Ataki po wirusie sieciowym. Czy na moim PC jest ok?

pr0ton · 21 Listopad 2007 19:35

A więc w mojej sieci lokalnej pojawił się wirus sieciowy, wprowadzony przez nieuwagę admina serwer. Wszystkie komputerki a trochę ich jest wywalały info o ataku (zależy od używanego AV). Obecnie już wszytko jest ok, ale wolę się upewnić, a wiem, że dla Was to nie problem.

ComboFix (musiałem zmienić datę, bo krzyczał, że “is expired”:

ComboFix 07-11-19.3 - Olszewski 2006-11-21 20:22:56.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1652 [GMT 1:00] Running from: D:\Documents and Settings\Olszewski\Pulpit\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2007-10-19 to 2007-11-19 ))))))))))))))))))))))))))))))) . 2007-11-21 20:06 2007-11-21 20:06 2007-11-21 19:30 2007-11-21 19:06 2007-11-21 19:06 1,060,864 --a------ D:\WINDOWS\system32\MFC71.dll 2007-11-21 19:06 93,264 --a------ D:\WINDOWS\system32\drivers\aswmon.sys 2007-11-21 19:06 26,624 --a------ D:\WINDOWS\system32\drivers\aavmker4.sys 2007-11-21 18:28 2007-11-21 18:25 2007-11-21 18:24 2007-11-20 21:02 2007-11-20 20:46 2007-11-20 20:40 2007-11-20 20:34 2007-11-20 19:07 2007-11-20 19:06 2007-11-19 17:23 2007-11-19 17:23 2007-11-19 17:23 29,704 --a------ D:\WINDOWS\system32\uxtuneup.dll 2007-11-18 16:24 2007-11-18 16:10 2007-11-18 15:37 2007-11-18 15:21 2007-11-17 21:05 2007-11-17 18:39 2007-11-17 18:37 2007-11-17 18:33 2007-11-17 15:42 2007-11-16 21:38 2007-11-11 16:16 2007-11-10 14:02 2007-11-09 19:47 2007-11-06 19:56 2007-11-06 19:51 2007-11-06 18:40 0 --a------ D:\WINDOWS\ativpsrm.bin 2007-11-05 22:21 2007-11-05 21:02 2007-11-05 19:46 3,497,832 --a------ D:\WINDOWS\system32\d3dx9_34.dll 2007-11-05 19:46 3,495,784 --a------ D:\WINDOWS\system32\d3dx9_33.dll 2007-11-05 19:46 3,426,072 --a------ D:\WINDOWS\system32\d3dx9_32.dll 2007-11-05 19:46 2,414,360 --a------ D:\WINDOWS\system32\d3dx9_31.dll 2007-11-05 19:46 1,124,720 --a------ D:\WINDOWS\system32\D3DCompiler_34.dll 2007-11-05 19:46 1,123,696 --a------ D:\WINDOWS\system32\D3DCompiler_33.dll 2007-11-05 19:46 443,752 --a------ D:\WINDOWS\system32\d3dx10_34.dll 2007-11-05 19:46 443,752 --a------ D:\WINDOWS\system32\d3dx10_33.dll 2007-11-05 16:14 2007-11-04 17:01 2007-11-04 16:51 2007-11-04 16:49 2007-11-04 16:49 2007-11-04 16:49 2007-11-04 16:49 1,757,184 --a------ D:\WINDOWS\system32\imagX7.dll 2007-11-04 16:49 802,816 --a------ D:\WINDOWS\system32\imagXRA7.dll 2007-11-04 16:49 497,296 --a------ D:\WINDOWS\system32\imagXpr7.dll 2007-11-04 16:49 368,640 --a------ D:\WINDOWS\system32\TwnLib4.dll 2007-11-04 16:49 258,048 --a------ D:\WINDOWS\system32\imagXR7.dll 2007-11-04 16:17 2007-11-04 16:17 2007-11-04 16:11 2007-11-04 15:24 289,144 --a------ D:\WINDOWS\system32\VCCLSID.exe 2007-11-04 15:24 288,417 --a------ D:\WINDOWS\system32\SrchSTS.exe 2007-11-04 15:24 51,200 --a------ D:\WINDOWS\system32\dumphive.exe 2007-11-04 15:24 25,600 --a------ D:\WINDOWS\system32\WS2Fix.exe 2007-11-04 15:24 2,034 --a------ D:\WINDOWS\system32\tmp.reg 2007-11-04 15:24 0 --a------ D:\WINDOWS\system32\tmp.txt 2007-11-03 21:53 0 --ah----- D:\WINDOWS\system32\sx.inf 2007-11-03 20:44 2007-11-02 23:25 2007-11-02 22:27 2007-10-31 17:41 2007-10-31 17:41 2007-10-31 17:41 65,536 --a------ D:\WINDOWS\system32\QuickTimeVR.qtx 2007-10-31 17:41 49,152 --a------ D:\WINDOWS\system32\QuickTime.qts 2007-10-31 17:38 2007-10-31 17:38 7,680 --a------ D:\WINDOWS\system32\ff_vfw.dll 2007-10-31 17:38 547 --a------ D:\WINDOWS\system32\ff_vfw.dll.manifest 2007-10-31 17:36 2007-10-28 12:55 2007-10-26 19:52 582,656 -----c— D:\WINDOWS\system32\dllcache\rpcrt4.dll 2007-10-26 19:43 43,352 --a------ D:\WINDOWS\system32\wups2.dll 2007-10-26 19:43 38,232 --a------ D:\WINDOWS\system32\wucltui.dll.mui 2007-10-26 19:43 30,040 --a------ D:\WINDOWS\system32\wuaucpl.cpl.mui 2007-10-26 19:43 30,040 --a------ D:\WINDOWS\system32\wuapi.dll.mui 2007-10-26 19:43 21,336 --a------ D:\WINDOWS\system32\wuaueng.dll.mui 2007-10-22 18:25 2007-10-22 18:25 75,324 --a------ D:\WINDOWS\system32\EBPMON2.DLL 2007-10-22 18:25 64,000 --a------ D:\WINDOWS\system32\ECBTEG.DLL 2007-10-22 18:25 34,304 --a------ D:\WINDOWS\system32\EBPCHP.DLL 2007-10-22 18:25 182 --a------ D:\WINDOWS\system32\EBPPORT.DAT 2007-10-22 14:16 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-21 19:13 --------- d-----w D:\Program Files\eMule 2007-11-21 17:57 --------- d-----w D:\Program Files\AIMP2 2007-11-21 17:18 --------- d–h--w D:\Program Files\InstallShield Installation Information 2007-11-19 19:23 --------- d-----w D:\Documents and Settings\Olszewski\Dane aplikacji\uTorrent 2007-11-17 17:53 22,328 ----a-w D:\WINDOWS\system32\drivers\PnkBstrK.sys 2007-11-17 17:53 103,736 ----a-w D:\WINDOWS\system32\PnkBstrB.exe 2007-11-17 17:36 --------- d-----w D:\Program Files\FlashGet 2007-11-17 15:28 66,872 ----a-w D:\WINDOWS\system32\PnkBstrA.exe 2007-11-11 15:18 --------- d-----w D:\Program Files\Windows Media Connect 2 2007-11-11 15:18 --------- d-----w D:\Program Files\uTorrent 2007-11-06 18:52 --------- d-----w D:\Program Files\Common Files\InstallShield 2007-11-03 16:20 --------- d-----w D:\Program Files\NAPI-PROJEKT 2007-10-25 17:05 94,416 ----a-w D:\WINDOWS\system32\drivers\aswmon2.sys 2007-10-25 17:03 23,152 ----a-w D:\WINDOWS\system32\drivers\aswRdr.sys 2007-10-25 17:01 42,912 ----a-w D:\WINDOWS\system32\drivers\aswTdi.sys 2007-10-25 16:24 815,480 ----a-w D:\WINDOWS\system32\aswBoot.exe 2007-10-25 16:14 95,608 ----a-w D:\WINDOWS\system32\AvastSS.scr 2007-10-18 16:10 --------- d-----w D:\Program Files\TaskSwitchXP 2007-10-18 16:08 219,648 ----a-w D:\WINDOWS\system32\uxtheme.dll 2007-10-18 11:24 --------- d-----w D:\Documents and Settings\Olszewski\Dane aplikacji\Downloaded Installations 2007-10-18 11:19 --------- d-----w D:\Documents and Settings\Olszewski\Dane aplikacji\Autodesk 2007-10-18 11:18 --------- d-----w D:\Program Files\AutoCAD 2007 2007-10-18 11:00 --------- d-----w D:\Program Files\Common Files\Autodesk Shared 2007-10-18 10:57 --------- d-----w D:\Documents and Settings\All Users\Dane aplikacji\Autodesk 2007-10-18 10:55 --------- d-----w D:\Program Files\Autodesk 2007-10-15 17:30 --------- d-----w D:\Program Files\Shareaza 2007-10-15 17:30 --------- d-----w D:\Documents and Settings\Olszewski\Dane aplikacji\Shareaza 2007-10-15 17:10 --------- d-----w D:\Program Files\Cinema Player 1.6 2007-10-15 16:16 --------- d-----w D:\Documents and Settings\All Users\Dane aplikacji\FLEXnet 2007-10-15 16:08 --------- d-----w D:\Program Files\Common Files\Adobe 2007-10-15 16:01 --------- d-----w D:\Program Files\Common Files\Macrovision Shared 2007-10-15 15:20 --------- d-----w D:\Program Files\Microsoft.NET 2007-10-15 14:25 --------- d-----w D:\Program Files\ScanSoft 2007-10-15 14:24 --------- d-----w D:\Program Files\ivo 2007-10-15 14:24 --------- d-----w D:\Documents and Settings\Olszewski\Dane aplikacji\Expressivo 2007-10-15 14:12 737,280 ----a-w D:\WINDOWS\iun6002.exe 2007-10-15 14:12 --------- d-----w D:\Program Files\FireTune 2007-10-15 13:44 --------- d-----w D:\Documents and Settings\All Users\Dane aplikacji\TuneUp Software 2007-10-15 10:09 98,304 ----a-w D:\WINDOWS\system32\CmdLineExt.dll 2007-10-15 09:46 685,816 ----a-w D:\WINDOWS\system32\drivers\sptd.sys 2007-10-14 19:17 --------- d-----w D:\Program Files\SlySoft 2007-10-14 19:12 --------- d-----w D:\Documents and Settings\All Users\Dane aplikacji\Ahead 2007-10-14 18:54 --------- d-----w D:\Program Files\Total Commander 2007-10-14 18:29 --------- d-----w D:\Program Files\Ray Adams 2007-10-14 18:29 --------- d-----w D:\Program Files\Java 2007-10-14 18:29 --------- d-----w D:\Documents and Settings\Olszewski\Dane aplikacji\atitray 2007-10-14 18:28 --------- d-----w D:\Program Files\Common Files\Java 2007-10-14 16:30 --------- d-----w D:\Program Files\Lavalys 2007-10-14 16:27 360,576 ----a-w D:\WINDOWS\system32\drivers\tcpip.sys 2007-10-14 16:17 --------- d-----w D:\Documents and Settings\Olszewski\Dane aplikacji\Gadu-Gadu 2007-10-14 16:16 --------- d-----w D:\Program Files\Gadu-Gadu 2007-10-14 15:44 --------- d-----w D:\Program Files\Usługi online 2007-09-29 05:46 47,376 ----a-w D:\WINDOWS\system32\drivers\ativvpxx.vp 2007-09-29 03:21 9,854,976 ----a-w D:\WINDOWS\system32\atioglx2.dll 2007-09-29 03:07 356,352 ----a-w D:\WINDOWS\system32\ATIDEMGX.dll 2007-09-29 03:06 268,800 ----a-w D:\WINDOWS\system32\ati2dvag.dll 2007-09-29 03:05 2,456,064 ----a-w D:\WINDOWS\system32\drivers\ati2mtag.sys 2007-09-29 02:58 43,520 ----a-w D:\WINDOWS\system32\ati2edxx.dll 2007-09-29 02:58 26,112 ----a-w D:\WINDOWS\system32\Ati2mdxx.exe 2007-09-29 02:58 143,360 ----a-w D:\WINDOWS\system32\atipdlxx.dll 2007-09-29 02:58 122,880 ----a-w D:\WINDOWS\system32\Oemdspif.dll 2007-09-29 02:57 122,880 ----a-w D:\WINDOWS\system32\ati2evxx.dll 2007-09-29 02:56 483,328 ----a-w D:\WINDOWS\system32\ati2evxx.exe 2007-09-29 02:55 53,248 ----a-w D:\WINDOWS\system32\ATIDDC.DLL 2007-09-29 02:49 307,200 ----a-w D:\WINDOWS\system32\atiiiexx.dll 2007-09-29 02:47 3,130,720 ----a-w D:\WINDOWS\system32\ati3duag.dll 2007-09-29 02:47 172,032 ----a-w D:\WINDOWS\system32\atiok3x2.dll 2007-09-29 02:36 1,593,600 ----a-w D:\WINDOWS\system32\ativvaxx.dll 2007-09-29 02:23 5,435,392 ----a-w D:\WINDOWS\system32\atioglxx.dll 2007-09-29 02:22 376,832 ----a-w D:\WINDOWS\system32\atikvmag.dll 2007-09-29 02:20 17,408 ----a-w D:\WINDOWS\system32\atitvo32.dll 2007-09-29 02:19 49,152 ----a-w D:\WINDOWS\system32\drivers\ati2erec.dll 2007-09-29 02:14 499,712 ----a-w D:\WINDOWS\system32\ati2cqag.dll 2007-09-28 20:05 593,920 ------w D:\WINDOWS\system32\ati2sgag.exe 2007-09-19 14:26 39,768 ----a-w D:\WINDOWS\system32\drivers\pctmp.sys 2007-09-19 14:26 195,928 ----a-w D:\WINDOWS\system32\drivers\pctfw2.sys 2007-09-19 14:26 17,752 ----a-w D:\WINDOWS\system32\drivers\pctssipc.sys 2007-09-19 14:26 114,008 ----a-w D:\WINDOWS\system32\drivers\pctfw.sys 2007-08-21 06:26 683,520 ----a-w D:\WINDOWS\system32\inetcomm.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “AtiTrayTools”=“D:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe” [2007-05-22 10:04] “ctfmon.exe”=“D:\WINDOWS\system32\ctfmon.exe” [2004-08-04 00:44] “TaskSwitchXP”=“D:\Program Files\TaskSwitchXP\TaskSwitchXP.exe” [2006-08-04 23:29] “RocketDock”=“D:\Program Files\RocketDock\RocketDock.exe” [2007-09-02 13:58] “DAEMON Tools”=“D:\Program Files\DAEMON Tools\daemon.exe” [2007-11-16 13:28] “SpeedX”=“D:\PROGRA~1\MyPortal\Speed-X\SpeedX.exe” [2006-06-27 13:11] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “High Definition Audio Property Page Shortcut”=“HDAShCut.exe” [2004-10-27 14:21 D:\WINDOWS\system32\HdAShCut.exe] “avast!”=“D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-10-25 17:20] “00PCTFW”=“D:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe” [2007-09-19 15:27] [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“D:\WINDOWS\system32\CTFMON.EXE” [2004-08-04 00:44] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] “NoResolveTrack”= 0 (0x0) “NoFileAssociate”= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] “NoSharedDocuments”= 00000000 “NoRecentDocsHistory”= 1 (0x1) “NoTrayItemsDisplay”= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk] backup=D:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Synchronizer.lnk] backup=D:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Przyspieszenie uruchomienia programu AutoCAD.lnk] path=D:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Przyspieszenie uruchomienia programu AutoCAD.lnk backup=D:\WINDOWS\pss\Przyspieszenie uruchomienia programu AutoCAD.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray] D:\Program Files\SlySoft\CloneCD\CloneCDTray.exe /s [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] D:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock] 2007-09-02 13:58 495616 --a------ D:\Program Files\RocketDock\RocketDock.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2007-09-25 00:11 132496 --a------ D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe R1 atitray;atitray;??\D:\Program Files\Ray Adams\ATI Tray Tools\atitray.sys R1 pctfw2;pctfw2;??\D:\WINDOWS\system32\drivers\pctfw2.sys R1 pctmp;PC Tools Firewall Memory Protection Driver;D:\WINDOWS\system32\drivers\pctmp.sys R1 pctssipc;PC Tools Security Suite IPC Driver;D:\WINDOWS\system32\drivers\pctssipc.sys R2 UxTuneUp;TuneUp Theme Extension;D:\WINDOWS\System32\svchost.exe -k netsvcs S2 AVUpdate;ArcaBit Update Service;D:\PROGRA~1\ArcaBit\ARCAUP~1\update.exe S3 ps_drv;ps_drv;??\D:\Documents and Settings\Olszewski\ps_drv.sys S3 USBSTOR;Sterownik magazynu masowego USB;D:\WINDOWS\system32\DRIVERS\USBSTOR.SYS S3 WimFltr;WimFltr;D:\WINDOWS\system32\DRIVERS\wimfltr.sys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp *Newly Created Service* - PCTOOLSFIREWALLPLUS . Contents of the ‘Scheduled Tasks’ folder “2007-11-19 16:23:44 D:\WINDOWS\Tasks\1-Click Maintenance.job” - D:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe . ************************************************************************** catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-19 20:24:03 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-11-19 20:24:30 . — E O F —

HijackThis:

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:35:30, on 2007-11-19 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Unable to get Internet Explorer version! Boot mode: Normal Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\SYSTEM32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\Ati2evxx.exe D:\WINDOWS\system32\svchost.exe D:\Program Files\PC Tools Firewall Plus\FWService.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\SYSTEM32\Ati2evxx.exe D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe D:\Program Files\Alwil Software\Avast4\ashServ.exe D:\WINDOWS\system32\spoolsv.exe D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe D:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe D:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe D:\WINDOWS\system32\ctfmon.exe D:\Program Files\TaskSwitchXP\TaskSwitchXP.exe D:\Program Files\RocketDock\RocketDock.exe D:\Program Files\DAEMON Tools\daemon.exe D:\PROGRA~1\MyPortal\Speed-X\SpeedX.exe D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe D:\Program Files\Alwil Software\Avast4\ashWebSv.exe D:\WINDOWS\explorer.exe D:\WINDOWS\system32\notepad.exe D:\Program Files\Mozilla Firefox\firefox.exe D:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Program Files\FlashGet\jccatch.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\Program Files\FlashGet\getflash.dll O4 - HKLM…\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM…\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [00PCTFW] “D:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe” -s O4 - HKCU…\Run: [AtiTrayTools] “D:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe” O4 - HKCU…\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [TaskSwitchXP] D:\Program Files\TaskSwitchXP\TaskSwitchXP.exe O4 - HKCU…\Run: [RocketDock] “D:\Program Files\RocketDock\RocketDock.exe” O4 - HKCU…\Run: [DAEMON Tools] “D:\Program Files\DAEMON Tools\daemon.exe” -lang 1045 O4 - HKCU…\Run: [speedX] D:\PROGRA~1\MyPortal\Speed-X\SpeedX.exe O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA LOKALNA’) O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’) O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’) O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’) O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet’a - D:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet’a - D:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe O9 - Extra ‘Tools’ menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra ‘Tools’ menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows … 3424117296 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe O23 - Service: Autodesk Licensing Service - Autodesk - D:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: ArcaBit Update Service (AVUpdate) - Unknown owner - D:\PROGRA~1\ArcaBit\ARCAUP~1\update.exe (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: NMIndexingService - Unknown owner - D:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing) O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - D:\Program Files\PC Tools Firewall Plus\FWService.exe – End of file - 6231 bytes

SilentRunners:

“Silent Runners.vbs”, revision R50, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “AtiTrayTools” = ““D:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe”” [“Ray Adams”] “ctfmon.exe” = “D:\WINDOWS\system32\ctfmon.exe” [MS] “TaskSwitchXP” = “D:\Program Files\TaskSwitchXP\TaskSwitchXP.exe” [“Alexander Avdonin”] “RocketDock” = ““D:\Program Files\RocketDock\RocketDock.exe”” [null data] “DAEMON Tools” = ““D:\Program Files\DAEMON Tools\daemon.exe” -lang 1045” [“DT Soft Ltd.”] “SpeedX” = “D:\PROGRA~1\MyPortal\Speed-X\SpeedX.exe” [“MyPortal.pl”] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “High Definition Audio Property Page Shortcut” = “HDAShCut.exe” [“Windows ® Server 2003 DDK provider”] “avast!” = “D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [“ALWIL Software”] “00PCTFW” = ““D:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe” -s” [“PC Tools”] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {2F364306-AA45-47B5-9F9D-39A8B94E7EF7}(Default) = “flashget urlcatch” -> {HKLM…CLSID} = “FGCatchUrl” \InProcServer32(Default) = “D:\Program Files\FlashGet\jccatch.dll” [“www.flashget.com”] {53707962-6F74-2D53-2644-206D7942484F}(Default) = (no title provided) -> {HKLM…CLSID} = “Spybot-S&D IE Protection” \InProcServer32(Default) = “D:\PROGRA~1\SPYBOT~1\SDHelper.dll” [“Safer Networking Limited”] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided) -> {HKLM…CLSID} = “SSVHelper Class” \InProcServer32(Default) = “D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll” [“Sun Microsystems, Inc.”] {F156768E-81EF-470C-9057-481BA8380DBA}(Default) = (no title provided) -> {HKLM…CLSID} = “FlashGet GetFlash Class” \InProcServer32(Default) = “D:\Program Files\FlashGet\getflash.dll” [“www.flashget.com”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “D:\WINDOWS\system32\hticons.dll” [“Hilgraeve, Inc.”] “{EFA24E62-B078-11d0-89E4-00C04FC9E26E}” = “History Band” -> {HKLM…CLSID} = “History Band” \InProcServer32(Default) = “D:\WINDOWS\system32\shdocvw.dll” [MS] “{1F77B17B-F531-44DB-ACA4-76ABB5010A28}” = “AIMP2: Shell Extention” -> {HKLM…CLSID} = “AIMP2: Shell Extention” \InProcServer32(Default) = “D:\PROGRA~1\AIMP2\System\AIMP_S~1.DLL” [“AIMP DevTeam”] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “D:\Program Files\WinRAR\rarext.dll” [null data] “{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}” = “UnlockerShellExtension” -> {HKLM…CLSID} = “UnlockerShellExtension” \InProcServer32(Default) = “D:\Program Files\Unlocker\UnlockerCOM.dll” [null data] “{00020D75-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Desktop Icon Handler” -> {HKLM…CLSID} = “Microsoft Office Outlook” \InProcServer32(Default) = “D:\PROGRA~1\MICROS~1\OFFICE11\MLSHEXT.DLL” [MS] “{0006F045-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Custom Icon Handler” -> {HKLM…CLSID} = “Rozszerzenie ikon plików programu Outlook” \InProcServer32(Default) = “D:\PROGRA~1\MICROS~1\OFFICE11\OLKFSTUB.DLL” [MS] “{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “D:\Program Files\Microsoft Office\OFFICE11\msohev.dll” [MS] “{36A21736-36C2-4C11-8ACB-D4136F2B57BD}” = “Uchwyt nakładania ikony podpisu cyfrowego” -> {HKLM…CLSID} = “AcSignIcon” \InProcServer32(Default) = “D:\WINDOWS\system32\AcSignIcon.dll” [“Autodesk”] “{AC1DB655-4F9A-4c39-8AD2-A65324A4C446}” = “Autodesk Drawing Preview” -> {HKLM…CLSID} = “ACTHUMBNAIL” \InProcServer32(Default) = “D:\Program Files\Common Files\Autodesk Shared\Thumbnail\AcThumbnail16.dll” [“Autodesk”] “{B327765E-D724-4347-8B16-78AE18552FC3}” = “NeroDigitalIconHandler” -> {HKLM…CLSID} = “NeroDigitalIconHandler Class” \InProcServer32(Default) = “D:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll” [“Nero AG”] “{7F1CF152-04F8-453A-B34C-E609530A9DC8}” = “NeroDigitalPropSheetHandler” -> {HKLM…CLSID} = “NeroDigitalPropSheetHandler Class” \InProcServer32(Default) = “D:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll” [“Nero AG”] “{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}” = “TuneUp Shredder Shell Extension” -> {HKLM…CLSID} = “TuneUp Shredder Shell Extension” \InProcServer32(Default) = “D:\Program Files\TuneUp Utilities 2007\SDShelEx-win32.dll” [“TuneUp Software GmbH”] “{44440D00-FF19-4AFC-B765-9A0970567D97}” = “TuneUp Theme Extension” -> {HKLM…CLSID} = “TuneUp Theme Extension” \InProcServer32(Default) = “D:\WINDOWS\System32\uxtuneup.dll” [“TuneUp Software GmbH”] “{472083B0-C522-11CF-8763-00608CC02F24}” = “avast” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “D:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ “WPDShServiceObj” = “{AAA288BA-9A4C-45B0-95D7-94D524869DB5}” -> {HKLM…CLSID} = “WPDShServiceObj Class” \InProcServer32(Default) = “D:\WINDOWS\system32\WPDShServiceObj.dll” [MS] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <> AtiExtEvent\DLLName = “Ati2evxx.dll” [“ATI Technologies Inc.”] HKLM\Software\Classes\PROTOCOLS\Filter\ <> text/xml\CLSID = “{807553E5-5146-11D5-A672-00B0D022E945}” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “D:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL” [MS] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {7D4D6379-F301-4311-BEBA-E26EB0561882}(Default) = “NeroDigitalExt.NeroDigitalColumnHandler” -> {HKLM…CLSID} = “NeroDigitalColumnHandler Class” \InProcServer32(Default) = “D:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll” [“Nero AG”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ AIMPClassic(Default) = “{1F77B17B-F531-44DB-ACA4-76ABB5010A28}” -> {HKLM…CLSID} = “AIMP2: Shell Extention” \InProcServer32(Default) = “D:\PROGRA~1\AIMP2\System\AIMP_S~1.DLL” [“AIMP DevTeam”] avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “D:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] TuneUp Shredder Shell Extension(Default) = “{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}” -> {HKLM…CLSID} = “TuneUp Shredder Shell Extension” \InProcServer32(Default) = “D:\Program Files\TuneUp Utilities 2007\SDShelEx-win32.dll” [“TuneUp Software GmbH”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “D:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ AIMPClassic(Default) = “{1F77B17B-F531-44DB-ACA4-76ABB5010A28}” -> {HKLM…CLSID} = “AIMP2: Shell Extention” \InProcServer32(Default) = “D:\PROGRA~1\AIMP2\System\AIMP_S~1.DLL” [“AIMP DevTeam”] TuneUp Shredder Shell Extension(Default) = “{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}” -> {HKLM…CLSID} = “TuneUp Shredder Shell Extension” \InProcServer32(Default) = “D:\Program Files\TuneUp Utilities 2007\SDShelEx-win32.dll” [“TuneUp Software GmbH”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “D:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “D:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] UnlockerShellExtension(Default) = “{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}” -> {HKLM…CLSID} = “UnlockerShellExtension” \InProcServer32(Default) = “D:\Program Files\Unlocker\UnlockerCOM.dll” [null data] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “D:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\ UnlockerShellExtension(Default) = “{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}” -> {HKLM…CLSID} = “UnlockerShellExtension” \InProcServer32(Default) = “D:\Program Files\Unlocker\UnlockerCOM.dll” [null data] Default executables: -------------------- HKCU\Software\Classes.scr(Default) = “AutoCADScriptFile” <> HKCU\Software\Classes\AutoCADScriptFile\shell\open\command(Default) = "“D:\WINDOWS\system32\NOTEPAD.EXE” “%1"” [MS] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ “NoSharedDocuments” = (REG_BINARY) hex:00 00 00 00 {User Configuration|Administrative Templates|Windows Components|Windows Explorer| Remove Shared Documents from My Computer} “NoCDBurning” = (REG_DWORD) hex:0x00000000 {unrecognized setting} “NoRecentDocsHistory” = (REG_DWORD) hex:0x00000001 {unrecognized setting} “NoLowDiskSpaceChecks” = (REG_DWORD) hex:0x00000001 {unrecognized setting} “NoTrayItemsDisplay” = (REG_DWORD) hex:0x00000000 {User Configuration|Administrative Templates|Start Menu and Taskbar| Hide the notification area} HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ “NoRemoteRecursiveEvents” = (REG_DWORD) hex:0x00000001 {unrecognized setting} “NoResolveTrack” = (REG_DWORD) hex:0x00000000 {unrecognized setting} “NoPropertiesMyComputer” = (REG_DWORD) hex:0x00000000 {unrecognized setting} “NoFileAssociate” = (REG_DWORD) hex:0x00000000 {unrecognized setting} “NoSMHelp” = (REG_DWORD) hex:0x00000000 {unrecognized setting} HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “undockwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} “ShutdownWithoutLogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} “NoDispBackgroundPage” = (REG_DWORD) hex:0x00000000 {unrecognized setting} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ “Wallpaper” = “D:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ “Wallpaper” = “D:\Documents and Settings\Olszewski\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Enabled Scheduled Tasks: ------------------------ “1-Click Maintenance” -> launches: “D:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe /schedulestart” [“TuneUp Software GmbH”] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 11 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ HKLM\Software\Classes\CLSID{FF059E31-CC5A-4E2E-BF3B-96E929D65503}(Default) = “&Badanie” Implemented Categories{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32(Default) = “D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL” [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ “MenuText” = “Sun Java Console” “CLSIDExtension” = “{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}” -> {HKCU…CLSID} = “Java Plug-in 1.6.0_03” \InProcServer32(Default) = “D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll” [“Sun Microsystems, Inc.”] -> {HKLM…CLSID} = “Java Plug-in 1.6.0_03” \InProcServer32(Default) = “D:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll” [“Sun Microsystems, Inc.”] {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ “ButtonText” = “Badanie” {D6E814A0-E0C5-11D4-8D29-0050BA6940E3}\ “ButtonText” = “FlashGet” “MenuText” = “FlashGet” “Exec” = “D:\Program Files\FlashGet\FlashGet.exe” [“FlashGet.com”] {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\ “MenuText” = “Spybot - Search & Destroy Configuration” “CLSIDExtension” = “{53707962-6F74-2D53-2644-206D7942484F}” -> {HKLM…CLSID} = “Spybot-S&D IE Protection” \InProcServer32(Default) = “D:\PROGRA~1\SPYBOT~1\SDHelper.dll” [“Safer Networking Limited”] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Ati HotKey Poller, Ati HotKey Poller, “D:\WINDOWS\system32\Ati2evxx.exe” [“ATI Technologies Inc.”] avast! Antivirus, avast! Antivirus, ““D:\Program Files\Alwil Software\Avast4\ashServ.exe”” [“ALWIL Software”] avast! iAVS4 Control Service, aswUpdSv, ““D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe”” [“ALWIL Software”] avast! Mail Scanner, avast! Mail Scanner, ““D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe” /service” [“ALWIL Software”] avast! Web Scanner, avast! Web Scanner, ““D:\Program Files\Alwil Software\Avast4\ashWebSv.exe” /service” [“ALWIL Software”] PC Tools Firewall Plus, PCToolsFirewallPlus, “D:\Program Files\PC Tools Firewall Plus\FWService.exe” [“PC Tools”] TuneUp Theme Extension, UxTuneUp, “D:\WINDOWS\System32\svchost.exe -k netsvcs” {“D:\WINDOWS\System32\uxtuneup.dll” [“TuneUp Software GmbH”]} Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ EPSON V5 2KMonitor\Driver = “EBPMON2.DLL” [“SEIKO EPSON CORPORATION”] Microsoft Document Imaging Writer Monitor\Driver = “mdimon.dll” [MS] ---------- <>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer “No” at the first message box and “Yes” at the second message box. ---------- (total run time: 34 seconds, including 9 seconds for message boxes)

Gutek · 21 Listopad 2007 22:38

Log Ok