Przestarzałe tematy dotyczące sprawdzania logów
#61
Napisano 18 04 2007 - 21:53
#62
Napisano 18 04 2007 - 23:31
"Silent Runners.vbs", revision R50, [url=http://www.silentrunners.org/]http://www.silentrunners.org/[/url] Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS] "nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"] "NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS] "Logitech Utility" = "Logi_MwX.Exe" ["Logitech Inc."] "SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"" ["Sun Microsystems, Inc."] "KernelFaultCheck" = "C:\WINDOWS\system32\dumprep 0 -k" "NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"] "nod32kui" = ""C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE" ["Eset "] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "AcroIEHlprObj Class" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {37B85A21-692B-4205-9CAD-2626E4993404}\(Default) = "My Global Search Bar BHO" -> {HKLM...CLSID} = "My Global Search Bar BHO" \InProcServer32\(Default) = "C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL" [file not found] {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}\(Default) = "BitComet ClickCapture" -> {HKLM...CLSID} = "BitComet Helper" \InProcServer32\(Default) = "D:\torrent\BitComet\tools\BitCometBHO.dll" [null data] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = "SSVHelper Class" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll" ["Sun Microsystems, Inc."] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension" -> {HKLM...CLSID} = "Display Panning CPL Extension" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."] "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class" -> {HKLM...CLSID} = "DesktopContext Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper" -> {HKLM...CLSID} = "NVIDIA CPL Extension" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}" = "UnlockerShellExtension" -> {HKLM...CLSID} = "UnlockerShellExtension" \InProcServer32\(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data] "{51131DA7-1D24-40e5-AE07-5E3750F5DE3C}" = "ContextMenuExt Extension" -> {HKLM...CLSID} = "ContextMenuExt Extension" \InProcServer32\(Default) = "C:\WINDOWS\system32\CopyToSendTo.dll" [null data] "{3028902F-6374-48b2-8DC6-9725E775B926}" = "IE Microsoft AutoComplete" -> {HKLM...CLSID} = "IE Microsoft AutoComplete" \InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS] "{EFA24E62-B078-11d0-89E4-00C04FC9E26E}" = "History Band" -> {HKLM...CLSID} = "History Band" \InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS] "{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler" -> {HKLM...CLSID} = "Microsoft Office Outlook" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~1\OFFICE11\MLSHEXT.DLL" [MS] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Outlook File Icon Extension" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~1\OFFICE11\OLKFSTUB.DLL" [MS] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS] "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer" -> {HKLM...CLSID} = "Desktop Explorer" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu" -> {HKLM...CLSID} = "nView Desktop Context Menu" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{B089FE88-FB52-11D3-BDF1-0050DA34150D}" = "NOD32 Context Menu Shell Extension" -> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ "WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" -> {HKLM...CLSID} = "WPDShServiceObj Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS] HKLM\Software\Classes\PROTOCOLS\Filter\ <<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ CopyMoveTo\(Default) = "{51131DA7-1D24-40e5-AE07-5E3750F5DE3C}" -> {HKLM...CLSID} = "ContextMenuExt Extension" \InProcServer32\(Default) = "C:\WINDOWS\system32\CopyToSendTo.dll" [null data] NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}" -> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data] UnlockerShellExtension\(Default) = "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}" -> {HKLM...CLSID} = "UnlockerShellExtension" \InProcServer32\(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ CopyMoveTo\(Default) = "{51131DA7-1D24-40e5-AE07-5E3750F5DE3C}" -> {HKLM...CLSID} = "ContextMenuExt Extension" \InProcServer32\(Default) = "C:\WINDOWS\system32\CopyToSendTo.dll" [null data] UnlockerShellExtension\(Default) = "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}" -> {HKLM...CLSID} = "UnlockerShellExtension" \InProcServer32\(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ CopyMoveTo\(Default) = "{51131DA7-1D24-40e5-AE07-5E3750F5DE3C}" -> {HKLM...CLSID} = "ContextMenuExt Extension" \InProcServer32\(Default) = "C:\WINDOWS\system32\CopyToSendTo.dll" [null data] NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}" -> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data] UnlockerShellExtension\(Default) = "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}" -> {HKLM...CLSID} = "UnlockerShellExtension" \InProcServer32\(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ "NoInternetIcon" = (REG_DWORD) hex:0x00000000 {User Configuration|Administrative Templates|Desktop| Hide Internet Explorer icon on desktop} "ClearRecentDocsOnExit" = (REG_DWORD) hex:0x00000001 {unrecognized setting} "NoLowDiskSpaceChecks" = (REG_DWORD) hex:0x00000001 {unrecognized setting} "NoSaveSettings" = (REG_DWORD) hex:0x00000000 {User Configuration|Administrative Templates|Desktop| Don't save settings at exit} HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ "NoRemoteRecursiveEvents" = (REG_DWORD) hex:0x00000001 {unrecognized setting} HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ "shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp" Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Documents and Settings\Wazka\Local Settings\Application Data\Microsoft\Wallpaper1.bmp" Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ "SCRNSAVE.EXE" = "C:\WINDOWS\system32\logon.scr" [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: C:\WINDOWS\system32\imon.dll ["Eset "], 01 - 05, 11 %SystemRoot%\system32\mswsock.dll [MS], 06 - 08, 12 - 19 %SystemRoot%\system32\rsvpsp.dll [MS], 09 - 10 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{37B85A29-692B-4205-9CAD-2626E4993404}" -> {HKLM...CLSID} = "My Global Search Bar" \InProcServer32\(Default) = "C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL" [file not found] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ "{37B85A29-692B-4205-9CAD-2626E4993404}" = (no title provided) -> {HKLM...CLSID} = "My Global Search Bar" \InProcServer32\(Default) = "C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL" [file not found] Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Research" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL" [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ "MenuText" = "Sun Java Console" "CLSIDExtension" = "{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}" -> {HKCU...CLSID} = "Java Plug-in 1.5.0_11" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll" ["Sun Microsystems, Inc."] -> {HKLM...CLSID} = "Java Plug-in 1.5.0_11" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll" ["Sun Microsystems, Inc."] {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ "ButtonText" = "Research" Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ NOD32 Kernel Service, NOD32krn, ""C:\Program Files\Eset\nod32krn.exe"" ["Eset "] NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ BJ Language Monitor\Driver = "cnbjmon.dll" [file not found] PJL Language Monitor\Driver = "pjlmon.dll" [file not found] ---------- <<!>>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer "No" at the first message box and "Yes" at the second message box. ---------- (total run time: 26 seconds, including 3 seconds for message boxes)
#63
Napisano 19 04 2007 - 21:56
Windows Registry Editor Version 5.00 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{37B85A29-692B-4205-9CAD-2626E4993404}"=- [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar] "{37B85A29-692B-4205-9CAD-2626E4993404}"=- [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{37B85A21-692B-4205-9CAD-2626E4993404}]
Plik => Zapisz jako => Zmień rozszerzenie z .txt na Wszystkie pliki => Następnie zapisz pod nazwą FIX.REG
Uruchom utworzony plik FIX.REG, a później potwierdź dodanie do Rejestru i zresetuj komputer.
Nowy log z Silent Runners oraz L2MFix z opcji 1.
#64
Napisano 20 04 2007 - 10:50
"Silent Runners.vbs", revision R50, [url=http://www.silentrunners.org/]http://www.silentrunners.org/[/url] Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS] "nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"] "NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS] "Logitech Utility" = "Logi_MwX.Exe" ["Logitech Inc."] "SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"" ["Sun Microsystems, Inc."] "KernelFaultCheck" = "C:\WINDOWS\system32\dumprep 0 -k" "NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"] "nod32kui" = ""C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE" ["Eset "] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "AcroIEHlprObj Class" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}\(Default) = "BitComet ClickCapture" -> {HKLM...CLSID} = "BitComet Helper" \InProcServer32\(Default) = "D:\torrent\BitComet\tools\BitCometBHO.dll" [null data] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = "SSVHelper Class" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll" ["Sun Microsystems, Inc."] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension" -> {HKLM...CLSID} = "Display Panning CPL Extension" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."] "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class" -> {HKLM...CLSID} = "DesktopContext Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper" -> {HKLM...CLSID} = "NVIDIA CPL Extension" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
L2MFIX find log 051206 These are the registry keys present ********************************************************************************** Winlogon/notify: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 "Logoff"="ChainWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Logoff"="CryptnetWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] "DLLName"="cscdll.dll" "Logon"="WinlogonLogonEvent" "Logoff"="WinlogonLogoffEvent" "ScreenSaver"="WinlogonScreenSaverEvent" "Startup"="WinlogonStartupEvent" "Shutdown"="WinlogonShutdownEvent" "StartShell"="WinlogonStartShellEvent" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] "DLLName"="wlnotify.dll" "Logon"="SCardStartCertProp" "Logoff"="SCardStopCertProp" "Lock"="SCardSuspendCertProp" "Unlock"="SCardResumeCertProp" "Enabled"=dword:00000001 "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "StartShell"="SchedStartShell" "Logoff"="SchedEventLogOff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] "Logoff"="WLEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] "DLLName"="WlNotify.dll" "Lock"="SensLockEvent" "Logon"="SensLogonEvent" "Logoff"="SensLogoffEvent" "Safe"=dword:00000001 "MaxWait"=dword:00000258 "StartScreenSaver"="SensStartScreenSaverEvent" "StopScreenSaver"="SensStopScreenSaverEvent" "Startup"="SensStartupEvent" "Shutdown"="SensShutdownEvent" "StartShell"="SensStartShellEvent" "PostShell"="SensPostShellEvent" "Disconnect"="SensDisconnectEvent" "Reconnect"="SensReconnectEvent" "Unlock"="SensUnlockEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "Logoff"="TSEventLogoff" "Logon"="TSEventLogon" "PostShell"="TSEventPostShell" "Shutdown"="TSEventShutdown" "StartShell"="TSEventStartShell" "Startup"="TSEventStartup" "MaxWait"=dword:00000258 "Reconnect"="TSEventReconnect" "Disconnect"="TSEventDisconnect" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] "DLLName"="wlnotify.dll" "Logon"="RegisterTicketExpiredNotificationEvent" "Logoff"="UnregisterTicketExpiredNotificationEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 ********************************************************************************** useragent: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] "SV1"="" ********************************************************************************** Shell Extension key: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] "{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet" "{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management" "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page" "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page" "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing" "{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension" "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension" "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension" "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension" "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page" "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page" "{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler" "{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension" "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects" "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management" "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management" "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression" "{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension" "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI" "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu" "{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext" "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts" "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile" "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page" "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing" "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension" "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension" "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension" "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections" "{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections" "{A70C977A-BF00-412C-90B7-034C51DA2439}"="NvCpl DesktopContext Class" "{FFB699E0-306A-11d3-8BD1-00104B6F7516}"="Play on my TV helper" "{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras" "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras" "{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras" "{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras" "{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras" "{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension" "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension" "{afc638f0-e8a4-11ce-9ade-00aa00a42d2e}"="MST TrueType File Properties" "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}"="UnlockerShellExtension" "{51131DA7-1D24-40e5-AE07-5E3750F5DE3C}"="ContextMenuExt Extension" "{21569614-B795-46b1-85F4-E737A8DC09AD}"="Shell Search Band" "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host" "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link" "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler" "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension" "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks" "{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults" "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension" "{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu" "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search" "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support" "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support" "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..." "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet" "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail" "{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts" "{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools" "{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page" "{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions" "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler" "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler" "{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler" "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler" "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler" "{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor" "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar" "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status" "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder" "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2" "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy" "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand" "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search" "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility" "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address" "{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox" "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Shell Microsoft AutoComplete" "{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List" "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List" "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible" "{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar" "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List" "{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List" "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container" "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu" "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp" "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar" "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite" "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist" "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings" "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="IE Search Band" "{3028902F-6374-48b2-8DC6-9725E775B926}"="IE Microsoft AutoComplete" "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search" "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor" "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band" "{EFA24E62-B078-11d0-89E4-00C04FC9E26E}"="History Band" "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service" "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture" "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC" "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC" "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer" "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut" "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service" "{FF393560-C2A7-11CF-BFF4-444553540000}"="History" "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook" "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen" "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook" "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet" "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band" "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space" "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder" "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck" "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr" "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder" "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler" "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent" "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent" "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent" "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent" "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent" "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler" "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager" "{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator" "{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher" "{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs" "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory" "{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}"="Autoplay for SlideShow" "{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor" "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)" "{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor" "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler" "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard" "{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web" "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object" "{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard" "{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts" "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File" "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut" "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object" "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu" "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties" "{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder" "{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview" "{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext" "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control" "{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control" "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control" "{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control" "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control" "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI" "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object" "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find" "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find" "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI" "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs" "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook" "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target" "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties" "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu" "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options" "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder" "{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler" "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell" "{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%" "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler" "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer" "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Burn Audio CD Context Menu Handler" "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Play as Playlist Context Menu Handler" "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler" "{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders" "{00020D75-0000-0000-C000-000000000046}"="Microsoft Office Outlook Desktop Icon Handler" "{0006F045-0000-0000-C000-000000000046}"="Microsoft Office Outlook Custom Icon Handler" "{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler" "{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer" "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu" "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}"="nView Desktop Context Menu" "{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler" "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target" "{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices" "{35786D3C-B075-49b9-88DD-029876E11C01}"="Portable Devices" "{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8}"="Portable Devices Menu" "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"="NOD32 Context Menu Shell Extension" ********************************************************************************** HKEY ROOT CLASSIDS: ********************************************************************************** Files Found are not all bad files: C:\WINDOWS\SYSTEM32\ bitcom~1.dll Fri 2007-03-02 14:14:02 A.... 2 560 2,50 K divx.dll Thu 2007-02-01 6:56:06 A.... 639 066 624,09 K dpl100.dll Tue 2007-01-30 6:56:58 A.... 73 728 72,00 K dtu100.dll Tue 2007-01-30 6:56:58 A.... 196 608 192,00 K ff_vfw.dll Wed 2007-02-21 22:00:28 A.... 10 752 10,50 K imon.dll Tue 2007-04-10 11:03:00 A.... 298 104 291,12 K libdivx.dll Tue 2007-01-30 7:03:28 A.... 1 044 480 1020,00 K qt-dx331.dll Tue 2007-01-30 7:03:42 A.... 3 596 288 3,43 M skaner~1.dll Mon 2007-01-22 13:00:36 A.... 719 088 702,23 K ssldivx.dll Tue 2007-01-30 7:03:28 A.... 200 704 196,00 K 10 items found: 10 files, 0 directories. Total of file sizes: 6 781 378 bytes 6,46 M Locate .tmp files: No matches found. ********************************************************************************** Directory Listing of system files: Volume in drive C has no label. Volume Serial Number is 7476-044A Directory of C:\WINDOWS\System32 2007-03-02 13:16 <DIR> Microsoft 0 File(s) 0 bytes 1 Dir(s) 3˙969˙765˙376 bytes free zrobilem tak jak podales...
Pozdrawiam
#65
Napisano 20 04 2007 - 16:41
#66
Napisano 20 04 2007 - 17:40
"Silent Runners.vbs", revision R50, [url=http://www.silentrunners.org/]http://www.silentrunners.org/[/url] Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS] "nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"] "NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS] "Logitech Utility" = "Logi_MwX.Exe" ["Logitech Inc."] "SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"" ["Sun Microsystems, Inc."] "KernelFaultCheck" = "C:\WINDOWS\system32\dumprep 0 -k" "NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"] "nod32kui" = ""C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE" ["Eset "] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "AcroIEHlprObj Class" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}\(Default) = "BitComet ClickCapture" -> {HKLM...CLSID} = "BitComet Helper" \InProcServer32\(Default) = "D:\torrent\BitComet\tools\BitCometBHO.dll" [null data] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = "SSVHelper Class" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll" ["Sun Microsystems, Inc."] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension" -> {HKLM...CLSID} = "Display Panning CPL Extension" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."] "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class" -> {HKLM...CLSID} = "DesktopContext Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper" -> {HKLM...CLSID} = "NVIDIA CPL Extension" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}" = "UnlockerShellExtension" -> {HKLM...CLSID} = "UnlockerShellExtension" \InProcServer32\(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data] "{51131DA7-1D24-40e5-AE07-5E3750F5DE3C}" = "ContextMenuExt Extension" -> {HKLM...CLSID} = "ContextMenuExt Extension" \InProcServer32\(Default) = "C:\WINDOWS\system32\CopyToSendTo.dll" [null data] "{3028902F-6374-48b2-8DC6-9725E775B926}" = "IE Microsoft AutoComplete" -> {HKLM...CLSID} = "IE Microsoft AutoComplete" \InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS] "{EFA24E62-B078-11d0-89E4-00C04FC9E26E}" = "History Band" -> {HKLM...CLSID} = "History Band" \InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS] "{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler" -> {HKLM...CLSID} = "Microsoft Office Outlook" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~1\OFFICE11\MLSHEXT.DLL" [MS] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Outlook File Icon Extension" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~1\OFFICE11\OLKFSTUB.DLL" [MS] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS] "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer" -> {HKLM...CLSID} = "Desktop Explorer" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu" -> {HKLM...CLSID} = "nView Desktop Context Menu" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{B089FE88-FB52-11D3-BDF1-0050DA34150D}" = "NOD32 Context Menu Shell Extension" -> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ "WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" -> {HKLM...CLSID} = "WPDShServiceObj Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS] HKLM\Software\Classes\PROTOCOLS\Filter\ <<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ CopyMoveTo\(Default) = "{51131DA7-1D24-40e5-AE07-5E3750F5DE3C}" -> {HKLM...CLSID} = "ContextMenuExt Extension" \InProcServer32\(Default) = "C:\WINDOWS\system32\CopyToSendTo.dll" [null data] NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}" -> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data] UnlockerShellExtension\(Default) = "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}" -> {HKLM...CLSID} = "UnlockerShellExtension" \InProcServer32\(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ CopyMoveTo\(Default) = "{51131DA7-1D24-40e5-AE07-5E3750F5DE3C}" -> {HKLM...CLSID} = "ContextMenuExt Extension" \InProcServer32\(Default) = "C:\WINDOWS\system32\CopyToSendTo.dll" [null data] UnlockerShellExtension\(Default) = "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}" -> {HKLM...CLSID} = "UnlockerShellExtension" \InProcServer32\(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ CopyMoveTo\(Default) = "{51131DA7-1D24-40e5-AE07-5E3750F5DE3C}" -> {HKLM...CLSID} = "ContextMenuExt Extension" \InProcServer32\(Default) = "C:\WINDOWS\system32\CopyToSendTo.dll" [null data] NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}" -> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data] UnlockerShellExtension\(Default) = "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}" -> {HKLM...CLSID} = "UnlockerShellExtension" \InProcServer32\(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ "NoInternetIcon" = (REG_DWORD) hex:0x00000000 {User Configuration|Administrative Templates|Desktop| Hide Internet Explorer icon on desktop} "ClearRecentDocsOnExit" = (REG_DWORD) hex:0x00000001 {unrecognized setting} "NoLowDiskSpaceChecks" = (REG_DWORD) hex:0x00000001 {unrecognized setting} "NoSaveSettings" = (REG_DWORD) hex:0x00000000 {User Configuration|Administrative Templates|Desktop| Don't save settings at exit} HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ "NoRemoteRecursiveEvents" = (REG_DWORD) hex:0x00000001 {unrecognized setting} HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ "shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp" Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Documents and Settings\Wazka\Local Settings\Application Data\Microsoft\Wallpaper1.bmp" Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ "SCRNSAVE.EXE" = "C:\WINDOWS\system32\logon.scr" [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: C:\WINDOWS\system32\imon.dll ["Eset "], 01 - 05, 11 %SystemRoot%\system32\mswsock.dll [MS], 06 - 08, 12 - 19 %SystemRoot%\system32\rsvpsp.dll [MS], 09 - 10 Toolbars, Explorer Bars, Extensions: ------------------------------------ Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Research" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL" [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ "MenuText" = "Sun Java Console" "CLSIDExtension" = "{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}" -> {HKLM...CLSID} = "Java Plug-in 1.6.0_01" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll" ["Sun Microsystems, Inc."] {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ "ButtonText" = "Research" Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ NOD32 Kernel Service, NOD32krn, ""C:\Program Files\Eset\nod32krn.exe"" ["Eset "] NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ BJ Language Monitor\Driver = "cnbjmon.dll" [file not found] PJL Language Monitor\Driver = "pjlmon.dll" [file not found] ---------- <<!>>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer "No" at the first message box and "Yes" at the second message box. ---------- (total run time: 38 seconds, including 17 seconds for message boxes)
#67
Napisano 28 04 2007 - 00:03
mój log z hijacka:
Logfile of HijackThis v1.99.1 Scan saved at 00:02:27, on 2007-04-28 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\WINDOWS\system32\oodag.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\Program Files\Java\jre1.6.0\bin\jusched.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\Program Files\Opera\Opera.exe C:\Program Files\Gadu-Gadu\gg.exe C:\WINDOWS\system32\rserver30\FamItrfc.Exe F:\pilot\hijackthis_199\HijackThis.exe C:\WINDOWS\system32\taskmgr.exe C:\WINDOWS\system32\msiexec.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul1.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul1.dll O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O3 - Toolbar: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul1.dll O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe" O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\PROGRA~1\Office\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\Office\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{B7EF1ECB-0F19-4C29-BB57-01ED7EE086EF}: NameServer = 194.204.152.34 217.98.63.164 O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing) O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
#68
Napisano 28 04 2007 - 10:56
Z gg już tak czasem jest, najlepiej zmień komunikator na jakiś inny, np. AQQ.najczęściej przez kasperskyego i gg (jak gg może zżerać 85% CPU ?)
#69
Napisano 02 05 2007 - 21:04
Log czysty.
Błąd.
A to:
O3 - Toolbar: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul1.dll O2 - BHO: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul1.dll
?
@kalaxe - Odinstaluj Multi_Media z Panelu Sterowania.
Po pracy nowy log + Silent Runners.
#70
Napisano 02 05 2007 - 21:29
#71
Napisano 02 05 2007 - 23:01
#72
Napisano 04 05 2007 - 14:52
co to te silent runners i jak je włączyć ?
Silent Runners => Opis!
A możesz powiedzieć co w tym złego? biggrin.gif
Niemniej jednak podchodzi to pod spyware. Bardzo często występuje także z infekcją Lop, więc tez możliwe że on ściąga to Adware. Usuwany nie tylko przeze mnie.
#73
Napisano 04 05 2007 - 23:55
Po przedstawieniu mojego problemu z internetem:
/index.php?showtopic=7380
skierowano mnie do tegoz dzialu abym przedstawil logi z programow hijack, combofix
Takze bylbym bardzo wdzieczny za pomoc w przeanaluzwaniu logow i ew. pomoc w naprawie bledu.
Z gory dziekuje
Log z HIJACK:
Logfile of HijackThis v1.99.1
Scan saved at 23:45:21, on 2007-05-04
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Opera\Opera.exe
C:\WINDOWS\System32\svchost.exe
K:\sciagniete\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{486F2E23-1CC2-4AA7-8231-858E072AF9F4}: NameServer = 192.168.0.1,192.168.0.2
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: SQL Server Agent (MSSQLSERVER) (SQLSERVERAGENT) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE" -i MSSQLSERVER (file missing)
Log z COMBOFIX:
"Jack" - 07-05-04 23:40:54 Dodatek Service Pack 2
ComboFix 07-04-25.4V - Running from: "C:\Documents and Settings\Jack\Pulpit\"
((((((((((((((((((((((((((((((( Files Created from 2007-04-04 to 2007-05-04 ))))))))))))))))))))))))))))))))))
2007-05-04 08:25 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-05-04 08:21 <DIR> d-------- C:\Program Files\Microsoft Bootvis
2007-05-03 18:13 <DIR> d-------- C:\DOCUME~1\Jack\DANEAP~1\pdf995
2007-05-03 18:07 51,716 --a------ C:\WINDOWS\system32\pdf995mon.dll
2007-05-03 18:07 122,880 --a------ C:\WINDOWS\system32\pdfmona.dll
2007-05-03 18:07 <DIR> d-------- C:\Program Files\pdf995
2007-05-03 18:07 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\pdf995
2007-05-02 21:03 <DIR> d-------- C:\WINDOWS\system32\appmgmt
2007-05-01 17:26 3,543,040 --a------ C:\DOCUME~1\Jack\ntuser.dat
2007-04-30 21:53 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-04-30 21:53 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-04-30 21:53 <DIR> d-------- C:\Program Files\Xvid
2007-04-30 10:07 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Windows Genuine Advantage
2007-04-29 13:16 <DIR> d-------- C:\DOCUME~1\Jack\DANEAP~1\Help
2007-04-28 16:20 <DIR> d--hs---- C:\FOUND.001
2007-04-28 10:16 <DIR> d--hs---- C:\FOUND.000
2007-04-27 22:57 <DIR> d-------- C:\Gadu-Gadu(2)
2007-04-27 20:33 <DIR> d-------- C:\Gadu-Gadu
2007-04-23 22:39 <DIR> d-------- C:\Program Files\Valve
2007-04-22 14:37 <DIR> d-------- C:\Program Files\Gupta
2007-04-22 13:07 <DIR> d-------- C:\Program Files\SpeedFan
2007-04-22 12:48 2,869 --a------ C:\WINDOWS\system32\Power.sys
2007-04-18 18:34 <DIR> d-------- C:\Program Files\Cartall
2007-04-18 18:05 <DIR> d-------- C:\DOCUME~1\Jack\DANEAP~1\Corel
2007-04-18 13:22 <DIR> d---s---- C:\DOCUME~1\Jack\UserData
2007-04-14 17:34 <DIR> d-------- C:\WINDOWS\pss
2007-04-14 08:38 262,144 --a------ C:\DOCUME~1\ALLUSE~1\ntuser.dat
2007-04-13 22:12 <DIR> d-------- C:\Program Files\DC++
2007-04-13 16:43 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-04-13 16:43 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-04-13 16:43 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2007-04-13 16:31 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-04-13 16:30 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2007-04-13 16:30 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-04-12 21:59 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2007-04-12 21:59 <DIR> d-------- C:\Program Files\Common Files\Merge Modules
2007-04-12 21:48 <DIR> d-------- C:\Program Files\SQLXML 4.0
2007-04-12 21:45 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Microsoft Help
2007-04-12 21:42 <DIR> d-------- C:\Program Files\Microsoft Analysis Services
2007-04-12 21:41 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-04-12 21:16 <DIR> d-------- C:\Program Files\Microsoft SQL Server
2007-04-12 15:39 36,528 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-04-12 15:39 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-04-12 15:39 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-04-12 15:39 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2007-04-12 15:39 115,880 --------- C:\WINDOWS\system32\pxinsi64.exe
2007-04-12 15:38 <DIR> d-------- C:\WINDOWS\RegisteredPackages
2007-04-12 15:35 <DIR> d-------- C:\Program Files\Winamp
2007-04-12 15:13 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-04-12 14:41 376,832 --a------ C:\WINDOWS\system32\gds32.dll
2007-04-12 14:41 28,672 --a------ C:\WINDOWS\system32\ibxml.dll
2007-04-12 14:41 177,152 --a------ C:\WINDOWS\system32\ibinstall.dll
2007-04-12 14:36 <DIR> d-------- C:\Inprise
2007-04-12 14:25 <DIR> d-------- C:\Program Files\Common Files\Borland Shared
2007-04-12 14:25 <DIR> d-------- C:\Program Files\Borland
2007-04-12 08:37 <DIR> d--hs---- C:\Recycled
2007-04-12 08:35 298,496 --a------ C:\WINDOWS\unin0415.exe
2007-04-12 08:28 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-04-12 08:09 995,056 --a------ C:\WINDOWS\system\MSAJT200.DLL
2007-04-12 08:09 92,576 --a------ C:\WINDOWS\system\ODBCINST.DLL
2007-04-12 08:09 88,896 --a------ C:\WINDOWS\system\ODBCCURS.DLL
2007-04-12 08:09 64,080 --a------ C:\WINDOWS\system\ODBCTL16.DLL
2007-04-12 08:09 6,464 --a------ C:\WINDOWS\ODBCADM.EXE
2007-04-12 08:09 57,328 --a------ C:\WINDOWS\system\OLE2CONV.DLL
2007-04-12 08:09 56,240 --a------ C:\WINDOWS\system\ODBC.DLL
2007-04-12 08:09 51,712 --a------ C:\WINDOWS\system\OLE2PROX.DLL
2007-04-12 08:09 322,384 --a------ C:\WINDOWS\system\MFC250.DLL
2007-04-12 08:09 302,592 --a------ C:\WINDOWS\system\OLE2.DLL
2007-04-12 08:09 298,880 --a------ C:\WINDOWS\system\VBAR2.DLL
2007-04-12 08:09 27,632 --a------ C:\WINDOWS\system\CTL3DV2.DLL
2007-04-12 08:09 27,026 --a------ C:\WINDOWS\system\OLE2.REG
2007-04-12 08:09 246,928 --a------ C:\WINDOWS\system\ODBCJT16.DLL
2007-04-12 08:09 177,216 --a------ C:\WINDOWS\system\TYPELIB.DLL
2007-04-12 08:09 164,832 --a------ C:\WINDOWS\system\OLE2DISP.DLL
2007-04-12 08:09 157,696 --a------ C:\WINDOWS\system\STORAGE.DLL
2007-04-12 08:09 150,976 --a------ C:\WINDOWS\system\OLE2NLS.DLL
2007-04-12 08:09 15,936 --a------ C:\WINDOWS\system\MSJETINT.DLL
2007-04-12 08:09 146,976 --a------ C:\WINDOWS\system\MFCOLEUI.DLL
2007-04-12 08:09 125,856 --a------ C:\WINDOWS\system\MFCO250.DLL
2007-04-12 08:09 11,232 --a------ C:\WINDOWS\system\MSJETERR.DLL
2007-04-12 08:09 108,544 --a------ C:\WINDOWS\system\COMPOBJ.DLL
2007-04-12 08:09 10,304 --a------ C:\WINDOWS\system\MSCPXLT.DLL
2007-04-12 08:09 1,984 --a------ C:\WINDOWS\system\VBAJET.DLL
2007-04-12 08:09 <DIR> d-------- C:\YDPDICT
2007-04-12 08:08 271,248 --a------ C:\WINDOWS\ISUN16.EXE
2007-04-12 08:08 26,768 --a------ C:\WINDOWS\system\CTL3D.DLL
2007-04-12 00:07 607,744 --------- C:\WINDOWS\system32\Decslib.dll
2007-04-12 00:05 909,824 --------- C:\WINDOWS\system32\qd3d.dll
2007-04-12 00:05 70,656 --------- C:\WINDOWS\system32\3dviewer.dll
2007-04-12 00:05 553,984 --------- C:\WINDOWS\system32\rave.dll
2007-04-12 00:05 39,095 --------- C:\WINDOWS\iccsigs.dat
2007-04-12 00:05 112,688 --------- C:\WINDOWS\system32\shw32.dll
2007-04-12 00:04 245,760 --------- C:\WINDOWS\system32\Sccomp91.dll
2007-04-12 00:04 225,280 --------- C:\WINDOWS\system32\Scint91.dll
2007-04-12 00:04 168,448 --------- C:\WINDOWS\system32\Awrtl30.dll
2007-04-12 00:04 110,592 --------- C:\WINDOWS\system32\Sccres91.dll
2007-04-12 00:04 100,864 --------- C:\WINDOWS\system32\awpe.dll
2007-04-12 00:04 <DIR> d-------- C:\WINDOWS\Profiles
2007-04-12 00:04 <DIR> d-------- C:\Program Files\Corel
2007-04-12 00:03 <DIR> d-------- C:\WINDOWS\Corel
2007-04-12 00:02 95,872 --a------ C:\WINDOWS\system32\AVASTSS.scr
2007-04-12 00:02 94,552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-04-12 00:02 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-04-12 00:02 745,600 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-04-12 00:02 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-04-12 00:02 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-04-12 00:02 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2007-04-12 00:02 26,888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-04-12 00:02 23,416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-04-12 00:02 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2007-04-12 00:02 <DIR> d-------- C:\Program Files\Alwil Software
2007-04-11 23:52 253,952 --------- C:\WINDOWS\system32\mspdox35.dll
2007-04-11 23:52 169,984 --------- C:\WINDOWS\system32\msltus35.dll
2007-04-11 23:52 <DIR> d-------- C:\Program Files\ROUTE66
2007-04-11 23:45 5,504 --------- C:\WINDOWS\system32\drivers\imagedrv.sys
2007-04-11 23:45 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2007-04-11 23:45 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2007-04-11 23:45 38,912 --------- C:\WINDOWS\system32\picn20.dll
2007-04-11 23:45 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
2007-04-11 23:45 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2007-04-11 23:45 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2007-04-11 23:45 125,184 --------- C:\WINDOWS\system32\drivers\imagesrv.sys
2007-04-11 23:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2007-04-11 23:45 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2007-04-11 23:45 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-04-11 23:45 <DIR> d-------- C:\Program Files\Ahead
2007-04-11 23:44 86,016 --a------ C:\WINDOWS\unvise32.exe
2007-04-11 23:44 <DIR> d-------- C:\Program Files\DivX
2007-04-11 23:41 306,688 --a------ C:\WINDOWS\IsUninst.exe
2007-04-11 23:41 <DIR> d-------- C:\Program Files\Intersil Americas Inc
2007-04-11 23:40 77,824 -ra------ C:\WINDOWS\system32\SynTPCoI.dll
2007-04-11 23:40 73,728 -ra------ C:\WINDOWS\system32\SynCOM.dll
2007-04-11 23:40 65,536 -ra------ C:\WINDOWS\system32\SynTPFcs.dll
2007-04-11 23:40 266,768 -ra------ C:\WINDOWS\system32\drivers\SynTP.sys
2007-04-11 23:40 110,592 -ra------ C:\WINDOWS\system32\SynTPAPI.dll
2007-04-11 23:40 106,496 -ra------ C:\WINDOWS\system32\SynCtrl.dll
2007-04-11 23:40 <DIR> d-------- C:\Program Files\Synaptics
2007-04-11 23:39 9,472 -ra------ C:\WINDOWS\system32\drivers\sisperf.sys
2007-04-11 23:39 5,760 -ra------ C:\WINDOWS\system32\drivers\siside.sys
2007-04-11 23:39 48,896 -ra------ C:\WINDOWS\system32\drivers\sisidex.sys
2007-04-11 23:39 139,264 -ra------ C:\WINDOWS\system32\IDEproperty.dll
2007-04-11 23:39 <DIR> d-------- C:\Program Files\SiSLan
2007-04-11 23:38 327,168 --a------ C:\WINDOWS\IsUn0415.exe
2007-04-11 23:38 <DIR> d-------- C:\DOCUME~1\Jack\WINDOWS
2007-04-11 23:35 <DIR> d-------- C:\Program Files\Power Management
2007-04-11 23:34 <DIR> d-------- C:\WINDOWS\SMSC
2007-04-11 23:33 724,992 --a------ C:\WINDOWS\iun6002.exe
2007-04-11 23:33 69,632 --a------ C:\WINDOWS\system32\GkSui18.EXE
2007-04-11 23:33 <DIR> d-------- C:\Program Files\Generic
2007-04-11 23:33 <DIR> d-------- C:\Program Files\EzMail V2.0
2007-04-11 23:32 208,896 -ra------ C:\WINDOWS\alcupd.exe
2007-04-11 23:32 131,072 -ra------ C:\WINDOWS\alcrmv.exe
2007-04-11 23:32 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2007-04-11 23:32 <DIR> d-------- C:\WINDOWS\system32\ReinstallBackups
2007-04-11 23:32 <DIR> d-------- C:\Program Files\Realtek Sound Manager
2007-04-11 23:32 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2007-04-11 23:32 <DIR> d-------- C:\Program Files\AvRack
2007-04-11 23:31 545 --a------ C:\WINDOWS\UC.PIF
2007-04-11 23:31 545 --a------ C:\WINDOWS\RAR.PIF
2007-04-11 23:31 545 --a------ C:\WINDOWS\PKZIP.PIF
2007-04-11 23:31 545 --a------ C:\WINDOWS\PKUNZIP.PIF
2007-04-11 23:31 545 --a------ C:\WINDOWS\NOCLOSE.PIF
2007-04-11 23:31 545 --a------ C:\WINDOWS\LHA.PIF
2007-04-11 23:31 545 --a------ C:\WINDOWS\ARJ.PIF
2007-04-11 23:31 <DIR> d-------- C:\wincmd
2007-04-11 23:27 <DIR> d-------- C:\WINDOWS\Cache
2007-04-11 23:20 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2007-04-11 23:20 765,952 -ra------ C:\WINDOWS\system\crlds3d.dll
2007-04-11 23:20 720,896 -ra------ C:\WINDOWS\system32\Audio3D.dll
2007-04-11 23:20 720,896 -ra------ C:\WINDOWS\system32\a3d.dll
2007-04-11 23:20 696,284 -ra------ C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2007-04-11 23:20 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2007-04-11 23:20 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-04-11 23:20 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2007-04-11 23:20 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2007-04-11 23:20 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2007-04-11 23:20 47,104 --------- C:\WINDOWS\SOUNDMAN.EXE
2007-04-11 23:20 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2007-04-11 23:20 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2007-04-11 23:20 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2007-04-11 23:20 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2007-04-11 23:18 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2007-04-11 23:18 6,021 -ra------ C:\WINDOWS\system32\IntelCci.dll
2007-04-11 23:18 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2007-04-11 23:18 451,433 -ra------ C:\WINDOWS\system32\drivers\IntelC52.sys
2007-04-11 23:18 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2007-04-11 23:18 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-04-11 23:18 33,374 -ra------ C:\WINDOWS\system32\drivers\IntelC53.sys
2007-04-11 23:18 2,200,866 -ra------ C:\WINDOWS\system32\drivers\IntelC51.sys
2007-04-11 23:18 16,128 --a------ C:\WINDOWS\system32\drivers\MODEMCSA.sys
2007-04-11 23:18 <DIR> d-------- C:\Program Files\Opera
2007-04-11 23:18 <DIR> d-------- C:\DOCUME~1\Jack\DANEAP~1\Opera
2007-04-11 23:16 86,016 -ra------ C:\WINDOWS\system32\nvwrszht.dll
2007-04-11 23:16 86,016 -ra------ C:\WINDOWS\system32\nvwrszhc.dll
2007-04-11 23:16 831,557 --------- C:\WINDOWS\system32\nview.dll
2007-04-11 23:16 77,824 --a------ C:\WINDOWS\system32\PRISMIOC.dll
2007-04-11 23:16 65,536 --a------ C:\WINDOWS\system32\PRISMRES.dll
2007-04-11 23:16 65,536 --------- C:\WINDOWS\system32\nvsvc32.exe
2007-04-11 23:16 594,432 --a------ C:\WINDOWS\system32\drivers\PRISMNDS.sys
2007-04-11 23:16 590,336 --a------ C:\WINDOWS\system32\drivers\PRISMUSB.sys
2007-04-11 23:16 512,000 -ra------ C:\WINDOWS\system32\nviewimg.dll
2007-04-11 23:16 49,152 -ra------ C:\WINDOWS\system32\nvmctray.dll
2007-04-11 23:16 462,919 --------- C:\WINDOWS\system32\nvshell.dll
2007-04-11 23:16 4,595,712 -ra------ C:\WINDOWS\system32\nvcpl.dll
2007-04-11 23:16 323,584 -ra------ C:\WINDOWS\system32\nwiz.exe
2007-04-11 23:16 3,653,632 -ra------ C:\WINDOWS\system32\nvoglnt.dll
2007-04-11 23:16 3,383,296 -ra------ C:\WINDOWS\system32\nvrsja.dll
2007-04-11 23:16 3,383,296 -ra------ C:\WINDOWS\system32\nvrshe.dll
2007-04-11 23:16 3,379,200 -ra------ C:\WINDOWS\system32\nvrsko.dll
2007-04-11 23:16 262,144 -ra------ C:\WINDOWS\system32\nvrsit.dll
2007-04-11 23:16 262,144 -ra------ C:\WINDOWS\system32\nvrsfr.dll
2007-04-11 23:16 262,144 -ra------ C:\WINDOWS\system32\nvrsde.dll
2007-04-11 23:16 258,048 -ra------ C:\WINDOWS\system32\nvrsru.dll
2007-04-11 23:16 258,048 -ra------ C:\WINDOWS\system32\nvrsnl.dll
2007-04-11 23:16 253,952 -ra------ C:\WINDOWS\system32\nvrstr.dll
2007-04-11 23:16 253,952 -ra------ C:\WINDOWS\system32\nvrssv.dll
2007-04-11 23:16 253,952 -ra------ C:\WINDOWS\system32\nvrseng.dll
2007-04-11 23:16 249,856 -ra------ C:\WINDOWS\system32\nvrses.dll
2007-04-11 23:16 237,568 -ra------ C:\WINDOWS\system32\nvrspl.dll
2007-04-11 23:16 237,568 -ra------ C:\WINDOWS\system32\nvrshu.dll
2007-04-11 23:16 214,016 --a------ C:\WINDOWS\system32\PRISMSTA.exe
2007-04-11 23:16 212,992 -ra------ C:\WINDOWS\system32\nvrszht.dll
2007-04-11 23:16 212,992 -ra------ C:\WINDOWS\system32\nvrszhc.dll
2007-04-11 23:16 2,951,306 --------- C:\WINDOWS\system32\nv4_disp.dll
2007-04-11 23:16 176,128 -ra------ C:\WINDOWS\system32\nvwrsru.dll
2007-04-11 23:16 176,128 -ra------ C:\WINDOWS\system32\nvwrses.dll
2007-04-11 23:16 176,128 -ra------ C:\WINDOWS\system32\nvwrsde.dll
2007-04-11 23:16 172,032 -ra------ C:\WINDOWS\system32\nvwrsit.dll
2007-04-11 23:16 172,032 -ra------ C:\WINDOWS\system32\nvwrsfr.dll
2007-04-11 23:16 167,936 -ra------ C:\WINDOWS\system32\nvwrsnl.dll
2007-04-11 23:16 167,936 -ra------ C:\WINDOWS\system32\nvwrshu.dll
2007-04-11 23:16 163,840 -ra------ C:\WINDOWS\system32\nvwrstr.dll
2007-04-11 23:16 163,840 --------- C:\WINDOWS\system32\nvwrspl.dll
2007-04-11 23:16 159,744 -ra------ C:\WINDOWS\system32\nvwrssv.dll
2007-04-11 23:16 147,456 -ra------ C:\WINDOWS\system32\nvwrseng.dll
2007-04-11 23:16 139,264 -ra------ C:\WINDOWS\system32\nvwrshe.dll
2007-04-11 23:16 126,976 -ra------ C:\WINDOWS\system32\nvinstnt.dll
2007-04-11 23:16 106,496 -ra------ C:\WINDOWS\system32\nvwrsja.dll
2007-04-11 23:16 102,400 -ra------ C:\WINDOWS\system32\nvwrsko.dll
2007-04-11 23:16 1,323,008 -ra------ C:\WINDOWS\system32\dmcpl.exe
2007-04-11 23:16 1,248,794 -ra------ C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-04-11 23:16 <DIR> d-------- C:\WINDOWS\nview
2007-04-11 23:05 <DIR> d-------- C:\Program Files\Gadu-Gadu
2007-04-11 23:05 <DIR> d-------- C:\DOCUME~1\Jack\Gadu-Gadu
2007-04-11 23:01 <DIR> dr-h----- C:\DOCUME~1\Jack\Dane aplikacji
2007-04-11 23:01 <DIR> dr------- C:\DOCUME~1\Jack\Ulubione
2007-04-11 23:01 <DIR> dr------- C:\DOCUME~1\Jack\Moje dokumenty
2007-04-11 23:01 <DIR> dr------- C:\DOCUME~1\Jack\Menu Start
2007-04-11 23:01 <DIR> d--h----- C:\DOCUME~1\Jack\Ustawienia lokalne
2007-04-11 23:01 <DIR> d--h----- C:\DOCUME~1\Jack\Szablony
2007-04-11 23:01 <DIR> d-------- C:\DOCUME~1\Jack\Pulpit
2007-04-11 22:59 233,472 --a------ C:\DOCUME~1\NETWOR~1\NTUSER.DAT
2007-04-11 22:59 233,472 --a------ C:\DOCUME~1\LOCALS~1\NTUSER.DAT
2007-04-11 22:59 <DIR> d--hs---- C:\System Volume Information
2007-04-11 22:59 <DIR> d--h----- C:\DOCUME~1\NETWOR~1\Ustawienia lokalne
2007-04-11 22:59 <DIR> d--h----- C:\DOCUME~1\LOCALS~1\Ustawienia lokalne
2007-04-11 22:59 <DIR> d-------- C:\WINDOWS\SoftwareDistribution
2007-04-11 22:59 <DIR> d-------- C:\WINDOWS\Prefetch
2007-04-11 22:59 <DIR> d-------- C:\DOCUME~1\NETWOR~1\Dane aplikacji
2007-04-11 22:59 <DIR> d-------- C:\DOCUME~1\LOCALS~1\Dane aplikacji
2007-04-11 22:53 <DIR> d-------- C:\WINDOWS\system32\xircom
2007-04-11 22:53 <DIR> d-------- C:\Program Files\microsoft frontpage
2007-04-11 22:52 233,472 ---h----- C:\DOCUME~1\DEFAUL~1\NTUSER.DAT
2007-04-11 22:52 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
2007-04-11 22:52 0 -rahs---- C:\MSDOS.SYS
2007-04-11 22:52 0 -rahs---- C:\IO.SYS
2007-04-11 22:52 0 --a------ C:\CONFIG.SYS
2007-04-11 22:52 0 --a------ C:\AUTOEXEC.BAT
2007-04-11 22:51 <DIR> d--hs---- C:\DOCUME~1\ALLUSE~1\DRM
2007-04-11 22:50 11,264 --a------ C:\WINDOWS\system32\atrace.dll
2007-04-11 22:50 <DIR> dr------- C:\WINDOWS\Offline Web Pages
2007-04-11 22:50 <DIR> d--h----- C:\Program Files\WindowsUpdate
2007-04-11 22:50 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files
2007-04-11 22:50 <DIR> d-------- C:\WINDOWS\system32\DirectX
2007-04-11 22:50 <DIR> d-------- C:\Program Files\Us�ugi online
2007-04-11 22:49 86,016 --a------ C:\WINDOWS\system32\isign32.dll
2007-04-11 22:49 81,920 --a------ C:\WINDOWS\system32\ils.dll
2007-04-11 22:49 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2007-04-11 22:49 73,728 --a------ C:\WINDOWS\system32\icwdial.dll
2007-04-11 22:49 73,472 --a------ C:\WINDOWS\system32\drivers\sr.sys
2007-04-11 22:49 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2007-04-11 22:49 69,632 --a------ C:\WINDOWS\system32\msconf.dll
2007-04-11 22:49 679,424 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-04-11 22:49 67,584 --a------ C:\WINDOWS\system32\srclient.dll
2007-04-11 22:49 67,584 --a------ C:\WINDOWS\system32\acctres.dll
2007-04-11 22:49 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll
2007-04-11 22:49 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll
2007-04-11 22:49 49,664 --a------ C:\WINDOWS\system32\inetres.dll
2007-04-11 22:49 466,200 --a------ C:\WINDOWS\system32\wuapi.dll
2007-04-11 22:49 45,568 --a------ C:\WINDOWS\system32\safrslv.dll
2007-04-11 22:49 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2007-04-11 22:49 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll
2007-04-11 22:49 41,240 --a------ C:\WINDOWS\system32\wups.dll
2007-04-11 22:49 382,464 --a------ C:\WINDOWS\system32\qmgr.dll
2007-04-11 22:49 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll
2007-04-11 22:49 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2007-04-11 22:49 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2007-04-11 22:49 29,696 --a------ C:\WINDOWS\system32\safrdm.dll
2007-04-11 22:49 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2007-04-11 22:49 278,528 --a------ C:\WINDOWS\system32\mstask.dll
2007-04-11 22:49 278,528 --a------ C:\WINDOWS\system32\inetcfg.dll
2007-04-11 22:49 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll
2007-04-11 22:49 240,128 --a------ C:\WINDOWS\system32\srrstr.dll
2007-04-11 22:49 23,040 --a------ C:\WINDOWS\system32\fltMc.exe
2007-04-11 22:49 195,352 --a------ C:\WINDOWS\system32\wuaueng1.dll
2007-04-11 22:49 192,000 --a------ C:\WINDOWS\system32\schedsvc.dll
2007-04-11 22:49 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2007-04-11 22:49 175,384 --a------ C:\WINDOWS\system32\wuauclt1.exe
2007-04-11 22:49 173,536 --a------ C:\WINDOWS\system32\wuweb.dll
2007-04-11 22:49 171,008 --a------ C:\WINDOWS\system32\srsvc.dll
2007-04-11 22:49 16,896 --a------ C:\WINDOWS\system32\fltlib.dll
2007-04-11 22:49 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2007-04-11 22:49 128,896 --a------ C:\WINDOWS\system32\drivers\fltMgr.sys
2007-04-11 22:49 128,280 --a------ C:\WINDOWS\system32\wucltui.dll
2007-04-11 22:49 125,208 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-04-11 22:49 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2007-04-11 22:49 12,288 --a------ C:\WINDOWS\system32\mstinit.exe
2007-04-11 22:49 105,984 --a------ C:\WINDOWS\system32\msoert2.dll
2007-04-11 22:49 1,343,768 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-04-11 22:49 <DIR> d---s---- C:\WINDOWS\Tasks
2007-04-11 22:49 <DIR> d-------- C:\WINDOWS\system32\Restore
2007-04-11 22:49 <DIR> d-------- C:\WINDOWS\system32\Macromed
2007-04-11 22:49 <DIR> d-------- C:\WINDOWS\srchasst
2007-04-11 22:49 <DIR> d-------- C:\Program Files\Movie Maker
2007-04-11 22:49 <DIR> d-------- C:\Program Files\Common Files\MSSoap
2007-04-11 22:48 21,856 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-04-11 22:48 <DIR> d-------- C:\WINDOWS\Registration
2007-04-11 22:47 97,792 --a------ C:\WINDOWS\system32\comrepl.dll
2007-04-11 22:47 956,416 --a------ C:\WINDOWS\system32\msdtctm.dll
2007-04-11 22:47 94,720 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2007-04-11 22:47 91,136 --a------ C:\WINDOWS\system32\mtxoci.dll
2007-04-11 22:47 9,728 --a------ C:\WINDOWS\system32\reset.exe
2007-04-11 22:47 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2007-04-11 22:47 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2007-04-11 22:47 80,896 --a------ C:\WINDOWS\system32\charmap.exe
2007-04-11 22:47 73,216 --a------ C:\WINDOWS\system32\avwav.dll
2007-04-11 22:47 67,072 --a------ C:\WINDOWS\system32\rdshost.exe
2007-04-11 22:47 655,360 --a------ C:\WINDOWS\system32\mstscax.dll
2007-04-11 22:47 625,152 --a------ C:\WINDOWS\system32\catsrvut.dll
2007-04-11 22:47 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe
2007-04-11 22:47 605,696 --a------ C:\WINDOWS\system32\getuname.dll
2007-04-11 22:47 60,928 --a------ C:\WINDOWS\system32\remotepg.dll
2007-04-11 22:47 60,416 --a------ C:\WINDOWS\system32\colbact.dll
2007-04-11 22:47 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2007-04-11 22:47 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll
2007-04-11 22:47 58,880 --a------ C:\WINDOWS\system32\licwmi.dll
2007-04-11 22:47 57,344 --a------ C:\WINDOWS\system32\sol.exe
2007-04-11 22:47 56,320 --a------ C:\WINDOWS\system32\servdeps.dll
2007-04-11 22:47 55,808 --a------ C:\WINDOWS\system32\freecell.exe
2007-04-11 22:47 540,160 --a------ C:\WINDOWS\system32\comuid.dll
2007-04-11 22:47 54,272 --a------ C:\WINDOWS\system32\stclient.dll
2007-04-11 22:47 539,136 --a------ C:\WINDOWS\system32\spider.exe
2007-04-11 22:47 5,632 --a------ C:\WINDOWS\system32\write.exe
2007-04-11 22:47 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2007-04-11 22:47 498,688 --a------ C:\WINDOWS\system32\clbcatq.dll
2007-04-11 22:47 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2007-04-11 22:47 44,544 --a------ C:\WINDOWS\system32\hticons.dll
2007-04-11 22:47 426,496 --a------ C:\WINDOWS\system32\msdtcprx.dll
2007-04-11 22:47 408,576 --a------ C:\WINDOWS\system32\mstsc.exe
2007-04-11 22:47 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2007-04-11 22:47 4,608 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2007-04-11 22:47 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
2007-04-11 22:47 38,912 --a------ C:\WINDOWS\system32\cfgbkend.dll
2007-04-11 22:47 351,744 --a------ C:\WINDOWS\system32\hypertrm.dll
2007-04-11 22:47 35,328 --a------ C:\WINDOWS\system32\winchat.exe
2007-04-11 22:47 345,088 --a------ C:\WINDOWS\system32\mspaint.exe
2007-04-11 22:47 33,792 --a------ C:\WINDOWS\system32\regini.exe
2007-04-11 22:47 296,448 --a------ C:\WINDOWS\system32\termsrv.dll
2007-04-11 22:47 25,600 --a------ C:\WINDOWS\system32\comaddin.dll
2007-04-11 22:47 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2007-04-11 22:47 231,424 --a------ C:\WINDOWS\system32\avtapi.dll
2007-04-11 22:47 225,792 --a------ C:\WINDOWS\system32\catsrv.dll
2007-04-11 22:47 22,528 --a------ C:\WINDOWS\system32\qwinsta.exe
2007-04-11 22:47 22,528 --a------ C:\WINDOWS\system32\msg.exe
2007-04-11 22:47 21,896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2007-04-11 22:47 20,992 --a------ C:\WINDOWS\system32\qprocess.exe
2007-04-11 22:47 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
2007-04-11 22:47 196,864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2007-04-11 22:47 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2007-04-11 22:47 187,904 --a------ C:\WINDOWS\system32\cmprops.dll
2007-04-11 22:47 187,904 --a------ C:\WINDOWS\system32\accwiz.exe
2007-04-11 22:47 17,920 --a------ C:\WINDOWS\system32\tsshutdn.exe
2007-04-11 22:47 17,920 --a------ C:\WINDOWS\system32\mmfutil.dll
2007-04-11 22:47 17,408 --a------ C:\WINDOWS\system32\qappsrv.exe
2007-04-11 22:47 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2007-04-11 22:47 16,384 --a------ C:\WINDOWS\system32\tskill.exe
2007-04-11 22:47 16,384 --a------ C:\WINDOWS\system32\rwinsta.exe
2007-04-11 22:47 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
2007-04-11 22:47 15,872 --a------ C:\WINDOWS\system32\logoff.exe
2007-04-11 22:47 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll
2007-04-11 22:47 15,360 --a------ C:\WINDOWS\system32\tsdiscon.exe
2007-04-11 22:47 15,360 --a------ C:\WINDOWS\system32\tscon.exe
2007-04-11 22:47 15,360 --a------ C:\WINDOWS\system32\shadow.exe
2007-04-11 22:47 147,968 --a------ C:\WINDOWS\system32\rdchost.dll
2007-04-11 22:47 147,456 --a------ C:\WINDOWS\system32\comsnap.dll
2007-04-11 22:47 141,824 --a------ C:\WINDOWS\system32\sessmgr.exe
2007-04-11 22:47 139,528 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2007-04-11 22:47 139,264 --a------ C:\WINDOWS\system32\sndvol32.exe
2007-04-11 22:47 132,608 --a------ C:\WINDOWS\system32\sndrec32.exe
2007-04-11 22:47 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2007-04-11 22:47 128,000 --a------ C:\WINDOWS\system32\mshearts.exe
2007-04-11 22:47 124,928 --a------ C:\WINDOWS\system32\mplay32.exe
2007-04-11 22:47 12,040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2007-04-11 22:47 119,808 --a------ C:\WINDOWS\system32\winmine.exe
2007-04-11 22:47 115,200 --a------ C:\WINDOWS\system32\calc.exe
2007-04-11 22:47 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll
2007-04-11 22:47 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll
2007-04-11 22:47 11,264 --a------ C:\WINDOWS\system32\icaapi.dll
2007-04-11 22:47 103,424 --a------ C:\WINDOWS\system32\clipbrd.exe
2007-04-11 22:47 1,267,200 --a------ C:\WINDOWS\system32\comsvcs.dll
2007-04-11 22:47 1,225 --a------ C:\WINDOWS\system32\usrlogon.cmd
2007-04-11 22:47 <DIR> d-------- C:\WINDOWS\system32\MsDtc
2007-04-11 22:47 <DIR> d-------- C:\WINDOWS\system32\Com
2007-04-11 22:47 <DIR> d-------- C:\Program Files\Windows NT
2007-04-11 22:47 <DIR> d-------- C:\Program Files\MSN Gaming Zone
2007-04-11 22:47 <DIR> d-------- C:\Program Files\Messenger
2007-04-11 22:43 58,624 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-04-11 22:43 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-04-11 22:42 87,424 --a------ C:\WINDOWS\system32\drivers\irda.sys
2007-04-11 22:42 8,192 --a------ C:\WINDOWS\system32\wshirda.dll
2007-04-11 22:42 77,312 --a------ C:\WINDOWS\system32\usbui.dll
2007-04-11 22:42 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys
2007-04-11 22:42 46,464 --a------ C:\WINDOWS\system32\drivers\GAGP30KX.SYS
2007-04-11 22:42 39,424 --a------ C:\WINDOWS\system32\drivers\smcirda.sys
2007-04-11 22:42 32,256 -ra------ C:\WINDOWS\system32\drivers\sisnic.sys
2007-04-11 22:42 27,648 --a------ C:\WINDOWS\system32\irmon.dll
2007-04-11 22:42 19,584 --a------ C:\WINDOWS\system32\drivers\rasirda.sys
2007-04-11 22:42 153,088 --a------ C:\WINDOWS\system32\irftp.exe
2007-04-11 22:41 9,344 --a------ C:\WINDOWS\system32\drivers\compbatt.sys
2007-04-11 22:41 14,080 --a------ C:\WINDOWS\system32\drivers\CmBatt.sys
2007-04-11 22:41 14,080 --a------ C:\WINDOWS\system32\drivers\battc.sys
2007-04-11 22:40 9,936 --a------ C:\WINDOWS\system\LZEXPAND.DLL
2007-04-11 22:40 9,168 --a------ C:\WINDOWS\system\VER.DLL
2007-04-11 22:40 85,532 --a------ C:\WINDOWS\system32\dgsetup.dll
2007-04-11 22:40 83,456 --a------ C:\WINDOWS\system\OLECLI.DLL
2007-04-11 22:40 8,704 --a------ C:\WINDOWS\system32\batt.dll
2007-04-11 22:40 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2007-04-11 22:40 75,776 --a------ C:\WINDOWS\system32\storprop.dll
2007-04-11 22:40 70,144 --a------ C:\WINDOWS\NOTEPAD.EXE
2007-04-11 22:40 70,096 --a------ C:\WINDOWS\system\AVICAP.DLL
2007-04-11 22:40 7,168 --a------ C:\WINDOWS\system32\kbdcz.dll
2007-04-11 22:40 69,552 --a------ C:\WINDOWS\system\MMSYSTEM.DLL
2007-04-11 22:40 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2007-04-11 22:40 6,656 --a------ C:\WINDOWS\system32\kbdycl.dll
2007-04-11 22:40 6,656 --a------ C:\WINDOWS\system32\kbdsl1.dll
2007-04-11 22:40 6,656 --a------ C:\WINDOWS\system32\kbdsl.dll
2007-04-11 22:40 6,656 --a------ C:\WINDOWS\system32\kbdhu.dll
2007-04-11 22:40 6,656 --a------ C:\WINDOWS\system32\kbdcz2.dll
2007-04-11 22:40 6,656 --a------ C:\WINDOWS\system32\kbdcz1.dll
2007-04-11 22:40 6,656 --a------ C:\WINDOWS\system32\kbdcr.dll
2007-04-11 22:40 6,656 --a------ C:\WINDOWS\system32\KBDAL.DLL
2007-04-11 22:40 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2007-04-11 22:40 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2007-04-11 22:40 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2007-04-11 22:40 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2007-04-11 22:40 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2007-04-11 22:40 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2007-04-11 22:40 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll
2007-04-11 22:40 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2007-04-11 22:40 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
2007-04-11 22:40 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2007-04-11 22:40 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2007-04-11 22:40 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2007-04-11 22:40 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2007-04-11 22:40 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2007-04-11 22:40 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2007-04-11 22:40 5,632 --a------ C:\WINDOWS\system32\kbdro.dll
2007-04-11 22:40 5,632 --a------ C:\WINDOWS\system32\kbdhu1.dll
2007-04-11 22:40 5,120 --a------ C:\WINDOWS\system\SHELL.DLL
2007-04-11 22:40 33,376 --a------ C:\WINDOWS\system\COMMDLG.DLL
2007-04-11 22:40 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-04-11 22:40 24,064 --a------ C:\WINDOWS\system\OLESVR.DLL
2007-04-11 22:40 19,200 --a------ C:\WINDOWS\system\TAPI.DLL
2007-04-11 22:40 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2007-04-11 22:40 15,360 --a------ C:\WINDOWS\TASKMAN.EXE
2007-04-11 22:40 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2007-04-11 22:40 127,008 --a------ C:\WINDOWS\system\MSVIDEO.DLL
2007-04-11 22:40 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2007-04-11 22:40 109,488 --a------ C:\WINDOWS\system\AVIFILE.DLL
2007-04-11 22:40 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll
2007-04-11 22:40 <DIR> dr------- C:\Program Files
2007-04-11 22:40 <DIR> d--hs---- C:\WINDOWS\Installer
2007-04-11 22:40 <DIR> d-------- C:\Program Files\Common Files\SpeechEngines
2007-04-11 22:40 <DIR> d-------- C:\Program Files\Common Files\ODBC
2007-04-11 22:39 <DIR> dr-h----- C:\DOCUME~1\DEFAUL~1\Ustawienia lokalne
2007-04-11 22:39 <DIR> dr-h----- C:\DOCUME~1\DEFAUL~1\Dane aplikacji
2007-04-11 22:39 <DIR> dr-h----- C:\DOCUME~1\ALLUSE~1\Dane aplikacji
2007-04-11 22:39 <DIR> dr------- C:\DOCUME~1\DEFAUL~1\Menu Start
2007-04-11 22:39 <DIR> dr------- C:\DOCUME~1\ALLUSE~1\Menu Start
2007-04-11 22:39 <DIR> dr------- C:\DOCUME~1\ALLUSE~1\Dokumenty
2007-04-11 22:39 <DIR> d--h----- C:\DOCUME~1\DEFAUL~1\Szablony
2007-04-11 22:39 <DIR> d--h----- C:\DOCUME~1\ALLUSE~1\Szablony
2007-04-11 22:39 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2007-04-11 22:39 <DIR> d-------- C:\WINDOWS\system32\CatRoot
2007-04-11 22:39 <DIR> d-------- C:\Documents and Settings
2007-04-11 22:39 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\Ulubione
2007-04-11 22:39 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\Pulpit
2007-04-11 22:39 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\Moje dokumenty
2007-04-11 22:39 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Ulubione
2007-04-11 22:39 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Pulpit
2007-04-11 22:31 <DIR> dr-hs---- C:\WINDOWS\system32\dllcache
2007-04-11 22:31 <DIR> dr--s---- C:\WINDOWS\Fonts
2007-04-11 22:31 <DIR> dr------- C:\WINDOWS\Web
2007-04-11 22:31 <DIR> d-a------ C:\WINDOWS
2007-04-11 22:31 <DIR> d--h----- C:\WINDOWS\inf
2007-04-11 22:31 <DIR> d-------- C:\WINDOWS\WinSxS
2007-04-11 22:31 <DIR> d-------- C:\WINDOWS\twain_32
2007-04-11 22:31 <DIR> d-------- C:\WINDOWS\system32\wins
2007-04-11 22:31 <DIR> d-------- C:\WINDOWS\system32\wbem
2007-04-11 22:31 <DIR> d-------- C:\WINDOWS\system32\usmt
2007-04-11 22:31 <DIR> d-------- C:\WINDOWS\system32\spool
2007-04-11 22:31 <DIR> d-------- C:\WINDOWS\system32\ShellExt
2007-04-11 22:31 <DIR> d-------- C:\WINDOWS\system32\Setup
2007-04-11 22:31 <DIR> d-------- C:\WINDOWS\system32\ras
2007-04-11 22:31 <DIR> d-------- C:\WINDOWS\system32\oobe
2007-04-11 22:31 <DIR> d-------- C:\WINDOWS\system32\npp
2007-04-11 22:31 <DIR> d-------- C:\WINDOWS\system32\mui
2007-04-11 22:31 <DIR> d-------- C:\WINDOWS\system32\inetsrv
2007-04-11 22:31 <DIR> d-------- C:\WINDOWS\system32\IME
2007-04-11 22:31 <DIR> d-------- C:\WINDOWS\system32\icsxml
2007-04-11 22:31 <DIR> d-------- C:\WINDOWS\system32\ias
2007-04-11 22:31 <DIR> d-------- C:\WINDOWS\system32\export
2007-04-11 22:31 <DIR> d-------- C:\WINDOWS\system32\drivers\etc
2007-04-11 22:31 <DIR> d-------- C:\WINDOWS\system32\drivers\disdn
2007-04-11 22:31 <DIR> d-------- C:\WINDOWS\system32\drivers
2007-04-11 22:31 <DIR> d-------- C:\WINDOWS\system32\dhcp
2007-04-11 22:31 <DIR> d-------- C:\WINDOWS\system32\config
2007-04-11 22:31 <DIR> d-------- C:\WINDOWS\system32\3com_dmi
2007-04-11 22:31 <DIR> d-------- C:\WINDOWS\system32\3076
2007-04-11 22:31 <DIR> d-------- C:\WINDOWS\system32\2052
2007-04-11 22:31 <DIR> d-------- C:\WINDOWS\system32\1054
2007-04-11 22:31 <DIR> d-------- C:\WINDOWS\system32\1045
2007-04-11 22:31 <DIR> d-------- C:\WINDOWS\system32\1042
2007-04-11 22:31 <DIR> d-------- C:\WINDOWS\system32\1041
2007-04-11 22:31 <DIR> d-------- C:\WINDOWS\system32\1037
2007-04-11 22:31 <DIR> d-------- C:\WINDOWS\system32\1033
2007-04-11 22:31 <DIR> d-------- C:\WINDOWS\system32\1031
2007-04-11 22:31 <DIR> d-------- C:\WINDOWS\system32\1028
2007-04-11 22:31 <DIR> d-------- C:\WINDOWS\system32\1025
2007-04-11 22:31 <DIR> d-------- C:\WINDOWS\system32
2007-04-11 22:31 <DIR> d-------- C:\WINDOWS\system
2007-04-11 22:31 <DIR> d-------- C:\WINDOWS\security
2007-04-11 22:31 <DIR> d-------- C:\WINDOWS\Resources
2007-04-11 22:31 <DIR> d-------- C:\WINDOWS\repair
2007-04-11 22:31 <DIR> d-------- C:\WINDOWS\Provisioning
2007-04-11 22:31 <DIR> d-------- C:\WINDOWS\PeerNet
2007-04-11 22:31 <DIR> d-------- C:\WINDOWS\pchealth
2007-04-11 22:31 <DIR> d-------- C:\WINDOWS\mui
2007-04-11 22:31 <DIR> d-------- C:\WINDOWS\msagent
2007-04-11 22:31 <DIR> d-------- C:\WINDOWS\Media
2007-04-11 22:31 <DIR> d-------- C:\WINDOWS\ime
2007-04-11 22:31 <DIR> d-------- C:\WINDOWS\Help
2007-04-11 22:31 <DIR> d-------- C:\WINDOWS\ehome
2007-04-11 22:31 <DIR> d-------- C:\WINDOWS\Driver Cache
2007-04-11 22:31 <DIR> d-------- C:\WINDOWS\Debug
2007-04-11 22:31 <DIR> d-------- C:\WINDOWS\Cursors
2007-04-11 22:31 <DIR> d-------- C:\WINDOWS\Connection Wizard
2007-04-11 22:31 <DIR> d-------- C:\WINDOWS\Config
2007-04-11 22:31 <DIR> d-------- C:\WINDOWS\AppPatch
2007-04-11 22:31 <DIR> d-------- C:\WINDOWS\addins
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-04-14 08:37 521292 --a------ C:\WINDOWS\system32\perfh015.dat
2007-04-14 08:37 104646 --a------ C:\WINDOWS\system32\perfc015.dat
2007-04-11 22:50 -------- d-------- C:\Program Files\us�ugi online
2007-04-11 22:40 62 --ahs---- C:\DOCUME~1\Jack\DANEAP~1\desktop.ini
2007-03-17 15:45 293376 --a------ C:\WINDOWS\system32\winsrv.dll
2007-03-08 17:38 579072 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 17:38 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 17:38 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 17:37 1843840 --a------ C:\WINDOWS\system32\win32k.sys
2007-02-05 22:19 185856 --a------ C:\WINDOWS\system32\upnphost.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Gadu-Gadu"="\"C:\\Program Files\\Gadu-Gadu\\gg.exe\" /tray"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\
Security Packages REG_MULTI_SZ kerberosmsv1_0schannelwdigest\
Notification Packages REG_MULTI_SZ scecli\
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Gamma Loader.lnk]
"path"="C:\\Documents and Settings\\All Users\\Menu Start\\Programy\\Autostart\\Adobe Gamma Loader.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Gamma Loader.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
"item"="Adobe Gamma Loader"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Jack^Menu Start^Programy^Autostart^EzMail.lnk]
"path"="C:\\Documents and Settings\\Jack\\Menu Start\\Programy\\Autostart\\EzMail.lnk"
"backup"="C:\\WINDOWS\\pss\\EzMail.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\EZMAIL~1.0\\EzMail.exe "
"item"="EzMail"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Jack^Menu Start^Programy^Autostart^Rejestrowanie produktów Corela.lnk]
"path"="C:\\Documents and Settings\\Jack\\Menu Start\\Programy\\Autostart\\Rejestrowanie produktów Corela.lnk"
"backup"="C:\\WINDOWS\\pss\\Rejestrowanie produktów Corela.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\Corel\\GRAPHI~1\\Register\\Remind32.exe "
"item"="Rejestrowanie produktów Corela"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\ctfmon.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Disk Monitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Disk_Monitor"
"hkey"="HKLM"
"command"="C:\\Program Files\\Generic\\USB Card Reader Driver v1.9\\Disk_Monitor.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
"key"="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows"
"item"="watch"
"hkey"="HKCU"
"command"="C:\\YDPDict\\watch.exe"
"inimapping"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXSUPMON]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LXSUPMON"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\LXSUPMON.EXE RUN"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvCpl"
"hkey"="HKLM"
"command"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIEW]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="rundll32"
"hkey"="HKCU"
"command"="rundll32.exe nview.dll,nViewLoadHook"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nwiz"
"hkey"="HKLM"
"command"="nwiz.exe /install"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerManagement]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PwrGui"
"hkey"="HKLM"
"command"="C:\\Program Files\\Power Management\\PwrGui.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRISMSTA.EXE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PRISMSTA"
"hkey"="HKLM"
"command"="PRISMSTA.EXE START"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SOUNDMAN"
"hkey"="HKLM"
"command"="SOUNDMAN.EXE"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SynTPEnh"
"hkey"="HKLM"
"command"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SynTPLpr"
"hkey"="HKLM"
"command"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="winampa"
"hkey"="HKLM"
"command"="C:\\Program Files\\Winamp\\winampa.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WZCSVC"=dword:00000002
"wscsvc"=dword:00000002
"stisvc"=dword:00000003
"ose"=dword:00000003
"NVSvc"=dword:00000002
"LexBceS"=dword:00000002
"Gupta SQLBase Server12"=dword:00000002
"Gupta SQLBase Resource Manager Server12"=dword:00000002
"MSSQLServerOLAPService"=dword:00000002
"MSSQLSERVER"=dword:00000002
"msftesql"=dword:00000002
"MsDtsServer"=dword:00000002
"InterBaseServer"=dword:00000003
"InterBaseGuardian"=dword:00000002
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\
LocalService REG_MULTI_SZ AlerterWebClientLmHostsRemoteRegistryupnphostSSDPSRV\
NetworkService REG_MULTI_SZ DnsCache\
DcomLaunch REG_MULTI_SZ DcomLaunchTermService\
rpcss REG_MULTI_SZ RpcSs\
imgsvc REG_MULTI_SZ StiSvc\
termsvcs REG_MULTI_SZ TermService\
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_HTTPFILTER
********************************************************************
catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-04 23:44:00
Windows 5.1.2600 Dodatek Service Pack 2 FAT
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
********************************************************************
Completion time: 07-05-04 23:44:08
C:\ComboFix-quarantined-files.txt ... 07-05-04 23:44
#74
Napisano 06 05 2007 - 21:18
#75
Napisano 09 05 2007 - 10:30
Logfile of HijackThis v1.99.1
Scan saved at 10:20:39, on 2007-05-09
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Agnitum\Outpost Firewall\outpost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\KuBa MaCieJeWski\Pulpit\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = nofollow
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Hacked by Godzilla
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll (file missing)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Outpost Firewall] C:\Program Files\Agnitum\Outpost Firewall\outpost.exe /waitservice
O4 - HKLM\..\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Firewall\feedback.exe /dump:os_startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - nofollow
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\Program Files\Agnitum\Outpost Firewall\outpost.exe
widzę że kogoś uraziłem "Panowie i Panie" już dobrze wiem że mam tą godzille całą ale szukam gdzieś po PL instrukcji
// Maciej13 - Na przyszłość zakładaj własne tematy.
#76
Napisano 09 05 2007 - 14:31
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Hacked by Godzilla
#77
Napisano 09 05 2007 - 15:26
#78
Napisano 09 05 2007 - 16:35
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll (file missing)
Fix w Hjt.
Pokaż log z Silent Runners.
#79
Napisano 10 05 2007 - 21:07
Logfile of HijackThis v1.99.1
Scan saved at 21:07:02, on 2007-05-10
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Agnitum\Outpost Firewall\outpost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Winamp\Winamp.exe
C:\Documents and Settings\KuBa MaCieJeWski\Pulpit\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll (file missing)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Outpost Firewall] C:\Program Files\Agnitum\Outpost Firewall\outpost.exe /waitservice
O4 - HKLM\..\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Firewall\feedback.exe /dump:os_startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virussca...can_unicode.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\Program Files\Agnitum\Outpost Firewall\outpost.exe
#80
Napisano 10 05 2007 - 21:10
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll (file missing)
Użytkownicy przeglądający ten temat: 0
0 użytkowników, 0 gości, 0 anonimowych