Pojawił sięplik winlogin.exe

Neowg · 24 Czerwiec 2007 20:09

Witam

Bardzo proszę o sprawdzenie loga bo w ogóle aplikacje jakoś ostatnio dziwnie chodzą.

HijackThis :

Logfile of HijackThis v1.99.1 Scan saved at 22:02:30, on 2007-06-24 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe D:\Program Files\Executive Software\DiskeeperLite\DKService.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\NEOSTR~1\CnxMon.exe C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe C:\Program Files\Lexmark 4300 Series\lxcemon.exe C:\Program Files\Lexmark 4300 Series\ezprint.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\WINDOWS\system32\winlogin.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\lxcecoms.exe C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe C:\PROGRA~1\NEOSTR~1\ComComp.exe C:\PROGRA~1\NEOSTR~1\Watch.exe C:\Program Files\Last.fm\LastFM.exe D:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Wojtek\Pulpit\Wojtek\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://szukaj.wp.pl R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.6.14.dll O4 - HKLM…\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe O4 - HKLM…\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe O4 - HKLM…\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [lxcemon.exe] “C:\Program Files\Lexmark 4300 Series\lxcemon.exe” O4 - HKLM…\Run: [EzPrint] “C:\Program Files\Lexmark 4300 Series\ezprint.exe” O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [adiras] adiras.exe O4 - HKLM…\Run: [QuickTime Task] “D:\Program Files\QuickTime\qttask.exe” -atboottime O4 - HKLM…\Run: [sony Ericsson PC Suite] “D:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe” /startoptions O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe” O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O4 - Global Startup: winlogin.exe.lnk = C:\WINDOWS\system32\winlogin.exe O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/pl/billard8_2_0_0_31.cab O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) - http://67.15.101.3/g_bin/pl/snooker_2_0_0_31.cab O17 - HKLM\System\CCS\Services\Tcpip…{C7F8490A-8285-4404-953D-2BDA94CEA92F}: NameServer = 194.204.159.1 217.98.63.164 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Diskeeper - Executive Software International, Inc. - D:\Program Files\Executive Software\DiskeeperLite\DKService.exe O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing) O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Silent Runners :

"

Silent Runners.vbs", revision 49, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “CTFMON.EXE” = “C:\WINDOWS\system32\ctfmon.exe” [MS] “BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}” = ““C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe”” [file not found] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “WooCnxMon” = “C:\PROGRA~1\NEOSTR~1\CnxMon.exe” [empty string] “WOOWATCH” = “C:\PROGRA~1\NEOSTR~1\Watch.exe” [“France Télécom R&D”] “WOOTASKBARICON” = “C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe” [“France Télécom R&D”] “NvCplDaemon” = “RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup” [MS] “nwiz” = “nwiz.exe /install” [“NVIDIA Corporation”] “lxcemon.exe” = ““C:\Program Files\Lexmark 4300 Series\lxcemon.exe”” [“Lexmark International, Inc.”] “EzPrint” = ““C:\Program Files\Lexmark 4300 Series\ezprint.exe”” [“Lexmark International Inc.”] “SoundMan” = “SOUNDMAN.EXE” [“Realtek Semiconductor Corp.”] “NvMediaCenter” = “RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit” [MS] “adiras” = “adiras.exe” [file not found] “QuickTime Task” = ““D:\Program Files\QuickTime\qttask.exe” -atboottime” [“Apple Inc.”] “(Default)” = “(empty string)” [file not found] “Sony Ericsson PC Suite” = ““D:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe” /startoptions” [“Sony Ericsson Mobile Communications AB”] “NeroFilterCheck” = “C:\WINDOWS\system32\NeroCheck.exe” [“Ahead Software Gmbh”] “avast!” = “C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [“ALWIL Software”] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {22BF413B-C6D2-4d91-82A9-A0F997BA588C}(Default) = “Skype add-on (mastermind)” -> {HKLM…CLSID} = “Skype add-on (mastermind)” \InProcServer32(Default) = “C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll” [“Skype Technologies S.A.”] {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}(Default) = “BitComet ClickCapture” -> {HKLM…CLSID} = “BitComet Helper” \InProcServer32(Default) = “C:\Program Files\BitComet\tools\BitCometBHO_1.1.6.14.dll” [“BitComet”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\system32\hticons.dll” [“Hilgraeve, Inc.”] “{3028902F-6374-48b2-8DC6-9725E775B926}” = “IE Microsoft AutoComplete” -> {HKLM…CLSID} = “IE Microsoft AutoComplete” \InProcServer32(Default) = “C:\WINDOWS\system32\browseui.dll” [MS] “{EFA24E62-B078-11d0-89E4-00C04FC9E26E}” = “History Band” -> {HKLM…CLSID} = “History Band” \InProcServer32(Default) = “C:\WINDOWS\system32\shdocvw.dll” [MS] “{A70C977A-BF00-412C-90B7-034C51DA2439}” = “NvCpl DesktopContext Class” -> {HKLM…CLSID} = “DesktopContext Class” \InProcServer32(Default) = “C:\WINDOWS\system32\nvcpl.dll” [“NVIDIA Corporation”] “{1CDB2949-8F65-4355-8456-263E7C208A5D}” = “Desktop Explorer” -> {HKLM…CLSID} = “Desktop Explorer” \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A47}” = “Desktop Explorer Menu” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A48}” = “nView Desktop Context Menu” -> {HKLM…CLSID} = “nView Desktop Context Menu” \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}” = “TuneUp Shredder Shell Extension” -> {HKLM…CLSID} = “TuneUp Shredder Shell Extension” \InProcServer32(Default) = “C:\Program Files\TuneUp Utilities 2007\SDShelEx-win32.dll” [“TuneUp Software GmbH”] “{44440D00-FF19-4AFC-B765-9A0970567D97}” = “TuneUp Theme Extension” -> {HKLM…CLSID} = “TuneUp Theme Extension” \InProcServer32(Default) = “C:\WINDOWS\System32\uxtuneup.dll” [“TuneUp Software GmbH”] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] “{FFB699E0-306A-11d3-8BD1-00104B6F7516}” = “Play on my TV helper” -> {HKLM…CLSID} = “NVIDIA CPL Extension” \InProcServer32(Default) = “C:\WINDOWS\system32\nvcpl.dll” [“NVIDIA Corporation”] “{19F500E0-9964-11cf-B63D-08002B317C03}” = “Desktop Icon Layout” -> {HKLM…CLSID} = “Desktop Icon Layout” \InProcServer32(Default) = “Layout.dll” [“Microsoft”] “{00020D75-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Desktop Icon Handler” -> {HKLM…CLSID} = “Microsoft Office Outlook” \InProcServer32(Default) = “D:\PROGRA~1\MICROS~1\OFFICE11\MLSHEXT.DLL” [MS] “{0006F045-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Custom Icon Handler” -> {HKLM…CLSID} = “Rozszerzenie ikon plików programu Outlook” \InProcServer32(Default) = “D:\PROGRA~1\MICROS~1\OFFICE11\OLKFSTUB.DLL” [MS] “{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “D:\Program Files\Microsoft Office\OFFICE11\msohev.dll” [MS] “{A5110426-177D-4e08-AB3F-785F10B4439C}” = “Sony Ericsson File Manager” -> {HKLM…CLSID} = “Sony Ericsson File Manager” \InProcServer32(Default) = “D:\Program Files\Sony Ericsson\Mobile2\File Manager\fmgrgui.dll” [“Sony Ericsson Mobile Communications AB”] “{472083B0-C522-11CF-8763-00608CC02F24}” = “avast” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ “WPDShServiceObj” = “{AAA288BA-9A4C-45B0-95D7-94D524869DB5}” -> {HKLM…CLSID} = “WPDShServiceObj Class” \InProcServer32(Default) = “C:\WINDOWS\system32\WPDShServiceObj.dll” [MS] HKLM\System\CurrentControlSet\Control\Session Manager\ <> “BootExecute” = “autocheck autochk *”|“lsdelete” [null data] HKLM\Software\Classes\PROTOCOLS\Filter\ <> text/xml\CLSID = “{807553E5-5146-11D5-A672-00B0D022E945}” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL” [MS] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = “PDF Column Info” -> {HKLM…CLSID} = “PDF Shell Extension” \InProcServer32(Default) = “D:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll” [“Adobe Systems, Inc.”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] MkS_Vir(Default) = “{E64226E0-9DA1-479E-8265-8D65BA327BD4}” -> {HKLM…CLSID} = “MkS_Vir Shell Extension” \InProcServer32(Default) = “/u\mksshell.dll” [file not found] TuneUp Shredder Shell Extension(Default) = “{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}” -> {HKLM…CLSID} = “TuneUp Shredder Shell Extension” \InProcServer32(Default) = “C:\Program Files\TuneUp Utilities 2007\SDShelEx-win32.dll” [“TuneUp Software GmbH”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ TuneUp Shredder Shell Extension(Default) = “{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}” -> {HKLM…CLSID} = “TuneUp Shredder Shell Extension” \InProcServer32(Default) = “C:\Program Files\TuneUp Utilities 2007\SDShelEx-win32.dll” [“TuneUp Software GmbH”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] IconLayout(Default) = “{19F500E0-9964-11cf-B63D-08002B317C03}” -> {HKLM…CLSID} = “Desktop Icon Layout” \InProcServer32(Default) = “Layout.dll” [“Microsoft”] MkS_Vir(Default) = “{E64226E0-9DA1-479E-8265-8D65BA327BD4}” -> {HKLM…CLSID} = “MkS_Vir Shell Extension” \InProcServer32(Default) = “/u\mksshell.dll” [file not found] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] Group Policies {policy setting}: -------------------------------- Note: detected settings may not have any effect. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001 {Shutdown: Allow system to be shut down without having to log on} “undockwithoutlogon” = (REG_DWORD) hex:0x00000001 {Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ “Wallpaper” = “C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\Documents and Settings\Wojtek\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ “SCRNSAVE.EXE” = “C:\WINDOWS\system32\ssmarque.scr” [MS] Startup items in “Wojtek” & “All Users” startup folders: -------------------------------------------------------- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart “Adobe Reader Speed Launch” -> shortcut to: “D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe” [“Adobe Systems Incorporated”] “DSLMON” -> shortcut to: “C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe /W” [empty string] “winlogin.exe” -> shortcut to: “C:\WINDOWS\system32\winlogin.exe” [null data] Enabled Scheduled Tasks: ------------------------ “1-Click Maintenance” -> launches: “C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe /schedulestart” [“TuneUp Software GmbH”] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ HKLM\Software\Classes\CLSID{01002DB2-8170-4D9B-A8B1-DDC9DD114E03}(Default) = “Volet Wanadoo” Implemented Categories{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32(Default) = “C:\PROGRA~1\NEOSTR~1\audience\audience.dll” [empty string] HKLM\Software\Classes\CLSID{3BAF4A27-C764-4E1A-A6F4-62F7A7E5E51C}(Default) = “ToolBand Class” Implemented Categories{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32(Default) = “C:\PROGRA~1\NEOSTR~1\audience\audience.dll” [empty string] HKLM\Software\Classes\CLSID{5BF498C0-931E-4A4F-B33F-456D07137EAA}(Default) = “Volet Wanadoo” Implemented Categories{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32(Default) = “C:\PROGRA~1\NEOSTR~1\audience\audience.dll” [empty string] HKLM\Software\Classes\CLSID{FF059E31-CC5A-4E2E-BF3B-96E929D65503}(Default) = “&Badanie” Implemented Categories{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32(Default) = “D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL” [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {77BF5300-1474-4EC7-9980-D32B190E9B07}\ “ButtonText” = “Skype” “CLSIDExtension” = “{77BF5300-1474-4EC7-9980-D32B190E9B07}” -> {HKLM…CLSID} = “Skype add-on (button)” \InProcServer32(Default) = “C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll” [“Skype Technologies S.A.”] {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ “ButtonText” = “Badanie” Miscellaneous IE Hijack Points ------------------------------ HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\ <> “{08C06D61-F1F3-4799-86F8-BE1A89362C85}” = (no title provided) -> {HKLM…CLSID} = “Search Class” \InProcServer32(Default) = “C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL” [empty string] HKLM\Software\Microsoft\Internet Explorer\AboutURLs\ <> “TuneUp” = “file://C|/Documents and Settings/All Users/Dane aplikacji/TuneUp Software/Common/base.css” [file not found] <> “Tabs” = “res://ieframe.dll/tabswelcome.htm” [file not found] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Ad-Aware 2007 Service, aawservice, ““D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe”” [“Lavasoft AB”] avast! Antivirus, avast! Antivirus, ““C:\Program Files\Alwil Software\Avast4\ashServ.exe”” [“ALWIL Software”] avast! iAVS4 Control Service, aswUpdSv, ““C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe”” [“ALWIL Software”] avast! Mail Scanner, avast! Mail Scanner, ““C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe” /service” [“ALWIL Software”] avast! Web Scanner, avast! Web Scanner, ““C:\Program Files\Alwil Software\Avast4\ashWebSv.exe” /service” [“ALWIL Software”] Diskeeper, Diskeeper, ““D:\Program Files\Executive Software\DiskeeperLite\DKService.exe”” [“Executive Software International, Inc.”] lxce_device, lxce_device, “C:\WINDOWS\system32\lxcecoms.exe -service” [“Lexmark International, Inc.”] Machine Debug Manager, MDM, ““C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE”” [MS] NVIDIA Display Driver Service, NVSvc, “C:\WINDOWS\system32\nvsvc32.exe” [“NVIDIA Corporation”] TuneUp Theme Extension, UxTuneUp, “C:\WINDOWS\System32\svchost.exe -k netsvcs” {“C:\WINDOWS\System32\uxtuneup.dll” [“TuneUp Software GmbH”]} Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ 4300 Series Port\Driver = “lxcelmpm.DLL” [“Lexmark International, Inc.”] Microsoft Document Imaging Writer Monitor\Driver = “mdimon.dll” [MS] ---------- <>: Suspicious data at a malware launch point. <>: Suspicious data at a browser hijack point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer “No” at the first message box and “Yes” at the second message box. ---------- (total run time: 95 seconds, including 18 seconds for message boxes)

Z góry dziękuję i pozdrawiam

Gutek · 24 Czerwiec 2007 20:57

usuń plik ręczniew trybie awaryjnym

Czyszczenie rejestru:

RegCleaner - http://www.dobreprogramy.pl/index.php?dz=2&t=29&id=177

możesz rejestr przelecieć albo

jv16 PowerTools - http://www.dobreprogramy.pl/index.php?dz=2&t=29&id=509

Daj log z Combofix

Neowg · 25 Czerwiec 2007 10:09

Log z

Combofix :

“Wojtek” - 2007-06-25 12:01:10 - ComboFix 07-06-23.5 - Dodatek Service Pack 2 NTFS ((((((((((((((((((((((((( Files Created from 2007-05-25 to 2007-06-25 ))))))))))))))))))))))))))))))) 2007-06-25 11:56 49,152 --a------ C:\WINDOWS\nircmd.exe 2007-06-25 11:41 2007-06-25 11:39 2007-06-20 19:38 2007-06-19 19:09 2007-06-19 15:05 2007-06-18 12:49 95,872 --a------ C:\WINDOWS\system32\AvastSS.scr 2007-06-18 12:49 94,552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2007-06-18 12:49 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2007-06-18 12:49 745,600 --a------ C:\WINDOWS\system32\aswBoot.exe 2007-06-18 12:49 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2007-06-18 12:49 26,888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2007-06-18 12:49 23,416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2007-06-18 12:49 2007-06-16 21:49 2007-06-16 20:55 2007-06-16 20:52 2007-06-16 17:30 5,888 --------- C:\WINDOWS\system32\drivers\imagedrv.sys 2007-06-16 17:30 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll 2007-06-16 17:30 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll 2007-06-16 17:30 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll 2007-06-16 17:30 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll 2007-06-16 17:30 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe 2007-06-16 17:30 127,488 --------- C:\WINDOWS\system32\drivers\imagesrv.sys 2007-06-16 17:30 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll 2007-06-16 17:30 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll 2007-06-16 17:30 2007-06-16 17:03 2007-06-16 14:01 2007-06-15 20:09 2007-06-15 16:49 2007-06-14 14:47 2007-06-14 14:29 2007-06-13 16:21 2007-06-13 16:20 2007-06-13 16:12 2007-06-11 22:14 2007-06-11 18:26 584,704 --a------ C:\WINDOWS\system32\Pearl-Jam Screen Saver.scr 2007-06-11 18:26 283,648 --a------ C:\WINDOWS\system32\uninstall.exe 2007-06-11 18:26 149,504 --a------ C:\WINDOWS\system32\Mpegdll.dll 2007-06-10 14:00 2007-06-10 13:02 2007-06-09 20:10 2007-06-09 20:09 2007-06-09 20:05 2007-06-09 19:48 2007-06-09 19:31 2007-06-09 18:42 2007-06-09 18:39 2007-06-09 18:38 2007-06-09 18:24 2007-06-09 18:22 2007-06-09 18:17 2,621,440 --a------ C:\DOCUME~1\Wojtek\NTUSER.DAT 2007-06-09 18:17 2007-06-09 18:17 2007-06-09 18:17 2007-06-09 18:17 2007-06-09 18:17 2007-06-09 18:17 2007-06-09 18:17 2007-06-09 16:53 2007-06-08 23:43 2007-06-08 19:49 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll 2007-06-08 19:49 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll 2007-06-08 19:49 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll 2007-06-08 19:49 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll 2007-06-08 19:49 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll 2007-06-08 19:49 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll 2007-06-08 19:49 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll 2007-06-08 19:49 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll 2007-06-08 19:49 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll 2007-06-08 19:49 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll 2007-06-08 19:49 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll 2007-06-08 19:49 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll 2007-06-08 19:49 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll 2007-06-08 19:49 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll 2007-06-08 19:49 18,280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll 2007-06-08 19:49 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll 2007-06-08 19:49 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll 2007-06-08 19:49 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll 2007-06-08 19:48 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll 2007-06-08 18:20 2007-06-07 20:00 2007-06-04 20:33 2007-06-04 19:33 64,502 --a------ C:\WINDOWS\BricoPackUninst.cmd 2007-06-04 19:31 6,116 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd 2007-06-04 19:30 2007-06-04 15:18 9,344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys 2007-06-04 15:17 8,320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys 2007-06-04 15:14 6,272 --a------ C:\WINDOWS\system32\drivers\AWRTPD.sys 2007-06-02 22:10 24,816 --a------ C:\WINDOWS\system32\mdimon.dll 2007-06-02 22:08 2007-06-02 22:05 2007-06-02 22:04 2007-06-02 15:18 2007-06-02 15:15 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE 2007-06-02 15:14 2007-06-02 14:41 2007-06-01 17:21 90,112 --a------ C:\WINDOWS\unvise32.exe 2007-06-01 17:21 (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-06-25 10:00:13 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2007-06-25 09:50:33 -------- d-----w C:\Program Files\Neostrada TP 2007-06-19 17:09:53 -------- d-----w C:\Program Files\BitComet 2007-06-19 17:09:23 2,560 ----a-w C:\WINDOWS\system32\BitCometRes.dll 2007-06-09 17:56:59 -------- d-----w C:\Program Files\Opera 2007-06-09 17:36:13 -------- d-----w C:\Program Files\Tlen.pl 2007-06-09 16:39:20 -------- d-----w C:\Program Files\Common Files\Teleca Shared 2007-06-09 16:26:05 -------- d-----w C:\Program Files\Winamp 2007-06-09 14:53:40 -------- d-----w C:\Program Files\BearShare 2007-06-09 14:53:21 -------- d-----w C:\Program Files\Movie Maker 2007-06-04 17:33:44 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll 2007-06-01 12:33:03 -------- d-----w C:\Program Files\Ganymede 2007-05-31 18:03:05 -------- d-----w C:\Program Files\Gadu-Gadu 2007-05-24 17:03:27 -------- d-----w C:\Program Files\Sony Ericsson 2007-05-24 16:36:11 -------- d-----w C:\Program Files\Common Files\Nero 2007-05-22 06:15:55 -------- d-----w C:\Program Files\MSXML 4.0 2007-05-21 18:34:15 5,744 ----a-w C:\WINDOWS\system32\drivers\k750wh.sys 2007-05-21 18:34:14 94,064 ----a-w C:\WINDOWS\system32\drivers\k510mdm.sys 2007-05-21 18:34:14 85,408 ----a-w C:\WINDOWS\system32\drivers\k510mgmt.sys 2007-05-21 18:34:14 83,344 ----a-w C:\WINDOWS\system32\drivers\k510obex.sys 2007-05-21 18:34:14 5,808 ----a-w C:\WINDOWS\system32\drivers\k510whnt.sys 2007-05-21 18:34:14 5,808 ----a-w C:\WINDOWS\system32\drivers\k510wh.sys 2007-05-21 18:34:13 8,336 ----a-w C:\WINDOWS\system32\drivers\k510mdfl.sys 2007-05-21 18:34:13 6,176 ----a-w C:\WINDOWS\system32\drivers\k510cmnt.sys 2007-05-21 18:34:13 6,176 ----a-w C:\WINDOWS\system32\drivers\k510cm.sys 2007-05-21 18:34:13 6,144 ----a-w C:\WINDOWS\system32\drivers\k750cm.sys 2007-05-21 18:34:13 58,288 ----a-w C:\WINDOWS\system32\drivers\k510bus.sys 2007-05-21 18:33:56 -------- d-----w C:\Program Files\Common Files\InstallShield 2007-05-21 06:01:38 49,492 ----a-w C:\WINDOWS\system32\perfc015.dat 2007-05-21 06:01:38 355,486 ----a-w C:\WINDOWS\system32\perfh015.dat 2007-05-20 19:29:09 -------- d-----w C:\Program Files\Messenger 2007-05-20 18:12:01 -------- d-----w C:\Program Files\Lavasoft 2007-05-20 18:05:08 -------- d-----w C:\Program Files\Common Files\ODBC 2007-05-20 18:05:06 -------- d-----w C:\Program Files\Common Files\SpeechEngines 2007-05-20 17:53:20 -------- d-----w C:\Program Files\Skype 2007-05-20 17:53:16 -------- d-----w C:\Program Files\Common Files\Skype 2007-05-20 17:36:03 4 ----a-w C:\WINDOWS\system32\proc-220146841.bin 2007-05-20 17:18:33 -------- d-----w C:\Program Files\Last.fm 2007-05-20 17:13:13 -------- d-----w C:\Program Files\Realtek Sound Manager 2007-05-20 17:13:13 -------- d-----w C:\Program Files\AvRack 2007-05-20 17:13:12 -------- d-----w C:\Program Files\Realtek AC97 2007-05-20 17:13:07 -------- d–h--w C:\Program Files\InstallShield Installation Information 2007-05-20 16:55:41 -------- d-----w C:\Program Files\Lexmark 4300 Series 2007-05-20 16:44:15 664 ----a-w C:\WINDOWS\system32\d3d9caps.dat 2007-05-20 16:23:17 -------- d-----w C:\Program Files\SAGEM 2007-05-20 16:23:03 -------- d-----w C:\Program Files\Java Web Start 2007-05-20 16:15:38 -------- d-----w C:\Program Files\microsoft frontpage 2007-05-20 16:15:18 0 --sha-r C:\MSDOS.SYS 2007-05-20 16:15:18 0 --sha-r C:\IO.SYS 2007-05-20 16:15:18 0 ----a-w C:\CONFIG.SYS 2007-05-20 16:15:18 0 ----a-w C:\AUTOEXEC.BAT 2007-05-20 16:14:04 -------- d–h--w C:\Program Files\WindowsUpdate 2007-05-20 16:14:00 -------- d-----w C:\Program Files\Usługi online 2007-05-20 16:13:16 -------- d-----w C:\Program Files\Common Files\MSSoap 2007-05-20 16:12:44 21,856 ----a-w C:\WINDOWS\system32\emptyregdb.dat 2007-05-20 16:11:48 -------- d-----w C:\Program Files\MSN Gaming Zone 2007-05-20 16:11:41 -------- d-----w C:\Program Files\Windows NT 2007-05-16 15:18:58 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-04-25 14:23:30 144,896 ----a-w C:\WINDOWS\system32\schannel.dll 2007-04-19 12:14:14 208,896 ----a-w C:\WINDOWS\system32\nvudisp.exe 2007-04-19 11:26:00 888,832 ----a-w C:\WINDOWS\system32\nvmobls.dll 2007-04-19 11:26:00 86,016 ----a-w C:\WINDOWS\system32\nvmctray.dll 2007-04-19 11:26:00 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll 2007-04-19 11:26:00 794,624 ----a-w C:\WINDOWS\system32\nvcplui.exe 2007-04-19 11:26:00 7,700,480 ----a-w C:\WINDOWS\system32\nvcpl.dll 2007-04-19 11:26:00 581,632 ----a-w C:\WINDOWS\system32\nvhwvid.dll 2007-04-19 11:26:00 5,644,288 ----a-w C:\WINDOWS\system32\nvoglnt.dll 2007-04-19 11:26:00 5,619,712 ----a-w C:\WINDOWS\system32\nvdisps.dll 2007-04-19 11:26:00 5,255,168 ----a-w C:\WINDOWS\system32\nvdispsr.dll 2007-04-19 11:26:00 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll 2007-04-19 11:26:00 458,752 ----a-w C:\WINDOWS\system32\nvmccssr.dll 2007-04-19 11:26:00 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll 2007-04-19 11:26:00 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe 2007-04-19 11:26:00 425,984 ----a-w C:\WINDOWS\system32\keystone.exe 2007-04-19 11:26:00 4,543,616 ----a-w C:\WINDOWS\system32\nv4_disp.dll 2007-04-19 11:26:00 35,840 ----a-w C:\WINDOWS\system32\nvcodins.dll 2007-04-19 11:26:00 35,840 ----a-w C:\WINDOWS\system32\nvcod.dll 2007-04-19 11:26:00 335,872 ----a-w C:\WINDOWS\system32\nvwrses.dll 2007-04-19 11:26:00 335,872 ----a-w C:\WINDOWS\system32\nvwrsel.dll 2007-04-19 11:26:00 327,680 ----a-w C:\WINDOWS\system32\nvwrsfr.dll 2007-04-19 11:26:00 327,680 ----a-w C:\WINDOWS\system32\nvwrsesm.dll 2007-04-19 11:26:00 323,584 ----a-w C:\WINDOWS\system32\nvwrspt.dll 2007-04-19 11:26:00 323,584 ----a-w C:\WINDOWS\system32\nvwrsit.dll 2007-04-19 11:26:00 323,584 ----a-w C:\WINDOWS\system32\nvrshe.dll 2007-04-19 11:26:00 323,584 ----a-w C:\WINDOWS\system32\nvrsar.dll 2007-04-19 11:26:00 319,488 ----a-w C:\WINDOWS\system32\nvwrsptb.dll 2007-04-19 11:26:00 319,488 ----a-w C:\WINDOWS\system32\nvwrsnl.dll 2007-04-19 11:26:00 315,392 ----a-w C:\WINDOWS\system32\nvwrsru.dll 2007-04-19 11:26:00 315,392 ----a-w C:\WINDOWS\system32\nvwrshu.dll 2007-04-19 11:26:00 311,296 ----a-w C:\WINDOWS\system32\nvwrsde.dll 2007-04-19 11:26:00 311,296 ----a-w C:\WINDOWS\system32\nvexpbar.dll 2007-04-19 11:26:00 303,104 ----a-w C:\WINDOWS\system32\nvwrstr.dll 2007-04-19 11:26:00 303,104 ----a-w C:\WINDOWS\system32\nvwrssl.dll 2007-04-19 11:26:00 303,104 ----a-w C:\WINDOWS\system32\nvwrsfi.dll 2007-04-19 11:26:00 3,203,072 ----a-w C:\WINDOWS\system32\nvgamesr.dll 2007-04-19 11:26:00 3,035,136 ----a-w C:\WINDOWS\system32\nvgames.dll 2007-04-19 11:26:00 299,008 ----a-w C:\WINDOWS\system32\nvwrssk.dll 2007-04-19 11:26:00 299,008 ----a-w C:\WINDOWS\system32\nvwrsno.dll 2007-04-19 11:26:00 294,912 ----a-w C:\WINDOWS\system32\nvwrssv.dll 2007-04-19 11:26:00 294,912 ----a-w C:\WINDOWS\system32\nvwrspl.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {22BF413B-C6D2-4d91-82A9-A0F997BA588C}=C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2007-05-10 16:09] {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}=C:\Program Files\BitComet\tools\BitCometBHO_1.1.6.14.dll [2007-06-14 15:07] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “WooCnxMon”=“C:\PROGRA~1\NEOSTR~1\CnxMon.exe” [2003-10-16 18:07] “WOOWATCH”=“C:\PROGRA~1\NEOSTR~1\Watch.exe” [2003-10-16 18:07] “WOOTASKBARICON”=“C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe” [2003-10-16 18:07] “nwiz”=“nwiz.exe” [2007-04-19 13:26 C:\WINDOWS\system32\nwiz.exe] “lxcemon.exe”=“C:\Program Files\Lexmark 4300 Series\lxcemon.exe” [2005-08-02 19:47] “EzPrint”=“C:\Program Files\Lexmark 4300 Series\ezprint.exe” [2005-07-26 14:17] “SoundMan”=“SOUNDMAN.EXE” [2005-08-17 18:39 C:\WINDOWS\soundman.exe] “QuickTime Task”=“D:\Program Files\QuickTime\qttask.exe” [2007-04-27 09:41] “@”="" [] “Sony Ericsson PC Suite”=“D:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe” [2005-10-26 16:17] “avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-04-30 17:42] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2006-03-02 14:00] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice] Contents of the ‘Scheduled Tasks’ folder 2007-06-15 15:15:00 C:\WINDOWS\tasks\1-Click Maintenance.job ************************************************************************** catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-06-25 12:03:08 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-06-25 12:04:00 — E O F —

Złączono Posta : 25.06.2007 (Pon) 12:10

Log z

Combofix :

“Wojtek” - 2007-06-25 12:01:10 - ComboFix 07-06-23.5 - Dodatek Service Pack 2 NTFS ((((((((((((((((((((((((( Files Created from 2007-05-25 to 2007-06-25 ))))))))))))))))))))))))))))))) 2007-06-25 11:56 49,152 --a------ C:\WINDOWS\nircmd.exe 2007-06-25 11:41 2007-06-25 11:39 2007-06-20 19:38 2007-06-19 19:09 2007-06-19 15:05 2007-06-18 12:49 95,872 --a------ C:\WINDOWS\system32\AvastSS.scr 2007-06-18 12:49 94,552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2007-06-18 12:49 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2007-06-18 12:49 745,600 --a------ C:\WINDOWS\system32\aswBoot.exe 2007-06-18 12:49 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2007-06-18 12:49 26,888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2007-06-18 12:49 23,416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2007-06-18 12:49 2007-06-16 21:49 2007-06-16 20:55 2007-06-16 20:52 2007-06-16 17:30 5,888 --------- C:\WINDOWS\system32\drivers\imagedrv.sys 2007-06-16 17:30 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll 2007-06-16 17:30 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll 2007-06-16 17:30 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll 2007-06-16 17:30 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll 2007-06-16 17:30 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe 2007-06-16 17:30 127,488 --------- C:\WINDOWS\system32\drivers\imagesrv.sys 2007-06-16 17:30 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll 2007-06-16 17:30 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll 2007-06-16 17:30 2007-06-16 17:03 2007-06-16 14:01 2007-06-15 20:09 2007-06-15 16:49 2007-06-14 14:47 2007-06-14 14:29 2007-06-13 16:21 2007-06-13 16:20 2007-06-13 16:12 2007-06-11 22:14 2007-06-11 18:26 584,704 --a------ C:\WINDOWS\system32\Pearl-Jam Screen Saver.scr 2007-06-11 18:26 283,648 --a------ C:\WINDOWS\system32\uninstall.exe 2007-06-11 18:26 149,504 --a------ C:\WINDOWS\system32\Mpegdll.dll 2007-06-10 14:00 2007-06-10 13:02 2007-06-09 20:10 2007-06-09 20:09 2007-06-09 20:05 2007-06-09 19:48 2007-06-09 19:31 2007-06-09 18:42 2007-06-09 18:39 2007-06-09 18:38 2007-06-09 18:24 2007-06-09 18:22 2007-06-09 18:17 2,621,440 --a------ C:\DOCUME~1\Wojtek\NTUSER.DAT 2007-06-09 18:17 2007-06-09 18:17 2007-06-09 18:17 2007-06-09 18:17 2007-06-09 18:17 2007-06-09 18:17 2007-06-09 18:17 2007-06-09 16:53 2007-06-08 23:43 2007-06-08 19:49 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll 2007-06-08 19:49 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll 2007-06-08 19:49 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll 2007-06-08 19:49 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll 2007-06-08 19:49 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll 2007-06-08 19:49 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll 2007-06-08 19:49 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll 2007-06-08 19:49 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll 2007-06-08 19:49 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll 2007-06-08 19:49 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll 2007-06-08 19:49 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll 2007-06-08 19:49 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll 2007-06-08 19:49 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll 2007-06-08 19:49 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll 2007-06-08 19:49 18,280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll 2007-06-08 19:49 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll 2007-06-08 19:49 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll 2007-06-08 19:49 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll 2007-06-08 19:48 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll 2007-06-08 18:20 2007-06-07 20:00 2007-06-04 20:33 2007-06-04 19:33 64,502 --a------ C:\WINDOWS\BricoPackUninst.cmd 2007-06-04 19:31 6,116 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd 2007-06-04 19:30 2007-06-04 15:18 9,344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys 2007-06-04 15:17 8,320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys 2007-06-04 15:14 6,272 --a------ C:\WINDOWS\system32\drivers\AWRTPD.sys 2007-06-02 22:10 24,816 --a------ C:\WINDOWS\system32\mdimon.dll 2007-06-02 22:08 2007-06-02 22:05 2007-06-02 22:04 2007-06-02 15:18 2007-06-02 15:15 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE 2007-06-02 15:14 2007-06-02 14:41 2007-06-01 17:21 90,112 --a------ C:\WINDOWS\unvise32.exe 2007-06-01 17:21 (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-06-25 10:00:13 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2007-06-25 09:50:33 -------- d-----w C:\Program Files\Neostrada TP 2007-06-19 17:09:53 -------- d-----w C:\Program Files\BitComet 2007-06-19 17:09:23 2,560 ----a-w C:\WINDOWS\system32\BitCometRes.dll 2007-06-09 17:56:59 -------- d-----w C:\Program Files\Opera 2007-06-09 17:36:13 -------- d-----w C:\Program Files\Tlen.pl 2007-06-09 16:39:20 -------- d-----w C:\Program Files\Common Files\Teleca Shared 2007-06-09 16:26:05 -------- d-----w C:\Program Files\Winamp 2007-06-09 14:53:40 -------- d-----w C:\Program Files\BearShare 2007-06-09 14:53:21 -------- d-----w C:\Program Files\Movie Maker 2007-06-04 17:33:44 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll 2007-06-01 12:33:03 -------- d-----w C:\Program Files\Ganymede 2007-05-31 18:03:05 -------- d-----w C:\Program Files\Gadu-Gadu 2007-05-24 17:03:27 -------- d-----w C:\Program Files\Sony Ericsson 2007-05-24 16:36:11 -------- d-----w C:\Program Files\Common Files\Nero 2007-05-22 06:15:55 -------- d-----w C:\Program Files\MSXML 4.0 2007-05-21 18:34:15 5,744 ----a-w C:\WINDOWS\system32\drivers\k750wh.sys 2007-05-21 18:34:14 94,064 ----a-w C:\WINDOWS\system32\drivers\k510mdm.sys 2007-05-21 18:34:14 85,408 ----a-w C:\WINDOWS\system32\drivers\k510mgmt.sys 2007-05-21 18:34:14 83,344 ----a-w C:\WINDOWS\system32\drivers\k510obex.sys 2007-05-21 18:34:14 5,808 ----a-w C:\WINDOWS\system32\drivers\k510whnt.sys 2007-05-21 18:34:14 5,808 ----a-w C:\WINDOWS\system32\drivers\k510wh.sys 2007-05-21 18:34:13 8,336 ----a-w C:\WINDOWS\system32\drivers\k510mdfl.sys 2007-05-21 18:34:13 6,176 ----a-w C:\WINDOWS\system32\drivers\k510cmnt.sys 2007-05-21 18:34:13 6,176 ----a-w C:\WINDOWS\system32\drivers\k510cm.sys 2007-05-21 18:34:13 6,144 ----a-w C:\WINDOWS\system32\drivers\k750cm.sys 2007-05-21 18:34:13 58,288 ----a-w C:\WINDOWS\system32\drivers\k510bus.sys 2007-05-21 18:33:56 -------- d-----w C:\Program Files\Common Files\InstallShield 2007-05-21 06:01:38 49,492 ----a-w C:\WINDOWS\system32\perfc015.dat 2007-05-21 06:01:38 355,486 ----a-w C:\WINDOWS\system32\perfh015.dat 2007-05-20 19:29:09 -------- d-----w C:\Program Files\Messenger 2007-05-20 18:12:01 -------- d-----w C:\Program Files\Lavasoft 2007-05-20 18:05:08 -------- d-----w C:\Program Files\Common Files\ODBC 2007-05-20 18:05:06 -------- d-----w C:\Program Files\Common Files\SpeechEngines 2007-05-20 17:53:20 -------- d-----w C:\Program Files\Skype 2007-05-20 17:53:16 -------- d-----w C:\Program Files\Common Files\Skype 2007-05-20 17:36:03 4 ----a-w C:\WINDOWS\system32\proc-220146841.bin 2007-05-20 17:18:33 -------- d-----w C:\Program Files\Last.fm 2007-05-20 17:13:13 -------- d-----w C:\Program Files\Realtek Sound Manager 2007-05-20 17:13:13 -------- d-----w C:\Program Files\AvRack 2007-05-20 17:13:12 -------- d-----w C:\Program Files\Realtek AC97 2007-05-20 17:13:07 -------- d–h--w C:\Program Files\InstallShield Installation Information 2007-05-20 16:55:41 -------- d-----w C:\Program Files\Lexmark 4300 Series 2007-05-20 16:44:15 664 ----a-w C:\WINDOWS\system32\d3d9caps.dat 2007-05-20 16:23:17 -------- d-----w C:\Program Files\SAGEM 2007-05-20 16:23:03 -------- d-----w C:\Program Files\Java Web Start 2007-05-20 16:15:38 -------- d-----w C:\Program Files\microsoft frontpage 2007-05-20 16:15:18 0 --sha-r C:\MSDOS.SYS 2007-05-20 16:15:18 0 --sha-r C:\IO.SYS 2007-05-20 16:15:18 0 ----a-w C:\CONFIG.SYS 2007-05-20 16:15:18 0 ----a-w C:\AUTOEXEC.BAT 2007-05-20 16:14:04 -------- d–h--w C:\Program Files\WindowsUpdate 2007-05-20 16:14:00 -------- d-----w C:\Program Files\Usługi online 2007-05-20 16:13:16 -------- d-----w C:\Program Files\Common Files\MSSoap 2007-05-20 16:12:44 21,856 ----a-w C:\WINDOWS\system32\emptyregdb.dat 2007-05-20 16:11:48 -------- d-----w C:\Program Files\MSN Gaming Zone 2007-05-20 16:11:41 -------- d-----w C:\Program Files\Windows NT 2007-05-16 15:18:58 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-04-25 14:23:30 144,896 ----a-w C:\WINDOWS\system32\schannel.dll 2007-04-19 12:14:14 208,896 ----a-w C:\WINDOWS\system32\nvudisp.exe 2007-04-19 11:26:00 888,832 ----a-w C:\WINDOWS\system32\nvmobls.dll 2007-04-19 11:26:00 86,016 ----a-w C:\WINDOWS\system32\nvmctray.dll 2007-04-19 11:26:00 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll 2007-04-19 11:26:00 794,624 ----a-w C:\WINDOWS\system32\nvcplui.exe 2007-04-19 11:26:00 7,700,480 ----a-w C:\WINDOWS\system32\nvcpl.dll 2007-04-19 11:26:00 581,632 ----a-w C:\WINDOWS\system32\nvhwvid.dll 2007-04-19 11:26:00 5,644,288 ----a-w C:\WINDOWS\system32\nvoglnt.dll 2007-04-19 11:26:00 5,619,712 ----a-w C:\WINDOWS\system32\nvdisps.dll 2007-04-19 11:26:00 5,255,168 ----a-w C:\WINDOWS\system32\nvdispsr.dll 2007-04-19 11:26:00 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll 2007-04-19 11:26:00 458,752 ----a-w C:\WINDOWS\system32\nvmccssr.dll 2007-04-19 11:26:00 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll 2007-04-19 11:26:00 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe 2007-04-19 11:26:00 425,984 ----a-w C:\WINDOWS\system32\keystone.exe 2007-04-19 11:26:00 4,543,616 ----a-w C:\WINDOWS\system32\nv4_disp.dll 2007-04-19 11:26:00 35,840 ----a-w C:\WINDOWS\system32\nvcodins.dll 2007-04-19 11:26:00 35,840 ----a-w C:\WINDOWS\system32\nvcod.dll 2007-04-19 11:26:00 335,872 ----a-w C:\WINDOWS\system32\nvwrses.dll 2007-04-19 11:26:00 335,872 ----a-w C:\WINDOWS\system32\nvwrsel.dll 2007-04-19 11:26:00 327,680 ----a-w C:\WINDOWS\system32\nvwrsfr.dll 2007-04-19 11:26:00 327,680 ----a-w C:\WINDOWS\system32\nvwrsesm.dll 2007-04-19 11:26:00 323,584 ----a-w C:\WINDOWS\system32\nvwrspt.dll 2007-04-19 11:26:00 323,584 ----a-w C:\WINDOWS\system32\nvwrsit.dll 2007-04-19 11:26:00 323,584 ----a-w C:\WINDOWS\system32\nvrshe.dll 2007-04-19 11:26:00 323,584 ----a-w C:\WINDOWS\system32\nvrsar.dll 2007-04-19 11:26:00 319,488 ----a-w C:\WINDOWS\system32\nvwrsptb.dll 2007-04-19 11:26:00 319,488 ----a-w C:\WINDOWS\system32\nvwrsnl.dll 2007-04-19 11:26:00 315,392 ----a-w C:\WINDOWS\system32\nvwrsru.dll 2007-04-19 11:26:00 315,392 ----a-w C:\WINDOWS\system32\nvwrshu.dll 2007-04-19 11:26:00 311,296 ----a-w C:\WINDOWS\system32\nvwrsde.dll 2007-04-19 11:26:00 311,296 ----a-w C:\WINDOWS\system32\nvexpbar.dll 2007-04-19 11:26:00 303,104 ----a-w C:\WINDOWS\system32\nvwrstr.dll 2007-04-19 11:26:00 303,104 ----a-w C:\WINDOWS\system32\nvwrssl.dll 2007-04-19 11:26:00 303,104 ----a-w C:\WINDOWS\system32\nvwrsfi.dll 2007-04-19 11:26:00 3,203,072 ----a-w C:\WINDOWS\system32\nvgamesr.dll 2007-04-19 11:26:00 3,035,136 ----a-w C:\WINDOWS\system32\nvgames.dll 2007-04-19 11:26:00 299,008 ----a-w C:\WINDOWS\system32\nvwrssk.dll 2007-04-19 11:26:00 299,008 ----a-w C:\WINDOWS\system32\nvwrsno.dll 2007-04-19 11:26:00 294,912 ----a-w C:\WINDOWS\system32\nvwrssv.dll 2007-04-19 11:26:00 294,912 ----a-w C:\WINDOWS\system32\nvwrspl.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {22BF413B-C6D2-4d91-82A9-A0F997BA588C}=C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2007-05-10 16:09] {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}=C:\Program Files\BitComet\tools\BitCometBHO_1.1.6.14.dll [2007-06-14 15:07] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “WooCnxMon”=“C:\PROGRA~1\NEOSTR~1\CnxMon.exe” [2003-10-16 18:07] “WOOWATCH”=“C:\PROGRA~1\NEOSTR~1\Watch.exe” [2003-10-16 18:07] “WOOTASKBARICON”=“C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe” [2003-10-16 18:07] “nwiz”=“nwiz.exe” [2007-04-19 13:26 C:\WINDOWS\system32\nwiz.exe] “lxcemon.exe”=“C:\Program Files\Lexmark 4300 Series\lxcemon.exe” [2005-08-02 19:47] “EzPrint”=“C:\Program Files\Lexmark 4300 Series\ezprint.exe” [2005-07-26 14:17] “SoundMan”=“SOUNDMAN.EXE” [2005-08-17 18:39 C:\WINDOWS\soundman.exe] “QuickTime Task”=“D:\Program Files\QuickTime\qttask.exe” [2007-04-27 09:41] “@”="" [] “Sony Ericsson PC Suite”=“D:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe” [2005-10-26 16:17] “avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-04-30 17:42] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2006-03-02 14:00] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice] Contents of the ‘Scheduled Tasks’ folder 2007-06-15 15:15:00 C:\WINDOWS\tasks\1-Click Maintenance.job ************************************************************************** catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-06-25 12:03:08 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-06-25 12:04:00 — E O F —

qrczak13 · 25 Czerwiec 2007 19:28

Log ok.

Czyszczenie rejestru - jv16 PowerTools 2006 1.5.2.350

Optymalizacja i odchudzanie Windows XP