Daj log z Silent Runners.
Przestarzałe tematy dotyczące sprawdzania logów
Rozpoczęty przez
warrez
, 12 01 2007 23:57
-
Temat jest zamknięty
180 odpowiedzi w tym temacie
#62
enj
-
-
- 6 postów
Obserwator
Napisano 18 04 2007 - 23:31
"Silent Runners.vbs", revision R50, [url=http://www.silentrunners.org/]http://www.silentrunners.org/[/url]
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]
"Logitech Utility" = "Logi_MwX.Exe" ["Logitech Inc."]
"SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"" ["Sun Microsystems, Inc."]
"KernelFaultCheck" = "C:\WINDOWS\system32\dumprep 0 -k"
"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"nod32kui" = ""C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE" ["Eset "]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{37B85A21-692B-4205-9CAD-2626E4993404}\(Default) = "My Global Search Bar BHO"
-> {HKLM...CLSID} = "My Global Search Bar BHO"
\InProcServer32\(Default) = "C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL" [file not found]
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}\(Default) = "BitComet ClickCapture"
-> {HKLM...CLSID} = "BitComet Helper"
\InProcServer32\(Default) = "D:\torrent\BitComet\tools\BitCometBHO.dll" [null data]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll" ["Sun Microsystems, Inc."]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {HKLM...CLSID} = "Display Panning CPL Extension"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}" = "UnlockerShellExtension"
-> {HKLM...CLSID} = "UnlockerShellExtension"
\InProcServer32\(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data]
"{51131DA7-1D24-40e5-AE07-5E3750F5DE3C}" = "ContextMenuExt Extension"
-> {HKLM...CLSID} = "ContextMenuExt Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\CopyToSendTo.dll" [null data]
"{3028902F-6374-48b2-8DC6-9725E775B926}" = "IE Microsoft AutoComplete"
-> {HKLM...CLSID} = "IE Microsoft AutoComplete"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{EFA24E62-B078-11d0-89E4-00C04FC9E26E}" = "History Band"
-> {HKLM...CLSID} = "History Band"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~1\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook File Icon Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~1\OFFICE11\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{B089FE88-FB52-11D3-BDF1-0050DA34150D}" = "NOD32 Context Menu Shell Extension"
-> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]
HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
-> {HKLM...CLSID} = "WPDShServiceObj Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]
HKLM\Software\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]
HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
CopyMoveTo\(Default) = "{51131DA7-1D24-40e5-AE07-5E3750F5DE3C}"
-> {HKLM...CLSID} = "ContextMenuExt Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\CopyToSendTo.dll" [null data]
NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"
-> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]
UnlockerShellExtension\(Default) = "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}"
-> {HKLM...CLSID} = "UnlockerShellExtension"
\InProcServer32\(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
CopyMoveTo\(Default) = "{51131DA7-1D24-40e5-AE07-5E3750F5DE3C}"
-> {HKLM...CLSID} = "ContextMenuExt Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\CopyToSendTo.dll" [null data]
UnlockerShellExtension\(Default) = "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}"
-> {HKLM...CLSID} = "UnlockerShellExtension"
\InProcServer32\(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
CopyMoveTo\(Default) = "{51131DA7-1D24-40e5-AE07-5E3750F5DE3C}"
-> {HKLM...CLSID} = "ContextMenuExt Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\CopyToSendTo.dll" [null data]
NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"
-> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]
UnlockerShellExtension\(Default) = "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}"
-> {HKLM...CLSID} = "UnlockerShellExtension"
\InProcServer32\(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------
Note: detected settings may not have any effect.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
"NoInternetIcon" = (REG_DWORD) hex:0x00000000
{User Configuration|Administrative Templates|Desktop|
Hide Internet Explorer icon on desktop}
"ClearRecentDocsOnExit" = (REG_DWORD) hex:0x00000001
{unrecognized setting}
"NoLowDiskSpaceChecks" = (REG_DWORD) hex:0x00000001
{unrecognized setting}
"NoSaveSettings" = (REG_DWORD) hex:0x00000000
{User Configuration|Administrative Templates|Desktop|
Don't save settings at exit}
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
"NoRemoteRecursiveEvents" = (REG_DWORD) hex:0x00000001
{unrecognized setting}
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\
"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}
"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Wazka\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"
Enabled Screen Saver:
---------------------
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\system32\logon.scr" [MS]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
C:\WINDOWS\system32\imon.dll ["Eset "], 01 - 05, 11
%SystemRoot%\system32\mswsock.dll [MS], 06 - 08, 12 - 19
%SystemRoot%\system32\rsvpsp.dll [MS], 09 - 10
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{37B85A29-692B-4205-9CAD-2626E4993404}"
-> {HKLM...CLSID} = "My Global Search Bar"
\InProcServer32\(Default) = "C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL" [file not found]
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{37B85A29-692B-4205-9CAD-2626E4993404}" = (no title provided)
-> {HKLM...CLSID} = "My Global Search Bar"
\InProcServer32\(Default) = "C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL" [file not found]
Explorer Bars
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Research"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL" [MS]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in 1.5.0_11"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.5.0_11"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll" ["Sun Microsystems, Inc."]
{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Research"
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
NOD32 Kernel Service, NOD32krn, ""C:\Program Files\Eset\nod32krn.exe"" ["Eset "]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
Print Monitors:
---------------
HKLM\System\CurrentControlSet\Control\Print\Monitors\
BJ Language Monitor\Driver = "cnbjmon.dll" [file not found]
PJL Language Monitor\Driver = "pjlmon.dll" [file not found]
----------
<<!>>: Suspicious data at a malware launch point.
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 26 seconds, including 3 seconds for message boxes)
#63
Maciej13
-
-
- 261 postów
SecurityMaster
Napisano 19 04 2007 - 21:56
Do Notatnika:
Plik => Zapisz jako => Zmień rozszerzenie z .txt na Wszystkie pliki => Następnie zapisz pod nazwą FIX.REG
Uruchom utworzony plik FIX.REG, a później potwierdź dodanie do Rejestru i zresetuj komputer.
Nowy log z Silent Runners oraz L2MFix z opcji 1.
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{37B85A29-692B-4205-9CAD-2626E4993404}"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar]
"{37B85A29-692B-4205-9CAD-2626E4993404}"=-
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{37B85A21-692B-4205-9CAD-2626E4993404}]Plik => Zapisz jako => Zmień rozszerzenie z .txt na Wszystkie pliki => Następnie zapisz pod nazwą FIX.REG
Uruchom utworzony plik FIX.REG, a później potwierdź dodanie do Rejestru i zresetuj komputer.
Nowy log z Silent Runners oraz L2MFix z opcji 1.
#64
enj
-
-
- 6 postów
Obserwator
Napisano 20 04 2007 - 10:50
"Silent Runners.vbs", revision R50, [url=http://www.silentrunners.org/]http://www.silentrunners.org/[/url]
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]
"Logitech Utility" = "Logi_MwX.Exe" ["Logitech Inc."]
"SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"" ["Sun Microsystems, Inc."]
"KernelFaultCheck" = "C:\WINDOWS\system32\dumprep 0 -k"
"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"nod32kui" = ""C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE" ["Eset "]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}\(Default) = "BitComet ClickCapture"
-> {HKLM...CLSID} = "BitComet Helper"
\InProcServer32\(Default) = "D:\torrent\BitComet\tools\BitCometBHO.dll" [null data]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll" ["Sun Microsystems, Inc."]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {HKLM...CLSID} = "Display Panning CPL Extension"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]L2MFIX find log 051206
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
**********************************************************************************
useragent:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""
**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections"
"{A70C977A-BF00-412C-90B7-034C51DA2439}"="NvCpl DesktopContext Class"
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}"="Play on my TV helper"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{afc638f0-e8a4-11ce-9ade-00aa00a42d2e}"="MST TrueType File Properties"
"{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}"="UnlockerShellExtension"
"{51131DA7-1D24-40e5-AE07-5E3750F5DE3C}"="ContextMenuExt Extension"
"{21569614-B795-46b1-85F4-E737A8DC09AD}"="Shell Search Band"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Shell Microsoft AutoComplete"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="IE Search Band"
"{3028902F-6374-48b2-8DC6-9725E775B926}"="IE Microsoft AutoComplete"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{EFA24E62-B078-11d0-89E4-00C04FC9E26E}"="History Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="History"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}"="Autoplay for SlideShow"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Play as Playlist Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders"
"{00020D75-0000-0000-C000-000000000046}"="Microsoft Office Outlook Desktop Icon Handler"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Office Outlook Custom Icon Handler"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}"="nView Desktop Context Menu"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{35786D3C-B075-49b9-88DD-029876E11C01}"="Portable Devices"
"{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8}"="Portable Devices Menu"
"{B089FE88-FB52-11D3-BDF1-0050DA34150D}"="NOD32 Context Menu Shell Extension"
**********************************************************************************
HKEY ROOT CLASSIDS:
**********************************************************************************
Files Found are not all bad files:
C:\WINDOWS\SYSTEM32\
bitcom~1.dll Fri 2007-03-02 14:14:02 A.... 2 560 2,50 K
divx.dll Thu 2007-02-01 6:56:06 A.... 639 066 624,09 K
dpl100.dll Tue 2007-01-30 6:56:58 A.... 73 728 72,00 K
dtu100.dll Tue 2007-01-30 6:56:58 A.... 196 608 192,00 K
ff_vfw.dll Wed 2007-02-21 22:00:28 A.... 10 752 10,50 K
imon.dll Tue 2007-04-10 11:03:00 A.... 298 104 291,12 K
libdivx.dll Tue 2007-01-30 7:03:28 A.... 1 044 480 1020,00 K
qt-dx331.dll Tue 2007-01-30 7:03:42 A.... 3 596 288 3,43 M
skaner~1.dll Mon 2007-01-22 13:00:36 A.... 719 088 702,23 K
ssldivx.dll Tue 2007-01-30 7:03:28 A.... 200 704 196,00 K
10 items found: 10 files, 0 directories.
Total of file sizes: 6 781 378 bytes 6,46 M
Locate .tmp files:
No matches found.
**********************************************************************************
Directory Listing of system files:
Volume in drive C has no label.
Volume Serial Number is 7476-044A
Directory of C:\WINDOWS\System32
2007-03-02 13:16 <DIR> Microsoft
0 File(s) 0 bytes
1 Dir(s) 3˙969˙765˙376 bytes free
zrobilem tak jak podales...Pozdrawiam
#65
Maciej13
-
-
- 261 postów
SecurityMaster
Napisano 20 04 2007 - 16:41
Log z Silent`a jest ucięty. Czekam na pełny.
#66
enj
-
-
- 6 postów
Obserwator
Napisano 20 04 2007 - 17:40
"Silent Runners.vbs", revision R50, [url=http://www.silentrunners.org/]http://www.silentrunners.org/[/url]
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]
"Logitech Utility" = "Logi_MwX.Exe" ["Logitech Inc."]
"SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"" ["Sun Microsystems, Inc."]
"KernelFaultCheck" = "C:\WINDOWS\system32\dumprep 0 -k"
"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"nod32kui" = ""C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE" ["Eset "]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}\(Default) = "BitComet ClickCapture"
-> {HKLM...CLSID} = "BitComet Helper"
\InProcServer32\(Default) = "D:\torrent\BitComet\tools\BitCometBHO.dll" [null data]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll" ["Sun Microsystems, Inc."]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {HKLM...CLSID} = "Display Panning CPL Extension"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}" = "UnlockerShellExtension"
-> {HKLM...CLSID} = "UnlockerShellExtension"
\InProcServer32\(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data]
"{51131DA7-1D24-40e5-AE07-5E3750F5DE3C}" = "ContextMenuExt Extension"
-> {HKLM...CLSID} = "ContextMenuExt Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\CopyToSendTo.dll" [null data]
"{3028902F-6374-48b2-8DC6-9725E775B926}" = "IE Microsoft AutoComplete"
-> {HKLM...CLSID} = "IE Microsoft AutoComplete"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{EFA24E62-B078-11d0-89E4-00C04FC9E26E}" = "History Band"
-> {HKLM...CLSID} = "History Band"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~1\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook File Icon Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~1\OFFICE11\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{B089FE88-FB52-11D3-BDF1-0050DA34150D}" = "NOD32 Context Menu Shell Extension"
-> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]
HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
-> {HKLM...CLSID} = "WPDShServiceObj Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]
HKLM\Software\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]
HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
CopyMoveTo\(Default) = "{51131DA7-1D24-40e5-AE07-5E3750F5DE3C}"
-> {HKLM...CLSID} = "ContextMenuExt Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\CopyToSendTo.dll" [null data]
NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"
-> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]
UnlockerShellExtension\(Default) = "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}"
-> {HKLM...CLSID} = "UnlockerShellExtension"
\InProcServer32\(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
CopyMoveTo\(Default) = "{51131DA7-1D24-40e5-AE07-5E3750F5DE3C}"
-> {HKLM...CLSID} = "ContextMenuExt Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\CopyToSendTo.dll" [null data]
UnlockerShellExtension\(Default) = "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}"
-> {HKLM...CLSID} = "UnlockerShellExtension"
\InProcServer32\(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
CopyMoveTo\(Default) = "{51131DA7-1D24-40e5-AE07-5E3750F5DE3C}"
-> {HKLM...CLSID} = "ContextMenuExt Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\CopyToSendTo.dll" [null data]
NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"
-> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]
UnlockerShellExtension\(Default) = "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}"
-> {HKLM...CLSID} = "UnlockerShellExtension"
\InProcServer32\(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------
Note: detected settings may not have any effect.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
"NoInternetIcon" = (REG_DWORD) hex:0x00000000
{User Configuration|Administrative Templates|Desktop|
Hide Internet Explorer icon on desktop}
"ClearRecentDocsOnExit" = (REG_DWORD) hex:0x00000001
{unrecognized setting}
"NoLowDiskSpaceChecks" = (REG_DWORD) hex:0x00000001
{unrecognized setting}
"NoSaveSettings" = (REG_DWORD) hex:0x00000000
{User Configuration|Administrative Templates|Desktop|
Don't save settings at exit}
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
"NoRemoteRecursiveEvents" = (REG_DWORD) hex:0x00000001
{unrecognized setting}
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\
"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}
"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Wazka\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"
Enabled Screen Saver:
---------------------
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\system32\logon.scr" [MS]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
C:\WINDOWS\system32\imon.dll ["Eset "], 01 - 05, 11
%SystemRoot%\system32\mswsock.dll [MS], 06 - 08, 12 - 19
%SystemRoot%\system32\rsvpsp.dll [MS], 09 - 10
Toolbars, Explorer Bars, Extensions:
------------------------------------
Explorer Bars
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Research"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL" [MS]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}"
-> {HKLM...CLSID} = "Java Plug-in 1.6.0_01"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll" ["Sun Microsystems, Inc."]
{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Research"
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
NOD32 Kernel Service, NOD32krn, ""C:\Program Files\Eset\nod32krn.exe"" ["Eset "]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
Print Monitors:
---------------
HKLM\System\CurrentControlSet\Control\Print\Monitors\
BJ Language Monitor\Driver = "cnbjmon.dll" [file not found]
PJL Language Monitor\Driver = "pjlmon.dll" [file not found]
----------
<<!>>: Suspicious data at a malware launch point.
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 38 seconds, including 17 seconds for message boxes)
#67
kalaxe
-
-
- 47 postów
Początkujący
Napisano 28 04 2007 - 00:03
komp mi się czasem muli tak na parenaście sekund, w menedżerze zadań wyskakują skoki zużycia CPU, najczęściej przez kasperskyego i gg (jak gg może zżerać 85% CPU ?)
mój log z hijacka:
mój log z hijacka:
Logfile of HijackThis v1.99.1
Scan saved at 00:02:27, on 2007-04-28
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\WINDOWS\system32\rserver30\FamItrfc.Exe
F:\pilot\hijackthis_199\HijackThis.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\msiexec.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul1.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul1.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul1.dll
O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\PROGRA~1\Office\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\Office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{B7EF1ECB-0F19-4C29-BB57-01ED7EE086EF}: NameServer = 194.204.152.34 217.98.63.164
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
#68
Armstrong
-
-
- 71 postów
Początkujący
Napisano 28 04 2007 - 10:56
Log czysty.
Z gg już tak czasem jest, najlepiej zmień komunikator na jakiś inny, np. AQQ.najczęściej przez kasperskyego i gg (jak gg może zżerać 85% CPU ?)
#69
Maciej13
-
-
- 261 postów
SecurityMaster
Napisano 02 05 2007 - 21:04
Log czysty.
Błąd.
A to:
O3 - Toolbar: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul1.dll
O2 - BHO: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul1.dll?
@kalaxe - Odinstaluj Multi_Media z Panelu Sterowania.
Po pracy nowy log + Silent Runners.
#70
Armstrong
-
-
- 71 postów
Początkujący
Napisano 02 05 2007 - 21:29
A możesz powiedzieć co w tym złego? 
#71
kalaxe
-
-
- 47 postów
Początkujący
Napisano 02 05 2007 - 23:01
co to te silent runners i jak je włączyć ?
#72
Maciej13
-
-
- 261 postów
SecurityMaster
Napisano 04 05 2007 - 14:52
co to te silent runners i jak je włączyć ?
Silent Runners => Opis!
A możesz powiedzieć co w tym złego? biggrin.gif
Niemniej jednak podchodzi to pod spyware. Bardzo często występuje także z infekcją Lop, więc tez możliwe że on ściąga to Adware. Usuwany nie tylko przeze mnie.
#73
mcjack
-
-
- 7 postów
Obserwator
Napisano 04 05 2007 - 23:55
Witam,
Po przedstawieniu mojego problemu z internetem:
/index.php?showtopic=7380
skierowano mnie do tegoz dzialu abym przedstawil logi z programow hijack, combofix
Takze bylbym bardzo wdzieczny za pomoc w przeanaluzwaniu logow i ew. pomoc w naprawie bledu.
Z gory dziekuje
Log z HIJACK:
Log z COMBOFIX:
Po przedstawieniu mojego problemu z internetem:
/index.php?showtopic=7380
skierowano mnie do tegoz dzialu abym przedstawil logi z programow hijack, combofix
Takze bylbym bardzo wdzieczny za pomoc w przeanaluzwaniu logow i ew. pomoc w naprawie bledu.
Z gory dziekuje
Log z HIJACK:
Logfile of HijackThis v1.99.1
Scan saved at 23:45:21, on 2007-05-04
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Opera\Opera.exe
C:\WINDOWS\System32\svchost.exe
K:\sciagniete\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{486F2E23-1CC2-4AA7-8231-858E072AF9F4}: NameServer = 192.168.0.1,192.168.0.2
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: SQL Server Agent (MSSQLSERVER) (SQLSERVERAGENT) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE" -i MSSQLSERVER (file missing)
Log z COMBOFIX:
"Jack" - 07-05-04 23:40:54 Dodatek Service Pack 2
ComboFix 07-04-25.4V - Running from: "C:\Documents and Settings\Jack\Pulpit\"
((((((((((((((((((((((((((((((( Files Created from 2007-04-04 to 2007-05-04 ))))))))))))))))))))))))))))))))))
2007-05-04 08:25 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-05-04 08:21 <DIR> d-------- C:\Program Files\Microsoft Bootvis
2007-05-03 18:13 <DIR> d-------- C:\DOCUME~1\Jack\DANEAP~1\pdf995
2007-05-03 18:07 51,716 --a------ C:\WINDOWS\system32\pdf995mon.dll
2007-05-03 18:07 122,880 --a------ C:\WINDOWS\system32\pdfmona.dll
2007-05-03 18:07 <DIR> d-------- C:\Program Files\pdf995
2007-05-03 18:07 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\pdf995
2007-05-02 21:03 <DIR> d-------- C:\WINDOWS\system32\appmgmt
2007-05-01 17:26 3,543,040 --a------ C:\DOCUME~1\Jack\ntuser.dat
2007-04-30 21:53 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-04-30 21:53 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-04-30 21:53 <DIR> d-------- C:\Program Files\Xvid
2007-04-30 10:07 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Windows Genuine Advantage
2007-04-29 13:16 <DIR> d-------- C:\DOCUME~1\Jack\DANEAP~1\Help
2007-04-28 16:20 <DIR> d--hs---- C:\FOUND.001
2007-04-28 10:16 <DIR> d--hs---- C:\FOUND.000
2007-04-27 22:57 <DIR> d-------- C:\Gadu-Gadu(2)
2007-04-27 20:33 <DIR> d-------- C:\Gadu-Gadu
2007-04-23 22:39 <DIR> d-------- C:\Program Files\Valve
2007-04-22 14:37 <DIR> d-------- C:\Program Files\Gupta
2007-04-22 13:07 <DIR> d-------- C:\Program Files\SpeedFan
2007-04-22 12:48 2,869 --a------ C:\WINDOWS\system32\Power.sys
2007-04-18 18:34 <DIR> d-------- C:\Program Files\Cartall
2007-04-18 18:05 <DIR> d-------- C:\DOCUME~1\Jack\DANEAP~1\Corel
2007-04-18 13:22 <DIR> d---s---- C:\DOCUME~1\Jack\UserData
2007-04-14 17:34 <DIR> d-------- C:\WINDOWS\pss
2007-04-14 08:38 262,144 --a------ C:\DOCUME~1\ALLUSE~1\ntuser.dat
2007-04-13 22:12 <DIR> d-------- C:\Program Files\DC++
2007-04-13 16:43 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-04-13 16:43 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-04-13 16:43 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2007-04-13 16:31 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-04-13 16:30 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2007-04-13 16:30 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-04-12 21:59 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2007-04-12 21:59 <DIR> d-------- C:\Program Files\Common Files\Merge Modules
2007-04-12 21:48 <DIR> d-------- C:\Program Files\SQLXML 4.0
2007-04-12 21:45 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Microsoft Help
2007-04-12 21:42 <DIR> d-------- C:\Program Files\Microsoft Analysis Services
2007-04-12 21:41 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-04-12 21:16 <DIR> d-------- C:\Program Files\Microsoft SQL Server
2007-04-12 15:39 36,528 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-04-12 15:39 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-04-12 15:39 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-04-12 15:39 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2007-04-12 15:39 115,880 --------- C:\WINDOWS\system32\pxinsi64.exe
2007-04-12 15:38 <DIR> d-------- C:\WINDOWS\RegisteredPackages
2007-04-12 15:35 <DIR> d-------- C:\Program Files\Winamp
2007-04-12 15:13 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-04-12 14:41 376,832 --a------ C:\WINDOWS\system32\gds32.dll
2007-04-12 14:41 28,672 --a------ C:\WINDOWS\system32\ibxml.dll
2007-04-12 14:41 177,152 --a------ C:\WINDOWS\system32\ibinstall.dll
2007-04-12 14:36 <DIR> d-------- C:\Inprise
2007-04-12 14:25 <DIR> d-------- C:\Program Files\Common Files\Borland Shared
2007-04-12 14:25 <DIR> d-------- C:\Program Files\Borland
2007-04-12 08:37 <DIR> d--hs---- C:\Recycled
2007-04-12 08:35 298,496 --a------ C:\WINDOWS\unin0415.exe
2007-04-12 08:28 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-04-12 08:09 995,056 --a------ C:\WINDOWS\system\MSAJT200.DLL
2007-04-12 08:09 92,576 --a------ C:\WINDOWS\system\ODBCINST.DLL
2007-04-12 08:09 88,896 --a------ C:\WINDOWS\system\ODBCCURS.DLL
2007-04-12 08:09 64,080 --a------ C:\WINDOWS\system\ODBCTL16.DLL
2007-04-12 08:09 6,464 --a------ C:\WINDOWS\ODBCADM.EXE
2007-04-12 08:09 57,328 --a------ C:\WINDOWS\system\OLE2CONV.DLL
2007-04-12 08:09 56,240 --a------ C:\WINDOWS\system\ODBC.DLL
2007-04-12 08:09 51,712 --a------ C:\WINDOWS\system\OLE2PROX.DLL
2007-04-12 08:09 322,384 --a------ C:\WINDOWS\system\MFC250.DLL
2007-04-12 08:09 302,592 --a------ C:\WINDOWS\system\OLE2.DLL
2007-04-12 08:09 298,880 --a------ C:\WINDOWS\system\VBAR2.DLL
2007-04-12 08:09 27,632 --a------ C:\WINDOWS\system\CTL3DV2.DLL
2007-04-12 08:09 27,026 --a------ C:\WINDOWS\system\OLE2.REG
2007-04-12 08:09 246,928 --a------ C:\WINDOWS\system\ODBCJT16.DLL
2007-04-12 08:09 177,216 --a------ C:\WINDOWS\system\TYPELIB.DLL
2007-04-12 08:09 164,832 --a------ C:\WINDOWS\system\OLE2DISP.DLL
2007-04-12 08:09 157,696 --a------ C:\WINDOWS\system\STORAGE.DLL
2007-04-12 08:09 150,976 --a------ C:\WINDOWS\system\OLE2NLS.DLL
2007-04-12 08:09 15,936 --a------ C:\WINDOWS\system\MSJETINT.DLL
2007-04-12 08:09 146,976 --a------ C:\WINDOWS\system\MFCOLEUI.DLL
2007-04-12 08:09 125,856 --a------ C:\WINDOWS\system\MFCO250.DLL
2007-04-12 08:09 11,232 --a------ C:\WINDOWS\system\MSJETERR.DLL
2007-04-12 08:09 108,544 --a------ C:\WINDOWS\system\COMPOBJ.DLL
2007-04-12 08:09 10,304 --a------ C:\WINDOWS\system\MSCPXLT.DLL
2007-04-12 08:09 1,984 --a------ C:\WINDOWS\system\VBAJET.DLL
2007-04-12 08:09 <DIR> d-------- C:\YDPDICT
2007-04-12 08:08 271,248 --a------ C:\WINDOWS\ISUN16.EXE
2007-04-12 08:08 26,768 --a------ C:\WINDOWS\system\CTL3D.DLL
2007-04-12 00:07 607,744 --------- C:\WINDOWS\system32\Decslib.dll
2007-04-12 00:05 909,824 --------- C:\WINDOWS\system32\qd3d.dll
2007-04-12 00:05 70,656 --------- C:\WINDOWS\system32\3dviewer.dll
2007-04-12 00:05 553,984 --------- C:\WINDOWS\system32\rave.dll
2007-04-12 00:05 39,095 --------- C:\WINDOWS\iccsigs.dat
2007-04-12 00:05 112,688 --------- C:\WINDOWS\system32\shw32.dll
2007-04-12 00:04 245,760 --------- C:\WINDOWS\system32\Sccomp91.dll
2007-04-12 00:04 225,280 --------- C:\WINDOWS\system32\Scint91.dll
2007-04-12 00:04 168,448 --------- C:\WINDOWS\system32\Awrtl30.dll
2007-04-12 00:04 110,592 --------- C:\WINDOWS\system32\Sccres91.dll
2007-04-12 00:04 100,864 --------- C:\WINDOWS\system32\awpe.dll
2007-04-12 00:04 <DIR> d-------- C:\WINDOWS\Profiles
2007-04-12 00:04 <DIR> d-------- C:\Program Files\Corel
2007-04-12 00:03 <DIR> d-------- C:\WINDOWS\Corel
2007-04-12 00:02 95,872 --a------ C:\WINDOWS\system32\AVASTSS.scr
2007-04-12 00:02 94,552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-04-12 00:02 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-04-12 00:02 745,600 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-04-12 00:02 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-04-12 00:02 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-04-12 00:02 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2007-04-12 00:02 26,888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-04-12 00:02 23,416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-04-12 00:02 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2007-04-12 00:02 <DIR> d-------- C:\Program Files\Alwil Software
2007-04-11 23:52 253,952 --------- C:\WINDOWS\system32\mspdox35.dll
2007-04-11 23:52 169,984 --------- C:\WINDOWS\system32\msltus35.dll
2007-04-11 23:52 <DIR> d-------- C:\Program Files\ROUTE66
2007-04-11 23:45 5,504 --------- C:\WINDOWS\system32\drivers\imagedrv.sys
2007-04-11 23:45 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2007-04-11 23:45 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2007-04-11 23:45 38,912 --------- C:\WINDOWS\system32\picn20.dll
2007-04-11 23:45 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
2007-04-11 23:45 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2007-04-11 23:45 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2007-04-11 23:45 125,184 --------- C:\WINDOWS\system32\drivers\imagesrv.sys
2007-04-11 23:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2007-04-11 23:45 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2007-04-11 23:45 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-04-11 23:45 <DIR> d-------- C:\Program Files\Ahead
2007-04-11 23:44 86,016 --a------ C:\WINDOWS\unvise32.exe
2007-04-11 23:44 <DIR> d-------- C:\Program Files\DivX
2007-04-11 23:41 306,688 --a------ C:\WINDOWS\IsUninst.exe
2007-04-11 23:41 <DIR> d-------- C:\Program Files\Intersil Americas Inc
2007-04-11 23:40 77,824 -ra------ C:\WINDOWS\system32\SynTPCoI.dll
2007-04-11 23:40 73,728 -ra------ C:\WINDOWS\system32\SynCOM.dll
2007-04-11 23:40 65,536 -ra------ C:\WINDOWS\system32\SynTPFcs.dll
2007-04-11 23:40 266,768 -ra------ C:\WINDOWS\system32\drivers\SynTP.sys
2007-04-11 23:40 110,592 -ra------ C:\WINDOWS\system32\SynTPAPI.dll
2007-04-11 23:40 106,496 -ra------ C:\WINDOWS\system32\SynCtrl.dll
2007-04-11 23:40 <DIR> d-------- C:\Program Files\Synaptics
2007-04-11 23:39 9,472 -ra------ C:\WINDOWS\system32\drivers\sisperf.sys
2007-04-11 23:39 5,760 -ra------ C:\WINDOWS\system32\drivers\siside.sys
2007-04-11 23:39 48,896 -ra------ C:\WINDOWS\system32\drivers\sisidex.sys
2007-04-11 23:39 139,264 -ra------ C:\WINDOWS\system32\IDEproperty.dll
2007-04-11 23:39 <DIR> d-------- C:\Program Files\SiSLan
2007-04-11 23:38 327,168 --a------ C:\WINDOWS\IsUn0415.exe
2007-04-11 23:38 <DIR> d-------- C:\DOCUME~1\Jack\WINDOWS
2007-04-11 23:35 <DIR> d-------- C:\Program Files\Power Management
2007-04-11 23:34 <DIR> d-------- C:\WINDOWS\SMSC
2007-04-11 23:33 724,992 --a------ C:\WINDOWS\iun6002.exe
2007-04-11 23:33 69,632 --a------ C:\WINDOWS\system32\GkSui18.EXE
2007-04-11 23:33 <DIR> d-------- C:\Program Files\Generic
2007-04-11 23:33 <DIR> d-------- C:\Program Files\EzMail V2.0
2007-04-11 23:32 208,896 -ra------ C:\WINDOWS\alcupd.exe
2007-04-11 23:32 131,072 -ra------ C:\WINDOWS\alcrmv.exe
2007-04-11 23:32 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2007-04-11 23:32 <DIR> d-------- C:\WINDOWS\system32\ReinstallBackups
2007-04-11 23:32 <DIR> d-------- C:\Program Files\Realtek Sound Manager
2007-04-11 23:32 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2007-04-11 23:32 <DIR> d-------- C:\Program Files\AvRack
2007-04-11 23:31 545 --a------ C:\WINDOWS\UC.PIF
2007-04-11 23:31 545 --a------ C:\WINDOWS\RAR.PIF
2007-04-11 23:31 545 --a------ C:\WINDOWS\PKZIP.PIF
2007-04-11 23:31 545 --a------ C:\WINDOWS\PKUNZIP.PIF
2007-04-11 23:31 545 --a------ C:\WINDOWS\NOCLOSE.PIF
2007-04-11 23:31 545 --a------ C:\WINDOWS\LHA.PIF
2007-04-11 23:31 545 --a------ C:\WINDOWS\ARJ.PIF
2007-04-11 23:31 <DIR> d-------- C:\wincmd
2007-04-11 23:27 <DIR> d-------- C:\WINDOWS\Cache
2007-04-11 23:20 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2007-04-11 23:20 765,952 -ra------ C:\WINDOWS\system\crlds3d.dll
2007-04-11 23:20 720,896 -ra------ C:\WINDOWS\system32\Audio3D.dll
2007-04-11 23:20 720,896 -ra------ C:\WINDOWS\system32\a3d.dll
2007-04-11 23:20 696,284 -ra------ C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2007-04-11 23:20 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2007-04-11 23:20 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-04-11 23:20 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2007-04-11 23:20 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2007-04-11 23:20 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2007-04-11 23:20 47,104 --------- C:\WINDOWS\SOUNDMAN.EXE
2007-04-11 23:20 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2007-04-11 23:20 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2007-04-11 23:20 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2007-04-11 23:20 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2007-04-11 23:18 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2007-04-11 23:18 6,021 -ra------ C:\WINDOWS\system32\IntelCci.dll
2007-04-11 23:18 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2007-04-11 23:18 451,433 -ra------ C:\WINDOWS\system32\drivers\IntelC52.sys
2007-04-11 23:18 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2007-04-11 23:18 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-04-11 23:18 33,374 -ra------ C:\WINDOWS\system32\drivers\IntelC53.sys
2007-04-11 23:18 2,200,866 -ra------ C:\WINDOWS\system32\drivers\IntelC51.sys
2007-04-11 23:18 16,128 --a------ C:\WINDOWS\system32\drivers\MODEMCSA.sys
2007-04-11 23:18 <DIR> d-------- C:\Program Files\Opera
2007-04-11 23:18 <DIR> d-------- C:\DOCUME~1\Jack\DANEAP~1\Opera
2007-04-11 23:16 86,016 -ra------ C:\WINDOWS\system32\nvwrszht.dll
2007-04-11 23:16 86,016 -ra------ C:\WINDOWS\system32\nvwrszhc.dll
2007-04-11 23:16 831,557 --------- C:\WINDOWS\system32\nview.dll
2007-04-11 23:16 77,824 --a------ C:\WINDOWS\system32\PRISMIOC.dll
2007-04-11 23:16 65,536 --a------ C:\WINDOWS\system32\PRISMRES.dll
2007-04-11 23:16 65,536 --------- C:\WINDOWS\system32\nvsvc32.exe
2007-04-11 23:16 594,432 --a------ C:\WINDOWS\system32\drivers\PRISMNDS.sys
2007-04-11 23:16 590,336 --a------ C:\WINDOWS\system32\drivers\PRISMUSB.sys
2007-04-11 23:16 512,000 -ra------ C:\WINDOWS\system32\nviewimg.dll
2007-04-11 23:16 49,152 -ra------ C:\WINDOWS\system32\nvmctray.dll
2007-04-11 23:16 462,919 --------- C:\WINDOWS\system32\nvshell.dll
2007-04-11 23:16 4,595,712 -ra------ C:\WINDOWS\system32\nvcpl.dll
2007-04-11 23:16 323,584 -ra------ C:\WINDOWS\system32\nwiz.exe
2007-04-11 23:16 3,653,632 -ra------ C:\WINDOWS\system32\nvoglnt.dll
2007-04-11 23:16 3,383,296 -ra------ C:\WINDOWS\system32\nvrsja.dll
2007-04-11 23:16 3,383,296 -ra------ C:\WINDOWS\system32\nvrshe.dll
2007-04-11 23:16 3,379,200 -ra------ C:\WINDOWS\system32\nvrsko.dll
2007-04-11 23:16 262,144 -ra------ C:\WINDOWS\system32\nvrsit.dll
2007-04-11 23:16 262,144 -ra------ C:\WINDOWS\system32\nvrsfr.dll
2007-04-11 23:16 262,144 -ra------ C:\WINDOWS\system32\nvrsde.dll
2007-04-11 23:16 258,048 -ra------ C:\WINDOWS\system32\nvrsru.dll
2007-04-11 23:16 258,048 -ra------ C:\WINDOWS\system32\nvrsnl.dll
2007-04-11 23:16 253,952 -ra------ C:\WINDOWS\system32\nvrstr.dll
2007-04-11 23:16 253,952 -ra------ C:\WINDOWS\system32\nvrssv.dll
2007-04-11 23:16 253,952 -ra------ C:\WINDOWS\system32\nvrseng.dll
2007-04-11 23:16 249,856 -ra------ C:\WINDOWS\system32\nvrses.dll
2007-04-11 23:16 237,568 -ra------ C:\WINDOWS\system32\nvrspl.dll
2007-04-11 23:16 237,568 -ra------ C:\WINDOWS\system32\nvrshu.dll
2007-04-11 23:16 214,016 --a------ C:\WINDOWS\system32\PRISMSTA.exe
2007-04-11 23:16 212,992 -ra------ C:\WINDOWS\system32\nvrszht.dll
2007-04-11 23:16 212,992 -ra------ C:\WINDOWS\system32\nvrszhc.dll
2007-04-11 23:16 2,951,306 --------- C:\WINDOWS\system32\nv4_disp.dll
2007-04-11 23:16 176,128 -ra------ C:\WINDOWS\system32\nvwrsru.dll
2007-04-11 23:16 176,128 -ra------ C:\WINDOWS\system32\nvwrses.dll
2007-04-11 23:16 176,128 -ra------ C:\WINDOWS\system32\nvwrsde.dll
2007-04-11 23:16 172,032 -ra------ C:\WINDOWS\system32\nvwrsit.dll
2007-04-11 23:16 172,032 -ra------ C:\WINDOWS\system32\nvwrsfr.dll
2007-04-11 23:16 167,936 -ra------ C:\WINDOWS\system32\nvwrsnl.dll
2007-04-11 23:16 167,936 -ra------ C:\WINDOWS\system32\nvwrshu.dll
2007-04-11 23:16 163,840 -ra------ C:\WINDOWS\system32\nvwrstr.dll
2007-04-11 23:16 163,840 --------- C:\WINDOWS\system32\nvwrspl.dll
2007-04-11 23:16 159,744 -ra------ C:\WINDOWS\system32\nvwrssv.dll
2007-04-11 23:16 147,456 -ra------ C:\WINDOWS\system32\nvwrseng.dll
2007-04-11 23:16 139,264 -ra------ C:\WINDOWS\system32\nvwrshe.dll
2007-04-11 23:16 126,976 -ra------ C:\WINDOWS\system32\nvinstnt.dll
2007-04-11 23:16 106,496 -ra------ C:\WINDOWS\system32\nvwrsja.dll
2007-04-11 23:16 102,400 -ra------ C:\WINDOWS\system32\nvwrsko.dll
2007-04-11 23:16 1,323,008 -ra------ C:\WINDOWS\system32\dmcpl.exe
2007-04-11 23:16 1,248,794 -ra------ C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-04-11 23:16 <DIR> d-------- C:\WINDOWS\nview
2007-04-11 23:05 <DIR> d-------- C:\Program Files\Gadu-Gadu
2007-04-11 23:05 <DIR> d-------- C:\DOCUME~1\Jack\Gadu-Gadu
2007-04-11 23:01 <DIR> dr-h----- C:\DOCUME~1\Jack\Dane aplikacji
2007-04-11 23:01 <DIR> dr------- C:\DOCUME~1\Jack\Ulubione
2007-04-11 23:01 <DIR> dr------- C:\DOCUME~1\Jack\Moje dokumenty
2007-04-11 23:01 <DIR> dr------- C:\DOCUME~1\Jack\Menu Start
2007-04-11 23:01 <DIR> d--h----- C:\DOCUME~1\Jack\Ustawienia lokalne
2007-04-11 23:01 <DIR> d--h----- C:\DOCUME~1\Jack\Szablony
2007-04-11 23:01 <DIR> d-------- C:\DOCUME~1\Jack\Pulpit
2007-04-11 22:59 233,472 --a------ C:\DOCUME~1\NETWOR~1\NTUSER.DAT
2007-04-11 22:59 233,472 --a------ C:\DOCUME~1\LOCALS~1\NTUSER.DAT
2007-04-11 22:59 <DIR> d--hs---- C:\System Volume Information
2007-04-11 22:59 <DIR> d--h----- C:\DOCUME~1\NETWOR~1\Ustawienia lokalne
2007-04-11 22:59 <DIR> d--h----- C:\DOCUME~1\LOCALS~1\Ustawienia lokalne
2007-04-11 22:59 <DIR> d-------- C:\WINDOWS\SoftwareDistribution
2007-04-11 22:59 <DIR> d-------- C:\WINDOWS\Prefetch
2007-04-11 22:59 <DIR> d-------- C:\DOCUME~1\NETWOR~1\Dane aplikacji
2007-04-11 22:59 <DIR> d-------- C:\DOCUME~1\LOCALS~1\Dane aplikacji
2007-04-11 22:53 <DIR> d-------- C:\WINDOWS\system32\xircom
2007-04-11 22:53 <DIR> d-------- C:\Program Files\microsoft frontpage
2007-04-11 22:52 233,472 ---h----- C:\DOCUME~1\DEFAUL~1\NTUSER.DAT
2007-04-11 22:52 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
2007-04-11 22:52 0 -rahs---- C:\MSDOS.SYS
2007-04-11 22:52 0 -rahs---- C:\IO.SYS
2007-04-11 22:52 0 --a------ C:\CONFIG.SYS
2007-04-11 22:52 0 --a------ C:\AUTOEXEC.BAT
2007-04-11 22:51 <DIR> d--hs---- C:\DOCUME~1\ALLUSE~1\DRM
2007-04-11 22:50 11,264 --a------ C:\WINDOWS\system32\atrace.dll
2007-04-11 22:50 <DIR> dr------- C:\WINDOWS\Offline Web Pages
2007-04-11 22:50 <DIR> d--h----- C:\Program Files\WindowsUpdate
2007-04-11 22:50 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files
2007-04-11 22:50 <DIR> d-------- C:\WINDOWS\system32\DirectX
2007-04-11 22:50 <DIR> d-------- C:\Program Files\Us�ugi online
2007-04-11 22:49 86,016 --a------ C:\WINDOWS\system32\isign32.dll
2007-04-11 22:49 81,920 --a------ C:\WINDOWS\system32\ils.dll
2007-04-11 22:49 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2007-04-11 22:49 73,728 --a------ C:\WINDOWS\system32\icwdial.dll
2007-04-11 22:49 73,472 --a------ C:\WINDOWS\system32\drivers\sr.sys
2007-04-11 22:49 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2007-04-11 22:49 69,632 --a------ C:\WINDOWS\system32\msconf.dll
2007-04-11 22:49 679,424 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-04-11 22:49 67,584 --a------ C:\WINDOWS\system32\srclient.dll
2007-04-11 22:49 67,584 --a------ C:\WINDOWS\system32\acctres.dll
2007-04-11 22:49 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll
2007-04-11 22:49 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll
2007-04-11 22:49 49,664 --a------ C:\WINDOWS\system32\inetres.dll
2007-04-11 22:49 466,200 --a------ C:\WINDOWS\system32\wuapi.dll
2007-04-11 22:49 45,568 --a------ C:\WINDOWS\system32\safrslv.dll
2007-04-11 22:49 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2007-04-11 22:49 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll
2007-04-11 22:49 41,240 --a------ C:\WINDOWS\system32\wups.dll
2007-04-11 22:49 382,464 --a------ C:\WINDOWS\system32\qmgr.dll
2007-04-11 22:49 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll
2007-04-11 22:49 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2007-04-11 22:49 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2007-04-11 22:49 29,696 --a------ C:\WINDOWS\system32\safrdm.dll
2007-04-11 22:49 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2007-04-11 22:49 278,528 --a------ C:\WINDOWS\system32\mstask.dll
2007-04-11 22:49 278,528 --a------ C:\WINDOWS\system32\inetcfg.dll
2007-04-11 22:49 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll
2007-04-11 22:49 240,128 --a------ C:\WINDOWS\system32\srrstr.dll
2007-04-11 22:49 23,040 --a------ C:\WINDOWS\system32\fltMc.exe
2007-04-11 22:49 195,352 --a------ C:\WINDOWS\system32\wuaueng1.dll
2007-04-11 22:49 192,000 --a------ C:\WINDOWS\system32\schedsvc.dll
2007-04-11 22:49 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2007-04-11 22:49 175,384 --a------ C:\WINDOWS\system32\wuauclt1.exe
2007-04-11 22:49 173,536 --a------ C:\WINDOWS\system32\wuweb.dll
2007-04-11 22:49 171,008 --a------ C:\WINDOWS\system32\srsvc.dll
2007-04-11 22:49 16,896 --a------ C:\WINDOWS\system32\fltlib.dll
2007-04-11 22:49 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2007-04-11 22:49 128,896 --a------ C:\WINDOWS\system32\drivers\fltMgr.sys
2007-04-11 22:49 128,280 --a------ C:\WINDOWS\system32\wucltui.dll
2007-04-11 22:49 125,208 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-04-11 22:49 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2007-04-11 22:49 12,288 --a------ C:\WINDOWS\system32\mstinit.exe
2007-04-11 22:49 105,984 --a------ C:\WINDOWS\system32\msoert2.dll
2007-04-11 22:49 1,343,768 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-04-11 22:49 <DIR> d---s---- C:\WINDOWS\Tasks
2007-04-11 22:49 <DIR> d-------- C:\WINDOWS\system32\Restore
2007-04-11 22:49 <DIR> d-------- C:\WINDOWS\system32\Macromed
2007-04-11 22:49 <DIR> d-------- C:\WINDOWS\srchasst
2007-04-11 22:49 <DIR> d-------- C:\Program Files\Movie Maker
2007-04-11 22:49 <DIR> d-------- C:\Program Files\Common Files\MSSoap
2007-04-11 22:48 21,856 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-04-11 22:48 <DIR> d-------- C:\WINDOWS\Registration
2007-04-11 22:47 97,792 --a------ C:\WINDOWS\system32\comrepl.dll
2007-04-11 22:47 956,416 --a------ C:\WINDOWS\system32\msdtctm.dll
2007-04-11 22:47 94,720 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2007-04-11 22:47 91,136 --a------ C:\WINDOWS\system32\mtxoci.dll
2007-04-11 22:47 9,728 --a------ C:\WINDOWS\system32\reset.exe
2007-04-11 22:47 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2007-04-11 22:47 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2007-04-11 22:47 80,896 --a------ C:\WINDOWS\system32\charmap.exe
2007-04-11 22:47 73,216 --a------ C:\WINDOWS\system32\avwav.dll
2007-04-11 22:47 67,072 --a------ C:\WINDOWS\system32\rdshost.exe
2007-04-11 22:47 655,360 --a------ C:\WINDOWS\system32\mstscax.dll
2007-04-11 22:47 625,152 --a------ C:\WINDOWS\system32\catsrvut.dll
2007-04-11 22:47 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe
2007-04-11 22:47 605,696 --a------ C:\WINDOWS\system32\getuname.dll
2007-04-11 22:47 60,928 --a------ C:\WINDOWS\system32\remotepg.dll
2007-04-11 22:47 60,416 --a------ C:\WINDOWS\system32\colbact.dll
2007-04-11 22:47 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2007-04-11 22:47 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll
2007-04-11 22:47 58,880 --a------ C:\WINDOWS\system32\licwmi.dll
2007-04-11 22:47 57,344 --a------ C:\WINDOWS\system32\sol.exe
2007-04-11 22:47 56,320 --a------ C:\WINDOWS\system32\servdeps.dll
2007-04-11 22:47 55,808 --a------ C:\WINDOWS\system32\freecell.exe
2007-04-11 22:47 540,160 --a------ C:\WINDOWS\system32\comuid.dll
2007-04-11 22:47 54,272 --a------ C:\WINDOWS\system32\stclient.dll
2007-04-11 22:47 539,136 --a------ C:\WINDOWS\system32\spider.exe
2007-04-11 22:47 5,632 --a------ C:\WINDOWS\system32\write.exe
2007-04-11 22:47 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2007-04-11 22:47 498,688 --a------ C:\WINDOWS\system32\clbcatq.dll
2007-04-11 22:47 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2007-04-11 22:47 44,544 --a------ C:\WINDOWS\system32\hticons.dll
2007-04-11 22:47 426,496 --a------ C:\WINDOWS\system32\msdtcprx.dll
2007-04-11 22:47 408,576 --a------ C:\WINDOWS\system32\mstsc.exe
2007-04-11 22:47 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2007-04-11 22:47 4,608 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2007-04-11 22:47 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
2007-04-11 22:47 38,912 --a------ C:\WINDOWS\system32\cfgbkend.dll
2007-04-11 22:47 351,744 --a------ C:\WINDOWS\system32\hypertrm.dll
2007-04-11 22:47 35,328 --a------ C:\WINDOWS\system32\winchat.exe
2007-04-11 22:47 345,088 --a------ C:\WINDOWS\system32\mspaint.exe
2007-04-11 22:47 33,792 --a------ C:\WINDOWS\system32\regini.exe
2007-04-11 22:47 296,448 --a------ C:\WINDOWS\system32\termsrv.dll
2007-04-11 22:47 25,600 --a------ C:\WINDOWS\system32\comaddin.dll
2007-04-11 22:47 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2007-04-11 22:47 231,424 --a------ C:\WINDOWS\system32\avtapi.dll
2007-04-11 22:47 225,792 --a------ C:\WINDOWS\system32\catsrv.dll
2007-04-11 22:47 22,528 --a------ C:\WINDOWS\system32\qwinsta.exe
2007-04-11 22:47 22,528 --a------ C:\WINDOWS\system32\msg.exe
2007-04-11 22:47 21,896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2007-04-11 22:47 20,992 --a------ C:\WINDOWS\system32\qprocess.exe
2007-04-11 22:47 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
2007-04-11 22:47 196,864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2007-04-11 22:47 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2007-04-11 22:47 187,904 --a------ C:\WINDOWS\system32\cmprops.dll
2007-04-11 22:47 187,904 --a------ C:\WINDOWS\system32\accwiz.exe
2007-04-11 22:47 17,920 --a------ C:\WINDOWS\system32\tsshutdn.exe
2007-04-11 22:47 17,920 --a------ C:\WINDOWS\system32\mmfutil.dll
2007-04-11 22:47 17,408 --a------ C:\WINDOWS\system32\qappsrv.exe
2007-04-11 22:47 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2007-04-11 22:47 16,384 --a------ C:\WINDOWS\system32\tskill.exe
2007-04-11 22:47 16,384 --a------ C:\WINDOWS\system32\rwinsta.exe
2007-04-11 22:47 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
2007-04-11 22:47 15,872 --a------ C:\WINDOWS\system32\logoff.exe
2007-04-11 22:47 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll
2007-04-11 22:47 15,360 --a------ C:\WINDOWS\system32\tsdiscon.exe
2007-04-11 22:47 15,360 --a------ C:\WINDOWS\system32\tscon.exe
2007-04-11 22:47 15,360 --a------ C:\WINDOWS\system32\shadow.exe
2007-04-11 22:47 147,968 --a------ C:\WINDOWS\system32\rdchost.dll
2007-04-11 22:47 147,456 --a------ C:\WINDOWS\system32\comsnap.dll
2007-04-11 22:47 141,824 --a------ C:\WINDOWS\system32\sessmgr.exe
2007-04-11 22:47 139,528 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2007-04-11 22:47 139,264 --a------ C:\WINDOWS\system32\sndvol32.exe
2007-04-11 22:47 132,608 --a------ C:\WINDOWS\system32\sndrec32.exe
2007-04-11 22:47 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2007-04-11 22:47 128,000 --a------ C:\WINDOWS\system32\mshearts.exe
2007-04-11 22:47 124,928 --a------ C:\WINDOWS\system32\mplay32.exe
2007-04-11 22:47 12,040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2007-04-11 22:47 119,808 --a------ C:\WINDOWS\system32\winmine.exe
2007-04-11 22:47 115,200 --a------ C:\WINDOWS\system32\calc.exe
2007-04-11 22:47 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll
2007-04-11 22:47 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll
2007-04-11 22:47 11,264 --a------ C:\WINDOWS\system32\icaapi.dll
2007-04-11 22:47 103,424 --a------ C:\WINDOWS\system32\clipbrd.exe
2007-04-11 22:47 1,267,200 --a------ C:\WINDOWS\system32\comsvcs.dll
2007-04-11 22:47 1,225 --a------ C:\WINDOWS\system32\usrlogon.cmd
2007-04-11 22:47 <DIR> d-------- C:\WINDOWS\system32\MsDtc
2007-04-11 22:47 <DIR> d-------- C:\WINDOWS\system32\Com
2007-04-11 22:47 <DIR> d-------- C:\Program Files\Windows NT
2007-04-11 22:47 <DIR> d-------- C:\Program Files\MSN Gaming Zone
2007-04-11 22:47 <DIR> d-------- C:\Program Files\Messenger
2007-04-11 22:43 58,624 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-04-11 22:43 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-04-11 22:42 87,424 --a------ C:\WINDOWS\system32\drivers\irda.sys
2007-04-11 22:42 8,192 --a------ C:\WINDOWS\system32\wshirda.dll
2007-04-11 22:42 77,312 --a------ C:\WINDOWS\system32\usbui.dll
2007-04-11 22:42 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys
2007-04-11 22:42 46,464 --a------ C:\WINDOWS\system32\drivers\GAGP30KX.SYS
2007-04-11 22:42 39,424 --a------ C:\WINDOWS\system32\drivers\smcirda.sys
2007-04-11 22:42 32,256 -ra------ C:\WINDOWS\system32\drivers\sisnic.sys
2007-04-11 22:42 27,648 --a------ C:\WINDOWS\system32\irmon.dll
2007-04-11 22:42 19,584 --a------ C:\WINDOWS\system32\drivers\rasirda.sys
2007-04-11 22:42 153,088 --a------ C:\WINDOWS\system32\irftp.exe
2007-04-11 22:41 9,344 --a------ C:\WINDOWS\system32\drivers\compbatt.sys
2007-04-11 22:41 14,080 --a------ C:\WINDOWS\system32\drivers\CmBatt.sys
2007-04-11 22:41 14,080 --a------ C:\WINDOWS\system32\drivers\battc.sys
2007-04-11 22:40 9,936 --a------ C:\WINDOWS\system\LZEXPAND.DLL
2007-04-11 22:40 9,168 --a------ C:\WINDOWS\system\VER.DLL
2007-04-11 22:40 85,532 --a------ C:\WINDOWS\system32\dgsetup.dll
2007-04-11 22:40 83,456 --a------ C:\WINDOWS\system\OLECLI.DLL
2007-04-11 22:40 8,704 --a------ C:\WINDOWS\system32\batt.dll
2007-04-11 22:40 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2007-04-11 22:40 75,776 --a------ C:\WINDOWS\system32\storprop.dll
2007-04-11 22:40 70,144 --a------ C:\WINDOWS\NOTEPAD.EXE
2007-04-11 22:40 70,096 --a------ C:\WINDOWS\system\AVICAP.DLL
2007-04-11 22:40 7,168 --a------ C:\WINDOWS\system32\kbdcz.dll
2007-04-11 22:40 69,552 --a------ C:\WINDOWS\system\MMSYSTEM.DLL
2007-04-11 22:40 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2007-04-11 22:40 6,656 --a------ C:\WINDOWS\system32\kbdycl.dll
2007-04-11 22:40 6,656 --a------ C:\WINDOWS\system32\kbdsl1.dll
2007-04-11 22:40 6,656 --a------ C:\WINDOWS\system32\kbdsl.dll
2007-04-11 22:40 6,656 --a------ C:\WINDOWS\system32\kbdhu.dll
2007-04-11 22:40 6,656 --a------ C:\WINDOWS\system32\kbdcz2.dll
2007-04-11 22:40 6,656 --a------ C:\WINDOWS\system32\kbdcz1.dll
2007-04-11 22:40 6,656 --a------ C:\WINDOWS\system32\kbdcr.dll
2007-04-11 22:40 6,656 --a------ C:\WINDOWS\system32\KBDAL.DLL
2007-04-11 22:40 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2007-04-11 22:40 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2007-04-11 22:40 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2007-04-11 22:40 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2007-04-11 22:40 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2007-04-11 22:40 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2007-04-11 22:40 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll
2007-04-11 22:40 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2007-04-11 22:40 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
2007-04-11 22:40 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2007-04-11 22:40 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2007-04-11 22:40 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2007-04-11 22:40 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2007-04-11 22:40 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2007-04-11 22:40 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2007-04-11 22:40 5,632 --a------ C:\WINDOWS\system32\kbdro.dll
2007-04-11 22:40 5,632 --a------ C:\WINDOWS\system32\kbdhu1.dll
2007-04-11 22:40 5,120 --a------ C:\WINDOWS\system\SHELL.DLL
2007-04-11 22:40 33,376 --a------ C:\WINDOWS\system\COMMDLG.DLL
2007-04-11 22:40 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-04-11 22:40 24,064 --a------ C:\WINDOWS\system\OLESVR.DLL
2007-04-11 22:40 19,200 --a------ C:\WINDOWS\system\TAPI.DLL
2007-04-11 22:40 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2007-04-11 22:40 15,360 --a------ C:\WINDOWS\TASKMAN.EXE
2007-04-11 22:40 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2007-04-11 22:40 127,008 --a------ C:\WINDOWS\system\MSVIDEO.DLL
2007-04-11 22:40 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2007-04-11 22:40 109,488 --a------ C:\WINDOWS\system\AVIFILE.DLL
2007-04-11 22:40 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll
2007-04-11 22:40 <DIR> dr------- C:\Program Files
2007-04-11 22:40 <DIR> d--hs---- C:\WINDOWS\Installer
2007-04-11 22:40 <DIR> d-------- C:\Program Files\Common Files\SpeechEngines
2007-04-11 22:40 <DIR> d-------- C:\Program Files\Common Files\ODBC
2007-04-11 22:39 <DIR> dr-h----- C:\DOCUME~1\DEFAUL~1\Ustawienia lokalne
2007-04-11 22:39 <DIR> dr-h----- C:\DOCUME~1\DEFAUL~1\Dane aplikacji
2007-04-11 22:39 <DIR> dr-h----- C:\DOCUME~1\ALLUSE~1\Dane aplikacji
2007-04-11 22:39 <DIR> dr------- C:\DOCUME~1\DEFAUL~1\Menu Start
2007-04-11 22:39 <DIR> dr------- C:\DOCUME~1\ALLUSE~1\Menu Start
2007-04-11 22:39 <DIR> dr------- C:\DOCUME~1\ALLUSE~1\Dokumenty
2007-04-11 22:39 <DIR> d--h----- C:\DOCUME~1\DEFAUL~1\Szablony
2007-04-11 22:39 <DIR> d--h----- C:\DOCUME~1\ALLUSE~1\Szablony
2007-04-11 22:39 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2007-04-11 22:39 <DIR> d-------- C:\WINDOWS\system32\CatRoot
2007-04-11 22:39 <DIR> d-------- C:\Documents and Settings
2007-04-11 22:39 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\Ulubione
2007-04-11 22:39 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\Pulpit
2007-04-11 22:39 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\Moje dokumenty
2007-04-11 22:39 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Ulubione
2007-04-11 22:39 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Pulpit
2007-04-11 22:31 <DIR> dr-hs---- C:\WINDOWS\system32\dllcache
2007-04-11 22:31 <DIR> dr--s---- C:\WINDOWS\Fonts
2007-04-11 22:31 <DIR> dr------- C:\WINDOWS\Web
2007-04-11 22:31 <DIR> d-a------ C:\WINDOWS
2007-04-11 22:31 <DIR> d--h----- C:\WINDOWS\inf
2007-04-11 22:31 <DIR> d-------- C:\WINDOWS\WinSxS
2007-04-11 22:31 <DIR> d-------- C:\WINDOWS\twain_32
2007-04-11 22:31 <DIR> d-------- C:\WINDOWS\system32\wins
2007-04-11 22:31 <DIR> d-------- C:\WINDOWS\system32\wbem
2007-04-11 22:31 <DIR> d-------- C:\WINDOWS\system32\usmt
2007-04-11 22:31 <DIR> d-------- C:\WINDOWS\system32\spool
2007-04-11 22:31 <DIR> d-------- C:\WINDOWS\system32\ShellExt
2007-04-11 22:31 <DIR> d-------- C:\WINDOWS\system32\Setup
2007-04-11 22:31 <DIR> d-------- C:\WINDOWS\system32\ras
2007-04-11 22:31 <DIR> d-------- C:\WINDOWS\system32\oobe
2007-04-11 22:31 <DIR> d-------- C:\WINDOWS\system32\npp
2007-04-11 22:31 <DIR> d-------- C:\WINDOWS\system32\mui
2007-04-11 22:31 <DIR> d-------- C:\WINDOWS\system32\inetsrv
2007-04-11 22:31 <DIR> d-------- C:\WINDOWS\system32\IME
2007-04-11 22:31 <DIR> d-------- C:\WINDOWS\system32\icsxml
2007-04-11 22:31 <DIR> d-------- C:\WINDOWS\system32\ias
2007-04-11 22:31 <DIR> d-------- C:\WINDOWS\system32\export
2007-04-11 22:31 <DIR> d-------- C:\WINDOWS\system32\drivers\etc
2007-04-11 22:31 <DIR> d-------- C:\WINDOWS\system32\drivers\disdn
2007-04-11 22:31 <DIR> d-------- C:\WINDOWS\system32\drivers
2007-04-11 22:31 <DIR> d-------- C:\WINDOWS\system32\dhcp
2007-04-11 22:31 <DIR> d-------- C:\WINDOWS\system32\config
2007-04-11 22:31 <DIR> d-------- C:\WINDOWS\system32\3com_dmi
2007-04-11 22:31 <DIR> d-------- C:\WINDOWS\system32\3076
2007-04-11 22:31 <DIR> d-------- C:\WINDOWS\system32\2052
2007-04-11 22:31 <DIR> d-------- C:\WINDOWS\system32\1054
2007-04-11 22:31 <DIR> d-------- C:\WINDOWS\system32\1045
2007-04-11 22:31 <DIR> d-------- C:\WINDOWS\system32\1042
2007-04-11 22:31 <DIR> d-------- C:\WINDOWS\system32\1041
2007-04-11 22:31 <DIR> d-------- C:\WINDOWS\system32\1037
2007-04-11 22:31 <DIR> d-------- C:\WINDOWS\system32\1033
2007-04-11 22:31 <DIR> d-------- C:\WINDOWS\system32\1031
2007-04-11 22:31 <DIR> d-------- C:\WINDOWS\system32\1028
2007-04-11 22:31 <DIR> d-------- C:\WINDOWS\system32\1025
2007-04-11 22:31 <DIR> d-------- C:\WINDOWS\system32
2007-04-11 22:31 <DIR> d-------- C:\WINDOWS\system
2007-04-11 22:31 <DIR> d-------- C:\WINDOWS\security
2007-04-11 22:31 <DIR> d-------- C:\WINDOWS\Resources
2007-04-11 22:31 <DIR> d-------- C:\WINDOWS\repair
2007-04-11 22:31 <DIR> d-------- C:\WINDOWS\Provisioning
2007-04-11 22:31 <DIR> d-------- C:\WINDOWS\PeerNet
2007-04-11 22:31 <DIR> d-------- C:\WINDOWS\pchealth
2007-04-11 22:31 <DIR> d-------- C:\WINDOWS\mui
2007-04-11 22:31 <DIR> d-------- C:\WINDOWS\msagent
2007-04-11 22:31 <DIR> d-------- C:\WINDOWS\Media
2007-04-11 22:31 <DIR> d-------- C:\WINDOWS\ime
2007-04-11 22:31 <DIR> d-------- C:\WINDOWS\Help
2007-04-11 22:31 <DIR> d-------- C:\WINDOWS\ehome
2007-04-11 22:31 <DIR> d-------- C:\WINDOWS\Driver Cache
2007-04-11 22:31 <DIR> d-------- C:\WINDOWS\Debug
2007-04-11 22:31 <DIR> d-------- C:\WINDOWS\Cursors
2007-04-11 22:31 <DIR> d-------- C:\WINDOWS\Connection Wizard
2007-04-11 22:31 <DIR> d-------- C:\WINDOWS\Config
2007-04-11 22:31 <DIR> d-------- C:\WINDOWS\AppPatch
2007-04-11 22:31 <DIR> d-------- C:\WINDOWS\addins
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-04-14 08:37 521292 --a------ C:\WINDOWS\system32\perfh015.dat
2007-04-14 08:37 104646 --a------ C:\WINDOWS\system32\perfc015.dat
2007-04-11 22:50 -------- d-------- C:\Program Files\us�ugi online
2007-04-11 22:40 62 --ahs---- C:\DOCUME~1\Jack\DANEAP~1\desktop.ini
2007-03-17 15:45 293376 --a------ C:\WINDOWS\system32\winsrv.dll
2007-03-08 17:38 579072 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 17:38 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 17:38 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 17:37 1843840 --a------ C:\WINDOWS\system32\win32k.sys
2007-02-05 22:19 185856 --a------ C:\WINDOWS\system32\upnphost.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Gadu-Gadu"="\"C:\\Program Files\\Gadu-Gadu\\gg.exe\" /tray"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\
Security Packages REG_MULTI_SZ kerberosmsv1_0schannelwdigest\
Notification Packages REG_MULTI_SZ scecli\
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Gamma Loader.lnk]
"path"="C:\\Documents and Settings\\All Users\\Menu Start\\Programy\\Autostart\\Adobe Gamma Loader.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Gamma Loader.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
"item"="Adobe Gamma Loader"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Jack^Menu Start^Programy^Autostart^EzMail.lnk]
"path"="C:\\Documents and Settings\\Jack\\Menu Start\\Programy\\Autostart\\EzMail.lnk"
"backup"="C:\\WINDOWS\\pss\\EzMail.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\EZMAIL~1.0\\EzMail.exe "
"item"="EzMail"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Jack^Menu Start^Programy^Autostart^Rejestrowanie produktów Corela.lnk]
"path"="C:\\Documents and Settings\\Jack\\Menu Start\\Programy\\Autostart\\Rejestrowanie produktów Corela.lnk"
"backup"="C:\\WINDOWS\\pss\\Rejestrowanie produktów Corela.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\Corel\\GRAPHI~1\\Register\\Remind32.exe "
"item"="Rejestrowanie produktów Corela"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\ctfmon.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Disk Monitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Disk_Monitor"
"hkey"="HKLM"
"command"="C:\\Program Files\\Generic\\USB Card Reader Driver v1.9\\Disk_Monitor.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
"key"="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows"
"item"="watch"
"hkey"="HKCU"
"command"="C:\\YDPDict\\watch.exe"
"inimapping"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXSUPMON]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LXSUPMON"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\LXSUPMON.EXE RUN"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvCpl"
"hkey"="HKLM"
"command"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIEW]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="rundll32"
"hkey"="HKCU"
"command"="rundll32.exe nview.dll,nViewLoadHook"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nwiz"
"hkey"="HKLM"
"command"="nwiz.exe /install"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerManagement]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PwrGui"
"hkey"="HKLM"
"command"="C:\\Program Files\\Power Management\\PwrGui.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRISMSTA.EXE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PRISMSTA"
"hkey"="HKLM"
"command"="PRISMSTA.EXE START"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SOUNDMAN"
"hkey"="HKLM"
"command"="SOUNDMAN.EXE"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SynTPEnh"
"hkey"="HKLM"
"command"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SynTPLpr"
"hkey"="HKLM"
"command"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="winampa"
"hkey"="HKLM"
"command"="C:\\Program Files\\Winamp\\winampa.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WZCSVC"=dword:00000002
"wscsvc"=dword:00000002
"stisvc"=dword:00000003
"ose"=dword:00000003
"NVSvc"=dword:00000002
"LexBceS"=dword:00000002
"Gupta SQLBase Server12"=dword:00000002
"Gupta SQLBase Resource Manager Server12"=dword:00000002
"MSSQLServerOLAPService"=dword:00000002
"MSSQLSERVER"=dword:00000002
"msftesql"=dword:00000002
"MsDtsServer"=dword:00000002
"InterBaseServer"=dword:00000003
"InterBaseGuardian"=dword:00000002
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\
LocalService REG_MULTI_SZ AlerterWebClientLmHostsRemoteRegistryupnphostSSDPSRV\
NetworkService REG_MULTI_SZ DnsCache\
DcomLaunch REG_MULTI_SZ DcomLaunchTermService\
rpcss REG_MULTI_SZ RpcSs\
imgsvc REG_MULTI_SZ StiSvc\
termsvcs REG_MULTI_SZ TermService\
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_HTTPFILTER
********************************************************************
catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-04 23:44:00
Windows 5.1.2600 Dodatek Service Pack 2 FAT
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
********************************************************************
Completion time: 07-05-04 23:44:08
C:\ComboFix-quarantined-files.txt ... 07-05-04 23:44
#75
Bambo
-
-
- 6 postów
Obserwator
Napisano 09 05 2007 - 10:30
Panowie moglibyście sprawdzić mi logi może coś mam a nawet o tym nie wiem 
widzę że kogoś uraziłem "Panowie i Panie" już dobrze wiem że mam tą godzille całą ale szukam gdzieś po PL instrukcji
Logfile of HijackThis v1.99.1
Scan saved at 10:20:39, on 2007-05-09
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Agnitum\Outpost Firewall\outpost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\KuBa MaCieJeWski\Pulpit\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = nofollow
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Hacked by Godzilla
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll (file missing)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Outpost Firewall] C:\Program Files\Agnitum\Outpost Firewall\outpost.exe /waitservice
O4 - HKLM\..\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Firewall\feedback.exe /dump:os_startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - nofollow
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\Program Files\Agnitum\Outpost Firewall\outpost.exe
widzę że kogoś uraziłem "Panowie i Panie" już dobrze
wiem że mam tą godzille całą ale szukam gdzieś po PL instrukcji // Maciej13 - Na przyszłość zakładaj własne tematy.
#76
Armstrong
-
-
- 71 postów
Początkujący
Napisano 09 05 2007 - 14:31
Bambo, zafixuj w hijacku wpis:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Hacked by Godzilla
#78
Maciej13
-
-
- 261 postów
SecurityMaster
Napisano 09 05 2007 - 16:35
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll (file missing)Fix w Hjt.
Pokaż log z Silent Runners.
#79
Bambo
-
-
- 6 postów
Obserwator
Napisano 10 05 2007 - 21:07
Logfile of HijackThis v1.99.1
Scan saved at 21:07:02, on 2007-05-10
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Agnitum\Outpost Firewall\outpost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Winamp\Winamp.exe
C:\Documents and Settings\KuBa MaCieJeWski\Pulpit\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll (file missing)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Outpost Firewall] C:\Program Files\Agnitum\Outpost Firewall\outpost.exe /waitservice
O4 - HKLM\..\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Firewall\feedback.exe /dump:os_startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virussca...can_unicode.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\Program Files\Agnitum\Outpost Firewall\outpost.exe
#80
Armstrong
-
-
- 71 postów
Początkujący
Napisano 10 05 2007 - 21:10
W hijacku fix checked:
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll (file missing)
Użytkownicy przeglądający ten temat: 0
0 użytkowników, 0 gości, 0 anonimowych
