Problem z usunięciem O15 - ProtocolDefaults My Computer Zone

p5n · 20 Grudzień 2006 23:51

A więc:

Mam windowsa po drobnych modyfikacjach(nieco odciążony), niestety wraz z całym dobrodziejstwem dostaję kilka kluczy 015, których za cho…cho nie mogę usunąć.

Wyłączone przywracanie, start w awaryjnym(logowałem jako użytkownik i admin), hijack+look2me destroyer+kiltrusted (ktconsole.zip nie mogę rozpakować) i nic.

Poradźcie coś bo jest prawie pierwsza w nocy a ja wymiękam z tym szitem.

Logi z Hijacka(1 był na początku jak się za to zabrałem, 2 jest ‘‘po cięciach’’)

LOG1:

Logfile of HijackThis v1.99.1 Scan saved at 23:39:54, on 2006-12-20 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINMX\System32\smss.exe C:\WINMX\system32\winlogon.exe C:\WINMX\system32\services.exe C:\WINMX\system32\lsass.exe C:\WINMX\system32\svchost.exe C:\WINMX\System32\svchost.exe C:\WINMX\system32\spoolsv.exe C:\WINMX\system32\nvsvc32.exe C:\WINMX\Explorer.EXE C:\WINMX\system32\RUNDLL32.EXE C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe C:\Program Files\D-Tools\daemon.exe C:\WINMX\system32\ctfmon.exe C:\Program Files\Mozilla Firefox\firefox.exe E:\pussy\Programy\programy3\Zabezpieczenia\HI JACK\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - Default URLSearchHook is missing O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINMX\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINMX\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [NVMixerTray] “C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe” O4 - HKLM…\Run: [DAEMON Tools-1033] “C:\Program Files\D-Tools\daemon.exe” -lang 1033 O4 - HKCU…\Run: [CTFMON.EXE] C:\WINMX\system32\ctfmon.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O15 - ProtocolDefaults: ‘@ivt’ protocol is in My Computer Zone, should be Intranet Zone O15 - ProtocolDefaults: ‘file’ protocol is in My Computer Zone, should be Internet Zone O15 - ProtocolDefaults: ‘ftp’ protocol is in My Computer Zone, should be Internet Zone O15 - ProtocolDefaults: ‘http’ protocol is in My Computer Zone, should be Internet Zone O15 - ProtocolDefaults: ‘https’ protocol is in My Computer Zone, should be Internet Zone O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINMX\system32\nvsvc32.exe

LOG2:

ogfile of HijackThis v1.99.1 Scan saved at 00:47:00, on 2006-12-21 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINMX\System32\smss.exe C:\WINMX\system32\winlogon.exe C:\WINMX\system32\services.exe C:\WINMX\system32\lsass.exe C:\WINMX\system32\svchost.exe C:\WINMX\System32\svchost.exe C:\WINMX\system32\spoolsv.exe C:\WINMX\system32\nvsvc32.exe C:\WINMX\Explorer.EXE C:\WINMX\system32\RUNDLL32.EXE C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINMX\system32\NOTEPAD.EXE E:\pussy\Programy\programy3\Zabezpieczenia\HI JACK\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINMX\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINMX\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [NVMixerTray] “C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe” O15 :evil: - ProtocolDefaults: ‘@ivt’ protocol is in My Computer Zone, should be Intranet Zone O15 :evil: - ProtocolDefaults: ‘file’ protocol is in My Computer Zone, should be Internet Zone O15 :evil: - ProtocolDefaults: ‘ftp’ protocol is in My Computer Zone, should be Internet Zone O15 :evil: - ProtocolDefaults: ‘http’ protocol is in My Computer Zone, should be Internet Zone O15 :evil: - ProtocolDefaults: ‘https’ protocol is in My Computer Zone, should be Internet Zone O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINMX\system32\nvsvc32.exe

Silent:

“Silent Runners.vbs”, revision 36, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “NvCplDaemon” = “RUNDLL32.EXE C:\WINMX\system32\NvCpl.dll,NvStartup” [MS] “NvMediaCenter” = “RUNDLL32.EXE C:\WINMX\system32\NvMcTray.dll,NvTaskbarInit” [MS] “NVMixerTray” = ““C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe”” [“NVIDIA Corporation”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {CLSID}\InProcServer32(Default) = “deskpan.dll” [file not found] “{21569614-B795-46b1-85F4-E737A8DC09AD}” = “Shell Search Band” -> {CLSID}\InProcServer32(Default) = “C:\WINMX\system32\browseui.dll” [MS] “{3028902F-6374-48b2-8DC6-9725E775B926}” = “IE Microsoft AutoComplete” -> {CLSID}\InProcServer32(Default) = “C:\WINMX\system32\browseui.dll” [MS] “{EFA24E62-B078-11d0-89E4-00C04FC9E26E}” = “History Band” -> {CLSID}\InProcServer32(Default) = “C:\WINMX\system32\shdocvw.dll” [MS] “{A70C977A-BF00-412C-90B7-034C51DA2439}” = “NvCpl DesktopContext Class” -> {CLSID}\InProcServer32(Default) = “C:\WINMX\system32\nvcpl.dll” [“NVIDIA Corporation”] “{FFB699E0-306A-11d3-8BD1-00104B6F7516}” = “Play on my TV helper” -> {CLSID}\InProcServer32(Default) = “C:\WINMX\system32\nvcpl.dll” [“NVIDIA Corporation”] “{1CDB2949-8F65-4355-8456-263E7C208A5D}” = “Desktop Explorer” -> {CLSID}\InProcServer32(Default) = “C:\WINMX\system32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A47}” = “Desktop Explorer Menu” -> {CLSID}\InProcServer32(Default) = “C:\WINMX\system32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A48}” = “nView Desktop Context Menu” -> {CLSID}\InProcServer32(Default) = “C:\WINMX\system32\nvshell.dll” [“NVIDIA Corporation”] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {CLSID}\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] Enabled Wallpaper and Active Desktop: ------------------------------------- Active Desktop is disabled. HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\Documents and Settings\Puszki\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Enabled Scheduled Tasks: ------------------------ “At1” -> launches: “C:\DOCUME~1\Puszki\Pulpit\Look2Me-Destroyer.exe /task” [“Atribune.org”] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 04, 07 - 16 %SystemRoot%\system32\rsvpsp.dll [MS], 05 - 06 Toolbars, Explorer Bars, Extensions: ------------------------------------ Dormant Explorer Bars in “View, Explorer Bar” menu HKLM\Software\Classes\CLSID{21569614-B795-46B1-85F4-E737A8DC09AD}\ (Default) = “Shell Search Band” Implemented Categories{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32(Default) = “C:\WINMX\system32\browseui.dll” [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ NVIDIA Display Driver Service, NVSvc, “C:\WINMX\system32\nvsvc32.exe” [“NVIDIA Corporation”] ---------- This report excludes default entries except where indicated. To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. ----------

Będę wdzięczny za sugestie…

Joan · 21 Grudzień 2006 01:07

Użyj SmitFraudFix z opcji 3 > delete trusted zone

p5n · 21 Grudzień 2006 06:21

Próbowałem w trybie awaryjnym i normalnym, cholerstwo dalej jest…

Bieniol · 21 Grudzień 2006 06:59

Usuń Hijackiem ten wpis:

Wpisy O15 postaraj się usunąć tym narzędziem -> http://www.searchengines.pl/phpbb203/pl … rusted.zip

Po zabiegach oczywiście nowe logi

p5n · 21 Grudzień 2006 07:20

Wcześniej próbowałem tego narzędzia-zrobiłem jeszcze raz w trybie awaryjnym i normalnym.

Log killtrusted:

Log hijacka:

Logfile of HijackThis v1.99.1 Scan saved at 08:20:14, on 2006-12-21 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINMX\System32\smss.exe C:\WINMX\system32\winlogon.exe C:\WINMX\system32\services.exe C:\WINMX\system32\lsass.exe C:\WINMX\system32\svchost.exe C:\WINMX\System32\svchost.exe C:\WINMX\system32\spoolsv.exe C:\WINMX\system32\nvsvc32.exe C:\WINMX\system32\svchost.exe C:\WINMX\Explorer.EXE C:\WINMX\system32\RUNDLL32.EXE C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe E:\pussy\Programy\programy3\Zabezpieczenia\HI JACK\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINMX\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINMX\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [NVMixerTray] “C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe” O4 - HKLM…\Run: [HP Component Manager] “C:\Program Files\HP\hpcoretech\hpcmpmgr.exe” O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone - szybkie uruchamianie.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O15 - ProtocolDefaults: ‘@ivt’ protocol is in My Computer Zone, should be Intranet Zone O15 - ProtocolDefaults: ‘file’ protocol is in My Computer Zone, should be Internet Zone O15 - ProtocolDefaults: ‘ftp’ protocol is in My Computer Zone, should be Internet Zone O15 - ProtocolDefaults: ‘http’ protocol is in My Computer Zone, should be Internet Zone O15 - ProtocolDefaults: ‘https’ protocol is in My Computer Zone, should be Internet Zone O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINMX\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINMX\system32\HPZipm12.exe

W międzyczasie musiałem zainstalować drukarkę-dlatego przybyło kilka wpisów… a :evil: 015 :evil: dalej siedzi…

Na jakiejś zagranicznej stronie znalazłem, że te wpisy to prezent do programu NLite-właśnie tym była modyfikowana instalacja windowsa-może ta informacja w czymś pomoże…

Monczkin · 21 Grudzień 2006 12:54

p5n proszę poprawić posty zgodnie z tematami o prawidłowym wklejaniu logów na forum. Inaczej temat zostanie usunięty.

p5n · 21 Grudzień 2006 13:15

Już poprawilem, przepraszam za kłopot.

Jakieś propozycje rozwiązania mojego problemu?

Bieniol · 21 Grudzień 2006 13:39

Wklej tutaj zawartość tego pliku: C:\WINMX\System32\Drivers\etc\ HOSTS

p5n · 21 Grudzień 2006 14:13

Bieniol · 21 Grudzień 2006 14:20

Otwórz notatnik i wklej w nim to:

; DelDomains.inf Š 11-28-04 | Revised 01-15-06 ; Created by: Mike Burgess Microsoft MVP ; http://mvps.org/winhelp2002/ ; ; Warning: Deletes all entries in the Restricted & Trusted Zone list ; http://mvps.org/winhelp2002/restricted.htm ; ; Revised to include the EscDomains key ; ; To execute this file: in Explorer - right-click (this file) ; Select Install from the Menu. ; Note: you will not see any onscreen action. [version] signature="$CHICAGO$" [DefaultInstall] DelReg=DelTemps AddReg=AddTemps [DelTemps] HKCU,“Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains” HKLM,“Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains” HKCU,“Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges” HKLM,“Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges” HKCU,“Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains” ; Recreate the keys to avoid a restart [AddTemps] HKCU,“Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains” HKLM,“Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains” HKCU,“Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges” HKLM,“Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges” HKCU,“Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains”

Plik -> zapisz jako -> zmień rozszerzenie na wszystkie pliki -> zapisz pod nazwą DD.INF

Kliknij na niego prawym przyciskiem myszy i wybierz: Instaluj

Po tym nowy log

p5n · 21 Grudzień 2006 14:41

Logfile of HijackThis v1.99.1 Scan saved at 15:43:49, on 2006-12-21 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINMX\System32\smss.exe C:\WINMX\system32\winlogon.exe C:\WINMX\system32\services.exe C:\WINMX\system32\lsass.exe C:\WINMX\system32\svchost.exe C:\WINMX\System32\svchost.exe C:\WINMX\system32\spoolsv.exe C:\WINMX\Explorer.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINMX\system32\nvsvc32.exe C:\WINMX\system32\svchost.exe C:\WINMX\system32\RUNDLL32.EXE C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe C:\Program Files\Mozilla Firefox\firefox.exe E:\pussy\Programy\programy3\Zabezpieczenia\HI JACK\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINMX\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINMX\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [NVMixerTray] “C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe” O4 - HKLM…\Run: [HP Component Manager] “C:\Program Files\HP\hpcoretech\hpcmpmgr.exe” O4 - HKLM…\Run: [!AVG Anti-Spyware] “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” /minimized O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone - szybkie uruchamianie.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O15 - ProtocolDefaults: ‘@ivt’ protocol is in My Computer Zone, should be Intranet Zone O15 - ProtocolDefaults: ‘file’ protocol is in My Computer Zone, should be Internet Zone O15 - ProtocolDefaults: ‘ftp’ protocol is in My Computer Zone, should be Internet Zone O15 - ProtocolDefaults: ‘http’ protocol is in My Computer Zone, should be Internet Zone O15 - ProtocolDefaults: ‘https’ protocol is in My Computer Zone, should be Internet Zone O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINMX\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINMX\system32\HPZipm12.exe

Dalej jest cholerstwo…

Bieniol · 21 Grudzień 2006 17:45

Spróbuj w takim razie tym narzędziem -> http://www.searchengines.pl/phpbb203/in … ost&id=524

p5n · 21 Grudzień 2006 18:29

Tego narzędzia nie mogę rozpakować, pobierałem z rożnych stron, a efekt:

Bieniol · 21 Grudzień 2006 18:34

Panel Sterowania -> Zaplanowane zadania -> usuń wejście: At1

Wrzuć log z ComboFix

p5n · 21 Grudzień 2006 18:37

Puszki - 06-12-21 19:43:15,96 Dodatek Service Pack 2 ComboFix 06.11.27 - Running from: “C:\Program Files\Mozilla Firefox” ((((((((((((((((((((((((((((((( Files Created from 2006-11-21 to 2006-12-21 )))))))))))))))))))))))))))))))))) 2006-12-21 17:48 2006-12-21 12:54 3,968 --a------ C:\WINMX\system32\drivers\AvgAsCln.sys 2006-12-21 12:54 2006-12-21 07:14 1,190 --a------ C:\WINMX\system32\tmp.reg 2006-12-21 07:06 2006-12-21 07:05 82,432 -ra------ C:\WINMX\system32\MSXML4r.dll 2006-12-21 07:05 626,960 -ra------ C:\WINMX\system32\hpvaut32.dll 2006-12-21 07:05 487,424 -ra------ C:\WINMX\system32\hpvcp70.dll 2006-12-21 07:05 44,544 -ra------ C:\WINMX\system32\MSXML4a.dll 2006-12-21 07:05 344,064 -ra------ C:\WINMX\system32\hpvcr70.dll 2006-12-21 07:05 1,230,336 -ra------ C:\WINMX\system32\MSXML4.dll 2006-12-21 07:05 2006-12-21 07:05 2006-12-21 07:05 2006-12-21 07:05 2006-12-21 07:05 2006-12-21 07:05 2006-12-21 07:04 31,616 --a------ C:\WINMX\system32\drivers\usbccgp.sys 2006-12-21 07:04 25,856 --a------ C:\WINMX\system32\drivers\usbprint.sys 2006-12-21 07:04 15,104 --a------ C:\WINMX\system32\drivers\usbscan.sys 2006-12-21 07:02 94,208 --a------ C:\WINMX\system32\HPZipt12.dll 2006-12-21 07:02 65,536 --a------ C:\WINMX\system32\HPZipm12.exe 2006-12-21 07:02 61,440 --a------ C:\WINMX\system32\HPZinw12.exe 2006-12-21 07:02 57,344 --a------ C:\WINMX\system32\HPZisn12.dll 2006-12-21 07:02 306,688 --a------ C:\WINMX\IsUninst.exe 2006-12-21 07:02 278,584 --a------ C:\WINMX\system32\HPZidr12.dll 2006-12-21 07:02 204,800 --a------ C:\WINMX\system32\HPZipr12.dll 2006-12-21 07:02 2006-12-21 07:02 2006-12-21 07:01 2006-12-21 01:05 2006-12-21 01:05 2006-12-20 15:47 2006-12-20 14:56 2006-12-20 14:53 2006-12-20 14:52 2006-12-20 14:52 2006-12-20 14:47 107,134 --a------ C:\WINMX\UninstallFirefox.exe 2006-12-20 14:47 2006-12-20 14:47 2006-12-20 14:46 2006-12-20 14:12 3,072 --a------ C:\WINMX\system32\drivers\audstub.sys 2006-12-20 14:11 87,424 --a------ C:\WINMX\system32\drivers\irda.sys 2006-12-20 14:11 8,192 --a------ C:\WINMX\system32\wshirda.dll 2006-12-20 14:11 6,400 --a------ C:\WINMX\system32\drivers\enum1394.sys 2006-12-20 14:11 58,624 --a------ C:\WINMX\system32\drivers\redbook.sys 2006-12-20 14:11 27,648 --a------ C:\WINMX\system32\irmon.dll 2006-12-20 14:11 19,584 --a------ C:\WINMX\system32\drivers\rasirda.sys 2006-12-20 14:11 18,688 --a------ C:\WINMX\system32\drivers\irsir.sys 2006-12-20 14:11 153,088 --a------ C:\WINMX\system32\irftp.exe 2006-12-20 14:10 9,936 --a------ C:\WINMX\system\LZEXPAND.DLL 2006-12-20 14:10 9,168 --a------ C:\WINMX\system\VER.DLL 2006-12-20 14:10 83,456 --a------ C:\WINMX\system\OLECLI.DLL 2006-12-20 14:10 8,704 --a------ C:\WINMX\system32\batt.dll 2006-12-20 14:10 77,312 --a------ C:\WINMX\system32\usbui.dll 2006-12-20 14:10 75,776 --a------ C:\WINMX\system32\storprop.dll 2006-12-20 14:10 70,144 --a------ C:\WINMX\NOTEPAD.EXE 2006-12-20 14:10 70,096 --a------ C:\WINMX\system\AVICAP.DLL 2006-12-20 14:10 69,552 --a------ C:\WINMX\system\MMSYSTEM.DLL 2006-12-20 14:10 5,120 --a------ C:\WINMX\system\SHELL.DLL 2006-12-20 14:10 33,376 --a------ C:\WINMX\system\COMMDLG.DLL 2006-12-20 14:10 24,064 --a------ C:\WINMX\system\OLESVR.DLL 2006-12-20 14:10 19,200 --a------ C:\WINMX\system\TAPI.DLL 2006-12-20 14:10 15,360 --a------ C:\WINMX\TASKMAN.EXE 2006-12-20 14:10 13,312 --a------ C:\WINMX\system32\irclass.dll 2006-12-20 14:10 127,008 --a------ C:\WINMX\system\MSVIDEO.DLL 2006-12-20 14:10 11,264 --a------ C:\WINMX\system32\drivers\irenum.sys 2006-12-20 14:10 109,488 --a------ C:\WINMX\system\AVIFILE.DLL 2006-12-20 14:10 2006-12-20 14:10 2006-12-20 14:10 2006-12-20 14:10 2006-12-20 14:10 2006-12-20 14:10 2006-12-20 14:10 2006-12-20 14:10 2006-12-20 14:10 2006-12-20 14:10 2006-12-20 14:10 2006-12-20 14:10 2006-12-20 14:10 2006-12-20 14:07 2006-12-20 14:07 2006-12-20 14:07 2006-12-20 14:07 2006-12-20 14:07 2006-12-20 14:07 2006-12-20 14:07 2006-12-20 14:07 2006-12-20 14:07 2006-12-20 14:07 2006-12-20 14:05 2006-12-20 14:05 2006-12-20 14:05 2006-12-20 14:05 2006-12-20 14:05 2006-12-20 14:05 2006-12-20 14:05 2006-12-20 14:05 2006-12-20 14:05 2006-12-20 14:05 2006-12-20 14:05 2006-12-20 14:05 2006-12-20 14:05 2006-12-20 14:05 2006-12-20 14:05 2006-12-20 14:05 2006-12-20 14:05 2006-12-20 14:05 2006-12-20 14:05 2006-12-20 14:05 2006-12-20 14:05 2006-12-20 14:05 2006-12-20 14:05 2006-12-20 14:05 2006-12-20 14:05 2006-12-20 14:05 2006-12-20 14:05 2006-12-20 14:05 2006-12-20 14:05 2006-12-20 14:05 2006-12-20 14:05 2006-12-20 14:05 2006-12-20 14:05 2006-12-20 14:05 2006-12-20 14:05 2006-12-20 14:05 2006-12-20 14:05 2006-12-20 14:05 2006-12-20 14:05 2006-12-20 14:05 2006-12-20 14:05 2006-12-20 14:05 2006-12-20 14:05 2006-12-20 14:05 2006-12-20 14:05 2006-12-20 14:05 2006-12-20 14:05 2006-12-20 14:05 2006-12-20 14:05 2006-12-20 14:05 2006-12-20 14:05 2006-12-20 14:05 2006-12-20 14:05 2006-12-20 14:05 2006-12-20 14:05 2006-12-20 14:05 2006-12-20 14:05 2006-12-20 14:05 2006-12-20 14:05 2006-12-20 14:05 2006-12-20 14:05 2006-12-20 14:05 2006-12-20 14:05 2006-12-20 14:05 2006-12-20 14:05 2006-12-20 14:05 2006-12-20 14:05 2006-12-20 14:05 2006-12-20 14:05 2006-12-20 13:30 82,944 --a------ C:\WINMX\system32\drivers\wdmaud.sys 2006-12-20 13:30 7,552 --a------ C:\WINMX\system32\drivers\MSKSSRV.sys 2006-12-20 13:30 60,800 --a------ C:\WINMX\system32\drivers\sysaudio.sys 2006-12-20 13:30 6,272 --a------ C:\WINMX\system32\drivers\splitter.sys 2006-12-20 13:30 54,272 --a------ C:\WINMX\system32\drivers\swmidi.sys 2006-12-20 13:30 52,864 --a------ C:\WINMX\system32\drivers\DMusic.sys 2006-12-20 13:30 5,376 --a------ C:\WINMX\system32\drivers\MSPCLOCK.sys 2006-12-20 13:30 405,504 --a------ C:\WINMX\system32\CapabilityTable.exe 2006-12-20 13:30 4,992 --a------ C:\WINMX\system32\drivers\MSPQM.sys 2006-12-20 13:30 2,944 --a------ C:\WINMX\system32\drivers\drmkaud.sys 2006-12-20 13:30 172,416 --a------ C:\WINMX\system32\drivers\kmixer.sys 2006-12-20 13:30 142,464 --a------ C:\WINMX\system32\drivers\aec.sys 2006-12-20 13:30 2006-12-20 13:30 2006-12-20 13:29 919,424 -ra------ C:\WINMX\system32\drivers\nvmcp.sys 2006-12-20 13:29 87,936 -ra------ C:\WINMX\system32\drivers\nvatabus.sys 2006-12-20 13:29 7,680 -ra------ C:\WINMX\system32\nvack.dll 2006-12-20 13:29 66,688 -ra------ C:\WINMX\system32\drivers\nvarm.sys 2006-12-20 13:29 60,288 --a------ C:\WINMX\system32\drivers\drmk.sys 2006-12-20 13:29 53,760 -ra------ C:\WINMX\system32\nvopenal.dll 2006-12-20 13:29 53,376 -ra------ C:\WINMX\system32\drivers\nvax.sys 2006-12-20 13:29 5,120 -ra------ C:\WINMX\system32\ALut.dll 2006-12-20 13:29 413,824 -ra------ C:\WINMX\system32\drivers\nvapu.sys 2006-12-20 13:29 4,096 --a------ C:\WINMX\system32\ksuser.dll 2006-12-20 13:29 32,256 -ra------ C:\WINMX\system32\NVCOAD.DLL 2006-12-20 13:29 30,208 -ra------ C:\WINMX\system32\nvasio.dll 2006-12-20 13:29 295,424 -ra------ C:\WINMX\system32\idecoi.dll 2006-12-20 13:29 21,504 -ra------ C:\WINMX\system32\OpenAL32.dll 2006-12-20 13:29 176,128 -ra------ C:\WINMX\system32\nvuide.exe 2006-12-20 13:29 176,128 --a------ C:\WINMX\system32\nvuaudio.exe 2006-12-20 13:29 145,792 --a------ C:\WINMX\system32\drivers\portcls.sys 2006-12-20 13:29 2006-12-20 13:28 9,728 -ra------ C:\WINMX\system32\bdco1ins.dll 2006-12-20 13:28 9,728 -ra------ C:\WINMX\system32\bdco1.dll 2006-12-20 13:28 33,408 -ra------ C:\WINMX\system32\drivers\NVENETFD.sys 2006-12-20 13:28 32,256 -ra------ C:\WINMX\system32\nvconrm.dll 2006-12-20 13:28 275,584 -ra------ C:\WINMX\system32\drivers\nvnrm.sys 2006-12-20 13:28 208,256 -ra------ C:\WINMX\system32\drivers\nvsnpu.sys 2006-12-20 13:28 200,192 -ra------ C:\WINMX\system32\fdco1ins.dll 2006-12-20 13:28 200,192 -ra------ C:\WINMX\system32\fdco1.dll 2006-12-20 13:28 176,128 -ra------ C:\WINMX\system32\nvusmb.exe 2006-12-20 13:28 176,128 --a------ C:\WINMX\system32\nvunrm.exe 2006-12-20 13:28 12,928 -ra------ C:\WINMX\system32\drivers\nvnetbus.sys 2006-12-20 13:28 2006-12-20 13:26 208,896 --a------ C:\WINMX\system32\nvudisp.exe 2006-12-20 13:26 2006-12-20 13:25 208,896 --a------ C:\WINMX\system32\NVUNINST.EXE 2006-12-20 13:25 2006-12-20 13:24 2006-12-20 13:24 2006-12-20 13:24 2006-12-20 13:24 2006-12-20 13:24 2006-12-20 13:24 2006-12-20 13:24 2006-12-20 13:24 2006-12-20 13:24 2006-12-20 13:24 2006-12-20 13:24 2006-12-20 13:24 2006-12-20 13:24 2006-12-20 13:24 2006-12-20 13:24 2006-12-20 13:24 2006-12-20 13:24 2006-12-20 13:24 2006-12-20 13:24 2006-12-20 13:22 6,144 --------- C:\WINMX\system32\kbdpash.dll 2006-12-20 13:22 6,144 --------- C:\WINMX\system32\kbdnepr.dll 2006-12-20 13:22 6,144 --------- C:\WINMX\system32\kbdiultn.dll 2006-12-20 13:22 6,144 --------- C:\WINMX\system32\kbdbhc.dll 2006-12-20 13:22 2006-12-20 13:21 112,128 --a------ C:\WINMX\system32\mapi32.dll 2006-12-20 13:21 0 -rahs---- C:\MSDOS.SYS 2006-12-20 13:21 0 -rahs---- C:\IO.SYS 2006-12-20 13:21 0 --a------ C:\CONFIG.SYS 2006-12-20 13:21 0 --a------ C:\AUTOEXEC.BAT 2006-12-20 13:21 2006-12-20 13:21 2006-12-20 13:21 2006-12-20 13:21 2006-12-20 13:21 2006-12-20 13:20 97,792 --a------ C:\WINMX\system32\comrepl.dll 2006-12-20 13:20 94,720 --a------ C:\WINMX\system32\tscfgwmi.dll 2006-12-20 13:20 9,728 --a------ C:\WINMX\system32\reset.exe 2006-12-20 13:20 86,016 --a------ C:\WINMX\system32\isign32.dll 2006-12-20 13:20 80,896 --a------ C:\WINMX\system32\charmap.exe 2006-12-20 13:20 8,192 --a------ C:\WINMX\system32\bitsprx2.dll 2006-12-20 13:20 73,728 --a------ C:\WINMX\system32\icwdial.dll 2006-12-20 13:20 73,472 --a------ C:\WINMX\system32\drivers\sr.sys 2006-12-20 13:20 7,168 --a------ C:\WINMX\system32\bitsprx3.dll 2006-12-20 13:20 679,424 --a------ C:\WINMX\system32\inetcomm.dll 2006-12-20 13:20 67,584 --a------ C:\WINMX\system32\srclient.dll 2006-12-20 13:20 67,584 --a------ C:\WINMX\system32\acctres.dll 2006-12-20 13:20 65,536 --a------ C:\WINMX\system32\icwphbk.dll 2006-12-20 13:20 605,696 --a------ C:\WINMX\system32\getuname.dll 2006-12-20 13:20 54,272 --a------ C:\WINMX\system32\stclient.dll 2006-12-20 13:20 5,632 --a------ C:\WINMX\system32\write.exe 2006-12-20 13:20 5,120 --a------ C:\WINMX\system32\dcomcnfg.exe 2006-12-20 13:20 49,664 --a------ C:\WINMX\system32\inetres.dll 2006-12-20 13:20 4,608 --a------ C:\WINMX\system32\rdpcfgex.dll 2006-12-20 13:20 4,096 --a------ C:\WINMX\system32\mtxex.dll 2006-12-20 13:20 382,464 --a------ C:\WINMX\system32\qmgr.dll 2006-12-20 13:20 345,088 --a------ C:\WINMX\system32\mspaint.exe 2006-12-20 13:20 33,792 --a------ C:\WINMX\system32\regini.exe 2006-12-20 13:20 278,528 --a------ C:\WINMX\system32\mstask.dll 2006-12-20 13:20 278,528 --a------ C:\WINMX\system32\inetcfg.dll 2006-12-20 13:20 252,928 --a------ C:\WINMX\system32\msoeacct.dll 2006-12-20 13:20 25,600 --a------ C:\WINMX\system32\comaddin.dll 2006-12-20 13:20 25,088 --a------ C:\WINMX\system32\mtxlegih.dll 2006-12-20 13:20 240,128 --a------ C:\WINMX\system32\srrstr.dll 2006-12-20 13:20 23,040 --a------ C:\WINMX\system32\fltMc.exe 2006-12-20 13:20 22,528 --a------ C:\WINMX\system32\qwinsta.exe 2006-12-20 13:20 22,528 --a------ C:\WINMX\system32\msg.exe 2006-12-20 13:20 21,896 --a------ C:\WINMX\system32\drivers\tdtcp.sys 2006-12-20 13:20 20,480 --a------ C:\WINMX\system32\mtxdm.dll 2006-12-20 13:20 192,000 --a------ C:\WINMX\system32\schedsvc.dll 2006-12-20 13:20 18,944 --a------ C:\WINMX\system32\qmgrprxy.dll 2006-12-20 13:20 171,008 --a------ C:\WINMX\system32\srsvc.dll 2006-12-20 13:20 17,920 --a------ C:\WINMX\system32\tsshutdn.exe 2006-12-20 13:20 17,408 --a------ C:\WINMX\system32\qappsrv.exe 2006-12-20 13:20 16,896 --a------ C:\WINMX\system32\fltlib.dll 2006-12-20 13:20 16,384 --a------ C:\WINMX\system32\tskill.exe 2006-12-20 13:20 16,384 --a------ C:\WINMX\system32\rwinsta.exe 2006-12-20 13:20 16,384 --a------ C:\WINMX\system32\icfgnt5.dll 2006-12-20 13:20 15,872 --a------ C:\WINMX\system32\logoff.exe 2006-12-20 13:20 15,872 --a------ C:\WINMX\system32\cdmodem.dll 2006-12-20 13:20 15,360 --a------ C:\WINMX\system32\tsdiscon.exe 2006-12-20 13:20 15,360 --a------ C:\WINMX\system32\tscon.exe 2006-12-20 13:20 15,360 --a------ C:\WINMX\system32\shadow.exe 2006-12-20 13:20 147,456 --a------ C:\WINMX\system32\comsnap.dll 2006-12-20 13:20 139,528 --a------ C:\WINMX\system32\drivers\rdpwd.sys 2006-12-20 13:20 139,264 --a------ C:\WINMX\system32\sndvol32.exe 2006-12-20 13:20 132,608 --a------ C:\WINMX\system32\sndrec32.exe 2006-12-20 13:20 128,768 --a------ C:\WINMX\system32\drivers\fltMgr.sys 2006-12-20 13:20 124,928 --a------ C:\WINMX\system32\mplay32.exe 2006-12-20 13:20 12,288 --a------ C:\WINMX\system32\mstinit.exe 2006-12-20 13:20 12,040 --a------ C:\WINMX\system32\drivers\tdpipe.sys 2006-12-20 13:20 115,200 --a------ C:\WINMX\system32\calc.exe 2006-12-20 13:20 105,984 --a------ C:\WINMX\system32\msoert2.dll 2006-12-20 13:20 103,424 --a------ C:\WINMX\system32\clipbrd.exe 2006-12-20 13:20 1,225 --a------ C:\WINMX\system32\usrlogon.cmd 2006-12-20 13:20 2006-12-20 13:20 2006-12-20 13:20 2006-12-20 13:20 2006-12-20 13:20 2006-12-20 13:20 2006-12-20 13:20 2006-12-20 13:20 2006-12-20 13:20 2006-12-20 13:20 2006-12-20 13:20 2006-12-20 13:20 2006-12-20 13:20 2006-12-20 13:19 956,416 --a------ C:\WINMX\system32\msdtctm.dll 2006-12-20 13:19 91,136 --a------ C:\WINMX\system32\mtxoci.dll 2006-12-20 13:19 87,176 --a------ C:\WINMX\system32\rdpwsx.dll 2006-12-20 13:19 85,504 --a------ C:\WINMX\system32\catsrvps.dll 2006-12-20 13:19 67,072 --a------ C:\WINMX\system32\rdshost.exe 2006-12-20 13:19 655,360 --a------ C:\WINMX\system32\mstscax.dll 2006-12-20 13:19 625,152 --a------ C:\WINMX\system32\catsrvut.dll 2006-12-20 13:19 62,464 --a------ C:\WINMX\system32\rdpclip.exe 2006-12-20 13:19 60,928 --a------ C:\WINMX\system32\remotepg.dll 2006-12-20 13:19 60,416 --a------ C:\WINMX\system32\colbact.dll 2006-12-20 13:19 6,144 --a------ C:\WINMX\system32\msdtc.exe 2006-12-20 13:19 58,880 --a------ C:\WINMX\system32\msdtclog.dll 2006-12-20 13:19 58,880 --a------ C:\WINMX\system32\licwmi.dll 2006-12-20 13:19 56,320 --a------ C:\WINMX\system32\servdeps.dll 2006-12-20 13:19 540,160 --a------ C:\WINMX\system32\comuid.dll 2006-12-20 13:19 498,688 --a------ C:\WINMX\system32\clbcatq.dll 2006-12-20 13:19 44,544 --a------ C:\WINMX\system32\tscupgrd.exe 2006-12-20 13:19 426,496 --a------ C:\WINMX\system32\msdtcprx.dll 2006-12-20 13:19 408,576 --a------ C:\WINMX\system32\mstsc.exe 2006-12-20 13:19 40,840 --a------ C:\WINMX\system32\drivers\termdd.sys 2006-12-20 13:19 38,912 --a------ C:\WINMX\system32\cfgbkend.dll 2006-12-20 13:19 296,448 --a------ C:\WINMX\system32\termsrv.dll 2006-12-20 13:19 225,792 --a------ C:\WINMX\system32\catsrv.dll 2006-12-20 13:19 20,992 --a------ C:\WINMX\system32\qprocess.exe 2006-12-20 13:19 196,864 --a------ C:\WINMX\system32\drivers\rdpdr.sys 2006-12-20 13:19 19,968 --a------ C:\WINMX\system32\rdpsnd.dll 2006-12-20 13:19 187,904 --a------ C:\WINMX\system32\cmprops.dll 2006-12-20 13:19 17,920 --a------ C:\WINMX\system32\mmfutil.dll 2006-12-20 13:19 161,280 --a------ C:\WINMX\system32\msdtcuiu.dll 2006-12-20 13:19 147,968 --a------ C:\WINMX\system32\rdchost.dll 2006-12-20 13:19 141,824 --a------ C:\WINMX\system32\sessmgr.exe 2006-12-20 13:19 13,824 --a------ C:\WINMX\system32\rdsaddin.exe 2006-12-20 13:19 110,080 --a------ C:\WINMX\system32\clbcatex.dll 2006-12-20 13:19 11,776 --a------ C:\WINMX\system32\xolehlp.dll 2006-12-20 13:19 11,264 --a------ C:\WINMX\system32\icaapi.dll 2006-12-20 13:19 1,267,200 --a------ C:\WINMX\system32\comsvcs.dll 2006-12-20 13:19 2006-12-20 13:19 (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] “Gadu-Gadu”="“C:\Program Files\Gadu-Gadu\gg.exe” /tray" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] “NvCplDaemon”=“RUNDLL32.EXE C:\WINMX\system32\NvCpl.dll,NvStartup” “NvMediaCenter”=“RUNDLL32.EXE C:\WINMX\system32\NvMcTray.dll,NvTaskbarInit” “NVMixerTray”="“C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe”" “HP Component Manager”="“C:\Program Files\HP\hpcoretech\hpcmpmgr.exe”" “!AVG Anti-Spyware”="“C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” /minimized" [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components] “DeskHtmlVersion”=dword:00000110 “DeskHtmlMinorVersion”=dword:00000005 “Settings”=dword:00000001 “GeneralFlags”=dword:00000001 [HKEY_USERS.default\software\microsoft\windows\currentversion\run] “CTFMON.EXE”=“C:\WINMX\system32\CTFMON.EXE” [HKEY_USERS.default\software\microsoft\windows\currentversion\runonce] “nltide3”=hex(2):63,6d,64,2e,65,78,65,20,2f,43,20,72,75,6e,64,6c,6c,33,32,20,\ 61,64,76,70,61,63,6b,2e,64,6c,6c,2c,4c,61,75,6e,63,68,49,4e,46,53,65,63,74,\ 69,6f,6e,20,6e,4c,69,74,65,2e,69,6e,66,2c,43,00 [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] “CTFMON.EXE”=“C:\WINMX\system32\CTFMON.EXE” [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce] “nltide3”=hex(2):63,6d,64,2e,65,78,65,20,2f,43,20,72,75,6e,64,6c,6c,33,32,20,\ 61,64,76,70,61,63,6b,2e,64,6c,6c,2c,4c,61,75,6e,63,68,49,4e,46,53,65,63,74,\ 69,6f,6e,20,6e,4c,69,74,65,2e,69,6e,66,2c,43,00 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] “{438755C2-A8BA-11D1-B96B-00A0C90312E1}”=“Moduł wstępnego ładowania interfejsu Browseui” “{8C7461EF-2B13-11d2-BE35-3078302C2030}”=“Demon buforu kategorii składników” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] “{AEB6717E-7E19-11d0-97EE-00C04FD91972}”="" “{57B86673-276A-48B2-BAE7-C6DBB3020EB8}”=“AVG Anti-Spyware 7.5” [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] “NoDriveTypeAutoRun”=dword:00000091 “NoSMHelp”=dword:00000001 “NoLowDiskSpaceChecks”=dword:00000001 “NoResolveTrack”=dword:00000001 “LinkResolveIgnoreLinkInfo”=dword:00000001 “NoResolveSearch”=dword:00000001 “ForceClassicControlPanel”=dword:00000001 “NoInstrumentation”=dword:00000001 “NoStartMenuMFUprogramsList”=dword:00000001 “NoSMMyPictures”=dword:00000001 “NoSMConfigurePrograms”=dword:00000001 “NoStartBanner”=dword:00000001 “ClearRecentDocsOnExit”=dword:00000001 “NoRecentDocsMenu”=dword:00000001 “NoRecentDocsHistory”=dword:00000001 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] “dontdisplaylastusername”=dword:00000000 “legalnoticecaption”="" “legalnoticetext”="" “shutdownwithoutlogon”=dword:00000001 “undockwithoutlogon”=dword:00000001 “NoInternetOpenWith”=dword:00000001 “DisableStatusMessages”=dword:00000001 “VerboseStatus”=dword:00000000 [HKEY_USERS.default\software\microsoft\windows\currentversion\policies\explorer] “NoDriveTypeAutoRun”=dword:00000091 “NoSMHelp”=dword:00000001 “NoLowDiskSpaceChecks”=dword:00000001 “NoResolveTrack”=dword:00000001 “LinkResolveIgnoreLinkInfo”=dword:00000001 “NoResolveSearch”=dword:00000001 “ForceClassicControlPanel”=dword:00000001 “NoInstrumentation”=dword:00000001 “NoStartMenuMFUprogramsList”=dword:00000001 “NoSMMyPictures”=dword:00000001 “NoSMConfigurePrograms”=dword:00000001 “NoStartBanner”=dword:00000001 “ClearRecentDocsOnExit”=dword:00000001 “NoRecentDocsMenu”=dword:00000001 “NoRecentDocsHistory”=dword:00000001 [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer] “NoDriveTypeAutoRun”=dword:00000091 “NoSMHelp”=dword:00000001 “NoLowDiskSpaceChecks”=dword:00000001 “NoResolveTrack”=dword:00000001 “LinkResolveIgnoreLinkInfo”=dword:00000001 “NoResolveSearch”=dword:00000001 “ForceClassicControlPanel”=dword:00000001 “NoInstrumentation”=dword:00000001 “NoStartMenuMFUprogramsList”=dword:00000001 “NoSMMyPictures”=dword:00000001 “NoSMConfigurePrograms”=dword:00000001 “NoStartBanner”=dword:00000001 “ClearRecentDocsOnExit”=dword:00000001 “NoRecentDocsMenu”=dword:00000001 “NoRecentDocsHistory”=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] “PostBootReminder”="{7849596a-48ea-486e-8937-a2a3009f31a9}" “CDBurn”="{fbeb8a05-beee-4442-804e-409d6c4515e9}" “WebCheck”="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" “SysTray”="{35CEC8A3-2BE6-11D2-8773-92E220524153}" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] “CTFMON.EXE”=“C:\WINMX\system32\ctfmon.exe” [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] “SecurityProviders”=“msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll” Contents of the ‘Scheduled Tasks’ folder C:\WINMX\tasks\At6.job C:\WINMX\tasks\At7.job Completion time: 06-12-21 19:43:30.06 C:\ComboFix.txt … 06-12-21 19:43

Bieniol · 21 Grudzień 2006 18:38

W takim razie dodatkowo wklej jeszcze log z Silenta

p5n · 21 Grudzień 2006 19:32

“Silent Runners.vbs”, revision 36, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “Gadu-Gadu” = ““C:\Program Files\Gadu-Gadu\gg.exe” /tray” [“sms-express.com”] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “NvCplDaemon” = “RUNDLL32.EXE C:\WINMX\system32\NvCpl.dll,NvStartup” [MS] “NvMediaCenter” = “RUNDLL32.EXE C:\WINMX\system32\NvMcTray.dll,NvTaskbarInit” [MS] “NVMixerTray” = ““C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe”” [“NVIDIA Corporation”] “HP Component Manager” = ““C:\Program Files\HP\hpcoretech\hpcmpmgr.exe”” [“Hewlett-Packard Company”] “!AVG Anti-Spyware” = ““C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” /minimized” [“Anti-Malware Development a.s.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {CLSID}\InProcServer32(Default) = “deskpan.dll” [file not found] “{21569614-B795-46b1-85F4-E737A8DC09AD}” = “Shell Search Band” -> {CLSID}\InProcServer32(Default) = “C:\WINMX\system32\browseui.dll” [MS] “{3028902F-6374-48b2-8DC6-9725E775B926}” = “IE Microsoft AutoComplete” -> {CLSID}\InProcServer32(Default) = “C:\WINMX\system32\browseui.dll” [MS] “{EFA24E62-B078-11d0-89E4-00C04FC9E26E}” = “History Band” -> {CLSID}\InProcServer32(Default) = “C:\WINMX\system32\shdocvw.dll” [MS] “{A70C977A-BF00-412C-90B7-034C51DA2439}” = “NvCpl DesktopContext Class” -> {CLSID}\InProcServer32(Default) = “C:\WINMX\system32\nvcpl.dll” [“NVIDIA Corporation”] “{FFB699E0-306A-11d3-8BD1-00104B6F7516}” = “Play on my TV helper” -> {CLSID}\InProcServer32(Default) = “C:\WINMX\system32\nvcpl.dll” [“NVIDIA Corporation”] “{1CDB2949-8F65-4355-8456-263E7C208A5D}” = “Desktop Explorer” -> {CLSID}\InProcServer32(Default) = “C:\WINMX\system32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A47}” = “Desktop Explorer Menu” -> {CLSID}\InProcServer32(Default) = “C:\WINMX\system32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A48}” = “nView Desktop Context Menu” -> {CLSID}\InProcServer32(Default) = “C:\WINMX\system32\nvshell.dll” [“NVIDIA Corporation”] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {CLSID}\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ INFECTION WARNING! “{57B86673-276A-48B2-BAE7-C6DBB3020EB8}” = “AVG Anti-Spyware 7.5” -> {CLSID}\InProcServer32(Default) = “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll” [“Anti-Malware Development a.s.”] Startup items in “Puszki” & “All Users” startup folders: -------------------------------------------------------- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart “HP Digital Imaging Monitor” -> shortcut to: “C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe” [“Hewlett-Packard Co.”] “HP Image Zone - szybkie uruchamianie” -> shortcut to: “C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe -s” [null data] Enabled Scheduled Tasks: ------------------------ “At6” -> launches: “C:\DOCUME~1\Puszki\Pulpit\Look2Me-Destroyer.exe /task” [“Atribune.org”] “At7” -> launches: “C:\DOCUME~1\Puszki\Pulpit\Look2Me-Destroyer.exe /task” [“Atribune.org”] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 04, 07 - 16 %SystemRoot%\system32\rsvpsp.dll [MS], 05 - 06 Toolbars, Explorer Bars, Extensions: ------------------------------------ Dormant Explorer Bars in “View, Explorer Bar” menu HKLM\Software\Classes\CLSID{21569614-B795-46B1-85F4-E737A8DC09AD}\ (Default) = “Shell Search Band” Implemented Categories{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32(Default) = “C:\WINMX\system32\browseui.dll” [MS]

Bieniol dzięki ze się za to zabrałeś:)

[

adam9870 · 21 Grudzień 2006 19:35

Czysto

p5n · 21 Grudzień 2006 19:40

To co to jest ??

Logfile of HijackThis v1.99.1 Scan saved at 20:42:39, on 2006-12-21 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINMX\System32\smss.exe C:\WINMX\system32\winlogon.exe C:\WINMX\system32\services.exe C:\WINMX\system32\lsass.exe C:\WINMX\system32\svchost.exe C:\WINMX\System32\svchost.exe C:\WINMX\system32\spoolsv.exe C:\WINMX\Explorer.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINMX\system32\nvsvc32.exe C:\WINMX\system32\svchost.exe C:\WINMX\system32\RUNDLL32.EXE C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe C:\Program Files\Mozilla Firefox\firefox.exe E:\pussy\Programy\programy3\Zabezpieczenia\HI JACK\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINMX\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINMX\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [NVMixerTray] “C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe” O4 - HKLM…\Run: [HP Component Manager] “C:\Program Files\HP\hpcoretech\hpcmpmgr.exe” O4 - HKLM…\Run: [!AVG Anti-Spyware] “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” /minimized O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone - szybkie uruchamianie.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O15 - ProtocolDefaults: ‘@ivt’ protocol is in My Computer Zone, should be Intranet Zone O15 - ProtocolDefaults: ‘file’ protocol is in My Computer Zone, should be Internet Zone O15 - ProtocolDefaults: ‘ftp’ protocol is in My Computer Zone, should be Internet Zone O15 - ProtocolDefaults: ‘http’ protocol is in My Computer Zone, should be Internet Zone O15 - ProtocolDefaults: ‘https’ protocol is in My Computer Zone, should be Internet Zone O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINMX\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINMX\system32\HPZipm12.exe