Nie zawsze laczy sie z netem

giga89 · 2 Styczeń 2007 15:44

Logfile of HijackThis v1.99.1

Scan saved at 16:41:16, on 2007-01-02

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe

C:\WINDOWS\TEMP\VRT5.tmp

D:\instalkii\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE

O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU…\Run: [Komunikator] “C:\Program Files\Tlen.pl\tlen.exe” --confdir=home

O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra ‘Tools’ menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O17 - HKLM\System\CCS\Services\Tcpip…{0B436A43-C3D2-45BB-8B61-E383ED177A82}: NameServer = 194.204.152.34 217.98.63.164

O17 - HKLM\System\CS1\Services\Tcpip…{0B436A43-C3D2-45BB-8B61-E383ED177A82}: NameServer = 194.204.152.34 217.98.63.164

O17 - HKLM\System\CS2\Services\Tcpip…{0B436A43-C3D2-45BB-8B61-E383ED177A82}: NameServer = 194.204.152.34 217.98.63.164

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Unknown owner - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe (file missing)

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Unknown owner - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe (file missing)

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

O23 - Service: Kerio WinRoute Firewall (WinRoute) - Unknown owner - C:\Program Files\Kerio\WinRoute Firewall\winroute.exe (file missing)

Bieniol · 2 Styczeń 2007 15:49

Obawiam się najgorszego, ale bądźmy dobrej myśli…

W trybie awaryjnym z wyłączonym przywracaniem systemu usuwasz (wpisy Hijackiem, pliki/foldery na czerwono ręcznie z dysku):

Po zabiegach nowy log z Hijacka + log z Silent Runners + log z ComboFix

giga89 · 2 Styczeń 2007 20:12

nie wiem co sie dzieeje zrobilem to ale ciagle zeby internet zaskoczyl (zadzialal) musze okolo 50 razy rozlaczyc/wlaczyc polaczenie…Normalnie wlacza sie polaczenie i pisze ze jestem polaczony ale nie dziala internet…jakby firewall blokowal ale specjalnie go wylaczam… log z sillenta:

“Silent Runners.vbs”, revision 49, http://www.silentrunners.org/

Operating System: Windows XP

Output limited to non-default values, except where indicated by “{++}”

Startup items buried in registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

“CTFMON.EXE” = “C:\WINDOWS\System32\ctfmon.exe” [MS]

“Komunikator” = ““C:\Program Files\Tlen.pl\tlen.exe” --confdir=home” [“o2.pl Sp. z o.o.”]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

“SoundMan” = “SOUNDMAN.EXE” [“Avance Logic, Inc.”]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

“{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania”

-> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania”

\InProcServer32(Default) = “deskpan.dll” [file not found]

“{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu”

-> {HKLM…CLSID} = “HyperTerminal Icon Ext”

\InProcServer32(Default) = “C:\WINDOWS\System32\hticons.dll” [“Hilgraeve, Inc.”]

“{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension”

-> {HKLM…CLSID} = “WinRAR”

\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\

<> AtiExtEvent\DLLName = “Ati2evxx.dll” [“ATI Technologies Inc.”]

HKLM\Software\Classes*\shellex\ContextMenuHandlers\

WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”

-> {HKLM…CLSID} = “WinRAR”

\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”

-> {HKLM…CLSID} = “WinRAR”

\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”

-> {HKLM…CLSID} = “WinRAR”

\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]

Group Policies {GPedit.msc branch and setting}:

Note: detected settings may not have any effect.

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

“shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Shutdown: Allow system to be shut down without having to log on}

“undockwithoutlogon” = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Devices: Allow undock without having to log on}

Active Desktop and Wallpaper:

Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

“Wallpaper” = “C:\WINDOWS\web\wallpaper\Idylla.bmp”

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCU\Control Panel\Desktop\

“Wallpaper” = “C:\WINDOWS\web\wallpaper\Idylla.bmp”

Enabled Screen Saver:

HKCU\Control Panel\Desktop\

“SCRNSAVE.EXE” = “C:\WINDOWS\System32\logon.scr” [MS]

Startup items in “Emosik” & “All Users” startup folders:

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart

“DSLMON” -> shortcut to: “C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe” [empty string]

Winsock2 Service Provider DLLs:

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS]

000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS]

000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 17

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

Running Services (Display Name, Service Name, Path {Service DLL}):

Ati HotKey Poller, Ati HotKey Poller, “C:\WINDOWS\System32\Ati2evxx.exe” [“ATI Technologies Inc.”]

Sunbelt Kerio Personal Firewall 4, KPF4, “C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe” [“Sunbelt Software”]

<>: Suspicious data at a malware launch point.

This report excludes default entries except where indicated.
To see *everywhere* the script checks and *everything* it finds,

launch it from a command prompt or a shortcut with the -all parameter.

To search all directories of local fixed drives for DESKTOP.INI

DLL launch points, use the -supp parameter or answer “No” at the

first message box and “Yes” at the second message box.

---------- (total run time: 67 seconds, including 5 seconds for message boxes)

adam9870 · 2 Styczeń 2007 20:21

Czysto.

Wrzuć log z ComboFix’a. Aby zrobić w nim log należy go uruchomić => nacisnąć klawisz Y => czekać cierpliwie i log powinien być w formie pliku .txt o nazwie combofix na partycji C

Gutek · 2 Styczeń 2007 22:01

Uwaga: Jak wklejasz loga to obejmuj go znacznikiem (tagiem) CODE lub QUOTE - POPRAW!

Pozdrawiam Gutek2222

giga89 · 3 Styczeń 2007 21:40

ComboFix 06.11.27 - Running from: “C:\Documents and Settings\Emosik\Pulpit” ((((((((((((((((((((((((((((((( Files Created from 2006-12-03 to 2007-01-03 )))))))))))))))))))))))))))))))))) 2007-01-02 16:07 5,120 --a------ C:\WINDOWS\system32\ff_vfw.dll 2007-01-02 16:07 2007-01-01 22:39 2007-01-01 22:39 2007-01-01 22:31 2007-01-01 19:51 2007-01-01 18:23 2007-01-01 18:23 2007-01-01 18:23 2007-01-01 18:23 2007-01-01 18:23 2007-01-01 18:23 2007-01-01 18:23 2007-01-01 18:23 2007-01-01 18:23 2007-01-01 18:23 2007-01-01 18:23 2007-01-01 18:23 2007-01-01 18:23 2007-01-01 18:23 2007-01-01 18:23 2007-01-01 18:23 2007-01-01 18:23 2007-01-01 18:23 2007-01-01 18:23 2007-01-01 18:23 2007-01-01 18:23 2007-01-01 18:23 2007-01-01 18:23 2007-01-01 18:23 2007-01-01 18:23 2007-01-01 18:23 2007-01-01 18:23 2007-01-01 18:23 2007-01-01 18:23 2007-01-01 18:23 2007-01-01 18:23 2007-01-01 18:23 2007-01-01 18:23 2007-01-01 18:23 2007-01-01 18:23 2007-01-01 18:23 2007-01-01 18:23 2007-01-01 18:23 2007-01-01 18:23 2007-01-01 18:23 2007-01-01 18:23 2007-01-01 18:23 2007-01-01 18:23 2007-01-01 18:23 2007-01-01 18:23 2007-01-01 18:23 2007-01-01 18:23 2007-01-01 18:23 2007-01-01 18:23 2007-01-01 18:23 2007-01-01 18:23 2007-01-01 18:23 2007-01-01 18:23 2007-01-01 18:23 2007-01-01 18:23 2007-01-01 18:23 2007-01-01 18:23 2007-01-01 18:23 2007-01-01 18:23 2007-01-01 18:23 2007-01-01 18:23 2007-01-01 18:23 2007-01-01 18:23 2007-01-01 18:23 2007-01-01 18:23 2007-01-01 18:23 2007-01-01 18:23 2007-01-01 18:12 2007-01-01 18:12 2007-01-01 18:05 46,892 --a------ C:\WINDOWS\system32\adadix16.dll 2007-01-01 18:05 46,167 --a------ C:\WINDOWS\system32\drivers\adildr.sys 2007-01-01 18:05 4,981 --a------ C:\WINDOWS\system32\adadix2k.dll 2007-01-01 18:05 155,648 --a------ C:\WINDOWS\system32\adadix32.dll 2007-01-01 18:05 151,552 --a------ C:\WINDOWS\autoclk.exe 2007-01-01 18:05 135,168 --a------ C:\WINDOWS\system32\unaddrv.exe 2007-01-01 18:05 127,497 --a------ C:\WINDOWS\system32\drivers\adiusbaw.sys 2007-01-01 18:05 127,456 --a------ C:\WINDOWS\system32\ipdetect.exe 2007-01-01 18:05 126,976 --a------ C:\WINDOWS\system32\coclassfast.dll 2007-01-01 18:05 1,540,096 --a------ C:\WINDOWS\adiras.exe 2007-01-01 18:05 2007-01-01 18:04 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll 2007-01-01 18:04 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll 2007-01-01 18:04 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll 2007-01-01 18:03 98,816 --a------ C:\WINDOWS\system32\dmstyle.dll 2007-01-01 18:03 974,848 --a------ C:\WINDOWS\system32\dxdiag.exe 2007-01-01 18:03 83,968 --a------ C:\WINDOWS\system32\drivers\nabtsfec.sys 2007-01-01 18:03 80,896 --a------ C:\WINDOWS\system32\dpvsetup.exe 2007-01-01 18:03 8,192 --a------ C:\WINDOWS\system32\d3d8thk.dll 2007-01-01 18:03 797,184 --a------ C:\WINDOWS\system32\d3dim700.dll 2007-01-01 18:03 79,360 --a------ C:\WINDOWS\system32\dpwsockx.dll 2007-01-01 18:03 77,824 --a------ C:\WINDOWS\system32\dpmodemx.dll 2007-01-01 18:03 76,800 --a------ C:\WINDOWS\system32\dmscript.dll 2007-01-01 18:03 733,184 --a------ C:\WINDOWS\system32\qedwipes.dll 2007-01-01 18:03 723,968 --a------ C:\WINDOWS\system32\dpnet.dll 2007-01-01 18:03 7,424 --a------ C:\WINDOWS\system32\drivers\mskssrv.sys 2007-01-01 18:03 68,096 --a------ C:\WINDOWS\system32\dpnhupnp.dll 2007-01-01 18:03 667,648 --a------ C:\WINDOWS\system32\dinput8.dll 2007-01-01 18:03 648,704 --a------ C:\WINDOWS\system32\dinput.dll 2007-01-01 18:03 64,512 --a------ C:\WINDOWS\system32\amstream.dll 2007-01-01 18:03 63,768 --a------ C:\WINDOWS\system32\dxdllreg.exe 2007-01-01 18:03 602,624 --a------ C:\WINDOWS\system32\dx7vb.dll 2007-01-01 18:03 58,368 --a------ C:\WINDOWS\system32\dmcompos.dll 2007-01-01 18:03 52,096 --a------ C:\WINDOWS\system32\drivers\msdv.sys 2007-01-01 18:03 5,504 --a------ C:\WINDOWS\system32\drivers\mstee.sys 2007-01-01 18:03 5,248 --a------ C:\WINDOWS\system32\drivers\mspclock.sys 2007-01-01 18:03 491,520 --a------ C:\WINDOWS\system32\dsdmoprp.dll 2007-01-01 18:03 48,512 --a------ C:\WINDOWS\system32\drivers\stream.sys 2007-01-01 18:03 470,528 --a------ C:\WINDOWS\system32\qdvd.dll 2007-01-01 18:03 47,104 --a------ C:\WINDOWS\system32\wstdecod.dll 2007-01-01 18:03 4,608 --a------ C:\WINDOWS\system32\drivers\mspqm.sys 2007-01-01 18:03 4,096 --a------ C:\WINDOWS\system32\ksuser.dll 2007-01-01 18:03 4,096 --a------ C:\WINDOWS\system32\drivers\swenum.sys 2007-01-01 18:03 381,952 --a------ C:\WINDOWS\system32\dsound.dll 2007-01-01 18:03 381,952 --a------ C:\WINDOWS\system32\dpvoice.dll 2007-01-01 18:03 354,816 --a------ C:\WINDOWS\system32\psisdecd.dll 2007-01-01 18:03 34,304 --a------ C:\WINDOWS\system32\mciqtz32.dll 2007-01-01 18:03 33,280 --a------ C:\WINDOWS\system32\dmloader.dll 2007-01-01 18:03 324,096 --a------ C:\WINDOWS\system32\mswebdvd.dll 2007-01-01 18:03 32,768 --a------ C:\WINDOWS\system32\dpnhpast.dll 2007-01-01 18:03 316,928 --a------ C:\WINDOWS\system32\qdv.dll 2007-01-01 18:03 31,744 --a------ C:\WINDOWS\system32\pid.dll 2007-01-01 18:03 3,072 --a------ C:\WINDOWS\system32\dpnlobby.dll 2007-01-01 18:03 3,072 --a------ C:\WINDOWS\system32\dpnaddr.dll 2007-01-01 18:03 292,864 --a------ C:\WINDOWS\system32\ddraw.dll 2007-01-01 18:03 28,160 --a------ C:\WINDOWS\system32\dplaysvr.exe 2007-01-01 18:03 27,136 --a------ C:\WINDOWS\system32\dmband.dll 2007-01-01 18:03 257,024 --a------ C:\WINDOWS\system32\qcap.dll 2007-01-01 18:03 24,064 --a------ C:\WINDOWS\system32\ddrawex.dll 2007-01-01 18:03 230,400 --a------ C:\WINDOWS\system32\dplayx.dll 2007-01-01 18:03 19,968 --a------ C:\WINDOWS\system32\dpvacm.dll 2007-01-01 18:03 186,880 --a------ C:\WINDOWS\system32\dsdmo.dll 2007-01-01 18:03 181,248 --a------ C:\WINDOWS\system32\dmime.dll 2007-01-01 18:03 18,944 --a------ C:\WINDOWS\system32\encapi.dll 2007-01-01 18:03 18,688 --a------ C:\WINDOWS\system32\drivers\wstcodec.sys 2007-01-01 18:03 18,432 --a------ C:\WINDOWS\system32\dswave.dll 2007-01-01 18:03 173,056 --a------ C:\WINDOWS\system32\qasf.dll 2007-01-01 18:03 16,896 --a------ C:\WINDOWS\system32\msyuv.dll 2007-01-01 18:03 16,896 --a------ C:\WINDOWS\system32\dpnsvr.exe 2007-01-01 18:03 16,384 --a------ C:\WINDOWS\system32\drivers\ccdecode.sys 2007-01-01 18:03 15,104 --a------ C:\WINDOWS\system32\drivers\mpe.sys 2007-01-01 18:03 14,976 --a------ C:\WINDOWS\system32\drivers\streamip.sys 2007-01-01 18:03 132,608 --a------ C:\WINDOWS\system32\devenum.dll 2007-01-01 18:03 130,304 --a------ C:\WINDOWS\system32\drivers\ks.sys 2007-01-01 18:03 13,312 --a------ C:\WINDOWS\system32\msdmo.dll 2007-01-01 18:03 122,880 --a------ C:\WINDOWS\system32\dmusic.dll 2007-01-01 18:03 112,128 --a------ C:\WINDOWS\system32\dpvvox.dll 2007-01-01 18:03 11,392 --a------ C:\WINDOWS\system32\drivers\bdasup.sys 2007-01-01 18:03 100,864 --a------ C:\WINDOWS\system32\dmsynth.dll 2007-01-01 18:03 10,880 --a------ C:\WINDOWS\system32\drivers\slip.sys 2007-01-01 18:03 10,496 --a------ C:\WINDOWS\system32\drivers\dxapi.sys 2007-01-01 18:03 10,112 --a------ C:\WINDOWS\system32\drivers\ndisip.sys 2007-01-01 18:03 1,962,496 --a------ C:\WINDOWS\system32\quartz.dll 2007-01-01 18:03 1,798,144 --a------ C:\WINDOWS\system32\qedit.dll 2007-01-01 18:03 1,769,472 --a------ C:\WINDOWS\system32\dxdiagn.dll 2007-01-01 18:03 1,703,936 --a------ C:\WINDOWS\system32\d3d9.dll 2007-01-01 18:03 1,294,336 --a------ C:\WINDOWS\system32\dsound3d.dll 2007-01-01 18:03 1,230,336 --a------ C:\WINDOWS\system32\msvidctl.dll 2007-01-01 18:03 1,201,152 --a------ C:\WINDOWS\system32\d3d8.dll 2007-01-01 18:03 1,189,888 --a------ C:\WINDOWS\system32\dx8vb.dll 2007-01-01 18:03 2007-01-01 18:03 2007-01-01 18:02 2007-01-01 18:02 2007-01-01 18:01 2007-01-01 18:00 2007-01-01 18:00 2007-01-01 17:57 528,384 --------- C:\WINDOWS\system32\ati2sgag.exe 2007-01-01 17:56 2007-01-01 17:55 593,408 --a------ C:\WINDOWS\system32\h323msp.dll 2007-01-01 17:55 552,448 --a------ C:\WINDOWS\system32\rtcdll.dll 2007-01-01 17:55 48,640 --a------ C:\WINDOWS\system32\browser.dll 2007-01-01 17:55 454,144 --a------ C:\WINDOWS\system32\ipnathlp.dll 2007-01-01 17:55 439,296 --a------ C:\WINDOWS\system32\rpcrt4.dll 2007-01-01 17:55 36,864 --a------ C:\WINDOWS\system32\mf3216.dll 2007-01-01 17:55 26,112 --a------ C:\WINDOWS\system32\xpsp1hfm.exe 2007-01-01 17:55 204,288 --a------ C:\WINDOWS\system32\rpcss.dll 2007-01-01 17:55 1,093,632 --a------ C:\WINDOWS\system32\ole32.dll 2007-01-01 17:55 2007-01-01 17:54 57,384 --a------ C:\WINDOWS\system32\avsda.dll 2007-01-01 17:54 32,768 --a------ C:\WINDOWS\system32\drivers\avgntdd.sys 2007-01-01 17:54 14,848 --a------ C:\WINDOWS\system32\drivers\avgntmgr.sys 2007-01-01 17:54 2007-01-01 17:53 2007-01-01 17:52 80,384 --a------ C:\WINDOWS\system32\drivers\WRDRV.SYS 2007-01-01 17:52 59,392 --a------ C:\WINDOWS\system32\drivers\kvpndrv.sys 2007-01-01 17:51 941,516 -ra------ C:\WINDOWS\system32\drivers\ALCXWDM.SYS 2007-01-01 17:51 57,344 --a------ C:\WINDOWS\system32\drivers\drmk.sys 2007-01-01 17:51 52,224 -ra------ C:\WINDOWS\SOUNDMAN.EXE 2007-01-01 17:51 135,040 --a------ C:\WINDOWS\system32\drivers\portcls.sys 2007-01-01 17:50 312,832 --a------ C:\WINDOWS\IsUn0415.exe 2007-01-01 17:50 217,088 -ra------ C:\WINDOWS\alcupd.exe 2007-01-01 17:50 19,072 --a------ C:\WINDOWS\system32\drivers\usbehci.sys 2007-01-01 17:50 143,360 -ra------ C:\WINDOWS\alcrmv.exe 2007-01-01 17:50 2007-01-01 17:50 2007-01-01 17:50 2007-01-01 17:50 2007-01-01 17:48 2007-01-01 17:47 36,224 --a------ C:\WINDOWS\system32\drivers\isapnp.sys 2007-01-01 17:47 312,320 --a------ C:\WINDOWS\IsUninst.exe 2007-01-01 17:47 2007-01-01 17:47 2007-01-01 17:43 2007-01-01 17:42 2007-01-01 17:42 2007-01-01 17:42 2007-01-01 17:42 2007-01-01 17:42 2007-01-01 17:42 2007-01-01 17:42 2007-01-01 17:42 2007-01-01 17:42 2007-01-01 17:42 2007-01-01 17:42 2007-01-01 17:42 2007-01-01 17:42 2007-01-01 17:42 2007-01-01 17:42 2007-01-01 17:42 2007-01-01 17:42 2007-01-01 17:42 2007-01-01 17:42 2007-01-01 17:42 2007-01-01 17:42 2007-01-01 17:42 2007-01-01 17:38 112,128 --a------ C:\WINDOWS\system32\mapi32.dll 2007-01-01 17:38 0 -rahs---- C:\MSDOS.SYS 2007-01-01 17:38 0 -rahs---- C:\IO.SYS 2007-01-01 17:38 0 --a------ C:\CONFIG.SYS 2007-01-01 17:38 0 --a------ C:\AUTOEXEC.BAT 2007-01-01 17:38 2007-01-01 17:38 2007-01-01 17:38 2007-01-01 17:37 2007-01-01 17:37 2007-01-01 17:37 2007-01-01 17:37 2007-01-01 17:36 90,624 --a------ C:\WINDOWS\system32\msoert2.dll 2007-01-01 17:36 9,728 --a------ C:\WINDOWS\system32\mstinit.exe 2007-01-01 17:36 81,920 --a------ C:\WINDOWS\system32\isign32.dll 2007-01-01 17:36 73,728 --a------ C:\WINDOWS\system32\ils.dll 2007-01-01 17:36 70,400 --a------ C:\WINDOWS\system32\drivers\sr.sys 2007-01-01 17:36 69,632 --a------ C:\WINDOWS\system32\icwdial.dll 2007-01-01 17:36 67,584 --a------ C:\WINDOWS\system32\acctres.dll 2007-01-01 17:36 65,536 --a------ C:\WINDOWS\system32\msconf.dll 2007-01-01 17:36 61,952 --a------ C:\WINDOWS\system32\srclient.dll 2007-01-01 17:36 61,440 --a------ C:\WINDOWS\system32\icwphbk.dll 2007-01-01 17:36 593,920 --a------ C:\WINDOWS\system32\inetcomm.dll 2007-01-01 17:36 49,152 --a------ C:\WINDOWS\system32\inetres.dll 2007-01-01 17:36 40,960 --a------ C:\WINDOWS\system32\safrslv.dll 2007-01-01 17:36 40,960 --a------ C:\WINDOWS\system32\mnmsrvc.exe 2007-01-01 17:36 39,424 --a------ C:\WINDOWS\system32\safrcdlg.dll 2007-01-01 17:36 33,792 --a------ C:\WINDOWS\system32\racpldlg.dll 2007-01-01 17:36 32,384 --a------ C:\WINDOWS\system32\mnmdd.dll 2007-01-01 17:36 28,672 --a------ C:\WINDOWS\system32\isrdbg32.dll 2007-01-01 17:36 270,336 --a------ C:\WINDOWS\system32\inetcfg.dll 2007-01-01 17:36 26,624 --a------ C:\WINDOWS\system32\safrdm.dll 2007-01-01 17:36 253,440 --a------ C:\WINDOWS\system32\mstask.dll 2007-01-01 17:36 24,576 --a------ C:\WINDOWS\system32\nmmkcert.dll 2007-01-01 17:36 228,864 --a------ C:\WINDOWS\system32\msoeacct.dll 2007-01-01 17:36 219,136 --a------ C:\WINDOWS\system32\srrstr.dll 2007-01-01 17:36 179,200 --a------ C:\WINDOWS\system32\qmgr.dll 2007-01-01 17:36 17,408 --a------ C:\WINDOWS\system32\qmgrprxy.dll 2007-01-01 17:36 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll 2007-01-01 17:36 159,744 --a------ C:\WINDOWS\system32\schedsvc.dll 2007-01-01 17:36 155,648 --a------ C:\WINDOWS\system32\srsvc.dll 2007-01-01 17:36 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll 2007-01-01 17:36 11,264 --a------ C:\WINDOWS\system32\atrace.dll 2007-01-01 17:36 2007-01-01 17:36 2007-01-01 17:36 2007-01-01 17:36 2007-01-01 17:36 2007-01-01 17:36 2007-01-01 17:36 2007-01-01 17:36 2007-01-01 17:36 2007-01-01 17:36 2007-01-01 17:36 2007-01-01 17:36 2007-01-01 17:36 2007-01-01 17:35 73,216 --a------ C:\WINDOWS\system32\avwav.dll 2007-01-01 17:35 5,632 --a------ C:\WINDOWS\system32\write.exe 2007-01-01 17:35 494,592 --a------ C:\WINDOWS\system32\hypertrm.dll 2007-01-01 17:35 44,544 --a------ C:\WINDOWS\system32\hticons.dll 2007-01-01 17:35 35,328 --a------ C:\WINDOWS\system32\winchat.exe 2007-01-01 17:35 347,648 --a------ C:\WINDOWS\system32\mspaint.exe 2007-01-01 17:35 231,424 --a------ C:\WINDOWS\system32\avtapi.dll 2007-01-01 17:35 188,928 --a------ C:\WINDOWS\system32\accwiz.exe 2007-01-01 17:35 16,384 --a------ C:\WINDOWS\system32\avmeter.dll 2007-01-01 17:35 139,264 --a------ C:\WINDOWS\system32\sndvol32.exe 2007-01-01 17:35 125,440 --a------ C:\WINDOWS\system32\sndrec32.exe 2007-01-01 17:35 123,904 --a------ C:\WINDOWS\system32\mplay32.exe 2007-01-01 17:35 2007-01-01 17:35 2007-01-01 17:35 2007-01-01 17:35 2007-01-01 17:35 2007-01-01 17:35 2007-01-01 17:35 2007-01-01 17:35 2007-01-01 17:34 95,744 --a------ C:\WINDOWS\system32\wuaueng.dll 2007-01-01 17:34 9,728 --a------ C:\WINDOWS\system32\xolehlp.dll 2007-01-01 17:34 9,728 --a------ C:\WINDOWS\system32\reset.exe 2007-01-01 17:34 89,600 --a------ C:\WINDOWS\system32\tscfgwmi.dll 2007-01-01 17:34 869,376 --a------ C:\WINDOWS\system32\msdtctm.dll 2007-01-01 17:34 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll 2007-01-01 17:34 83,968 --a------ C:\WINDOWS\system32\mtxoci.dll 2007-01-01 17:34 82,432 --a------ C:\WINDOWS\system32\comrepl.dll 2007-01-01 17:34 80,896 --a------ C:\WINDOWS\system32\charmap.exe 2007-01-01 17:34 8,704 --a------ C:\WINDOWS\system32\icaapi.dll 2007-01-01 17:34 73,864 --a------ C:\WINDOWS\system32\rdpwsx.dll 2007-01-01 17:34 61,952 --a------ C:\WINDOWS\system32\rdshost.exe 2007-01-01 17:34 605,696 --a------ C:\WINDOWS\system32\getuname.dll 2007-01-01 17:34 583,168 --a------ C:\WINDOWS\system32\catsrvut.dll 2007-01-01 17:34 57,344 --a------ C:\WINDOWS\system32\sol.exe 2007-01-01 17:34 57,344 --a------ C:\WINDOWS\system32\licwmi.dll 2007-01-01 17:34 56,832 --a------ C:\WINDOWS\system32\remotepg.dll 2007-01-01 17:34 56,832 --a------ C:\WINDOWS\system32\colbact.dll 2007-01-01 17:34 55,808 --a------ C:\WINDOWS\system32\freecell.exe 2007-01-01 17:34 54,784 --a------ C:\WINDOWS\system32\msdtclog.dll 2007-01-01 17:34 54,272 --a------ C:\WINDOWS\system32\stclient.dll 2007-01-01 17:34 539,648 --a------ C:\WINDOWS\system32\spider.exe 2007-01-01 17:34 53,248 --a------ C:\WINDOWS\system32\servdeps.dll 2007-01-01 17:34 503,296 --a------ C:\WINDOWS\system32\mstscax.dll 2007-01-01 17:34 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe 2007-01-01 17:34 495,616 --a------ C:\WINDOWS\system32\comuid.dll 2007-01-01 17:34 468,480 --a------ C:\WINDOWS\system32\clbcatq.dll 2007-01-01 17:34 41,984 --a------ C:\WINDOWS\system32\rdpclip.exe 2007-01-01 17:34 40,448 --a------ C:\WINDOWS\system32\tscupgrd.exe 2007-01-01 17:34 4,608 --a------ C:\WINDOWS\system32\rdpcfgex.dll 2007-01-01 17:34 4,096 --a------ C:\WINDOWS\system32\wuauserv.dll 2007-01-01 17:34 4,096 --a------ C:\WINDOWS\system32\mtxex.dll 2007-01-01 17:34 392,704 --a------ C:\WINDOWS\system32\mstsc.exe 2007-01-01 17:34 37,896 --a------ C:\WINDOWS\system32\drivers\termdd.sys 2007-01-01 17:34 360,960 --a------ C:\WINDOWS\system32\msdtcprx.dll 2007-01-01 17:34 33,792 --a------ C:\WINDOWS\system32\regini.exe 2007-01-01 17:34 32,768 --a------ C:\WINDOWS\system32\cfgbkend.dll 2007-01-01 17:34 25,600 --a------ C:\WINDOWS\system32\comaddin.dll 2007-01-01 17:34 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll 2007-01-01 17:34 22,528 --a------ C:\WINDOWS\system32\qwinsta.exe 2007-01-01 17:34 22,528 --a------ C:\WINDOWS\system32\msg.exe 2007-01-01 17:34 215,040 --a------ C:\WINDOWS\system32\catsrv.dll 2007-01-01 17:34 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll 2007-01-01 17:34 20,232 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys 2007-01-01 17:34 198,656 --a------ C:\WINDOWS\system32\termsrv.dll 2007-01-01 17:34 19,456 --a------ C:\WINDOWS\system32\qprocess.exe 2007-01-01 17:34 181,632 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys 2007-01-01 17:34 177,152 --a------ C:\WINDOWS\system32\cmprops.dll 2007-01-01 17:34 17,920 --a------ C:\WINDOWS\system32\tsshutdn.exe 2007-01-01 17:34 17,408 --a------ C:\WINDOWS\system32\qappsrv.exe 2007-01-01 17:34 16,896 --a------ C:\WINDOWS\system32\mmfutil.dll 2007-01-01 17:34 16,384 --a------ C:\WINDOWS\system32\tskill.exe 2007-01-01 17:34 16,384 --a------ C:\WINDOWS\system32\rwinsta.exe 2007-01-01 17:34 151,040 --a------ C:\WINDOWS\system32\msdtcuiu.dll 2007-01-01 17:34 15,872 --a------ C:\WINDOWS\system32\logoff.exe 2007-01-01 17:34 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll 2007-01-01 17:34 15,360 --a------ C:\WINDOWS\system32\tsdiscon.exe 2007-01-01 17:34 15,360 --a------ C:\WINDOWS\system32\tscon.exe 2007-01-01 17:34 15,360 --a------ C:\WINDOWS\system32\shadow.exe 2007-01-01 17:34 147,456 --a------ C:\WINDOWS\system32\comsnap.dll 2007-01-01 17:34 14,848 --a------ C:\WINDOWS\system32\rdpsnd.dll 2007-01-01 17:34 136,704 --a------ C:\WINDOWS\system32\sessmgr.exe 2007-01-01 17:34 134,656 --a------ C:\WINDOWS\system32\rdchost.dll 2007-01-01 17:34 133,632 --a------ C:\WINDOWS\system32\mshearts.exe 2007-01-01 17:34 12,288 --a------ C:\WINDOWS\system32\rdsaddin.exe 2007-01-01 17:34 119,808 --a------ C:\WINDOWS\system32\winmine.exe 2007-01-01 17:34 115,200 --a------ C:\WINDOWS\system32\calc.exe 2007-01-01 17:34 113,664 --a------ C:\WINDOWS\system32\wuauclt.exe 2007-01-01 17:34 11,776 --a------ C:\WINDOWS\system32\msdtc.exe 2007-01-01 17:34 11,144 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys 2007-01-01 17:34 107,912 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys 2007-01-01 17:34 104,960 --a------ C:\WINDOWS\system32\clipbrd.exe 2007-01-01 17:34 100,864 --a------ C:\WINDOWS\system32\clbcatex.dll 2007-01-01 17:34 1,225 --a------ C:\WINDOWS\system32\usrlogon.cmd 2007-01-01 17:34 1,139,200 --a------ C:\WINDOWS\system32\comsvcs.dll 2007-01-01 17:34 2007-01-01 17:34 2007-01-01 17:30 5,632 --a------ C:\WINDOWS\system32\drivers\splitter.sys 2007-01-01 17:30 2,816 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys 2007-01-01 17:29 9,728 --a------ C:\WINDOWS\system32\drivers\gameenum.sys 2007-01-01 17:29 79,616 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys 2007-01-01 17:29 57,472 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys 2007-01-01 17:29 57,088 --a------ C:\WINDOWS\system32\drivers\redbook.sys 2007-01-01 17:29 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys 2007-01-01 17:29 50,048 --a------ C:\WINDOWS\system32\drivers\DMusic.sys 2007-01-01 17:29 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys 2007-01-01 17:29 2,944 --a------ C:\WINDOWS\system32\drivers\msmpu401.sys 2007-01-01 17:29 159,232 --a------ C:\WINDOWS\system32\drivers\kmixer.sys 2007-01-01 17:29 122,472 --a------ C:\WINDOWS\system32\drivers\aec.sys 2007-01-01 17:28 70,144 --a------ C:\WINDOWS\system32\usbui.dll 2007-01-01 17:28 23,070 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys 2007-01-01 17:27 9,936 --a------ C:\WINDOWS\system\LZEXPAND.DLL 2007-01-01 17:27 9,168 --a------ C:\WINDOWS\system\VER.DLL 2007-01-01 17:27 85,532 --a------ C:\WINDOWS\system32\dgsetup.dll 2007-01-01 17:27 83,456 --a------ C:\WINDOWS\system\OLECLI.DLL 2007-01-01 17:27 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll 2007-01-01 17:27 72,704 --a------ C:\WINDOWS\NOTEPAD.EXE 2007-01-01 17:27 71,680 --a------ C:\WINDOWS\system32\storprop.dll 2007-01-01 17:27 70,096 --a------ C:\WINDOWS\system\AVICAP.DLL 2007-01-01 17:27 7,168 --a------ C:\WINDOWS\system32\kbdcz.dll 2007-01-01 17:27 69,712 --a------ C:\WINDOWS\system\MMSYSTEM.DLL 2007-01-01 17:27 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll 2007-01-01 17:27 6,656 --a------ C:\WINDOWS\system32\kbdycl.dll 2007-01-01 17:27 6,656 --a------ C:\WINDOWS\system32\kbdsl1.dll 2007-01-01 17:27 6,656 --a------ C:\WINDOWS\system32\kbdsl.dll 2007-01-01 17:27 6,656 --a------ C:\WINDOWS\system32\kbdhu.dll 2007-01-01 17:27 6,656 --a------ C:\WINDOWS\system32\kbdcz2.dll 2007-01-01 17:27 6,656 --a------ C:\WINDOWS\system32\kbdcz1.dll 2007-01-01 17:27 6,656 --a------ C:\WINDOWS\system32\kbdcr.dll 2007-01-01 17:27 6,656 --a------ C:\WINDOWS\system32\KBDAL.DLL 2007-01-01 17:27 6,656 --a------ C:\WINDOWS\system32\batt.dll 2007-01-01 17:27 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll 2007-01-01 17:27 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll 2007-01-01 17:27 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll 2007-01-01 17:27 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll 2007-01-01 17:27 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll 2007-01-01 17:27 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll 2007-01-01 17:27 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll 2007-01-01 17:27 5,632 -ra------ C:\WINDOWS\system32\kbdycc.dll 2007-01-01 17:27 5,632 -ra------ C:\WINDOWS\system32\kbduzb.dll 2007-01-01 17:27 5,632 -ra------ C:\WINDOWS\system32\kbdur.dll 2007-01-01 17:27 5,632 -ra------ C:\WINDOWS\system32\kbdtat.dll 2007-01-01 17:27 5,632 -ra------ C:\WINDOWS\system32\kbdru1.dll 2007-01-01 17:27 5,632 -ra------ C:\WINDOWS\system32\kbdru.dll 2007-01-01 17:27 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll 2007-01-01 17:27 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll 2007-01-01 17:27 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll 2007-01-01 17:27 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll 2007-01-01 17:27 5,632 -ra------ C:\WINDOWS\system32\kbdkaz.dll 2007-01-01 17:27 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll 2007-01-01 17:27 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll 2007-01-01 17:27 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll 2007-01-01 17:27 5,632 -ra------ C:\WINDOWS\system32\kbdbu.dll 2007-01-01 17:27 5,632 -ra------ C:\WINDOWS\system32\kbdblr.dll 2007-01-01 17:27 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll 2007-01-01 17:27 5,632 -ra------ C:\WINDOWS\system32\kbdaze.dll 2007-01-01 17:27 5,632 --a------ C:\WINDOWS\system32\kbdro.dll 2007-01-01 17:27 5,632 --a------ C:\WINDOWS\system32\kbdhu1.dll 2007-01-01 17:27 5,120 --a------ C:\WINDOWS\system\SHELL.DLL 2007-01-01 17:27 33,376 --a------ C:\WINDOWS\system\COMMDLG.DLL 2007-01-01 17:27 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll 2007-01-01 17:27 24,064 --a------ C:\WINDOWS\system\OLESVR.DLL 2007-01-01 17:27 20,992 --a------ C:\WINDOWS\TASKMAN.EXE 2007-01-01 17:27 19,200 --a------ C:\WINDOWS\system\TAPI.DLL 2007-01-01 17:27 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll 2007-01-01 17:27 13,312 --a------ C:\WINDOWS\system32\irclass.dll 2007-01-01 17:27 127,008 --a------ C:\WINDOWS\system\MSVIDEO.DLL 2007-01-01 17:27 109,488 --a------ C:\WINDOWS\system\AVIFILE.DLL 2007-01-01 17:27 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll 2007-01-01 17:27 10,496 --a------ C:\WINDOWS\system32\drivers\irenum.sys 2007-01-01 17:27 2007-01-01 17:27 2007-01-01 17:27 2007-01-01 17:27 2007-01-01 17:27 2007-01-01 17:27 2007-01-01 17:27 2007-01-01 17:27 2007-01-01 17:27 2007-01-01 17:27 2007-01-01 17:27 2007-01-01 17:27 2007-01-01 17:27 2007-01-01 17:27 2007-01-01 17:27 2007-01-01 17:27 2007-01-01 17:27 2007-01-01 17:27 2007-01-01 17:27 2007-01-01 17:27 2007-01-01 17:27 2007-01-01 17:27 2007-01-01 17:27 (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] “CTFMON.EXE”=“C:\WINDOWS\System32\ctfmon.exe” “Komunikator”="“C:\Program Files\Tlen.pl\tlen.exe” --confdir=home" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] “SoundMan”=“SOUNDMAN.EXE” [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components] “DeskHtmlVersion”=dword:00000110 “DeskHtmlMinorVersion”=dword:00000005 “Settings”=dword:00000001 “GeneralFlags”=dword:00000001 [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] “Source”=“About:Home” “SubscribedURL”=“About:Home” “FriendlyName”=“Moja bieżąca strona główna” “Flags”=dword:00000002 “Position”=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\ 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 “CurrentState”=hex:04,00,00,40 “OriginalStateInfo”=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\ ff,ff,04,00,00,00 “RestoredStateInfo”=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\ 00,00,01,00,00,00 [HKEY_USERS.default\software\microsoft\windows\currentversion\run] “CTFMON.EXE”=“C:\WINDOWS\System32\CTFMON.EXE” [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] “CTFMON.EXE”=“C:\WINDOWS\System32\CTFMON.EXE” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] “{438755C2-A8BA-11D1-B96B-00A0C90312E1}”=“Moduł wstępnego ładowania interfejsu Browseui” “{8C7461EF-2B13-11d2-BE35-3078302C2030}”=“Demon buforu kategorii składników” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] “{AEB6717E-7E19-11d0-97EE-00C04FD91972}”="" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] “NoDriveTypeAutoRun”=dword:00000091 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] “dontdisplaylastusername”=dword:00000000 “legalnoticecaption”="" “legalnoticetext”="" “shutdownwithoutlogon”=dword:00000001 “undockwithoutlogon”=dword:00000001 [HKEY_USERS.default\software\microsoft\windows\currentversion\policies\explorer] “NoDriveTypeAutoRun”=dword:00000091 [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer] “NoDriveTypeAutoRun”=dword:00000091 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] “PostBootReminder”="{7849596a-48ea-486e-8937-a2a3009f31a9}" “CDBurn”="{fbeb8a05-beee-4442-804e-409d6c4515e9}" “WebCheck”="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" “SysTray”="{35CEC8A3-2BE6-11D2-8773-92E220524153}" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“avgnt” “hkey”=“HKLM” “command”="“C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe” /min" “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Komunikator] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“tlen” “hkey”=“HKCU” “command”="“C:\Program Files\Tlen.pl\tlen.exe” --confdir=home" “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“msmsgs” “hkey”=“HKCU” “command”="“C:\Program Files\Messenger\msmsgs.exe” /background" “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WrCtrl] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“WrCtrl” “hkey”=“HKCU” “command”="“C:\Program Files\Kerio\WinRoute Firewall\WrCtrl.exe”" “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] “Messenger”=dword:00000002 [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] “SecurityProviders”=“msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll” ~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ backup-20070102-201059-967 O9 - Extra ‘Tools’ menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm backup-20070102-201059-457 O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm Completion time: 07-01-03 22:42:26.04 C:\ComboFix.txt … 07-01-03 22:42

Złączono Posta : 03.01.2007 (Sro) 22:59

wlasnie zrobilem scana w http://www.bezpieczenstwo.onet.pl i praktycznie w kazdym pliku .exe w C:\WINDOWS\ znajdowalo mi wirusa W32.Virbot.C …Na poczatku kasowalem wszystkie bo myslaelm ze to wirus ale potem patrze a scciezka C:\WINDOWS\SOUNDMAN.EXE i sie dopiero skapłem ze to nie wirus chyba ;/ i przerwalem skanowanie…

Złączono Posta : 03.01.2007 (Sro) 23:04

Bieniol · 4 Styczeń 2007 15:35

Tutaj również czysto.

Zrób skan AVG AntySpyware 7.5 po update

giga89 · 4 Styczeń 2007 21:56

Logfile of HijackThis v1.99.1 Scan saved at 22:57:57, on 2007-01-04 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\System32\ctfmon.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe D:\instalkii\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM…\Run: [MS System Call Function] MSSCF32.exe O4 - HKLM…\RunServices: [MS System Call Function] MSSCF32.exe O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU…\Run: [Komunikator] “C:\Program Files\Tlen.pl\tlen.exe” --confdir=home O4 - HKCU…\Run: [MS System Call Function] MSSCF32.exe O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://bezpieczenstwo.onet.pl/skaner/ArcaOnline.cab O17 - HKLM\System\CCS\Services\Tcpip…{0B436A43-C3D2-45BB-8B61-E383ED177A82}: NameServer = 194.204.152.34 217.98.63.164 O17 - HKLM\System\CS1\Services\Tcpip…{0B436A43-C3D2-45BB-8B61-E383ED177A82}: NameServer = 194.204.152.34 217.98.63.164 O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Unknown owner - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe (file missing) O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Unknown owner - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe (file missing) O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: Kerio WinRoute Firewall (WinRoute) - Unknown owner - C:\Program Files\Kerio\WinRoute Firewall\winroute.exe (file missing)

znow mam jakies dziwne procesu typu Vrt3 w menadzerze …i inne spr loga plz…

adam9870 · 4 Styczeń 2007 22:10

Plik usuń ręcznie w trybie awaryjnym, a wpisy w hjt.

Przeskanuj http://www.ewido.net/en/.

Po wykonaniu pokaż komplet nowych logów tj. HijackThis, SilentRunners, ComboFix.

giga89 · 4 Styczeń 2007 22:31

Logfile of HijackThis v1.99.1 Scan saved at 23:27:09, on 2007-01-04 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\WINDOWS\explorer.exe D:\instalkii\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM…\Run: [!AVG Anti-Spyware] “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” /minimized O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU…\Run: [Komunikator] “C:\Program Files\Tlen.pl\tlen.exe” --confdir=home O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://bezpieczenstwo.onet.pl/skaner/ArcaOnline.cab O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Unknown owner - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe (file missing) O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Unknown owner - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe (file missing) O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: Kerio WinRoute Firewall (WinRoute) - Unknown owner - C:\Program Files\Kerio\WinRoute Firewall\winroute.exe (file missing)

“Silent Runners.vbs”, revision 49, http://www.silentrunners.org/ Operating System: Windows XP Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “CTFMON.EXE” = “C:\WINDOWS\System32\ctfmon.exe” [MS] “Komunikator” = ““C:\Program Files\Tlen.pl\tlen.exe” --confdir=home” [“o2.pl Sp. z o.o.”] “Spyware Doctor” = “(empty string)” [file not found] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “SoundMan” = “SOUNDMAN.EXE” [“Avance Logic, Inc.”] “!AVG Anti-Spyware” = ““C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” /minimized” [“Anti-Malware Development a.s.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\System32\hticons.dll” [“Hilgraeve, Inc.”] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ <> “{57B86673-276A-48B2-BAE7-C6DBB3020EB8}” = “AVG Anti-Spyware 7.5” -> {HKLM…CLSID} = “CShellExecuteHookImpl Object” \InProcServer32(Default) = “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll” [“Anti-Malware Development a.s.”] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <> AtiExtEvent\DLLName = “Ati2evxx.dll” [“ATI Technologies Inc.”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ AVG Anti-Spyware(Default) = “{8934FCEF-F5B8-468f-951F-78A921CD3920}” -> {HKLM…CLSID} = “CContextScan Object” \InProcServer32(Default) = “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll” [“Anti-Malware Development a.s.”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ AVG Anti-Spyware(Default) = “{8934FCEF-F5B8-468f-951F-78A921CD3920}” -> {HKLM…CLSID} = “CContextScan Object” \InProcServer32(Default) = “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll” [“Anti-Malware Development a.s.”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “DisableRegistryTools” = (REG_DWORD) hex:0x00000000 {User Configuration|Administrative Templates|System| Prevent access to registry editing tools} HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} “undockwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ “Wallpaper” = “C:\WINDOWS\web\wallpaper\Idylla.bmp” Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\WINDOWS\web\wallpaper\Idylla.bmp” Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ “SCRNSAVE.EXE” = “C:\WINDOWS\System32\logon.scr” [MS] Startup items in “Emosik” & “All Users” startup folders: -------------------------------------------------------- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart “DSLMON” -> shortcut to: “C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe” [empty string] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 17 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Ati HotKey Poller, Ati HotKey Poller, “C:\WINDOWS\System32\Ati2evxx.exe” [“ATI Technologies Inc.”] AVG Anti-Spyware Guard, AVG Anti-Spyware Guard, “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe” [“Anti-Malware Development a.s.”] PC Tools Spyware Doctor, SDhelper, “C:\Program Files\Spyware Doctor\sdhelp.exe” [“PC Tools Research Pty Ltd”] Sunbelt Kerio Personal Firewall 4, KPF4, “C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe” [“Sunbelt Software”] ---------- <>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer “No” at the first message box and “Yes” at the second message box. ---------- (total run time: 68 seconds, including 4 seconds for message boxes)

combofix

ComboFix 06.11.27 - Running from: “C:\Documents and Settings\Emosik\Pulpit” ((((((((((((((((((((((((((((((( Files Created from 2020-08-03 to 202007-01-03 )))))))))))))))))))))))))))))))))) No new files created in this timespan (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] “CTFMON.EXE”=“C:\WINDOWS\System32\ctfmon.exe” “Komunikator”="“C:\Program Files\Tlen.pl\tlen.exe” --confdir=home" “Spyware Doctor”="" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] “SoundMan”=“SOUNDMAN.EXE” “!AVG Anti-Spyware”="“C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” /minimized" [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components] “DeskHtmlVersion”=dword:00000110 “DeskHtmlMinorVersion”=dword:00000005 “Settings”=dword:00000001 “GeneralFlags”=dword:00000001 [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] “Source”=“About:Home” “SubscribedURL”=“About:Home” “FriendlyName”=“Moja bieżąca strona główna” “Flags”=dword:00000002 “Position”=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\ 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 “CurrentState”=hex:04,00,00,40 “OriginalStateInfo”=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\ ff,ff,04,00,00,00 “RestoredStateInfo”=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\ 00,00,01,00,00,00 [HKEY_USERS.default\software\microsoft\windows\currentversion\run] “CTFMON.EXE”=“C:\WINDOWS\System32\CTFMON.EXE” “Spyware Doctor”="" “MS System Call Function”=“MSSCF32.exe” [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] “CTFMON.EXE”=“C:\WINDOWS\System32\CTFMON.EXE” “Spyware Doctor”="" “MS System Call Function”=“MSSCF32.exe” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] “{438755C2-A8BA-11D1-B96B-00A0C90312E1}”=“Moduł wstępnego ładowania interfejsu Browseui” “{8C7461EF-2B13-11d2-BE35-3078302C2030}”=“Demon buforu kategorii składników” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] “{AEB6717E-7E19-11d0-97EE-00C04FD91972}”="" “{57B86673-276A-48B2-BAE7-C6DBB3020EB8}”=“AVG Anti-Spyware 7.5” [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] “DisableRegistryTools”=dword:00000000 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] “NoDriveTypeAutoRun”=dword:00000091 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] “dontdisplaylastusername”=dword:00000000 “legalnoticecaption”="" “legalnoticetext”="" “shutdownwithoutlogon”=dword:00000001 “undockwithoutlogon”=dword:00000001 [HKEY_USERS.default\software\microsoft\windows\currentversion\policies\explorer] “NoDriveTypeAutoRun”=dword:00000091 [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer] “NoDriveTypeAutoRun”=dword:00000091 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] “PostBootReminder”="{7849596a-48ea-486e-8937-a2a3009f31a9}" “CDBurn”="{fbeb8a05-beee-4442-804e-409d6c4515e9}" “WebCheck”="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" “SysTray”="{35CEC8A3-2BE6-11D2-8773-92E220524153}" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“avgnt” “hkey”=“HKLM” “command”="“C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe” /min" “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Komunikator] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“tlen” “hkey”=“HKCU” “command”="“C:\Program Files\Tlen.pl\tlen.exe” --confdir=home" “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“msmsgs” “hkey”=“HKCU” “command”="“C:\Program Files\Messenger\msmsgs.exe” /background" “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WrCtrl] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“WrCtrl” “hkey”=“HKCU” “command”="“C:\Program Files\Kerio\WinRoute Firewall\WrCtrl.exe”" “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] “Messenger”=dword:00000002 [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] “SecurityProviders”=“msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll” Completion time: 2007-01-04 23:32:02,48 C:\ComboFix.txt … 2007-01-04 23:32 C:\ComboFix2.txt … 2007-01-03 22:42

Złączono Posta : 04.01.2007 (Czw) 23:33

a tym anti spywarem juz robilem scana i znalazl jedynie pare czegos tam na medium risk…

AVG Anti-Spyware - Scan Report

Created at: 23:14:04 2007-01-04
Scan result:

:mozilla.47:C:\Documents and Settings\Emosik\Dane aplikacji\Mozilla\Firefox\Profiles\qnxe881j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.31:C:\Documents and Settings\Emosik\Dane aplikacji\Mozilla\Firefox\Profiles\qnxe881j.default\cookies.txt -> TrackingCookie.Adocean : Cleaned.

:mozilla.33:C:\Documents and Settings\Emosik\Dane aplikacji\Mozilla\Firefox\Profiles\qnxe881j.default\cookies.txt -> TrackingCookie.Adocean : Cleaned.

C:\Documents and Settings\Emosik\Cookies\emosik@gde.adocean[2].txt -> TrackingCookie.Adocean : Cleaned.

C:\Documents and Settings\Emosik\Cookies\emosik@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned.

:mozilla.44:C:\Documents and Settings\Emosik\Dane aplikacji\Mozilla\Firefox\Profiles\qnxe881j.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.

:mozilla.45:C:\Documents and Settings\Emosik\Dane aplikacji\Mozilla\Firefox\Profiles\qnxe881j.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.

C:\Documents and Settings\Emosik\Cookies\emosik@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned.

:mozilla.38:C:\Documents and Settings\Emosik\Dane aplikacji\Mozilla\Firefox\Profiles\qnxe881j.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.

:mozilla.39:C:\Documents and Settings\Emosik\Dane aplikacji\Mozilla\Firefox\Profiles\qnxe881j.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.

::Report end

Joan · 5 Styczeń 2007 10:04

HJT i Silent czyste, AVG wykrył tylko cookie.

Otwórz notatnik i wklej w nim to:

Plik -> zapisz jako -> zmień rozszerzenie na wszystkie pliki -> zapisz pod nazwą FIX.REG

Odpal plik FIX.REG i potwierdź dodanie do rejestru i reset kompa

:shock: daj nowy log z combofixa.

giga89 · 7 Styczeń 2007 11:29

hyh ale ja nie moge zrobic tego pliku…bo jak go zaipsze juz pod nazwa FIX.REG i dam na rozszerzenie wszystkie pliki i probuje odpalic to pisze ze nie mozna odnalesc regedit.exe ;D.bo ja go usunalem chyba scanerem bo pokazalo mi to jako wirus…i nie tylko to skasowalem ;X

Joan · 7 Styczeń 2007 12:11

Niemożliwe że usunąłeś plik rejestru, bo zwyczajnie system by wtedy nie wstał. Napisz, co konkretnie usunąłeś i wklej nowe logi (Hijack+Silent+Combo), bo wróżyć nie potrafimy