Skocz do zawartości

r   e   k   l   a   m   a

Zdjęcie

Wirusy,wyskakujace okienka IE itp.


  • Zaloguj się, aby dodać odpowiedź
10 odpowiedzi w tym temacie

#1 rudik77

rudik77
  • Użytkownicy
  • 489 postów

Napisano 10.04.2007 - 17:28

Witam Serdecznie.
Mam problem z komputerem i to chyba powazniejsze problemy jak mi sie wydaje.Przeinstalowalem sobie Antywirusa i Nod32 znalazl mi pelno,ale to pelno syfu na kompie,z niektórymi sobie poradzil,a nie ktore nawet nie moge usunac w KillBoxie i w awaryjnym.Np folder DeluxeComunikations (sa tam 4pliki DXC,DXCcore.dll DXCbho.dll ) nie moge ich usunac i nod wyswietla mi,ze sa to wirusy,nie usuwa ich bo nie moze. Chyba Posiadam wiecej smieci,bo wyskakuja mi samoczynnie okienka IE i popy. Do tego sam odpala mi sie BearShare. Nie wiem co jest,mysle,ze to nic powaznego i bez formata sie dlej funkcjonowac.Daje Lg'a do sprawdzenie i czekam na opinie fachowców:

Logfile of HijackThis v1.99.1
Scan saved at 18:22:08, on 2007-04-10
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
D:\Instalki\Spyware\HijackThis1991.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://cookies/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - C:\Program Files\DeluxeCommunications\DxcBho.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: 0 - {C29B2F24-AB99-4F1D-F2BB-E4882A738A1A} - C:\Program Files\Windows Media Player\lavuga.dll
O2 - BHO: (no name) - {D33138B2-6C24-43CF-A9D1-B10DF2C488A4} - C:\Program Files\Internet Explorer\hoke.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MSF_Monitor] C:\PROGRA~1\MYSECR~1\MSFMON.exe /Start
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
O4 - HKCU\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
O4 - Global Startup: taskmgr.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: (no name) - {B46B0919-62BA-4D99-A5C4-916B57A6805C} - C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll,-103 - {B46B0919-62BA-4D99-A5C4-916B57A6805C} - C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: dxclib303562752.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Client IP-IPX - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000140 (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

Podpis został wyłączony przez Administratora.

#2 adam9870

adam9870
  • Użytkownicy
  • 14565 postów

Napisano 10.04.2007 - 19:39

Start => Uruchom => wpisz services.msc => zatrzymaj i wyłącz usługę Client IP-IPX.

Start => uruchom => wpisz polecenie:

C:\Program Files\DeluxeCommunications\Dxc.exe /u

dalej postępuj według wskazówek na ekranie.

W trybie awaryjnym z wyłączonym przywracaniem systemu usuń:

R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - C:\Program Files\DeluxeCommunications\DxcBho.dll
O2 - BHO: (no name) - {D33138B2-6C24-43CF-A9D1-B10DF2C488A4} - C:\Program Files\Internet Explorer\hoke.dll
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
O4 - HKCU\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
O4 - Global Startup: taskmgr.exe
O20 - AppInit_DLLs: dxclib303562752.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: Client IP-IPX - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000140 (file missing)

Pliki i foldery usuń ręcznie w trybie awaryjnym natomiast wpisy HijackThis.

Otwórz Notatnik i wklej w nim to:

REGEDIT4

[-HKEY_CURRENT_USER\Software\DeluxeCommunications]
[-HKEY_LOCAL_MACHINE\SOFTWARE\DeluxeCommunications]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\UrlSearchHooks]
"{A8BD6820-6ED7-423E-9558-2D1486B0FEEA}"=-

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\UrlSearchHooks]
"{A8BD6820-6ED7-423E-9558-2D1486B0FEEA}"=-
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=""

Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.REG >>> kliknij dwa razy na utworzony plik FIX.REG i potwierdź dodanie do rejestru >>> restart.

Po wykonaniu wklej nowy log z HijackThis, SilentRunners plus z ComboFix. Aby zrobić w nim log należy go uruchomić => nacisnąć klawisz Y => czekać cierpliwie i log powinien być w formie pliku .txt o nazwie combofix na partycji C.

#3 rudik77

rudik77
  • Użytkownicy
  • 489 postów

Napisano 10.04.2007 - 19:52

nie moge zrobic tego postepowania
Start => uruchom => wpisz polecenie:
C:\Program Files\DeluxeCommunications\Dxc.exe /u

wyskakuje mi komunikat,ze system nie moze odnalesc C:\Program Files\DeluxeCommunications\Dxc.exe /u mam sie upewnic czy jest dobzre wpiana.....
co z tym trzeba zrobic.??

Edit:

Po zrobieniu tych czynnosci alerty z wiadomoscia i wirusie sie nie pojawiaja, jest okej,tylko teraz jeszcze jeden problem,wyskakuja mi okienka i strony z html. Nie wiem co robic.. Zaraz zarzuce te dwa Logi.

EDIT 2

Po tym Combo.. na partycji C zrobily mi sie dwa foldery i wyskakuje mi alert,ze sa to zarazone pliki i nie moge ich w zaden sposob usunac,wiec przerwalem ta akcje.
zamieszczam SilentRunners:
"Silent Runners.vbs", revision R50, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"nod32kui" = ""C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE" ["Eset "]
"!AVG Anti-Spyware" = ""C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized" ["Anti-Malware Development a.s."]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"MSF_Monitor" = "C:\PROGRA~1\MYSECR~1\MSFMON.exe /Start" ["WinAbility® Software Corporation"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
  -> {HKLM...CLSID} = "AcroIEHlprObj Class"
                   \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}\(Default) = (no title provided)
  -> {HKLM...CLSID} = "Megaupload Toolbar"
                   \InProcServer32\(Default) = "C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL" ["MegaUpload"]
{C29B2F24-AB99-4F1D-F2BB-E4882A738A1A}\(Default) = "0"
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = "C:\Program Files\Windows Media Player\lavuga.dll" [file not found]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
  -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
                   \InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"
                   \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
  -> {HKLM...CLSID} = "WinRAR"
                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"
  -> {HKLM...CLSID} = "Moje foldery udostępniania"
                   \InProcServer32\(Default) = "C:\Program Files\MSN Messenger\fsshext.8.0.0792.00.dll" [MS]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
  -> {HKLM...CLSID} = "Microsoft Office Outlook"
                   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
  -> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook"
                   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
  -> {HKLM...CLSID} = "DesktopContext Class"
                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
  -> {HKLM...CLSID} = "NVIDIA CPL Extension"
                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
  -> {HKLM...CLSID} = "Desktop Explorer"
                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
  -> {HKLM...CLSID} = "nView Desktop Context Menu"
                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{0A0F10FC-1743-468b-A5B9-C251B727F6AF}" = "MSF"
  -> {HKLM...CLSID} = "MSF"
                   \InProcServer32\(Default) = "C:\Program Files\MySecretFolder XP\MSF32.DLL" ["WinAbility® Software Corporation"]
"{B089FE88-FB52-11D3-BDF1-0050DA34150D}" = "NOD32 Context Menu Shell Extension"
  -> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
                   \InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
<<!>> "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "AVG Anti-Spyware 7.5"
  -> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
                   \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" ["Anti-Malware Development a.s."]

HKLM\Software\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
  -> {HKLM...CLSID} = "PDF Shell Extension"
                   \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
  -> {HKLM...CLSID} = "CContextScan Object"
                   \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."]
MSF\(Default) = "{0A0F10FC-1743-468b-A5B9-C251B727F6AF}"
  -> {HKLM...CLSID} = "MSF"
                   \InProcServer32\(Default) = "C:\Program Files\MySecretFolder XP\MSF32.DLL" ["WinAbility® Software Corporation"]
NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"
  -> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
                   \InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  -> {HKLM...CLSID} = "WinRAR"
                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
  -> {HKLM...CLSID} = "CContextScan Object"
                   \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  -> {HKLM...CLSID} = "WinRAR"
                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
MSF\(Default) = "{0A0F10FC-1743-468b-A5B9-C251B727F6AF}"
  -> {HKLM...CLSID} = "MSF"
                   \InProcServer32\(Default) = "C:\Program Files\MySecretFolder XP\MSF32.DLL" ["WinAbility® Software Corporation"]
NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"
  -> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
                   \InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  -> {HKLM...CLSID} = "WinRAR"
                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be enabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "%APPDATA%\Microsoft\Internet Explorer\Tapeta programu Internet Explorer.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\CR7\Dane aplikacji\Microsoft\Internet Explorer\Tapeta programu Internet Explorer.bmp"

Active Desktop web content (hidden if disabled):

HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\0\
"FriendlyName" = ""
"Source" = "C:\Program Files\Windows Media Player\profsyrty.html"
"SubscribedURL" = ""


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
C:\WINDOWS\system32\imon.dll ["Eset "], 01 - 05, 17
%SystemRoot%\system32\mswsock.dll [MS], 06 - 08, 11 - 16
%SystemRoot%\system32\rsvpsp.dll [MS], 09 - 10


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}"
  -> {HKLM...CLSID} = "Megaupload Toolbar"
                   \InProcServer32\(Default) = "C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL" ["MegaUpload"]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
  -> {HKLM...CLSID} = "Yahoo! Toolbar"
                   \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" [file not found]

Explorer Bars

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\

HKLM\Software\Classes\CLSID\{175556B1-4D91-4E9A-9C4B-D6888D5DEE6C}\(Default) = "&Ramka Tłumaczenia"
Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]
InProcServer32\(Default) = "C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll" ["Techland"]

HKLM\Software\Classes\CLSID\{D553F157-2AB0-4B46-98D2-7BA7CA418491}\(Default) = "&Słownik Podręczny"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll" ["Techland"]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{08B0E5C0-4FCB-11CF-AAA5-00401C608501}"

{B46B0919-62BA-4D99-A5C4-916B57A6805C}\
"MenuText" = "@C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll,-103"
"CLSIDExtension" = "{B46B0919-62BA-4D99-A5C4-916B57A6805C}"
  -> {HKLM...CLSID} = "InternetTranslatorProperties Class"
                   \InProcServer32\(Default) = "C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll" ["Techland"]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]


Miscellaneous IE Hijack Points
------------------------------

C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")

Added lines (compared with English-language version):
: ˙ţ[ V e r s i o n ] 
 
:  S i g n a t u r e = " $ C H I C A G O $ " 
 
:  A d v a n c e d I N F = 2 . 5 , " Y o u   n e e d   a   n e w   v e r s i o n   o f   a d v p a c k . d l l " 
 
:  
 
:  [ R e s t o r e H o m e P a g e ] 
 
:  A d d R e g = R e s t o r e H o m e P a g e . r e g 
 
:  
 
:  [ R e s t o r e B r o w s e r S e t t i n g s ] 
 
:  A d d R e g = R e s t o r e B r o w s e r S e t t i n g s . r e g 
 
:  D e l R e g = D e l e t e T e m p l a t e s . r e g ,   D e l e t e A u t o s e a r c h . r e g 
 
:  
 
:  [ R e s t o r e H o m e P a g e . r e g ] 
 
:  H K C U , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t   E x p l o r e r \ M a i n " , " S t a r t   P a g e " , 0 , % S T A R T _ P A G E _ U R L % 
 
:  
 
:  [ R e s t o r e B r o w s e r S e t t i n g s . r e g ] 
 
:  H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t   E x p l o r e r \ M a i n " , " D e f a u l t _ P a g e _ U R L " , 0 , % S T A R T _ P A G E _ U R L % 
 
:  H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t   E x p l o r e r \ M a i n " , " D e f a u l t _ S e a r c h _ U R L " , 0 , % S E A R C H _ P A G E _ U R L % 
 
:  H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t   E x p l o r e r \ M a i n " , " S e a r c h   P a g e " , 0 , % S E A R C H _ P A G E _ U R L % 
 
:  H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t   E x p l o r e r \ M a i n \ U r l T e m p l a t e " , " 1 " , 0 , " w w w . % s . c o m " 
 
:  H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t   E x p l o r e r \ M a i n \ U r l T e m p l a t e " , " 2 " , 0 , " w w w . % s . o r g " 
 
:  H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t   E x p l o r e r \ M a i n \ U r l T e m p l a t e " , " 3 " , 0 , " w w w . % s . n e t " 
 
:  H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t   E x p l o r e r \ M a i n \ U r l T e m p l a t e " , " 4 " , 0 , " w w w . % s . e d u " 
 
:  H K C U , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t   E x p l o r e r \ M a i n " , " S e a r c h   P a g e " , 0 , % S E A R C H _ P A G E _ U R L % 
 
:  
 
:  ;   N O T E   ( a n d r e w g u )   i e 5 . 5   b # 1 0 8 2 5 9   -   a u t o s e a r c h   s e t t i n g s   a r e   n o t   p r o p e r l y   r e s e t 
 
:  H K C U , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t   E x p l o r e r \ S e a r c h U r l " , " P r o v i d e r " , 0 , " " 
 
:  
 
:                                                                                                                                                                                                                                                                      t m " 
 
:                                                                                                                                                                                                                                                                      t m " 
 
:  H K L M , " S o f t w a r e \ M i c r o s o f t \ W i n d o w s \ C u r r e n t V e r s i o n \ I n t e r n e t   S e t t i n g s \ S a f e S i t e s " , % S A F E S I T E _ V A L U E % , 0 , " h t t p : / / i e . s e a r c h . m s n . c o m / * " 
 
:  
 
:  [ D e l e t e T e m p l a t e s . r e g ] 
 
:  H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t   E x p l o r e r \ M a i n \ U r l T e m p l a t e " , " 5 " 
 
:  H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t   E x p l o r e r \ M a i n \ U r l T e m p l a t e " , " 6 " 
 
:  H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t   E x p l o r e r \ M a i n \ U r l T e m p l a t e " , " 7 " 
 
:  H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t   E x p l o r e r \ M a i n \ U r l T e m p l a t e " , " 8 " 
 
:  H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t   E x p l o r e r \ M a i n \ U r l T e m p l a t e " , " 9 " 
 
:  
 
:  [ D e l e t e A u t o s e a r c h . r e g ] 
 
:  ;   N O T E   ( a n d r e w g u )   i e 5 . 5   b # 1 0 8 2 5 9   -   a u t o s e a r c h   s e t t i n g s   a r e   n o t   p r o p e r l y   r e s e t 
 
:  H K C U , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t   E x p l o r e r \ M a i n " , " A u t o S e a r c h " 
 
:  
 
:  [ S t r i n g s ] 
 
:  S T A R T _ P A G E _ U R L = " h t t p : / / w w w . m i c r o s o f t . c o m / i s a p i / r e d i r . d l l ? p r d = i e & p v e r = 6 & a r = m s n h o m e " 
 
:  S E A R C H _ P A G E _ U R L = " h t t p : / / w w w . m i c r o s o f t . c o m / i s a p i / r e d i r . d l l ? p r d = i e & a r = i e s e a r c h " 
 
:  S A F E S I T E _ V A L U E = " i e . s e a r c h . m s n . c o m " 
 
:  
 
:  ;   I M P O R T A N T   N O T E : 
 
:  ;   I E   b r a n d i n g   d l l   ( i e d k c s 3 2 . d l l )   u s e s   t h e   f o l l o w i n g   e n t r i e s   t o   r e s t o r e   t h e   d e f a u l t   M S   v a l u e s . 
 
:  ;   I n   t h e   v a n i l l a   v e r s i o n   o f   I E ,   t h e   v a l u e s   m u s t   b e   t h e   s a m e   a s   t h e i r   c o r r e s p o n d i n g   n o n   M S _ *   v a l u e s . 
 
:  ;   F o r   e x a m p l e ,   S T A R T _ P A G E _ U R L   a n d   M S _ S T A R T _ P A G E _ U R L   m u s t   h a v e   t h e   s a m e   U R L   i n   t h e   I E   v e r s i o n   r e l e a s e d   b y   M S . 
 
:  M S _ S T A R T _ P A G E _ U R L = " h t t p : / / w w w . m i c r o s o f t . c o m / i s a p i / r e d i r . d l l ? p r d = i e & p v e r = 6 & a r = m s n h o m e " 
 
:  

Missing lines (compared with English-language version):
[Version]: 2 lines
[RestoreHomePage]: 1 line
[RestoreHomePage.reg]: 1 line
[RestoreBrowserSettings.reg]: 12 lines
[DeleteTemplates.reg]: 5 lines
[DeleteAutosearch.reg]: 1 line
[Strings]: 1 line
[RestoreBrowserSettings]: 2 lines
[Strings]: 3 lines


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

AVG Anti-Spyware Guard, AVG Anti-Spyware Guard, "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe" ["Anti-Malware Development a.s."]
NOD32 Kernel Service, NOD32krn, ""C:\Program Files\Eset\nod32krn.exe"" ["Eset "]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
ProtexisLicensing, ProtexisLicensing, "C:\WINDOWS\system32\PSIService.exe" [null data]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]


----------
<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
  launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
  DLL launch points, use the -supp parameter or answer "No" at the
  first message box and "Yes" at the second message box.
---------- (total run time: 84 seconds, including 2 seconds for message boxes)

Podpis został wyłączony przez Administratora.

#4 adam9870

adam9870
  • Użytkownicy
  • 14565 postów

Napisano 10.04.2007 - 20:32

Log czysty, komunikatami programów zabezpieczających informujących o tym, że ComboFix jest szkodliwy nie przejmuj się. A jeśli będą one przeszkadzać w wykonaniu loga - wyłącz je na czas tworzenia loga.

#5 rudik77

rudik77
  • Użytkownicy
  • 489 postów

Napisano 10.04.2007 - 20:40

a no to jeszcze jedna sprawa,wyskakuja mi okienka reklamowe i html.
Podpis został wyłączony przez Administratora.

#6 adam9870

adam9870
  • Użytkownicy
  • 14565 postów

Napisano 10.04.2007 - 20:56

Ok, ale bez loga z ComboFix'a nie podam Ci instrukcji usuwania ponieważ po prostu nie będę wiedział czy za to odpowiada syf, a jeśli tak to jaki i gdzie on jest.

#7 rudik77

rudik77
  • Użytkownicy
  • 489 postów

Napisano 10.04.2007 - 21:17

Prosze,wrzucam tego Loga ComboFix.

"CR7" - 07-04-10 22:13:26    Dodatek Service Pack 2
ComboFix 07-04-05 - Running from: "C:\Documents and Settings\CR7\Pulpit"


(((((((((((((((((((((((((((((((   Files Created from 2007-03-10 to 2007-04-10  ))))))))))))))))))))))))))))))))))


2007-04-10 18:58	3,968	--a------	C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-04-10 18:18	786,432	--ah-----	C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-04-10 18:18	<DIR>	dr-h-----	C:\DOCUME~1\ADMINI~1\Dane aplikacji
2007-04-10 18:18	<DIR>	dr-------	C:\DOCUME~1\ADMINI~1\Menu Start
2007-04-10 18:18	<DIR>	d--hs----	C:\WINDOWS\CSC
2007-04-10 18:18	<DIR>	d--hs----	C:\FOUND.001
2007-04-10 18:18	<DIR>	d--h-----	C:\DOCUME~1\ADMINI~1\Ustawienia lokalne
2007-04-10 18:18	<DIR>	d--h-----	C:\DOCUME~1\ADMINI~1\Szablony
2007-04-10 18:18	<DIR>	d--------	C:\DOCUME~1\ADMINI~1\Ulubione
2007-04-10 18:18	<DIR>	d--------	C:\DOCUME~1\ADMINI~1\Pulpit
2007-04-10 18:18	<DIR>	d--------	C:\DOCUME~1\ADMINI~1\Moje dokumenty
2007-04-10 18:02	<DIR>	d--------	C:\!KillBox
2007-04-10 17:49	512,096	--a------	C:\WINDOWS\system32\drivers\amon.sys
2007-04-10 17:49	298,104	--a------	C:\WINDOWS\system32\imon.dll
2007-04-10 17:49	15,424	--a------	C:\WINDOWS\system32\drivers\nod32drv.sys
2007-04-10 17:33	<DIR>	d--------	C:\Program Files\Common Files\Adobe Systems Shared
2007-04-10 17:33	<DIR>	d--------	C:\DOCUME~1\ALLUSE~1\DANEAP~1\Macrovision
2007-04-10 16:31	32,768	--a------	C:\DOCUME~1\CR7\setup9x.exe
2007-04-10 16:31	167	--a------	C:\DOCUME~1\CR7\7831.bat
2007-04-10 14:58	93,509	--a------	C:\WINDOWS\system32\install.exe
2007-04-10 14:58	167	--a------	C:\WINDOWS\system32\4353.bat
2007-04-10 14:57	8,464	--a------	C:\WINDOWS\system32\sporder.dll
2007-04-10 14:57	72,320	--a------	C:\WINDOWS\system32\drivers\core.sys
2007-04-10 14:57	41,792	--a------	C:\WINDOWS\system32\app.exe
2007-04-10 14:57	32,768	--a------	C:\WINDOWS\system32\setup9x.exe
2007-04-10 14:57	147,456	--a------	C:\WINDOWS\system32\vbzip10.dll
2007-04-10 14:57	105,434	--a------	C:\WINDOWS\VTTC.exe
2007-04-10 14:57	<DIR>	d--------	C:\WINDOWS\system32\micro1
2007-04-10 11:19	<DIR>	d--------	C:\Program Files\MySecretFolder XP
2007-04-05 21:45	<DIR>	d--------	C:\DOCUME~1\ALLUSE~1\DANEAP~1\InstallShield
2007-04-05 21:43	<DIR>	d--------	C:\Program Files\Common Files\Corel
2007-04-05 21:42	<DIR>	d--------	C:\Program Files\Corel
2007-04-05 13:28	<DIR>	d--------	C:\DOCUME~1\CR7\DANEAP~1\Corel
2007-04-05 13:20	<DIR>	d--------	C:\DOCUME~1\ALLUSE~1\DANEAP~1\Corel
2007-04-05 13:18	476,752	--a------	C:\DOCUME~1\ALLUSE~1\DANEAP~1\pswi_preloaded.exe
2007-04-05 13:17	5,018	--ahs----	C:\WINDOWS\system32\KGyGaAvL.sys
2007-04-05 13:17	168	-r-hs----	C:\WINDOWS\system32\82FF66A3FF.sys
2007-04-04 14:54	<DIR>	d--------	C:\DOCUME~1\CR7\DANEAP~1\Help
2007-04-03 17:22	679,936	--a------	C:\WINDOWS\system32\fun_mp4_enc.dll
2007-04-03 17:22	61,440	--a------	C:\WINDOWS\system32\mp4_vcodec.dll
2007-04-03 17:22	2,067,140	-ra------	C:\WINDOWS\system32\avcodec.dll
2007-04-03 17:22	<DIR>	d--------	C:\WINDOWS\system32\Samsung PC Studio Codecs
2007-04-03 17:20	94,000	--a------	C:\WINDOWS\system32\drivers\ss_mdm.sys
2007-04-03 17:19	8,304	--a------	C:\WINDOWS\system32\drivers\ss_mdfl.sys
2007-04-03 17:19	6,144	--a------	C:\WINDOWS\system32\drivers\ss_cmnt.sys
2007-04-03 17:19	6,144	--a------	C:\WINDOWS\system32\drivers\ss_cm.sys
2007-04-03 17:19	58,320	--a------	C:\WINDOWS\system32\drivers\ss_bus.sys
2007-04-03 17:19	5,808	--a------	C:\WINDOWS\system32\drivers\ss_whnt.sys
2007-04-03 17:19	5,808	--a------	C:\WINDOWS\system32\drivers\ss_wh.sys
2007-04-03 17:19	<DIR>	d--------	C:\WINDOWS\system32\Samsung_USB_Drivers
2007-04-03 17:19	<DIR>	d--------	C:\Program Files\Samsung
2007-04-01 12:13	<DIR>	d--------	C:\Program Files\Gra w ciemno
2007-03-28 07:34	245,760	---------	C:\WINDOWS\system32\DECO_32.DLL
2007-03-28 07:34	<DIR>	d--------	C:\Program Files\PWN
2007-03-26 00:13	<DIR>	d--------	C:\Program Files\Damian Pasternak
2007-03-25 18:02	2,560	--a------	C:\WINDOWS\_MSRSTRT.EXE
2007-03-25 18:00	<DIR>	d--------	C:\WINDOWS\system32\appmgmt
2007-03-25 17:46	36,864	---------	C:\WINDOWS\system32\wbsys.dll
2007-03-25 17:46	20,480	--a------	C:\WINDOWS\system32\wbload.dll
2007-03-24 22:12	5,504	---------	C:\WINDOWS\system32\drivers\imagedrv.sys
2007-03-24 22:12	125,184	---------	C:\WINDOWS\system32\drivers\imagesrv.sys
2007-03-24 22:10	476,320	---------	C:\WINDOWS\system32\ImagXpr7.dll
2007-03-24 22:10	471,040	---------	C:\WINDOWS\system32\ImagXRA7.dll
2007-03-24 22:10	262,144	---------	C:\WINDOWS\system32\ImagXR7.dll
2007-03-24 22:10	155,648	--a------	C:\WINDOWS\system32\NeroCheck.exe
2007-03-24 22:10	106,496	--a------	C:\WINDOWS\system32\TwnLib20.dll
2007-03-24 22:10	1,568,768	---------	C:\WINDOWS\system32\ImagX7.dll
2007-03-24 22:10	<DIR>	d--------	C:\Program Files\Common Files\Ahead
2007-03-24 22:10	<DIR>	d--------	C:\Program Files\Ahead
2007-03-24 11:23	<DIR>	d--------	C:\DOCUME~1\CR7\DANEAP~1\AdobeUM
2007-03-23 14:48	92,064	--a------	C:\DOCUME~1\CR7\mqdmmdm.sys
2007-03-23 14:48	9,232	--a------	C:\DOCUME~1\CR7\mqdmmdfl.sys
2007-03-23 14:48	79,328	--a------	C:\DOCUME~1\CR7\mqdmserd.sys
2007-03-23 14:48	66,656	--a------	C:\DOCUME~1\CR7\mqdmbus.sys
2007-03-23 14:48	6,208	--a------	C:\DOCUME~1\CR7\mqdmcmnt.sys
2007-03-23 14:48	5,936	--a------	C:\DOCUME~1\CR7\mqdmwhnt.sys
2007-03-23 14:48	4,048	--a------	C:\DOCUME~1\CR7\mqdmcr.sys
2007-03-23 14:46	<DIR>	d--------	C:\DOCUME~1\CR7\DANEAP~1\InstallShield
2007-03-23 14:41	25,600	--a------	C:\DOCUME~1\CR7\usbsermptxp.sys
2007-03-23 14:41	22,768	--a------	C:\DOCUME~1\CR7\usbsermpt.sys
2007-03-23 14:39	25,600	--a------	C:\WINDOWS\system32\drivers\usbser.sys
2007-03-23 13:14	237,568	--a------	C:\WINDOWS\system32\lame_enc.dll
2007-03-21 17:04	<DIR>	d--------	C:\Program Files\FireFly Studios
2007-03-21 12:46	<DIR>	d--------	C:\DOCUME~1\CR7\DANEAP~1\IDM
2007-03-21 12:46	<DIR>	d--------	C:\DOCUME~1\CR7\DANEAP~1\DMCache
2007-03-17 12:32	208,896	--a------	C:\WINDOWS\system32\nvudisp.exe
2007-03-17 12:32	<DIR>	d--------	C:\WINDOWS\nview
2007-03-17 12:31	<DIR>	d--------	C:\WINDOWS\system32\ReinstallBackups
2007-03-17 12:30	208,896	--a------	C:\WINDOWS\system32\NVUNINST.EXE
2007-03-17 12:29	<DIR>	d--------	C:\NVIDIA
2007-03-17 11:27	91	--a------	C:\WINDOWS\vmreg32.dll
2007-03-16 23:34	<DIR>	d--------	C:\DOCUME~1\ALLUSE~1\DANEAP~1\Yahoo! Companion
2007-03-15 14:41	<DIR>	d--------	C:\Program Files\Gimnazjum klasa 2 - Chemia
2007-03-15 14:38	327,168	--a------	C:\WINDOWS\IsUn0415.exe
2007-03-15 14:38	<DIR>	d--------	C:\Program Files\Gimnazjum klasa 3 - Chemia
2007-03-10 16:58	<DIR>	d---s----	C:\DOCUME~1\CR7\UserData
2007-03-10 14:51	5,632	--a------	C:\WINDOWS\system32\ptpusb.dll
2007-03-10 14:51	159,232	--a------	C:\WINDOWS\system32\ptpusd.dll
2007-03-10 14:51	15,104	--a------	C:\WINDOWS\system32\drivers\usbscan.sys
 
 
((((((((((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-04-10 18:13	96768	--a------	C:\WINDOWS\system32\dxclib303562752.vdll
2007-03-25 18:02	2560	--a------	C:\WINDOWS\_msrstrt.exe
2007-03-23 13:24	50968	--a------	C:\WINDOWS\system32\perfc015.dat
2007-03-23 13:24	359046	--a------	C:\WINDOWS\system32\perfh015.dat
2007-03-08 17:38	579072	--a------	C:\WINDOWS\system32\user32.dll
2007-03-08 17:38	40960	--a------	C:\WINDOWS\system32\mf3216.dll
2007-03-08 17:38	281600	--a------	C:\WINDOWS\system32\gdi32.dll
2007-03-08 17:37	1843840	--a------	C:\WINDOWS\system32\win32k.sys
2007-03-07 15:44	--------	d--------	C:\Program Files\cdex_150
2007-03-07 15:42	--------	d--------	C:\Program Files\cdex_151
2007-03-06 22:17	--------	d--------	C:\Program Files\techland
2007-03-04 01:43	1776	--a------	C:\WINDOWS\nsreg.dat
2007-03-03 17:35	--------	d--------	C:\Program Files\megauploadtoolbar
2007-03-03 17:35	--------	d--------	C:\DOCUME~1\CR7\DANEAP~1\megauploadtoolbar
2007-02-18 21:37	--------	d--------	C:\DOCUME~1\CR7\DANEAP~1\adobe
2007-02-18 00:39	--------	d--------	C:\DOCUME~1\CR7\DANEAP~1\sports interactive
2007-02-18 00:19	--------	d--------	C:\Program Files\d-tools
2007-02-17 11:38	14	--a------	C:\WINDOWS\system32\systeminfo32.sys
2007-02-15 16:19	--------	d--------	C:\Program Files\skype
2007-02-15 16:19	--------	d--------	C:\Program Files\Common Files\skype
2007-02-15 16:19	--------	d--------	C:\DOCUME~1\CR7\DANEAP~1\skype
2007-02-14 23:08	--------	d--------	C:\Program Files\bearshare
2007-02-14 17:16	--------	d--h-----	C:\Program Files\installshield installation information
2007-02-14 17:16	--------	d--------	C:\Program Files\mouse driver
2007-02-14 17:16	--------	d--------	C:\Program Files\Common Files\installshield
2007-02-14 12:50	--------	d--------	C:\Program Files\opera
2007-02-14 12:50	--------	d--------	C:\Program Files\java
2007-02-14 12:50	--------	d--------	C:\Program Files\Common Files\java
2007-02-14 12:46	--------	d--------	C:\Program Files\msn messenger
2007-02-14 12:40	--------	d--------	C:\Program Files\winamp
2007-02-14 12:39	--------	d--------	C:\Program Files\marbit
2007-02-14 12:38	--------	d--------	C:\Program Files\k-lite codec pack
2007-02-14 12:36	--------	d--------	C:\Program Files\ccleaner
2007-02-14 12:33	--------	d--------	C:\Program Files\Common Files\adobe
2007-02-14 12:26	10368	--a------	C:\WINDOWS\system32\drivers\pfc.sys
2007-02-14 12:26	--------	d--------	C:\Program Files\Common Files\acd systems
2007-02-14 12:24	--------	d--------	C:\Program Files\napi-projekt
2007-02-14 12:20	--------	d--------	C:\Program Files\gadu-gadu
2007-02-14 12:14	--------	d--------	C:\Program Files\konnekt
2007-02-14 12:06	499712	--a------	C:\WINDOWS\system32\msvcp71.dll
2007-02-14 12:06	348160	--a------	C:\WINDOWS\system32\msvcr71.dll
2007-02-14 11:34	0	-rahs----	C:\MSDOS.SYS
2007-02-14 11:34	0	-rahs----	C:\IO.SYS
2007-02-14 11:34	0	--a------	C:\CONFIG.SYS
2007-02-14 11:34	0	--a------	C:\AUTOEXEC.BAT
2007-02-14 11:34	--------	d--------	C:\Program Files\microsoft frontpage
2007-02-14 11:31	--------	d--h-----	C:\Program Files\windowsupdate
2007-02-14 11:31	--------	d--------	C:\Program Files\usˆugi online
2007-02-14 11:30	--------	d--------	C:\Program Files\movie maker
2007-02-14 11:30	--------	d--------	C:\Program Files\Common Files\mssoap
2007-02-14 11:29	21856	--a------	C:\WINDOWS\system32\emptyregdb.dat
2007-02-14 11:28	--------	d--------	C:\Program Files\msn gaming zone
2007-02-14 11:28	--------	d--------	C:\Program Files\messenger
2007-02-14 11:18	--------	d--------	C:\Program Files\Common Files\odbc
2007-02-14 11:17	62	--ahs----	C:\DOCUME~1\CR7\DANEAP~1\desktop.ini
 
 
((((((((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"nod32kui"="\"C:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE"
"MSConfig"="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\MSConfig.exe /auto"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Gamma Loader.lnk]
"path"="C:\\Documents and Settings\\All Users\\Menu Start\\Programy\\Autostart\\Adobe Gamma Loader.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Gamma Loader.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
"item"="Adobe Gamma Loader"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users\\Menu Start\\Programy\\Autostart\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^taskmgr.exe]
"path"="C:\\Documents and Settings\\All Users\\Menu Start\\Programy\\Autostart\\taskmgr.exe"
"backup"="C:\\WINDOWS\\pss\\taskmgr.exeCommon Startup"
"location"="Common Startup"
"command"="C:\\Documents and Settings\\All Users\\Menu Start\\Programy\\Autostart\\taskmgr.exe"
"item"="taskmgr"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^CR7^Menu Start^Programy^Autostart^Yahoo! Widget Engine.lnk]
"path"="C:\\Documents and Settings\\CR7\\Menu Start\\Programy\\Autostart\\Yahoo! Widget Engine.lnk"
"backup"="C:\\WINDOWS\\pss\\Yahoo! Widget Engine.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\Yahoo!\\YAHOO!~1\\YAHOOW~1.EXE "
"item"="Yahoo! Widget Engine"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="avgas"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BearShare"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\BearShare\\BearShare.exe\" /pause"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CreativeMouse ]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MouseDrv"
"hkey"="HKLM"
"command"="C:\\Program Files\\Mouse Driver\\MouseDrv.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\ctfmon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="daemon"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\D-Tools\\daemon.exe\"  -lang 1033"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeluxeCommunications]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Dxc"
"hkey"="HKLM"
"command"="C:\\Program Files\\DeluxeCommunications\\Dxc.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Konnekt]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="konnekt"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Konnekt\\konnekt.exe\" /autostart"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSF_Monitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MSFMON"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\MYSECR~1\\MSFMON.exe /Start"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msnmsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NEWDOT~2"
"hkey"="HKLM"
"command"="rundll32 C:\\PROGRA~1\\NEWDOT~1\\NEWDOT~2.DLL,ClientStartup -s"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvCpl"
"hkey"="HKLM"
"command"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvMcTray"
"hkey"="HKLM"
"command"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nwiz"
"hkey"="HKLM"
"command"="nwiz.exe /install"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Skype"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\j2re1.4.2_04\\bin\\jusched.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winupdates]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="winupdates"
"hkey"="HKLM"
"command"="C:\\Program Files\\winupdates\\winupdates.exe /auto"
"inimapping"="0"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
   Source	REG_SZ         	C:\Program Files\Windows Media Player\profsyrty.html

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
   Authentication Packages	REG_MULTI_SZ   	msv1_0\0\0
   Security Packages	REG_MULTI_SZ   	kerberos\0msv1_0\0schannel\0wdigest\0\0
   Notification Packages	REG_MULTI_SZ   	scecli\0\0

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter	REG_MULTI_SZ   	HTTPFilter\0\0
LocalService	REG_MULTI_SZ   	Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService	REG_MULTI_SZ   	DnsCache\0\0
DcomLaunch	REG_MULTI_SZ   	DcomLaunch\0TermService\0\0
rpcss	REG_MULTI_SZ   	RpcSs\0\0
imgsvc	REG_MULTI_SZ   	StiSvc\0\0
termsvcs	REG_MULTI_SZ   	TermService\0\0
Usnsvc	REG_MULTI_SZ   	usnsvc\0\0




~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

backup-20070410-210252-191 
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_48.dll (file missing)
backup-20070410-210226-738 
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
backup-20070410-210226-532 
O4 - HKCU\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
backup-20070410-210226-683 
O4 - HKLM\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
backup-20070410-210226-732 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
backup-20070410-210226-555 
R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - C:\Program Files\DeluxeCommunications\DxcBho.dll
backup-20070410-210226-822 
O2 - BHO: (no name) - {D33138B2-6C24-43CF-A9D1-B10DF2C488A4} - C:\Program Files\Internet Explorer\hoke.dll
backup-20070410-210226-449 
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://cookies/
backup-20070410-210226-690 
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
backup-20070410-210226-232 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = 
backup-20070410-210226-274 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
backup-20070410-193648-512 
O4 - HKCU\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
backup-20070410-193648-690 
O4 - HKCU\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
backup-20070410-193648-344 
O4 - HKLM\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
backup-20070410-193648-949 
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
backup-20070410-193510-752 
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_48.dll
backup-20070410-193510-211 
R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - C:\Program Files\DeluxeCommunications\DxcBho.dll
backup-20070410-173836-938 
R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - C:\Program Files\DeluxeCommunications\DxcBho.dll
backup-20070410-164532-216 
R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - C:\Program Files\DeluxeCommunications\DxcBho.dll
backup-20070410-164521-881 
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
backup-20070410-164505-818 
O4 - Global Startup: taskmgr.exe
backup-20070410-164505-112 
O4 - HKCU\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
backup-20070410-164505-157 
O3 - Toolbar: &Tłumaczenie - {0D704FAD-66E9-4F0A-BFED-4F665770DDB3} - C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll
backup-20070410-164505-837 
O4 - HKLM\..\RunServices: [p2p networking] p2pnetworking.exe
backup-20070410-164505-165 
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
backup-20070410-164505-151 
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
backup-20070410-164505-905 
O4 - HKLM\..\Run: [p2p networking] p2pnetworking.exe
backup-20070410-164505-476 
O2 - BHO: Plugin - {C318CD44-E327-4377-A28E-6EC16A921AE8} - C:\Program Files\Web Buying\v1.6.8\webbuying.dll (file missing)
backup-20070410-164505-642 
O4 - HKLM\..\Run: [bantool] C:\WINDOWS\system32\micro1\b9.exe
backup-20070410-164505-595 
O4 - HKLM\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
backup-20070410-164505-488 
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
backup-20070410-164505-836 
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_48.dll
backup-20070410-164505-885 
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
backup-20070410-164505-896 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
backup-20070410-164505-979 
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.phazeddl.com/
backup-20070410-164505-676 
R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - C:\Program Files\DeluxeCommunications\DxcBho.dll
backup-20070128-141443-486 
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
backup-20070128-141443-779 
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
backup-20070128-141443-937 
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
backup-20070128-141443-770 
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
backup-20070113-003720-674 
O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000137 (file missing)
backup-20061217-113357-478 
O4 - HKLM\..\RunServices: [winlog] winlog.exe
backup-20061217-113357-649 
O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - (no file)
backup-20061217-113357-431 
O2 - BHO: (no name) - {A87C97A6-7DEA-452B-9EDD-3471E1D1AC3E} - (no file)
backup-20061217-113357-706 
O2 - BHO: (no name) - {7D593456-CE40-4F17-921B-8717A3BBB60E} - (no file)
backup-20061207-195301-836 
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
backup-20061207-195301-172 
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
backup-20061129-163059-904 
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
backup-20061117-135258-212 
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
backup-20060928-233822-333 
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset\nod32krn.exe
backup-20060928-233822-870 
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
backup-20060928-233822-733 
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
backup-20060928-233822-534 
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
backup-20060928-233821-540 
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
backup-20060928-233821-655 
O9 - Extra button: AOL Instant Messenger (TM) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\WINDOWS\system32\shdocvw.dll
backup-20060928-233821-437 
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
backup-20060928-233821-573 
F2 - REG:system.ini: Shell=explorer.exe 
backup-20060928-233821-324 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
backup-20060928-233821-752 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
backup-20060819-010438-554 
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
backup-20060819-010438-753 
O23 - Service: Registry Management Service (RegManServ) - Unknown owner - C:\Program Files\Advanced Registry Doctor\RegManServ.exe (file missing)
backup-20060819-010438-559 
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
backup-20060819-010438-675 
O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - (no file)
backup-20060819-010438-852 
O2 - BHO: IECatcher Class - {B930BA63-9E5A-11D3-A288-0000E80E2EDE} - C:\Program Files\Mass Downloader\MDHELPER.DLL
backup-20060819-010438-500 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
backup-20060819-010438-457 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
backup-20060819-010438-792 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
backup-20060703-230919-167 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
backup-20060703-230919-209 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
backup-20060703-230919-989 
O4 - HKLM\..\Run: [KasowaniePlikowTymczasowych] cmd /c del/s/q %windir%\temp
backup-20060625-213733-137 
O2 - BHO: Nothing - {5f4c3d09-b3b9-4f88-aa82-31332fee1c08} - C:\WINDOWS\system32\hp100.tmp
backup-20060625-213717-136 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
backup-20060625-213717-157 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
backup-20060615-003931-590 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
backup-20060615-003926-713 
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.globosoft.info/globobar.cab
backup-20060615-003827-755 
O2 - BHO: ticont.MyBHO - {F365382D-CF21-45BA-80CF-B868C6ED9634} - C:\WINDOWS\system32\ticont.dll (file missing)
backup-20060614-200618-719 
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
backup-20060611-005601-692 
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
backup-20060610-004850-206 
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
backup-20060609-101626-670 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wpisz własny tekst który ukaże się na belce Internet Explorera
backup-20060602-214758-922 
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
backup-20060602-214758-845 
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TXJvemV3aWN6\command.exe (file missing)
backup-20060602-214757-576 
O20 - Winlogon Notify: ShellServiceObjectDelayLoad - C:\WINDOWS\system32\o4pq0e75eh.dll
backup-20060602-214756-208 
O4 - HKCU\..\Run: [imwo] C:\PROGRA~1\COMMON~1\imwo\imwom.exe
backup-20060602-214756-478 
O4 - HKCU\..\Run: [Krjnny] C:\PROGRA~1\COMMON~1\CURITY~1\SRSS~1.EXE
backup-20060602-212851-868 
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.com/1/sux.cab
backup-20060602-212851-245 
R3 - URLSearchHook: (no name) - {3ED9D0C8-6950-58FC-2976-3FB6031CACCD} - C:\WINDOWS\system32\iael.dll
backup-20060602-212851-131 
O3 - Toolbar: Search - {a19ef336-01d4-48e6-926a-fe7e1c747aed} - C:\WINDOWS\system32\azesearch4.ocx (file missing)
backup-20060602-212851-376 
F2 - REG:system.ini: Shell=explorer.exe 
backup-20060602-212851-383 
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
backup-20060602-212851-747 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
backup-20060602-212851-779 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
backup-20060602-212851-863 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
backup-20060602-212851-957 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
backup-20060602-212851-142 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
backup-20060602-212851-968 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
backup-20060602-155412-640 
O3 - Toolbar: Search - {a19ef336-01d4-48e6-926a-fe7e1c747aed} - C:\WINDOWS\system32\azesearch4.ocx
backup-20060602-132202-818 
O4 - HKCU\..\Run: [SYSTEM] mirc.exe
backup-20060602-132150-954 
O13 - WWW Prefix: http://www.holidayistanbul.net/?
backup-20060531-180041-328 
O20 - Winlogon Notify: Setup - C:\WINDOWS\system32\sondcmsg.dll
backup-20060531-180039-939 
O4 - HKCU\..\Run: [VoipStunt] "c:\program files\voipstunt.com\voipstunt\voipstunt.exe" -nosplash -minimized
backup-20060531-180039-134 
O4 - HKCU\..\Run: [Tsai] C:\Documents and Settings\Marcinus\Dane aplikacji\?dobe\r?ndll.exe
backup-20060531-180039-892 
O4 - HKCU\..\Run: [ruuw] C:\PROGRA~1\COMMON~1\ruuw\ruuwm.exe
backup-20060531-180039-510 
O4 - HKLM\..\Run: [keyboard] c:\\keyboard24.exe
backup-20060531-180039-462 
O4 - HKCU\..\Run: [Aepe] "C:\PROGRA~1\SEMBLY~1\winspool.exe" -vt yazr
backup-20060531-180039-202 
O4 - HKLM\..\Run: [newname] c:\\newname24.exe
backup-20060531-180039-559 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
backup-20060531-180039-517 
O4 - HKLM\..\Run: [defender] c:\\defender24.exe
backup-20060531-180039-870 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
backup-20060531-180039-382 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
backup-20060531-180039-649 
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
backup-20060531-180039-848 
O4 - HKLM\..\Run: [tguard] C:\Program Files\Beniamin\tguard.exe
backup-20060531-180039-695 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
backup-20060531-180039-902 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
backup-20060531-180039-474 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
backup-20060528-221229-545 
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
backup-20060528-221229-283 
F2 - REG:system.ini: Shell=explorer.exe 
backup-20060506-173557-371 
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
backup-20060429-175432-380 
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
backup-20060428-151955-484 
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
backup-20060428-151955-962 
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
backup-20060413-142756-532 
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
backup-20060413-142646-798 
O23 - Service: PC Tools Spyware Doctor (SDhelper) - Unknown owner - C:\Program Files\Spyware Doctor\sdhelp.exe (file missing)
backup-20060410-153559-811 
O23 - Service: PC Tools Spyware Doctor (SDhelper) - Unknown owner - C:\Program Files\Spyware Doctor\sdhelp.exe (file missing)
backup-20060410-153559-206 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
backup-20050625-001401-806 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
backup-20050625-001401-718 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
backup-20050620-163007-891 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
backup-20050620-163007-982 
O2 - BHO: (no name) - {B5D4581D-ED6A-4905-A267-25BAF7BE79C1} - (no file)
backup-20050620-163007-974 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
backup-20050620-000001-259 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
backup-20050620-000000-931 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 

********************************************************************

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-04-10 22:16:32
C:\ComboFix-quarantined-files.txt ... 07-04-10 22:16


Złączono Posta: 11.04.2007 (Sro) 15:31
Tak jak chciales wstawilem ten Log ComboFix,mozesz cos wiecej jak pozbyć sie tych okienke reklamowych i stron które wyskakuja gdy jest wlaczony net.?
Podpis został wyłączony przez Administratora.

#8 adam9870

adam9870
  • Użytkownicy
  • 14565 postów

Napisano 11.04.2007 - 14:43

2007-04-10 18:13 96768 --a------ C:\WINDOWS\system32\dxclib303562752.vdll

Usuń ten plik ręcznie w trybie awaryjnym.

2007-04-10 16:31 32,768 --a------ C:\DOCUME~1\CR7\setup9x.exe
2007-04-10 16:31 167 --a------ C:\DOCUME~1\CR7\7831.bat
2007-04-10 14:58 93,509 --a------ C:\WINDOWS\system32\install.exe
2007-04-10 14:57 41,792 --a------ C:\WINDOWS\system32\app.exe
2007-04-10 14:57 32,768 --a------ C:\WINDOWS\system32\setup9x.exe
2007-04-05 13:17 168 -r-hs---- C:\WINDOWS\system32\82FF66A3FF.sys


Przeskanuj dla pewności te pliki na stronie http://virusscan.jotti.org/ lub http://www.virustotal.com/ a jeśli okażą się szkodliwe - usuń je ręcznie w trybie awaryjnym.

Otwórz Notatnik i wklej w nim to:

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeluxeCommunications]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winupdates]

Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.REG >>> kliknij dwa razy na utworzony plik FIX.REG i potwierdź dodanie do rejestru >>> restart.

Korzystając z opcji View the list of backups w Hijacku przywróć poprawne wpisy tj.

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O3 - Toolbar: &Tłumaczenie - {0D704FAD-66E9-4F0A-BFED-4F665770DDB3} - C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O9 - Extra button: AOL Instant Messenger ™ - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Registry Management Service (RegManServ) - Unknown owner - C:\Program Files\Advanced Registry Doctor\RegManServ.exe (file missing)
O2 - BHO: IECatcher Class - {B930BA63-9E5A-11D3-A288-0000E80E2EDE} - C:\Program Files\Mass Downloader\MDHELPER.DLL
O4 - HKCU\..\Run: [VoipStunt] "c:\program files\voipstunt.com\voipstunt\voipstunt.exe" -nosplash -minimized
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O23 - Service: PC Tools Spyware Doctor (SDhelper) - Unknown owner - C:\Program Files\Spyware Doctor\sdhelp.exe (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - Unknown owner - C:\Program Files\Spyware Doctor\sdhelp.exe (file missing)


Po wykonaniu zdaj relacje i wklej nowy log z hijacka i combofixa.

#9 rudik77

rudik77
  • Użytkownicy
  • 489 postów

Napisano 11.04.2007 - 15:33

Siemka.
Cały czas sa te problemy,wyskakuja cały czas reklamy i okienka,co mam robic HELP
nowe Logi:

"CR7" - 07-04-11 16:25:10    Dodatek Service Pack 2
ComboFix 07-04-05 - Running from: "C:\Documents and Settings\CR7\Pulpit"


(((((((((((((((((((((((((((((((   Files Created from 2007-03-11 to 2007-04-11  ))))))))))))))))))))))))))))))))))


2007-04-11 14:00	<DIR>	d--hs----	C:\WINDOWS\ftpcache
2007-04-11 10:25	<DIR>	d--------	C:\Program Files\RapidUploader
2007-04-11 07:21	<DIR>	d--------	C:\Program Files\RegistryFix
2007-04-11 07:12	1,168	--a------	C:\WINDOWS\mozver.dat
2007-04-10 18:58	3,968	--a------	C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-04-10 18:18	786,432	--ah-----	C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-04-10 18:18	<DIR>	dr-h-----	C:\DOCUME~1\ADMINI~1\Dane aplikacji
2007-04-10 18:18	<DIR>	dr-------	C:\DOCUME~1\ADMINI~1\Menu Start
2007-04-10 18:18	<DIR>	d--hs----	C:\WINDOWS\CSC
2007-04-10 18:18	<DIR>	d--hs----	C:\FOUND.001
2007-04-10 18:18	<DIR>	d--h-----	C:\DOCUME~1\ADMINI~1\Ustawienia lokalne
2007-04-10 18:18	<DIR>	d--h-----	C:\DOCUME~1\ADMINI~1\Szablony
2007-04-10 18:18	<DIR>	d--------	C:\DOCUME~1\ADMINI~1\Ulubione
2007-04-10 18:18	<DIR>	d--------	C:\DOCUME~1\ADMINI~1\Pulpit
2007-04-10 18:18	<DIR>	d--------	C:\DOCUME~1\ADMINI~1\Moje dokumenty
2007-04-10 18:02	<DIR>	d--------	C:\!KillBox
2007-04-10 17:49	512,096	--a------	C:\WINDOWS\system32\drivers\amon.sys
2007-04-10 17:49	298,104	--a------	C:\WINDOWS\system32\imon.dll
2007-04-10 17:49	15,424	--a------	C:\WINDOWS\system32\drivers\nod32drv.sys
2007-04-10 17:33	<DIR>	d--------	C:\Program Files\Common Files\Adobe Systems Shared
2007-04-10 17:33	<DIR>	d--------	C:\DOCUME~1\ALLUSE~1\DANEAP~1\Macrovision
2007-04-10 14:58	167	--a------	C:\WINDOWS\system32\4353.bat
2007-04-10 14:57	8,464	--a------	C:\WINDOWS\system32\sporder.dll
2007-04-10 14:57	72,320	--a------	C:\WINDOWS\system32\drivers\core.sys
2007-04-10 14:57	32,768	--a------	C:\WINDOWS\system32\setup9x.exe
2007-04-10 14:57	147,456	--a------	C:\WINDOWS\system32\vbzip10.dll
2007-04-10 14:57	105,434	--a------	C:\WINDOWS\VTTC.exe
2007-04-10 14:57	<DIR>	d--------	C:\WINDOWS\system32\micro1
2007-04-10 11:19	<DIR>	d--------	C:\Program Files\MySecretFolder XP
2007-04-05 21:45	<DIR>	d--------	C:\DOCUME~1\ALLUSE~1\DANEAP~1\InstallShield
2007-04-05 21:43	<DIR>	d--------	C:\Program Files\Common Files\Corel
2007-04-05 21:42	<DIR>	d--------	C:\Program Files\Corel
2007-04-05 13:28	<DIR>	d--------	C:\DOCUME~1\CR7\DANEAP~1\Corel
2007-04-05 13:20	<DIR>	d--------	C:\DOCUME~1\ALLUSE~1\DANEAP~1\Corel
2007-04-05 13:18	476,752	--a------	C:\DOCUME~1\ALLUSE~1\DANEAP~1\pswi_preloaded.exe
2007-04-05 13:17	5,018	--ahs----	C:\WINDOWS\system32\KGyGaAvL.sys
2007-04-05 13:17	168	-r-hs----	C:\WINDOWS\system32\82FF66A3FF.sys
2007-04-04 14:54	<DIR>	d--------	C:\DOCUME~1\CR7\DANEAP~1\Help
2007-04-03 17:22	679,936	--a------	C:\WINDOWS\system32\fun_mp4_enc.dll
2007-04-03 17:22	61,440	--a------	C:\WINDOWS\system32\mp4_vcodec.dll
2007-04-03 17:22	2,067,140	-ra------	C:\WINDOWS\system32\avcodec.dll
2007-04-03 17:22	<DIR>	d--------	C:\WINDOWS\system32\Samsung PC Studio Codecs
2007-04-03 17:20	94,000	--a------	C:\WINDOWS\system32\drivers\ss_mdm.sys
2007-04-03 17:19	8,304	--a------	C:\WINDOWS\system32\drivers\ss_mdfl.sys
2007-04-03 17:19	6,144	--a------	C:\WINDOWS\system32\drivers\ss_cmnt.sys
2007-04-03 17:19	6,144	--a------	C:\WINDOWS\system32\drivers\ss_cm.sys
2007-04-03 17:19	58,320	--a------	C:\WINDOWS\system32\drivers\ss_bus.sys
2007-04-03 17:19	5,808	--a------	C:\WINDOWS\system32\drivers\ss_whnt.sys
2007-04-03 17:19	5,808	--a------	C:\WINDOWS\system32\drivers\ss_wh.sys
2007-04-03 17:19	<DIR>	d--------	C:\WINDOWS\system32\Samsung_USB_Drivers
2007-04-03 17:19	<DIR>	d--------	C:\Program Files\Samsung
2007-04-01 12:13	<DIR>	d--------	C:\Program Files\Gra w ciemno
2007-03-28 07:34	245,760	---------	C:\WINDOWS\system32\DECO_32.DLL
2007-03-28 07:34	<DIR>	d--------	C:\Program Files\PWN
2007-03-26 00:13	<DIR>	d--------	C:\Program Files\Damian Pasternak
2007-03-25 18:02	2,560	--a------	C:\WINDOWS\_MSRSTRT.EXE
2007-03-25 18:00	<DIR>	d--------	C:\WINDOWS\system32\appmgmt
2007-03-25 17:46	36,864	---------	C:\WINDOWS\system32\wbsys.dll
2007-03-25 17:46	20,480	--a------	C:\WINDOWS\system32\wbload.dll
2007-03-24 22:12	5,504	---------	C:\WINDOWS\system32\drivers\imagedrv.sys
2007-03-24 22:12	125,184	---------	C:\WINDOWS\system32\drivers\imagesrv.sys
2007-03-24 22:10	476,320	---------	C:\WINDOWS\system32\ImagXpr7.dll
2007-03-24 22:10	471,040	---------	C:\WINDOWS\system32\ImagXRA7.dll
2007-03-24 22:10	262,144	---------	C:\WINDOWS\system32\ImagXR7.dll
2007-03-24 22:10	155,648	--a------	C:\WINDOWS\system32\NeroCheck.exe
2007-03-24 22:10	106,496	--a------	C:\WINDOWS\system32\TwnLib20.dll
2007-03-24 22:10	1,568,768	---------	C:\WINDOWS\system32\ImagX7.dll
2007-03-24 22:10	<DIR>	d--------	C:\Program Files\Common Files\Ahead
2007-03-24 22:10	<DIR>	d--------	C:\Program Files\Ahead
2007-03-24 11:23	<DIR>	d--------	C:\DOCUME~1\CR7\DANEAP~1\AdobeUM
2007-03-23 14:48	92,064	--a------	C:\DOCUME~1\CR7\mqdmmdm.sys
2007-03-23 14:48	9,232	--a------	C:\DOCUME~1\CR7\mqdmmdfl.sys
2007-03-23 14:48	79,328	--a------	C:\DOCUME~1\CR7\mqdmserd.sys
2007-03-23 14:48	66,656	--a------	C:\DOCUME~1\CR7\mqdmbus.sys
2007-03-23 14:48	6,208	--a------	C:\DOCUME~1\CR7\mqdmcmnt.sys
2007-03-23 14:48	5,936	--a------	C:\DOCUME~1\CR7\mqdmwhnt.sys
2007-03-23 14:48	4,048	--a------	C:\DOCUME~1\CR7\mqdmcr.sys
2007-03-23 14:46	<DIR>	d--------	C:\DOCUME~1\CR7\DANEAP~1\InstallShield
2007-03-23 14:41	25,600	--a------	C:\DOCUME~1\CR7\usbsermptxp.sys
2007-03-23 14:41	22,768	--a------	C:\DOCUME~1\CR7\usbsermpt.sys
2007-03-23 14:39	25,600	--a------	C:\WINDOWS\system32\drivers\usbser.sys
2007-03-23 13:14	237,568	--a------	C:\WINDOWS\system32\lame_enc.dll
2007-03-21 17:04	<DIR>	d--------	C:\Program Files\FireFly Studios
2007-03-21 12:46	<DIR>	d--------	C:\DOCUME~1\CR7\DANEAP~1\IDM
2007-03-21 12:46	<DIR>	d--------	C:\DOCUME~1\CR7\DANEAP~1\DMCache
2007-03-17 12:32	208,896	--a------	C:\WINDOWS\system32\nvudisp.exe
2007-03-17 12:32	<DIR>	d--------	C:\WINDOWS\nview
2007-03-17 12:31	<DIR>	d--------	C:\WINDOWS\system32\ReinstallBackups
2007-03-17 12:30	208,896	--a------	C:\WINDOWS\system32\NVUNINST.EXE
2007-03-17 12:29	<DIR>	d--------	C:\NVIDIA
2007-03-17 11:27	91	--a------	C:\WINDOWS\vmreg32.dll
2007-03-16 23:34	<DIR>	d--------	C:\DOCUME~1\ALLUSE~1\DANEAP~1\Yahoo! Companion
2007-03-15 14:41	<DIR>	d--------	C:\Program Files\Gimnazjum klasa 2 - Chemia
2007-03-15 14:38	327,168	--a------	C:\WINDOWS\IsUn0415.exe
2007-03-15 14:38	<DIR>	d--------	C:\Program Files\Gimnazjum klasa 3 - Chemia
 
 
((((((((((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-03-25 18:02	2560	--a------	C:\WINDOWS\_msrstrt.exe
2007-03-23 13:24	50968	--a------	C:\WINDOWS\system32\perfc015.dat
2007-03-23 13:24	359046	--a------	C:\WINDOWS\system32\perfh015.dat
2007-03-08 17:38	579072	--a------	C:\WINDOWS\system32\user32.dll
2007-03-08 17:38	40960	--a------	C:\WINDOWS\system32\mf3216.dll
2007-03-08 17:38	281600	--a------	C:\WINDOWS\system32\gdi32.dll
2007-03-08 17:37	1843840	--a------	C:\WINDOWS\system32\win32k.sys
2007-03-07 15:44	--------	d--------	C:\Program Files\cdex_150
2007-03-07 15:42	--------	d--------	C:\Program Files\cdex_151
2007-03-06 22:17	--------	d--------	C:\Program Files\techland
2007-03-04 01:43	1776	--a------	C:\WINDOWS\nsreg.dat
2007-03-03 17:35	--------	d--------	C:\Program Files\megauploadtoolbar
2007-03-03 17:35	--------	d--------	C:\DOCUME~1\CR7\DANEAP~1\megauploadtoolbar
2007-02-18 21:37	--------	d--------	C:\DOCUME~1\CR7\DANEAP~1\adobe
2007-02-18 00:39	--------	d--------	C:\DOCUME~1\CR7\DANEAP~1\sports interactive
2007-02-18 00:19	--------	d--------	C:\Program Files\d-tools
2007-02-17 11:38	14	--a------	C:\WINDOWS\system32\systeminfo32.sys
2007-02-15 16:19	--------	d--------	C:\Program Files\skype
2007-02-15 16:19	--------	d--------	C:\Program Files\Common Files\skype
2007-02-15 16:19	--------	d--------	C:\DOCUME~1\CR7\DANEAP~1\skype
2007-02-14 23:08	--------	d--------	C:\Program Files\bearshare
2007-02-14 17:16	--------	d--h-----	C:\Program Files\installshield installation information
2007-02-14 17:16	--------	d--------	C:\Program Files\mouse driver
2007-02-14 17:16	--------	d--------	C:\Program Files\Common Files\installshield
2007-02-14 12:50	--------	d--------	C:\Program Files\opera
2007-02-14 12:50	--------	d--------	C:\Program Files\java
2007-02-14 12:50	--------	d--------	C:\Program Files\Common Files\java
2007-02-14 12:46	--------	d--------	C:\Program Files\msn messenger
2007-02-14 12:40	--------	d--------	C:\Program Files\winamp
2007-02-14 12:39	--------	d--------	C:\Program Files\marbit
2007-02-14 12:38	--------	d--------	C:\Program Files\k-lite codec pack
2007-02-14 12:36	--------	d--------	C:\Program Files\ccleaner
2007-02-14 12:33	--------	d--------	C:\Program Files\Common Files\adobe
2007-02-14 12:26	10368	--a------	C:\WINDOWS\system32\drivers\pfc.sys
2007-02-14 12:26	--------	d--------	C:\Program Files\Common Files\acd systems
2007-02-14 12:24	--------	d--------	C:\Program Files\napi-projekt
2007-02-14 12:20	--------	d--------	C:\Program Files\gadu-gadu
2007-02-14 12:14	--------	d--------	C:\Program Files\konnekt
2007-02-14 12:06	499712	--a------	C:\WINDOWS\system32\msvcp71.dll
2007-02-14 12:06	348160	--a------	C:\WINDOWS\system32\msvcr71.dll
2007-02-14 11:34	0	-rahs----	C:\MSDOS.SYS
2007-02-14 11:34	0	-rahs----	C:\IO.SYS
2007-02-14 11:34	0	--a------	C:\CONFIG.SYS
2007-02-14 11:34	0	--a------	C:\AUTOEXEC.BAT
2007-02-14 11:34	--------	d--------	C:\Program Files\microsoft frontpage
2007-02-14 11:31	--------	d--h-----	C:\Program Files\windowsupdate
2007-02-14 11:31	--------	d--------	C:\Program Files\usˆugi online
2007-02-14 11:30	--------	d--------	C:\Program Files\movie maker
2007-02-14 11:30	--------	d--------	C:\Program Files\Common Files\mssoap
2007-02-14 11:29	21856	--a------	C:\WINDOWS\system32\emptyregdb.dat
2007-02-14 11:28	--------	d--------	C:\Program Files\msn gaming zone
2007-02-14 11:28	--------	d--------	C:\Program Files\messenger
2007-02-14 11:18	--------	d--------	C:\Program Files\Common Files\odbc
2007-02-14 11:17	62	--ahs----	C:\DOCUME~1\CR7\DANEAP~1\desktop.ini
 
 
((((((((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Twoje TVN24"=""
"VoipStunt"="\"c:\\program files\\voipstunt.com\\voipstunt\\voipstunt.exe\" -nosplash -minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"nod32kui"="\"C:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Gamma Loader.lnk]
"backup"="C:\\WINDOWS\\pss\\Adobe Gamma Loader.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
"item"="Adobe Gamma Loader"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^taskmgr.exe]
"location"="Common Startup"
"item"="taskmgr"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^CR7^Menu Start^Programy^Autostart^Yahoo! Widget Engine.lnk]
"backup"="C:\\WINDOWS\\pss\\Yahoo! Widget Engine.lnkStartup"
"location"="Startup"
"item"="Yahoo! Widget Engine"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="avgas"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BearShare"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\BearShare\\BearShare.exe\" /pause"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CreativeMouse ]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MouseDrv"
"hkey"="HKLM"
"command"="C:\\Program Files\\Mouse Driver\\MouseDrv.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\ctfmon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="daemon"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\D-Tools\\daemon.exe\"  -lang 1033"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Konnekt]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="konnekt"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Konnekt\\konnekt.exe\" /autostart"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSF_Monitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MSFMON"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\MYSECR~1\\MSFMON.exe /Start"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msnmsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvCpl"
"hkey"="HKLM"
"command"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvMcTray"
"hkey"="HKLM"
"command"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nwiz"
"hkey"="HKLM"
"command"="nwiz.exe /install"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Skype"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\j2re1.4.2_04\\bin\\jusched.exe"
"inimapping"="0"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
   Source	REG_SZ         	C:\Program Files\Windows Media Player\profsyrty.html

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
   Authentication Packages	REG_MULTI_SZ   	msv1_0\0\0
   Security Packages	REG_MULTI_SZ   	kerberos\0msv1_0\0schannel\0wdigest\0\0
   Notification Packages	REG_MULTI_SZ   	scecli\0\0

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter	REG_MULTI_SZ   	HTTPFilter\0\0
LocalService	REG_MULTI_SZ   	Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService	REG_MULTI_SZ   	DnsCache\0\0
DcomLaunch	REG_MULTI_SZ   	DcomLaunch\0TermService\0\0
rpcss	REG_MULTI_SZ   	RpcSs\0\0
imgsvc	REG_MULTI_SZ   	StiSvc\0\0
termsvcs	REG_MULTI_SZ   	TermService\0\0
Usnsvc	REG_MULTI_SZ   	usnsvc\0\0




~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

backup-20070411-145157-794 
O2 - BHO: 0 - {C29B2F24-AB99-4F1D-F2BB-E4882A738A1A} - (no file)
backup-20070411-145157-890 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
backup-20070411-145157-910 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
backup-20070410-210252-191 
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_48.dll (file missing)
backup-20070410-210226-738 
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
backup-20070410-210226-532 
O4 - HKCU\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
backup-20070410-210226-683 
O4 - HKLM\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
backup-20070410-210226-690 
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
backup-20070410-210226-555 
R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - C:\Program Files\DeluxeCommunications\DxcBho.dll
backup-20070410-210226-732 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
backup-20070410-210226-822 
O2 - BHO: (no name) - {D33138B2-6C24-43CF-A9D1-B10DF2C488A4} - C:\Program Files\Internet Explorer\hoke.dll
backup-20070410-210226-449 
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://cookies/
backup-20070410-210226-232 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = 
backup-20070410-210226-274 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
backup-20070410-193648-690 
O4 - HKCU\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
backup-20070410-193648-512 
O4 - HKCU\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
backup-20070410-193648-344 
O4 - HKLM\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
backup-20070410-193648-949 
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
backup-20070410-193510-752 
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_48.dll
backup-20070410-193510-211 
R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - C:\Program Files\DeluxeCommunications\DxcBho.dll
backup-20070410-173836-938 
R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - C:\Program Files\DeluxeCommunications\DxcBho.dll
backup-20070410-164532-216 
R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - C:\Program Files\DeluxeCommunications\DxcBho.dll
backup-20070410-164521-881 
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
backup-20070410-164505-818 
O4 - Global Startup: taskmgr.exe
backup-20070410-164505-112 
O4 - HKCU\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
backup-20070410-164505-151 
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
backup-20070410-164505-837 
O4 - HKLM\..\RunServices: [p2p networking] p2pnetworking.exe
backup-20070410-164505-165 
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
backup-20070410-164505-476 
O2 - BHO: Plugin - {C318CD44-E327-4377-A28E-6EC16A921AE8} - C:\Program Files\Web Buying\v1.6.8\webbuying.dll (file missing)
backup-20070410-164505-488 
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
backup-20070410-164505-642 
O4 - HKLM\..\Run: [bantool] C:\WINDOWS\system32\micro1\b9.exe
backup-20070410-164505-595 
O4 - HKLM\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
backup-20070410-164505-905 
O4 - HKLM\..\Run: [p2p networking] p2pnetworking.exe
backup-20070410-164505-836 
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_48.dll
backup-20070410-164505-896 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
backup-20070410-164505-979 
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.phazeddl.com/
backup-20070410-164505-676 
R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - C:\Program Files\DeluxeCommunications\DxcBho.dll
backup-20070128-141443-779 
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
backup-20070128-141443-937 
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
backup-20070128-141443-770 
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
backup-20070113-003720-674 
O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000137 (file missing)
backup-20061217-113357-478 
O4 - HKLM\..\RunServices: [winlog] winlog.exe
backup-20061217-113357-649 
O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - (no file)
backup-20061217-113357-431 
O2 - BHO: (no name) - {A87C97A6-7DEA-452B-9EDD-3471E1D1AC3E} - (no file)
backup-20061217-113357-706 
O2 - BHO: (no name) - {7D593456-CE40-4F17-921B-8717A3BBB60E} - (no file)
backup-20061207-195301-836 
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
backup-20061207-195301-172 
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
backup-20061129-163059-904 
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
backup-20060928-233822-333 
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset\nod32krn.exe
backup-20060928-233822-870 
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
backup-20060928-233822-733 
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
backup-20060928-233821-573 
F2 - REG:system.ini: Shell=explorer.exe 
backup-20060928-233821-324 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
backup-20060928-233821-752 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
backup-20060819-010438-554 
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
backup-20060819-010438-559 
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
backup-20060819-010438-753 
O23 - Service: Registry Management Service (RegManServ) - Unknown owner - C:\Program Files\Advanced Registry Doctor\RegManServ.exe (file missing)
backup-20060819-010438-675 
O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - (no file)
backup-20060819-010438-500 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
backup-20060819-010438-457 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
backup-20060819-010438-792 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
backup-20060703-230919-167 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
backup-20060703-230919-209 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
backup-20060703-230919-989 
O4 - HKLM\..\Run: [KasowaniePlikowTymczasowych] cmd /c del/s/q %windir%\temp
backup-20060625-213733-137 
O2 - BHO: Nothing - {5f4c3d09-b3b9-4f88-aa82-31332fee1c08} - C:\WINDOWS\system32\hp100.tmp
backup-20060625-213717-136 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
backup-20060625-213717-157 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
backup-20060615-003931-590 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
backup-20060615-003926-713 
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.globosoft.info/globobar.cab
backup-20060615-003827-755 
O2 - BHO: ticont.MyBHO - {F365382D-CF21-45BA-80CF-B868C6ED9634} - C:\WINDOWS\system32\ticont.dll (file missing)
backup-20060614-200618-719 
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
backup-20060611-005601-692 
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
backup-20060610-004850-206 
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
backup-20060609-101626-670 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wpisz własny tekst który ukaże się na belce Internet Explorera
backup-20060602-214758-922 
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
backup-20060602-214758-845 
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TXJvemV3aWN6\command.exe (file missing)
backup-20060602-214757-576 
O20 - Winlogon Notify: ShellServiceObjectDelayLoad - C:\WINDOWS\system32\o4pq0e75eh.dll
backup-20060602-214756-208 
O4 - HKCU\..\Run: [imwo] C:\PROGRA~1\COMMON~1\imwo\imwom.exe
backup-20060602-214756-478 
O4 - HKCU\..\Run: [Krjnny] C:\PROGRA~1\COMMON~1\CURITY~1\SRSS~1.EXE
backup-20060602-212851-868 
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.com/1/sux.cab
backup-20060602-212851-376 
F2 - REG:system.ini: Shell=explorer.exe 
backup-20060602-212851-245 
R3 - URLSearchHook: (no name) - {3ED9D0C8-6950-58FC-2976-3FB6031CACCD} - C:\WINDOWS\system32\iael.dll
backup-20060602-212851-383 
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
backup-20060602-212851-131 
O3 - Toolbar: Search - {a19ef336-01d4-48e6-926a-fe7e1c747aed} - C:\WINDOWS\system32\azesearch4.ocx (file missing)
backup-20060602-212851-863 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
backup-20060602-212851-957 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
backup-20060602-212851-968 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
backup-20060602-212851-142 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
backup-20060602-212851-779 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
backup-20060602-212851-747 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
backup-20060602-155412-640 
O3 - Toolbar: Search - {a19ef336-01d4-48e6-926a-fe7e1c747aed} - C:\WINDOWS\system32\azesearch4.ocx
backup-20060602-132202-818 
O4 - HKCU\..\Run: [SYSTEM] mirc.exe
backup-20060602-132150-954 
O13 - WWW Prefix: http://www.holidayistanbul.net/?
backup-20060531-180041-328 
O20 - Winlogon Notify: Setup - C:\WINDOWS\system32\sondcmsg.dll
backup-20060531-180039-134 
O4 - HKCU\..\Run: [Tsai] C:\Documents and Settings\Marcinus\Dane aplikacji\?dobe\r?ndll.exe
backup-20060531-180039-892 
O4 - HKCU\..\Run: [ruuw] C:\PROGRA~1\COMMON~1\ruuw\ruuwm.exe
backup-20060531-180039-510 
O4 - HKLM\..\Run: [keyboard] c:\\keyboard24.exe
backup-20060531-180039-202 
O4 - HKLM\..\Run: [newname] c:\\newname24.exe
backup-20060531-180039-462 
O4 - HKCU\..\Run: [Aepe] "C:\PROGRA~1\SEMBLY~1\winspool.exe" -vt yazr
backup-20060531-180039-559 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
backup-20060531-180039-517 
O4 - HKLM\..\Run: [defender] c:\\defender24.exe
backup-20060531-180039-870 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
backup-20060531-180039-382 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
backup-20060531-180039-649 
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
backup-20060531-180039-848 
O4 - HKLM\..\Run: [tguard] C:\Program Files\Beniamin\tguard.exe
backup-20060531-180039-695 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
backup-20060531-180039-902 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
backup-20060531-180039-474 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
backup-20060528-221229-283 
F2 - REG:system.ini: Shell=explorer.exe 
backup-20060506-173557-371 
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
backup-20060429-175432-380 
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
backup-20060428-151955-484 
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
backup-20060410-153559-206 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
backup-20050625-001401-806 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
backup-20050625-001401-718 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
backup-20050620-163007-891 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
backup-20050620-163007-982 
O2 - BHO: (no name) - {B5D4581D-ED6A-4905-A267-25BAF7BE79C1} - (no file)
backup-20050620-163007-974 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
backup-20050620-000001-259 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
backup-20050620-000000-931 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 

********************************************************************

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-04-11 16:28:17
C:\ComboFix-quarantined-files.txt ... 07-04-11 16:28

Logfile of HijackThis v1.99.1
Scan saved at 16:24:13, on 11-04-2007
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Instalki\Spyware\HijackThis1991.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: IECatcher Class - {B930BA63-9E5A-11D3-A288-0000E80E2EDE} - C:\Program Files\Mass Downloader\MDHELPER.DLL (file missing)
O3 - Toolbar: &Tłumaczenie - {0D704FAD-66E9-4F0A-BFED-4F665770DDB3} - C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [VoipStunt] "c:\program files\voipstunt.com\voipstunt\voipstunt.exe" -nosplash -minimized
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: (no name) - {B46B0919-62BA-4D99-A5C4-916B57A6805C} - C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll,-103 - {B46B0919-62BA-4D99-A5C4-916B57A6805C} - C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe


Złączono Posta: 11.04.2007 (Sro) 16:47
Po Tych czynnosciach które mi zaleciles,mam na pulpicie strony,i gdy chcem w nia wejsc wyskakuje mi komunikat,ze system nie moze odnalesc pliku,upewnij sie,ze jest dobrze wpisana nazwwa....
Cały czas te okienka IE i reklamy,nie wiem co mam robic?? Czy format bedzie konieczny.!!??
Podpis został wyłączony przez Administratora.

#10 M_i_r

M_i_r
  • Użytkownicy
  • 159 postów

Napisano 11.04.2007 - 18:37

Przeczytaj
http://cybertrash.ne... ... 649.0.html
http://411-spyware.com/remove-gromozon
http://www.antirootk... ... -tools.htm

#11 rudik77

rudik77
  • Użytkownicy
  • 489 postów

Napisano 11.04.2007 - 19:15

Co Ty mi piszesz,nie potrzebna mi ochrona na 30 dni,tylko,zeby to wyleczyc do konca,Adam prosze CIe o dalsze wskazowki.

Złączono Posta: 11.04.2007 (Sro) 22:45
Temat uważam za zamknięty,pomoc została udzielona tylko czsciowo,za co tez jestem wdzieczny,ale nie dokonca,musialem sie ratowac formatem.
pozdraiwam.
Podpis został wyłączony przez Administratora.