Skocz do zawartości

Pewien wirus, którego nie da się usunąć


Grela

Rekomendowane odpowiedzi

Wyskoczyło mi okienko z jakimś antispyware i pisze, że mam wirusa "TrojanDownloader.XS

Jak go usunąć i na czym polega działanie tego wirusa?

 

I jeszcze później wyskoczyło mi coś innego, że jest wirus o nazwie "wml.exe" (ściezka: C:/WINDOWS/wml.exe)

Odnośnik do komentarza
Udostępnij na innych stronach

A więc tak, Sly było to po Angielsku więc nie skorzystałem, ale po Polsku znalazłem instrę. Zrobiłem wszystko i daje log z tego programu jakby co:

 

 

SDFix: Version 1.169

Run by Administrator on 2008-04-11 at 17:31

 

Microsoft Windows XP [Wersja 5.1.2600]

Running From: C:\SDFix

 

Checking Services :

 

 

Restoring Windows Registry Values

Restoring Windows Default Hosts File

Restoring Default HomePage Value

Restoring Default Desktop Components Value

 

Rebooting

 

 

Checking Files :

 

Trojan Files Found:

 

C:\WINDOWS\SYSTEM32\GFAZITUN.EXE - Deleted

C:\WINDOWS\SYSTEM32\ZKTYFWVQ.EXE - Deleted

C:\Program Files\akl\akl.dll - Deleted

C:\Program Files\akl\akl.exe - Deleted

C:\Program Files\akl\uninstall.exe - Deleted

C:\Program Files\akl\unsetup.exe - Deleted

C:\WINDOWS\apoxqwfv.exe - Deleted

C:\WINDOWS\iTunesMusic.exe - Deleted

C:\WINDOWS\qdnkewfa.dll - Deleted

C:\WINDOWS\rs.txt - Deleted

C:\WINDOWS\Web\def.htm - Deleted

 

 

Could Not Remove C:\WINDOWS\system32smp

 

Folder C:\Program Files\akl - Removed

 

 

Removing Temp Files

 

ADS Check :

 

 

 

Final Check :

 

catchme 0.3.1351.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-11 17:50:27

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden services & system hive ...

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]

"s1"=dword:07b73240

"s2"=dword:d7cf5533

"h0"=dword:00000002

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]

"h0"=dword:00000000

"ujdew"=hex:37,da,d0,bd,e7,55,19,c7,87,7f,71,d2,7d,e8,22,4a,d2,13,7d,59,a6,..

"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

"h0"=dword:00000001

"khjeh"=hex:51,e0,d2,b1,4d,ba,20,62,05,fc,7c,6c,20,e7,e6,3c,0f,a4,f3,7d,e2,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]

"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"

"h0"=dword:00000000

"ujdew"=hex:38,b5,65,c6,74,fd,ce,2e,83,dd,8c,b3,61,b6,2e,70,b5,91,ec,5e,33,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]

"h0"=dword:00000000

"ujdew"=hex:37,da,d0,bd,e7,55,19,c7,87,7f,71,d2,7d,e8,22,4a,d2,13,7d,59,a6,..

"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

"h0"=dword:00000001

"khjeh"=hex:51,e0,d2,b1,4d,ba,20,62,05,fc,7c,6c,20,e7,e6,3c,0f,a4,f3,7d,e2,..

 

scanning hidden registry entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

 

 

Remaining Services :

 

 

 

Authorized Application Key Export:

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Program Files\\Gadu-Gadu\\gg.exe"="C:\\Program Files\\Gadu-Gadu\\gg.exe:*:Enabled:Gadu-Gadu - program g˘wny"

"C:\\WINDOWS\\system32\\LEXPPS.EXE"="C:\\WINDOWS\\system32\\LEXPPS.EXE:*:Enabled:LEXPPS.EXE"

"C:\\Gry\\Cyanide\\Igrzyska Zimowe 2007\\WinterApp.exe"="C:\\Gry\\Cyanide\\Igrzyska Zimowe 2007\\WinterApp.exe:*:Enabled:WinterChallenge"

"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Disabled:Internet Explorer"

"C:\\WINDOWS\\system32\\dplaysvr.exe"="C:\\WINDOWS\\system32\\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"

"C:\\Documents and Settings\\Madzia\\Ustawienia lokalne\\Temp\\gm_ttt_8695\\MPlay.exe"="C:\\Documents and Settings\\Madzia\\Ustawienia lokalne\\Temp\\gm_ttt_8695\\MPlay.exe:*:Enabled:MPlay"

"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"

"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"

"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"

"C:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"="C:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe:*:Enabled:Microsoft Flight Simulator"

"C:\\WINDOWS\\system32\\dpnsvr.exe"="C:\\WINDOWS\\system32\\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"

"C:\\Documents and Settings\\Madzia\\Ustawienia lokalne\\Temp\\Rar$EX06.484\\passtool\\PassTool v4.1.exe"="C:\\Documents and Settings\\Madzia\\Ustawienia lokalne\\Temp\\Rar$EX06.484\\passtool\\PassTool v4.1.exe:*:Disabled:PassTool v4.1"

"D:\\Gry\\Team17\\Worms 3D\\bin\\worms3d.exe"="D:\\Gry\\Team17\\Worms 3D\\bin\\worms3d.exe:*:Enabled:worms3d"

"C:\\Documents and Settings\\Madzia\\Ustawienia lokalne\\Temp\\gm_ttt_64183\\pong3.exe"="C:\\Documents and Settings\\Madzia\\Ustawienia lokalne\\Temp\\gm_ttt_64183\\pong3.exe:*:Enabled:pong3"

"C:\\Documents and Settings\\Adam\\Ustawienia lokalne\\Temp\\Rar$EX02.000\\chat.exe"="C:\\Documents and Settings\\Adam\\Ustawienia lokalne\\Temp\\Rar$EX02.000\\chat.exe:*:Enabled:chat"

"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"

"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Uruchamia plik DLL jako aplikacj©"

"C:\\Documents and Settings\\Adam\\Ustawienia lokalne\\Temp\\Rar$EX01.281\\ots\\YurOTS.exe"="C:\\Documents and Settings\\Adam\\Ustawienia lokalne\\Temp\\Rar$EX01.281\\ots\\YurOTS.exe:*:Enabled:YurOTS"

"C:\\Documents and Settings\\Adam\\Pulpit\\YurOTS_094\\ots\\YurOTS.exe"="C:\\Documents and Settings\\Adam\\Pulpit\\YurOTS_094\\ots\\YurOTS.exe:*:Enabled:YurOTS"

"C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"="C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe:*:Enabled:Nero Home"

"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"

"C:\\Program Files\\FlashGet\\FlashGet.exe"="C:\\Program Files\\FlashGet\\FlashGet.exe:*:Enabled:Flashget"

"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"

"C:\\Program Files\\Ares\\Ares.exe"="C:\\Program Files\\Ares\\Ares.exe:*:Enabled:Ares p2p for windows"

"D:\\Gry\\Microsoft\\Midtown Madness 2\\Midtown2.exe"="D:\\Gry\\Microsoft\\Midtown Madness 2\\Midtown2.exe:*:Enabled:Midtown Madness 2 Executable"

"C:\\Program Files\\Last.fm\\LastFM.exe"="C:\\Program Files\\Last.fm\\LastFM.exe:*:Enabled:Last.fm"

"C:\\Downloads\\ClientServer.exe"="C:\\Downloads\\ClientServer.exe:*:Enabled:ClientServer"

"C:\\Documents and Settings\\Adam\\Ustawienia lokalne\\Temp\\Rar$EX00.469\\pobb 2 ^^.exe"="C:\\Documents and Settings\\Adam\\Ustawienia lokalne\\Temp\\Rar$EX00.469\\pobb 2 ^^.exe:*:Enabled:pobb 2 ^^"

"C:\\Documents and Settings\\Adam\\Ustawienia lokalne\\Temp\\Rar$EX07.406\\pobb 2 ^^.exe"="C:\\Documents and Settings\\Adam\\Ustawienia lokalne\\Temp\\Rar$EX07.406\\pobb 2 ^^.exe:*:Enabled:pobb 2 ^^"

"C:\\Program Files\\xchat\\xchat.exe"="C:\\Program Files\\xchat\\xchat.exe:*:Enabled:XChat IRC Client"

"C:\\Program Files\\Opera\\Opera.exe"="C:\\Program Files\\Opera\\Opera.exe:*:Disabled:Opera Internet Browser"

"D:\\Gry\\Acclaim Entertainment\\Re-Volt\\revolt.exe"="D:\\Gry\\Acclaim Entertainment\\Re-Volt\\revolt.exe:*:Enabled:revolt"

"C:\\WINDOWS\\system32\\muzapp.exe"="C:\\WINDOWS\\system32\\muzapp.exe:*:Enabled:MUZ AOD APP player"

"C:\\Documents and Settings\\Adam\\Ustawienia lokalne\\Temp\\Rar$EX00.734\\39dll delphi\\Project1.exe"="C:\\Documents and Settings\\Adam\\Ustawienia lokalne\\Temp\\Rar$EX00.734\\39dll delphi\\Project1.exe:*:Enabled:Project1"

"C:\\Documents and Settings\\Adam\\Ustawienia lokalne\\Temp\\Rar$EX03.156\\39dll cpp\\Project1.exe"="C:\\Documents and Settings\\Adam\\Ustawienia lokalne\\Temp\\Rar$EX03.156\\39dll cpp\\Project1.exe:*:Enabled:Project1"

"C:\\Program Files\\Tlen.pl\\tlen.exe"="C:\\Program Files\\Tlen.pl\\tlen.exe:*:Enabled:Komunikator Tlen.pl"

"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"

"C:\\Documents and Settings\\Adam\\Ustawienia lokalne\\Temp\\Rar$EX01.360\\supergeostomp.exe"="C:\\Documents and Settings\\Adam\\Ustawienia lokalne\\Temp\\Rar$EX01.360\\supergeostomp.exe:*:Enabled:Super Stomp Rampage!"

"C:\\Documents and Settings\\Adam\\Pulpit\\XenoN_Online_Demo\\XenoN Online Demo\\xenon_online_server.exe"="C:\\Documents and Settings\\Adam\\Pulpit\\XenoN_Online_Demo\\XenoN Online Demo\\xenon_online_server.exe:*:Enabled:xenon_online_server"

"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

"C:\\Program Files\\DC++\\DCPlusPlus.exe"="C:\\Program Files\\DC++\\DCPlusPlus.exe:*:Enabled:DC++"

"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"

"C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"="C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe:*:Enabled:BearShare"

"C:\\Program Files\\BearShare\\BearShare.exe"="C:\\Program Files\\BearShare\\BearShare.exe:*:Enabled:BearShare"

"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:uTorrent"

"C:\\Program Files\\Proxy Switcher Standard\\ProxySwitcher.exe"="C:\\Program Files\\Proxy Switcher Standard\\ProxySwitcher.exe:*:Enabled:Proxy Switcher"

"C:\\WINDOWS\\system32\\inv.exe"="C:\\WINDOWS\\system32\\inv.exe:*:Enabled:inv"

"C:\\Documents and Settings\\Adam\\Pulpit\\keylogger.exe"="C:\\Documents and Settings\\Adam\\Pulpit\\keylogger.exe:*:Enabled:C:\\Documents and Settings\\Adam\\Pulpit\\keylogger.exe"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

 

Remaining Files :

 

C:\WINDOWS\system32smp Found

 

File Backups: - C:\SDFix\backups\backups.zip

 

Files with Hidden Attributes :

 

Mon 7 Apr 2008 2,028,331 ...H. --- "C:\WINDOWS\system32\inv.exe"

Wed 14 Nov 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"

Fri 21 Mar 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"

Wed 14 Nov 2007 4,348 ...H. --- "C:\Documents and Settings\Madzia\Moje dokumenty\Moja muzyka\Kopia zapasowa licencji\drmv1key.bak"

Mon 17 Dec 2007 20 A..H. --- "C:\Documents and Settings\Madzia\Moje dokumenty\Moja muzyka\Kopia zapasowa licencji\drmv1lic.bak"

Wed 14 Nov 2007 400 A.SH. --- "C:\Documents and Settings\Madzia\Moje dokumenty\Moja muzyka\Kopia zapasowa licencji\drmv2key.bak"

Mon 8 Sep 2003 965,191 A..H. --- "C:\Documents and Settings\Madzia\Moje dokumenty\Data\_App\Driver\DKU-5 (English).zip"

Wed 5 Sep 2001 56,320 A..H. --- "C:\Documents and Settings\Madzia\Moje dokumenty\Data\_App\Driver\Setup.exe"

Mon 8 Sep 2003 992,532 A..H. --- "C:\Documents and Settings\Madzia\Moje dokumenty\Data\_App\DriverFR\DKU-5 (French(Standard)).zip"

Wed 5 Sep 2001 168,448 A..H. --- "C:\Documents and Settings\Madzia\Moje dokumenty\Data\_App\DriverFR\Setup.exe"

 

Finished!

Odnośnik do komentarza
Udostępnij na innych stronach

"C:\\Documents and Settings\\Adam\\Pulpit\\keylogger.exe"="C:\\Documents and Settings\\Adam\\Pulpit\\keylogger.exe:*:Enabled:C:\\Documents and Settings\\Adam\\Pulpit\\keylogger.exe"
Fajnie! Keylogger na pulpicie :P

 

Could Not Remove C:\WINDOWS\system32smp
Spróbuj zainstalować program Unlocker, i nim to usunąć.

 

"C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"="C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe:*:Enabled:BearShare"

"C:\\Program Files\\BearShare\\BearShare.exe"="C:\\Program Files\\BearShare\\BearShare.exe:*:Enabled:BearShare"

Niestety, ale chyba w KŚE widziałem, że w BearShare jest ukryty spyware :P
Odnośnik do komentarza
Udostępnij na innych stronach

Ingen I <3 u

 

Sorry musialem, wiem ze to sopam ale poplakalem sie ze smiechu czytajac ten temat :)

 

 

ps:Ingen: masz po kompie! Juz pewnie amsz ze 4 giga trojanów : D i w necie powstają strony

 

www.pobawsiękompemgreli.com

 

Dostałem właśnie dwa rózne raporty na Twoje posty, a ponieważ faktycznie to jest sam spam - Warn.

gnysek

 

:* Wiesz, że musiałem.

Odnośnik do komentarza
Udostępnij na innych stronach

Taak??:] właśnie skanuje kompa nie ma narazie trojanów.

A tu jeszcze Hijackiem zrobiłem log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:42:35, on 2008-04-11

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\SYSTEM32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\WgaTray.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\WINDOWS\system32\RunDll32.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Program Files\Creative\Shared Files\CTSched.exe

C:\WINDOWS\system32\inv.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Tlen.pl\tlen.exe

C:\Program Files\Unlocker\UnlockerAssistant.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\SYSTEM32\Ati2evxx.exe

C:\Program Files\Alwil Software\Avast4\ashSimpl.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.lexmark.com/MD/?func=newreg&amp...;os=5&src=1

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O3 - Toolbar: (no name) - {37B85A29-692B-4205-9CAD-2626E4993404} - (no file)

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [CreativeTaskScheduler] "C:\Program Files\Creative\Shared Files\CTSched.exe" /logon

O4 - HKLM\..\Run: [bearShare] "C:\Program Files\BearShare\BearShare.exe" /pause

O4 - HKLM\..\Run: [invis] C:\WINDOWS\system32\inv.exe

O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"

O4 - HKLM\..\Run: [dc59a2d0] rundll32.exe "C:\WINDOWS\system32\sewtsavo.dll",b

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe

O4 - HKCU\..\Run: [vscfgjtz] C:\WINDOWS\system32\gfazitun.exe

O4 - HKCU\..\Run: [PC-Cleaner] "C:\Program Files\PC-Cleaner\PC-Cleaner.exe" hide

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA')

O4 - HKUS\S-1-5-21-1708537768-1060284298-839522115-1004\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe" (User 'Adam')

O4 - HKUS\S-1-5-21-1708537768-1060284298-839522115-1004\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (User 'Adam')

O4 - HKUS\S-1-5-21-1708537768-1060284298-839522115-1004\..\Run: [Google Update] "C:\Documents and Settings\Adam\Ustawienia lokalne\Dane aplikacji\Google\Update\1.1.25.0\GoogleUpdate.exe" /lang en (User 'Adam')

O4 - HKUS\S-1-5-21-1708537768-1060284298-839522115-1004\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Adam')

O4 - HKUS\S-1-5-21-1708537768-1060284298-839522115-1004\..\Run: [i&F Viewer toolbar] "C:\Program Files\Photo Toolkit\ivbar\phototoolkitmem.exe" -start (User 'Adam')

O4 - HKUS\S-1-5-21-1708537768-1060284298-839522115-1004\..\Run: [DLD.EXE] C:\Program Files\Download Direct\DLD.exe (User 'Adam')

O4 - HKUS\S-1-5-21-1708537768-1060284298-839522115-1004\..\Run: [nllcuywt] C:\WINDOWS\system32\zktyfwvq.exe (User 'Adam')

O4 - HKUS\S-1-5-21-1708537768-1060284298-839522115-1004\..\Run: [lsass] C:\lsass.exe (User 'Adam')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - S-1-5-21-1708537768-1060284298-839522115-1004 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Adam')

O4 - S-1-5-21-1708537768-1060284298-839522115-1004 Startup: Rapidown.lnk = C:\Program Files\Rapidown\rapidown.exe (User 'Adam')

O4 - S-1-5-21-1708537768-1060284298-839522115-1004 Startup: Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Adam')

O4 - S-1-5-21-1708537768-1060284298-839522115-1004 Startup: UniSpiker-2.6.lnk = ? (User 'Adam')

O4 - S-1-5-21-1708537768-1060284298-839522115-1004 Startup: YouTube Uploader.lnk = C:\Documents and Settings\Adam\Ustawienia lokalne\Dane aplikacji\YouTube\Uploader\youtubeuploader.exe (User 'Adam')

O4 - S-1-5-21-1708537768-1060284298-839522115-1004 User Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Adam')

O4 - S-1-5-21-1708537768-1060284298-839522115-1004 User Startup: Rapidown.lnk = C:\Program Files\Rapidown\rapidown.exe (User 'Adam')

O4 - S-1-5-21-1708537768-1060284298-839522115-1004 User Startup: Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Adam')

O4 - S-1-5-21-1708537768-1060284298-839522115-1004 User Startup: UniSpiker-2.6.lnk = ? (User 'Adam')

O4 - S-1-5-21-1708537768-1060284298-839522115-1004 User Startup: YouTube Uploader.lnk = C:\Documents and Settings\Adam\Ustawienia lokalne\Dane aplikacji\YouTube\Uploader\youtubeuploader.exe (User 'Adam')

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Rapidown - {57E91B47-F40A-11D1-B792-444553540011} - C:\Program Files\Rapidown\rapidown.exe

O9 - Extra 'Tools' menuitem: Rapidown - {57E91B47-F40A-11D1-B792-444553540011} - C:\Program Files\Rapidown\rapidown.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: http://www.mks.com.pl

O16 - DPF: ING Bank Online - https://ssl.bsk.com.pl/bskonlreg/component/INGOnl.cab

O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab

O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab

O16 - DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} (YYGInstantPlay Control) - http://www.yoyogames.com/downloads/activex/YoYo.cab

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} - http://mks.com.pl/skaner/SkanerOnline.cab

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15030/CTPID.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O21 - SSODL: CDVolume - {de95004d-cdae-4370-b481-4815c2538e72} - C:\WINDOWS\Resources\CDVolume.dll (file missing)

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

 

--

End of file - 10513 bytes

Odnośnik do komentarza
Udostępnij na innych stronach

Jeśli chcesz dodać odpowiedź, zaloguj się lub zarejestruj nowe konto

Jedynie zarejestrowani użytkownicy mogą komentować zawartość tej strony.

Zarejestruj nowe konto

Załóż nowe konto. To bardzo proste!

Zarejestruj się

Zaloguj się

Posiadasz już konto? Zaloguj się poniżej.

Zaloguj się
  • Ostatnio przeglądający   0 użytkowników

    • Brak zarejestrowanych użytkowników przeglądających tę stronę.
×
×
  • Dodaj nową pozycję...