AntiVormis i co dalej? Komputer bardzo wolno działa.

nataniel napisał:

komputer chociać Core2 Duo to chodzi mi jak moje statre poczciwe PII 300 MHz. Co zrobic? Jak temu zaradzić?

nataniel napisał:

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

nataniel napisał:

O21 - SSODL: buprestidae - {b59f3ba4-98da-4b5f-8a2d-7b56fb11140b} - C:\WINDOWS\system32\cthkpcv.dll

nataniel napisał:

No a co z tym AntiVormisem i ciagle pojawiającym sie SYSTEM ALERT ! ?[...]

Cytat:

Logfile of HijackThis v1.99.1
Scan saved at 02:57:27, on 2006-12-24
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files (D)\HP Deskjet\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\Program Files (D)\Norton Ghost 10.0\Agent\GhostTray.exe
D:\Program Files (D)\Adobe\Album Starter 3.0\3.0\Apps\apdproxy.exe
C:\Program Files\QuickTime\qttask.exe
D:\Program Files (D)\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\GEARSec.exe
D:\Program Files (D)\Nero 7\InCD\InCDsrv.exe
D:\Program Files (D)\Nero 7\InCD\InCD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
D:\Program Files (D)\Norton Ghost 10.0\Agent\VProSvc.exe
D:\Program Files (D)\HP Deskjet\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
D:\Program Files (D)\HP Deskjet\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\svchost.exe
D:\Program Files (D)\HP Deskjet\Digital Imaging\Product Assistant\bin\hprblog.exe
D:\Downloads\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files (D)\Adobe\Acrobat 7.0.8\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files (D)\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] D:\Program Files (D)\HP Deskjet\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\aVAST\ashDisp.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Norton Ghost 10.0] "D:\Program Files (D)\Norton Ghost 10.0\Agent\GhostTray.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Program Files (D)\Adobe\Album Starter 3.0\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files (D)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] D:\Program Files (D)\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WinClock] D:\Program Files (D)\WinClock Biz\winclock.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files (D)\Adobe\Acrobat 7.0.8\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files (D)\HP Deskjet\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\PROGRA~1\MSOFFI~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MSOFFI~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) - https://www.bph.pl/sezam/components/SignActivX.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Skype\Plugin Manager\Skype4COM.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Program Files (D)\aVAST\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - D:\Program Files (D)\aVAST\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Program Files (D)\aVAST\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files (D)\aVAST\ashWebSv.exe" /service (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - D:\Program Files (D)\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Mediabee (MBXmlRpc) - Unknown owner - D:\Program Files (D)\MediaBee\src\py\dist\MediabeeService.exe (file missing)
O23 - Service: Norton Ghost - Symantec Corporation - D:\Program Files (D)\Norton Ghost 10.0\Agent\VProSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

nataniel napisał:

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

Cytat:

"Silent Runners.vbs", revision 49, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = ""C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"" ["Nero AG"]
"WinClock" = "D:\Program Files (D)\WinClock Biz\winclock.exe" [file not found]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"SkyTel" = "SkyTel.EXE" ["Realtek Semiconductor Corp."]
"RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."]
"Alcmtr" = "ALCMTR.EXE" ["Realtek Semiconductor Corp."]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]
"HP Software Update" = "D:\Program Files (D)\HP Deskjet\HP Software Update\HPWuSchd2.exe" ["Hewlett-Packard Co."]
"avast!" = "D:\PROGRA~1\aVAST\ashDisp.exe" [null data]
"ccApp" = ""C:\Program Files\Common Files\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]
"Norton Ghost 10.0" = ""D:\Program Files (D)\Norton Ghost 10.0\Agent\GhostTray.exe"" ["Symantec Corporation"]
"Adobe Photo Downloader" = ""D:\Program Files (D)\Adobe\Album Starter 3.0\3.0\Apps\apdproxy.exe"" ["Adobe Systems Incorporated"]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"iTunesHelper" = ""D:\Program Files (D)\iTunes\iTunesHelper.exe"" ["Apple Computer, Inc."]
"NeroFilterCheck" = "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" ["Nero AG"]
"InCD" = "D:\Program Files (D)\Nero 7\InCD\InCD.exe" ["Nero AG"]
"KernelFaultCheck" = "C:\WINDOWS\system32\dumprep 0 -k"

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
\InProcServer32\(Default) = "D:\Program Files (D)\Adobe\Acrobat 7.0.8\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "D:\Program Files (D)\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{3028902F-6374-48b2-8DC6-9725E775B926}" = "IE Microsoft AutoComplete"
-> {HKLM...CLSID} = "IE Microsoft AutoComplete"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{EFA24E62-B078-11d0-89E4-00C04FC9E26E}" = "History Band"
-> {HKLM...CLSID} = "History Band"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "D:\Program Files (D)\aVAST\ashShell.dll" ["ALWIL Software"]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "D:\Program Files (D)\Ms Office 2003\OFFICE11\msohev.dll" [MS]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "D:\Program Files (D)\WinRAR\rarext.dll" [null data]
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
-> {HKLM...CLSID} = "iTunes"
\InProcServer32\(Default) = "D:\Program Files (D)\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."]

Cytat:

"Silent Runners.vbs", revision 49, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = ""C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"" ["Nero AG"]
"WinClock" = "D:\Program Files (D)\WinClock Biz\winclock.exe" [file not found]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"SkyTel" = "SkyTel.EXE" ["Realtek Semiconductor Corp."]
"RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."]
"Alcmtr" = "ALCMTR.EXE" ["Realtek Semiconductor Corp."]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]
"HP Software Update" = "D:\Program Files (D)\HP Deskjet\HP Software Update\HPWuSchd2.exe" ["Hewlett-Packard Co."]
"avast!" = "D:\PROGRA~1\aVAST\ashDisp.exe" [null data]
"ccApp" = ""C:\Program Files\Common Files\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]
"Norton Ghost 10.0" = ""D:\Program Files (D)\Norton Ghost 10.0\Agent\GhostTray.exe"" ["Symantec Corporation"]
"Adobe Photo Downloader" = ""D:\Program Files (D)\Adobe\Album Starter 3.0\3.0\Apps\apdproxy.exe"" ["Adobe Systems Incorporated"]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"iTunesHelper" = ""D:\Program Files (D)\iTunes\iTunesHelper.exe"" ["Apple Computer, Inc."]
"NeroFilterCheck" = "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" ["Nero AG"]
"InCD" = "D:\Program Files (D)\Nero 7\InCD\InCD.exe" ["Nero AG"]
"KernelFaultCheck" = "C:\WINDOWS\system32\dumprep 0 -k"

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
\InProcServer32\(Default) = "D:\Program Files (D)\Adobe\Acrobat 7.0.8\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "D:\Program Files (D)\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{3028902F-6374-48b2-8DC6-9725E775B926}" = "IE Microsoft AutoComplete"
-> {HKLM...CLSID} = "IE Microsoft AutoComplete"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{EFA24E62-B078-11d0-89E4-00C04FC9E26E}" = "History Band"
-> {HKLM...CLSID} = "History Band"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "D:\Program Files (D)\aVAST\ashShell.dll" ["ALWIL Software"]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "D:\Program Files (D)\Ms Office 2003\OFFICE11\msohev.dll" [MS]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "D:\Program Files (D)\WinRAR\rarext.dll" [null data]
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
-> {HKLM...CLSID} = "iTunes"
\InProcServer32\(Default) = "D:\Program Files (D)\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."]

HKLM\Software\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "D:\Program Files (D)\Adobe\Acrobat 7.0.8\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "D:\Program Files (D)\aVAST\ashShell.dll" ["ALWIL Software"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "D:\Program Files (D)\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "D:\Program Files (D)\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "D:\Program Files (D)\aVAST\ashShell.dll" ["ALWIL Software"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "D:\Program Files (D)\WinRAR\rarext.dll" [null data]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Łukasz Klima.KLIMIKA\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"


Startup items in "Łukasz Klima" & "All Users" startup folders:
--------------------------------------------------------------

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
"Adobe Gamma Loader.exe" -> shortcut to: "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]
"Adobe Reader Speed Launch" -> shortcut to: "D:\Program Files (D)\Adobe\Acrobat 7.0.8\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]
"HP Digital Imaging Monitor" -> shortcut to: "D:\Program Files (D)\HP Deskjet\Digital Imaging\bin\hpqtra08.exe" ["Hewlett-Packard Co."]


Enabled Scheduled Tasks:
------------------------

"AppleSoftwareUpdate" -> launches: "C:\Program Files\Apple Software Update\SoftwareUpdate.exe -Task" ["Apple Computer, Inc."]
"HPpromotions journeysoftware" -> launches: "C:\Program Files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe /N "journeysoftware" -r" ["hp"]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 11
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Explorer Bars

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\

HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Badanie"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "D:\PROGRA~1\MSOFFI~1\OFFICE11\REFIEBAR.DLL" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Badanie"

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

.NET Runtime Optimization Service v2.0.50727_X86, clr_optimization_v2.0.50727_32, "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe" [MS]
avast! Antivirus, avast! Antivirus, ""D:\Program Files (D)\aVAST\ashServ.exe"" [null data]
avast! iAVS4 Control Service, aswUpdSv, ""D:\Program Files (D)\aVAST\aswUpdSv.exe"" [null data]
avast! Mail Scanner, avast! Mail Scanner, ""D:\Program Files (D)\aVAST\ashMaiSv.exe" /service" ["ALWIL Software"]
avast! Web Scanner, avast! Web Scanner, ""D:\Program Files (D)\aVAST\ashWebSv.exe" /service" ["ALWIL Software"]
GEARSecurity, GEARSecurity, "C:\WINDOWS\System32\GEARSec.exe" ["GEAR Software"]
InCD Helper, InCDsrv, "D:\Program Files (D)\Nero 7\InCD\InCDsrv.exe" ["Nero AG"]
iPod Service, iPod Service, ""C:\Program Files\iPod\bin\iPodService.exe"" ["Apple Computer, Inc."]
Norton Ghost, Norton Ghost, "D:\Program Files (D)\Norton Ghost 10.0\Agent\VProSvc.exe" ["Symantec Corporation"]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
Pml Driver HPZ12, Pml Driver HPZ12, "C:\WINDOWS\system32\HPZipm12.exe" ["HP"]
Symantec Event Manager, ccEvtMgr, ""C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"]
Symantec Settings Manager, ccSetMgr, ""C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"" ["Symantec Corporation"]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]


Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]
PCL Language Monitor\Driver = "hpz3l3xu.dll" ["Hewlett-Packard Company"]


----------
<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 35 seconds, including 18 seconds for message boxes)

Cytat:

SmitFraudFix v2.131

Scan done at 11:20:27,17, 2006-12-24
Run from C:\Documents and Settings\ťukasz Klima.KLIMIKA\Pulpit\SmitfraudFix
OS: Microsoft Windows XP [Wersja 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

Cytat:

sun tez z dysku plik: C:\Windows\System32\hjpprpu.dll

Cytat:

ťukasz Klima - 06-12-24 11:30:56,79 Dodatek Service Pack 2
ComboFix 06.11.27 - Running from: "C:\Documents and Settings\ťukasz Klima.KLIMIKA\Pulpit"

((((((((((((((((((((((((((((((( Files Created from 2006-11-24 to 2006-12-24 ))))))))))))))))))))))))))))))))))


2006-12-24 11:20 79,360 --a------ C:\WINDOWS\system32\swxcacls.exe
2006-12-24 11:20 53,248 --a------ C:\WINDOWS\system32\Process.exe
2006-12-24 11:20 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2006-12-24 11:20 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2006-12-24 11:20 3,486 --a------ C:\WINDOWS\system32\tmp.reg
2006-12-24 11:20 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2006-12-24 11:20 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2006-12-21 01:14 <DIR> d-------- C:\WINDOWS\Minidump
2006-12-20 20:58 26,496 --a------ C:\WINDOWS\system32\drivers\USBSTOR.SYS
2006-12-06 12:59 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2006-12-04 15:41 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2006-11-28 08:13 <DIR> d---s---- C:\Documents and Settings\Lukasz Klima.KLIMIKA\UserData
2006-11-26 13:31 <DIR> d-------- C:\Documents and Settings\Lukasz Klima.KLIMIKA\Dane aplikacji\AdobeAUM
2006-11-24 01:14 <DIR> d-------- C:\Documents and Settings\Lukasz Klima.KLIMIKA\Dane aplikacji\Ahead
2006-11-24 00:49 <DIR> d-------- C:\Program Files\Common Files\Ahead


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-12-24 11:16 -------- d-------- C:\Program Files\Mozilla Firefox
2006-12-23 16:06 -------- d-------- C:\Program Files\Internet Explorer
2006-12-21 22:29 -------- d-------- C:\Documents and Settings\Lukasz Klima.KLIMIKA\Dane aplikacji\uTorrent
2006-12-18 00:07 -------- d-------- C:\Documents and Settings\Lukasz Klima.KLIMIKA\Dane aplikacji\Skype
2006-12-14 20:26 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-12-03 01:05 -------- d-------- C:\Program Files\XviD
2006-11-26 13:31 -------- d-------- C:\Program Files\Common Files\Adobe
2006-11-26 13:31 -------- d-------- C:\Documents and Settings\Lukasz Klima.KLIMIKA\Dane aplikacji\Adobe
2006-11-26 13:26 319 --a------ C:\Documents and Settings\Lukasz Klima.KLIMIKA\Dane aplikacji\AdobeDLM.log
2006-11-26 13:26 0 --a------ C:\Documents and Settings\Lukasz Klima.KLIMIKA\Dane aplikacji\dm.ini
2006-11-24 00:49 -------- d-------- C:\Program Files\Common Files
2006-11-23 23:22 -------- d-------- C:\Documents and Settings\Lukasz Klima.KLIMIKA\Dane aplikacji\Apple Computer
2006-11-23 23:08 -------- d-------- C:\Program Files\QuickTime
2006-11-23 23:08 -------- d-------- C:\Program Files\iPod
2006-11-23 23:08 -------- d-------- C:\Program Files\Apple Software Update
2006-11-21 16:53 -------- d-------- C:\Documents and Settings\Lukasz Klima.KLIMIKA\Dane aplikacji\Macromedia
2006-11-21 16:50 -------- d---s---- C:\Documents and Settings\Lukasz Klima.KLIMIKA\Dane aplikacji\Microsoft
2006-11-19 23:55 -------- d-------- C:\Program Files\Skype
2006-11-19 23:49 -------- d-------- C:\Documents and Settings\Lukasz Klima.KLIMIKA\Dane aplikacji\AdobeUM
2006-11-19 22:46 -------- d-------- C:\Program Files\Adobe
2006-11-19 14:56 -------- d-------- C:\Documents and Settings\Lukasz Klima.KLIMIKA\Dane aplikacji\Winamp
2006-11-19 14:38 -------- d-------- C:\Documents and Settings\Lukasz Klima.KLIMIKA\Dane aplikacji\FMA
2006-11-19 14:37 -------- d-------- C:\Program Files\Microsoft Windows Script
2006-11-19 14:34 -------- d-------- C:\Program Files\Usb to Serial Driver 1.12.25
2006-11-19 12:36 4608 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys
2006-11-19 12:36 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-11-19 12:33 -------- d-------- C:\Program Files\Symantec
2006-11-19 12:10 -------- d-------- C:\Program Files\Common Files\Macromedia
2006-11-19 02:46 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-11-19 02:46 -------- d-------- C:\Program Files\Common Files\DESIGNER
2006-11-19 02:26 -------- d-------- C:\Documents and Settings\Lukasz Klima.KLIMIKA\Dane aplikacji\Mozilla
2006-11-19 02:09 -------- d-------- C:\Program Files\Windows Media Player
2006-11-19 01:55 -------- d-------- C:\Program Files\DivXCodec
2006-11-19 01:43 -------- d-------- C:\Documents and Settings\Lukasz Klima.KLIMIKA\Dane aplikacji\Identities
2006-11-19 01:41 -------- d-------- C:\Program Files\Common Files\InstallShield
2006-11-19 01:23 -------- d-------- C:\Program Files\DivX
2006-11-19 00:56 -------- d-------- C:\Program Files\Common Files\SpeechEngines
2006-11-19 00:56 -------- d-------- C:\Program Files\Common Files\ODBC
2006-11-19 00:55 62 --ahs---- C:\Documents and Settings\Lukasz Klima.KLIMIKA\Dane aplikacji\desktop.ini
2006-11-19 00:28 -------- d-------- C:\Program Files\HP
2006-11-19 00:28 -------- d-------- C:\Program Files\Common Files\HP
2006-11-19 00:27 -------- d-------- C:\Program Files\Hewlett-Packard
2006-11-19 00:16 -------- d-------- C:\Program Files\Marvell
2006-11-19 00:12 -------- d-------- C:\Program Files\Realtek
2006-11-19 00:09 -------- d-------- C:\Program Files\Intel
2006-11-19 00:07 -------- d--h----- C:\Program Files\Uninstall Information
2006-11-19 00:04 0 -rahs---- C:\MSDOS.SYS
2006-11-19 00:04 0 -rahs---- C:\IO.SYS
2006-11-19 00:04 0 --a------ C:\CONFIG.SYS
2006-11-19 00:04 0 --a------ C:\AUTOEXEC.BAT
2006-11-19 00:03 -------- d--h----- C:\Program Files\WindowsUpdate
2006-11-19 00:03 -------- d-------- C:\Program Files\Outlook Express
2006-11-19 00:03 -------- d-------- C:\Program Files\NetMeeting
2006-11-19 00:03 -------- d-------- C:\Program Files\Common Files\Services
2006-11-19 00:02 -------- d-------- C:\Program Files\Movie Maker
2006-11-19 00:02 -------- d-------- C:\Program Files\Common Files\System
2006-11-19 00:02 -------- d-------- C:\Program Files\Common Files\MSSoap
2006-11-19 00:01 -------- d-------- C:\Program Files\Windows NT
2006-11-19 00:01 -------- d-------- C:\Program Files\MSN Gaming Zone
2006-11-19 00:01 -------- d-------- C:\Program Files\Messenger
2006-11-19 00:01 -------- d-------- C:\Program Files\ComPlus Applications
2006-11-01 14:57 1138688 --a------ C:\WINDOWS\system32\xvidcore.dll
2006-09-25 17:45 666240 --a------ C:\WINDOWS\system32\aswBoot.exe
2006-09-25 17:37 90112 --a------ C:\WINDOWS\system32\AVASTSS.scr


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""
"WinClock"="D:\\Program Files (D)\\WinClock Biz\\winclock.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SkyTel"="SkyTel.EXE"
"RTHDCPL"="RTHDCPL.EXE"
"Alcmtr"="ALCMTR.EXE"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"HP Software Update"="D:\\Program Files (D)\\HP Deskjet\\HP Software Update\\HPWuSchd2.exe"
"avast!"="D:\\PROGRA~1\\aVAST\\ashDisp.exe"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"Norton Ghost 10.0"="\"D:\\Program Files (D)\\Norton Ghost 10.0\\Agent\\GhostTray.exe\""
"Adobe Photo Downloader"="\"D:\\Program Files (D)\\Adobe\\Album Starter 3.0\\3.0\\Apps\\apdproxy.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"D:\\Program Files (D)\\iTunes\\iTunesHelper.exe\""
"NeroFilterCheck"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
"InCD"="D:\\Program Files (D)\\Nero 7\\InCD\\InCD.exe"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Moduł wstępnego ładowania interfejsu Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Demon buforu kategorii składników"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"



~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

backup-20061224-023157-150
O4 - HKLM\..\Run: [HP Software Update] D:\Program Files (D)\HP Deskjet\HP Software Update\HPWuSchd2.exe
backup-20061224-023157-246
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
backup-20061224-023157-257
O4 - HKCU\..\Run: [Spyware Doctor] "D:\Program Files (D)\Spyware Doctor\swdoctor.exe" /Q
backup-20061224-023157-349
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
backup-20061224-023157-407
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
backup-20061224-023157-456
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files (D)\iTunes\iTunesHelper.exe"
backup-20061224-023157-503
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
backup-20061224-023157-616
O4 - HKLM\..\Run: [AMFNoSpy] D:\Program Files (D)\NoSpy\AntiSpyNT.exe
backup-20061224-023157-680
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files (D)\AVG Anti-Spyware 7.5\avgas.exe" /minimized
backup-20061224-023157-698
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
backup-20061224-023157-759
O4 - HKCU\..\Run: [CoolCalendar] D:\Program Files (D)\CoolCalendar\CoolCalendar.exe
backup-20061224-023157-766
O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Program Files (D)\Adobe\Album Starter 3.0\3.0\Apps\apdproxy.exe"
backup-20061224-023157-851
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
backup-20061224-023157-862
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files (D)\HP Deskjet\Digital Imaging\bin\hpqtra08.exe
backup-20061224-023157-883
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
backup-20061224-023157-951
O4 - HKLM\..\Run: [AMFNoSpyUpdate] D:\Program Files (D)\NoSpy\AutoUpdate.exe
backup-20061224-023157-973
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
backup-20061224-023157-979
O4 - Startup: YearPlanner.lnk = D:\Program Files (D)\YearPlanner\YearPlanner.exe

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\HPpromotions journeysoftware.job

Completion time: 06-12-24 11:31:22.56
C:\ComboFix.txt ... 06-12-24 11:31

Cytat:

Zdarzenie Status Lokalizacja

Spyware:Cookie/2o7 Nie wyleczalny C:\Documents and Settings\Dom\Cookies\dom@2o7[2].txt
Spyware:Cookie/Adserver Nie wyleczalny C:\Documents and Settings\Dom\Dane aplikacji\Mozilla\Firefox\Profiles\24g7yhiu.default\cookies.txt[.adserver.o2.pl/]
Spyware:Cookie/WUpd Nie wyleczalny C:\Documents and Settings\Dom\Dane aplikacji\Mozilla\Firefox\Profiles\24g7yhiu.default\cookies.txt[.revenue.net/]
Spyware:Cookie/Yadro Nie wyleczalny C:\Documents and Settings\Dom\Dane aplikacji\Mozilla\Firefox\Profiles\24g7yhiu.default\cookies.txt[.yadro.ru/]
Spyware:Cookie/YieldManager Nie wyleczalny C:\Documents and Settings\Dom\Dane aplikacji\Mozilla\Firefox\Profiles\24g7yhiu.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/2o7 Nie wyleczalny C:\Documents and Settings\Łukasz Klima.KLIMIKA\Cookies\łukasz klima@2o7[1].txt
Spyware:Cookie/Tradedoubler Nie wyleczalny C:\Documents and Settings\Łukasz Klima.KLIMIKA\Dane aplikacji\Mozilla\Firefox\Profiles\zf16jymx.default\cookies.txt[.tradedoubler.com/]
Spyware:Cookie/Statcounter Nie wyleczalny C:\Documents and Settings\Łukasz Klima.KLIMIKA\Dane aplikacji\Mozilla\Firefox\Profiles\zf16jymx.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/HotLog Nie wyleczalny C:\Documents and Settings\Łukasz Klima.KLIMIKA\Dane aplikacji\Mozilla\Firefox\Profiles\zf16jymx.default\cookies.txt[.hotlog.ru/]
Spyware:Cookie/SpyLog Nie wyleczalny C:\Documents and Settings\Łukasz Klima.KLIMIKA\Dane aplikacji\Mozilla\Firefox\Profiles\zf16jymx.default\cookies.txt[.spylog.com/]
Spyware:Cookie/FastClick Nie wyleczalny C:\Documents and Settings\Łukasz Klima.KLIMIKA\Dane aplikacji\Mozilla\Firefox\Profiles\zf16jymx.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Tribalfusion Nie wyleczalny C:\Documents and Settings\Łukasz Klima.KLIMIKA\Dane aplikacji\Mozilla\Firefox\Profiles\zf16jymx.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/YieldManager Nie wyleczalny C:\Documents and Settings\Łukasz Klima.KLIMIKA\Dane aplikacji\Mozilla\Firefox\Profiles\zf16jymx.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Doubleclick Nie wyleczalny C:\Documents and Settings\Łukasz Klima.KLIMIKA\Dane aplikacji\Mozilla\Firefox\Profiles\zf16jymx.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/WUpd Nie wyleczalny C:\Documents and Settings\Łukasz Klima.KLIMIKA\Dane aplikacji\Mozilla\Firefox\Profiles\zf16jymx.default\cookies.txt[.revenue.net/]
Spyware:Cookie/Com.com Nie wyleczalny C:\Documents and Settings\Łukasz Klima.KLIMIKA\Dane aplikacji\Mozilla\Firefox\Profiles\zf16jymx.default\cookies.txt[.com.com/]
Spyware:Cookie/Atlas DMT Nie wyleczalny C:\Documents and Settings\Łukasz Klima.KLIMIKA\Dane aplikacji\Mozilla\Firefox\Profiles\zf16jymx.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Casalemedia Nie wyleczalny C:\Documents and Settings\Łukasz Klima.KLIMIKA\Dane aplikacji\Mozilla\Firefox\Profiles\zf16jymx.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/BurstNet Nie wyleczalny C:\Documents and Settings\Łukasz Klima.KLIMIKA\Dane aplikacji\Mozilla\Firefox\Profiles\zf16jymx.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/QuestionMarket Nie wyleczalny C:\Documents and Settings\Łukasz Klima.KLIMIKA\Dane aplikacji\Mozilla\Firefox\Profiles\zf16jymx.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/adstat Nie wyleczalny C:\Documents and Settings\Łukasz Klima.KLIMIKA\Dane aplikacji\Mozilla\Firefox\Profiles\zf16jymx.default\cookies.txt[.adstat.4u.pl/]
Spyware:Cookie/Hitbox Nie wyleczalny C:\Documents and Settings\Łukasz Klima.KLIMIKA\Dane aplikacji\Mozilla\Firefox\Profiles\zf16jymx.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/Advertising Nie wyleczalny C:\Documents and Settings\Łukasz Klima.KLIMIKA\Dane aplikacji\Mozilla\Firefox\Profiles\zf16jymx.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Xiti Nie wyleczalny C:\Documents and Settings\Łukasz Klima.KLIMIKA\Dane aplikacji\Mozilla\Firefox\Profiles\zf16jymx.default\cookies.txt[.xiti.com/]
Spyware:Cookie/PointRoll Nie wyleczalny C:\Documents and Settings\Łukasz Klima.KLIMIKA\Dane aplikacji\Mozilla\Firefox\Profiles\zf16jymx.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Mediaplex Nie wyleczalny C:\Documents and Settings\Łukasz Klima.KLIMIKA\Dane aplikacji\Mozilla\Firefox\Profiles\zf16jymx.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Maxserving Nie wyleczalny C:\Documents and Settings\Łukasz Klima.KLIMIKA\Dane aplikacji\Mozilla\Firefox\Profiles\zf16jymx.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/onestat.com Nie wyleczalny C:\Documents and Settings\Łukasz Klima.KLIMIKA\Dane aplikacji\Mozilla\Firefox\Profiles\zf16jymx.default\cookies.txt[stat.onestat.com/]
Spyware:Cookie/2o7 Nie wyleczalny C:\Documents and Settings\Łukasz Klima.KLIMIKA\Dane aplikacji\Mozilla\Firefox\Profiles\zf16jymx.default\cookies.txt[.2o7.net/]
Spyware:Cookie/WebtrendsLive Nie wyleczalny C:\Documents and Settings\Łukasz Klima.KLIMIKA\Dane aplikacji\Mozilla\Firefox\Profiles\zf16jymx.default\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/Overture Nie wyleczalny C:\Documents and Settings\Łukasz Klima.KLIMIKA\Dane aplikacji\Mozilla\Firefox\Profiles\zf16jymx.default\cookies.txt[.overture.com/]
Niechciane narzędzia:Application/Processor Nie wyleczalny C:\Documents and Settings\Łukasz Klima.KLIMIKA\Pulpit\SmitfraudFix\Process.exe
Niechciane narzędzia:Application/Processor Nie wyleczalny C:\WINDOWS\system32\Process.exe
Niechciane narzędzia:Application/AntiVermins