|
| |||||||
| Zarejestruj się | Strona Spy | Lista Użytkowników | Darowizna | Szukać | Dzisiejsze Posty | Mark Forums Read | Regulamin forum |
 |
 |
| | Narzędzia wątku |
|
#1
21 listopada 2008, 07:18
| |||
| |||
| Heur Trojan Generic Hello Guys, Piszę, ponieważ na kilka dni, mam problemy z tym to połączenie trojan. Mam info z Hijack to wyniki, może ktoś proszę mi pomóc?  Logfile of Trend Micro HijackThis v2.0.2 Skanowanie zapisany na 10:16:57 pm, na 21/11/2008 Platforma: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Uruchamianie procesów: C: \ WINDOWS \ System32 \ smss.exe C: \ WINDOWS \ system32 \ winlogon.exe C: \ WINDOWS \ system32 \ Services.exe C: \ WINDOWS \ system32 \ lsass.exe C: \ WINDOWS \ system32 \ svchost.exe C: \ WINDOWS \ System32 \ svchost.exe C: \ WINDOWS \ System32 \ WLTRYSVC.EXE C: \ WINDOWS \ System32 \ bcmwltry.exe C: \ WINDOWS \ system32 \ spoolsv.exe C: \ Archiwa de programa \ Kaspersky Lab \ Kaspersky Anti-Virus 2009 \ avp.exe C: \ WINDOWS \ system32 \ svchost.exe C: \ Archiwa de programa \ Java \ jre6 \ bin \ jqs.exe C: \ WINDOWS \ System32 \ svchost.exe C: \ WINDOWS \ System32 \ svchost.exe C: \ WINDOWS \ system32 \ svchost.exe C: \ Archiwa de programa \ Archiwa comunes \ Ulead Systems \ DVD \ ULCDRSvr.exe C: \ Archiwa de programa \ Microsoft Office \ Office12 \ groovemonitor.exe C: \ Archiwa de programa \ SigmaTel \ C-Major Audio \ WDM \ stsystra.exe C: \ WINDOWS \ system32 \ WLTRAY.exe C: \ Archiwa de programa \ HP \ HP Software Update \ HPWuSchd2.exe C: \ Archiwa de programa \ Hewlett-Packard \ Toolbox2.0 \ Apache Tomcat 4.0 \ webapps \ Toolbox \ StatusClient \ statusclient.exe C: \ Archiwa de programa \ Synaptics \ SynTP \ SynTPEnh.exe C: \ Archiwa de programa \ Java \ jre6 \ bin \ jusched.exe C: \ WINDOWS \ system32 \ SearchIndexer.exe C: \ WINDOWS \ system32 \ hkcmd.exe C: \ WINDOWS \ system32 \ igfxpers.exe C: \ Archiwa de programa \ Kaspersky Lab \ Kaspersky Anti-Virus 2009 \ avp.exe C: \ WINDOWS \ system32 \ rundll32.exe C: \ WINDOWS \ system32 \ ctfmon.exe C: \ Archiwa de programa \ Windows Desktop Search \ WindowsSearch.exe C: \ Archiwa de programa \ Microsoft Office \ Office12 \ ONENOTEM.EXE c: \ Archiwa de programa \ Hewlett-Packard \ Toolbox2.0 \ Javasoft \ JRE \ 1.3.1 \ bin \ javaw.ex e C: \ WINDOWS \ system32 \ wscntfy.exe C: \ WINDOWS \ system32 \ wbem \ wmiapsrv.exe C: \ Archiwa de programa \ Uniblue \ RegistryBooster \ RegistryBooster.e XE C: \ Archiwa de programa \ Windows Live \ Messenger \ msnmsgr.exe C: \ WINDOWS \ explorer.exe C: \ Archiwa de programa \ Windows Live \ Messenger \ usnsvc.exe C: \ Archiwa de programa \ Mozilla Firefox \ firefox.exe C: \ Archiwa de programa \ Trend Micro \ HijackThis \ HijackThis.exe C: \ WINDOWS \ system32 \ HPBPRO.EXE R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.yahoo.com/ R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://www.yahoo.com/ R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.yahoo.com/ R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ SearchURL, (Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Toolbar, LinksFolderName = Vínculos R3 - URLSearchHook: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Archiwa de programa \ Yahoo! \ Companion \ Instaluje \ CPN \ yt.dll O3 - Toolbar: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Archiwa de programa \ Yahoo! \ Companion \ Instaluje \ CPN \ yt.dll O4 - HKLM \ .. \ Run: [IMJPMIG8.1] "C: \ WINDOWS \ IME \ imjp8_1 \ IMJPMIG.EXE" / Spoil / RemAdvDef / Migration32 O4 - HKLM \ .. \ Run: [PHIME2002ASync] C: \ WINDOWS \ system32 \ IME \ TINTLGNT \ TINTSETP.EXE / SYNC O4 - HKLM \ .. \ Run: [PHIME2002A] C: \ WINDOWS \ system32 \ IME \ TINTLGNT \ TINTSETP.EXE / IMEName O4 - HKLM \ .. \ Run: [GrooveMonitor] "C: \ Archiwa de programa \ Microsoft Office \ Office12 \ groovemonitor.exe" O4 - HKLM \ .. \ Run: [SigmatelSysTrayApp]% ProgramFiles% \ SigmaTel \ C-Major Audio \ WDM \ stsystra.exe O4 - HKLM \ .. \ Run: [Broadcom Wireless Manager UI] C: \ WINDOWS \ system32 \ WLTRAY.exe O4 - HKLM \ .. \ Run: [HP Software Update] C: \ Archiwa de programa \ HP \ HP Software Update \ HPWuSchd2.exe O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Archiwa de programa \ Adobe \ Reader 9.0 \ Reader \ Reader_sl.exe" O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Archiwa de programa \ QuickTime \ QTTask.exe"-atboottime O4 - HKLM \ .. \ Run: [StatusClient] C: \ Archiwa de programa \ Hewlett-Packard \ Toolbox2.0 \ Apache Tomcat 4.0 \ webapps \ Toolbox \ StatusClient \ statusclient.exe / auto O4 - HKLM \ .. \ Run: [TomcatStartup] C: \ Archiwa de programa \ Hewlett-Packard \ Toolbox2.0 \ hpbpsttp.exe O4 - HKLM \ .. \ Run: [HPLJ Config] c: \ Archiwa de programa \ Hewlett-Packard \ HP LaserJet 1150_1300 \ SetConfig.exe Direct-c-p-DOT4_001 pn "HP LaserJet 1150 PCL 5e"-n 0 -- l 1033-sl 120000 O4 - HKLM \ .. \ Run: [SynTPEnh] C: \ Archiwa de programa \ Synaptics \ SynTP \ SynTPEnh.exe O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Archiwa de programa \ Java \ jre6 \ bin \ jusched.exe" O4 - HKLM \ .. \ Run: [igfxtray] C: \ WINDOWS \ system32 \ igfxtray.exe O4 - HKLM \ .. \ Run: [igfxhkcmd] C: \ WINDOWS \ system32 \ hkcmd.exe O4 - HKLM \ .. \ Run: [igfxpers] C: \ WINDOWS \ system32 \ igfxpers.exe O4 - HKLM \ .. \ Run: [AVP] "C: \ Archiwa de programa \ Kaspersky Lab \ Kaspersky Anti-Virus 2009 \ avp.exe" O4 - HKLM \ .. \ Run: [f411a9e3] rundll32.exe "C: \ WINDOWS \ system32 \ knqyluad.dll", b O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ ctfmon.exe O4 - HKCU \ .. \ Run: [Messenger (Yahoo!)] "C: \ Archiwa de programa \ Yahoo! \ Messenger \ YahooMessenger.exe" cichy O4 - HKUS \ S-1-5-19 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'Servicio LOKALNYM) O4 - HKUS \ S-1-5-20 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'Servicio de czerwony ") O4 - HKUS \ S-1-5-18 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'SYSTEM') O4 - HKUS \. DEFAULT \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'Default user') O4 - Startup: Recorte de pantalla e Inicio rápido de OneNote 2007.lnk = C: \ Archiwa de programa \ Microsoft Office \ Office12 \ ONENOTEM.EXE O4 - Global Startup: Búsqueda en el Escritório de Windows.lnk = C: \ Archiwa de programa \ Windows Desktop Search \ WindowsSearch.exe O8 - Extra kontekście menu: E & xportar Microsoft Excel - res: / / C: \ ARCHIV ~ 1 \ Micros ~ 3 \ Office12 \ EXCEL.EXE/3000 O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Archiwa de programa \ Java \ jre6 \ bin \ jp2iexp.dll O9 - Extra 'Tools' menuitem: Sun Java de konsoli - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Archiwa de programa \ Java \ jre6 \ bin \ jp2iexp.dll O9 - Extra button: Web ruchu ochrony statystyki - (1F460357-8A94-4D71-9CA3-AA4ACF32ED8E) - C: \ Archiwa de programa \ Kaspersky Lab \ Kaspersky Anti-Virus 2009 \ SCIEPlgn.dll O9 - Extra button: Wyślij jeden OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ ARCHIV ~ 1 \ Micros ~ 3 \ Office12 \ ONBttnIE.dll O9 - Extra 'Tools' menuitem: Wyślij & jeden OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ ARCHIV ~ 1 \ Micros ~ 3 \ Office12 \ ONBttnIE.dll O9 - Extra button: HP Clipbook - (58ECB495-38F0-49cb-A538-10282ABF65E7) - C: \ Archiwa de programa \ HP \ Smart Web Printing \ hpswp_extensions.dll O9 - Extra button: HP Smart Select - (700259D7-1666-479a-93B1-3250410481E8) - C: \ Archiwa de programa \ HP \ Smart Web Printing \ hpswp_extensions.dll O9 - Extra button: Skype - (77BF5300-1474-4EC7-9980-D32B190E9B07) - C: \ Archiwa de programa \ Skype \ Toolbars \ Internet Explorer \ SkypeIEPlugin.dll O9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ ARCHIV ~ 1 \ Micros ~ 3 \ Office12 \ REFIEBAR.DLL O9 - Extra button: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe O9 - Extra 'Tools' menuitem: @ Xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe O9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Archiwa de programa \ Messenger \ msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Archiwa de programa \ Messenger \ msmsgs.exe O17 - HKLM \ System \ CCS \ Services \ Tcpip \ .. \ (07376171-B8C5-429A-AEAD-0D95181A8685): NameServer = 210.132.31.2,221.5.88.88 O17 - HKLM \ System \ CCS \ Services \ Tcpip \ .. \ (0BB9B244-504D-4515-AD0C-7D3102F43CEE): NameServer = 202.96.128.86 202.96.134.133 O17 - HKLM \ SYSTEM \ CS1 \ Services \ Tcpip \ .. \ (07376171-B8C5-429A-AEAD-0D95181A8685): NameServer = 210.132.31.2,221.5.88.88 O17 - HKLM \ SYSTEM \ CS2 \ Services \ Tcpip \ .. \ (07376171-B8C5-429A-AEAD-0D95181A8685): NameServer = 210.132.31.2,221.5.88.88 O18 - Protocol: grooveLocalGWS - (88FED34C-F0CA-4636-A375-3CB6248B04CD) - C: \ Archiwa de programa \ Microsoft Office \ Office12 \ GrooveSystemServices.dll O18 - Protocol: skype4com - (FFC8B962-9B40-4DFF-9458-1830C7DD7F5D) - C: \ ARCHIV ~ 1 \ ARCHIV ~ 1 \ Skype \ SKYPE4 ~ 1.DLL O20 - AppInit_DLLs: C: \ ARCHIV ~ 1 \ Kaspersky Lab \ Kaspersky Anti-Virus 2009 \ mzvkbd.dll, C: \ ARCHIV ~ 1 \ Kaspersky Lab \ Kaspersky Anti-Virus 2009 \ mzvkbd3.dll O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C: \ Archiwa de programa \ Kaspersky Lab \ Kaspersky Anti-Virus 2009 \ avp.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc - C: \ Archiwa de programa \ Canon \ CAL \ CALMAIN.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc - C: \ Archiwa de programa \ Java \ jre6 \ bin \ jqs.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc - C: \ Archiwa de programa \ Archiwa comunes \ Ulead Systems \ DVD \ ULCDRSvr.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C: \ WINDOWS \ System32 \ WLTRYSVC.EXE -- End of file - 9813 bytes Oczekiwanie na szybką odpowiedź, Kathy |
|
#2
21 listopada 2008, 12:56
| |||
| |||
| Heur Trojan Generic Zapraszamy do CJ. Otwórz HijackThis i wybierz Czy system skanowania tylko. Miejsce zaznaczyć na następujące pozycje: (jeśli istnieje) O4 - HKLM \ .. \ Run: [f411a9e3] rundll32.exe "C: \ WINDOWS \ system32 \ knqyluad.dll", b Ważne: Zamknij wszystkie otwarte okna wyjątkiem HijackThis a następnie kliknij przycisk Napraw zaznaczone. Po ukończeniu, zjazd HijackThis. ---------- Uwaga: poniżej instrukcje zostały stworzone specjalnie dla tego użytkownika. Jeśli nie jesteś tego użytkownika, NIE poniższe wskazówki, jak mogą one uszkodzić twój system funkcjonowania Idź do Start> Uruchom i wpisz notepad.exe następnie kliknij przycisk OK Skopiuj i wklej poniżej do Notatnika i zapisać jako fixme.reg aby Twoja Desktop Kod: REGEDIT4 [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run] "f411a9e3" =- Upewnij się, że mi powiedzieć, jeżeli pojawi się komunikat o sukcesie dodanie wyżej do rejestru. Jeśli nie otrzymasz wiadomości sukces, to nie działa. Usuń fixme.reg z pulpitu. ---------- Prosimy drukować te instrukcje, jak będą potrzebne później, gdy dostęp do Internetu nie jest dostępny. Pobrać SDFix przez AndyManchesta i zapisz go na pulpicie. Przy użyciu tego narzędzia, należy użyć Administrator konta lub konto w Prawa administracyjne
Otwórz SDFix folder i kliknij dwukrotnie RunThis.bat , aby uruchomić skrypt.
__________________  |
|
#3
24 listopada 2008, 06:18
| |||
| |||
| Heur Trojan Generic Hello Evil, Niestety nie na piśmie przed, musiałem pójść do Hongkong dla biznesu. Stąd i nie miał czasu, aby postępować zgodnie z instrukcjami, że dzień, a dziś i stwierdziła, że HijackThis już zmienić. Jeśli mógłby podjąć się i powiedz mi, co powinienem teraz będę naprawdę doceniam i jeszcze raz Przepraszamy za opóźnienie. Tu jest: Logfile of Trend Micro HijackThis v2.0.2 Skanowanie zapisany na 09:17:07 pm, na 24/11/2008 Platforma: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Uruchamianie procesów: C: \ WINDOWS \ System32 \ smss.exe C: \ WINDOWS \ system32 \ winlogon.exe C: \ WINDOWS \ system32 \ Services.exe C: \ WINDOWS \ system32 \ lsass.exe C: \ WINDOWS \ system32 \ svchost.exe C: \ WINDOWS \ System32 \ svchost.exe C: \ WINDOWS \ System32 \ WLTRYSVC.EXE C: \ WINDOWS \ System32 \ bcmwltry.exe C: \ WINDOWS \ system32 \ spoolsv.exe C: \ WINDOWS \ explorer.exe C: \ Archiwa de programa \ Kaspersky Lab \ Kaspersky Anti-Virus 2009 \ avp.exe C: \ WINDOWS \ system32 \ svchost.exe C: \ Archiwa de programa \ Java \ jre6 \ bin \ jqs.exe C: \ WINDOWS \ System32 \ svchost.exe C: \ WINDOWS \ System32 \ svchost.exe C: \ WINDOWS \ system32 \ svchost.exe C: \ Archiwa de programa \ Microsoft Office \ Office12 \ groovemonitor.exe C: \ Archiwa de programa \ SigmaTel \ C-Major Audio \ WDM \ stsystra.exe C: \ Archiwa de programa \ Archiwa comunes \ Ulead Systems \ DVD \ ULCDRSvr.exe C: \ WINDOWS \ system32 \ WLTRAY.exe C: \ Archiwa de programa \ HP \ HP Software Update \ HPWuSchd2.exe C: \ Archiwa de programa \ Hewlett-Packard \ Toolbox2.0 \ Apache Tomcat 4.0 \ webapps \ Toolbox \ StatusClient \ statusclient.exe C: \ Archiwa de programa \ Synaptics \ SynTP \ SynTPEnh.exe C: \ Archiwa de programa \ Java \ jre6 \ bin \ jusched.exe C: \ WINDOWS \ system32 \ SearchIndexer.exe C: \ WINDOWS \ system32 \ hkcmd.exe C: \ WINDOWS \ system32 \ igfxpers.exe C: \ Archiwa de programa \ Kaspersky Lab \ Kaspersky Anti-Virus 2009 \ avp.exe C: \ WINDOWS \ system32 \ ctfmon.exe C: \ Archiwa de programa \ Windows Desktop Search \ WindowsSearch.exe C: \ Archiwa de programa \ Microsoft Office \ Office12 \ ONENOTEM.EXE c: \ Archiwa de programa \ Hewlett-Packard \ Toolbox2.0 \ Javasoft \ JRE \ 1.3.1 \ bin \ javaw.ex e C: \ WINDOWS \ system32 \ wscntfy.exe C: \ Archiwa de programa \ Canon \ CAL \ CALMAIN.exe C: \ WINDOWS \ system32 \ wbem \ wmiapsrv.exe C: \ Archiwa de programa \ Yahoo! \ Messenger \ ymsgr_tray.exe C: \ WINDOWS \ system32 \ SearchProtocolHost.exe C: \ Archiwa de programa \ Mozilla Firefox \ firefox.exe C: \ Archiwa de programa \ Trend Micro \ HijackThis \ HijackThis.exe R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.yahoo.com/ R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://www.yahoo.com/ R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.yahoo.com/ R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ SearchURL, (Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Toolbar, LinksFolderName = Vínculos R3 - URLSearchHook: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Archiwa de programa \ Yahoo! \ Companion \ Instaluje \ CPN \ yt.dll O3 - Toolbar: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Archiwa de programa \ Yahoo! \ Companion \ Instaluje \ CPN \ yt.dll O4 - HKLM \ .. \ Run: [IMJPMIG8.1] "C: \ WINDOWS \ IME \ imjp8_1 \ IMJPMIG.EXE" / Spoil / RemAdvDef / Migration32 O4 - HKLM \ .. \ Run: [PHIME2002ASync] C: \ WINDOWS \ system32 \ IME \ TINTLGNT \ TINTSETP.EXE / SYNC O4 - HKLM \ .. \ Run: [PHIME2002A] C: \ WINDOWS \ system32 \ IME \ TINTLGNT \ TINTSETP.EXE / IMEName O4 - HKLM \ .. \ Run: [GrooveMonitor] "C: \ Archiwa de programa \ Microsoft Office \ Office12 \ groovemonitor.exe" O4 - HKLM \ .. \ Run: [SigmatelSysTrayApp]% ProgramFiles% \ SigmaTel \ C-Major Audio \ WDM \ stsystra.exe O4 - HKLM \ .. \ Run: [Broadcom Wireless Manager UI] C: \ WINDOWS \ system32 \ WLTRAY.exe O4 - HKLM \ .. \ Run: [HP Software Update] C: \ Archiwa de programa \ HP \ HP Software Update \ HPWuSchd2.exe O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Archiwa de programa \ Adobe \ Reader 9.0 \ Reader \ Reader_sl.exe" O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Archiwa de programa \ QuickTime \ QTTask.exe"-atboottime O4 - HKLM \ .. \ Run: [StatusClient] C: \ Archiwa de programa \ Hewlett-Packard \ Toolbox2.0 \ Apache Tomcat 4.0 \ webapps \ Toolbox \ StatusClient \ statusclient.exe / auto O4 - HKLM \ .. \ Run: [TomcatStartup] C: \ Archiwa de programa \ Hewlett-Packard \ Toolbox2.0 \ hpbpsttp.exe O4 - HKLM \ .. \ Run: [HPLJ Config] c: \ Archiwa de programa \ Hewlett-Packard \ HP LaserJet 1150_1300 \ SetConfig.exe Direct-c-p-DOT4_001 pn "HP LaserJet 1150 PCL 5e"-n 0 -- l 1033-sl 120000 O4 - HKLM \ .. \ Run: [SynTPEnh] C: \ Archiwa de programa \ Synaptics \ SynTP \ SynTPEnh.exe O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Archiwa de programa \ Java \ jre6 \ bin \ jusched.exe" O4 - HKLM \ .. \ Run: [igfxtray] C: \ WINDOWS \ system32 \ igfxtray.exe O4 - HKLM \ .. \ Run: [igfxhkcmd] C: \ WINDOWS \ system32 \ hkcmd.exe O4 - HKLM \ .. \ Run: [igfxpers] C: \ WINDOWS \ system32 \ igfxpers.exe O4 - HKLM \ .. \ Run: [AVP] "C: \ Archiwa de programa \ Kaspersky Lab \ Kaspersky Anti-Virus 2009 \ avp.exe" O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ ctfmon.exe O4 - HKCU \ .. \ Run: [Messenger (Yahoo!)] "C: \ Archiwa de programa \ Yahoo! \ Messenger \ YahooMessenger.exe" cichy O4 - HKUS \ S-1-5-19 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'Servicio LOKALNYM) O4 - HKUS \ S-1-5-20 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'Servicio de czerwony ") O4 - HKUS \ S-1-5-18 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'SYSTEM') O4 - HKUS \. DEFAULT \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'Default user') O4 - Startup: Recorte de pantalla e Inicio rápido de OneNote 2007.lnk = C: \ Archiwa de programa \ Microsoft Office \ Office12 \ ONENOTEM.EXE O4 - Global Startup: Búsqueda en el Escritório de Windows.lnk = C: \ Archiwa de programa \ Windows Desktop Search \ WindowsSearch.exe O8 - Extra kontekście menu: E & xportar Microsoft Excel - res: / / C: \ ARCHIV ~ 1 \ Micros ~ 3 \ Office12 \ EXCEL.EXE/3000 O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Archiwa de programa \ Java \ jre6 \ bin \ jp2iexp.dll O9 - Extra 'Tools' menuitem: Sun Java de konsoli - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Archiwa de programa \ Java \ jre6 \ bin \ jp2iexp.dll O9 - Extra button: Web ruchu ochrony statystyki - (1F460357-8A94-4D71-9CA3-AA4ACF32ED8E) - C: \ Archiwa de programa \ Kaspersky Lab \ Kaspersky Anti-Virus 2009 \ SCIEPlgn.dll O9 - Extra button: Wyślij jeden OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ ARCHIV ~ 1 \ Micros ~ 3 \ Office12 \ ONBttnIE.dll O9 - Extra 'Tools' menuitem: Wyślij & jeden OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ ARCHIV ~ 1 \ Micros ~ 3 \ Office12 \ ONBttnIE.dll O9 - Extra button: HP Clipbook - (58ECB495-38F0-49cb-A538-10282ABF65E7) - C: \ Archiwa de programa \ HP \ Smart Web Printing \ hpswp_extensions.dll O9 - Extra button: HP Smart Select - (700259D7-1666-479a-93B1-3250410481E8) - C: \ Archiwa de programa \ HP \ Smart Web Printing \ hpswp_extensions.dll O9 - Extra button: Skype - (77BF5300-1474-4EC7-9980-D32B190E9B07) - C: \ Archiwa de programa \ Skype \ Toolbars \ Internet Explorer \ SkypeIEPlugin.dll O9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ ARCHIV ~ 1 \ Micros ~ 3 \ Office12 \ REFIEBAR.DLL O9 - Extra button: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe O9 - Extra 'Tools' menuitem: @ Xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe O9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Archiwa de programa \ Messenger \ msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Archiwa de programa \ Messenger \ msmsgs.exe O17 - HKLM \ System \ CCS \ Services \ Tcpip \ .. \ (07376171-B8C5-429A-AEAD-0D95181A8685): NameServer = 210.132.31.2,221.5.88.88 O17 - HKLM \ System \ CCS \ Services \ Tcpip \ .. \ (0BB9B244-504D-4515-AD0C-7D3102F43CEE): NameServer = 202.96.128.86 202.96.134.133 O17 - HKLM \ SYSTEM \ CS1 \ Services \ Tcpip \ .. \ (07376171-B8C5-429A-AEAD-0D95181A8685): NameServer = 210.132.31.2,221.5.88.88 O17 - HKLM \ SYSTEM \ CS2 \ Services \ Tcpip \ .. \ (07376171-B8C5-429A-AEAD-0D95181A8685): NameServer = 210.132.31.2,221.5.88.88 O18 - Protocol: grooveLocalGWS - (88FED34C-F0CA-4636-A375-3CB6248B04CD) - C: \ Archiwa de programa \ Microsoft Office \ Office12 \ GrooveSystemServices.dll O18 - Protocol: skype4com - (FFC8B962-9B40-4DFF-9458-1830C7DD7F5D) - C: \ ARCHIV ~ 1 \ ARCHIV ~ 1 \ Skype \ SKYPE4 ~ 1.DLL O20 - AppInit_DLLs: C: \ ARCHIV ~ 1 \ Kaspersky Lab \ Kaspersky Anti-Virus 2009 \ mzvkbd.dll, C: \ ARCHIV ~ 1 \ Kaspersky Lab \ Kaspersky Anti-Virus 2009 \ mzvkbd3.dll O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C: \ Archiwa de programa \ Kaspersky Lab \ Kaspersky Anti-Virus 2009 \ avp.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc - C: \ Archiwa de programa \ Canon \ CAL \ CALMAIN.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc - C: \ Archiwa de programa \ Java \ jre6 \ bin \ jqs.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc - C: \ Archiwa de programa \ Archiwa comunes \ Ulead Systems \ DVD \ ULCDRSvr.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C: \ WINDOWS \ System32 \ WLTRYSVC.EXE -- End of file - 9627 bytes Jeszcze raz dziękujemy i oczekuje na odpowiedź na swoje pytanie, Kathy |
|
#4
24 listopada 2008, 10:24
| |||
| |||
| Heur Trojan Generic Nadal potrzeba SDFix skanowania. Prosimy drukować te instrukcje, jak będą potrzebne później, gdy dostęp do Internetu nie jest dostępny. Pobrać SDFix przez AndyManchesta i zapisz go na pulpicie. Przy użyciu tego narzędzia, należy użyć Administrator konta lub konto w Prawa administracyjne
Otwórz SDFix folder i kliknij dwukrotnie RunThis.bat , aby uruchomić skrypt.
__________________ |
|
#5
25 listopada 2008, 05:14
| |||
| |||
| Heur Trojan Generic Evil Witaj, oto wyniki. Do tej pory komputer pracuje świetnie. Thanks a lot. Daj mi znać, jeśli coś jeszcze do zrobienia. SDFix: Version 1.240 Prowadzi Administrador 19:47 w dniu 25/11/2008 Microsoft Windows XP [Wersja 5.1.2600 ¢ n] Running From: C: \ SDFix Sprawdzanie usług : Przywracanie bezpieczeństwa Wartości domyślne Przywracanie domyślnego pliku Hosts Ponowne uruchamianie Sprawdzenie plików : Trojan Files Found: C: \ WINDOWS \ system32 \ ssqPihiH.dll - Usunięty C: \ Documents and Settings \ All Users \ Mężczyźni £ Inicio \ Programas \ Home \. Chronione - Usunięty C: \ Documents and Settings \ TrackerVsrGroup \ Mężczyźni £ Inicio \ Programas \ Home \. Chronione - Usunięty C: \ Archiwa de programa \ iSecurity \ antivirusxp.bmp - Usunięty C: \ Archiwa de programa \ iSecurity \ antivirusxp.ico - Usunięty C: \ Archiwa de programa \ iSecurity \ antivirusxpi.bmp - Usunięty C: \ Archiwa de programa \ iSecurity \ iSecurity.dat - Usunięty C: \ Archiwa de programa \ iSecurity \ iSecurity.html - Usunięty C: \ Archiwa de programa \ iSecurity \ systemdefender.bmp - Usunięty C: \ Archiwa de programa \ iSecurity \ systemdefender.ico - Usunięty C: \ Archiwa de programa \ iSecurity \ systemdefenderi.bmp - Usunięty Folderu C: \ Archiwa de programa \ IE Extensions - Usuniete Folderu C: \ Archiwa de programa \ iSecurity - Usuniete Folderu C: \ Archiwa de programa \ RichVideoCodec - Usuniete Folderu C: \ WINDOWS \ system32 \ 734914 - Usuniete Folderu C: \ WINDOWS \ system32 \ 931928 - Usuniete Usuwanie plików TEMP ADS Check : Wersja Sprawdź : catchme 0.3.1361.2 W2K/XP/Vista - Rootkit / stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-25 20:01:58 Windows 5.1.2600 Service Pack 3 dla systemu plików NTFS skanowanie ukrytych procesów ... ukryte usługi skanowania i gałęzi systemowej ... skanowanie ukrytych wpisów rejestru ... [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows Search \ Zgromadźcie \ Windows \ SystemIndex] "LogName" = "C: \ Documents and Settings \ All Users.WINDOWS \ Datos de programa \ Microsoft \ Search \ Data \ Applications \ Window s \ Projekty \ SystemIndex \ SystemIndex.Ntfy10.gthr" "SecondaryLogName" = "C: \ Documents and Settings \ All Users.WINDOWS \ Datos de programa \ Microsoft \ Search \ Data \ Applications \ Window s \ Projekty \ SystemIndex \ SystemIndex.Ntfy11.gthr" skanowanie ukrytych plików ... skanowanie zakończone pomyślnie ukrytych procesów: 0 ukryte usługi: 0 ukryte pliki: 0 Pozostałych usług : Authorized Application Key Export: [HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ usługi es \ sharedaccess \ parameters \ firewallpolicy \ standardowy profil \ authorizedapplications \ list] "C: \ WINDOWS \ system32 \ \ Sessmgr.exe" = "C: \ WINDOWS \ system32 \ \ Sessmgr.exe: *: Disabled: @ Xpsp2res.dll, -22019" "C: \ \ Archiwa de programa \ \ Ares \ \ Ares.exe" = "C: \ Archiwa de programa \ \ Ares \ \ Ares.exe: *: Disabled: Ares p2p for Windows" "C: \ WINDOWS \ \ Network Diagnostic \ \ xpnetdiag.exe" = "C: \ WINDOWS \ \ Network Diagnostic \ \ xpnetdiag.exe: *: Disabled: @ Xpsp3res.dll, -20000" "C: \ \ Archiwa de programa \ \ Hewlett-Packard \ \ Toolbox2.0 \ Javasoft \ \ JRE \ \ 1.3.1 \ \ bin \ \ ja vaw.exe" = "C: \ Archiwa de programa \ \ Hewlett-Packard \ \ Toolbox2.0 \ Javasoft \ \ JRE \ \ 1.3.1 \ \ bin \ \ ja vaw.exe: *: Disabled: javaw " "C: \ WINDOWS \ system32 \ \ mmc.exe" = "C: \ WINDOWS \ \ sys tem32 \ \ mmc.exe: *: Disabled: Microsoft Management Console" "C: \ \ Archiwa de programa \ \ Microsoft Office \ \ Office12 \ \ GROOVE.EXE" = "C: \ Archiwa de programa \ \ Microsoft Office \ \ Office12 \ \ GROOVE.EXE: *: Disabled: Microsoft Office Groove " "C: \ \ Archiwa de programa \ \ Microsoft Office \ \ Office12 \ \ ONENOTE.EXE" = "C: \ Archiwa de programa \ \ Microsoft Office \ \ Office12 \ \ ONENOTE.EXE: *: Disabled: Microsoft Office OneNote " "C: \ \ Archiwa de programa \ \ Microsoft Office \ \ Office12 \ Outlook.exe" = "C: \ Archiwa de programa \ \ Microsoft Office \ \ Office12 \ Outlook.exe: *: Disabled: Microsoft Office Outlook " "C: \ \ Archiwa de programa \ Windows Live \ \ Messenger \ \ msnmsgr.exe" = "C: \ Archiwa de programa \ Windows Live \ \ Messenger \ \ msnmsgr.exe: *: Disabled: Windows Live Messenger " "C: \ \ Archiwa de programa \ Windows Live \ \ Messenger \ \ livecall.exe" = "C: \ Archiwa de programa \ Windows Live \ \ Messenger \ \ livecall.exe: *: Disabled: Windows Live Messenger (Telefon) " "C: \ \ Archiwa de programa \ Messenger \ \ msmsgs.exe" = "C: \ Archiwa de programa \ Messenger \ \ msmsgs.exe: *: Disabled: Windows Messenger" "C: \ \ Documents and Settings \ \ All Users.WINDOWS \ \ Datos de programa \ \ Kaspersky Lab Setup Files \ \ Kaspersky Internet Security 2009 \ \ English \ \ setup.exe" = "C: \ Documents and Settings \ \ All Users.WINDOWS \ \ Datos de programa \ \ Kaspersky Lab Setup Files \ \ Kaspersky Internet Security 2009 \ \ English \ \ setup.exe: *: Disabled: Kaspersky Internet Security 2009 Setup " "C: \ \ Archiwa de programa \ \ Skype \ \ Phone \ \ Skype.exe" = "C: \ Archiwa de programa \ \ Skype \ \ Phone \ \ Skype.exe: *: Disabled: Skype" "C: \ \ Archiwa de programa \ Yahoo! \ \ Messenger \ \ YahooMessenger.exe" = "C: \ Archiwa de programa \ Yahoo! \ \ Messenger \ \ YahooMessenger.exe: *: Disabled: Yahoo! Messenger " "C: \ \ Archiwa de programa \ \ AVG \ \ AVG8 \ \ avgupd.exe" = "C: \ Archiwa de programa \ \ AVG \ \ AVG8 \ \ avgupd.exe: *: Enabled: avgupd.e XE" [HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ usługi es \ sharedaccess \ parameters \ firewallpolicy \ domainpr ofile \ authorizedapplications \ list] "% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" = "% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe: *: Enabled: @ Xpsp3res.dll, -20000" "% windir% \ system32 \ \ Sessmgr.exe" = "% windir% \ \ syste m32 \ Sessmgr.exe: *: Enabled: @ Xpsp2res.dll, -22019" "C: \ \ Archiwa de programa \ Windows Live \ \ Messenger \ \ msnmsgr.exe" = "C: \ Archiwa de programa \ Windows Live \ \ Messenger \ \ msnmsgr.exe: *: Enabled: Windows Live Messenger " "C: \ \ Archiwa de programa \ Windows Live \ \ Messenger \ \ livecall.exe" = "C: \ Archiwa de programa \ Windows Live \ \ Messenger \ \ livecall.exe: *: Enabled: Windows Live Messenger (Telefon) " Pozostałe pliki : File Backups: - C: \ SDFix \ backups \ backups.zip Pliki z Ukryte Atrybuty : Niedziela 12 marca 2006 10311680 .. SH. --- "C: \ Archiwa de programa \ AVIConverter \ mencoder.exe" Poniedziałek 14 kwietnia 2008 60416 A.SH. --- "C: \ Archiwa de programa \ Outlook Express \ Msimn.exe" Sobota 11 listopada 2006 4348 A.SH. --- "C: \ Documents and Settings \ All Users \ DRM \ DRMv1.bak" Wtorek 13 listopada 2007 0 A.SH. --- "C: \ Documents and Settings \ All Users \ DRM \ Cache \ Indiv01.tmp" Wtorek 13 luty 2007 3096576 A.. H. --- "C: \ Documents and Settings \ TrackerVsrGroup \ Datos de programa \ U3 \ temp \ Launchpad Removal.exe" Piątek 21 listopada 2008 18922 H. ... --- "C: \ Documents and Settings \ Mauricio \ Mis dokumenty \ Erika \ prywatne \ Books \ ~ WRL3517.tmp" Finished! Dzięki, Kathy |
|
#6
25. listopada 2008, 11:56
| |||
| |||
| Heur Trojan Generic Pobrać Malwarebytes' Anti-Malware (MBAM)
Dodatkowe Uwaga: Jeśli napotka MBAM plik jest trudne do usunięcia, zostanie przedstawiony Tobie z 1 z 2 monit, kliknij przycisk OK, albo niech MBAM i kontynuować proces dezynfekcji, jeżeli prośba o ponowne uruchomienie komputera, należy zrobić to natychmiast. ---------- Pobrać losowy system informacji narzędzie (RSIT) poprzez wyrywkowe / losowo z i zapisz go na pulpicie.
---------- Następna wiadomość proszę dodać: MBAM log RSIT zalogować & info dzienniki Uwaga: Może ona trwać dwa etaty, aby uzyskać wszystkie dzienniki wysłana.
__________________ |
|
#7
29 listopada 2008, 08:10
| |||
| |||
| Heur Trojan Generic Hello Evil, Oto logi: Logfile losowego systemu informacji narzędzie 1,04 (napisane przez losowej / random) Prowadzi Mauricio w 2008-11-29 23:03:34 Microsoft Windows XP Professional z dodatkiem Service Pack 3 System dysk C: jest 50 GB (68%) z 73 GB wolnego Razem RAM: 1015 MB (53% wolny) Logfile of Trend Micro HijackThis v2.0.2 Skanowanie zapisany na 11:03:42 pm, na 29/11/2008 Platforma: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Uruchamianie procesów: C: \ WINDOWS \ System32 \ smss.exe C: \ WINDOWS \ system32 \ winlogon.exe C: \ WINDOWS \ system32 \ Services.exe C: \ WINDOWS \ system32 \ lsass.exe C: \ WINDOWS \ system32 \ svchost.exe C: \ WINDOWS \ System32 \ svchost.exe C: \ WINDOWS \ System32 \ WLTRYSVC.EXE C: \ WINDOWS \ System32 \ bcmwltry.exe C: \ WINDOWS \ system32 \ spoolsv.exe C: \ WINDOWS \ explorer.exe C: \ Archiwa de programa \ Kaspersky Lab \ Kaspersky Anti-Virus 2009 \ avp.exe C: \ WINDOWS \ system32 \ svchost.exe C: \ Archiwa de programa \ Java \ jre6 \ bin \ jqs.exe C: \ WINDOWS \ System32 \ svchost.exe C: \ WINDOWS \ System32 \ svchost.exe C: \ WINDOWS \ system32 \ svchost.exe C: \ Archiwa de programa \ Archiwa comunes \ Ulead Systems \ DVD \ ULCDRSvr.exe C: \ WINDOWS \ system32 \ SearchIndexer.exe C: \ Archiwa de programa \ Microsoft Office \ Office12 \ groovemonitor.exe C: \ Archiwa de programa \ SigmaTel \ C-Major Audio \ WDM \ stsystra.exe C: \ WINDOWS \ system32 \ WLTRAY.exe C: \ Archiwa de programa \ HP \ HP Software Update \ HPWuSchd2.exe C: \ Archiwa de programa \ Adobe \ Reader 9.0 \ Reader \ Reader_sl.exe C: \ Archiwa de programa \ Hewlett-Packard \ Toolbox2.0 \ Apache Tomcat 4.0 \ webapps \ Toolbox \ StatusClient \ statusclient.exe C: \ Archiwa de programa \ Synaptics \ SynTP \ SynTPEnh.exe C: \ Archiwa de programa \ Java \ jre6 \ bin \ jusched.exe C: \ WINDOWS \ system32 \ hkcmd.exe C: \ WINDOWS \ system32 \ igfxpers.exe C: \ Archiwa de programa \ Kaspersky Lab \ Kaspersky Anti-Virus 2009 \ avp.exe C: \ WINDOWS \ system32 \ wscntfy.exe C: \ WINDOWS \ system32 \ ctfmon.exe C: \ Archiwa de programa \ Windows Desktop Search \ WindowsSearch.exe C: \ Archiwa de programa \ Microsoft Office \ Office12 \ ONENOTEM.EXE c: \ Archiwa de programa \ Hewlett-Packard \ Toolbox2.0 \ Javasoft \ JRE \ 1.3.1 \ bin \ javaw.ex e C: \ Archiwa de programa \ Canon \ CAL \ CALMAIN.exe C: \ WINDOWS \ system32 \ wbem \ wmiapsrv.exe C: \ WINDOWS \ system32 \ rundll32.exe C: \ WINDOWS \ system32 \ SearchProtocolHost.exe C: \ Archiwa de programa \ Yahoo! \ Messenger \ ymsgr_tray.exe C: \ Archiwa de programa \ Mozilla Firefox \ firefox.exe C: \ Documents and Settings \ Mauricio \ Escritório \ RSIT.exe C: \ Archiwa de programa \ Trend Micro \ HijackThis \ Mauricio.exe R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.yahoo.com/ R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://www.yahoo.com/ R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.yahoo.com/ R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ SearchURL, (Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Toolbar, LinksFolderName = Vínculos R3 - URLSearchHook: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Archiwa de programa \ Yahoo! \ Companion \ Instaluje \ CPN \ yt.dll O2 - BHO: Yahoo! Toolbar Helper - (02478D38-C3F9-4EFB-9B51-7695ECA05670) - C: \ Archiwa de programa \ Yahoo! \ Companion \ Instaluje \ CPN \ yt.dll O2 - BHO: HP Print Enhancer - (0347C33E-8762-4905-BF09-768834316C61) - C: \ Archiwa de programa \ HP \ Smart Web Printing \ hpswp_printenhancer.dll O2 - BHO: HP Print Clips - (053F9267-DC04-4294-A72C-58F732D338C0) - C: \ Archiwa de programa \ HP \ Smart Web Printing \ hpswp_framework.dll O2 - BHO: Adobe PDF Link Helper - (18DF081C-E8AD-4283-A596-FA578C2EBDC3) - C: \ Archiwa de programa \ Archiwa comunes \ Adobe \ Acrobat \ ActiveX \ AcroIEHelperShim.dll O2 - BHO: Skype add-on (główny) - (22BF413B-C6D2-4d91-82A9-A0F997BA588C) - C: \ Archiwa de programa \ Skype \ Toolbars \ Internet Explorer \ SkypeIEPlugin.dll O2 - BHO: AVG Safe Search - (3CA2F312-6F6E-4B53-A66E-4E65E497C8C0) - (no file) O2 - BHO: IEVkbdBHO - (59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C) - C: \ Archiwa de programa \ Kaspersky Lab \ Kaspersky Anti-Virus 2009 \ ievkbd.dll O2 - BHO: Groove GFS Browser Helper - (72853161-30C5-4D22-B7F9-0BBC1D38A37E) - C: \ Archiwa de programa \ Microsoft Office \ Office12 \ GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Archiwa de programa \ Java \ jre6 \ bin \ ssv.dll O2 - BHO: (no name) - (7E853D72-626A-48EC-A868-BA8D5E23E045) - (no file) O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - (9030D464-4C02-4ABF-8ECC-5164760863C6) - C: \ Archiwa de programa \ Archiwa comunes \ Microsoft Shared \ Windows Live \ WindowsLiveLogin.dll O2 - BHO: (no name) - (C08DF07A-3E49-4E25-9AB0-D3882835F153) - (no file) O2 - BHO: Java (TM) Plug-In 2 SSV Helper - (DBC80044-A445-435b-BC74-9C25C1C588A9) - C: \ Archiwa de programa \ Java \ jre6 \ bin \ jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl Class - (E7E6F031-17CE-4C07-BC86-EABFE594F69C) - C: \ Archiwa de programa \ Java \ jre6 \ lib \ rozmieścić \ jqs \ tj. \ jqs_plugin.dl l O3 - Toolbar: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Archiwa de programa \ Yahoo! \ Companion \ Instaluje \ CPN \ yt.dll O4 - HKLM \ .. \ Run: [IMJPMIG8.1] "C: \ WINDOWS \ IME \ imjp8_1 \ IMJPMIG.EXE" / Spoil / RemAdvDef / Migration32 O4 - HKLM \ .. \ Run: [PHIME2002ASync] C: \ WINDOWS \ system32 \ IME \ TINTLGNT \ TINTSETP.EXE / SYNC O4 - HKLM \ .. \ Run: [PHIME2002A] C: \ WINDOWS \ system32 \ IME \ TINTLGNT \ TINTSETP.EXE / IMEName O4 - HKLM \ .. \ Run: [GrooveMonitor] "C: \ Archiwa de programa \ Microsoft Office \ Office12 \ groovemonitor.exe" O4 - HKLM \ .. \ Run: [SigmatelSysTrayApp]% ProgramFiles% \ SigmaTel \ C-Major Audio \ WDM \ stsystra.exe O4 - HKLM \ .. \ Run: [Broadcom Wireless Manager UI] C: \ WINDOWS \ system32 \ WLTRAY.exe O4 - HKLM \ .. \ Run: [HP Software Update] C: \ Archiwa de programa \ HP \ HP Software Update \ HPWuSchd2.exe O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Archiwa de programa \ Adobe \ Reader 9.0 \ Reader \ Reader_sl.exe" O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Archiwa de programa \ QuickTime \ QTTask.exe"-atboottime O4 - HKLM \ .. \ Run: [StatusClient] C: \ Archiwa de programa \ Hewlett-Packard \ Toolbox2.0 \ Apache Tomcat 4.0 \ webapps \ Toolbox \ StatusClient \ statusclient.exe / auto O4 - HKLM \ .. \ Run: [TomcatStartup] C: \ Archiwa de programa \ Hewlett-Packard \ Toolbox2.0 \ hpbpsttp.exe O4 - HKLM \ .. \ Run: [HPLJ Config] c: \ Archiwa de programa \ Hewlett-Packard \ HP LaserJet 1150_1300 \ SetConfig.exe Direct-c-p-DOT4_001 pn "HP LaserJet 1150 PCL 5e"-n 0 -- l 1033-sl 120000 O4 - HKLM \ .. \ Run: [SynTPEnh] C: \ Archiwa de programa \ Synaptics \ SynTP \ SynTPEnh.exe O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Archiwa de programa \ Java \ jre6 \ bin \ jusched.exe" O4 - HKLM \ .. \ Run: [igfxtray] C: \ WINDOWS \ system32 \ igfxtray.exe O4 - HKLM \ .. \ Run: [igfxhkcmd] C: \ WINDOWS \ system32 \ hkcmd.exe O4 - HKLM \ .. \ Run: [igfxpers] C: \ WINDOWS \ system32 \ igfxpers.exe O4 - HKLM \ .. \ Run: [AVP] "C: \ Archiwa de programa \ Kaspersky Lab \ Kaspersky Anti-Virus 2009 \ avp.exe" O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ ctfmon.exe O4 - HKCU \ .. \ Run: [Messenger (Yahoo!)] "C: \ Archiwa de programa \ Yahoo! \ Messenger \ YahooMessenger.exe" cichy O4 - HKUS \ S-1-5-19 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'Servicio LOKALNYM) O4 - HKUS \ S-1-5-20 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'Servicio de czerwony ") O4 - HKUS \ S-1-5-18 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'SYSTEM') O4 - HKUS \. DEFAULT \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'Default user') O4 - Startup: Recorte de pantalla e Inicio rápido de OneNote 2007.lnk = C: \ Archiwa de programa \ Microsoft Office \ Office12 \ ONENOTEM.EXE O4 - Global Startup: Búsqueda en el Escritório de Windows.lnk = C: \ Archiwa de programa \ Windows Desktop Search \ WindowsSearch.exe O8 - Extra kontekście menu: E & xportar Microsoft Excel - res: / / C: \ ARCHIV ~ 1 \ Micros ~ 3 \ Office12 \ EXCEL.EXE/3000 O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Archiwa de programa \ Java \ jre6 \ bin \ jp2iexp.dll O9 - Extra 'Tools' menuitem: Sun Java de konsoli - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Archiwa de programa \ Java \ jre6 \ bin \ jp2iexp.dll O9 - Extra button: Web ruchu ochrony statystyki - (1F460357-8A94-4D71-9CA3-AA4ACF32ED8E) - C: \ Archiwa de programa \ Kaspersky Lab \ Kaspersky Anti-Virus 2009 \ SCIEPlgn.dll O9 - Extra button: Wyślij jeden OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ ARCHIV ~ 1 \ Micros ~ 3 \ Office12 \ ONBttnIE.dll O9 - Extra 'Tools' menuitem: Wyślij & jeden OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ ARCHIV ~ 1 \ Micros ~ 3 \ Office12 \ ONBttnIE.dll O9 - Extra button: HP Clipbook - (58ECB495-38F0-49cb-A538-10282ABF65E7) - C: \ Archiwa de programa \ HP \ Smart Web Printing \ hpswp_extensions.dll O9 - Extra button: HP Smart Select - (700259D7-1666-479a-93B1-3250410481E8) - C: \ Archiwa de programa \ HP \ Smart Web Printing \ hpswp_extensions.dll O9 - Extra button: Skype - (77BF5300-1474-4EC7-9980-D32B190E9B07) - C: \ Archiwa de programa \ Skype \ Toolbars \ Internet Explorer \ SkypeIEPlugin.dll O9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ ARCHIV ~ 1 \ Micros ~ 3 \ Office12 \ REFIEBAR.DLL O9 - Extra button: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe O9 - Extra 'Tools' menuitem: @ Xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe O9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Archiwa de programa \ Messenger \ msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Archiwa de programa \ Messenger \ msmsgs.exe O17 - HKLM \ System \ CCS \ Services \ Tcpip \ .. \ (07376171-B8C5-429A-AEAD-0D95181A8685): NameServer = 210.132.31.2,221.5.88.88 O17 - HKLM \ System \ CCS \ Services \ Tcpip \ .. \ (0BB9B244-504D-4515-AD0C-7D3102F43CEE): NameServer = 202.96.128.86 202.96.134.133 O17 - HKLM \ SYSTEM \ CS1 \ Services \ Tcpip \ .. \ (07376171-B8C5-429A-AEAD-0D95181A8685): NameServer = 210.132.31.2,221.5.88.88 O17 - HKLM \ SYSTEM \ CS2 \ Services \ Tcpip \ .. \ (07376171-B8C5-429A-AEAD-0D95181A8685): NameServer = 210.132.31.2,221.5.88.88 O18 - Protocol: grooveLocalGWS - (88FED34C-F0CA-4636-A375-3CB6248B04CD) - C: \ Archiwa de programa \ Microsoft Office \ Office12 \ GrooveSystemServices.dll O18 - Protocol: skype4com - (FFC8B962-9B40-4DFF-9458-1830C7DD7F5D) - C: \ ARCHIV ~ 1 \ ARCHIV ~ 1 \ Skype \ SKYPE4 ~ 1.DLL O20 - AppInit_DLLs: C: \ ARCHIV ~ 1 \ Kaspersky Lab \ Kaspersky Anti-Virus 2009 \ mzvkbd.dll, C: \ ARCHIV ~ 1 \ Kaspersky Lab \ Kaspersky Anti-Virus 2009 \ mzvkbd3.dll O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C: \ Archiwa de programa \ Kaspersky Lab \ Kaspersky Anti-Virus 2009 \ avp.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc - C: \ Archiwa de programa \ Canon \ CAL \ CALMAIN.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc - C: \ Archiwa de programa \ Java \ jre6 \ bin \ jqs.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc - C: \ Archiwa de programa \ Archiwa comunes \ Ulead Systems \ DVD \ ULCDRSvr.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C: \ WINDOWS \ System32 \ WLTRYSVC.EXE -- Koniec pliku - 11628 bajtów ====== ====== Folderze Zaplanowane zadania C: \ WINDOWS \ zadania \ AppleSoftwareUpdate.job C: \ WINDOWS \ zadania \ enlgfqlf.job ====== ====== Rejestru dump [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (02478D38-C3F9-4EFB-9B51-7695ECA05670)] Yahoo! Toolbar Helper - C: \ Archiwa de programa \ Yahoo! \ Companion \ Instaluje \ CPN \ yt.dll [2006-10-26 440384] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (0347C33E-8762-4905-BF09-768834316C61)] HP Print Enhancer - C: \ Archiwa de programa \ HP \ Smart Web Printing \ hpswp_printenhancer.dll [2007-03-03 1298024] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (053F9267-DC04-4294-A72C-58F732D338C0)] HP Print Clips - C: \ Archiwa de programa \ HP \ Smart Web Printing \ hpswp_framework.dll [2007-03-03 177768] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (18DF081C-E8AD-4283-A596-FA578C2EBDC3)] Adobe PDF Link Helper - C: \ Archiwa de programa \ Archiwa comunes \ Adobe \ Acrobat \ ActiveX \ AcroIEHelperShim.dll [2008-06-12 75128] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (22BF413B-C6D2-4d91-82A9-A0F997BA588C)] Skype add-on (główny) - C: \ Archiwa de programa \ Skype \ Toolbars \ Internet Explorer \ SkypeIEPlugin.dll [2008-06-04 1404928] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (3CA2F312-6F6E-4B53-A66E-4E65E497C8C0)] AVG Safe Search [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C)] IEVkbdBHO klasa - C: \ Archiwa de programa \ Kaspersky Lab \ Kaspersky Anti-Virus 2009 \ ievkbd.dll [2008-07-29 62728] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (72853161-30C5-4D22-B7F9-0BBC1D38A37E)] Groove GFS Browser Helper - C: \ Archiwa de programa \ Microsoft Office \ Office12 \ GrooveShellExtensions.dll [2007-08-24 2212224] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (761497BB-D6F0-462C-B6EB-D4DAF1D92D43)] SSVHelper Class - C: \ Archiwa de programa \ Java \ jre6 \ bin \ ssv.dll [2008-10-28 320920] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (7E853D72-626A-48EC-A868-BA8D5E23E045)] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (9030D464-4C02-4ABF-8ECC-5164760863C6)] Windows Live Aplicación auxiliar de inicio de sesión - C: \ Archiwa de programa \ Archiwa comunes \ Microsoft Shared \ Windows Live \ WindowsLiveLogin.dll [2007-09-20 328752] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (C08DF07A-3E49-4E25-9AB0-D3882835F153)] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (DBC80044-A445-435b-BC74-9C25C1C588A9)] Java (TM) Plug-In 2 SSV Helper - C: \ Archiwa de programa \ Java \ jre6 \ bin \ jp2ssv.dll [2008-10-28 34816] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (E7E6F031-17CE-4C07-BC86-EABFE594F69C)] JQSIEStartDetectorImpl klasa - C: \ Archiwa de programa \ Java \ jre6 \ lib \ rozmieścić \ jqs \ tj. \ jqs_plugin.dl l [2008-10-28 73728] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Internet Explorer \ Toolbar] (EF99BD32-C1FB-11D2-892F-0090271D4F88) - Yahoo! Toolbar - C: \ Archiwa de programa \ Yahoo! \ Companion \ Instaluje \ CPN \ yt.dll [2006-10-26 440384] [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ Curr entVersion \ Run] "IMJPMIG8.1" = C: \ WINDOWS \ IME \ imjp8_1 \ IMJPMIG.EX E [2008-04-14 208952] "PHIME2002ASync" = C: \ WINDOWS \ system32 \ IME \ TINTLGNT \ TINTSETP.EXE [2008-04-14 455168] "PHIME2002A" = C: \ WINDOWS \ system32 \ IME \ TINTLGNT \ odcień SETP.EXE [2008-04-14 455168] "GrooveMonitor" = C: \ Archiwa de programa \ Microsoft Office \ Office12 \ groovemonitor.exe [2007-08-24 33648] "SigmatelSysTrayApp" = C: \ Archiwa de programa \ SigmaTel \ C-Major Audio \ WDM \ stsystra.exe [2007-05-10 405504] "Broadcom Wireless Manager UI" = C: \ WINDOWS \ system32 \ WLTRAY.exe [2006-11-01 1392640] "HP Software Update" = C: \ Archiwa de programa \ HP \ HP Software Update \ HPWuSchd2.exe [2006-12-11 49152] "Adobe Reader Speed Launcher" = C: \ Archiwa de programa \ Adobe \ Reader 9.0 \ Reader \ Reader_sl.exe [2008-06-12 34672] "QuickTime Task" = C: \ Archiwa de programa \ QuickTime \ QTTask.exe [2008-05-27 413696] "StatusClient" = C: \ Archiwa de programa \ Hewlett-Packard \ Toolbox2.0 \ Apache Tomcat 4.0 \ webapps \ Toolbox \ StatusClient \ statusclient.exe [2002-12-17 36864] "TomcatStartup" = C: \ Archiwa de programa \ Hewlett-Packard \ Toolbox2.0 \ hpbpsttp.exe [2003-04-01 155648] "HPLJ Config" = c: \ Archiwa de programa \ Hewlett-Packard \ HP LaserJet 1150_1300 \ SetConfig.exe Direct-c-p-DOT4_001 pn HP LaserJet 1150 PCL 5e-n 0-l 1033-sl 120000 [] "SynTPEnh" = C: \ Archiwa de programa \ Synaptics \ SynTP \ SynTPEnh.exe [2007-12-07 1024000] "SunJavaUpdateSched" = C: \ Archiwa de programa \ Java \ jre6 \ bin \ jusched.exe [2008-10-28 136600] "igfxtray" = C: \ WINDOWS \ system32 \ igfxtray.exe [2006-09-15 94208] "igfxhkcmd" = C: \ WINDOWS \ system32 \ hkcmd.exe [2006-09-15 77824] "igfxpers" = C: \ WINDOWS \ system32 \ igfxpers.exe [2006-09-15 118784] "AVP" = C: \ Archiwa de programa \ Kaspersky Lab \ Kaspersky Anti-Virus 2009 \ avp.exe [2008-07-29 206088] [HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntVersion \ Run] "Ctfmon.exe" = C: \ WINDOWS \ system32 \ ctfmon.exe [2008-04-14 15360] "Messenger (Yahoo!)" = C: \ Archiwa de programa \ Yahoo! \ Messenger \ YahooMessenger.exe [2008-11-05 4347120] C: \ Documents and Settings \ All Users.WINDOWS \ Menu Inicio \ Programas \ Inicio Búsqueda en el Escritório de Windows.lnk - C: \ Archiwa de programa \ Windows Desktop Search \ WindowsSearch.exe C: \ Documents and Settings \ Mauricio \ Menu Inicio \ Programas \ Inicio Recorte de pantalla e Inicio rápido de OneNote 2007.lnk - C: \ Archiwa de programa \ Microsoft Office \ Office12 \ ONENOTEM.EXE [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Windows] "AppInit_DLLS" = "C: \ ARCHIV ~ 1 \ Kaspersky Lab \ Kaspersky Anti-Virus 2009 \ mzvkbd.dll C: \ ARCHIV ~ 1 \ Kaspersky Lab \ Kaspersky Anti-Virus 2009 \ mzvkbd3.dll" [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \ igfxcui] C: \ WINDOWS \ system32 \ igfxdev.dll [2006-09-15 139264] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \ klogon] C: \ WINDOWS \ system32 \ klogon.dll [2008-07-29 218376] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ ShellServiceObjectDelayLoad] UPnPMonitor - (e57ce738-33e8-4c51-8354-bb4de9d215d1) - C: \ WINDOWS \ system32 \ upnpui.dll [2008-04-14 240128] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ ShellExecuteHooks] "(B5A7F190-DDA6-4420-B3BA-52453494E6CD)" = C: \ Archiwa de programa \ Microsoft Office \ Office12 \ GrooveShellExtensions.dll [2007-08-24 2212224] "(56F9679E-7826-4C84-81F3-532071A8BCC5)" = C: \ Archiwa de programa \ Windows Desktop Search \ MSNLNamespaceMgr.dll [2007-02-06 294400] [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ Curr entVersion \ Policies \ System] "dontdisplaylastusername" = 0 "legalnoticecaption" = "legalnoticetext" = "shutdownwithoutlogon" = 1 "undockwithoutlogon" = 1 [HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntVersion \ Policies \ Explorer] "NoDriveTypeAutoRun" = 145 [HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ usługi es \ sharedaccess \ parameters \ firewallpolicy \ standardowy profil \ authorizedapplications \ list] "C: \ WINDOWS \ system32 \ Sessmgr.exe" = "C: \ WINDOWS \ system em32 \ Sessmgr.exe: *: Disabled: @ Xpsp2res.dll, -22019" "C: \ Archiwa de programa \ Ares \ Ares.exe" = "C: \ Archiwa de programa \ Ares \ Ares.exe: *: Disabled: Ares p2p for Windows" "C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe" = "C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe: *: Disabled: @ Xpsp3res.dll, -20000" "C: \ Archiwa de programa \ Hewlett-Packard \ Toolbox2.0 \ Javasoft \ JRE \ 1.3.1 \ bin \ javaw.ex e" = "C: \ Archiwa de programa \ Hewlett-Packard \ Toolbox2.0 \ Javasoft \ JRE \ 1.3.1 \ bin \ javaw.ex e: *: Disabled: javaw " "C: \ WINDOWS \ system32 \ mmc.exe" = "C: \ WINDOWS \ system32 \ mmc.exe: *: Disabled: Microsoft Management Console" "C: \ Archiwa de programa \ Microsoft Office \ Office12 \ GROOVE.EXE" = "C: \ Archiwa de programa \ Microsoft Office \ Office12 \ GROOVE.EXE: *: Disabled: Microsoft Office Groove" "C: \ Archiwa de programa \ Microsoft Office \ Office12 \ ONENOTE.EXE" = "C: \ Archiwa de programa \ Microsoft Office \ Office12 \ ONENOTE.EXE: *: Disabled: Microsoft Office OneNote" "C: \ Archiwa de programa \ Microsoft Office \ Office12 \ Outlook.exe" = "C: \ Archiwa de programa \ Microsoft Office \ Office12 \ Outlook.exe: *: Disabled: Microsoft Office Outlook" "C: \ Archiwa de programa \ Windows Live \ Messenger \ msnmsgr.exe" = "C: \ Archiwa de programa \ Windows Live \ Messenger \ msnmsgr.exe: *: Disabled: Windows Live Messenger" "C: \ Archiwa de programa \ Windows Live \ Messenger \ livecall.exe" = "C: \ Archiwa de programa \ Windows Live \ Messenger \ livecall.exe: *: Disabled: Windows Live Messenger (Telefon)" "C: \ Archiwa de programa \ Messenger \ msmsgs.exe" = "C: \ Archiwa de programa \ Messenger \ msmsgs.exe: *: Disabled: Windows Messenger" "C: \ Documents and Settings \ All Users.WINDOWS \ Datos de programa \ Kaspersky Lab Setup Files \ Kaspersky Internet Security 2009 \ English \ setup.exe" = "C: \ Documents and Settings \ All Users.WINDOWS \ Datos de programa \ Kaspersky Lab Setup Files \ Kaspersky Internet Security 2009 \ English \ setup.exe: *: Disabled: Kaspersky Internet Security 2009 Setup " "C: \ Archiwa de programa \ Yahoo! \ Messenger \ YahooMessenger.exe" = "C: \ Archiwa de programa \ Yahoo! \ Messenger \ YahooMessenger.exe: *: Sob abled: Yahoo! Messenger" "C: \ Archiwa de programa \ AVG \ AVG8 \ avgupd.exe" = "C: \ Archiwa de programa \ AVG \ AVG8 \ avgupd.exe: *: Enabled: avgupd.exe" "C: \ Archiwa de programa \ Skype \ Phone \ Skype.exe" = "C: \ Archiwa de programa \ Skype \ Phone \ Skype.exe: *: Enabled: Skype" [HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ usługi es \ sharedaccess \ parameters \ firewallpolicy \ domainpr ofile \ authorizedapplications \ list] "% windir% \ Network Diagnostic \ xpnetdiag.exe" = "% windir% \ Network Diagnostic \ xpnetdiag.exe: *: Enabled: @ Xpsp3res.dll, -20000" "% windir% \ system32 \ Sessmgr.exe" = "% windir% \ system32 \ Sessmgr.exe: *: Enabled: @ Xpsp2res.dll, -22019" "C: \ Archiwa de programa \ Windows Live \ Messenger \ msnmsgr.exe" = "C: \ Archiwa de programa \ Windows Live \ Messenger \ msnmsgr.exe: *: Enabled: Windows Live Messenger" "C: \ Archiwa de programa \ Windows Live \ Messenger \ livecall.exe" = "C: \ Archiwa de programa \ Windows Live \ Messenger \ livecall.exe: *: Enabled: Windows Live Messenger (Telefon)" ====== Lista pliki utworzone w ciągu ostatnich 1 miesiąc ====== 2008-11-29 23:03:33 ---- D ---- C: \ rsit 2008-11-29 22:41:40 ---- D ---- C: \ Documents and Settings \ Mauricio \ Datos de programa \ Malwarebytes 2008-11-29 22:41:23 ---- D ---- C: \ Documents and Settings \ All Users.WINDOWS \ Datos de programa \ Malwarebytes 2008-11-29 22:41:23 ---- D ---- C: \ Archiwa de programa \ Malwarebytes' Anti-Malware 2008-11-29 09:19:41 SH ---- ---- C: \ WINDOWS \ system32 \ dhtngaxu.ini 2008-11-27 22:05:52 SH ---- ---- C: \ WINDOWS \ system32 \ pugslxae.ini 2008-11-26 22:03:57 SH ---- ---- C: \ WINDOWS \ system32 \ eukkiphh.ini 2008-11-25 19:41:04 ---- D ---- C: \ WINDOWS \ ERUNT 2008-11-25 11:01:26 SH ---- ---- C: \ WINDOWS \ system32 \ lulxsfxo.ini 2008-11-24 21:19:15 ---- D ---- C: \ SDFix 2008-11-24 07:58:30 SH ---- ---- C: \ WINDOWS \ system32 \ xgvvibbj.ini 2008-11-22 08:27:10 SH ---- ---- C: \ WINDOWS \ system32 \ pqukverl.ini 2008-11-21 21:52:02 ---- D ---- C: \ Archiwa de programa \ Trend Micro 2008-11-21 08:24:21 SH ---- ---- C: \ WINDOWS \ system32 \ daulyqnk.ini 2008-11-21 07:57:32 ---- D ---- C: \ Documents and Settings \ Mauricio \ Datos de programa \ Desktopicon 2008-11-21 07:57:23 ---- D ---- C: \ Archiwa de programa \ Unlocker 2008-11-20 08:08:07 ---- A ---- C: \ WINDOWS \ Ntbtlog.txt 2008-11-19 23:33:53 SH ---- ---- C: \ WINDOWS \ system32 \ hhgdaqoj.ini 2008-11-19 20:40:38 ---- D ---- C: \ WINDOWS \ system32 \ NtmsData 2008-11-19 00:35:14 ---- D ---- C: \ WINDOWS \ RegisteredPackages 2008-11-19 00:18:12 ---- N ---- C: \ WINDOWS \ system32 \ pxcpya64.exe 2008-11-19 00:17:54 ---- N ---- C: \ WINDOWS \ system32 \ pxinsa64.exe 2008-11-19 00:17:50 ---- N ---- C: \ WINDOWS \ system32 \ vxblock.dll 2008-11-19 00:17:50 ---- N ---- C: \ WINDOWS \ system32 \ pxwave.dll 2008-11-19 00:17:50 ---- N ---- C: \ WINDOWS \ system32 \ pxsfs.dll 2008-11-19 00:17:50 ---- N ---- C: \ WINDOWS \ system32 \ pxmas.dll 2008-11-19 00:17:50 ---- N ---- C: \ WINDOWS \ system32 \ pxhpinst.exe 2008-11-19 00:17:50 ---- N ---- C: \ WINDOWS \ system32 \ pxdrv.dll 2008-11-19 00:17:50 ---- N ---- C: \ WINDOWS \ system32 \ pxafs.dll 2008-11-19 00:17:50 ---- N ---- C: \ WINDOWS \ system32 \ px.dll 2008-11-19 00:16:06 ---- D ---- C: \ Documents and Settings \ Mauricio \ Datos de programa \ Winamp 2008-11-19 00:16:06 ---- D ---- C: \ Archiwa de programa \ Winamp 2008-11-18 23:18:58 ---- D ---- C: \ Documents and Settings \ All Users.WINDOWS \ Datos de programa \ Kaspersky Lab 2008-11-18 23:18:58 ---- D ---- C: \ Archiwa de programa \ Kaspersky Lab 2008-11-18 22:53:33 SH ---- ---- C: \ WINDOWS \ system32 \ gpifbath.ini 2008-11-18 22:53:08 ---- D ---- C: \ Documents and Settings \ All Users.WINDOWS \ Datos de programa \ Yahoo! Companion 2008-11-18 22:52:54 ---- A ---- C: \ WINDOWS \ system32 \ ff326d9d-.txt 2008-11-18 22:49:38 popiół ---- ---- C: \ WINDOWS \ system32 \ OrBIOqss.ini 2008-11-18 21:50:39 ---- D ---- C: \ Documents and Settings \ All Users.WINDOWS \ Datos de programa \ Kaspersky Lab Setup Files 2008-11-18 21:50:11 ---- D ---- C: \ Documents and Settings \ All Users.WINDOWS \ Datos de programa \ Avg8 2008-11-18 21:01:02 ---- D ---- C: \ Documents and Settings \ All Users.WINDOWS \ Datos de programa \ Yahoo! 2008-11-18 21:00:55 ---- D ---- C: \ Archiwa de programa \ Yahoo! 2008-11-16 18:22:11 ---- A ---- C: \ WINDOWS \ system32 \ igfxres.dll 2008-11-16 18:14:28 ---- A ---- C: \ WINDOWS \ system32 \ iAlmCoIn_v4693.dll 2008-11-16 18:14:04 ---- D ---- C: \ Archiwa de programa \ Lenovo 2008-11-16 18:13:02 ---- D ---- C: \ Documents and Settings \ Mauricio \ Datos de programa \ InstallShield 2008-11-16 17:07:04 ---- D ---- C: \ Archiwa de programa \ Ares 2008-11-16 07:56:56 HDC ---- ---- C: \ Documents and Settings \ All Users.WINDOWS \ Datos de programa \ (51019853-129c-4EDE-9030-D5FD7BBD9AD0) 2008-11-16 07:50:56 ---- N ---- C: \ WINDOWS \ system32 \ spmsg2.dll 2008-11-16 07:50:46 HDC ---- ---- C: \ WINDOWS \ $ $ NtUninstallXPSEPSCLP 2008-11-16 07:45:41 ---- D ---- C: \ WINDOWS \ system32 \ XPSViewer 2008-11-16 07:45:33 ---- D ---- C: \ WINDOWS \ system32 \ pl-PL 2008-11-16 07:45:22 ---- D ---- C: \ Archiwa de programa \ Reference Assemblies 2008-11-16 07:43:37 ---- N ---- C: \ WINDOWS \ system32 \ prntvpt.dll 2008-11-16 07:43:36 ---- N ---- C: \ WINDOWS \ system32 \ xpssvcs.dll 2008-11-16 07:43:36 ---- N ---- C: \ WINDOWS \ system32 \ xpsshhdr.dll 2008-11-16 07:43:35 ---- D ---- C: \ 5f1fa5494e63fddfbdfa29aa67bcdc5a 2008-11-16 07:32:05 ---- D ---- C: \ Documents and Settings \ All Users.WINDOWS \ Datos de programa \ DriverScanner 2008-11-16 07:30:14 HDC ---- ---- C: \ Documents and Settings \ All Users.WINDOWS \ Datos de programa \ (D5ABFFAD-D592-4F98-B02B-587125B4801F) 2008-11-16 07:27:18 ---- D ---- C: \ Documents and Settings \ Mauricio \ Datos de programa \ Uniblue 2008-11-16 07:26:25 ---- D ---- C: \ Archiwa de programa \ Uniblue 2008-11-16 07:25:46 HDC ---- ---- C: \ Documents and Settings \ All Users.WINDOWS \ Datos de programa \ (B46E1EF5-0B37-4DB4-A4E2-9F2B41036185) 2008-10-31 20:38:38 ---- A ---- C: \ WINDOWS \ system32 \ vfwwdm32.dll 2008-10-30 19:39:53 ---- D ---- C: \ Documents and Settings \ All Users.WINDOWS \ Datos de programa \ QuickTime 2008-10-30 19:39:05 ---- D ---- C: \ Archiwa de programa \ Archiwa comunes \ Ulead Systems 2008-10-30 19:38:30 ---- D ---- C: \ Archiwa de programa \ InterVideo Information Service 2008-10-30 19:38:30 ---- D ---- C: \ Archiwa de programa \ Archiwa comunes \ Ulead 2008-10-30 19:37:27 ---- D ---- C: \ Archiwa de programa \ Archiwa comunes \ InterVideo 2008-10-30 19:37:22 ---- D ---- C: \ Archiwa de programa \ InterVideo 2008-10-30 19:37:22 ---- A ---- C: \ WINDOWS \ mws.exe 2008-10-30 19:37:13 ---- D ---- C: \ Documents and Settings \ Mauricio \ Datos de programa \ InterVideo 2008-10-30 19:36:31 ---- D ---- C: \ Archiwa de programa \ Digital Camera ====== Lista pliki zmodyfikowane w ciągu ostatnich 1 miesiąc ====== 2008-11-29 23:02:55 ---- D ---- C: \ WINDOWS \ Temp 2008-11-29 23:01:22 ---- D ---- C: \ Archiwa de programa \ Mozilla Firefox 2008-11-29 22:59:43 ---- D ---- C: \ WINDOWS 2008-11-29 22:58:13 ---- D ---- C: \ WINDOWS \ system32 \ drivers 2008-11-29 22:58:13 ---- D ---- C: \ WINDOWS \ system32 2008-11-29 22:57:31 ---- A ---- C: \ WINDOWS \ SchedLgU.Txt 2008-11-29 22:41:23 RD ---- ---- C: \ Archiwa de programa 2008-11-29 09:39:51 ---- D ---- C: \ Archiwa de programa \ Mozilla Thunderbird 2008-11-28 20:28:20 ---- D ---- C: \ WINDOWS \ system32 \ Catroot2 2008-11-26 00:42:28 ---- D ---- C: \ Documents and Settings \ Mauricio \ Datos de programa \ Skype 2008-11-25 22:39:44 ---- D ---- C: \ Documents and Settings \ Mauricio \ Datos de programa \ skypePM 2008-11-21 09:46:32 ---- A ---- C: \ WINDOWS \ system32 \ PerfStringBackup.INI 2008-11-21 08:20:19 ---- A ---- C: \ WINDOWS \ OEWABLog.txt 2008-11-21 01:29:03 ---- SHD ---- C: \ System Volume Information 2008-11-21 01:29:03 ---- D ---- C: \ WINDOWS \ system32 \ restore 2008-11-21 00:01:59 ---- D ---- C: \ Program Files 2008-11-20 12:39:56 ---- D ---- C: \ WINDOWS \ prefetch 2008-11-20 08:14:06 ---- SHD ---- C: \ Recycler 2008-11-20 08:09:06 ---- D ---- C: \ Documents and Settings 2008-11-19 20:08:01 ---- D ---- C: \ WINDOWS \ Help 2008-11-19 20:00:27 ---- D ---- C: \ WINDOWS \ system32 \ config 2008-11-19 07:15:53 ---- D ---- C: \ WINDOWS \ security 2008-11-19 00:45:38 ---- D ---- C: \ WINDOWS \ Debug 2008-11-19 00:45:24 ---- HD ---- C: \ WINDOWS \ inf 2008-11-19 00:42:49 ---- RSHDC ---- C: \ WINDOWS \ system32 \ dllcache 2008-11-18 23:26:21 ---- SHD ---- C: \ WINDOWS \ Installer 2008-11-18 23:26:18 ---- HD ---- C: \ Config.msi 2008-11-18 22:54:46 ---- D ---- C: \ WINDOWS \ diagnostyki sieci 2008-11-18 22:39:38 SD ---- ---- C: \ WINDOWS \ Zadania 2008-11-18 22:05:01 RSD ---- ---- C: \ WINDOWS \ Fonts 2008-11-18 20:27:00 RASH ---- ---- C: \ boot.ini 2008-11-16 21:31:33 ---- D ---- C: \ WINDOWS \ Microsoft.NET 2008-11-16 21:31:31 RSD ---- ---- C: \ WINDOWS \ assembly 2008-11-16 19:29:33 ---- D ---- C: \ Documents and Settings \ Mauricio \ Datos de programa \ ZoomBrowser EX 2008-11-16 19:12:02 ---- D ---- C: \ Documents and Settings \ Mauricio \ Datos de programa \ CameraWindowDC 2008-11-16 18:19:17 DC ---- ---- C: \ WINDOWS \ system32 \ DRVSTORE 2008-11-16 18:18:59 ---- D ---- C: \ Archiwa de programa \ Broadcom 2008-11-16 18:15:38 ---- D ---- C: \ WINDOWS \ system32 \ ReinstallBackups 2008-11-16 18:14:04 ---- HD ---- C: \ Archiwa de programa \ InstallShield Installation Information 2008-11-16 18:12:53 ---- D ---- C: \ drivers 2008-11-16 18:00:33 ---- D ---- C: \ Archiwa de programa \ Videolan 2008-11-16 17:49:54 ---- D ---- C: \ i386 2008-11-16 07:51:08 ---- A ---- C: \ WINDOWS \ imsins.bak 2008-11-16 07:50:04 ---- D ---- C: \ WINDOWS \ system32 \ es-es 2008-11-16 07:45:35 ---- D ---- C: \ Archiwa de programa \ MSBuild 2008-11-16 07:41:29 ---- D ---- C: \ WINDOWS \ WinSxS 2008-10-30 19:40:39 ---- D ---- C: \ Archiwa de programa \ Google 2008-10-30 19:39:05 ---- D ---- C: \ Archiwa de programa \ Archiwa comunes 2008-10-30 19:36:32 ---- D ---- C: \ WINDOWS \ system ====== Lista kierowców (R = Running, S = Zatrzymana, 0 = Boot, 1 = System, 2 = Auto, 3 = Demand, 4 = niepełnosprawnych )====== R1 intelppm; Controlador de procesador Intel; C: \ WINDOWS \ system32 \ DRIVERS \ Intelppm.sys [2008-04-14 40576] R1 KLIF; Kaspersky Lab Driver; C: \ WINDOWS \ system32 \ DRIVERS \ klif.sys [2008-11-18 213008] R3 BCM43XX; Controlador de la Tarjeta de czerwony inalámbrica de Dell WLAN; C: \ WINDOWS \ system32 \ DRIVERS \ bcmwl5.sys [2006-10-12 604928] R3 bcm4sbxp; Broadcom 440x 10/100 Integrated Controller XP Driver; C: \ WINDOWS \ system32 \ DRIVERS \ bcm4sbxp.sys [2006-11-21 45568] R3 CmBatt; Controlador de batería de Método de kontroli de Microsoft ACPI, C: \ WINDOWS \ system32 \ DRIVERS \ CmBatt.sys [2008-04-14 13952] R3 HDAudBus; Controlador de bus de Microsoft UAA pkt High Definition Audio, C: \ WINDOWS \ system32 \ DRIVERS \ Hdaudbus.sys [2008-04-14 144384] R3 ialm; ialm; C: \ WINDOWS \ system32 \ DRIVERS \ ialmnt5.sys [2006-09-15 1173468] R3 Iviaspi; IVI ASPI Shell; C: \ WINDOWS \ system32 \ drivers \ iviaspi.sys [2006-11-22 16024] R3 klim5; Kaspersky Anti-Virus NDIS Filter; C: \ WINDOWS \ system32 \ DRIVERS \ klim5.sys [2008-04-30 24592] R3 NWADI; NWADI Autobus numeratora; C: \ WINDOWS \ system32 \ DRIVERS \ NWADIenum.sys [2006-03-27 74752] R3 STHDA; SigmaTel High Definition Audio CODEC; C: \ WINDOWS \ system32 \ drivers \ sthda.sys [2007-05-10 1222840] R3 SynTP; Synaptics Touchpad Driver, C: \ WINDOWS \ system32 \ DRIVERS \ SynTP.sys [2007-12-07 220032] R3 usbehci; Controlador minipuerto de la controladora mejorada USB 2.0 od firmy Microsoft; C: \ WINDOWS \ system32 \ DRIVERS \ usbehci.sys [2008-04-14 30208] R3 usbhub; Concentrador habilitado USB2, C: \ WINDOWS \ system32 \ DRIVERS \ Usbhub.sys [2008-04-14 59520] R3 usbuhci; Controlador minipuerto de la controladora de hosta USB uniwersalny od firmy Microsoft; C: \ WINDOWS \ system32 \ DRIVERS \ usbuhci.sys [2008-04-14 20608] S3 catchme; catchme; \? \ C: \ DOCUME ~ 1 \ Mauricio \ CONFIG ~ 1 \ Temp \ catchme.sys [] S3 CCDECODE; Descodificador de título cerrado; C: \ WINDOWS \ system32 \ DRIVERS \ CCDECODE.sys [2008-04-14 17024] S3 Dot4; Controlador MS IEEE-1284,4; C: \ WINDOWS \ system32 \ DRIVERS \ Dot4.sys [2008-04-14 206976] S3 Dot4Print; Controlador de clase de Impresión pkt IEEE-1284,4; C: \ WINDOWS \ system32 \ DRIVERS \ Dot4Prt.sys [2001-08-18 12928] S3 dot4usb; MS Dot4USB Filtr Filtr Dot4USB; C: \ WINDOWS \ system32 \ DRIVERS \ dot4usb.sys [2001-08-23 24064] S3 hidusb; Controlador de clases HID od firmy Microsoft; C: \ WINDOWS \ system32 \ DRIVERS \ Hidusb.sys [2008-04-14 10368] S3 HPZid412; IEEE-1284,4 Driver HPZid412; C: \ WINDOWS \ system32 \ DRIVERS \ HPZid412.sys [2006-12-03 49920] S3 HPZipr12; Drukuj klasy Driver for IEEE-1284,4 HPZipr12; C: \ WINDOWS \ system32 \ DRIVERS \ HPZipr12.sys [2006-12-03 16496] S3 HPZius12; USB do IEEE-1284,4 Translation Driver HPZius12; C: \ WINDOWS \ system32 \ DRIVERS \ HPZius12.sys [2006-12-03 21568] S3 mouhid; Controlador HID de myszy; C: \ WINDOWS \ system32 \ DRIVERS \ mouhid.sys [2001-08-24 12416] S3 MSTEE; Przelicznik Tee / Sink-to-Sink de Transferência de Microsoft, C: \ WINDOWS \ system32 \ drivers \ MSTEE.sys [2008-04-14 5504] S3 NABTSFEC; Codec NABTS / FEC VBI; C: \ WINDOWS \ system32 \ DRIVERS \ NABTSFEC.sys [2008-04-14 85248] S3 NdisIP; conexión de TV / Video de Microsoft, C: \ WINDOWS \ system32 \ DRIVERS \ NdisIP.sys [2008-04-14 10880] S3 PCASp50; PCASp50 NDIS Protocol Driver; C: \ WINDOWS \ System32 \ Drivers \ PCASp50.sys [2006-04-10 18560] S3 SLIP; BDA Slip De-Framer; C: \ WINDOWS \ system32 \ DRIVERS \ SLIP.sys [2008-04-14 11136] S3 streamip; receptora BDA IP; C: \ WINDOWS \ system32 \ DRIVERS \ StreamIP.sys [2008-04-14 15232] S3 usbccgp; Controlador primario generico USB od firmy Microsoft; C: \ WINDOWS \ system32 \ DRIVERS \ usbccgp.sys [2008-04-14 32128] S3 usbprint; clase de impresora USB od firmy Microsoft; C: \ WINDOWS \ system32 \ DRIVERS \ usbprint.sys [2008-04-14 25856] S3 usbscan; Controlador de escáner USB; C: \ WINDOWS \ system32 \ DRIVERS \ Usbscan.sys [2008-04-14 15104] S3 UsbStor; Dispositivo de almacenamiento de datos masivo USB; C: \ WINDOWS \ system32 \ DRIVERS \ USBSTOR.SYS [2008-04-14 26368] S3 usbvideo; Dispositivo de film wideo USB (WDM); C: \ WINDOWS \ System32 \ Drivers \ usbvideo.sys [2008-04-14 121984] S3 WSTCODEC; Codec de teletexto estándar mundial, C: \ WINDOWS \ system32 \ DRIVERS \ WSTCODEC.SYS [2008-04-14 19200] S4 WS2IFSL; Entorno de compatibilidad con Dostawcy nie IFS de servicios de Windows Socket 2.0; C: \ WINDOWS \ system32 \ drivers \ ws2ifsl.sys [2001-08-24 12032] ====== Wykaz usług (R = Running, S = Zatrzymana, 0 = Boot, 1 = System, 2 = Auto, 3 = Demand, 4 = niepełnosprawnych )====== R2 AVP; Kaspersky Anti-Virus, C: \ Archiwa de programa \ Kaspersky Lab \ Kaspersky Anti-Virus 2009 \ avp.exe [2008-07-29 206088] R2 CCALib8; Canon Camera Access Library 8; C: \ Archiwa de programa \ Canon \ CAL \ CALMAIN.exe [2007-01-31 96370] R2 hpqddsvc; Servicio HP CUE DeviceDiscovery; C: \ WINDOWS \ system32 \ svchost.exe [2008-04-14 14336] R2 JavaQuickStarterService; Java Quick Starter; C: \ Archiwa de programa \ Java \ jre6 \ bin \ jqs.exe [2008-10-28 152984] R2 Net Driver HPZ12, Net Driver HPZ12; C: \ WINDOWS \ System32 \ svchost.exe [2008-04-14 14336] R2 Pml Driver HPZ12, Pml Driver HPZ12; C: \ WINDOWS \ System32 \ svchost.exe [2008-04-14 14336] R2 UleadBurningHelper; Ulead Burning Helper, C: \ Archiwa de programa \ Archiwa comunes \ Ulead Systems \ DVD \ ULCDRSvr.exe [2004-12-13 49152] R2 UMWdf, Windows User Mode Driver ramowej; C: \ WINDOWS \ system32 \ wdfmgr.exe [2005-01-28 38912] R2 wltrysvc; Dell Wireless WLAN Tray Service; C: \ WINDOWS \ System32 \ WLTRYSVC.EXE [2006-11-01 20480] R2 WSearch; Búsqueda de Windows, C: \ WINDOWS \ system32 \ SearchIndexer.exe [2007-02-06 300032] R3 hpqcxs08; hpqcxs08; C: \ WINDOWS \ system32 \ svchost.exe [2008-04-14 14336] S3 aspnet_state; ASP.NET państwa Service; C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0.50727 \ aspn et_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;. NET Runtime Optimization Service v2.0.50727_X86; C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0.50727 \ msco rsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0, Windows Presentation Foundation Font Cache 3.0.0.0; C: \ WINDOWS \ Microsoft.NET \ Framework \ v3.0 \ WPF \ prezentacji tationFontCache.exe [2008-07-29 46104] S3 idsvc; Windows CardSpace, C: \ WINDOWS \ Microsoft.NET \ Framework \ v3.0 \ Windows Communication Foundation \ infocard.exe [2008-07-29 881664] S3 Microsoft Office Groove Audit Service, Microsoft Office Groove Audit Service; C: \ Archiwa de programa \ Microsoft Office \ Office12 \ GrooveAuditService.exe [2007-08-24 68464] S3 odserv; Microsoft Office Diagnostics Service; C: \ Archiwa de programa \ Archiwa comunes \ Microsoft Shared \ Office12 \ ODSERV.EXE [2007-08-24 443776] S3 ose; Office Source Engine, C: \ Archiwa de programa \ Archiwa comunes \ Microsoft Shared \ Source Engine \ Ose.exe [2006-10-26 145184] S3 usnjsvc; Servicio del Lector USN diario de Carpetas PARA COMPARTIR de Messenger, C: \ Archiwa de programa \ Windows Live \ Messenger \ usnsvc.exe [2007-10-19 98328] S3 WLSetupSvc; Windows Live Setup Service; C: \ Archiwa de programa \ Windows Live \ installer \ WLSetupSvc.exe [2007-10-26 266240] S4 NetTcpPortSharing; Net.Tcp Port Sharing Service; C: \ WINDOWS \ Microsoft.NET \ Framework \ v3.0 \ Windows Communication Foundation \ smsvchost.exe [2008-07-29 132096] S4 Zumie Search Service; Zumie Search Service; C: \ Archiwa de programa \ Zumie \ zumie.exe C: \ Archiwa de programa \ Zumie \ zumie.dll Service [] ----------------- EOF ----------------- |
|
#8
29 listopada 2008, 08:11
| |||
| |||
| Heur Trojan Generic info.txt logfile losowego systemu informacji narzędzie 1,04 2008-11-29 23:03:46 ====== ====== Odinstaluj listy -> "C: \ Archiwa de programa \ InstallShield Installation Information \ (F37167DD-4436-4641-90B6-329D60632DDA) \ Setup.exe" REMOVEALL - u: (F37167DD-4436-4641-90B6-329D60632DDA) -> Rundll32 C: \ ARCHIV ~ 1 \ ARCHIV ~ 1 \ INSTAL ~ 1 \ zawodowej ~ 1 \ RunTime \ 070 1 \ Intel32 \ Ctor.dll, LaunchSetup "C: \ Archiwa de programa \ InstallShield Installation Information \ (FA7621DC - 7144-4A24-973C-B9BC0E945628) \ setup.exe "-l0x9 -> rundll32.exe Setupapi.dll, DefaultUninstall InstallHinfSection 132 C: \ WINDOWS \ inf \ PCHealth.inf Microsoft Office 2007 Suite Service Pack 1 (SP1) -> msiexec / package (90120000-0015-0C0A-0000-0000000FF1CE) / uninstall (2CC8520D-6A74-4CCA-9539-8E774E2B50D1) Microsoft Office 2007 Suite Service Pack 1 (SP1) -> msiexec / package (90120000-0016-0C0A-0000-0000000FF1CE) / uninstall (2CC8520D-6A74-4CCA-9539-8E774E2B50D1) Microsoft Office 2007 Suite Service Pack 1 (SP1) -> msiexec / package (90120000-0018-0C0A-0000-0000000FF1CE) / uninstall (2CC8520D-6A74-4CCA-9539-8E774E2B50D1) Microsoft Office 2007 Suite Service Pack 1 (SP1) -> msiexec / package (90120000-0019-0C0A-0000-0000000FF1CE) / uninstall (2CC8520D-6A74-4CCA-9539-8E774E2B50D1) Microsoft Office 2007 Suite Service Pack 1 (SP1) -> msiexec / package (90120000-001A-0C0A-0000-0000000FF1CE) / uninstall (2CC8520D-6A74-4CCA-9539-8E774E2B50D1) Microsoft Office 2007 Suite Service Pack 1 (SP1) -> msiexec / package (90120000-001B-0C0A-0000-0000000FF1CE) / uninstall (2CC8520D-6A74-4CCA-9539-8E774E2B50D1) Microsoft Office 2007 Suite Service Pack 1 (SP1) -> msiexec / package (90120000-001F-0403-0000-0000000FF1CE) / uninstall (A5B6B786-2D6F-4B75-940F-42B32D01D146) Microsoft Office 2007 Suite Service Pack 1 (SP1) -> msiexec / package (90120000-001F-0409-0000-0000000FF1CE) / uninstall (3EC77D26-4CD8-799B-914F-C1565E796173) Microsoft Office 2007 Suite Service Pack 1 (SP1) dla -> msiexec / package (90120000-001F-040C-0000-0000000FF1CE) / uninstall (430971B1-C31E-81E0-45DA-72C095BAB72C) Microsoft Office 2007 Suite Service Pack 1 (SP1) -> msiexec / package (90120000-001F-0416-0000-0000000FF1CE) / uninstall (669EB263-0AFE-4FCB-A068-DB082CA6273C) Microsoft Office 2007 Suite Service Pack 1 (SP1) -> msiexec / package (90120000-001F-0C0A-0000-0000000FF1CE) / uninstall (F7A31780-33C4-4E39-951A-5EC9B91D7BF1) Microsoft Office 2007 Suite Service Pack 1 (SP1) -> msiexec / package (90120000-0030-0000-0000-0000000FF1CE) / uninstall (BEE75E01-DD3F-4D5F-B96C-609E6538D419) Microsoft Office 2007 Suite Service Pack 1 (SP1) -> msiexec / package (90120000-006E-0C0A-0000-0000000FF1CE) / uninstall (35B14BD6-6042-4A55-B326-58309DC8C72A) Microsoft Office 2007 Suite Service Pack 1 (SP1) -> msiexec / package (90120000-00A1-0C0A-0000-0000000FF1CE) / uninstall (2CC8520D-6A74-4CCA-9539-8E774E2B50D1) Microsoft Office 2007 Suite Service Pack 1 (SP1) -> msiexec / package (90120000-00BA-0C0A-0000-0000000FF1CE) / uninstall (2CC8520D-6A74-4CCA-9539-8E774E2B50D1) 32 Bit HP CIO Składniki Installer -> msiexec.exe / i (F1E63043-54FC-429B-AB2C-31AF9FBA4BC7) Acrobat.com--> C: \ Archiwa de programa \ Archiwa comunes \ Adobe AIR \ Versions \ 1.0 \ Adobe AIR Application Installer.exe-uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 -Acrobat.com -> msiexec.exe / i (77DCDCE3-2DED-62F3-8154-05E745472D07) Actualización de seguridad para systemu Windows XP (KB923789) -> C: \ WINDOWS \ system32 \ Macromed \ Flash \ genuinst.exe C: \ WINDOWS \ system32 \ Macromed \ Flash \ KB923789.inf Actualización de seguridad para systemu Windows XP (KB950759 )-->" C: \ WINDOWS \ $ NtUninstallKB950759 $ \ spuninst \ spunin st.exe " Actualización de seguridad para systemu Windows XP (KB950760 )-->" C: \ WINDOWS \ $ NtUninstallKB950760 $ \ spuninst \ spunin st.exe " Actualización de seguridad para systemu Windows XP (KB950762 )-->" C: \ WINDOWS \ $ NtUninstallKB950762 $ \ spuninst \ spunin st.exe " Actualización de seguridad para systemu Windows XP (KB951376-v2 )-->" C: \ WINDOWS \ $ NtUninstallKB951376-v2 $ \ spuninst \ spuninst.exe " Actualización de seguridad para systemu Windows XP (KB951698 )-->" C: \ WINDOWS \ $ NtUninstallKB951698 $ \ spuninst \ spunin st.exe " Actualización de seguridad para systemu Windows XP (KB951748 )-->" C: \ WINDOWS \ $ NtUninstallKB951748 $ \ spuninst \ spunin st.exe " Actualización ust systemu Windows XP (KB898461 )-->" C: \ WINDOWS \ $ NtUninstallKB898461 $ \ spuninst \ spunin st.exe " Actualización ust systemu Windows XP (KB942763 )-->" C: \ WINDOWS \ $ NtUninstallKB942763 $ \ spuninst \ spunin st.exe " Actualización ust systemu Windows XP (KB951072-v2 )-->" C: \ WINDOWS \ $ NtUninstallKB951072-v2 $ \ spuninst \ spuninst.exe " Actualización ust systemu Windows XP (KB951978 )-->" C: \ WINDOWS \ $ NtUninstallKB951978 $ \ spuninst \ spunin st.exe " Adobe AIR -> msiexec.exe / i (197A3012-8C85-4FD3-AB66-9EC7E13DB92E) Adobe Flash Player 10 ActiveX -> C: \ WINDOWS \ system32 \ Macromed \ Flash \ uninstall_acti veX.exe Adobe Flash Player Plugin -> C: \ WINDOWS \ system32 \ Macromed \ Flash \ uninstall_plug in.exe Adobe Reader 9 -> msiexec.exe / i (AC76BA86-7AD7-1033-7B44-A90000000001) Apple Software Update -> msiexec.exe / i (02DFF6B1-1654-411C-8D7B-FD6052EF016F) Ares 2.0.9 -> "C: \ Archiwa de programa \ Ares \ uninstall.exe" AVIConverter 3.0 -> C: \ Archiwa de programa \ AVIConverter \ uninst.exe Barra Yahoo! con bloqueador de ventanas emergentes -> C: \ ARCHIV ~ 1 \ Yahoo! \ Common \ unyt.exe Broadcom 440x 10/100 Integrated Controller -> Msiexec.exe / X (612B9183-67A9-4B44-9877-2F059E35B86A) Broadcom WLAN -> C: \ Archiwa de programa \ InstallShield Installation Information \ (13191B3F-D711-4906-81B3-5C47E031B235) \ setup.exe-runfromtemp-l0x000a-removeonly Búsqueda en el de Escritório Windows 3.01 -> "C: \ WINDOWS \ $ NtUninstallKB917013 $ \ spuninst \ spunin st.exe" Canon Camera Access Library -> "C: \ Archiwa de programa \ Archiwa comunes \ Canon \ uiw \ 1.4.0.0 \ Uninst.exe" "C: \ Archiwa de programa \ Canon \ CAL \ Uninst.ini" Canon Camera Support Core Biblioteka -> "C: \ Archiwa de programa \ Archiwa comunes \ Canon \ uiw \ 1.4.0.0 \ Uninst.exe" "C: \ Archiwa de programa \ Canon \ CSCLIB \ Uninst.ini" Canon G.726 WMP-dekoder -> "C: \ Archiwa de programa \ Archiwa comunes \ Canon \ uiw \ 1.4.0.0 \ Uninst.exe" "C: \ Archiwa de programa \ Canon \ G726Decoder \ G726DecUnInstall.ini" Canon MovieEdit zadanie dla ZoomBrowser EX -> "C: \ Archiwa de programa \ Archiwa comunes \ Canon \ uiw \ 1.4.0.0 \ Uninst.exe" "C: \ Archiwa de programa \ Canon \ ZoomBrowser EX \ Program \ MVWUninst.ini " Canon RAW Image Task dla ZoomBrowser EX -> "C: \ Archiwa de programa \ Archiwa comunes \ Canon \ uiw \ 1.4.0.0 \ Uninst.exe" "C: \ Archiwa de programa \ Canon \ RAW Image Task \ Uninst.ini " Canon Utilities CameraWindow DC_DV 5 dla ZoomBrowser EX -> "C: \ Archiwa de programa \ Archiwa comunes \ Canon \ uiw \ 1.4.0.0 \ Uninst.exe" "C: \ Archiwa de programa \ Canon \ CameraWindow \ CameraWindowDVC \ uninst. ini " Canon Utilities CameraWindow DC_DV 6 dla ZoomBrowser EX -> "C: \ Archiwa de programa \ Archiwa comunes \ Canon \ uiw \ 1.4.0.0 \ Uninst.exe" "C: \ Archiwa de programa \ Canon \ CameraWindow \ CameraWindowDVC6 \ t Unins . ini " Canon Utilities CameraWindow DC -> "C: \ Archiwa de programa \ Archiwa comunes \ Canon \ uiw \ 1.4.0.0 \ Uninst.exe" "C: \ Archiwa de programa \ Canon \ CameraWindow \ CameraWindowDC \ uninst. Ini" Canon CameraWindow Narzędzia -> "C: \ Archiwa de programa \ Archiwa comunes \ Canon \ uiw \ 1.4.0.0 \ Uninst.exe" "C: \ Archiwa de programa \ Canon \ CameraWindow \ CameraWindowLauncher \ U ninst.ini" Canon EOS Utility Narzędzia -> "C: \ Archiwa de programa \ Archiwa comunes \ Canon \ uiw \ 1.4.0.0 \ Uninst.exe" "C: \ Archiwa de programa \ Canon \ EOS Utility \ Uninst.ini" Canon Utilities MyCamera DC -> "C: \ Archiwa de programa \ Archiwa comunes \ Canon \ uiw \ 1.4.0.0 \ Uninst.exe" "C: \ Archiwa de programa \ Canon \ CameraWindow \ MyCameraDC \ Uninst.ini" Canon MyCamera Narzędzia -> "C: \ Archiwa de programa \ Archiwa comunes \ Canon \ uiw \ 1.4.0.0 \ Uninst.exe" "C: \ Archiwa de programa \ Canon \ CameraWindow \ MyCamera \ Uninst.ini" Canon Utilities PhotoStitch -> "C: \ Archiwa de programa \ Archiwa comunes \ Canon \ uiw \ 1.4.0.0 \ Uninst.exe" "C: \ Archiwa de programa \ Canon \ PhotoStitch \ Uninst.ini" Canon Utilities RemoteCapture zadanie dla ZoomBrowser EX -> "C: \ Archiwa de programa \ Archiwa comunes \ Canon \ uiw \ 1.4.0.0 \ Uninst.exe" "C: \ Archiwa de programa \ Canon \ CameraWindow \ RemoteCaptureTask DC \ uninst. ini " Canon ZoomBrowser EX Narzędzia -> "C: \ Archiwa de programa \ Archiwa comunes \ Canon \ uiw \ 1.4.0.0 \ Uninst.exe" "C: \ Archiwa de programa \ Canon \ ZoomBrowser EX \ Program \ Uninst.ini" Canon ZoomBrowser EX Memory Card Utility -> "C: \ Archiwa de programa \ Archiwa comunes \ Canon \ uiw \ 1.4.0.0 \ Uninst.exe" "C: \ Archiwa de programa \ Canon \ ZoomBrowser EX MCU \ Uninst.ini" Chiński uproszczony Fonts Support For Adobe Reader 9 -> msiexec.exe / i (AC76BA86-7AD7-2447-0000-900000000003) Dell Mobile Broadband Card Utility -> Msiexec.exe / X (DF62D775-BB7C-4AFA-9CA4-DDA1C4855F28) Dell Wireless WLAN Card -> "C: \ Archiwa de programa \ Dell \ Dell Wireless WLAN Card \ bcmwlu00.exe" verbose / rootkey = "Software \ Broadcom \ 802.11 \ UninstallInfo" / rootdir = "C: \ Archiwa de programa \ Dell \ Dell Wireless WLAN Card " Diccionario Cambridge Klett Compact -> C: \ WINDOWS \ IsUn040a.exe-f "C: \ Archiwa de programa \ Cambridge \ ENS001CP \ Uninst.isu" Digital Camera Driver -> C: \ ARCHIV ~ 1 \ DIGITA ~ 2 \ UNWISE.EXE C: \ ARCHIV ~ 1 \ DIGITA ~ 2 \ INSTALL.LOG HijackThis 2.0.2 -> "C: \ Archiwa de programa \ Trend Micro \ HijackThis \ HijackThis.exe" / uninstall Poprawki dla systemu Microsoft. NET Framework 3.5 z dodatkiem SP1 (KB953595) -> C: \ WINDOWS \ system32 \ msiexec.exe / package (CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9) / uninstall / qb + REBOOTPROMPT = "" HP LaserJet 1150 / 1300 -> Msiexec.exe / x (1485B7CD-4CBD-4039-8EAE-5A22993D7F54) HP Officejet z serii J3500 -> C: \ Archiwa de programa \ HP \ Digital Imaging \ (B1D1B548-BD7D-40f9-80A4-A247E44BFCF4) \ setup \ hpzscr01.exe-datfile hpwscr15.dat HP Smart Web Printing -> Msiexec.exe / X (415CDA53-9100-476F-A7B2-476691E117C7) HP Update -> Msiexec.exe / X (8C6027FD-53DC-446D-BB75-CACD7028A134) Intel (R) Graphics Media Accelerator Driver for Mobile -> RUNDLL32.EXE C: \ WINDOWS \ system32 \ ialmrem.dll, UninstallW2KIGfx2I D PCI \ VEN_8086 & DEV_2792 PCI \ VEN_8086 & DEV_2592 InterVideo MediaOne Gallery -> Rundll32 C: \ ARCHIV ~ 1 \ ARCHIV ~ 1 \ INSTAL ~ 1 \ engine \ 6 \ INTEL3 ~ 1 \ CT or.dll, LaunchSetup "C: \ Archiwa de programa \ InstallShield Installation Information \ (34F0D55F -C386-4195-9A5B-961D3F6ACD46) \ setup.exe "REMOVEALL Java (TM) 6 Update 10 -> Msiexec.exe / X (26A24AE4-039D-4CA4-87B4-2F83216010FF) Java (TM) 6 Update 7 -> msiexec.exe / i (3248F0A8-6813-11D6-A77B-00B0D0160070) Kaspersky Anti-Virus 2009 -> msiexec.exe / i (6580C5A3-2336-4EC5-85F1-3448C5F6208A) Kaspersky Anti-Virus 2009 -> msiexec.exe / i (6580C5A3-2336-4EC5-85F1-3448C5F6208A) Malwarebytes' Anti-Malware -> "C: \ Archiwa de programa \ Malwarebytes' Anti-Malware \ unins000.exe" Microsoft. NET Framework 2.0 Service Pack 2 dla pakietu języka - ESN -> msiexec.exe / i (85AC0FFA-643D-3103-9310-7086ECB0C36C) Microsoft. NET Framework 2.0 z dodatkiem Service Pack 2 -> msiexec.exe / i (C09FB3CD-3D0C-899A-3F2D-6A1D67F2073F) Microsoft. NET Framework 3.0 Service Pack 2 dla pakietu języka - ESN -> msiexec.exe / i (BDEDB104-4067-3D5E-81F0-DBEBFE856B45) Microsoft. NET Framework 3.0 z dodatkiem Service Pack 2 -> msiexec.exe / i (A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7) Microsoft. NET Framework 3.5 Language Pack SP1 - ESN -> msiexec.exe / i (92E4A65F-7007-3357-A69A-167F71A337BD) Microsoft. NET Framework 3.5 z dodatkiem SP1 -> C: \ WINDOWS \ Microsoft.NET \ Framework \ v3.5 \ Microso stóp. NET Framework 3.5 z dodatkiem SP1 \ setup.exe Microsoft. NET Framework 3.5 z dodatkiem SP1 -> msiexec.exe / i (CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9) Microsoft zinternacjonalizowany Domeny Łagodzenie API -> "C: \ WINDOWS \ $ NtServicePackUninstallIDNMitigationA PIS $ \ spuninst \ spuninst.exe" Microsoft National Language Support Downlevel API -> "C: \ WINDOWS \ $ NtServicePackUninstallNLSDownlevelMa pping $ \ spuninst \ spuninst.exe" Microsoft Office Access MUI (Hiszpania) 2007 -> Msiexec.exe / X (90120000-0015-0C0A-0000-0000000FF1CE) Microsoft Office Enterprise 2007 -> "C: \ Archiwa de programa \ Archiwa comunes \ Microsoft Shared \ Office12 \ Office Setup Controller \ setup.exe" / uninstall ENTERPRISE / dll OSETUP.DLL Microsoft Office Enterprise 2007 -> Msiexec.exe / X (90120000-0030-0000-0000-0000000FF1CE) Microsoft Office Excel MUI (Hiszpania) 2007 -> Msiexec.exe / X (90120000-0016-0C0A-0000-0000000FF1CE) Microsoft Office Groove MUI (Hiszpania) 2007 -> Msiexec.exe / X (90120000-00BA-0C0A-0000-0000000FF1CE) Microsoft Office InfoPath MUI (Hiszpania) 2007 (Beta) -> Msiexec.exe / X (30120000-0044-0C0A-0000-0000000FF1CE) Microsoft Office OneNote MUI (Hiszpania) 2007 -> Msiexec.exe / X (90120000-00A1-0C0A-0000-0000000FF1CE) Microsoft Office Outlook MUI (Hiszpania) 2007 -> Msiexec.exe / X (90120000-001A-0C0A-0000-0000000FF1CE) Microsoft Office PowerPoint MUI (Hiszpania) 2007 -> Msiexec.exe / X (90120000-0018-0C0A-0000-0000000FF1CE) Microsoft Office Proof (baskijski) 2007 -> Msiexec.exe / X (90120000-001F-042D-0000-0000000FF1CE) Microsoft Office Proof (Polish) 2007 -> Msiexec.exe / X (90120000-001F-0403-0000-0000000FF1CE) Microsoft Office Proof (English) 2007 -> Msiexec.exe / X (90120000-001F-0409-0000-0000000FF1CE) Microsoft Office Proof (Francja) 2007 -> Msiexec.exe / X (90120000-001F-040C-0000-0000000FF1CE) Microsoft Office Proof (Galicji) 2007 -> Msiexec.exe / X (90120000-001F-0456-0000-0000000FF1CE) Microsoft Office Proof (portugalski (Brazylia)) 2007 -> Msiexec.exe / X (90120000-001F-0416-0000-0000000FF1CE) Microsoft Office Proof (Hiszpania) 2007 -> Msiexec.exe / X (90120000-001F-0C0A-0000-0000000FF1CE) Microsoft Office XP Proofing (Hiszpania) 2007 -> Msiexec.exe / X (90120000-002C-0C0A-0000-0000000FF1CE) Microsoft Office Publisher MUI (Hiszpania) 2007 -> Msiexec.exe / X (90120000-0019-0C0A-0000-0000000FF1CE) Microsoft Office Shared MUI (Hiszpania) 2007 -> Msiexec.exe / X (90120000-006E-0C0A-0000-0000000FF1CE) Microsoft Office Word MUI (Hiszpania) 2007 -> Msiexec.exe / X (90120000-001B-0C0A-0000-0000000FF1CE) Microsoft Visual C + + 2005 Redistributable -> Msiexec.exe / X (7299052b-02a4-4627-81f2-1818da5d550d) Mozilla Firefox (2.0.0.18) -> C: \ Archiwa de programa \ Mozilla Firefox \ uninstall \ helper.exe Mozilla Thunderbird (2.0.0.18) -> C: \ Archiwa de programa \ Mozilla Thunderbird \ uninstall \ helper.exe MSN -> C: \ Archiwa de programa \ MSN \ MsnInstaller \ msninst.exe / Działanie: ARP MSXML 4.0 SP2 (KB936181) -> msiexec.exe / i (C04E32E0-0416-434D-AFB9-6969D703A9EF) OpenOffice.org 3.0 -> msiexec.exe / i (F44DA61E-720D-4E79-871F-F6E628B33242) Pakietu de idioma de Microsoft. NET Framework 3.5 z dodatkiem SP1 - ESN -> C: \ WINDOWS \ Microsoft.NET \ Framework \ v3.5 \ Microso stóp. NET Framework 3.5 Language Pack SP1 - ESN \ setup.exe QuickTime -> msiexec.exe / i (08CA9554-B5FE-4313-938F-D4A417B81175) Weryfikacja ust systemu Windows XP (KB952287 )-->" C: \ WINDOWS \ $ NtUninstallKB952287 $ \ spuninst \ spunin st.exe " Aktualizacja zabezpieczeń dla programu Excel 2007 (KB946974) -> msiexec / package (90120000-0030-0000-0000-0000000FF1CE) / uninstall (85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E) Aktualizacja zabezpieczeń dla programu Microsoft Office Publisher 2007 (KB950114) -> msiexec / package (90120000-0030-0000-0000-0000000FF1CE) / uninstall (F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85) Aktualizacja zabezpieczeń dla systemu Microsoft Office 2007 (KB951808) -> msiexec / package (90120000-0030-0000-0000-0000000FF1CE) / uninstall (8F375E11-4FD6-4B89-9E2B-A76D48B51E00) Aktualizacja zabezpieczeń dla programu Microsoft Office Word 2007 (KB950113) -> msiexec / package (90120000-0030-0000-0000-0000000FF1CE) / uninstall (AD72BABE-C733-4FCF-9674-4314466191B9) Aktualizacja zabezpieczeń dla pakietu Office 2007 (KB947801) -> msiexec / package (90120000-0030-0000-0000-0000000FF1CE) / uninstall (02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E) SigmaTel Audio -> Rundll32 C: \ ARCHIV ~ 1 \ ARCHIV ~ 1 \ INSTAL ~ 1 \ zawodowej ~ 1 \ RunTime \ 10 \ 01 \ Intel32 \ Ctor.dll, LaunchSetup "C: \ Archiwa de programa \ InstallShield Installation Information \ (A462213D-EED4-42C2-9A60-7BDD4D4B0B17) \ setup.exe "-l0xa-remove-removeonly Skype ™ 3.8 -> Msiexec.exe / X (5C82DAE5-6EB0-4374-9254-BE3319BA4E82) Synaptics Pointing Device Driver -> rundll32.exe "C: \ Archiwa de programa \ Synaptics \ SynTP \ SynISDLL.dll", standAloneU ninstall Uniblue DriverScanner 2009 -> "C: \ Documents and Settings \ All Users.WINDOWS \ Datos de programa \ (D5ABFFAD-D592-4F98-B02B-587125B4801F) \ DriverScanner_Setup.exe" REMOVE = TRUE MODIFY = FALSE Uniblue DriverScanner 2009 -> C: \ Documents and Settings \ All Users.WINDOWS \ Datos de programa \ (D5ABFFAD-D592-4F98-B02B-587125B4801F) \ DriverScanner_Setup.exe Uniblue RegistryBooster 2009 -> "C: \ Documents and Settings \ All Users.WINDOWS \ Datos de programa \ (B46E1EF5-0B37-4DB4-A4E2-9F2B41036185) \ Uniblue RegistryBooster.exe" REMOVE = TRUE MODIFY = FALSE Uniblue RegistryBooster 2009 -> C: \ Documents and Settings \ All Users.WINDOWS \ Datos de programa \ (B46E1EF5-0B37-4DB4-A4E2-9F2B41036185) \ Uniblue RegistryBooster.exe Uniblue SpeedUpMyPC 2009 -> "C: \ Documents and Settings \ All Users.WINDOWS \ Datos de programa \ (51019853-129c-4EDE-9030-D5FD7BBD9AD0) \ SpeedUpMyPC.exe" REMOVE = TRUE MODIFY = FALSE Uniblue SpeedUpMyPC 2009 -> C: \ Documents and Settings \ All Users.WINDOWS \ Datos de programa \ (51019853-129c-4EDE-9030-D5FD7BBD9AD0) \ SpeedUpMyPC.exe Unlocker 1.8.7 -> C: \ Archiwa de programa \ Unlocker \ uninst.exe Aktualizacja dla programu Microsoft Office Outlook 2007 (KB952142) -> msiexec / package (90120000-0030-0000-0000-0000000FF1CE) / uninstall (4AD3A076-427C-491F-A5B7-7D1DE788A756) Aktualizacja dla pakietu Office 2007 (KB946691) -> msiexec / package (90120000-0030-0000-0000-0000000FF1CE) / uninstall (A420F522-7395-4872-9882-C591B4B92278) Aktualizacja dla programu Outlook 2007 Junk Email Filter (kb953463) -> msiexec / package (90120000-0030-0000-0000-0000000FF1CE) / uninstall (1B78D541-9FF1-4330-ADD8-CED14F0C1E8E) Winamp -> "C: \ Archiwa de programa \ Winamp \ UninstWA.exe" Windows Live Asistente para el inicio de sesión -> msiexec.exe / i (AFA4E5FD-ED70-4D92-99D0-162FD56DC986) Windows Live instalatora -> Msiexec.exe / X (9E1DDBE7-BF44-4AC8-87CA-3D25FC63C6E1) Windows Live Messenger -> Msiexec.exe / X (FC411B47-30BF-428C-9C1E-F6C54A94EA7E) Windows Media Format Runtime -> "C: \ Archiwa de programa \ Windows Media Player \ wmsetsdk.exe" / UninstallAll WinRAR archiwizatora -> C: \ Archiwa de programa \ WinRAR \ uninstall.exe Specyfikacja XML Księga Shared Components Language Pack 1.0 -> "C: \ WINDOWS \ $ NtUninstallXPSEPSCLP $ \ spuninst \ spuni nst.exe" Yahoo! Messenger -> C: \ ARCHIV ~ 1 \ Yahoo! \ Messenger \ UNWISE.EXE / UC: \ ARCHIV ~ 1 \ Yahoo! \ Messenger \ INSTALL.LOG HijackThis Backups ===== ===== O23 - Service: Zumie Search Service - Unknown owner - C: \ Archiwa de programa \ Zumie \ zumie.exe (plik brakuje) ====== ====== Pliku Hosts 127.0.0.1 localhost ====== ====== Bezpieczeństwa centrum informacji AV: Kaspersky Anti-Virus (przestarzałe) Zmienne środowiskowe ====== ====== "ComSpec" =% SystemRoot% \ system32 \ cmd.exe "Path" =% SystemRoot% \ system32;% SystemRoot%; SystemR oot%% \ System32 \ Wbem, C: \ Archiwa de programa \ QuickTime \ QTSystem \ "windir" =% SystemRoot% "FP_NO_HOST_CHECK" = NO "OS" = Windows_NT "PROCESSOR_ARCHITECTURE" = x86 "PROCESSOR_LEVEL" = 6 "PROCESSOR_IDENTIFIER" = x86 Family 6 Model 13 Stepping 8, GenuineIntel "PROCESSOR_REVISION" = 0d08 "NUMBER_OF_PROCESSORS" = 1 "PATHEXT" =. COM;. EXE,. BAT,. CMD;. VBS;. VBE;. JS;. Jse;. WSF;. WSH "TEMP" =% SystemRoot% \ TEMP "TMP" =% SystemRoot% \ TEMP "CLASSPATH" =.; C: \ Archiwa de programa \ QuickTime \ QTSystem \ QTJava.zip "QTJAVA" = C: \ Archiwa de programa \ QuickTime \ QTSystem \ QTJava.zip ----------------- EOF ----------------- |
|
#9
29 listopada 2008, 08:12
| |||
| |||
| Heur Trojan Generic Malwarebytes' Anti-Malware 1.30 Baza wersji: 1433 Windows 5.1.2600 Service Pack 3 29/11/2008 10:55:13 pm mbam-log-2008-11-29 (22-55-13). txt Scan type: Quick Scan Obiekty skanowane: 68095 Czas odtwarzania: 10 minut (y), 45 sekund (y) Memory Processes Infected: 0 Memory Modules Infected: 1 Zainfekowane klucze rejestru: 11 Zainfekowane wartości rejestru: 0 Danych Rejestru przedmioty Infected: 2 Foldery Infected: 11 Zainfekowanych plików: 28 Memory Processes Infected: (Nie wykryto złośliwego pozycji) Memory Modules Infected: C: \ WINDOWS \ system32 \ ljJyVnom.dll (Trojan.Vundo.H) -> Delete na ponowne uruchomienie komputera. Zainfekowane klucze rejestru: HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (459f140e-1635-41de-8061-8de0ab740e28) (Trojan.Vundo.H) -> Delete na ponowne uruchomienie komputera. HKEY_CLASSES_ROOT \ CLSID \ (459f140e-1635-41de-8061-8de0ab740e28) (Trojan.Vundo.H) -> Delete na ponowne uruchomienie komputera. HKEY_CLASSES_ROOT \ Interface \ (48e92754-2daf-4de4-8385-34f631580e9b) (Trojan.FakeAlert) -> kwarantannie i usunięte pomyślnie. HKEY_CLASSES_ROOT \ Interface \ (a1c23ba2-8F20-4c01-b663-7ff2b3421194) (Trojan.FakeAlert) -> kwarantannie i usunięte pomyślnie. HKEY_CLASSES_ROOT \ CLSID \ (d37d6c1a-7ba4-47f4-9bf2-75031e257df6) (Trojan.FakeAlert) -> kwarantannie i usunięte pomyślnie. HKEY_CLASSES_ROOT \ TypeLib \ (84562fca-ee8b-4585-a1d1-eae97b23370e) (Trojan.FakeAlert) -> kwarantannie i usunięte pomyślnie. HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Ext \ Stats \ (098716a9-0310-4cbe-bd64-b790a9761158) (Trojan.FakeAlert) -> kwarantannie i usunięte pomyślnie. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ contim (Trojan.Vundo) -> kwarantannie i usunięte pomyślnie. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ rdfa (Trojan.Vundo) -> kwarantannie i usunięte pomyślnie. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ FCOVM (Trojan.Vundo) -> kwarantannie i usunięte pomyślnie. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ RemoveRP (Trojan.Vundo) -> kwarantannie i usunięte pomyślnie. Zainfekowane wartości rejestru: (Nie wykryto złośliwego pozycji) Danych Rejestru przedmioty Infected: HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ contro l \ LSA \ Notification Packages (Trojan.Vundo.H) -> Data: c: \ windows \ system32 \ ljjyvnom -> kwarantannie i usunięte pomyślnie. HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ contro l \ LSA \ Authentication Packages (Trojan.Vundo.H) -> Data: c: \ windows \ system32 \ ljjyvnom -> Usuń w reboot. Foldery Infected: C: \ Documents and Settings \ TrackerVsrGroup \ Datos de programa \ rhcvllj0e32r (Rogue.Multiple) -> kwarantannie i usunięte pomyślnie. C: \ Documents and Settings \ TrackerVsrGroup \ Datos de programa \ rhcvllj0e32r \ Quarantine (Rogue.Multiple) -> kwarantannie i usunięte pomyślnie. C: \ Documents and Settings \ TrackerVsrGroup \ Datos de programa \ rhcvllj0e32r \ Quarantine \ Autorun (Rogue.Multiple) -> kwarantannie i usunięte pomyślnie. C: \ Documents and Settings \ TrackerVsrGroup \ Datos de programa \ rhcvllj0e32r \ Quarantine \ Autorun \ HKCU (Rogue.Multiple) -> kwarantannie i usunięte pomyślnie. C: \ Documents and Settings \ TrackerVsrGroup \ Datos de programa \ rhcvllj0e32r \ Quarantine \ Autorun \ HKCU \ Runo nce (Rogue.Multiple) -> kwarantannie i usunięte pomyślnie. C: \ Documents and Settings \ TrackerVsrGroup \ Datos de programa \ rhcvllj0e32r \ Quarantine \ Autorun \ HKLM (Rogue.Multiple) -> kwarantannie i usunięte pomyślnie. C: \ Documents and Settings \ TrackerVsrGroup \ Datos de programa \ rhcvllj0e32r \ Quarantine \ Autorun \ HKLM \ Runo nce (Rogue.Multiple) -> kwarantannie i usunięte pomyślnie. C: \ Documents and Settings \ TrackerVsrGroup \ Datos de programa \ rhcvllj0e32r \ Quarantine \ Autorun \ StartMenu ALLUSERS (Rogue.Multiple) -> kwarantannie i usunięte pomyślnie. C: \ Documents and Settings \ TrackerVsrGroup \ Datos de programa \ rhcvllj0e32r \ Quarantine \ Autorun \ StartMenu CurrentUser (Rogue.Multiple) -> kwarantannie i usunięte pomyślnie. C: \ Documents and Settings \ TrackerVsrGroup \ Datos de programa \ rhcvllj0e32r \ Quarantine \ BrowserObjects (Rogue.Multiple) -> kwarantannie i usunięte pomyślnie. C: \ Documents and Settings \ TrackerVsrGroup \ Datos de programa \ rhcvllj0e32r \ Quarantine \ Packages (Rogue.Multiple) -> kwarantannie i usunięte pomyślnie. Zainfekowane pliki: C: \ WINDOWS \ system32 \ ljJyVnom.dll (Trojan.Vundo.H) -> Delete na ponowne uruchomienie komputera. C: \ WINDOWS \ system32 \ monVyJjl.ini (Trojan.Vundo.H) -> Delete na ponowne uruchomienie komputera. C: \ WINDOWS \ system32 \ monVyJjl.ini2 (Trojan.Vundo.H) -> kwarantannie i usunięte pomyślnie. C: \ WINDOWS \ system32 \ egurvpxu.dll (Trojan.Vundo.H) -> kwarantannie i usunięte pomyślnie. C: \ WINDOWS \ system32 \ uxpvruge.ini (Trojan.Vundo.H) -> kwarantannie i usunięte pomyślnie. C: \ WINDOWS \ system32 \ ioodgsis.dll (Trojan.Vundo.H) -> kwarantannie i usunięte pomyślnie. C: \ WINDOWS \ system32 \ sisgdooi.ini (Trojan.Vundo.H) -> kwarantannie i usunięte pomyślnie. C: \ WINDOWS \ system32 \ olcxvcls.dll (Trojan.Vundo.H) -> kwarantannie i usunięte pomyślnie. C: \ WINDOWS \ system32 \ slcvxclo.ini (Trojan.Vundo.H) -> kwarantannie i usunięte pomyślnie. C: \ WINDOWS \ system32 \ qxxiopls.dll (Trojan.Vundo.H) -> kwarantannie i usunięte pomyślnie. C: \ WINDOWS \ system32 \ slpoixxq.ini (Trojan.Vundo.H) -> kwarantannie i usunięte pomyślnie. C: \ WINDOWS \ system32 \ tlpvqfqf.dll (Trojan.Vundo.H) -> kwarantannie i usunięte pomyślnie. C: \ WINDOWS \ system32 \ fqfqvplt.ini (Trojan.Vundo.H) -> kwarantannie i usunięte pomyślnie. C: \ WINDOWS \ system32 \ yqbfrwpg.dll (Trojan.Vundo.H) -> kwarantannie i usunięte pomyślnie. C: \ WINDOWS \ system32 \ gpwrfbqy.ini (Trojan.Vundo.H) -> kwarantannie i usunięte pomyślnie. C: \ WINDOWS \ system32 \ geBqRhEv.dll (Trojan.Vundo) -> kwarantannie i usunięte pomyślnie. C: \ WINDOWS \ system32 \ jkkKbxWp.dll (Trojan.Vundo) -> kwarantannie i usunięte pomyślnie. C: \ Recycler \ S-1-5-21-230849927-757894242-3647583486-1006 \ Dc339.exe (Adware.Seekmo) -> kwarantannie i usunięte pomyślnie. C: \ Recycler \ S-1-5-21-230849927-757894242-3647583486-1006 \ Dc340.exe (Adware.Seekmo) -> kwarantannie i usunięte pomyślnie. C: \ Recycler \ S-1-5-21-230849927-757894242-3647583486-1006 \ Dc343.exe (Adware.Seekmo) -> kwarantannie i usunięte pomyślnie. C: \ Archiwa de programa \ Mozilla Firefox \ regxpcom.exe (Trojan.FBrowsingAdvisor) -> kwarantannie i usunięte pomyślnie. C: \ Documents and Settings \ TrackerVsrGroup \ Configuración lokalne \ Temp \ nsp116.tmp \ blowfish.dll (Trojan.FakeAlert) -> kwarantannie i usunięte pomyślnie. C: \ Documents and Settings \ TrackerVsrGroup \ Escritório \ Antivirus XP 2008.lnk (Rogue.Antivirus) -> kwarantannie i usunięte pomyślnie. C: \ Documents and Settings \ All Users \ Escritório \ Antivirus XP 2008.lnk (Rogue.Antivirus) -> kwarantannie i usunięte pomyślnie. C: \ Documents and Settings \ TrackerVsrGroup \ Datos de programa \ Microsoft \ Internet Explorer \ Quick Launch \ Antivirus XP 2008.lnk (Rogue.Antivirus2008) -> kwarantannie i usunięte pomyślnie. C: \ Documents and Settings \ TrackerVsrGroup \ Datos de programa \ Microsoft \ Internet Explorer \ Quick Launch \ Antivirus-2008pro.lnk (Rogue.Antivirus2008) -> kwarantannie i usunięte pomyślnie. C: \ Documents and Settings \ Mauricio \ Configuración lokalne \ Temp \ lwpwer.exe (Trojan.FakeAlert) -> kwarantannie i usunięte pomyślnie. C: \ Documents and Settings \ TrackerVsrGroup \ Escritório \ SystemDefender. Lnk (Rogue.SystemDefender) -> kwarantannie i usunięte pomyślnie. |
|
#10
29 listopada 2008, 08:14
| |||
| |||
| Heur Trojan Generic Cóż, istnieją 3 dzienniki, jak żądanie, daj mi znać, jeśli coś jeszcze do zrobienia. I dzięki bardzo za pomoc i czas. I really appreciate it. Kathy. |
|
| |
| Zakładki |
Podobne wątki | ||||
| Wątek | Thread Starter | Forum | Odpowiedzi | Ostatni Post |
| Problem z Trojan Horse Downloader Generic 9 | OGB | Wirusów, oprogramowania szpiegującego i Bezpieczeństwa | 7 | 21 listopada 2009 13:06 |
| Zakażonych MultiPacked.Multi.Generic Malware! | ruffryder2k7 | Wirusów, oprogramowania szpiegującego i Bezpieczeństwa | 12 | 26 cze 2009 19:26 |
| Trojan.vundo.h, trojan.agent, adware.mirar + MORE! : ( | sillyarfer | Wirusów, oprogramowania szpiegującego i Bezpieczeństwa | 1 | 14 grudnia 2008 09:59 |
| Zakażonych Heur.trojan.generic Proszę Pomoc | ruffryder2k7 | Wirusów, oprogramowania szpiegującego i Bezpieczeństwa | 17 | 6 listopad 2008 10:39 |
| Czy jesteś w stanie synchronizacji ogólnej odtwarzacz mp3 [nie iPoda] z iTunes? | reyrey_angulo | Dźwięk, głośniki i odtwarzacze MP3 | 1 | 18 marca 2007 15:39 |
| Narzędzia wątku | |
| |
