Wykryto wyłączony javascript

Aktualnie masz wyłączony javascript. Kilka funkcji może nie działać. Włącz ponownie javascript, aby korzystać z pełnej funkcjonalności.

[wirus]Jakieś Wirusy robaki i inne cuda :P

Rozpoczęty przez Thial , 27 04 2008 12:53

Temat jest zamknięty

10 odpowiedzi w tym temacie

#1 Thial

Obserwator

6 postów

Napisano 27 04 2008 - 12:53

Witam ostatnio stałem się chyba ofirą wirusów i innych wytworów. Komp mi strasznie się krzaczy, nawet jeśli mam wszystko wyłączone to użycie procesora mam prawie cały czas na 100%. W filmach i muzyce dźwięk zacina się powodujac takie skrzeczenie (dźwieki się powtarzają). Już podczas logowania na konto przy tej muzyczce windowsowej występuje to "skrzeczenie". Skanowałem kompa avastem, ad-warem i ccleanerem. Usunąłem wszystkie podejrzane rzeczy lecz komputer dalej strasznie się zacina. Nawet proste czynności są spowolnione. Gdy wypakowywałem lineage2 z rara tuz po formacie, zajelo mi to około 5 minut. Teraz natomiast trwa to 50 minut. Poprostu tragedia.Zrobiłem skan Hijackiem. Oto log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:38:29, on 2002-09-23
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\RUNDLL32.EXE
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\WINDOWS\system32\CTHELPER.EXE
D:\Program Files\DAEMON Tools\daemon.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Gadu-Gadu\gg.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] D:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "D:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "D:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - D:\Program Files\a-squared Free\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe

--
End of file - 3395 bytes

Proszę o pomoc, jak temu zaradzić ???

0

Do góry

#2 wncvirus

Leń !

851 postów

Napisano 27 04 2008 - 13:27

Ten log jest czysty.Daj może z combofixa loga

0

Do góry

#3 Thial

Obserwator

6 postów

Napisano 27 04 2008 - 14:53

Log z combofixa

ComboFix 08-04-26.3 - Domino 2008-04-27 14:53:50.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.112 [GMT 2:00]
Running from: D:\Documents and Settings\Domino.BOGDANOW-48FC99\Pulpit\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED
.

((((((((((((((((((((((((( Files Created from 2008-03-27 to 2008-04-27 )))))))))))))))))))))))))))))))
.

2008-04-24 15:54 . 2008-04-25 17:57 <DIR> d-------- D:\Program Files\DAEMON Tools
2008-04-24 15:54 . 2008-04-24 15:54 223,128 --a------ D:\WINDOWS\system32\drivers\dtscsi.sys
2008-04-24 15:51 . 2008-04-24 15:51 642,560 --a------ D:\WINDOWS\system32\drivers\sptd.sys
2008-04-24 15:51 . 2008-04-24 15:51 96,256 --a------ D:\WINDOWS\system32\drivers\sptd0381.sys
2008-04-23 12:04 . 2008-04-23 12:04 <DIR> d-------- D:\Documents and Settings\Domino.BOGDANOW-48FC99\Dane aplikacji\AdobeUM
2008-04-23 10:51 . 2002-09-23 05:41 <DIR> d-------- D:\Program Files\Common Files\Adobe
2008-04-22 19:34 . 2008-04-24 22:57 <DIR> d-------- D:\Program Files\Real Alternative
2008-04-22 19:17 . 2008-04-22 19:17 <DIR> d-------- D:\Program Files\Common Files\GTK
2008-04-22 19:11 . 2008-04-22 19:11 <DIR> d-------- D:\Program Files\GIMP-2.0
2008-04-22 16:49 . 2008-04-22 17:16 <DIR> d-------- D:\Program Files\a-squared Free
2008-04-22 05:47 . 2002-09-23 12:15 29,808 --a------ D:\WINDOWS\system32\BMXCtrlState-{00000000-00000000-0000000A-00001102-00000002-80641102}.rfx
2008-04-22 05:47 . 2002-09-23 12:15 29,808 --a------ D:\WINDOWS\system32\BMXBkpCtrlState-{00000000-00000000-0000000A-00001102-00000002-80641102}.rfx
2008-04-22 05:47 . 2002-09-23 12:15 17,500 --a------ D:\WINDOWS\system32\BMXStateBkp-{00000000-00000000-0000000A-00001102-00000002-80641102}.rfx
2008-04-22 05:47 . 2002-09-23 12:15 17,500 --a------ D:\WINDOWS\system32\BMXState-{00000000-00000000-0000000A-00001102-00000002-80641102}.rfx
2008-04-22 05:47 . 2002-09-23 12:15 1,080 --a------ D:\WINDOWS\system32\settingsbkup.sfm
2008-04-22 05:47 . 2002-09-23 12:15 1,080 --a------ D:\WINDOWS\system32\settings.sfm
2008-04-22 05:47 . 2002-09-23 12:15 24 --a------ D:\WINDOWS\system32\DVCStateBkp-{00000000-00000000-0000000A-00001102-00000002-80641102}.dat
2008-04-22 05:47 . 2002-09-23 12:15 24 --a------ D:\WINDOWS\system32\DVCState-{00000000-00000000-0000000A-00001102-00000002-80641102}.dat
2008-04-21 21:46 . 2002-09-23 12:37 3,374,371 --a------ D:\WINDOWS\{00000000-00000000-0000000A-00001102-00000002-80641102}.CDF
2008-04-21 21:40 . 2008-04-21 21:40 <DIR> d-------- D:\WINDOWS\system32\Data
2008-04-21 21:39 . 2001-05-28 13:47 32,768 --a------ D:\WINDOWS\system32\AudioHQU.cpl
2008-04-21 21:39 . 2001-05-28 13:47 12,288 --a------ D:\WINDOWS\system32\AHQCpURes.dll
2008-04-21 21:38 . 2008-04-26 13:46 <DIR> d--h----- D:\Program Files\InstallShield Installation Information
2008-04-21 21:38 . 2008-04-21 21:39 <DIR> d-------- D:\Program Files\Creative
2008-04-21 21:38 . 1999-12-17 01:00 6,752 --------- D:\WINDOWS\system32\PFMODNT.SYS
2008-04-21 16:46 . 2008-04-21 16:46 <DIR> d-------- D:\Program Files\Deluxe Ski Jump 3
2008-04-21 01:28 . 2002-09-23 11:54 107 --a------ D:\WINDOWS\VplayerINI.vpl
2008-04-20 01:12 . 2002-09-23 11:54 1,266 --a------ D:\WINDOWS\VPlayer.INI
2008-04-18 22:48 . 2002-09-23 12:21 7,168 --ahs---- D:\WINDOWS\Thumbs.db
2008-04-18 16:12 . 2008-04-18 16:12 <DIR> d-------- D:\Documents and Settings\Domino.BOGDANOW-48FC99\Dane aplikacji\Thinstall
2008-04-18 16:12 . 2008-04-18 16:12 0 --a------ D:\WINDOWS\nsreg.dat
2008-04-18 16:09 . 2003-03-18 22:20 1,060,864 --a------ D:\WINDOWS\system32\MFC71.dll
2008-04-18 08:20 . 2008-04-18 08:20 <DIR> d-------- D:\Program Files\YASA3GPVideoConverter
2008-04-18 04:35 . 2008-04-18 04:35 <DIR> d---s---- D:\Documents and Settings\Mama\UserData
2008-04-18 04:31 . 2008-04-27 14:56 <DIR> d--h----- D:\Documents and Settings\Mama\Ustawienia lokalne
2008-04-18 04:31 . 2008-04-18 06:28 <DIR> dr------- D:\Documents and Settings\Mama\Ulubione
2008-04-18 04:31 . 2008-04-17 08:21 <DIR> d--h----- D:\Documents and Settings\Mama\Szablony
2008-04-18 04:31 . 2008-04-18 19:48 <DIR> d-------- D:\Documents and Settings\Mama\Pulpit
2008-04-18 04:31 . 2008-04-18 04:32 <DIR> dr------- D:\Documents and Settings\Mama\Moje dokumenty
2008-04-18 04:31 . 2008-04-17 10:14 <DIR> dr------- D:\Documents and Settings\Mama\Menu Start
2008-04-18 04:31 . 2008-04-25 04:15 <DIR> dr-h----- D:\Documents and Settings\Mama\Dane aplikacji
2008-04-18 04:31 . 2008-04-18 04:35 <DIR> d-------- D:\Documents and Settings\Mama
2008-04-18 04:31 . 2008-04-27 14:53 1,024 --ah----- D:\Documents and Settings\Mama\NTUSER.DAT.LOG
2008-04-17 20:29 . 2008-04-18 04:31 <DIR> d-------- D:\WINDOWS\nview
2008-04-17 20:29 . 2008-03-15 07:43 208,896 --a------ D:\WINDOWS\system32\nvudisp.exe
2008-04-17 20:29 . 2002-09-23 12:37 88,566 --a------ D:\WINDOWS\system32\nvapps.xml
2008-04-17 20:29 . 2006-10-22 12:22 17,056 --a------ D:\WINDOWS\system32\nvdisp.nvu
2008-04-17 20:21 . 2006-10-22 15:06 208,896 --a------ D:\WINDOWS\system32\NVUNINST.EXE
2008-04-17 20:20 . 2008-04-21 21:38 <DIR> d-------- D:\Program Files\Common Files\InstallShield
2008-04-17 19:16 . 2008-04-17 19:16 <DIR> d---s---- D:\Documents and Settings\Domino.BOGDANOW-48FC99\UserData
2008-04-17 18:49 . 2008-04-17 18:49 <DIR> d-------- D:\Program Files\Easy GIF Animator
2008-04-17 18:10 . 2008-04-17 18:10 <DIR> d-------- D:\Documents and Settings\Domino.BOGDANOW-48FC99\Dane aplikacji\Gadu-Gadu
2008-04-17 18:09 . 2008-04-17 18:10 <DIR> d-------- D:\Documents and Settings\Domino.BOGDANOW-48FC99\Gadu-Gadu
2008-04-17 15:27 . 2002-09-23 14:29 <DIR> d-------- D:\Documents and Settings\Domino.BOGDANOW-48FC99\Dane aplikacji\gtk-2.0
2008-04-17 15:06 . 2008-04-17 15:06 <DIR> d-------- D:\Program Files\K-Lite Codec Pack
2008-04-17 15:06 . 2008-04-17 15:06 <DIR> d-------- D:\Documents and Settings\Domino.BOGDANOW-48FC99\Dane aplikacji\Media Player Classic
2008-04-17 14:56 . 2008-04-17 14:56 <DIR> d-------- D:\Documents and Settings\Domino.BOGDANOW-48FC99\.thumbnails
2008-04-17 14:54 . 2002-09-23 13:58 <DIR> d-------- D:\Documents and Settings\Domino.BOGDANOW-48FC99\.gimp-2.4
2008-04-17 14:38 . 2004-08-03 23:08 26,496 --a--c--- D:\WINDOWS\system32\dllcache\usbstor.sys
2008-04-15 14:38 . 2008-04-15 14:38 <DIR> d-------- D:\Program Files\Alwil Software

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-18 15:06 --------- d-----w D:\Program Files\Gadu-Gadu
2008-04-17 06:27 --------- d-----w D:\Program Files\microsoft frontpage
2008-04-17 06:24 --------- d-----w D:\Program Files\Usługi online
2008-04-14 21:09 --------- d-----w D:\Program Files\Winamp
2008-03-06 17:11 99,328 ----a-w D:\WINDOWS\system32\winscard.dll
2008-03-06 17:09 94,832 ----a-w D:\WINDOWS\twain.dll
2008-03-06 17:08 991,744 ----a-w D:\WINDOWS\system32\syssetup.dll
2008-03-06 17:07 996,352 ----a-w D:\WINDOWS\system32\setupapi.dll
2008-03-06 17:06 98,304 ----a-w D:\WINDOWS\system32\rtm.dll
2008-03-06 17:05 98,304 ----a-w D:\WINDOWS\system32\odbcint.dll
2008-03-06 17:04 94,208 ----a-w D:\WINDOWS\system32\netsh.exe
2008-03-06 17:03 91,776 ----a-w D:\WINDOWS\system32\drivers\ndiswan.sys
2008-03-06 17:02 997,888 ----a-w D:\WINDOWS\system32\msgina.dll
2008-03-06 17:01 98,816 ----a-w D:\WINDOWS\system32\loadperf.dll
2008-03-06 16:59 92,320 ----a-w D:\WINDOWS\system32\krnl386.exe
2008-03-06 16:58 99,840 ----a-w D:\WINDOWS\pchealth\helpctr\binaries\HelpHost.exe
2008-03-06 16:57 97,280 ----a-w D:\WINDOWS\system32\dpcdll.dll
2008-03-06 16:56 825,344 ----a-w D:\WINDOWS\system32\d3dim700.dll
2008-03-06 16:55 95,360 ----a-w D:\WINDOWS\system32\drivers\atapi.sys
2008-03-06 16:54 937,984 ----a-w D:\WINDOWS\system32\winbrand.dll
2008-02-12 19:55 575,530,568 ----a-w D:\Program Files\WOLF ET 2.60b.rar
2007-09-28 15:16 366 ----a-w D:\Program Files\Skrót do Program Files.lnk
2002-10-22 18:14 364,892 ----a-w D:\Program Files\wear_all_items.rar
2002-10-07 14:38 396,288 ----a-w D:\Program Files\BNetEditor.exe
2002-10-06 21:14 5,122,687 ------w D:\Program Files\LODPatch_110.exe
2002-10-06 20:49 5,713,057 ----a-w D:\Program Files\Hero_Editor_Full_V96.zip
.

------- Sigcheck -------

2008-03-06 18:58 1040896 b203781d5509ce237857d26e1339dcba D:\WINDOWS\explorer.exe

2008-03-06 18:56 22528 aa2abd388e6669d07727dbc848ab07ee D:\WINDOWS\system32\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\ctfmon.exe" [2008-03-06 18:56 22528]
"Gadu-Gadu"="D:\Program Files\Gadu-Gadu\gg.exe" [2007-07-09 09:39 2119104]
"MSMSGS"="D:\Program Files\Messenger\msmsgs.exe" [2004-08-04 00:55 1674752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="D:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 12:22 1630208 D:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="D:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 12:22 86016]
"avast!"="D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2006-09-25 17:42 108160]
"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 17:56 32768 D:\WINDOWS\system32\CTHELPER.EXE]
"UpdReg"="D:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 98304]
"Jet Detection"="D:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 01:00 36864]
"DAEMON Tools"="D:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 16:57 133016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\CTFMON.EXE" [2008-03-06 18:56 22528]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Program Files\\Gadu-Gadu\\gg.exe"=

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-27 14:57:59
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

detected NTDLL code modification:
ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-27 15:00:09
ComboFix-quarantined-files.txt 2008-04-27 13:00:00

Pre-Run: 6,851,236,352 bajtów wolnych
Post-Run: 7,004,707,328 bajtów wolnych

146

I jeszcze na wszelki wypadek z silentrunnera

"Silent Runners.vbs", revision 56, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "D:\WINDOWS\system32\ctfmon.exe" [MS]
"Gadu-Gadu" = ""D:\Program Files\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu S.A."]
"MSMSGS" = ""D:\Program Files\Messenger\msmsgs.exe" /background" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"NvCplDaemon" = "RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NvMediaCenter" = "RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]
"avast!" = "D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [null data]
"WINDVDPatch" = "CTHELPER.EXE" ["Creative Technology Ltd"]
"UpdReg" = "D:\WINDOWS\UpdReg.EXE" ["Creative Technology Ltd."]
"Jet Detection" = ""D:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"" [empty string]
"DAEMON Tools" = ""D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033" ["DT Soft Ltd."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "D:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "D:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "D:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "D:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "D:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "D:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "D:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
"{A155339D-CCCD-4714-85EB-3754B804C9DF}" = "a-squared Free Shell Extension"
-> {HKLM...CLSID} = "a-squared Free Shell Extension"
\InProcServer32\(Default) = "D:\Program Files\a-squared Free\a2freecontmenu.dll" ["Emsi Software GmbH"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "D:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "D:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
a-squared Free Shell Extension\(Default) = "{A155339D-CCCD-4714-85EB-3754B804C9DF}"
-> {HKLM...CLSID} = "a-squared Free Shell Extension"
\InProcServer32\(Default) = "D:\Program Files\a-squared Free\a2freecontmenu.dll" ["Emsi Software GmbH"]
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "D:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
a-squared Free Shell Extension\(Default) = "{A155339D-CCCD-4714-85EB-3754B804C9DF}"
-> {HKLM...CLSID} = "a-squared Free Shell Extension"
\InProcServer32\(Default) = "D:\Program Files\a-squared Free\a2freecontmenu.dll" ["Emsi Software GmbH"]

Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}

Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "D:\WINDOWS\system32\config\systemprofile\Pulpit\tapetka.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "D:\Documents and Settings\Domino.BOGDANOW-48FC99\Pulpit\tapetka.bmp"

Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "D:\WINDOWS\System32\logon.scr" [MS]

Startup items in "Domino" & "All Users" startup folders:
--------------------------------------------------------

D:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart
"Adobe Gamma Loader" -> shortcut to: "D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]

Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 11
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

Toolbars, Explorer Bars, Extensions:
------------------------------------

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "D:\Program Files\Messenger\msmsgs.exe" [MS]

---------- (launch time: 2002-09-23 14:42:44)
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 140 seconds.
---------- (total run time: 195 seconds)

0

Do góry

#4 wncvirus

Leń !

851 postów

Napisano 27 04 2008 - 22:37

Log czysty.

0

Do góry

#5 Thial

Obserwator

6 postów

Napisano 28 04 2008 - 21:49

czasami w procesach odpala mi sie cos takiego jak mrofinu, holmes i dil6, czytałem że to back doory, mimo usunięcia komp dalej sie tnie a one wracają po jakimś czasie

0

Do góry

#6 wncvirus

Leń !

851 postów

Napisano 28 04 2008 - 22:16

Zrób

Śćiągnij SmitfraudFix.
Użyj go z opcji "Clean", czyli wpisz 2 i naciśnij ENTER.
Po jego użyciu może zajść potrzeba ustawiania od nowa tapety (czyli prawoklik na ekranie>>właściwości, itd. )
Daj z niego raport z C:\Repport.txt

Instrukcja obsługi:
1. Zastartuj komputer do trybu awaryjnego co jest opisane TUTAJ.
(można spróbować najpierw usuwać w Trybie Normalnym -często to się udaje)
2.Uruchom SmitfraudFix.exe ( podwójnie go kliknij)
3. Zainicjuje się linia komend i dostaniesz pierwszy z ekranów z prośbą o "wciśniecie jakiegokolwiek klawisza by kontynuować" więc z klawiatury ENTER:
4. Dostaniesz menu wyboru opcji na niebieskim ekranie: wpisz 2 i naciśnij ENTER
5. Zostanie uruchomione czyszczenie właściwe rozpoczęte od zabicia procesu explorer.exe (zniknie Pulpit i pasek zadań).
Następnie padnie pytanie Do you want to clean the registry? - wpisz z klawiatury Y i ENTER,
co zainicjuje usuwania kluczyków i restrykcji tapetek.
6.W dalszej kolejności narzędzie sprawdzi czy plik wininet.dll jest zainfekowany a jeśli tak, to może paść pytanie o podmianę pliku,
o ile czystą kopię znaleziono: Replace infected file? = Y i ENTER. Jeśli „wininet” nie jest zarażony, to to zostanie pominięte.
7.Finalnie może być wymagany reset komputera by ukończyć sprzątanie.

Po wykonaniu tego daj nowego loga combofixa

0

Do góry

#7 Thial

Obserwator

6 postów

Napisano 01 05 2008 - 19:17

SmitFraudFix v2.319

Scan done at 19:06:03,96, 2008-05-01
Run from D:\Documents and Settings\Domino.BOGDANOW-48FC99\Pulpit\SmitfraudFix
OS: Microsoft Windows XP [Wersja 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!Attention, following keys are not inevitably infected!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 NtKrnlpa.info

127.0.0.1 localhost

87.106.12.132 l2authd.lineage2.com
216.107.250.194 nprotect.lineage2.com

127.0.0.1 dl2.teenpassage.com
127.0.0.1 ntkrnlpa.info

127.0.0.1 dl2.teenpassage.com
127.0.0.1 ntkrnlpa.info

127.0.0.1 dl2.teenpassage.com
127.0.0.1 ntkrnlpa.info

127.0.0.1 dl2.teenpassage.com
127.0.0.1 ntkrnlpa.info

127.0.0.1 dl2.teenpassage.com
127.0.0.1 ntkrnlpa.info

127.0.0.1 dl2.teenpassage.com
127.0.0.1 ntkrnlpa.info

127.0.0.1 dl2.teenpassage.com
127.0.0.1 ntkrnlpa.info

127.0.0.1 dl2.teenpassage.com
127.0.0.1 ntkrnlpa.info

127.0.0.1 dl2.teenpassage.com
127.0.0.1 ntkrnlpa.info

127.0.0.1 dl2.teenpassage.com
127.0.0.1 ntkrnlpa.info

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: 3Com EtherLink XL 10/100 PCI TX NIC (3C905B-TX) - Sterownik miniport Harmonogramu pakietów
DNS Server Search Order: 192.0.2.2
DNS Server Search Order: 192.0.2.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{578228EC-696A-4D5C-B3E5-0BB26DE9E2CC}: DhcpNameServer=192.0.2.2 192.0.2.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{578228EC-696A-4D5C-B3E5-0BB26DE9E2CC}: DhcpNameServer=192.0.2.2 192.0.2.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{578228EC-696A-4D5C-B3E5-0BB26DE9E2CC}: DhcpNameServer=192.0.2.2 192.0.2.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.0.2.2 192.0.2.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.0.2.2 192.0.2.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.0.2.2 192.0.2.1

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!Attention, following keys are not inevitably infected!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!Attention, following keys are not inevitably infected!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

ComboFix 08-04-26.3 - Domino 2008-05-01 19:11:42.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.191 [GMT 2:00]
Running from: D:\Documents and Settings\Domino.BOGDANOW-48FC99\Pulpit\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\Documents and Settings\Domino.BOGDANOW-48FC99\Menu Start\Programy\Outerinfo
D:\Documents and Settings\Domino.BOGDANOW-48FC99\Menu Start\Programy\Outerinfo\Terms.lnk
D:\Documents and Settings\Domino.BOGDANOW-48FC99\Menu Start\Programy\Outerinfo\Uninstall.lnk
D:\Documents and Settings\Domino.BOGDANOW-48FC99\Moje dokumenty\YMBOLS~1
D:\Documents and Settings\Domino.BOGDANOW-48FC99\Moje dokumenty\YMBOLS~1\w?aclt.exe
D:\Program Files\Common Files\Yazzle1560OinAdmin.exe
D:\Program Files\Common Files\Yazzle1560OinUninstaller.exe
D:\Program Files\inetget2
D:\Program Files\JavaCore
D:\Program Files\JavaCore\JavaCore.exe
D:\Program Files\JavaCore\UnInstall.exe
D:\Program Files\outerinfo
D:\Program Files\outerinfo\FF\chrome.manifest
D:\Program Files\outerinfo\FF\components\FF.dll
D:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt
D:\Program Files\outerinfo\FF\install.rdf
D:\Program Files\outerinfo\Terms.rtf
D:\WINDOWS\appatc~1
D:\WINDOWS\appatc~1\A?pPatch\
D:\WINDOWS\appatc~1\msiexec.exe
D:\WINDOWS\b128.exe
D:\WINDOWS\b152.exe
D:\WINDOWS\b999.exe
D:\WINDOWS\mrofinu1001186.exe
D:\WINDOWS\mrofinu1001186.exe.tmp

.
((((((((((((((((((((((((( Files Created from 2008-04-01 to 2008-05-01 )))))))))))))))))))))))))))))))
.

2008-05-01 19:06 . 2008-05-01 19:06 1,500 --a------ D:\WINDOWS\system32\tmp.reg
2008-05-01 19:05 . 2007-09-06 00:22 289,144 --a------ D:\WINDOWS\system32\VCCLSID.exe
2008-05-01 19:05 . 2006-04-27 17:49 288,417 --a------ D:\WINDOWS\system32\SrchSTS.exe
2008-05-01 19:05 . 2008-04-24 08:10 86,528 --a------ D:\WINDOWS\system32\VACFix.exe
2008-05-01 19:05 . 2008-04-28 08:03 82,944 --a------ D:\WINDOWS\system32\IEDFix.exe
2008-05-01 19:05 . 2008-04-28 08:03 82,944 --a------ D:\WINDOWS\system32\404Fix.exe
2008-05-01 19:05 . 2003-06-05 21:13 53,248 --a------ D:\WINDOWS\system32\Process.exe
2008-05-01 19:05 . 2004-07-31 18:50 51,200 --a------ D:\WINDOWS\system32\dumphive.exe
2008-05-01 19:05 . 2007-10-04 00:36 25,600 --a------ D:\WINDOWS\system32\WS2Fix.exe
2008-04-29 20:44 . 2008-04-30 13:36 <DIR> d-------- D:\Documents and Settings\Domino.BOGDANOW-48FC99\Dane aplikacji\skypePM
2008-04-29 20:44 . 2008-04-29 20:44 32 --a------ D:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\ezsid.dat
2008-04-29 20:41 . 2008-05-01 18:59 <DIR> d-------- D:\Documents and Settings\Domino.BOGDANOW-48FC99\Dane aplikacji\Skype
2008-04-29 20:39 . 2008-04-29 20:39 <DIR> d-------- D:\Program Files\Skype
2008-04-29 20:39 . 2008-04-29 20:39 <DIR> d-------- D:\Program Files\Common Files\Skype
2008-04-29 20:38 . 2008-04-29 20:39 <DIR> d-------- D:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Skype
2008-04-28 23:35 . 2008-04-28 23:39 <DIR> d-------- D:\Program Files\Power MP3 WMA Converter
2008-04-28 23:20 . 2008-04-28 23:40 221 --a------ D:\WINDOWS\wcx_ftp.ini
2008-04-28 23:15 . 2006-10-23 06:55 545 --a------ D:\WINDOWS\UC.PIF
2008-04-28 23:15 . 2006-10-23 06:55 545 --a------ D:\WINDOWS\RAR.PIF
2008-04-28 23:15 . 2006-10-23 06:55 545 --a------ D:\WINDOWS\PKZIP.PIF
2008-04-28 23:15 . 2006-10-23 06:55 545 --a------ D:\WINDOWS\PKUNZIP.PIF
2008-04-28 23:15 . 2006-10-23 06:55 545 --a------ D:\WINDOWS\NOCLOSE.PIF
2008-04-28 23:15 . 2006-10-23 06:55 545 --a------ D:\WINDOWS\LHA.PIF
2008-04-28 23:15 . 2006-10-23 06:55 545 --a------ D:\WINDOWS\ARJ.PIF
2008-04-28 23:15 . 2008-04-28 23:49 414 --a------ D:\WINDOWS\wincmd.ini
2008-04-28 18:19 . 2008-04-28 18:19 <DIR> d-------- D:\Documents and Settings\Mama\Dane aplikacji\MySpace
2008-04-28 15:38 . 2008-04-28 15:38 <DIR> d-------- D:\Documents and Settings\Domino.BOGDANOW-48FC99\Dane aplikacji\Musi[beeep]
2008-04-27 22:43 . 2008-04-27 22:43 <DIR> d-------- D:\Program Files\MySpace
2008-04-27 22:43 . 2008-04-27 22:43 <DIR> d-------- D:\Documents and Settings\Domino.BOGDANOW-48FC99\Dane aplikacji\MySpace
2008-04-27 18:18 . 2008-04-27 18:18 <DIR> d-------- D:\Documents and Settings\Mama\Dane aplikacji\Musi[beeep]
2008-04-27 17:05 . 2008-04-27 17:05 <DIR> d-------- D:\Program Files\Common Files\INCA Shared
2008-04-27 17:05 . 2003-07-18 14:17 5,174 --a------ D:\WINDOWS\system32\nppt9x.vxd
2008-04-27 17:05 . 2005-01-02 05:43 4,682 --a------ D:\WINDOWS\system32\npptNT2.sys
2008-04-24 15:54 . 2008-04-25 17:57 <DIR> d-------- D:\Program Files\DAEMON Tools
2008-04-24 15:54 . 2008-04-24 15:54 223,128 --a------ D:\WINDOWS\system32\drivers\dtscsi.sys
2008-04-24 15:51 . 2008-04-24 15:51 642,560 --a------ D:\WINDOWS\system32\drivers\sptd.sys
2008-04-24 15:51 . 2008-04-24 15:51 96,256 --a------ D:\WINDOWS\system32\drivers\sptd0381.sys
2008-04-23 12:04 . 2008-04-23 12:04 <DIR> d-------- D:\Documents and Settings\Domino.BOGDANOW-48FC99\Dane aplikacji\AdobeUM
2008-04-23 10:51 . 2002-09-23 05:41 <DIR> d-------- D:\Program Files\Common Files\Adobe
2008-04-22 19:34 . 2008-04-24 22:57 <DIR> d-------- D:\Program Files\Real Alternative
2008-04-22 19:17 . 2008-04-22 19:17 <DIR> d-------- D:\Program Files\Common Files\GTK
2008-04-22 19:11 . 2008-04-22 19:11 <DIR> d-------- D:\Program Files\GIMP-2.0
2008-04-22 16:49 . 2008-04-22 17:16 <DIR> d-------- D:\Program Files\a-squared Free
2008-04-22 05:47 . 2008-05-01 01:49 29,808 --a------ D:\WINDOWS\system32\BMXCtrlState-{00000000-00000000-0000000A-00001102-00000002-80641102}.rfx
2008-04-22 05:47 . 2008-05-01 01:49 29,808 --a------ D:\WINDOWS\system32\BMXBkpCtrlState-{00000000-00000000-0000000A-00001102-00000002-80641102}.rfx
2008-04-22 05:47 . 2008-05-01 01:49 17,500 --a------ D:\WINDOWS\system32\BMXStateBkp-{00000000-00000000-0000000A-00001102-00000002-80641102}.rfx
2008-04-22 05:47 . 2008-05-01 01:49 17,500 --a------ D:\WINDOWS\system32\BMXState-{00000000-00000000-0000000A-00001102-00000002-80641102}.rfx
2008-04-22 05:47 . 2008-05-01 01:49 1,080 --a------ D:\WINDOWS\system32\settingsbkup.sfm
2008-04-22 05:47 . 2008-05-01 01:49 1,080 --a------ D:\WINDOWS\system32\settings.sfm
2008-04-22 05:47 . 2008-05-01 01:49 24 --a------ D:\WINDOWS\system32\DVCStateBkp-{00000000-00000000-0000000A-00001102-00000002-80641102}.dat
2008-04-22 05:47 . 2008-05-01 01:49 24 --a------ D:\WINDOWS\system32\DVCState-{00000000-00000000-0000000A-00001102-00000002-80641102}.dat
2008-04-21 21:46 . 2008-05-01 18:57 3,374,371 --a------ D:\WINDOWS\{00000000-00000000-0000000A-00001102-00000002-80641102}.CDF
2008-04-21 21:40 . 2008-04-21 21:40 <DIR> d-------- D:\WINDOWS\system32\Data
2008-04-21 21:39 . 2001-05-28 13:47 32,768 --a------ D:\WINDOWS\system32\AudioHQU.cpl
2008-04-21 21:39 . 2001-05-28 13:47 12,288 --a------ D:\WINDOWS\system32\AHQCpURes.dll
2008-04-21 21:38 . 2008-04-26 13:46 <DIR> d--h----- D:\Program Files\InstallShield Installation Information
2008-04-21 21:38 . 2008-04-21 21:39 <DIR> d-------- D:\Program Files\Creative
2008-04-21 21:38 . 1999-12-17 01:00 6,752 --------- D:\WINDOWS\system32\PFMODNT.SYS
2008-04-21 16:46 . 2008-04-21 16:46 <DIR> d-------- D:\Program Files\Deluxe Ski Jump 3
2008-04-21 01:28 . 2008-05-01 01:48 112 --a------ D:\WINDOWS\VplayerINI.vpl
2008-04-20 01:12 . 2008-05-01 01:48 1,350 --a------ D:\WINDOWS\VPlayer.INI
2008-04-18 22:48 . 2008-04-30 12:45 7,168 --ahs---- D:\WINDOWS\Thumbs.db
2008-04-18 16:12 . 2008-04-18 16:12 <DIR> d-------- D:\Documents and Settings\Domino.BOGDANOW-48FC99\Dane aplikacji\Thinstall
2008-04-18 16:12 . 2008-04-18 16:12 0 --a------ D:\WINDOWS\nsreg.dat
2008-04-18 16:09 . 2003-03-18 22:20 1,060,864 --a------ D:\WINDOWS\system32\MFC71.dll
2008-04-18 08:20 . 2008-04-18 08:20 <DIR> d-------- D:\Program Files\YASA3GPVideoConverter
2008-04-18 04:35 . 2008-04-18 04:35 <DIR> d---s---- D:\Documents and Settings\Mama\UserData
2008-04-18 04:31 . 2008-05-01 19:13 <DIR> d--h----- D:\Documents and Settings\Mama\Ustawienia lokalne
2008-04-18 04:31 . 2008-04-18 06:28 <DIR> dr------- D:\Documents and Settings\Mama\Ulubione
2008-04-18 04:31 . 2008-04-17 08:21 <DIR> d--h----- D:\Documents and Settings\Mama\Szablony
2008-04-18 04:31 . 2008-04-18 19:48 <DIR> d-------- D:\Documents and Settings\Mama\Pulpit
2008-04-18 04:31 . 2008-04-18 04:32 <DIR> dr------- D:\Documents and Settings\Mama\Moje dokumenty
2008-04-18 04:31 . 2008-04-17 10:14 <DIR> dr------- D:\Documents and Settings\Mama\Menu Start
2008-04-18 04:31 . 2008-04-28 18:19 <DIR> dr-h----- D:\Documents and Settings\Mama\Dane aplikacji
2008-04-18 04:31 . 2008-04-18 04:35 <DIR> d-------- D:\Documents and Settings\Mama
2008-04-18 04:31 . 2008-05-01 18:56 1,024 --ah----- D:\Documents and Settings\Mama\NTUSER.DAT.LOG
2008-04-17 20:29 . 2008-04-18 04:31 <DIR> d-------- D:\WINDOWS\nview
2008-04-17 20:29 . 2008-03-15 07:43 208,896 --a------ D:\WINDOWS\system32\nvudisp.exe
2008-04-17 20:29 . 2008-05-01 18:57 88,566 --a------ D:\WINDOWS\system32\nvapps.xml
2008-04-17 20:29 . 2006-10-22 12:22 17,056 --a------ D:\WINDOWS\system32\nvdisp.nvu
2008-04-17 20:21 . 2006-10-22 15:06 208,896 --a------ D:\WINDOWS\system32\NVUNINST.EXE
2008-04-17 20:20 . 2008-04-21 21:38 <DIR> d-------- D:\Program Files\Common Files\InstallShield
2008-04-17 19:16 . 2008-04-17 19:16 <DIR> d---s---- D:\Documents and Settings\Domino.BOGDANOW-48FC99\UserData
2008-04-17 18:49 . 2008-04-17 18:49 <DIR> d-------- D:\Program Files\Easy GIF Animator
2008-04-17 18:10 . 2008-04-17 18:10 <DIR> d-------- D:\Documents and Settings\Domino.BOGDANOW-48FC99\Dane aplikacji\Gadu-Gadu
2008-04-17 18:09 . 2008-04-17 18:10 <DIR> d-------- D:\Documents and Settings\Domino.BOGDANOW-48FC99\Gadu-Gadu
2008-04-17 15:27 . 2008-04-30 21:02 <DIR> d-------- D:\Documents and Settings\Domino.BOGDANOW-48FC99\Dane aplikacji\gtk-2.0
2008-04-17 15:06 . 2008-04-17 15:06 <DIR> d-------- D:\Program Files\K-Lite Codec Pack
2008-04-17 15:06 . 2008-04-17 15:06 <DIR> d-------- D:\Documents and Settings\Domino.BOGDANOW-48FC99\Dane aplikacji\Media Player Classic
2008-04-17 14:56 . 2008-04-17 14:56 <DIR> d-------- D:\Documents and Settings\Domino.BOGDANOW-48FC99\.thumbnails
2008-04-17 14:54 . 2008-04-30 22:40 <DIR> d-------- D:\Documents and Settings\Domino.BOGDANOW-48FC99\.gimp-2.4
2008-04-17 14:38 . 2004-08-03 23:08 26,496 --a--c--- D:\WINDOWS\system32\dllcache\usbstor.sys
2008-04-15 14:38 . 2008-04-15 14:38 <DIR> d-------- D:\Program Files\Alwil Software

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-01 02:15 --------- d-----w D:\Program Files\Winamp
2008-04-18 15:06 --------- d-----w D:\Program Files\Gadu-Gadu
2008-04-17 06:27 --------- d-----w D:\Program Files\microsoft frontpage
2008-04-17 06:24 --------- d-----w D:\Program Files\Usługi online
2008-03-06 17:11 99,328 ----a-w D:\WINDOWS\system32\winscard.dll
2008-03-06 17:09 94,832 ----a-w D:\WINDOWS\twain.dll
2008-03-06 17:08 991,744 ----a-w D:\WINDOWS\system32\syssetup.dll
2008-03-06 17:07 996,352 ----a-w D:\WINDOWS\system32\setupapi.dll
2008-03-06 17:06 98,304 ----a-w D:\WINDOWS\system32\rtm.dll
2008-03-06 17:05 98,304 ----a-w D:\WINDOWS\system32\odbcint.dll
2008-03-06 17:04 94,208 ----a-w D:\WINDOWS\system32\netsh.exe
2008-03-06 17:03 91,776 ----a-w D:\WINDOWS\system32\drivers\ndiswan.sys
2008-03-06 17:02 997,888 ----a-w D:\WINDOWS\system32\msgina.dll
2008-03-06 17:01 98,816 ----a-w D:\WINDOWS\system32\loadperf.dll
2008-03-06 16:59 92,320 ----a-w D:\WINDOWS\system32\krnl386.exe
2008-03-06 16:58 99,840 ----a-w D:\WINDOWS\pchealth\helpctr\binaries\HelpHost.exe
2008-03-06 16:57 97,280 ----a-w D:\WINDOWS\system32\dpcdll.dll
2008-03-06 16:56 825,344 ----a-w D:\WINDOWS\system32\d3dim700.dll
2008-03-06 16:55 95,360 ----a-w D:\WINDOWS\system32\drivers\atapi.sys
2008-03-06 16:54 937,984 ----a-w D:\WINDOWS\system32\winbrand.dll
2008-02-12 19:55 575,530,568 ----a-w D:\Program Files\WOLF ET 2.60b.rar
2007-09-28 15:16 366 ----a-w D:\Program Files\Skrót do Program Files.lnk
2002-10-22 18:14 364,892 ----a-w D:\Program Files\wear_all_items.rar
2002-10-07 14:38 396,288 ----a-w D:\Program Files\BNetEditor.exe
2002-10-06 21:14 5,122,687 ----a-w D:\Program Files\LODPatch_110.exe
2002-10-06 20:49 5,713,057 ----a-w D:\Program Files\Hero_Editor_Full_V96.zip
.

------- Sigcheck -------

2008-03-06 18:58 1040896 b203781d5509ce237857d26e1339dcba D:\WINDOWS\explorer.exe

2008-03-06 18:56 22528 aa2abd388e6669d07727dbc848ab07ee D:\WINDOWS\system32\ctfmon.exe
.
((((((((((((((((((((((((((((( snapshot@2008-04-27_14.59.18,50 )))))))))))))))))))))))))))))))))))))))))
.
- 2002-09-23 10:17:47 2,048 --s-a-w D:\WINDOWS\bootstat.dat
+ 2008-05-01 02:05:54 2,048 --s-a-w D:\WINDOWS\bootstat.dat
- 2005-10-20 18:02:28 174,080 ----a-w D:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
+ 2005-10-20 18:02:28 163,328 ----a-w D:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
- 2000-08-31 06:00:00 37,376 ----a-w D:\WINDOWS\Nircmd.exe
+ 2000-08-31 06:00:00 28,160 ----a-w D:\WINDOWS\Nircmd.exe
- 2000-08-31 06:00:00 169,472 ----a-w D:\WINDOWS\swreg.exe
+ 2000-08-31 06:00:00 161,792 ----a-w D:\WINDOWS\swreg.exe
- 2002-09-23 10:17:51 16,384 ----a-w D:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-05-01 02:05:55 16,384 ----a-w D:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2002-09-23 10:17:51 32,768 ----a-w D:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat
+ 2008-05-01 02:05:55 32,768 ----a-w D:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat
- 2002-09-23 10:17:51 32,768 ----a-w D:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-01 02:05:55 32,768 ----a-w D:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat
+ 2007-03-07 23:51:00 9,336 ------w D:\WINDOWS\system32\drivers\cdr4_xp.sys
+ 2007-03-07 23:51:00 9,464 ------w D:\WINDOWS\system32\drivers\cdralw2k.sys
+ 2007-03-07 23:51:00 43,528 ------w D:\WINDOWS\system32\drivers\PxHelp20.sys
- 2008-04-18 02:31:24 98,256 ----a-w D:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-04-28 03:34:28 99,048 ----a-w D:\WINDOWS\system32\FNTCACHE.DAT
+ 2007-03-07 23:51:00 547,576 ------w D:\WINDOWS\system32\px.dll
+ 2007-03-07 23:51:00 129,784 ------w D:\WINDOWS\system32\pxafs.dll
+ 2007-03-07 23:51:00 64,760 ------w D:\WINDOWS\system32\pxcpya64.exe
+ 2007-03-07 23:51:00 510,712 ------w D:\WINDOWS\system32\pxdrv.dll
+ 2007-03-07 23:51:00 72,440 ------w D:\WINDOWS\system32\pxhpinst.exe
+ 2007-03-07 23:51:00 64,760 ------w D:\WINDOWS\system32\pxinsa64.exe
+ 2007-03-07 23:51:00 187,128 ------w D:\WINDOWS\system32\pxmas.dll
+ 2007-03-07 23:51:00 1,628,920 ------w D:\WINDOWS\system32\pxsfs.dll
+ 2007-03-07 23:51:00 379,640 ------w D:\WINDOWS\system32\pxwave.dll
- 2008-03-06 17:06:44 53,248 ----a-w D:\WINDOWS\system32\reg.exe
+ 2008-03-06 17:06:44 60,416 ----a-w D:\WINDOWS\system32\reg.exe
- 2008-03-06 17:07:48 132,608 ----a-w D:\WINDOWS\system32\sndrec32.exe
+ 2008-03-06 17:07:48 139,776 ----a-w D:\WINDOWS\system32\sndrec32.exe
+ 2007-03-07 23:51:00 39,672 ------w D:\WINDOWS\system32\vxblock.dll
- 2008-03-06 17:09:06 15,360 ----a-w D:\WINDOWS\TASKMAN.EXE
+ 2008-03-06 17:09:06 22,528 ----a-w D:\WINDOWS\TASKMAN.EXE
- 2008-03-06 17:09:20 25,600 ----a-w D:\WINDOWS\twunk_32.exe
+ 2008-03-06 17:09:20 32,768 ----a-w D:\WINDOWS\twunk_32.exe
- 2008-03-06 17:11:06 285,696 ----a-w D:\WINDOWS\winhlp32.exe
+ 2008-03-06 17:11:06 292,864 ----a-w D:\WINDOWS\winhlp32.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\ctfmon.exe" [2008-03-06 18:56 22528]
"Gadu-Gadu"="D:\Program Files\Gadu-Gadu\gg.exe" [2007-07-09 09:39 2119104]
"MSMSGS"="D:\Program Files\Messenger\msmsgs.exe" [2004-08-04 00:55 1674752]
"MySpaceIM"="D:\Program Files\MySpace\IM\MySpaceIM.exe" [2008-04-18 01:27 9125888]
"Skype"="D:\Program Files\Skype\Phone\Skype.exe" [2007-12-07 15:08 21686568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="D:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 12:22 1630208 D:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="D:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 12:22 86016]
"avast!"="D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2006-09-25 17:42 108160]
"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 17:56 32768 D:\WINDOWS\system32\CTHELPER.EXE]
"UpdReg"="D:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 98304]
"Jet Detection"="D:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 01:00 36864]
"DAEMON Tools"="D:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 16:57 133016]
"WinampAgent"="D:\Program Files\Winamp\winampa.exe" [2007-04-25 17:44 42496]
"runner1"="D:\WINDOWS\mrofinu1001186.exe" [2008-05-01 19:15 37376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\CTFMON.EXE" [2008-03-06 18:56 22528]
"JavaCore"="D:\Program Files\\JavaCore\\JavaCore.exe" [ ]
"Oobr"="D:\WINDOWS\APPATC~1\msiexec.exe" [ ]
"Pvrxd"="D:\Documents and Settings\Domino.BOGDANOW-48FC99\Moje dokumenty\?ymbols\w?aclt.exe" [ ]
"MySpaceIM"="D:\Program Files\MySpace\IM\MySpaceIM.exe" [2008-04-18 01:27 9125888]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Program Files\\Gadu-Gadu\\gg.exe"=
"D:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"D:\\Program Files\\Skype\\Phone\\Skype.exe"=

S3 dump_wmimmc;dump_wmimmc;D:\Lineage II\system\GameGuard\dump_wmimmc.sys []

.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-01 19:14:14
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

detected NTDLL code modification:
ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-01 19:16:22
ComboFix-quarantined-files.txt 2008-05-01 17:16:08
ComboFix2.txt 2008-04-27 13:00:11

Pre-Run: 7,342,782,976 bajtów wolnych
Post-Run: 7,449,753,600 bajtów wolnych

261

0

Do góry

#8 ordynat

Zaawansowany użytkownik

804 postów

Napisano 02 05 2008 - 16:05

To rzeczywiście dziwnie wygląda, bo powraca.
Zamknij robaczywe porty przy pomocy --> Windows Worms Doors Cleaner
Ustaw znaczki na zielono, Netbios może być na żółto.
Po użyciu narzędzia wymagany jest restart.

Potem:
Użyj -->SDFix. (niżej na stronie linku).
Pokaż Report.txt znajdujący się w folderze SDFix.

Potem:
Wklej do Notatnika:

File::
D:\WINDOWS\mrofinu1001186.exe

Driver::
dump_wmimmc

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"runner1"=-
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"JavaCore"=-
"Oobr"=-
"Pvrxd"=-

>>Plik>>Zapisz jako... >>> CFScript
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe
– podobnie jak na tym obrazku --> Dołączona grafika

Ma się rozpocząć usuwanie. (i powstanie log)
Po restarcie usuń ręcznie folder C:\Qoobox.

ordynat

0

Do góry

#9 Thial

Obserwator

6 postów

Napisano 04 05 2008 - 09:43

logu z sd fixa nie mam, ponieważ gdy chciałem włączyć kompa w trybie awaryjnym to cały czas migała ta biała kreska i nic sie dalej nie dzialo, prubowałem też w trybie z obsługą sieci i z wierszem polecenia. Też nic, podejżewam że to wirus tak mi namącił w kompie. A teraz cos wam pokaże, zaczęły mi sie uruchamiać jakies dziwne procesy mam je na screenie a niektorych nie. te ktorych nie ma to 17PHolmes1001186.exe, i pliki tmp w lokacji WINDOWS/TEMP takie jak DIL6.tmp DILA.tmp i różne inne (nigdy wcześniej tego nie było. A teraz zrzuty z mojego managera urządzeń:
Pierwszy screen, po "zablokowaniu portow" zaczęły mi sie pokazywać nieznane dotąd procesy (poniższy screen)

Dołączona grafika

Po wsadzeniu skryptu w Combo Fixa i rebocie pojawiło sie coś takiego (chyba ktoś sie na mnie uwziął)

Dołączona grafika

Patrzcie na nazwe procesu (catchme.tmp) na polski "złap mnie", pomózcie bo ja szału dostane z tym kompem :/

0

Do góry

#10 wncvirus

Leń !

851 postów

Napisano 04 05 2008 - 11:01

Daj log z combofixa.Sproboj je wyłączyć i powiedz czy jest jakaś różnica jak je wyłączysz.

0

Do góry

#11 Thial

Obserwator

6 postów

Napisano 06 05 2008 - 19:16

Po wyłączeniu dziwnych procesów komputer działa odrobinę szybciej, jednak dalej strasznie sie tnie. Po zalogowaniu sie na konto musze czekać ponad 10 minut aż zacznie działać mi internet i aż włączy sie chociażby gg, nawet jak wchodze w moj komputer to poki te 10 min nie minie to latarka sie wyswietla. Ponadto pojawił się stary provlem, a mianowicie przy włączaniu aplikacji wyświetla się przykładowo C:\program.exe nie jest prawidłową aplikacją systemu win32. Chciał bym jeszcze wiedzieć co mogło się stac że nie moge botować płytek. Normalnie zawsze miałem Boot from CD i pod spodem pisało naciśniecie dowolnego klawisza bla bla... Teraz natomiast mam 2x Boot from CD i komputer uruchamia się normalnie, windows ładuje się dużo dłużej niż zwykle. Log:

ComboFix 08-04-26.3 - Domino 2008-05-06 19:16:02.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.234 [GMT 2:00]
Running from: D:\Documents and Settings\Domino.BOGDANOW-48FC99\Pulpit\Aplikacje\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\Program Files\inetget2
D:\Program Files\inetget2\Installeur.exe
D:\Program Files\JavaCore
D:\Program Files\JavaCore\JavaCore.exe
D:\Program Files\JavaCore\UnInstall.exe
D:\WINDOWS\b152.exe

.
((((((((((((((((((((((((( Files Created from 2008-04-06 to 2008-05-06 )))))))))))))))))))))))))))))))
.

2008-05-04 15:59 . 2008-05-04 15:59 <DIR> d-------- D:\WINDOWS\system32\LogFiles
2008-05-04 15:59 . 2008-05-06 18:51 107,832 --a------ D:\WINDOWS\system32\PnkBstrB.exe
2008-05-04 15:59 . 2008-05-04 15:59 66,872 --a------ D:\WINDOWS\system32\PnkBstrA.exe
2008-05-04 15:59 . 2008-05-06 18:51 22,328 --a------ D:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-05-04 15:58 . 2008-05-06 18:27 36,864 --a------ D:\WINDOWS\system32\vcmgcd32.dll
2008-05-04 15:58 . 2008-05-06 18:51 17,878 --ah----- D:\WINDOWS\system32\vcmgcd32.dl_
2008-05-04 09:17 . 2008-05-04 09:17 <DIR> d-------- D:\WINDOWS\system32\mm3
2008-05-04 09:17 . 2008-05-04 09:17 <DIR> d-------- D:\WINDOWS\system32\gt1
2008-05-04 09:16 . 2008-05-04 09:16 <DIR> d-------- D:\WINDOWS\system32\bkEur04
2008-05-04 08:52 . 2008-05-04 09:00 <DIR> d-------- D:\SDFix
2008-05-02 18:26 . 2008-05-02 19:05 <DIR> d-------- D:\Program Files\DietMP3
2008-05-01 21:07 . 2008-05-01 21:07 <DIR> d-------- D:\Program Files\FontLab
2008-05-01 21:07 . 2008-05-01 21:07 <DIR> d-------- D:\Program Files\Common Files\FontLab
2008-05-01 19:06 . 2008-05-01 19:06 1,500 --a------ D:\WINDOWS\system32\tmp.reg
2008-05-01 19:05 . 2007-09-06 00:22 289,144 --a------ D:\WINDOWS\system32\VCCLSID.exe
2008-05-01 19:05 . 2006-04-27 17:49 288,417 --a------ D:\WINDOWS\system32\SrchSTS.exe
2008-05-01 19:05 . 2008-04-24 08:10 86,528 --a------ D:\WINDOWS\system32\VACFix.exe
2008-05-01 19:05 . 2008-04-28 08:03 82,944 --a------ D:\WINDOWS\system32\IEDFix.exe
2008-05-01 19:05 . 2008-04-28 08:03 82,944 --a------ D:\WINDOWS\system32\404Fix.exe
2008-05-01 19:05 . 2003-06-05 21:13 53,248 --a------ D:\WINDOWS\system32\Process.exe
2008-05-01 19:05 . 2004-07-31 18:50 51,200 --a------ D:\WINDOWS\system32\dumphive.exe
2008-05-01 19:05 . 2007-10-04 00:36 25,600 --a------ D:\WINDOWS\system32\WS2Fix.exe
2008-04-29 20:44 . 2008-05-02 12:19 <DIR> d-------- D:\Documents and Settings\Domino.BOGDANOW-48FC99\Dane aplikacji\skypePM
2008-04-29 20:44 . 2008-04-29 20:44 32 --a------ D:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\ezsid.dat
2008-04-29 20:41 . 2008-05-04 09:13 <DIR> d-------- D:\Documents and Settings\Domino.BOGDANOW-48FC99\Dane aplikacji\Skype
2008-04-29 20:39 . 2008-04-29 20:39 <DIR> d-------- D:\Program Files\Skype
2008-04-29 20:39 . 2008-04-29 20:39 <DIR> d-------- D:\Program Files\Common Files\Skype
2008-04-29 20:38 . 2008-04-29 20:39 <DIR> d-------- D:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Skype
2008-04-28 23:35 . 2008-04-28 23:39 <DIR> d-------- D:\Program Files\Power MP3 WMA Converter
2008-04-28 23:20 . 2008-04-28 23:40 221 --a------ D:\WINDOWS\wcx_ftp.ini
2008-04-28 23:15 . 2006-10-23 06:55 545 --a------ D:\WINDOWS\UC.PIF
2008-04-28 23:15 . 2006-10-23 06:55 545 --a------ D:\WINDOWS\RAR.PIF
2008-04-28 23:15 . 2006-10-23 06:55 545 --a------ D:\WINDOWS\PKZIP.PIF
2008-04-28 23:15 . 2006-10-23 06:55 545 --a------ D:\WINDOWS\PKUNZIP.PIF
2008-04-28 23:15 . 2006-10-23 06:55 545 --a------ D:\WINDOWS\NOCLOSE.PIF
2008-04-28 23:15 . 2006-10-23 06:55 545 --a------ D:\WINDOWS\LHA.PIF
2008-04-28 23:15 . 2006-10-23 06:55 545 --a------ D:\WINDOWS\ARJ.PIF
2008-04-28 23:15 . 2008-04-28 23:49 414 --a------ D:\WINDOWS\wincmd.ini
2008-04-28 18:19 . 2008-04-28 18:19 <DIR> d-------- D:\Documents and Settings\Mama\Dane aplikacji\MySpace
2008-04-28 15:38 . 2008-04-28 15:38 <DIR> d-------- D:\Documents and Settings\Domino.BOGDANOW-48FC99\Dane aplikacji\Musi[beeep]
2008-04-27 22:43 . 2008-04-27 22:43 <DIR> d-------- D:\Program Files\MySpace
2008-04-27 22:43 . 2008-04-27 22:43 <DIR> d-------- D:\Documents and Settings\Domino.BOGDANOW-48FC99\Dane aplikacji\MySpace
2008-04-27 18:18 . 2008-04-27 18:18 <DIR> d-------- D:\Documents and Settings\Mama\Dane aplikacji\Musi[beeep]
2008-04-27 17:05 . 2008-04-27 17:05 <DIR> d-------- D:\Program Files\Common Files\INCA Shared
2008-04-27 17:05 . 2003-07-18 14:17 5,174 --a------ D:\WINDOWS\system32\nppt9x.vxd
2008-04-27 17:05 . 2005-01-02 05:43 4,682 --a------ D:\WINDOWS\system32\npptNT2.sys
2008-04-24 15:54 . 2008-04-25 17:57 <DIR> d-------- D:\Program Files\DAEMON Tools
2008-04-24 15:54 . 2008-04-24 15:54 223,128 --a------ D:\WINDOWS\system32\drivers\dtscsi.sys
2008-04-24 15:51 . 2008-04-24 15:51 642,560 --a------ D:\WINDOWS\system32\drivers\sptd.sys
2008-04-24 15:51 . 2008-04-24 15:51 96,256 --a------ D:\WINDOWS\system32\drivers\sptd0381.sys
2008-04-23 12:04 . 2008-04-23 12:04 <DIR> d-------- D:\Documents and Settings\Domino.BOGDANOW-48FC99\Dane aplikacji\AdobeUM
2008-04-23 10:51 . 2002-09-23 05:41 <DIR> d-------- D:\Program Files\Common Files\Adobe
2008-04-22 19:34 . 2008-04-24 22:57 <DIR> d-------- D:\Program Files\Real Alternative
2008-04-22 19:17 . 2008-04-22 19:17 <DIR> d-------- D:\Program Files\Common Files\GTK
2008-04-22 19:11 . 2008-04-22 19:11 <DIR> d-------- D:\Program Files\GIMP-2.0
2008-04-22 16:49 . 2008-04-22 17:16 <DIR> d-------- D:\Program Files\a-squared Free
2008-04-22 05:47 . 2008-05-06 06:49 24,888 --a------ D:\WINDOWS\system32\BMXCtrlState-{00000000-00000000-0000000A-00001102-00000002-80641102}.rfx
2008-04-22 05:47 . 2008-05-06 06:49 24,888 --a------ D:\WINDOWS\system32\BMXBkpCtrlState-{00000000-00000000-0000000A-00001102-00000002-80641102}.rfx
2008-04-22 05:47 . 2008-05-06 06:49 16,420 --a------ D:\WINDOWS\system32\BMXStateBkp-{00000000-00000000-0000000A-00001102-00000002-80641102}.rfx
2008-04-22 05:47 . 2008-05-06 06:49 16,420 --a------ D:\WINDOWS\system32\BMXState-{00000000-00000000-0000000A-00001102-00000002-80641102}.rfx
2008-04-22 05:47 . 2008-05-06 06:49 1,080 --a------ D:\WINDOWS\system32\settingsbkup.sfm
2008-04-22 05:47 . 2008-05-06 06:49 1,080 --a------ D:\WINDOWS\system32\settings.sfm
2008-04-22 05:47 . 2008-05-06 06:49 24 --a------ D:\WINDOWS\system32\DVCStateBkp-{00000000-00000000-0000000A-00001102-00000002-80641102}.dat
2008-04-22 05:47 . 2008-05-06 06:49 24 --a------ D:\WINDOWS\system32\DVCState-{00000000-00000000-0000000A-00001102-00000002-80641102}.dat
2008-04-21 21:46 . 2008-05-05 13:45 3,374,371 --a------ D:\WINDOWS\{00000000-00000000-0000000A-00001102-00000002-80641102}.CDF
2008-04-21 21:40 . 2008-04-21 21:40 <DIR> d-------- D:\WINDOWS\system32\Data
2008-04-21 21:39 . 2001-05-28 13:47 32,768 --a------ D:\WINDOWS\system32\AudioHQU.cpl
2008-04-21 21:39 . 2001-05-28 13:47 12,288 --a------ D:\WINDOWS\system32\AHQCpURes.dll
2008-04-21 21:38 . 2008-04-26 13:46 <DIR> d--h----- D:\Program Files\InstallShield Installation Information
2008-04-21 21:38 . 2008-04-21 21:39 <DIR> d-------- D:\Program Files\Creative
2008-04-21 21:38 . 1999-12-17 01:00 6,752 --------- D:\WINDOWS\system32\PFMODNT.SYS
2008-04-21 16:46 . 2008-04-21 16:46 <DIR> d-------- D:\Program Files\Deluxe Ski Jump 3
2008-04-21 01:28 . 2008-05-06 01:12 107 --a------ D:\WINDOWS\VplayerINI.vpl
2008-04-20 01:12 . 2008-05-06 01:12 1,446 --a------ D:\WINDOWS\VPlayer.INI
2008-04-18 22:48 . 2008-05-06 19:14 7,168 --ahs---- D:\WINDOWS\Thumbs.db
2008-04-18 16:12 . 2008-04-18 16:12 <DIR> d-------- D:\Documents and Settings\Domino.BOGDANOW-48FC99\Dane aplikacji\Thinstall
2008-04-18 16:12 . 2008-04-18 16:12 0 --a------ D:\WINDOWS\nsreg.dat
2008-04-18 16:09 . 2003-03-18 22:20 1,060,864 --a------ D:\WINDOWS\system32\MFC71.dll
2008-04-18 08:20 . 2008-04-18 08:20 <DIR> d-------- D:\Program Files\YASA3GPVideoConverter
2008-04-18 04:35 . 2008-04-18 04:35 <DIR> d---s---- D:\Documents and Settings\Mama\UserData
2008-04-18 04:31 . 2008-05-06 19:19 <DIR> d--h----- D:\Documents and Settings\Mama\Ustawienia lokalne
2008-04-18 04:31 . 2008-04-18 06:28 <DIR> dr------- D:\Documents and Settings\Mama\Ulubione
2008-04-18 04:31 . 2008-04-17 08:21 <DIR> d--h----- D:\Documents and Settings\Mama\Szablony
2008-04-18 04:31 . 2008-04-18 19:48 <DIR> d-------- D:\Documents and Settings\Mama\Pulpit
2008-04-18 04:31 . 2008-04-18 04:32 <DIR> dr------- D:\Documents and Settings\Mama\Moje dokumenty
2008-04-18 04:31 . 2008-04-17 10:14 <DIR> dr------- D:\Documents and Settings\Mama\Menu Start
2008-04-18 04:31 . 2008-04-28 18:19 <DIR> dr-h----- D:\Documents and Settings\Mama\Dane aplikacji
2008-04-18 04:31 . 2008-04-18 04:35 <DIR> d-------- D:\Documents and Settings\Mama
2008-04-18 04:31 . 2008-05-06 19:15 1,024 --ah----- D:\Documents and Settings\Mama\NTUSER.DAT.LOG
2008-04-17 20:29 . 2008-04-18 04:31 <DIR> d-------- D:\WINDOWS\nview
2008-04-17 20:29 . 2008-03-15 07:43 208,896 --a------ D:\WINDOWS\system32\nvudisp.exe
2008-04-17 20:29 . 2008-05-05 13:45 88,566 --a------ D:\WINDOWS\system32\nvapps.xml
2008-04-17 20:29 . 2006-10-22 12:22 17,056 --a------ D:\WINDOWS\system32\nvdisp.nvu
2008-04-17 20:21 . 2006-10-22 15:06 208,896 --a------ D:\WINDOWS\system32\NVUNINST.EXE
2008-04-17 20:20 . 2008-04-21 21:38 <DIR> d-------- D:\Program Files\Common Files\InstallShield
2008-04-17 19:16 . 2008-04-17 19:16 <DIR> d---s---- D:\Documents and Settings\Domino.BOGDANOW-48FC99\UserData
2008-04-17 18:49 . 2008-04-17 18:49 <DIR> d-------- D:\Program Files\Easy GIF Animator
2008-04-17 18:10 . 2008-04-17 18:10 <DIR> d-------- D:\Documents and Settings\Domino.BOGDANOW-48FC99\Dane aplikacji\Gadu-Gadu
2008-04-17 18:09 . 2008-04-17 18:10 <DIR> d-------- D:\Documents and Settings\Domino.BOGDANOW-48FC99\Gadu-Gadu
2008-04-17 15:27 . 2008-05-06 17:37 <DIR> d-------- D:\Documents and Settings\Domino.BOGDANOW-48FC99\Dane aplikacji\gtk-2.0
2008-04-17 15:06 . 2008-04-17 15:06 <DIR> d-------- D:\Program Files\K-Lite Codec Pack
2008-04-17 15:06 . 2008-04-17 15:06 <DIR> d-------- D:\Documents and Settings\Domino.BOGDANOW-48FC99\Dane aplikacji\Media Player Classic
2008-04-17 14:56 . 2008-04-17 14:56 <DIR> d-------- D:\Documents and Settings\Domino.BOGDANOW-48FC99\.thumbnails
2008-04-17 14:54 . 2008-05-06 18:37 <DIR> d-------- D:\Documents and Settings\Domino.BOGDANOW-48FC99\.gimp-2.4
2008-04-17 14:38 . 2004-08-03 23:08 26,496 --a--c--- D:\WINDOWS\system32\dllcache\usbstor.sys
2008-04-15 14:38 . 2008-04-15 14:38 <DIR> d-------- D:\Program Files\Alwil Software

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-04 17:29 --------- d-----w D:\Program Files\CCleaner
2008-05-01 02:15 --------- d-----w D:\Program Files\Winamp
2008-04-18 15:06 --------- d-----w D:\Program Files\Gadu-Gadu
2008-04-17 06:27 --------- d-----w D:\Program Files\microsoft frontpage
2008-04-17 06:24 --------- d-----w D:\Program Files\Usługi online
2008-03-06 17:12 12,032 ----a-w D:\WINDOWS\system32\drivers\ws2ifsl.sys
2008-03-06 17:11 4,352 ----a-w D:\WINDOWS\system32\drivers\wmilib.sys
2008-03-06 17:08 80,256 ----a-w D:\WINDOWS\system32\drivers\parport.sys
2008-03-06 17:07 96,256 ----a-w D:\WINDOWS\system32\drivers\scsiport.sys
2008-03-06 17:07 67,584 ----a-w D:\WINDOWS\system32\drivers\sdbus.sys
2008-03-06 17:07 65,664 ----a-w D:\WINDOWS\system32\drivers\serial.sys
2008-03-06 17:07 27,440 ----a-w D:\WINDOWS\system32\drivers\secdrv.sys
2008-03-06 17:07 15,488 ----a-w D:\WINDOWS\system32\drivers\serenum.sys
2008-03-06 17:07 14,592 ----a-w D:\WINDOWS\system32\drivers\smclib.sys
2008-03-06 17:07 11,392 ----a-w D:\WINDOWS\system32\drivers\sfloppy.sys
2008-03-06 17:07 11,136 ----a-w D:\WINDOWS\system32\drivers\sffdisk.sys
2008-03-06 17:07 10,240 ----a-w D:\WINDOWS\system32\drivers\sffp_sd.sys
2008-03-06 17:05 68,608 ----a-w D:\WINDOWS\system32\drivers\pci.sys
2008-03-06 17:05 6,912 ----a-w D:\WINDOWS\system32\drivers\parvdm.sys
2008-03-06 17:05 3,456 ----a-w D:\WINDOWS\system32\drivers\oprghdlr.sys
2008-03-06 17:05 25,088 ----a-w D:\WINDOWS\system32\drivers\pciidex.sys
2008-03-06 17:05 18,688 ----a-w D:\WINDOWS\system32\drivers\partmgr.sys
2008-03-06 17:05 120,064 ----a-w D:\WINDOWS\system32\drivers\pcmcia.sys
2008-03-06 17:04 88,448 ----a-w D:\WINDOWS\system32\drivers\nwlnkipx.sys
2008-03-06 17:04 63,232 ----a-w D:\WINDOWS\system32\drivers\nwlnknb.sys
2008-03-06 17:04 574,592 ----a-w D:\WINDOWS\system32\drivers\ntfs.sys
2008-03-06 17:04 55,936 ----a-w D:\WINDOWS\system32\drivers\nwlnkspx.sys
2008-03-06 17:04 40,320 ----a-w D:\WINDOWS\system32\drivers\nmnt.sys
2008-03-06 17:04 34,560 ----a-w D:\WINDOWS\system32\drivers\netbios.sys
2008-03-06 17:04 32,512 ----a-w D:\WINDOWS\system32\drivers\nwlnkfwd.sys
2008-03-06 17:04 30,848 ----a-w D:\WINDOWS\system32\drivers\npfs.sys
2008-03-06 17:04 2,944 ----a-w D:\WINDOWS\system32\drivers\null.sys
2008-03-06 17:04 163,584 ----a-w D:\WINDOWS\system32\drivers\nwrdr.sys
2008-03-06 17:04 162,816 ----a-w D:\WINDOWS\system32\drivers\netbt.sys
2008-03-06 17:04 12,416 ----a-w D:\WINDOWS\system32\drivers\nwlnkflt.sys
2008-03-06 17:03 91,776 ----a-w D:\WINDOWS\system32\drivers\ndiswan.sys
2008-03-06 17:03 9,600 ----a-w D:\WINDOWS\system32\drivers\ndistapi.sys
2008-03-06 17:03 38,016 ----a-w D:\WINDOWS\system32\drivers\ndproxy.sys
2008-03-06 17:03 182,912 ----a-w D:\WINDOWS\system32\drivers\ndis.sys
2008-03-06 17:03 107,904 ----a-w D:\WINDOWS\system32\drivers\mup.sys
2008-03-06 17:02 72,960 ----a-w D:\WINDOWS\system32\drivers\mqac.sys
2008-03-06 17:02 451,456 ----a-w D:\WINDOWS\system32\drivers\mrxsmb.sys
2008-03-06 17:02 42,240 ----a-w D:\WINDOWS\system32\drivers\mountmgr.sys
2008-03-06 17:02 35,072 ----a-w D:\WINDOWS\system32\drivers\msgpc.sys
2008-03-06 17:02 19,072 ----a-w D:\WINDOWS\system32\drivers\msfs.sys
2008-03-06 17:02 181,248 ----a-w D:\WINDOWS\system32\drivers\mrxdav.sys
2008-03-06 17:01 7,680 ----a-w D:\WINDOWS\system32\drivers\mcd.sys
2008-03-06 17:01 4,224 ----a-w D:\WINDOWS\system32\drivers\mnmdd.sys
2008-03-06 16:59 92,032 ----a-w D:\WINDOWS\system32\drivers\ksecdd.sys
2008-03-06 16:59 74,752 ----a-w D:\WINDOWS\system32\drivers\ipsec.sys
2008-03-06 16:59 41,856 ----a-w D:\WINDOWS\system32\drivers\imapi.sys
2008-03-06 16:59 40,320 ----a-w D:\WINDOWS\system32\drivers\intelppm.sys
2008-03-06 16:59 36,224 ----a-w D:\WINDOWS\system32\drivers\isapnp.sys
2008-03-06 16:59 32,896 ----a-w D:\WINDOWS\system32\drivers\ipfltdrv.sys
2008-03-06 16:59 29,056 ----a-w D:\WINDOWS\system32\drivers\ip6fw.sys
2008-03-06 16:59 24,960 ----a-w D:\WINDOWS\system32\drivers\kbdclass.sys
2008-03-06 16:59 20,992 ----a-w D:\WINDOWS\system32\drivers\ipinip.sys
2008-03-06 16:59 134,912 ----a-w D:\WINDOWS\system32\drivers\ipnat.sys
2008-03-06 16:59 11,264 ----a-w D:\WINDOWS\system32\drivers\irenum.sys
2008-03-06 16:57 800,000 ----a-w D:\WINDOWS\system32\drivers\dmboot.sys
2008-03-06 16:56 49,664 ----a-w D:\WINDOWS\system32\drivers\classpnp.sys
2008-03-06 16:55 95,360 ----a-w D:\WINDOWS\system32\drivers\atapi.sys
2008-03-06 16:55 71,552 ----a-w D:\WINDOWS\system32\drivers\bridge.sys
2008-03-06 16:55 63,744 ----a-w D:\WINDOWS\system32\drivers\cdfs.sys
2008-03-06 16:55 59,904 ----a-w D:\WINDOWS\system32\drivers\atmarpc.sys
2008-03-06 16:55 55,936 ----a-w D:\WINDOWS\system32\drivers\atmlane.sys
2008-03-06 16:55 49,536 ----a-w D:\WINDOWS\system32\drivers\cdrom.sys
2008-03-06 16:55 4,224 ----a-w D:\WINDOWS\system32\drivers\beep.sys
2008-03-06 16:55 352,256 ----a-w D:\WINDOWS\system32\drivers\atmuni.sys
2008-03-06 16:55 31,360 ----a-w D:\WINDOWS\system32\drivers\atmepvc.sys
2008-03-06 16:55 14,336 ----a-w D:\WINDOWS\system32\drivers\asyncmac.sys
2008-03-06 16:55 13,952 ----a-w D:\WINDOWS\system32\drivers\cbidf2k.sys
2008-03-06 16:54 26,624 ----a-w D:\WINDOWS\system32\drivers\usbehci.sys
2008-03-06 16:54 188,672 ----a-w D:\WINDOWS\system32\drivers\acpi.sys
2008-03-06 16:54 138,496 ----a-w D:\WINDOWS\system32\drivers\afd.sys
2008-03-06 16:54 12,032 ----a-w D:\WINDOWS\system32\drivers\acpiec.sys
2008-02-12 19:55 575,530,568 ----a-w D:\Program Files\WOLF ET 2.60b.rar
2007-09-28 15:16 366 ----a-w D:\Program Files\Skrót do Program Files.lnk
2002-10-22 18:14 364,892 ----a-w D:\Program Files\wear_all_items.rar
2002-10-07 14:38 396,288 ----a-w D:\Program Files\BNetEditor.exe
2002-10-06 21:14 5,122,687 ----a-w D:\Program Files\LODPatch_110.exe
2002-10-06 20:49 5,713,057 ----a-w D:\Program Files\Hero_Editor_Full_V96.zip
.

------- Sigcheck -------

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\ctfmon.exe" [2008-03-06 18:56 22528]
"Gadu-Gadu"="D:\Program Files\Gadu-Gadu\gg.exe" [2007-07-09 09:39 2119104]
"MSMSGS"="D:\Program Files\Messenger\msmsgs.exe" [2004-08-04 00:55 1695232]
"MySpaceIM"="D:\Program Files\MySpace\IM\MySpaceIM.exe" [2008-04-18 01:27 9146368]
"Skype"="D:\Program Files\Skype\Phone\Skype.exe" [2007-12-07 15:08 21686568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="D:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 12:22 1650688 D:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="D:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 12:22 86016]
"avast!"="D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2006-09-25 17:42 108160]
"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 17:56 53248 D:\WINDOWS\system32\CTHELPER.EXE]
"UpdReg"="D:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 118784]
"Jet Detection"="D:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 01:00 57344]
"DAEMON Tools"="D:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 16:57 133016]
"WinampAgent"="D:\Program Files\Winamp\winampa.exe" [2007-04-25 17:44 62976]
"WinampAgent"="D:\Program Files\Winamp\winampa.exe" [2007-04-25 17:44 62976]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\CTFMON.EXE" [2008-03-06 18:56 22528]
"MySpaceIM"="D:\Program Files\MySpace\IM\MySpaceIM.exe" [2008-04-18 01:27 9146368]
"JavaCore"="D:\Program Files\\JavaCore\\JavaCore.exe" [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Program Files\\Gadu-Gadu\\gg.exe"=
"D:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"D:\\Program Files\\Skype\\Phone\\Skype.exe"=
"D:\\Program Files\\WOLF ET 2.60b\\ET.exe"=

*Newly Created Service* - PNKBSTRB
*Newly Created Service* - PNKBSTRK
.