Skocz do zawartości


Zdjęcie

[wirus + logi] Czy to wirus ?


  • Zamknięty Temat jest zamknięty
7 odpowiedzi w tym temacie

#1 Specta

Specta

    Początkujący

  • 19 postów

Napisano 14 11 2007 - 23:22

Witam dostałem taką wiadomość:

Dołączona grafika

Pod linkiem "Dalsza część wiadomości..." kryje się strona: h##p://www2.fotka.pl.host7016.kdiwr1.hk/se...1cDIJ6YGLqXRUQk

Ja oczywiście naiwnie kliknąłem a strona się nie otwarła - pojawił się jakiś błąd serwera. Czy można sprawdzić czy coś złapałem ? Jak to zrobić ?

  • 0

#2 wncvirus

wncvirus

    Leń !

  • 851 postów

Napisano 14 11 2007 - 23:33

Daj logi z hjt i zobaczymy czy coś złapałeś

  • 0

#3 Specta

Specta

    Początkujący

  • 19 postów

Napisano 14 11 2007 - 23:39

Dzięki za szybką odpowiedź. Zamieszczam LOGA

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:46:40, on 2007-11-14
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe
C:\Program Files\PCRemoter\pcr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\MxClock\mxClock.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Portrait Displays\DisplayTune\DTSRVC.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\TC PowerPack\totalcmd.exe
F:\Instalacja XP\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft....k/?LinkId=69157[/url]
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [url="http://www.faststone.org/ThankYou.htm"]http://www.faststone.org/ThankYou.htm[/url]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"
O4 - HKCU\..\Run: [PCRemoter] C:\Program Files\PCRemoter\pcr.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [mxClock] C:\Program Files\MxClock\mxClock.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Desktop Calendar StartUp.lnk = C:\Program Files\Desktop Calendar\DESKCAL.EXE
O4 - Global Startup: DisplayTune.lnk = C:\Program Files\Portrait Displays\DisplayTune\dthtml.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O23 - Service: Urządzenie mobilne Apple (Apple Mobile Device) - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Portrait Displays\DisplayTune\DTSRVC.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Usługa iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


--
End of file - 7143 bytes

Użytkownik pawel315 edytował ten post 05 01 2013 - 17:54

  • 0

#4 wncvirus

wncvirus

    Leń !

  • 851 postów

Napisano 14 11 2007 - 23:48

Log czysty.Powiedz mi tylko czy sam instalowałeś ten [PCRemoter] program?
  • 0

#5 Specta

Specta

    Początkujący

  • 19 postów

Napisano 15 11 2007 - 00:10

Tak. To program do sterowania komputerem za pomocą pilota. Dodawany w zestawie z pilotem.

Wielkie dzięki.
  • 0

#6 Maciej13

Maciej13

    SecurityMaster

  • 261 postów

Napisano 17 11 2007 - 19:39

Pokaż logi z: Silent Runners + ComboFix.
  • 0

#7 yahoo69

yahoo69

    Nałogowy palacz, uzależniony od adrenaliny

  • 763 postów

Napisano 17 11 2007 - 19:41

odinstaluj ten programik moze pomoze..zainstaluj do pilota girdera.......mam podczerwin wlasnej roboty ktora kosztowala mnie w sumie 5 zeta i 15 min lutowania i pilot od tv :lol:
  • 0

#8 Specta

Specta

    Początkujący

  • 19 postów

Napisano 18 11 2007 - 00:14

Tutaj Silent Runners:
"Silent Runners.vbs", revision 52, [url="http://www.silentrunners.org/"]http://www.silentrunners.org/[/url]
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"AWMON" = ""C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"" ["Lavasoft Sweden"]
"PCRemoter" = "C:\Program Files\PCRemoter\pcr.exe" ["KLOSNET"]
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"Gadu-Gadu" = ""C:\Program Files\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu S.A."]
"mxClock" = "C:\Program Files\MxClock\mxClock.exe" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]
"nod32kui" = ""C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE" ["Eset "]
"CTSysVol" = "C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r" ["Creative Technology Ltd"]
"Kernel and Hardware Abstraction Layer" = "KHALMNPR.EXE" ["Logitech Inc."]
"P17Helper" = "Rundll32 P17.dll,P17Helper" [MS]
"WinFast Schedule" = "C:\Program Files\WinFast\WFTVFM\WFWIZ.exe" ["Leadtek Research Inc."]
"SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"" ["Sun Microsystems, Inc."]
"QuickTime Task" = ""C:\Program Files\QuickTime\QTTask.exe" -atboottime" ["Apple Inc."]
"iTunesHelper" = ""C:\Program Files\iTunes\iTunesHelper.exe"" ["Apple Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\ {++}
"Flag" = hex:0x00000002

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
  -> {HKLM...CLSID} = "AcroIEHlprObj Class"
				   \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}\(Default) = "BitComet ClickCapture"
  -> {HKLM...CLSID} = "BitComet Helper"
				   \InProcServer32\(Default) = "C:\Program Files\BitComet\tools\BitCometBHO.dll" ["BitComet"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
  -> {HKLM...CLSID} = "SSVHelper Class"
				   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."]
{AE7CD045-E861-484f-8273-0445EE161910}\(Default) = (no title provided)
  -> {HKLM...CLSID} = "AcroIEToolbarHelper Class"
				   \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
  -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
				   \InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"
				   \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
  -> {HKLM...CLSID} = "DesktopContext Class"
				   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
  -> {HKLM...CLSID} = "NVIDIA CPL Extension"
				   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
  -> {HKLM...CLSID} = "Desktop Explorer"
				   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
  -> {HKLM...CLSID} = (no title provided)
				   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
  -> {HKLM...CLSID} = "nView Desktop Context Menu"
				   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{B089FE88-FB52-11D3-BDF1-0050DA34150D}" = "NOD32 Context Menu Shell Extension"
  -> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
				   \InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
  -> {HKLM...CLSID} = "Microsoft Office Outlook"
				   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
  -> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook"
				   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
  -> {HKLM...CLSID} = (no title provided)
				   \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
  -> {HKLM...CLSID} = "WinRAR"
				   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"
  -> {HKLM...CLSID} = "NeroDigitalIconHandler Class"
				   \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\lib\NeroDigitalExt.dll" ["Nero AG"]
"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"
  -> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"
				   \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\lib\NeroDigitalExt.dll" ["Nero AG"]
"{19F500E0-9964-11cf-B63D-08002B317C03}" = "Desktop Icon Layout"
  -> {HKLM...CLSID} = "Desktop Icon Layout"
				   \InProcServer32\(Default) = "Layout.dll" ["Microsoft"]
"{FED7043D-346A-414D-ACD7-550D052499A7}" = "dBpowerAMP Music Converter 1"
  -> {HKLM...CLSID} = "dBpShell Class"
				   \InProcServer32\(Default) = "C:\Program Files\Illustrate\dBpowerAMP\dBShell.dll" [empty string]
"{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5}" = "dBpowerAMP Music Converter"
  -> {HKLM...CLSID} = "dMCIShell Class"
				   \InProcServer32\(Default) = "C:\Program Files\Illustrate\dBpowerAMP\dMCShell.dll" [empty string]
"{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8}" = "jetAudio"
  -> {HKLM...CLSID} = "JetFlExt Class"
				   \InProcServer32\(Default) = "C:\Program Files\JetAudio\JetFlExt.dll" ["COWON America"]
"{DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C}" = "Logitech Setpoint Extension"
  -> {HKLM...CLSID} = "KbLogiExt Class"
				   \InProcServer32\(Default) = "C:\Program Files\Logitech\SetPoint\kbcplext.dll" ["Logitech Inc."]
"{B9B9F083-2B04-452A-8691-83694AC1037B}" = "Logitech Setpoint Extension"
  -> {HKLM...CLSID} = "LogiExt Class"
				   \InProcServer32\(Default) = "C:\Program Files\Logitech\SetPoint\mcplext.dll" ["Logitech Inc."]
"{6B19FEC2-A45B-11CF-9045-00A0C9039735}" = "Registered ActiveX Controls"
  -> {HKLM...CLSID} = "Registered ActiveX Controls"
				   \InProcServer32\(Default) = "C:\Program Files\Microsoft Visual Studio\Common\MSDev98\Bin\IDE\DEVXPGL.DLL" [MS]
"{D545EBD1-BD92-11CF-8772-00A0C9039735}" = "Developer Studio Components"
  -> {HKLM...CLSID} = "Developer Studio Components"
				   \InProcServer32\(Default) = "C:\Program Files\Microsoft Visual Studio\Common\MSDev98\Bin\IDE\DEVXPGL.DLL" [MS]
"{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}" = "UnlockerShellExtension"
  -> {HKLM...CLSID} = "UnlockerShellExtension"
				   \InProcServer32\(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data]
"{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}" = "Adobe.Acrobat.ContextMenu"
  -> {HKLM...CLSID} = "Acrobat Elements Context Menu"
				   \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."]
"{654D0431-C930-43C4-B8DA-9AA01BA5B486}" = "PDI GUI Engine COM Obj"
  -> {HKLM...CLSID} = "PDI GUI Engine COM Obj"
				   \InProcServer32\(Default) = "C:\Program Files\Portrait Displays\DisplayTune\HtmlEngine.dll" ["Portrait Displays, Inc"]
"{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}" = "Nokia Phone Browser"
  -> {HKLM...CLSID} = "Nokia Phone Browser"
				   \InProcServer32\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll" ["Nokia"]
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
  -> {HKLM...CLSID} = "iTunes"
				   \InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Inc."]

HKLM\Software\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
  -> {HKLM...CLSID} = (no title provided)
				   \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"
  -> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"
				   \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\lib\NeroDigitalExt.dll" ["Nero AG"]
{FED7043D-346A-414D-ACD7-550D052499A7}\(Default) = "dBpowerAMP Column Handler"
  -> {HKLM...CLSID} = "dBpShell Class"
				   \InProcServer32\(Default) = "C:\Program Files\Illustrate\dBpowerAMP\dBShell.dll" [empty string]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
Adobe.Acrobat.ContextMenu\(Default) = "{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}"
  -> {HKLM...CLSID} = "Acrobat Elements Context Menu"
				   \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."]
NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"
  -> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
				   \InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  -> {HKLM...CLSID} = "WinRAR"
				   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
jetAudio\(Default) = "{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8}"
  -> {HKLM...CLSID} = "JetFlExt Class"
				   \InProcServer32\(Default) = "C:\Program Files\JetAudio\JetFlExt.dll" ["COWON America"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  -> {HKLM...CLSID} = "WinRAR"
				   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
FineReader8\(Default) = "{F7091C74-EBB1-49D7-94C7-FE4886CCC18D}"
  -> {HKLM...CLSID} = "FineReader8ExplorerContextMenuHandler"
				   \InProcServer32\(Default) = "C:\Program Files\ABBYY FineReader 8.0 Professional Edition\FECMenu.dll" ["ABBYY Software"]
IconLayout\(Default) = "{19F500E0-9964-11cf-B63D-08002B317C03}"
  -> {HKLM...CLSID} = "Desktop Icon Layout"
				   \InProcServer32\(Default) = "Layout.dll" ["Microsoft"]
jetAudio\(Default) = "{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8}"
  -> {HKLM...CLSID} = "JetFlExt Class"
				   \InProcServer32\(Default) = "C:\Program Files\JetAudio\JetFlExt.dll" ["COWON America"]
NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"
  -> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
				   \InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]
UnlockerShellExtension\(Default) = "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}"
  -> {HKLM...CLSID} = "UnlockerShellExtension"
				   \InProcServer32\(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  -> {HKLM...CLSID} = "WinRAR"
				   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
UnlockerShellExtension\(Default) = "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}"
  -> {HKLM...CLSID} = "UnlockerShellExtension"
				   \InProcServer32\(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\Program Files\AutoPatcher\modules\AddOns\Wallpapers\newwalls\New Bliss.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Program Files\AutoPatcher\modules\AddOns\Wallpapers\newwalls\New Bliss.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\JP_Snow.scr" ["nufsoft.com"]


Startup items in "Adi" & "All Users" startup folders:
-----------------------------------------------------

C:\Documents and Settings\Adi\Menu Start\Programy\Autostart
"Desktop Calendar StartUp" -> shortcut to: "C:\Program Files\Desktop Calendar\DESKCAL.EXE -OnlyDraw" ["Shinonon Free Softrware"]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
"DisplayTune" -> shortcut to: "C:\Program Files\Portrait Displays\DisplayTune\dthtml.exe -startup_folder" ["Portrait Displays, Inc"]
"Logitech SetPoint" -> shortcut to: "C:\Program Files\Logitech\SetPoint\SetPoint.exe" ["Logitech Inc."]


Enabled Scheduled Tasks:
------------------------

"AppleSoftwareUpdate" -> launches: "C:\Program Files\Apple Software Update\SoftwareUpdate.exe -task" ["Apple Inc."]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000004\LibraryPath = "C:\Program Files\Bonjour\mdnsNSP.dll" ["Apple Computer, Inc."]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
C:\WINDOWS\system32\imon.dll ["Eset "], 01 - 05, 12
%SystemRoot%\system32\mswsock.dll [MS], 06 - 09, 13 - 24
%SystemRoot%\system32\rsvpsp.dll [MS], 10 - 11


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"
  -> {HKLM...CLSID} = "Adobe PDF"
				   \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll" [null data]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" = (no title provided)
  -> {HKLM...CLSID} = "Adobe PDF"
				   \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll" [null data]

Explorer Bars

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
{182EC0BE-5110-49C8-A062-BEB1D02A220B}\(Default) = (no title provided)
  -> {HKLM...CLSID} = "Adobe PDF"
				   \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll" [null data]

HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Badanie"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}"
  -> {HKCU...CLSID} = "Java Plug-in 1.6.0_03"
				   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."]
  -> {HKLM...CLSID} = "Java Plug-in 1.6.0_03"
				   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll" ["Sun Microsystems, Inc."]

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Badanie"

{E2E2DD38-D088-4134-82B7-F2BA38496583}\
"MenuText" = "@xpsp3res.dll,-20001"
"Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##, Bonjour Service, ""C:\Program Files\Bonjour\mDNSResponder.exe"" ["Apple Computer, Inc."]
Creative Service for CDROM Access, Creative Service for CDROM Access, "C:\WINDOWS\system32\CTsvcCDA.exe" ["Creative Technology Ltd"]
Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS]
NOD32 Kernel Service, NOD32krn, ""C:\Program Files\Eset\nod32krn.exe"" ["Eset "]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
Portrait Displays Display Tune Service, DTSRVC, "C:\Program Files\Portrait Displays\DisplayTune\DTSRVC.exe" [null data]
Ulead Burning Helper, UleadBurningHelper, "C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe" ["Ulead Systems, Inc."]
Urządzenie mobilne Apple, Apple Mobile Device, ""C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"" ["Apple, Inc."]
Usługa iPod, iPod Service, ""C:\Program Files\iPod\bin\iPodService.exe"" ["Apple Inc."]
Windows Driver Foundation - User-mode Driver Framework, WudfSvc, "C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup" {"C:\WINDOWS\System32\WUDFSvc.dll" [MS]}
WMDM PMSP Service, WMDM PMSP Service, "C:\WINDOWS\system32\MsPMSPSv.exe" [MS]


Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
Adobe PDF Port\Driver = "C:\WINDOWS\system32\AdobePDF.dll" ["Adobe Systems Incorporated."]
Canon BJ Language Monitor iP1600\Driver = "CNMLM75.DLL" ["CANON INC."]
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]
PDFCreator\Driver = "pdfcmnnt.dll" [null data]


---------- (launch time: 2007-11-14 22:53:14)
<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
  launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
  DLL launch points, use the -supp parameter or answer "No" at the
  first message box and "Yes" at the second message box.
---------- (total run time: 52 seconds, including 4 seconds for message boxes)

Tutaj ComboFix:

ComboFix 07-11-08.1 - Adi 2007-11-17 23:16:57.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.490 [GMT 1:00]
Running from: F:\Instalacja XP\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\myglobalsearch
C:\Program Files\myglobalsearch\bar\1.bin\M9PLUGIN.DLL

.
(((((((((((((((((((((((((   Files Created from 2007-10-17 to 2007-11-17  )))))))))))))))))))))))))))))))
.

2007-11-17 23:15	51,200	--a------	C:\WINDOWS\NirCmd.exe
2007-11-17 14:53	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\GRETECH
2007-11-17 14:52	<DIR>	d--------	C:\Program Files\GRETECH
2007-11-17 14:52	<DIR>	d--------	C:\Documents and Settings\Adi\Dane aplikacji\GRETECH
2007-11-17 08:28	<DIR>	d--------	C:\Program Files\MagicISO
2007-11-17 06:50	<DIR>	d--------	C:\Program Files\Web Idea Tree
2007-11-16 02:11	<DIR>	d--------	C:\Program Files\Computerbrains
2007-11-16 02:11	<DIR>	d--------	C:\Documents and Settings\Adi\WINDOWS
2007-11-14 23:00	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2007-11-14 21:37	2,414,360	--a------	C:\WINDOWS\system32\d3dx9_31.dll
2007-11-14 21:36	<DIR>	d--------	C:\Program Files\PerformanceTest
2007-11-13 22:44	129,536	--a------	C:\WINDOWS\system32\IJL15.dll
2007-11-12 20:23	<DIR>	d--------	C:\Program Files\PF3DEN
2007-11-11 21:30	<DIR>	d--------	C:\Program Files\Arjaloc
2007-11-11 09:32	<DIR>	d--------	C:\Program Files\iPod
2007-11-10 20:23	<DIR>	d--------	C:\WINDOWS\[u]0[/u]4_screensaver_Prima_clock dir
2007-11-10 20:23	12,288	--a------	C:\WINDOWS\impborl.dll
2007-11-10 10:01	<DIR>	d--------	C:\Documents and Settings\Adi\Dane aplikacji\Nokia Multimedia Player
2007-11-10 09:49	<DIR>	d--------	C:\Program Files\Common Files\PCSuite
2007-11-10 09:49	<DIR>	d--------	C:\Program Files\Common Files\Nokia
2007-11-10 09:47	<DIR>	d--------	C:\Program Files\PC Connectivity Solution
2007-11-10 09:43	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Installations
2007-11-09 06:34	<DIR>	d--------	C:\Documents and Settings\Adi\Dane aplikacji\JAM Software
2007-11-09 06:33	<DIR>	d--------	C:\Program Files\JAM Software
2007-11-08 02:10	<DIR>	d--------	C:\Program Files\Sonic Foundry
2007-11-08 02:08	<DIR>	d--------	C:\Program Files\Sonic Foundry Setup
2007-11-08 01:31	<DIR>	d--------	C:\Program Files\Total Video Converter
2007-11-07 19:08	<DIR>	d--------	C:\Program Files\IVCsoft
2007-11-07 18:52	<DIR>	d--------	C:\Program Files\Absolute Video Converter
2007-11-07 18:45	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\shctxex.vb
2007-11-07 18:45	245,408	--a------	C:\WINDOWS\system32\unicows.dll
2007-11-07 18:45	69,632	--a------	C:\WINDOWS\system32\vzcontextmenu.dll
2007-11-07 18:45	4,608	--a------	C:\WINDOWS\system32\W95INF32.DLL
2007-11-07 18:45	2,272	--a------	C:\WINDOWS\system32\W95INF16.DLL
2007-11-07 18:36	<DIR>	d--------	C:\WINDOWS\Mozilla
2007-11-07 18:08	<DIR>	d--------	C:\Program Files\MediaCoder
2007-11-07 17:56	<DIR>	d--------	C:\Program Files\FLVPlayer
2007-11-06 22:48	<DIR>	d--------	C:\Program Files\Futuremark
2007-11-06 22:41	<DIR>	d--------	C:\Program Files\Hot CPU Tester Pro 4 LE
2007-11-06 22:12	<DIR>	d--------	C:\Program Files\Prime95
2007-11-06 22:05	<DIR>	d--------	C:\Program Files\Intel Corporation
2007-11-04 05:33	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\FLEXnet
2007-11-04 05:21	<DIR>	d--------	C:\Program Files\Bonjour
2007-11-04 05:07	<DIR>	d--------	C:\Program Files\Common Files\Macrovision Shared
2007-11-04 04:56	<DIR>	d--------	C:\Program Files\Adobe CS3
2007-11-01 11:47	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Last.fm
2007-11-01 11:43	<DIR>	d--------	C:\Program Files\Last.fm
2007-11-01 09:37	<DIR>	d--------	C:\Program Files\Acoustica CD Label Maker
2007-11-01 09:37	<DIR>	d--------	C:\Documents and Settings\Adi\Dane aplikacji\Acoustica
2007-11-01 09:29	<DIR>	d--------	C:\WINDOWS\MVUNINST
2007-11-01 09:29	<DIR>	d--------	C:\Program Files\Common Files\SureThing Shared
2007-11-01 08:11	<DIR>	d--------	C:\Program Files\Green Point Software
2007-11-01 06:39	<DIR>	d--------	C:\Documents and Settings\Adi\Dane aplikacji\VMware
2007-11-01 06:33	<DIR>	d--------	C:\Documents and Settings\LocalService\Dane aplikacji\VMware
2007-11-01 06:31	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\VMware
2007-10-31 17:42	<DIR>	d--------	C:\Documents and Settings\Adi\Dane aplikacji\Picajet.com
2007-10-31 17:41	<DIR>	d--------	C:\Program Files\PicaJet
2007-10-30 22:36	<DIR>	d--------	C:\Program Files\Google
2007-10-29 17:46	<DIR>	d--------	C:\Program Files\Access Password Recovery Genie
2007-10-28 23:56	<DIR>	d--------	C:\WINDOWS\system32\Color
2007-10-28 16:05	<DIR>	d--------	C:\Program Files\Neoretix
2007-10-27 18:59	<DIR>	d--------	C:\Documents and Settings\Adi\Dane aplikacji\FreeCall
2007-10-27 18:58	<DIR>	d--------	C:\Program Files\FreeCall.com
2007-10-27 00:02	<DIR>	d--------	C:\WINDOWS\system32\NtmsData
2007-10-26 19:07	<DIR>	d--------	C:\Documents and Settings\Adi\Dane aplikacji\ACD Systems
2007-10-26 19:05	<DIR>	d--------	C:\Program Files\Common Files\ACD Systems
2007-10-26 19:05	<DIR>	d--------	C:\Program Files\ACD Systems
2007-10-26 19:05	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\ACD Systems
2007-10-26 19:05	9,856	--a------	C:\WINDOWS\system32\drivers\pfc.sys
2007-10-26 05:20	<DIR>	d--------	C:\Program Files\Lavalys
2007-10-26 05:05	<DIR>	d--------	C:\Program Files\360 Degrees of Freedom
2007-10-26 05:05	1,146,970	--a------	C:\WINDOWS\system32\SWFWriterStandalone.dll
2007-10-23 05:20	<DIR>	d--------	C:\Documents and Settings\Adi\Dane aplikacji\DisplayTune
2007-10-23 05:19	11,776	--a------	C:\WINDOWS\system32\drivers\pdiddcci.sys
2007-10-23 05:19	9,984	--a------	C:\WINDOWS\system32\drivers\PdiPorts.sys
2007-10-23 05:18	<DIR>	d--------	C:\Program Files\Portrait Displays
2007-10-21 18:46	118,520	---------	C:\WINDOWS\system32\pxinsi64.exe
2007-10-21 18:46	118,056	---------	C:\WINDOWS\system32\pxcpyi64.exe
2007-10-21 18:31	307,200	--a------	C:\WINDOWS\IsUn0415.exe
2007-10-21 15:23	<DIR>	d-a------	C:\Program Files\HEXelonMAX6
2007-10-21 15:23	<DIR>	d--------	C:\Documents and Settings\Adi\Dane aplikacji\HEXelon
2007-10-21 15:02	<DIR>	d--------	C:\Program Files\JoshMadison
2007-10-20 09:12	<DIR>	d--------	C:\Program Files\MAUS Software
2007-10-20 09:12	24,576	--a------	C:\WINDOWS\system32\msxml3a.dll
2007-10-20 07:38	933,694	--a------	C:\WINDOWS\JP_Snow.scr
2007-10-20 07:30	<DIR>	d--------	C:\Program Files\Nufsoft
2007-10-20 07:04	<DIR>	d--------	C:\Documents and Settings\Adi\Dane aplikacji\3M

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-17 22:20	---------	d-----w	C:\Documents and Settings\Adi\Dane aplikacji\BitTorrent
2007-11-17 22:12	---------	d-----w	C:\Program Files\Mozilla Thunderbird
2007-11-17 09:48	---------	d-----w	C:\Program Files\BitTorrent
2007-11-17 06:09	---------	d---a-w	C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2007-11-16 19:35	---------	d-----w	C:\Program Files\SpeedFan
2007-11-12 19:23	---------	d--h--w	C:\Program Files\InstallShield Installation Information
2007-11-11 08:32	---------	d-----w	C:\Program Files\iTunes
2007-11-11 08:30	---------	d-----w	C:\Program Files\QuickTime
2007-11-10 08:52	---------	d-----w	C:\Documents and Settings\Adi\Dane aplikacji\Nokia
2007-11-10 08:49	---------	d-----w	C:\Program Files\Nokia
2007-11-10 08:47	---------	d-----w	C:\Program Files\DIFX
2007-11-06 23:11	---------	d-----w	C:\Documents and Settings\Adi\Dane aplikacji\Sony
2007-11-04 08:51	---------	d-----w	C:\Program Files\Common Files\Adobe
2007-11-02 17:15	---------	d-----w	C:\Program Files\NAPI-PROJEKT
2007-10-31 17:37	---------	d-----w	C:\Documents and Settings\Adi\Dane aplikacji\Canon
2007-10-28 13:09	---------	d-----w	C:\Program Files\Gadu-Gadu
2007-10-28 09:57	---------	d-----w	C:\Program Files\Soulseek
2007-10-26 22:32	---------	d-----w	C:\Program Files\Ant Movie Catalog
2007-10-26 22:26	---------	d-----w	C:\Program Files\LaserSoft
2007-10-26 22:22	---------	d-----w	C:\Program Files\Native Instruments
2007-10-26 22:21	---------	d-----w	C:\Program Files\VSTplugins
2007-10-26 22:10	---------	d-----w	C:\Program Files\InterActual
2007-10-26 22:03	---------	d-----w	C:\Program Files\Alchemy Mindworks
2007-10-26 22:02	---------	d-----w	C:\Program Files\EarMaster Pro 5
2007-10-26 21:59	---------	d-----w	C:\Program Files\Chess3D
2007-10-26 21:57	---------	d-----w	C:\Program Files\BWMeter
2007-10-26 21:57	---------	d-----w	C:\Documents and Settings\Adi\Dane aplikacji\DeskSoft
2007-10-26 04:09	---------	d-----w	C:\Program Files\FastStone Image Viewer
2007-10-19 22:02	---------	d-----w	C:\Documents and Settings\Adi\Dane aplikacji\Thinstall
2007-10-15 22:21	---------	d-----w	C:\Program Files\WinISO
2007-10-15 21:18	---------	d-----w	C:\Documents and Settings\Adi\Dane aplikacji\Lionhead Studios
2007-10-14 11:06	---------	d-----w	C:\Program Files\Mpc2mp3
2007-10-14 10:56	593,272	----a-w	C:\WINDOWS\system32\SpoonUninstall.exe
2007-10-10 20:31	---------	d-----w	C:\Documents and Settings\Adi\Dane aplikacji\Spectaculator
2007-10-10 20:22	---------	d-----w	C:\Program Files\ZX Spectrum Emulator
2007-10-10 04:34	---------	d-----w	C:\Program Files\Leksykonia
2007-10-07 05:35	---------	d-----w	C:\Documents and Settings\All Users\Dane aplikacji\DeskSoft
2007-10-06 04:48	---------	d-----w	C:\Documents and Settings\Adi\Dane aplikacji\SlySoft
2007-10-05 04:23	---------	d-----w	C:\Program Files\Java
2007-10-05 04:22	---------	d-----w	C:\Program Files\Common Files\Java
2007-10-02 20:37	---------	d-----w	C:\Program Files\TesterM
2007-10-02 20:37	---------	d-----w	C:\Program Files\Apple Software Update
2007-09-30 17:59	---------	d-----w	C:\Documents and Settings\Adi\Dane aplikacji\Lasersoft Imaging
2007-09-30 12:39	---------	d-----w	C:\Documents and Settings\Adi\Dane aplikacji\Corel
2007-09-30 12:35	---------	d-----w	C:\Documents and Settings\All Users\Dane aplikacji\InstallShield
2007-09-30 12:34	---------	d-----w	C:\Program Files\Common Files\Corel
2007-09-30 12:33	---------	d-----w	C:\Program Files\Corel
2007-09-30 12:33	---------	d-----w	C:\Program Files\Common Files\InstallShield
2007-09-30 06:59	---------	d-----w	C:\Program Files\Kurs Photoshop CS
2007-09-29 06:23	---------	d-----w	C:\Program Files\G DATA Software
2007-09-24 19:52	---------	d-----w	C:\Program Files\eMule
2007-09-23 08:12	---------	d-----w	C:\Documents and Settings\Adi\Dane aplikacji\Gadu-Gadu
2007-09-23 07:55	---------	d-----w	C:\Program Files\Opera
2007-09-23 06:28	---------	d-----w	C:\Documents and Settings\All Users\Dane aplikacji\Avery
2007-09-22 00:10	---------	d-----w	C:\Documents and Settings\All Users\Dane aplikacji\SecTaskMan
2007-09-22 00:05	---------	d-----w	C:\Program Files\40tude Dialog
2007-09-21 22:26	---------	d-----w	C:\Documents and Settings\All Users\Dane aplikacji\EarMaster
2007-08-30 04:33	129,784	------w	C:\WINDOWS\system32\pxafs.dll
2007-08-27 15:30	44,544	----a-w	C:\WINDOWS\system32\msxml4a.dll
2007-08-25 17:27	197,632	----a-w	C:\Program Files\HexView.exe
1999-10-30 20:54	561,152	----a-w	C:\Program Files\Convert_original.exe
1999-10-30 20:54	561,152	----a-w	C:\Program Files\Convert.exe
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 20:43]
"nwiz"="nwiz.exe" [2006-08-11 20:43 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-11 20:43]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-08-15 00:47]
"CTSysVol"="C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 09:43]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 14:44 C:\WINDOWS\KHALMNPR.Exe]
"P17Helper"="P17.dll" [2005-05-03 18:38 C:\WINDOWS\system32\P17.dll]
"WinFast Schedule"="C:\Program Files\WinFast\WFTVFM\WFWIZ.exe" [2007-05-22 09:14]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 20:16]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AWMON"="C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe" [2005-05-25 11:12]
"PCRemoter"="C:\Program Files\PCRemoter\pcr.exe" [2004-08-12 16:19]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:44]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-09-23 09:13]
"mxClock"="C:\Program Files\MxClock\mxClock.exe" [2006-12-30 08:43]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
DisplayTune.lnk - C:\Program Files\Portrait Displays\DisplayTune\dthtml.exe [2007-10-23 05:19:06]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-08-15 08:59:05]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup"

R0 AFPAnsi;G-DATA Ukrywacz Ansi;C:\WINDOWS\system32\Drivers\AFPAnsi.sys
R0 FO_PAnt;FotoOffice VirtualDisc Driver;C:\WINDOWS\system32\Drivers\FO_PAnt.sys
R2 BT848;WinFast TV2000 XP WDM Video Capture;C:\WINDOWS\system32\drivers\wf2kvcap.sys
R2 hmonitor;hmonitor;\??\C:\WINDOWS\system32\drivers\hmonitor.sys
R2 tv2ktunr;WinFast TV2000 XP WDM TVTuner;C:\WINDOWS\system32\drivers\wf2ktunr.sys
R2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar;C:\WINDOWS\system32\drivers\wf2kxbar.sys
R3 LUsbFilt;Logitech SetPoint KMDF USB Filter;C:\WINDOWS\system32\Drivers\LUsbFilt.Sys
R3 P17;Sound Blaster Live! 24-bit;C:\WINDOWS\system32\drivers\P17.sys
R3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys
R3 WFIOCTL;WFIOCTL;\??\C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS
S3 DSDrv4;DSDrv4;\??\C:\PROGRA~1\DScaler\DSDrv4.sys
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
\Shell\AutoRun\command - J:\CD_Start.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-10-02 20:37:15 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url]
Rootkit scan 2007-11-17 23:22:32
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-17 23:23:24 - machine was rebooted
.
	--- E O F ---


Użytkownik pawel315 edytował ten post 05 01 2013 - 17:53
logi wstawiłem w tagi code

  • 0




Użytkownicy przeglądający ten temat: 0

0 użytkowników, 0 gości, 0 anonimowych