRun\command - J:\t.com
\Shell\explore\Command - J:\t.com
\Shell\open\Command - J:\t.com

*Newly Created Service* - CATCHME
*Newly Created Service* - ikfilesec
*Newly Created Service* - iksysflt
*Newly Created Service* - iksyssec
*Newly Created Service* - mchinjdrv
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Default_Search_URL = hxxp://www.google.com/ie
R0 -: HKCU-Main,Start Page = hxxp://google.pl/
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O8 -: &D&ownload &with BitComet - D:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 -: &D&ownload all video with BitComet - D:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 -: &D&ownload all with BitComet - D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 -: E&ksportuj do programu Microsoft Excel - D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O16 -: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cab
D:\WINDOWS\Downloaded Program Files\SkanerOnline.inf
D:\WINDOWS\system32\SkanerOnlineUninstall.exe
D:\WINDOWS\system32\SkanerOnline.dll

O16 -: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} - hxxps://www.bph.pl/sezam/components/SignActivX.cab
D:\WINDOWS\Downloaded Program Files\SignActivX.ocx


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-18 17:16:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
Binary file raw_enum.dat matches
.
Completion time: 2008-08-18 17:17:42
ComboFix-quarantined-files.txt 2008-08-18 15:17:30
ComboFix2.txt 2008-07-03 12:37:46

Pre-Run: 2,986,885,120 bytes free
Post-Run: 3,012,362,240 bytes free

264



#################################################
#################################################
#################################################
#################################################
hijackfree



Logfile of HiJackFree v3.0
Scan saved at 19:22:03, on 2008-08-18
Platform: Windows XP Service Pack 2 (Windows NT 5.1.2600)
MSIE: Internet Explorer v 7.0 Service Pack 2 (7.0.5730.11)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\SYSTEM32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
D:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
D:\Program Files\USBToolbox\Res.EXE
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
D:\WINDOWS\system32\devldr32.exe
D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
D:\WINDOWS\explorer.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\drivers\svchost.exe
D:\DOCUME~1\Eyetooth\LOCALS~1\Temp\bpcicnke.exe
D:\WINDOWS\System32\alg.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\Opera\Opera.exe
D:\Program Files\a-squared HiJackFree\a2hijackfree.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(.Default) = http://www.google.com/search?q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Links
O2 - BHO: - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: BitComet Helper - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O4 - HKLM\..\Run: [NVMixerTray] "D:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [USB Storage Toolbox] D:\Program Files\USBToolbox\Res.EXE
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TrojanScanner] D:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [lphc9ddj0e1fg] D:\WINDOWS\system32\lphc9ddj0e1fg.exe
O4 - HKLM\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Run: [ISUSPM] "D:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [BPS Remover] D:\Program Files\BPS Remover\BPSRem.exe
O4 - HKLM\..\Run: [BPS Spyware Remover] D:\Program Files\BPS Remover\BPSRem.exe /STARTUP
O4 - HKLM\..\Run: [SVCHOST.EXE] D:\WINDOWS\system32\drivers\svchost.exe
O7 - Regedit - Enabled
O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra "Tools" menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - D:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - D:\PROGRA~1\Skype\Toolbars\INTERN~1\favicon.ico
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFBAR.ICO
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra "Tools" menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
O14 - IERESET.INF: SEARCH_PAGE_URL="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
O14 - IERESET.INF: MS_START_PAGE_URL="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) - https://www.bph.pl/sezam/components/SignActivX.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O20 - Winlogon Notify: Antiwpa - D:\WINDOWS\System32\antiwpa.dll
O21 - ShellServiceObjectDelayLoad: WebCheck -
O21 - ShellServiceObjectDelayLoad: WPDShServiceObj -
O21 - ShellServiceObjectDelayLoad: PostBootReminder -
O21 - ShellServiceObjectDelayLoad: CDBurn -
O21 - ShellServiceObjectDelayLoad: SysTray -
O22 - SharedTaskScheduler: Browseui preloader - D:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - D:\WINDOWS\system32\browseui.dll
O23 - Usługa: Alerter - D:\WINDOWS\system32\svchost.exe
O23 - Usługa: Application Layer Gateway Service - D:\WINDOWS\System32\alg.exe
O23 - Usługa: Application Management - D:\WINDOWS\system32\svchost.exe
O23 - Usługa: Ares Chatroom server - D:\programy\Ares\chatServer.exe
O23 - Usługa: ASP.NET State Service - D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
O23 - Usługa: Windows Audio - D:\WINDOWS\System32\svchost.exe
O23 - Usługa: Background Intelligent Transfer Service - D:\WINDOWS\system32\svchost.exe
O23 - Usługa: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Usługa: Computer Browser - D:\WINDOWS\system32\svchost.exe
O23 - Usługa: Symantec Event Manager - D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Usługa: Symantec Settings Manager - D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Usługa: Indexing Service - D:\WINDOWS\system32\cisvc.exe
O23 - Usługa: ClipBook - D:\WINDOWS\system32\clipsrv.exe
O23 - Usługa: .NET Runtime Optimization Service v2.0.50727_X86 - D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
O23 - Usługa: Symantec Lic NetConnect service - D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Usługa: COM+ System Application - D:\WINDOWS\system32\dllhost.exe
O23 - Usługa: Cryptographic Services - D:\WINDOWS\system32\svchost.exe
O23 - Usługa: DCOM Server Process Launcher - D:\WINDOWS\system32\svchost
O23 - Usługa: DHCP Client - D:\WINDOWS\system32\svchost.exe
O23 - Usługa: Logical Disk Manager Administrative Service - D:\WINDOWS\System32\dmadmin.exe
O23 - Usługa: Logical Disk Manager - D:\WINDOWS\System32\svchost.exe
O23 - Usługa: DNS Client - D:\WINDOWS\system32\svchost.exe
O23 - Usługa: Error Reporting Service - D:\WINDOWS\System32\svchost.exe
O23 - Usługa: Event Log - D:\WINDOWS\system32\services.exe
O23 - Usługa: COM+ Event System - D:\WINDOWS\system32\svchost.exe
O23 - Usługa: Fast User Switching Compatibility - D:\WINDOWS\System32\svchost.exe
O23 - Usługa: FLEXnet Licensing Service - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Usługa: Harmonogram automatycznej usługi LiveUpdate - D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Usługa: Help and Support - D:\WINDOWS\System32\svchost.exe
O23 - Usługa: HID Input Service - D:\WINDOWS\System32\svchost.exe
O23 - Usługa: HTTP SSL - D:\WINDOWS\System32\svchost.exe
O23 - Usługa: IMAPI CD-Burning COM Service - D:\WINDOWS\system32\imapi.exe
O23 - Usługa: Server - D:\WINDOWS\system32\svchost.exe
O23 - Usługa: Workstation - D:\WINDOWS\system32\svchost.exe
O23 - Usługa: LiveUpdate - D:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Usługa: TCP/IP NetBIOS Helper - D:\WINDOWS\system32\svchost.exe
O23 - Usługa: Messenger - D:\WINDOWS\system32\svchost.exe
O23 - Usługa: Microsoft Office Groove Audit Service - D:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
O23 - Usługa: NetMeeting Remote Desktop Sharing - D:\WINDOWS\system32\mnmsrvc.exe
O23 - Usługa: Distributed Transaction Coordinator - D:\WINDOWS\system32\msdtc.exe
O23 - Usługa: Windows Installer - D:\WINDOWS\system32\msiexec.exe
O23 - Usługa: Network DDE - D:\WINDOWS\system32\netdde.exe
O23 - Usługa: Network DDE DSDM - D:\WINDOWS\system32\netdde.exe
O23 - Usługa: Net Logon - D:\WINDOWS\system32\lsass.exe
O23 - Usługa: Network Connections - D:\WINDOWS\System32\svchost.exe
O23 - Usługa: Network Location Awareness (NLA) - D:\WINDOWS\system32\svchost.exe
O23 - Usługa: NT LM Security Support Provider - D:\WINDOWS\system32\lsass.exe
O23 - Usługa: Removable Storage - D:\WINDOWS\system32\svchost.exe
O23 - Usługa: NVIDIA Display Driver Service - D:\WINDOWS\system32\nvsvc32.exe
O23 - Usługa: Microsoft Office Diagnostics Service - D:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
O23 - Usługa: Office Source Engine - D:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
O23 - Usługa: Plug and Play - D:\WINDOWS\system32\services.exe
O23 - Usługa: IPSEC Services - D:\WINDOWS\system32\lsass.exe
O23 - Usługa: Protected Storage - D:\WINDOWS\system32\lsass.exe
O23 - Usługa: Remote Access Auto Connection Manager - D:\WINDOWS\system32\svchost.exe
O23 - Usługa: Remote Access Connection Manager - D:\WINDOWS\system32\svchost.exe
O23 - Usługa: Remote Desktop Help Session Manager - D:\WINDOWS\system32\sessmgr.exe
O23 - Usługa: Routing and Remote Access - D:\WINDOWS\system32\svchost.exe
O23 - Usługa: Remote Registry - D:\WINDOWS\system32\svchost.exe
O23 - Usługa: Remote Packet Capture Protocol v.0 (experimental) - D:\Program Files\WinPcap\rpcapd.exe
O23 - Usługa: Remote Procedure Call (RPC) Locator - D:\WINDOWS\system32\locator.exe
O23 - Usługa: Remote Procedure Call (RPC) - D:\WINDOWS\system32\svchost
O23 - Usługa: QoS RSVP - D:\WINDOWS\system32\rsvp.exe
O23 - Usługa: Security Accounts Manager - D:\WINDOWS\system32\lsass.exe
O23 - Usługa: Smart Card - D:\WINDOWS\System32\SCardSvr.exe
O23 - Usługa: Task Scheduler - D:\WINDOWS\System32\svchost.exe
O23 - Usługa: Secondary Logon - D:\WINDOWS\System32\svchost.exe
O23 - Usługa: System Event Notification - D:\WINDOWS\system32\svchost.exe
O23 - Usługa: Windows Firewall/Internet Connection Sharing (ICS) - D:\WINDOWS\System32\svchost.exe
O23 - Usługa: Shell Hardware Detection - D:\WINDOWS\System32\svchost.exe
O23 - Usługa: Print Spooler - D:\WINDOWS\system32\spoolsv.exe
O23 - Usługa: System Restore Service - D:\WINDOWS\system32\svchost.exe
O23 - Usługa: SSDP Discovery Service - D:\WINDOWS\system32\svchost.exe
O23 - Usługa: Windows Image Acquisition (WIA) - D:\WINDOWS\system32\svchost.exe
O23 - Usługa: MS Software Shadow Copy Provider - D:\WINDOWS\system32\dllhost.exe
O23 - Usługa: Symantec AppCore Service - D:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Usługa: Performance Logs and Alerts - D:\WINDOWS\system32\smlogsvc.exe
O23 - Usługa: Telephony - D:\WINDOWS\System32\svchost.exe
O23 - Usługa: Terminal Services - D:\WINDOWS\System32\svchost
O23 - Usługa: Themes - D:\WINDOWS\System32\svchost.exe
O23 - Usługa: Telnet - D:\WINDOWS\system32\tlntsvr.exe
O23 - Usługa: Distributed Link Tracking Client - D:\WINDOWS\system32\svchost.exe
O23 - Usługa: Universal Plug and Play Device Host - D:\WINDOWS\system32\svchost.exe
O23 - Usługa: Uninterruptible Power Supply - D:\WINDOWS\System32\ups.exe
O23 - Usługa: Volume Shadow Copy - D:\WINDOWS\System32\vssvc.exe
O23 - Usługa: Windows Time - D:\WINDOWS\System32\svchost.exe
O23 - Usługa: WebClient - D:\WINDOWS\system32\svchost.exe
O23 - Usługa: Windows Management Instrumentation - D:\WINDOWS\system32\svchost.exe
O23 - Usługa: VNC Server Version 4 - D:\Program Files\RealVNC\VNC4\WinVNC4.exe
O23 - Usługa: Portable Media Serial Number Service - D:\WINDOWS\System32\svchost.exe
O23 - Usługa: Windows Management Instrumentation Driver Extensions - D:\WINDOWS\System32\svchost.exe
O23 - Usługa: WMI Performance Adapter - D:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Usługa: Windows Media Player Network Sharing Service - D:\Program Files\Windows Media Player\WMPNetwk.exe
O23 - Usługa: Security Center - D:\WINDOWS\System32\svchost.exe
O23 - Usługa: Automatic Updates - D:\WINDOWS\system32\svchost.exe
O23 - Usługa: Windows Driver Foundation - User-mode Driver Framework - D:\WINDOWS\system32\svchost.exe
O23 - Usługa: Wireless Zero Configuration - D:\WINDOWS\System32\svchost.exe
O23 - Usługa: Network Provisioning Service - D:\WINDOWS\System32\svchost.exe
  • 0

#4 ordynat

ordynat

    Zaawansowany użytkownik

  • 804 postów

Napisano 17 08 2008 - 19:40

2008-08-16 23:27 . 2008-08-18 17:05 <DIR> d-------- D:\antyvir

Znasz to powyższe?

2008-08-16 21:54 . 2008-08-18 17:16 109,150 --a------ D:\WINDOWS\system32\drivers\43170e2.sys

Sprawdź go na --> http://virusscan.jotti.org/
albo na http://www.virustotal.com/en/indexf.html.

W Rejestrze masz ślady infekcji z pendrive'a:
Do Notatnika wklej:
Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ab3befc0-3338-11dd-9926-00508ded2afa}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d2fb7501-0e6a-11dd-98e7-00508ded2afa}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dc82dce7-6377-11dc-8361-4d6564696130}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e586afe9-ce7f-11dc-83e3-00508ded2afa}]

Z menu Notatnika >>> Plik >>> Zapisz jako >>> Ustaw rozszerzenie na: "Wszystkie pliki" >>> Zapisz jako FIX.REG >>>
plik uruchom
(dwuklik i OK- zgódź się na dodanie do Rejestru).
Zrestartuj komputer.

ComboFix resztę już usunął, więc powinno być OK.

ordynat
  • 0

#5 Eyetooth

Eyetooth

    Początkujący

  • 25 postów

Napisano 17 08 2008 - 20:54

dziekuje za informacje :)

nadal niestety nie mgoe zmienic pulpitu z tego ktory mi automatycznie wyskoczyl mam cos takiego w opcjach (brak 2 zakladek):

Dołączona grafika
  • 0

#6 wojownik235

wojownik235

    Początkujący

  • 87 postów

Napisano 18 08 2008 - 08:49

Miales wczesniej ten sam problem. naprawilem go robiac skan spyware detected. usunelem wszystkie wirusy i moglem zmienic tlo pulpity tylko co jakis czas u mnie sie pojawia blad bez powodu i zmienia tapete ale mozna ja juz wtedy normalnie zmienic
  • 0

#7 Eyetooth

Eyetooth

    Początkujący

  • 25 postów

Napisano 18 08 2008 - 09:52

Mam niestety masakrycznie duzo trojanow i wirusow, chce jeteraz usunac a potem zrobic formata zeby po formacie nic nie miec :) zrobilem tez skana trojan removerem 6.7.1

Tym razem z 2 systemu, mam jeden system winxp na dysku C ktorego nie uzywalem i na dysku D ktory jest juz w szczepach przez trojany i inne swinstwa oraz dwie dodatkowe partycje na inne rzeczy.




***** TROJAN REMOVER HAS RESTARTED THE SYSTEM *****
2008-08-19 09:47:14: Trojan Remover has been restarted
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe - process is either not running or could not be terminated
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe - unable to take ownership/change permissions
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe - RAW erasure required
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe has been deleted
Trojan Remover forced a System Restart by terminating WINLOGON.EXE.
The Cleanup Utility was used to remove locked registry keys.
2008-08-19 09:47:15: Trojan Remover closed
************************************************************


***** TROJAN REMOVER HAS RESTARTED THE SYSTEM *****
2008-08-19 09:45:11: Trojan Remover has been restarted
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe - process is either not running or could not be terminated
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe - unable to take ownership/change permissions
=======================================================
Removing the following registry keys:
HKLM\SYSTEM\CurrentControlSet\Services\H - already removed
=======================================================
=======================================================
Deleting the following registry value(s):
HKLM\SYSTEM\CurrentControlSet\Services\Harmonogram automatycznej usługi LiveUpdate\[ImagePath] - already deleted
=======================================================
--------------------------------------------------
The system must be restarted one more time to complete the file operations.
Trojan Remover is restarting the system.
--------------------------------------------------
2008-08-19 09:45:25: Trojan Remover closed
************************************************************


***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.7.1.2538. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 09:40:20 19 sie 2008
Using Database v7104
Operating System: Windows XP SP2 [Windows XP Professional Dodatek Service Pack 2 (Build 2600)]
File System: NTFS
Data directory: C:\Documents and Settings\Szary Wilk\Dane aplikacji\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: C:\Documents and Settings\Szary Wilk\Moje dokumenty\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************************
The following Anti-Malware program(s) are loaded:
Nortons Anti-Virus

************************************************************


************************************************************
09:40:20: Scanning ----------WIN.INI-----------
WIN.INI found in C:\WINDOWS

************************************************************
09:40:20: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\WINDOWS

************************************************************
09:40:20: ----- SCANNING FOR ROOTKIT SERVICES -----
Hidden Service Keyname: H
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe - process is either not running or could not be terminated
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe - unable to take ownership/change permissions (file may not exist)
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe - file backed up to C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe.vir
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe - file has been neutralised
File (not hidden): C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe has been marked for renaming during PC restart
----------

************************************************************
09:40:44: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1033728 bytes
Created: 2002-12-31
Modified: 2002-12-31
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
25088 bytes
Created: 2002-12-31
Modified: 2002-12-31
Company: Microsoft Corporation
----------
This key's "System" value appears to be blank
----------
This key's "UIHost" value calls the following program:
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
515072 bytes
Created: 2002-12-31
Modified: 2002-12-31
Company: Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: NeroFilterCheck
Value Data: C:\WINDOWS\system32\NeroCheck.exe
C:\WINDOWS\system32\NeroCheck.exe
155648 bytes
Created: 2007-04-15
Modified: 2001-07-09
Company: Ahead Software Gmbh
--------------------
Value Name: NVMixerTray
Value Data: "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
131072 bytes
Created: 2007-06-16
Modified: 2004-06-03
Company: NVIDIA Corporation
--------------------
Value Name: NvCplDaemon
Value Data: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
C:\WINDOWS\system32\NvCpl.dll
7700480 bytes
Created: 2004-07-15
Modified: 2006-10-22
Company: NVIDIA Corporation
--------------------
Value Name: nwiz
Value Data: nwiz.exe /install
C:\WINDOWS\system32\nwiz.exe
1622016 bytes
Created: 2004-07-15
Modified: 2006-10-22
Company:
--------------------
Value Name: NvMediaCenter
Value Data: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
C:\WINDOWS\system32\NvMcTray.dll
86016 bytes
Created: 2004-07-15
Modified: 2006-10-22
Company: NVIDIA Corporation
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot
C:\Program Files\Trojan Remover\Trjscan.exe
909904 bytes
Created: 2008-08-18
Modified: 2008-08-18
Company: Simply Super Software
--------------------
Value Name: ccApp
Value Data: "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
84640 bytes
Created: 2006-09-03
Modified: 2006-09-03
Company: Symantec Corporation
--------------------
Value Name: osCheck
Value Data: "C:\Program Files\Norton AntiVirus\osCheck.exe"
C:\Program Files\Norton AntiVirus\osCheck.exe
26248 bytes
Created: 2006-09-05
Modified: 2006-09-05
Company: Symantec Corporation
--------------------
Value Name: Symantec PIF AlertEng
Value Data: "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
583048 bytes
Created: 2008-01-29
Modified: 2008-01-29
Company: Symantec Corporation
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
Could not process the following Registry key:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
Key Value =
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: CTFMON.EXE
Value Data: C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
15360 bytes
Created: 2002-12-31
Modified: 2002-12-31
Company: Microsoft Corporation
--------------------
Value Name: Steam
Value Data: "e:\gry\steam\steam.exe" -silent
e:\gry\steam\steam.exe [file not found to scan]
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty

************************************************************
09:40:46: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place
----------

************************************************************
09:40:46: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------

************************************************************
09:40:46: Scanning -----ACTIVE SCREENSAVER-----
No active ScreenSaver found to scan.

************************************************************
09:40:46: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----

************************************************************
09:40:46: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key: HidServ
%SystemRoot%\System32\hidserv.dll - file is globally excluded (file cannot be found)
--------------------

************************************************************
09:40:47: Scanning ----- SERVICES REGISTRY KEYS -----
Key: AC2003
ImagePath: System32\Drivers\AC2003.sys
C:\WINDOWS\System32\Drivers\AC2003.sys
-R- 4224 bytes
Created: 2007-04-12
Modified: 2004-07-12
Company: ABIT Computer Corp.
----------
Key: adiusbaw
ImagePath: system32\DRIVERS\adiusbaw.sys
C:\WINDOWS\system32\DRIVERS\adiusbaw.sys
118552 bytes
Created: 2007-06-14
Modified: 2007-02-07
Company: Analog Devices Inc.
----------
Key: AmdK7
ImagePath: system32\DRIVERS\amdk7.sys
C:\WINDOWS\system32\DRIVERS\amdk7.sys
41472 bytes
Created: 2004-08-04
Modified: 2002-12-31
Company: Microsoft Corporation
----------
Key: AresChatServer
ImagePath: D:\programy\Ares\chatServer.exe
D:\programy\Ares\chatServer.exe
263168 bytes
Created: 2007-03-20
Modified: 2007-03-20
Company: Ares Development Group
----------
Key: catchme
ImagePath: \??\C:\DOCUME~1\SZARYW~1\USTAWI~1\Temp\catchme.sys - this file is globally excluded
----------
Key: ccEvtMgr
ImagePath: "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
105632 bytes
Created: 2006-09-03
Modified: 2006-09-03
Company: Symantec Corporation
----------
Key: ccSetMgr
ImagePath: "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
105632 bytes
Created: 2006-09-03
Modified: 2006-09-03
Company: Symantec Corporation
----------
Key: CLTNetCnService
ImagePath: "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
105632 bytes
Created: 2006-09-03
Modified: 2006-09-03
Company: Symantec Corporation
----------
Key: E4LOADER
ImagePath: System32\Drivers\e4ldr.sys
C:\WINDOWS\System32\Drivers\e4ldr.sys
69656 bytes
Created: 2007-06-14
Modified: 2007-01-04
Company: Analog Deivces
----------
Key: e4usbaw
ImagePath: system32\DRIVERS\e4usbaw.sys
C:\WINDOWS\system32\DRIVERS\e4usbaw.sys
104344 bytes
Created: 2007-06-14
Modified: 2007-01-04
Company: Analog Devices Inc.
----------
Key: eeCtrl
ImagePath: \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
371248 bytes
Created: 2007-06-15
Modified: 2008-08-17
Company: Symantec Corporation
----------
Key: ELOADER
ImagePath: System32\Drivers\adildr.sys
C:\WINDOWS\System32\Drivers\adildr.sys
56088 bytes
Created: 2007-06-14
Modified: 2007-02-07
Company: Analog Deivces
----------
Key: EraserUtilRebootDrv
ImagePath: \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
99376 bytes
Created: 2008-08-18
Modified: 2008-08-17
Company: Symantec Corporation
----------
Key: Harmonogram automatycznej usługi LiveUpdate
ImagePath: "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
198336 bytes
Created: 2008-08-18
Modified: 2006-09-13
Company: Symantec Corporation
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe - this registry value has been removed [file already neutralised]
----------
Key: ISPwdSvc
ImagePath: "C:\Program Files\Norton AntiVirus\isPwdSvc.exe"
C:\Program Files\Norton AntiVirus\isPwdSvc.exe
79496 bytes
Created: 2006-09-05
Modified: 2006-09-05
Company: Symantec Corporation
----------
Key: LiveUpdate
ImagePath: "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE"
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
2528960 bytes
Created: 2008-08-18
Modified: 2006-09-13
Company: Symantec Corporation
----------
Key: LiveUpdate Notice Ex
ImagePath: "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
105632 bytes
Created: 2006-09-03
Modified: 2006-09-03
Company: Symantec Corporation
----------
Key: LiveUpdate Notice Service
ImagePath: "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll"
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
583048 bytes
Created: 2008-01-29
Modified: 2008-01-29
Company: Symantec Corporation
----------
Key: NAVENG
ImagePath: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080817.003\NAVENG.SYS
C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080817.003\NAVENG.SYS
89936 bytes
Created: 2008-08-18
Modified: 2008-07-16
Company: Symantec Corporation
----------
Key: NAVEX15
ImagePath: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080817.003\NAVEX15.SYS
C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080817.003\NAVEX15.SYS
856336 bytes
Created: 2008-08-18
Modified: 2008-07-16
Company: Symantec Corporation
----------
Key: NPF
ImagePath: system32\drivers\npf.sys
C:\WINDOWS\system32\drivers\npf.sys
32512 bytes
Created: 2005-08-02
Modified: 2005-08-02
Company: CACE Technologies
----------
Key: nvatabus
ImagePath: system32\DRIVERS\nvatabus.sys
C:\WINDOWS\system32\DRIVERS\nvatabus.sys
-R- 79360 bytes
Created: 2007-04-12
Modified: 2004-06-03
Company: NVIDIA Corporation
----------
Key: nvax
ImagePath: system32\drivers\nvax.sys
C:\WINDOWS\system32\drivers\nvax.sys
-R- 48640 bytes
Created: 2007-04-12
Modified: 2004-05-25
Company: NVIDIA Corporation
----------
Key: NVENET
ImagePath: system32\DRIVERS\NVENET.sys
C:\WINDOWS\system32\DRIVERS\NVENET.sys
-R- 93764 bytes
Created: 2008-01-18
Modified: 2004-01-28
Company: NVIDIA Corporation
----------
Key: nvnforce
ImagePath: system32\drivers\nvapu.sys
C:\WINDOWS\system32\drivers\nvapu.sys
-R- 396032 bytes
Created: 2007-04-12
Modified: 2004-05-25
Company: NVIDIA Corporation
----------
Key: nv_agp
ImagePath: system32\DRIVERS\nv_agp.sys
C:\WINDOWS\system32\DRIVERS\nv_agp.sys
-R- 21120 bytes
Created: 2007-04-12
Modified: 2003-10-29
Company: NVIDIA Corporation
----------
Key: rpcapd
ImagePath: "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini"
C:\Program Files\WinPcap\rpcapd.exe
86016 bytes
Created: 2005-08-02
Modified: 2005-08-02
Company: CACE Technologies
----------
Key: Secdrv
ImagePath: system32\DRIVERS\secdrv.sys
C:\WINDOWS\system32\DRIVERS\secdrv.sys
27440 bytes
Created: 2002-12-31
Modified: 2002-12-31
Company:
----------
Key: sfman
ImagePath: system32\drivers\sfmanm.sys
C:\WINDOWS\system32\drivers\sfmanm.sys
36480 bytes
Created: 2007-06-16
Modified: 2001-08-17
Company: Creative Technology Ltd.
----------
Key: SPBBCDrv
ImagePath: \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
406672 bytes
Created: 2006-08-18
Modified: 2006-08-18
Company: Symantec Corporation
----------
Key: sptd
ImagePath: System32\Drivers\sptd.sys - this file is globally excluded
----------
Key: SRTSP
ImagePath: System32\Drivers\SRTSP.SYS
C:\WINDOWS\System32\Drivers\SRTSP.SYS
279088 bytes
Created: 2007-11-30
Modified: 2007-11-30
Company: Symantec Corporation
----------
Key: SRTSPL
ImagePath: System32\Drivers\SRTSPL.SYS
C:\WINDOWS\System32\Drivers\SRTSPL.SYS
317616 bytes
Created: 2007-11-30
Modified: 2007-11-30
Company: Symantec Corporation
----------
Key: SRTSPX
ImagePath: System32\Drivers\SRTSPX.SYS
C:\WINDOWS\System32\Drivers\SRTSPX.SYS
43696 bytes
Created: 2007-11-30
Modified: 2007-11-30
Company: Symantec Corporation
----------
Key: SwPrv
ImagePath: C:\WINDOWS\system32\dllhost.exe /Processid:{8D9DB2A7-9A1E-430B-8966-181546EB9AB7}
C:\WINDOWS\system32\dllhost.exe
5120 bytes
Created: 2002-12-31
Modified: 2002-12-31
Company: Microsoft Corporation
----------
Key: Symantec Core LC
ImagePath: "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe"
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
1251720 bytes
Created: 2007-06-15
Modified: 2008-08-18
Company:
----------
Key: SymAppCore
ImagePath: "C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe"
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
46736 bytes
Created: 2006-09-01
Modified: 2006-09-01
Company: Symantec Corporation
----------
Key: SYMDNS
ImagePath: \SystemRoot\System32\Drivers\SYMDNS.SYS
C:\WINDOWS\System32\Drivers\SYMDNS.SYS
11968 bytes
Created: 2006-09-02
Modified: 2006-09-02
Company: Symantec Corporation
----------
Key: SymEvent
ImagePath: \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
123952 bytes
Created: 2008-08-18
Modified: 2008-08-18
Company: Symantec Corporation
----------
Key: SYMFW
ImagePath: \SystemRoot\System32\Drivers\SYMFW.SYS
C:\WINDOWS\System32\Drivers\SYMFW.SYS
144832 bytes
Created: 2006-09-02
Modified: 2006-09-02
Company: Symantec Corporation
----------
Key: SYMIDS
ImagePath: \SystemRoot\System32\Drivers\SYMIDS.SYS
C:\WINDOWS\System32\Drivers\SYMIDS.SYS
39104 bytes
Created: 2006-09-02
Modified: 2006-09-02
Company: Symantec Corporation
----------
Key: SYMIDSCO
ImagePath: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\IDS-DI~1\20080813.001\SymIDSCo.sys
C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\IDS-DI~1\20080813.001\SymIDSCo.sys
240496 bytes
Created: 2008-08-18
Modified: 2008-07-16
Company: Symantec Corporation
----------
Key: symlcbrd
ImagePath: \??\C:\WINDOWS\system32\drivers\symlcbrd.sys
C:\WINDOWS\system32\drivers\symlcbrd.sys
10344 bytes
Created: 2007-06-15
Modified: 2007-06-15
Company: Symantec Corporation
----------
Key: SYMNDIS
ImagePath: \SystemRoot\System32\Drivers\SYMNDIS.SYS
C:\WINDOWS\System32\Drivers\SYMNDIS.SYS
33216 bytes
Created: 2006-09-02
Modified: 2006-09-02
Company: Symantec Corporation
----------
Key: SYMREDRV
ImagePath: \SystemRoot\System32\Drivers\SYMREDRV.SYS
C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
26432 bytes
Created: 2006-09-02
Modified: 2006-09-02
Company: Symantec Corporation
----------
Key: SYMTDI
ImagePath: \SystemRoot\System32\Drivers\SYMTDI.SYS
C:\WINDOWS\System32\Drivers\SYMTDI.SYS
186048 bytes
Created: 2006-09-02
Modified: 2006-09-02
Company: Symantec Corporation
----------

************************************************************
09:41:02: Scanning -----VXD ENTRIES-----

************************************************************
09:41:02: Scanning ----- WINLOGON\NOTIFY DLLS -----

************************************************************
09:41:02: Scanning ----- CONTEXTMENUHANDLERS -----
Key: Symantec.Norton.Antivirus.IEContextMenu
CLSID: {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}
Path: C:\PROGRA~1\NORTON~1\NavShExt.dll
C:\PROGRA~1\NORTON~1\NavShExt.dll
173728 bytes
Created: 2006-09-06
Modified: 2006-09-06
Company: Symantec Corporation
----------

************************************************************
09:41:02: Scanning ----- FOLDER\COLUMNHANDLERS -----

************************************************************
09:41:02: Scanning ----- BROWSER HELPER OBJECTS -----
No Browser Helper Objects found to scan

************************************************************
09:41:02: Scanning ----- SHELLSERVICEOBJECTS -----

************************************************************
09:41:02: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----

************************************************************
09:41:02: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.

************************************************************
09:41:02: Scanning ----- APPINIT_DLLS -----
The AppInit_DLLs value is blank

************************************************************
09:41:02: Scanning ----- SECURITY PROVIDER DLLS -----

************************************************************
09:41:02: Scanning ------ COMMON STARTUP GROUP ------
[C:\Documents and Settings\All Users\Menu Start\Programy\Autostart]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\desktop.ini
-HS- 84 bytes
Created: 2007-04-05
Modified: 2007-06-14
Company:
--------------------
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
1205840 bytes
Created: 2007-06-14
Modified: 2007-02-13
Company:
DSLMON.lnk - links to C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
--------------------
C:\Program Files\Microsoft Office\Office\OSA9.EXE
65588 bytes
Created: 1999-02-17
Modified: 1999-02-17
Company: Microsoft Corporation
Microsoft Office.lnk - links to C:\Program Files\Microsoft Office\Office\OSA9.EXE
--------------------

************************************************************
No User Startup Groups were located to check

************************************************************
09:41:03: Scanning ----- SCHEDULED TASKS -----
Taskname: Norton AntiVirus - Uruchom pełne skanowanie systemu - Szary Wilk.job
File: C:\PROGRA~1\NORTON~1\Navw32.exe
C:\PROGRA~1\NORTON~1\Navw32.exe
214688 bytes
Created: 2006-09-06
Modified: 2006-09-06
Company: Symantec Corporation
Parameters: /TASK:"C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Norton AntiVirus\Tasks\mycomp.sca"
Next Run Time: 2008-08-22 20:00:00
Status: Zadanie jeszcze nie działało
Creator: Szary Wilk
Comments: Jest to zaplanowane zadanie skanowania w programie Norton AntiVirus.
----------

************************************************************
09:41:03: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----

************************************************************
09:41:03: ----- ADDITIONAL CHECKS -----
PE386 rootkit checks completed
----------
Winlogon registry rootkit checks completed
----------
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
Windows Explorer Policies checks completed
----------
Desktop Wallpaper entry is blank
----------
Web Desktop Wallpaper entry is blank
----------
Additional checks completed

************************************************************
09:41:03: Scanning ----- RUNNING PROCESSES -----

C:\WINDOWS\System32\smss.exe
--------------------
C:\WINDOWS\system32\csrss.exe
--------------------
C:\WINDOWS\system32\winlogon.exe
--------------------
C:\WINDOWS\system32\services.exe
--------------------
C:\WINDOWS\system32\lsass.exe
--------------------
C:\WINDOWS\system32\svchost.exe
--------------------
C:\WINDOWS\system32\svchost.exe
--------------------
C:\WINDOWS\System32\svchost.exe
--------------------
C:\WINDOWS\system32\svchost.exe
--------------------
C:\WINDOWS\system32\svchost.exe
--------------------
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
--------------------
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
--------------------
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
--------------------
C:\WINDOWS\Explorer.EXE
--------------------
C:\WINDOWS\system32\spoolsv.exe
--------------------
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
--------------------
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
--------------------
C:\Program Files\Trojan Remover\Trjscan.exe
--------------------
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
--------------------
C:\WINDOWS\system32\ctfmon.exe
--------------------
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
--------------------
C:\WINDOWS\system32\devldr32.exe
--------------------
C:\WINDOWS\system32\nvsvc32.exe
--------------------
C:\WINDOWS\system32\MsPMSPSv.exe
--------------------
C:\WINDOWS\system32\wbem\wmiprvse.exe
--------------------
C:\WINDOWS\system32\WgaTray.exe
--------------------
C:\WINDOWS\System32\alg.exe
--------------------
C:\WINDOWS\system32\wbem\wmiprvse.exe
--------------------
C:\Documents and Settings\Szary Wilk\Dane aplikacji\Simply Super Software\Trojan Remover\qtw2.exe
FileSize: 2540096
[This is a Trojan Remover component]
--------------------
--------------------
C:\WINDOWS\system32\wuauclt.exe
--------------------

************************************************************
09:41:05: Checking AUTOEXEC.BAT file
AUTOEXEC.BAT found in C:\
No malicious entries were found in the AUTOEXEC.BAT file

************************************************************
09:41:05: Checking AUTOEXEC.NT file
AUTOEXEC.NT found in C:\WINDOWS\system32
No malicious entries were found in the AUTOEXEC.NT file

************************************************************
09:41:05: Checking HOSTS file
No malicious entries were found in the HOSTS file

************************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page":
%SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://google.pl/
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

************************************************************
=== CHANGES WERE MADE TO THE WINDOWS REGISTRY ===
=== ONE OR MORE FILES WERE RENAMED OR REMOVED ===
Scan completed at: 09:41:05 19 sie 2008
-------------------------------------------------------------------------
One or more files could not be moved or renamed as requested.
They may be in use by Windows, so Trojan Remover needs
to restart the system in order to deal with these files.
2008-08-19 09:41:08: restart commenced
************************************************************


***** DRIVE/DIRECTORY SCAN *****
Trojan Remover Ver 6.7.1.2538. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 22:59:37 18 sie 2008
Using Database v7104
Operating System: Windows XP SP2 [Windows XP Professional Dodatek Service Pack 2 (Build 2600)]
File System: NTFS
Data directory: C:\Documents and Settings\Szary Wilk\Dane aplikacji\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: C:\Documents and Settings\Szary Wilk\Moje dokumenty\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************************
Carrying out scan on D:\
(including subdirectories)
Archive files will be INCLUDED.
The scan will also include files aready renamed by Trojan Remover.
------------------------------
------------------------------
Scan stopped by user after 671 files were checked
No Malware files detected
Scan stopped at: 2008-08-18 23:01:52
************************************************************


***** DRIVE/DIRECTORY SCAN *****
Trojan Remover Ver 6.7.1.2538. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 22:59:13 18 sie 2008
Using Database v7104
Operating System: Windows XP SP2 [Windows XP Professional Dodatek Service Pack 2 (Build 2600)]
File System: NTFS
Data directory: C:\Documents and Settings\Szary Wilk\Dane aplikacji\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: C:\Documents and Settings\Szary Wilk\Moje dokumenty\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************************
Carrying out scan on D:\
(including subdirectories)
Archive files will be EXCLUDED.
------------------------------
------------------------------
Scan stopped by user after 50 files were checked
No Malware files detected
Scan stopped at: 2008-08-18 22:59:21
************************************************************


***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.7.1.2538. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 22:58:50 18 sie 2008
Using Database v7104
Operating System: Windows XP SP2 [Windows XP Professional Dodatek Service Pack 2 (Build 2600)]
File System: NTFS
Data directory: C:\Documents and Settings\Szary Wilk\Dane aplikacji\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: C:\Documents and Settings\Szary Wilk\Moje dokumenty\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************************

************************************************************
22:58:50: Scanning ----------WIN.INI-----------
WIN.INI found in C:\WINDOWS

************************************************************
22:58:50: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\WINDOWS

************************************************************
22:58:50: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.

************************************************************
22:58:50: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1033728 bytes
Created: 2002-12-31
Modified: 2002-12-31
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
25088 bytes
Created: 2002-12-31
Modified: 2002-12-31
Company: Microsoft Corporation
----------
This key's "System" value appears to be blank
----------
This key's "UIHost" value calls the following program:
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
515072 bytes
Created: 2002-12-31
Modified: 2002-12-31
Company: Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: NeroFilterCheck
Value Data: C:\WINDOWS\system32\NeroCheck.exe
C:\WINDOWS\system32\NeroCheck.exe
155648 bytes
Created: 2007-04-15
Modified: 2001-07-09
Company: Ahead Software Gmbh
--------------------
Value Name: NVMixerTray
Value Data: "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
131072 bytes
Created: 2007-06-16
Modified: 2004-06-03
Company: NVIDIA Corporation
--------------------
Value Name: NvCplDaemon
Value Data: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
C:\WINDOWS\system32\NvCpl.dll
7700480 bytes
Created: 2004-07-15
Modified: 2006-10-22
Company: NVIDIA Corporation
--------------------
Value Name: nwiz
Value Data: nwiz.exe /install
C:\WINDOWS\system32\nwiz.exe
1622016 bytes
Created: 2004-07-15
Modified: 2006-10-22
Company:
--------------------
Value Name: NvMediaCenter
Value Data: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
C:\WINDOWS\system32\NvMcTray.dll
86016 bytes
Created: 2004-07-15
Modified: 2006-10-22
Company: NVIDIA Corporation
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot
C:\Program Files\Trojan Remover\Trjscan.exe
909904 bytes
Created: 2008-08-18
Modified: 2008-08-18
Company: Simply Super Software
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: CTFMON.EXE
Value Data: C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
15360 bytes
Created: 2002-12-31
Modified: 2002-12-31
Company: Microsoft Corporation
--------------------
Value Name: Steam
Value Data: "e:\gry\steam\steam.exe" -silent
e:\gry\steam\steam.exe [file not found to scan]
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty

************************************************************
22:58:51: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place
----------

************************************************************
22:58:51: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------

************************************************************
22:58:51: Scanning -----ACTIVE SCREENSAVER-----
No active ScreenSaver found to scan.

************************************************************
22:58:51: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----

************************************************************
22:58:51: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key: HidServ
%SystemRoot%\System32\hidserv.dll - file is globally excluded (file cannot be found)
--------------------

************************************************************
22:58:51: Scanning ----- SERVICES REGISTRY KEYS -----
Key: AC2003
ImagePath: System32\Drivers\AC2003.sys
C:\WINDOWS\System32\Drivers\AC2003.sys
-R- 4224 bytes
Created: 2007-04-12
Modified: 2004-07-12
Company: ABIT Computer Corp.
----------
Key: adiusbaw
ImagePath: system32\DRIVERS\adiusbaw.sys
C:\WINDOWS\system32\DRIVERS\adiusbaw.sys
118552 bytes
Created: 2007-06-14
Modified: 2007-02-07
Company: Analog Devices Inc.
----------
Key: AmdK7
ImagePath: system32\DRIVERS\amdk7.sys
C:\WINDOWS\system32\DRIVERS\amdk7.sys
41472 bytes
Created: 2004-08-04
Modified: 2002-12-31
Company: Microsoft Corporation
----------
Key: AresChatServer
ImagePath: D:\programy\Ares\chatServer.exe
D:\programy\Ares\chatServer.exe
263168 bytes
Created: 2007-03-20
Modified: 2007-03-20
Company: Ares Development Group
----------
Key: E4LOADER
ImagePath: System32\Drivers\e4ldr.sys
C:\WINDOWS\System32\Drivers\e4ldr.sys
69656 bytes
Created: 2007-06-14
Modified: 2007-01-04
Company: Analog Deivces
----------
Key: e4usbaw
ImagePath: system32\DRIVERS\e4usbaw.sys
C:\WINDOWS\system32\DRIVERS\e4usbaw.sys
104344 bytes
Created: 2007-06-14
Modified: 2007-01-04
Company: Analog Devices Inc.
----------
Key: eeCtrl
ImagePath: \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
389432 bytes
Created: 2007-06-15
Modified: 2007-05-15
Company: Symantec Corporation
----------
Key: ELOADER
ImagePath: System32\Drivers\adildr.sys
C:\WINDOWS\System32\Drivers\adildr.sys
56088 bytes
Created: 2007-06-14
Modified: 2007-02-07
Company: Analog Deivces
----------
Key: NPF
ImagePath: system32\drivers\npf.sys
C:\WINDOWS\system32\drivers\npf.sys
32512 bytes
Created: 2005-08-02
Modified: 2005-08-02
Company: CACE Technologies
----------
Key: nvatabus
ImagePath: system32\DRIVERS\nvatabus.sys
C:\WINDOWS\system32\DRIVERS\nvatabus.sys
-R- 79360 bytes
Created: 2007-04-12
Modified: 2004-06-03
Company: NVIDIA Corporation
----------
Key: nvax
ImagePath: system32\drivers\nvax.sys
C:\WINDOWS\system32\drivers\nvax.sys
-R- 48640 bytes
Created: 2007-04-12
Modified: 2004-05-25
Company: NVIDIA Corporation
----------
Key: NVENET
ImagePath: system32\DRIVERS\NVENET.sys
C:\WINDOWS\system32\DRIVERS\NVENET.sys
-R- 93764 bytes
Created: 2008-01-18
Modified: 2004-01-28
Company: NVIDIA Corporation
----------
Key: nvnforce
ImagePath: system32\drivers\nvapu.sys
C:\WINDOWS\system32\drivers\nvapu.sys
-R- 396032 bytes
Created: 2007-04-12
Modified: 2004-05-25
Company: NVIDIA Corporation
----------
Key: nv_agp
ImagePath: system32\DRIVERS\nv_agp.sys
C:\WINDOWS\system32\DRIVERS\nv_agp.sys
-R- 21120 bytes
Created: 2007-04-12
Modified: 2003-10-29
Company: NVIDIA Corporation
----------
Key: rpcapd
ImagePath: "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini"
C:\Program Files\WinPcap\rpcapd.exe
86016 bytes
Created: 2005-08-02
Modified: 2005-08-02
Company: CACE Technologies
----------
Key: Secdrv
ImagePath: system32\DRIVERS\secdrv.sys
C:\WINDOWS\system32\DRIVERS\secdrv.sys
27440 bytes
Created: 2002-12-31
Modified: 2002-12-31
Company:
----------
Key: sfman
ImagePath: system32\drivers\sfmanm.sys
C:\WINDOWS\system32\drivers\sfmanm.sys
36480 bytes
Created: 2007-06-16
Modified: 2001-08-17
Company: Creative Technology Ltd.
----------
Key: sptd
ImagePath: System32\Drivers\sptd.sys - this file is globally excluded
----------
Key: SwPrv
ImagePath: C:\WINDOWS\system32\dllhost.exe /Processid:{8D9DB2A7-9A1E-430B-8966-181546EB9AB7}
C:\WINDOWS\system32\dllhost.exe
5120 bytes
Created: 2002-12-31
Modified: 2002-12-31
Company: Microsoft Corporation
----------
Key: Symantec Core LC
ImagePath: "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe"
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
1174152 bytes
Created: 2007-06-15
Modified: 2007-06-15
Company: Symantec Corporation
----------
Key: SYMIDSCO
ImagePath: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\IDS-DI~1\20070628.004\symidsco.sys
C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\IDS-DI~1\20070628.004\symidsco.sys [file not found to scan]
----------
Key: symlcbrd
ImagePath: \??\C:\WINDOWS\system32\drivers\symlcbrd.sys
C:\WINDOWS\system32\drivers\symlcbrd.sys
10344 bytes
Created: 2007-06-15
Modified: 2007-06-15
Company: Symantec Corporation
----------

************************************************************
22:58:54: Scanning -----VXD ENTRIES-----

************************************************************
22:58:54: Scanning ----- WINLOGON\NOTIFY DLLS -----

************************************************************
22:58:54: Scanning ----- CONTEXTMENUHANDLERS -----

************************************************************
22:58:54: Scanning ----- FOLDER\COLUMNHANDLERS -----

************************************************************
22:58:54: Scanning ----- BROWSER HELPER OBJECTS -----
No Browser Helper Objects found to scan

************************************************************
22:58:54: Scanning ----- SHELLSERVICEOBJECTS -----

************************************************************
22:58:54: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----

************************************************************
22:58:54: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.

************************************************************
22:58:54: Scanning ----- APPINIT_DLLS -----
The AppInit_DLLs value is blank

************************************************************
22:58:54: Scanning ----- SECURITY PROVIDER DLLS -----

************************************************************
22:58:54: Scanning ------ COMMON STARTUP GROUP ------
[C:\Documents and Settings\All Users\Menu Start\Programy\Autostart]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\desktop.ini
-HS- 84 bytes
Created: 2007-04-05
Modified: 2007-06-14
Company:
--------------------
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
1205840 bytes
Created: 2007-06-14
Modified: 2007-02-13
Company:
DSLMON.lnk - links to C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
--------------------
C:\Program Files\Microsoft Office\Office\OSA9.EXE
65588 bytes
Created: 1999-02-17
Modified: 1999-02-17
Company: Microsoft Corporation
Microsoft Office.lnk - links to C:\Program Files\Microsoft Office\Office\OSA9.EXE
--------------------

************************************************************
No User Startup Groups were located to check

************************************************************
22:58:54: Scanning ----- SCHEDULED TASKS -----
No Scheduled Tasks found to scan

************************************************************
22:58:54: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----

************************************************************
22:58:54: ----- ADDITIONAL CHECKS -----
PE386 rootkit checks completed
----------
Winlogon registry rootkit checks completed
----------
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
Windows Explorer Policies checks completed
----------
Desktop Wallpaper entry is blank
----------
Web Desktop Wallpaper entry is blank
----------
Additional checks completed

************************************************************
22:58:55: Scanning ----- RUNNING PROCESSES -----

C:\WINDOWS\System32\smss.exe
--------------------
C:\WINDOWS\system32\csrss.exe
--------------------
C:\WINDOWS\system32\winlogon.exe
--------------------
C:\WINDOWS\system32\services.exe
--------------------
C:\WINDOWS\system32\lsass.exe
--------------------
C:\WINDOWS\system32\svchost.exe
--------------------
C:\WINDOWS\system32\svchost.exe
--------------------
C:\WINDOWS\System32\svchost.exe
--------------------
C:\WINDOWS\system32\svchost.exe
--------------------
C:\WINDOWS\system32\spoolsv.exe
--------------------
C:\WINDOWS\system32\svchost.exe
--------------------
C:\WINDOWS\system32\nvsvc32.exe
--------------------
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
--------------------
C:\WINDOWS\system32\MsPMSPSv.exe
--------------------
C:\WINDOWS\System32\alg.exe
--------------------
C:\WINDOWS\system32\wscntfy.exe
--------------------
C:\WINDOWS\system32\WgaTray.exe
--------------------
C:\WINDOWS\Explorer.EXE
--------------------
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
--------------------
C:\WINDOWS\system32\ctfmon.exe
--------------------
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
--------------------
C:\WINDOWS\system32\devldr32.exe
--------------------
C:\WINDOWS\system32\wuauclt.exe
--------------------
C:\WINDOWS\system32\wbem\wmiprvse.exe
--------------------
C:\Documents and Settings\Szary Wilk\Dane aplikacji\Simply Super Software\Trojan Remover\srr6.exe
FileSize: 2540096
[This is a Trojan Remover component]
--------------------
--------------------

************************************************************
22:58:57: Checking AUTOEXEC.BAT file
AUTOEXEC.BAT found in C:\
No malicious entries were found in the AUTOEXEC.BAT file

************************************************************
22:58:57: Checking AUTOEXEC.NT file
AUTOEXEC.NT found in C:\WINDOWS\system32
No malicious entries were found in the AUTOEXEC.NT file

************************************************************
22:58:57: Checking HOSTS file
No malicious entries were found in the HOSTS file

************************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page":
%SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://google.pl/
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

************************************************************
=== NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES ===
Scan completed at: 22:58:57 18 sie 2008
************************************************************
  • 0

#8 ordynat

ordynat

    Zaawansowany użytkownik

  • 804 postów

Napisano 18 08 2008 - 12:08

Raport potwierdza, że nie masz już żadnej infekcji.

Co do braku zakładki we "Właściwościach" to teoretycznie można by to zmienić poprzez modyfikację klucza Rejestru, ale ja niestety nie pamiętam, w którym to jest kluczu.

ordynat

  • 0




Użytkownicy przeglądający ten temat: 0

0 użytkowników, 0 gości, 0 anonimowych