witam. chyba złapałem jakiś syf, bo komp zaczął mi szaleć, programy się zawieszają z gier mnie wywala. w dodatku mam sporo procesów otwartch (które moge zamknąć ?). w dodatku mam proces, tylko nie wiem czy to isass który jest szkodliwy czy lsass który jest systemowym procesem.
hijack
Logfile of HijackThis v1.99.1
Scan saved at 01:44:08, on 2008-01-19
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\System32\Rundll32.exe
C:\Program Files\Creative\Shared Files\CTSched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\drivers\services.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\WapSter\AQQ\AQQ.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Labtec Wireless Desktop\MagicKey.exe
C:\Program Files\Labtec Wireless Desktop\MulMouse.exe
C:\Program Files\Program sieciowy dla SAGEM Wi-Fi 11g USB adapter\WLANUTL.exe
C:\Program Files\Labtec Wireless Desktop\OSD.EXE
C:\Documents and Settings\Krzyhoo\Pulpit\Bux.to_Autoclicker\Bux.to Autoclicker\Bux.to Autoclicker.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Common Files\BinarySense\hldasvc.exe
C:\Program Files\Common Files\BinarySense\hldasvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Real Desktop\Real Desktop.exe
C:\Documents and Settings\Krzyhoo\Pulpit\Diagnostyka i usprawnienia\hijackthis_199\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.6.14.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: TrendProtect - {E3578B37-6346-4EC1-A82B-38273A100DCF} - C:\Program Files\Trend Micro\TrendProtect\MSIE\wrs.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: TrendProtect - {F83BE649-1CC3-48EE-B2E2-0826CEF3822A} - C:\Program Files\Trend Micro\TrendProtect\MSIE\wrs.dll
O3 - Toolbar: Steganos Internet Anonym - {00000000-5736-4205-0008-f7ed0776fb27} - c:\program files\steganos internet anonym 2006\sia2006iep.dll
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [CreativeTaskScheduler] "C:\Program Files\Creative\Shared Files\CTSched.exe" /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [LXCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [msm] C:\WINDOWS\system32\drivers\services.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Real Desktop] "C:\Program Files\Real Desktop\Real Desktop.exe"
O4 - HKCU\..\Run: [WhatPulse] C:\Program Files\WhatPulse\WhatPulse.exe
O4 - HKCU\..\Run: [AQQ] C:\PROGRA~1\WapSter\AQQ\AQQ.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - Startup: Adbux.org Autoclicker.lnk = ?
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Bux.to Autoclicker.lnk = ?
O4 - Startup: DailyClicks.biz Autoclicker.lnk = ?
O4 - Startup: Paid.vg Autoclicker.lnk = ?
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
O4 - Global Startup: Enable Labtec Wireless Desktop.lnk = C:\Program Files\Labtec Wireless Desktop\MagicKey.exe
O4 - Global Startup: Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk = ?
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Dodaj do blokowanych banerów - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O9 - Extra button: iOpus iMacros - {0483894E-2422-45E0-8384-021AFF1AF3CD} - C:\Program Files\iMacros\imacros.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Statystyki dla ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5A09E43F-A0A7-4ABF-AF80-11367CF1DC8F} (MainControl Class) - http://mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1168084540624
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MainControl Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1168084488202
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15034/CTPID.cab
O18 - Protocol: hddlife - {BD758015-47D9-477A-8873-4B688A2BC0E2} - "C:\Program Files\BinarySense\HDDlife 3\hlAPP.dll" (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: trendprotect - {BC3A5F6F-12A0-4B14-A184-32939F413823} - C:\Program Files\Trend Micro\TrendProtect\MSIE\wrs.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\System32\klogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: HDDlife HDD Access service - BinarySense, Inc. - C:\Program Files\Common Files\BinarySense\hldasvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\System32\lxcccoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
combofix
"Krzyhoo" - 2008-01-19 1:45:36 - ComboFix 07-07-14.6 NTFS
((((((((((((((((((((((((( Files Created from 2007-12-19 to 2008-01-19 )))))))))))))))))))))))))))))))
2008-01-14 19:22 33,856 --a------ C:\WINDOWS\system32\drivers\services.exe
2008-01-08 23:01 <DIR> d-------- C:\Program Files\Winamp Remote
2008-01-08 23:01 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\OrbNetworks
2008-01-08 22:54 <DIR> d-------- C:\Program Files\SHOUTcast
2007-12-31 21:00 <DIR> d-------- C:\Program Files\Tibia
2007-12-31 21:00 <DIR> d-------- C:\DOCUME~1\Krzyhoo\DANEAP~1\Tibia
2007-12-29 19:05 <DIR> d-------- C:\Program Files\RADVideo
2007-12-29 18:04 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\stamina
2007-12-25 19:09 <DIR> d-------- C:\Program Files\QuickTime
2007-12-24 14:07 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2007-12-24 13:34 <DIR> d-------- C:\WINDOWS\USB Vibration
2007-12-24 13:30 <DIR> d-------- C:\Program Files\USB Vibration
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2008-01-19 00:52:41 22,222,624 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-19 00:45:11 979,488 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-01-18 22:53:59 -------- d-----w C:\Program Files\eMule
2008-01-17 22:04:13 93,416 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-01-17 22:04:12 298,484 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-01-17 15:30:12 -------- d-----w C:\Program Files\Lavalys
2008-01-16 17:32:26 -------- d-----w C:\Program Files\Lx_cats
2008-01-16 17:30:34 -------- d-----w C:\DOCUME~1\Krzyhoo\DANEAP~1\OpenOffice.org2
2008-01-12 11:13:57 -------- d-----w C:\Program Files\Futuremark
2008-01-12 11:13:56 -------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-12 10:34:29 -------- d-----w C:\Program Files\Mobile Video Converter
2008-01-12 10:32:19 -------- d-----w C:\Program Files\Gadu-Gadu
2008-01-08 22:12:09 -------- d-----w C:\Program Files\Winamp
2008-01-01 12:54:59 -------- d-----w C:\Program Files\Virtual Piano
2007-12-24 20:13:13 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll
2007-12-24 20:13:13 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll
2007-12-24 20:13:13 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll
2007-12-18 18:20:33 -------- d-----w C:\Program Files\FlashGet
2007-12-11 22:36:48 -------- d-----w C:\Program Files\AskPBar
2007-12-10 18:33:21 -------- d-----w C:\Program Files\WhatPulse
2007-12-09 23:20:49 -------- d-----w C:\Program Files\ADSTechnology
2007-12-09 16:44:48 -------- d-----w C:\DOCUME~1\Krzyhoo\DANEAP~1\BinarySense
2007-12-09 16:44:39 -------- d-----w C:\Program Files\Common Files\BinarySense
2007-12-09 16:44:38 -------- d-----w C:\Program Files\BinarySense
2007-12-08 13:18:12 -------- d-----w C:\Program Files\STOPzilla!
2007-12-07 12:09:17 -------- d-s---w C:\Program Files\Xfire
2007-12-06 15:07:01 -------- d-----w C:\DOCUME~1\Krzyhoo\DANEAP~1\Xfire
2007-12-04 19:28:31 -------- d-----w C:\DOCUME~1\Krzyhoo\DANEAP~1\STOPzilla!
2007-12-04 16:36:52 -------- d-----w C:\DOCUME~1\Krzyhoo\DANEAP~1\WinRAR
2007-12-04 16:35:16 -------- d-----w C:\DOCUME~1\Krzyhoo\DANEAP~1\GibbHill Properties Ltd
2007-11-28 12:29:54 -------- d-----w C:\Program Files\Creative
2007-11-28 12:14:59 -------- d-----w C:\Program Files\Driver Cleaner
2007-11-27 12:52:59 -------- d--h--w C:\Program Files\Creative Installation Information
2007-11-24 19:44:50 -------- d-----w C:\Program Files\Fraps
2007-11-23 16:00:03 -------- d-----w C:\Program Files\Fiat
2007-11-21 18:23:54 81,920 ----a-w C:\WINDOWS\system32\frapsvid.dll
2007-11-04 14:01:25 106 ----a-w C:\delete.bat
2007-10-30 16:14:19 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2007-10-30 16:14:18 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2007-10-28 14:05:20 49,712 ----a-w C:\WINDOWS\system32\perfc015.dat
2007-10-28 14:05:20 355,830 ----a-w C:\WINDOWS\system32\perfh015.dat
2007-10-04 12:53:54 94,208 ----a-w C:\DOCUME~1\Krzyhoo\DANEAP~1\ezplay.sys
2007-10-04 12:53:54 87,608 ----a-w C:\DOCUME~1\Krzyhoo\DANEAP~1\inst.exe
2007-10-04 12:53:50 47,360 ----a-w C:\DOCUME~1\Krzyhoo\DANEAP~1\pcouffin.sys
2007-10-02 13:03:20 961,536 ----a-w C:\Program Files\WinRAR.exe
2006-05-03 09:06:54 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2006-12-21 19:46:04 952 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-02-21 10:47:16 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2001-03-02 11:02 37808 --------- C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
2007-06-14 14:07 443968 --a------ C:\Program Files\BitComet\tools\BitCometBHO_1.1.6.14.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2007-03-14 02:43 501400 --a------ C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E3578B37-6346-4EC1-A82B-38273A100DCF}]
2007-09-07 14:29 566536 --a------ C:\Program Files\Trend Micro\TrendProtect\MSIE\wrs.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StormCodec_Helper"="C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" [2006-11-26 19:30]
"CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 10:51]
"P17Helper"="P17.dll" [2005-05-03 12:38 C:\WINDOWS\system32\P17.dll]
"CreativeTaskScheduler"="C:\Program Files\Creative\Shared Files\CTSched.exe" [2006-01-09 03:43]
"msm"="C:\WINDOWS\system32\drivers\services.exe" [2008-01-14 19:22]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2001-08-02 07:14]
"Real Desktop"="C:\Program Files\Real Desktop\Real Desktop.exe" [2007-08-05 14:19]
"WhatPulse"="C:\Program Files\WhatPulse\WhatPulse.exe" [2006-08-21 18:48]
"AQQ"="C:\PROGRA~1\WapSter\AQQ\AQQ.exe" [2007-02-28 13:18]
"eMuleAutoStart"="C:\Program Files\eMule\emule.exe" [2006-09-14 15:15]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"SIA2006"="C:\Program Files\Steganos Internet Anonym 2006\SIA2006.exe" -firstboot
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
" "=C:\WINDOWS\System32\svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Gamma Loader.exe.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma Loader.exe.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Last.fm Helper.lnk]
backup=C:\WINDOWS\pss\Last.fm Helper.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Krzyhoo^Menu Start^Programy^Autostart^HDDlife.lnk]
path=C:\Documents and Settings\Krzyhoo\Menu Start\Programy\Autostart\HDDlife.lnk
backup=C:\WINDOWS\pss\HDDlife.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Krzyhoo^Menu Start^Programy^Autostart^Xfire.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Xfire\Xfire.lnk
backup=C:\WINDOWS\pss\Xfire.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP]
"C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Documents and Settings]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Documents and Settings\Krzyhoo]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Documents and Settings\Krzyhoo\Pulpit]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Documents and Settings\Krzyhoo\Pulpit\hideippla.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cFosDNT]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CookiePatrol]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\System32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
"C:\Program Files\DAP\DAP.EXE" /STARTUP
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
"C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]
"C:\Program Files\Gadu-Gadu\gg.exe" /tray
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Glass2k]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HEXelon MAX]
"C:\Program Files\HEXelon MAX 6\hexelon.exe" /auto
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iDesk]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Komunikator]
C:\Program Files\Tlen.pl\tlen.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Konnekt]
"C:\Program Files\Konnekt\konnekt.exe" /autostart
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LClock]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxccmon.exe]
"C:\Program Files\Lexmark 3300 Series\lxccmon.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nod32kui]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OCAudioIni]
C:\Program Files\One-click Audio Converter\OCAudioIni.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
"C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PestPatrol Control Center]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPMemCheck]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rfagent]
"C:\Program Files\RFA Platinum\rfagent.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SIA2006]
"C:\Program Files\Steganos Internet Anonym 2006\SIA2006.exe" -boot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedBitVideoAccelerator]
"C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedOptimizer]
"C:\Program Files\SpeedOptimizer\SPO.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Super X Desktop Version 3.4.0730]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TranspWndManagerPro]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
"C:\Program Files\Unlocker\UnlockerAssistant.exe" -H
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS10 Preload]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yodm3D]
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{ACC563BC-4266-43f0-B6ED-9D38C4202C7E}
rundll32 iesetup.dll,IEAccessUserInst
**************************************************************************
catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-19 01:52:07
Windows 5.1.2600 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2008-01-19 1:54:47
C:\ComboFix-quarantined-files.txt ... 2008-01-19 01:54
C:\ComboFix2.txt ... 2007-12-11 17:59
C:\ComboFix3.txt ... 2007-12-09 22:11
--- E O F ---
screen z menadżera zadań- http://img152.imageshack.us/my.php?image=beztytuura7.jpg
[wirus + logi] Podejrzenie infekcji
Rozpoczęty przez
krzyhoo
, 19 01 2008 02:40
-
Temat jest zamknięty
4 odpowiedzi w tym temacie
#2
YouHack LegenD
-
-
- 11 postów
Początkujący
Napisano 19 01 2008 - 11:00
Spyware Terminator - Polecam w tym programie możesz wybrać szybkie skanowanie albo duże Nawet jak wybierzeż szybie skanowanie to Wyszuka napewno Coś ze skanuj tym programem kompa, on usuwa różne typy wirusów usuwa także Wirusy z rejestru , procesy zawirusowane usuwa , no itd...
Bardzo Dobry Darmowy Program
Nawet Sam się dziwie że on jest Za darmo
Bardzo Dobry Darmowy Program
Nawet Sam się dziwie że on jest Za darmo
#4
wncvirus
-
-
- 851 postów
Leń !
Napisano 20 01 2008 - 20:17
Wklej do Notatnika:
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe
– podobnie jak na tym obrazku -->
Ma się rozpocząć usuwanie. (i powstanie log).
Po restarcie usuń ręcznie folder C:\Qoobox.
Daj ten log, który powstanie w trakcie usuwania.
File:: C:\WINDOWS\system32\drivers\services.exe Registry:: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msm"=->>Plik>>Zapisz jako... >>> CFScript
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe
– podobnie jak na tym obrazku -->
Ma się rozpocząć usuwanie. (i powstanie log).
Po restarcie usuń ręcznie folder C:\Qoobox.
Daj ten log, który powstanie w trakcie usuwania.
#5
krzyhoo
-
-
- 1 039 postów
Admin
Napisano 20 01 2008 - 21:18
"Krzyhoo" - 2008-01-20 20:20:36 - ComboFix 07-07-14.6 NTFS
Command switches used :: C:\Documents and Settings\Krzyhoo\Pulpit\Diagnostyka i usprawnienia\CFScript.txt
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\drivers\services.exe
((((((((((((((((((((((((( Files Created from 2007-12-20 to 2008-01-20 )))))))))))))))))))))))))))))))
2008-01-19 14:15 <DIR> d-------- C:\DOCUME~1\Krzyhoo\DANEAP~1\ACD Systems
2008-01-19 14:12 <DIR> d-------- C:\Program Files\ACD Systems
2008-01-19 13:59 <DIR> d-------- C:\Program Files\Spyware Terminator
2008-01-19 13:59 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Spyware Terminator
2008-01-08 23:01 <DIR> d-------- C:\Program Files\Winamp Remote
2008-01-08 23:01 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\OrbNetworks
2008-01-08 22:54 <DIR> d-------- C:\Program Files\SHOUTcast
2007-12-31 21:00 <DIR> d-------- C:\Program Files\Tibia
2007-12-31 21:00 <DIR> d-------- C:\DOCUME~1\Krzyhoo\DANEAP~1\Tibia
2007-12-29 19:05 <DIR> d-------- C:\Program Files\RADVideo
2007-12-29 18:04 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\stamina
2007-12-25 19:09 <DIR> d-------- C:\Program Files\QuickTime
2007-12-24 14:07 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2007-12-24 13:34 <DIR> d-------- C:\WINDOWS\USB Vibration
2007-12-24 13:30 <DIR> d-------- C:\Program Files\USB Vibration
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2008-01-20 19:00:02 -------- d-----w C:\Program Files\eMule
2008-01-20 18:53:49 993,312 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-01-20 18:53:49 94,328 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-01-20 18:53:47 303,524 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-01-20 18:53:47 22,584,608 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-20 14:18:10 -------- d-----w C:\Program Files\Lx_cats
2008-01-19 13:12:15 -------- d-----w C:\Program Files\Common Files\ACD Systems
2008-01-17 15:30:12 -------- d-----w C:\Program Files\Lavalys
2008-01-16 17:30:34 -------- d-----w C:\DOCUME~1\Krzyhoo\DANEAP~1\OpenOffice.org2
2008-01-12 11:13:57 -------- d-----w C:\Program Files\Futuremark
2008-01-12 11:13:56 -------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-12 10:34:29 -------- d-----w C:\Program Files\Mobile Video Converter
2008-01-12 10:32:19 -------- d-----w C:\Program Files\Gadu-Gadu
2008-01-08 22:12:09 -------- d-----w C:\Program Files\Winamp
2008-01-01 12:54:59 -------- d-----w C:\Program Files\Virtual Piano
2007-12-24 20:13:13 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll
2007-12-24 20:13:13 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll
2007-12-24 20:13:13 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll
2007-12-18 18:20:33 -------- d-----w C:\Program Files\FlashGet
2007-12-11 22:36:48 -------- d-----w C:\Program Files\AskPBar
2007-12-10 18:33:21 -------- d-----w C:\Program Files\WhatPulse
2007-12-09 23:20:49 -------- d-----w C:\Program Files\ADSTechnology
2007-12-09 16:44:48 -------- d-----w C:\DOCUME~1\Krzyhoo\DANEAP~1\BinarySense
2007-12-09 16:44:39 -------- d-----w C:\Program Files\Common Files\BinarySense
2007-12-09 16:44:38 -------- d-----w C:\Program Files\BinarySense
2007-12-08 13:18:12 -------- d-----w C:\Program Files\STOPzilla!
2007-12-07 12:09:17 -------- d-s---w C:\Program Files\Xfire
2007-12-06 15:07:01 -------- d-----w C:\DOCUME~1\Krzyhoo\DANEAP~1\Xfire
2007-12-04 19:28:31 -------- d-----w C:\DOCUME~1\Krzyhoo\DANEAP~1\STOPzilla!
2007-12-04 16:36:52 -------- d-----w C:\DOCUME~1\Krzyhoo\DANEAP~1\WinRAR
2007-12-04 16:35:16 -------- d-----w C:\DOCUME~1\Krzyhoo\DANEAP~1\GibbHill Properties Ltd
2007-11-28 12:29:54 -------- d-----w C:\Program Files\Creative
2007-11-28 12:14:59 -------- d-----w C:\Program Files\Driver Cleaner
2007-11-27 12:52:59 -------- d--h--w C:\Program Files\Creative Installation Information
2007-11-24 19:44:50 -------- d-----w C:\Program Files\Fraps
2007-11-23 16:00:03 -------- d-----w C:\Program Files\Fiat
2007-11-21 18:23:54 81,920 ----a-w C:\WINDOWS\system32\frapsvid.dll
2007-11-04 14:01:25 106 ----a-w C:\delete.bat
2007-10-30 16:14:19 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2007-10-30 16:14:18 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2007-10-28 14:05:20 49,712 ----a-w C:\WINDOWS\system32\perfc015.dat
2007-10-28 14:05:20 355,830 ----a-w C:\WINDOWS\system32\perfh015.dat
2007-10-04 12:53:54 94,208 ----a-w C:\DOCUME~1\Krzyhoo\DANEAP~1\ezplay.sys
2007-10-04 12:53:54 87,608 ----a-w C:\DOCUME~1\Krzyhoo\DANEAP~1\inst.exe
2007-10-04 12:53:50 47,360 ----a-w C:\DOCUME~1\Krzyhoo\DANEAP~1\pcouffin.sys
2007-10-02 13:03:20 961,536 ----a-w C:\Program Files\WinRAR.exe
2006-05-03 09:06:54 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2006-12-21 19:46:04 952 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-02-21 10:47:16 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2001-03-02 11:02 37808 --------- C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
2007-06-14 14:07 443968 --a------ C:\Program Files\BitComet\tools\BitCometBHO_1.1.6.14.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2007-03-14 02:43 501400 --a------ C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E3578B37-6346-4EC1-A82B-38273A100DCF}]
2007-09-07 14:29 566536 --a------ C:\Program Files\Trend Micro\TrendProtect\MSIE\wrs.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StormCodec_Helper"="C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" [2006-11-26 19:30]
"CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 10:51]
"P17Helper"="P17.dll" [2005-05-03 12:38 C:\WINDOWS\system32\P17.dll]
"CreativeTaskScheduler"="C:\Program Files\Creative\Shared Files\CTSched.exe" [2006-01-09 03:43]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2001-08-02 07:14]
"Real Desktop"="C:\Program Files\Real Desktop\Real Desktop.exe" [2007-08-05 14:19]
"WhatPulse"="C:\Program Files\WhatPulse\WhatPulse.exe" [2006-08-21 18:48]
"AQQ"="C:\PROGRA~1\WapSter\AQQ\AQQ.exe" [2007-02-28 13:18]
"eMuleAutoStart"="C:\Program Files\eMule\emule.exe" [2006-09-14 15:15]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"SIA2006"="C:\Program Files\Steganos Internet Anonym 2006\SIA2006.exe" -firstboot
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
" "=C:\WINDOWS\System32\svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Gamma Loader.exe.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma Loader.exe.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Last.fm Helper.lnk]
backup=C:\WINDOWS\pss\Last.fm Helper.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Krzyhoo^Menu Start^Programy^Autostart^Adbux.org Autoclicker.lnk]
path=C:\Documents and Settings\Krzyhoo\Menu Start\Programy\Autostart\Adbux.org Autoclicker.lnk
backup=C:\WINDOWS\pss\Adbux.org Autoclicker.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Krzyhoo^Menu Start^Programy^Autostart^Bux.to Autoclicker.lnk]
path=C:\Documents and Settings\Krzyhoo\Menu Start\Programy\Autostart\Bux.to Autoclicker.lnk
backup=C:\WINDOWS\pss\Bux.to Autoclicker.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Krzyhoo^Menu Start^Programy^Autostart^DailyClicks.biz Autoclicker.lnk]
path=C:\Documents and Settings\Krzyhoo\Menu Start\Programy\Autostart\DailyClicks.biz Autoclicker.lnk
backup=C:\WINDOWS\pss\DailyClicks.biz Autoclicker.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Krzyhoo^Menu Start^Programy^Autostart^HDDlife.lnk]
path=C:\Documents and Settings\Krzyhoo\Menu Start\Programy\Autostart\HDDlife.lnk
backup=C:\WINDOWS\pss\HDDlife.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Krzyhoo^Menu Start^Programy^Autostart^Paid.vg Autoclicker.lnk]
path=C:\Documents and Settings\Krzyhoo\Menu Start\Programy\Autostart\Paid.vg Autoclicker.lnk
backup=C:\WINDOWS\pss\Paid.vg Autoclicker.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Krzyhoo^Menu Start^Programy^Autostart^Xfire.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Xfire\Xfire.lnk
backup=C:\WINDOWS\pss\Xfire.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP]
"C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Documents and Settings]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Documents and Settings\Krzyhoo]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Documents and Settings\Krzyhoo\Pulpit]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Documents and Settings\Krzyhoo\Pulpit\hideippla.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cFosDNT]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CookiePatrol]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\System32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
"C:\Program Files\DAP\DAP.EXE" /STARTUP
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
"C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]
"C:\Program Files\Gadu-Gadu\gg.exe" /tray
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Glass2k]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HEXelon MAX]
"C:\Program Files\HEXelon MAX 6\hexelon.exe" /auto
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iDesk]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Komunikator]
C:\Program Files\Tlen.pl\tlen.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Konnekt]
"C:\Program Files\Konnekt\konnekt.exe" /autostart
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LClock]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxccmon.exe]
"C:\Program Files\Lexmark 3300 Series\lxccmon.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nod32kui]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OCAudioIni]
C:\Program Files\One-click Audio Converter\OCAudioIni.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
"C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PestPatrol Control Center]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPMemCheck]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rfagent]
"C:\Program Files\RFA Platinum\rfagent.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SIA2006]
"C:\Program Files\Steganos Internet Anonym 2006\SIA2006.exe" -boot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedBitVideoAccelerator]
"C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedOptimizer]
"C:\Program Files\SpeedOptimizer\SPO.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Super X Desktop Version 3.4.0730]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TranspWndManagerPro]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
"C:\Program Files\Unlocker\UnlockerAssistant.exe" -H
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS10 Preload]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yodm3D]
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{ACC563BC-4266-43f0-B6ED-9D38C4202C7E}
rundll32 iesetup.dll,IEAccessUserInst
**************************************************************************
catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-20 20:25:56
Windows 5.1.2600 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2008-01-20 20:27:18
C:\ComboFix-quarantined-files.txt ... 2008-01-20 20:27
C:\ComboFix2.txt ... 2008-01-19 01:54
C:\ComboFix3.txt ... 2007-12-11 17:59
--- E O F ---
gotowe, btw. co ja usunąłem?
to nie było przypadkiem potrzebne? a i ostatnie pytanie co to jest ten Qoobox? jakiś backup usuwanych plików??
Command switches used :: C:\Documents and Settings\Krzyhoo\Pulpit\Diagnostyka i usprawnienia\CFScript.txt
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\drivers\services.exe
((((((((((((((((((((((((( Files Created from 2007-12-20 to 2008-01-20 )))))))))))))))))))))))))))))))
2008-01-19 14:15 <DIR> d-------- C:\DOCUME~1\Krzyhoo\DANEAP~1\ACD Systems
2008-01-19 14:12 <DIR> d-------- C:\Program Files\ACD Systems
2008-01-19 13:59 <DIR> d-------- C:\Program Files\Spyware Terminator
2008-01-19 13:59 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Spyware Terminator
2008-01-08 23:01 <DIR> d-------- C:\Program Files\Winamp Remote
2008-01-08 23:01 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\OrbNetworks
2008-01-08 22:54 <DIR> d-------- C:\Program Files\SHOUTcast
2007-12-31 21:00 <DIR> d-------- C:\Program Files\Tibia
2007-12-31 21:00 <DIR> d-------- C:\DOCUME~1\Krzyhoo\DANEAP~1\Tibia
2007-12-29 19:05 <DIR> d-------- C:\Program Files\RADVideo
2007-12-29 18:04 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\stamina
2007-12-25 19:09 <DIR> d-------- C:\Program Files\QuickTime
2007-12-24 14:07 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2007-12-24 13:34 <DIR> d-------- C:\WINDOWS\USB Vibration
2007-12-24 13:30 <DIR> d-------- C:\Program Files\USB Vibration
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2008-01-20 19:00:02 -------- d-----w C:\Program Files\eMule
2008-01-20 18:53:49 993,312 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-01-20 18:53:49 94,328 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-01-20 18:53:47 303,524 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-01-20 18:53:47 22,584,608 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-20 14:18:10 -------- d-----w C:\Program Files\Lx_cats
2008-01-19 13:12:15 -------- d-----w C:\Program Files\Common Files\ACD Systems
2008-01-17 15:30:12 -------- d-----w C:\Program Files\Lavalys
2008-01-16 17:30:34 -------- d-----w C:\DOCUME~1\Krzyhoo\DANEAP~1\OpenOffice.org2
2008-01-12 11:13:57 -------- d-----w C:\Program Files\Futuremark
2008-01-12 11:13:56 -------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-12 10:34:29 -------- d-----w C:\Program Files\Mobile Video Converter
2008-01-12 10:32:19 -------- d-----w C:\Program Files\Gadu-Gadu
2008-01-08 22:12:09 -------- d-----w C:\Program Files\Winamp
2008-01-01 12:54:59 -------- d-----w C:\Program Files\Virtual Piano
2007-12-24 20:13:13 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll
2007-12-24 20:13:13 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll
2007-12-24 20:13:13 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll
2007-12-18 18:20:33 -------- d-----w C:\Program Files\FlashGet
2007-12-11 22:36:48 -------- d-----w C:\Program Files\AskPBar
2007-12-10 18:33:21 -------- d-----w C:\Program Files\WhatPulse
2007-12-09 23:20:49 -------- d-----w C:\Program Files\ADSTechnology
2007-12-09 16:44:48 -------- d-----w C:\DOCUME~1\Krzyhoo\DANEAP~1\BinarySense
2007-12-09 16:44:39 -------- d-----w C:\Program Files\Common Files\BinarySense
2007-12-09 16:44:38 -------- d-----w C:\Program Files\BinarySense
2007-12-08 13:18:12 -------- d-----w C:\Program Files\STOPzilla!
2007-12-07 12:09:17 -------- d-s---w C:\Program Files\Xfire
2007-12-06 15:07:01 -------- d-----w C:\DOCUME~1\Krzyhoo\DANEAP~1\Xfire
2007-12-04 19:28:31 -------- d-----w C:\DOCUME~1\Krzyhoo\DANEAP~1\STOPzilla!
2007-12-04 16:36:52 -------- d-----w C:\DOCUME~1\Krzyhoo\DANEAP~1\WinRAR
2007-12-04 16:35:16 -------- d-----w C:\DOCUME~1\Krzyhoo\DANEAP~1\GibbHill Properties Ltd
2007-11-28 12:29:54 -------- d-----w C:\Program Files\Creative
2007-11-28 12:14:59 -------- d-----w C:\Program Files\Driver Cleaner
2007-11-27 12:52:59 -------- d--h--w C:\Program Files\Creative Installation Information
2007-11-24 19:44:50 -------- d-----w C:\Program Files\Fraps
2007-11-23 16:00:03 -------- d-----w C:\Program Files\Fiat
2007-11-21 18:23:54 81,920 ----a-w C:\WINDOWS\system32\frapsvid.dll
2007-11-04 14:01:25 106 ----a-w C:\delete.bat
2007-10-30 16:14:19 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2007-10-30 16:14:18 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2007-10-28 14:05:20 49,712 ----a-w C:\WINDOWS\system32\perfc015.dat
2007-10-28 14:05:20 355,830 ----a-w C:\WINDOWS\system32\perfh015.dat
2007-10-04 12:53:54 94,208 ----a-w C:\DOCUME~1\Krzyhoo\DANEAP~1\ezplay.sys
2007-10-04 12:53:54 87,608 ----a-w C:\DOCUME~1\Krzyhoo\DANEAP~1\inst.exe
2007-10-04 12:53:50 47,360 ----a-w C:\DOCUME~1\Krzyhoo\DANEAP~1\pcouffin.sys
2007-10-02 13:03:20 961,536 ----a-w C:\Program Files\WinRAR.exe
2006-05-03 09:06:54 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2006-12-21 19:46:04 952 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-02-21 10:47:16 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2001-03-02 11:02 37808 --------- C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
2007-06-14 14:07 443968 --a------ C:\Program Files\BitComet\tools\BitCometBHO_1.1.6.14.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2007-03-14 02:43 501400 --a------ C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E3578B37-6346-4EC1-A82B-38273A100DCF}]
2007-09-07 14:29 566536 --a------ C:\Program Files\Trend Micro\TrendProtect\MSIE\wrs.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StormCodec_Helper"="C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" [2006-11-26 19:30]
"CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 10:51]
"P17Helper"="P17.dll" [2005-05-03 12:38 C:\WINDOWS\system32\P17.dll]
"CreativeTaskScheduler"="C:\Program Files\Creative\Shared Files\CTSched.exe" [2006-01-09 03:43]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2001-08-02 07:14]
"Real Desktop"="C:\Program Files\Real Desktop\Real Desktop.exe" [2007-08-05 14:19]
"WhatPulse"="C:\Program Files\WhatPulse\WhatPulse.exe" [2006-08-21 18:48]
"AQQ"="C:\PROGRA~1\WapSter\AQQ\AQQ.exe" [2007-02-28 13:18]
"eMuleAutoStart"="C:\Program Files\eMule\emule.exe" [2006-09-14 15:15]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"SIA2006"="C:\Program Files\Steganos Internet Anonym 2006\SIA2006.exe" -firstboot
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
" "=C:\WINDOWS\System32\svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Gamma Loader.exe.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma Loader.exe.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Last.fm Helper.lnk]
backup=C:\WINDOWS\pss\Last.fm Helper.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Krzyhoo^Menu Start^Programy^Autostart^Adbux.org Autoclicker.lnk]
path=C:\Documents and Settings\Krzyhoo\Menu Start\Programy\Autostart\Adbux.org Autoclicker.lnk
backup=C:\WINDOWS\pss\Adbux.org Autoclicker.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Krzyhoo^Menu Start^Programy^Autostart^Bux.to Autoclicker.lnk]
path=C:\Documents and Settings\Krzyhoo\Menu Start\Programy\Autostart\Bux.to Autoclicker.lnk
backup=C:\WINDOWS\pss\Bux.to Autoclicker.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Krzyhoo^Menu Start^Programy^Autostart^DailyClicks.biz Autoclicker.lnk]
path=C:\Documents and Settings\Krzyhoo\Menu Start\Programy\Autostart\DailyClicks.biz Autoclicker.lnk
backup=C:\WINDOWS\pss\DailyClicks.biz Autoclicker.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Krzyhoo^Menu Start^Programy^Autostart^HDDlife.lnk]
path=C:\Documents and Settings\Krzyhoo\Menu Start\Programy\Autostart\HDDlife.lnk
backup=C:\WINDOWS\pss\HDDlife.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Krzyhoo^Menu Start^Programy^Autostart^Paid.vg Autoclicker.lnk]
path=C:\Documents and Settings\Krzyhoo\Menu Start\Programy\Autostart\Paid.vg Autoclicker.lnk
backup=C:\WINDOWS\pss\Paid.vg Autoclicker.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Krzyhoo^Menu Start^Programy^Autostart^Xfire.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Xfire\Xfire.lnk
backup=C:\WINDOWS\pss\Xfire.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP]
"C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Documents and Settings]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Documents and Settings\Krzyhoo]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Documents and Settings\Krzyhoo\Pulpit]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Documents and Settings\Krzyhoo\Pulpit\hideippla.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cFosDNT]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CookiePatrol]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\System32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
"C:\Program Files\DAP\DAP.EXE" /STARTUP
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
"C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]
"C:\Program Files\Gadu-Gadu\gg.exe" /tray
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Glass2k]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HEXelon MAX]
"C:\Program Files\HEXelon MAX 6\hexelon.exe" /auto
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iDesk]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Komunikator]
C:\Program Files\Tlen.pl\tlen.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Konnekt]
"C:\Program Files\Konnekt\konnekt.exe" /autostart
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LClock]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxccmon.exe]
"C:\Program Files\Lexmark 3300 Series\lxccmon.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nod32kui]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OCAudioIni]
C:\Program Files\One-click Audio Converter\OCAudioIni.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
"C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PestPatrol Control Center]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPMemCheck]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rfagent]
"C:\Program Files\RFA Platinum\rfagent.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SIA2006]
"C:\Program Files\Steganos Internet Anonym 2006\SIA2006.exe" -boot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedBitVideoAccelerator]
"C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedOptimizer]
"C:\Program Files\SpeedOptimizer\SPO.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Super X Desktop Version 3.4.0730]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TranspWndManagerPro]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
"C:\Program Files\Unlocker\UnlockerAssistant.exe" -H
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS10 Preload]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yodm3D]
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{ACC563BC-4266-43f0-B6ED-9D38C4202C7E}
rundll32 iesetup.dll,IEAccessUserInst
**************************************************************************
catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-20 20:25:56
Windows 5.1.2600 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2008-01-20 20:27:18
C:\ComboFix-quarantined-files.txt ... 2008-01-20 20:27
C:\ComboFix2.txt ... 2008-01-19 01:54
C:\ComboFix3.txt ... 2007-12-11 17:59
--- E O F ---
gotowe, btw. co ja usunąłem?
to nie było przypadkiem potrzebne? a i ostatnie pytanie co to jest ten Qoobox? jakiś backup usuwanych plików?? 
Użytkownicy przeglądający ten temat: 0
0 użytkowników, 0 gości, 0 anonimowych
