Proszę o kontrolne sprawdzenie logów po formacie kompa

_ryba_maciej_19 · 9 Maj 2007 12:17

Witam. Miałem ostatnio wiele problemów z komputerem i tylko format pomógł. Po formacie wyskakiwały błedy dotyczące modemu, ale aktualizacja windowsa je zlikwidowała. Teraz prosiłbym o sprawdzenie moich logów czy wszystko po formacie jest dobrze.

CODE Logfile of HijackThis v1.99.1 Scan saved at 14:12:55, on 2007-05-09 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE D:\Program Files\Avast4\aswUpdSv.exe D:\Program Files\Avast4\ashServ.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\MSI\Live Update 3\LMonitor.exe D:\PROGRA~1\Avast4\ashDisp.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\PROGRA~1\NEOSTR~1\CnxMon.exe C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe C:\Program Files\Skype\Phone\Skype.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe C:\WINDOWS\system32\nvsvc32.exe D:\Program Files\Avast4\ashMaiSv.exe D:\Program Files\Avast4\ashWebSv.exe C:\WINDOWS\system32\wscntfy.exe C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe C:\PROGRA~1\NEOSTR~1\ComComp.exe C:\PROGRA~1\NEOSTR~1\Watch.exe D:\Program Files\Gadu-Gadu\gg.exe D:\Program Files\Winamp\winamp.exe D:\Program Files\Mozilla\mozilla.exe D:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM…\Run: [skyTel] SkyTel.EXE O4 - HKLM…\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM…\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe O4 - HKLM…\Run: [NVIDIA nTune] “C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe” clear O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [avast!] D:\PROGRA~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [EPSON Stylus D68 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE /P23 “EPSON Stylus D68 Series” /O6 “USB001” /M “Stylus D68” O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe” O4 - HKLM…\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe O4 - HKLM…\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe O4 - HKLM…\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe O4 - HKCU…\Run: [Gadu-Gadu] “D:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000 O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda … 8709713515 O17 - HKLM\System\CCS\Services\Tcpip…{179DEDB9-923C-4EFD-A88B-C61717B92B3D}: NameServer = 194.204.159.1 217.98.63.164 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - D:\Program Files\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe CODE “Silent Runners.vbs”, revision R50, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “Gadu-Gadu” = ““D:\Program Files\Gadu-Gadu\gg.exe” /tray” [“Gadu-Gadu S.A.”] “Skype” = ““C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized” [“Skype Technologies S.A.”] “ctfmon.exe” = “C:\WINDOWS\system32\ctfmon.exe” [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “NvCplDaemon” = “RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup” [MS] “nwiz” = “nwiz.exe /install” [“NVIDIA Corporation”] “NvMediaCenter” = “RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit” [MS] “RTHDCPL” = “RTHDCPL.EXE” [“Realtek Semiconductor Corp.”] “SkyTel” = “SkyTel.EXE” [“Realtek Semiconductor Corp.”] “Alcmtr” = “ALCMTR.EXE” [“Realtek Semiconductor Corp.”] “LiveMonitor” = “C:\Program Files\MSI\Live Update 3\LMonitor.exe” [empty string] “(Default)” = “(empty string)” [file not found] “NVIDIA nTune” = ““C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe” clear” [“NVIDIA”] “NeroFilterCheck” = “C:\WINDOWS\system32\NeroCheck.exe” [“Nero AG”] “avast!” = “D:\PROGRA~1\Avast4\ashDisp.exe” [“ALWIL Software”] “EPSON Stylus D68 Series” = “C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE /P23 “EPSON Stylus D68 Series” /O6 “USB001” /M “Stylus D68"” [“SEIKO EPSON CORPORATION”] “SunJavaUpdateSched” = ““C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe”” [“Sun Microsystems, Inc.”] “WooCnxMon” = “C:\PROGRA~1\NEOSTR~1\CnxMon.exe” [empty string] “WOOWATCH” = “C:\PROGRA~1\NEOSTR~1\Watch.exe” [“France Télécom R&D”] “WOOTASKBARICON” = “C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe” [“France Télécom R&D”] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM…CLSID} = “AcroIEHlprObj Class” \InProcServer32(Default) = “D:\Program Files\Acrobat 7.0\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”] {53707962-6F74-2D53-2644-206D7942484F}(Default) = (no title provided) -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “D:\PROGRA~1\SPYBOT~1\SDHelper.dll” [“Safer Networking Limited”] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided) -> {HKLM…CLSID} = “SSVHelper Class” \InProcServer32(Default) = “C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll” [“Sun Microsystems, Inc.”] {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}(Default) = (no title provided) -> {HKLM…CLSID} = “EpsonToolBandKicker Class” \InProcServer32(Default) = “C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll” [“SEIKO EPSON CORPORATION”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\system32\hticons.dll” [“Hilgraeve, Inc.”] “{A70C977A-BF00-412C-90B7-034C51DA2439}” = “NvCpl DesktopContext Class” -> {HKLM…CLSID} = “DesktopContext Class” \InProcServer32(Default) = “C:\WINDOWS\system32\nvcpl.dll” [“NVIDIA Corporation”] “{FFB699E0-306A-11d3-8BD1-00104B6F7516}” = “Play on my TV helper” -> {HKLM…CLSID} = “NVIDIA CPL Extension” \InProcServer32(Default) = “C:\WINDOWS\system32\nvcpl.dll” [“NVIDIA Corporation”] “{1CDB2949-8F65-4355-8456-263E7C208A5D}” = “Desktop Explorer” -> {HKLM…CLSID} = “Desktop Explorer” \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A47}” = “Desktop Explorer Menu” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A48}” = “nView Desktop Context Menu” -> {HKLM…CLSID} = “nView Desktop Context Menu” \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{472083B0-C522-11CF-8763-00608CC02F24}” = “avast” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “D:\Program Files\Avast4\ashShell.dll” [“ALWIL Software”] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “D:\Program Files\WinRAR\rarext.dll” [null data] “{cc86590a-b60a-48e6-996b-41d25ed39a1e}” = “Portable Media Devices Menu” -> {HKLM…CLSID} = “Portable Media Devices Menu” \InProcServer32(Default) = “C:\WINDOWS\system32\Audiodev.dll” [MS] “{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8}” = “jetAudio” -> {HKLM…CLSID} = “JetFlExt” \InProcServer32(Default) = “D:\Program Files\JetAudio\JetFlExt.dll” [“JetAudio, Inc.”] “{0006F045-0000-0000-C000-000000000046}” = “Microsoft Outlook Custom Icon Handler” -> {HKLM…CLSID} = “Rozszerzenie ikon plików programu Outlook” \InProcServer32(Default) = “D:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL” [MS] “{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “D:\Program Files\Microsoft Office\Office10\msohev.dll” [MS] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = “PDF Column Info” -> {HKLM…CLSID} = “PDF Shell Extension” \InProcServer32(Default) = “D:\Program Files\Acrobat 7.0\ActiveX\PDFShell.dll” [“Adobe Systems, Inc.”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “D:\Program Files\Avast4\ashShell.dll” [“ALWIL Software”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “D:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ jetAudio(Default) = “{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8}” -> {HKLM…CLSID} = “JetFlExt” \InProcServer32(Default) = “D:\Program Files\JetAudio\JetFlExt.dll” [“JetAudio, Inc.”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “D:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “D:\Program Files\Avast4\ashShell.dll” [“ALWIL Software”] jetAudio(Default) = “{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8}” -> {HKLM…CLSID} = “JetFlExt” \InProcServer32(Default) = “D:\Program Files\JetAudio\JetFlExt.dll” [“JetAudio, Inc.”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “D:\Program Files\WinRAR\rarext.dll” [null data] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} “undockwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\WINDOWS\Mozilla Wallpaper.bmp” Startup items in “Maciej Wardzinski” & “All Users” startup folders: ------------------------------------------------------------------- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart “Adobe Reader Speed Launch” -> shortcut to: “D:\Program Files\Acrobat 7.0\Reader\reader_sl.exe” [“Adobe Systems Incorporated”] “DSLMON” -> shortcut to: “C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe /W” [empty string] “Microsoft Office” -> shortcut to: “D:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l” [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ “{EE5D279F-081B-4404-994D-C6B60AAEBA6D}” -> {HKLM…CLSID} = “EPSON Web-To-Page” \InProcServer32(Default) = “C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll” [“SEIKO EPSON CORPORATION”] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ “{EE5D279F-081B-4404-994D-C6B60AAEBA6D}” = (no title provided) -> {HKLM…CLSID} = “EPSON Web-To-Page” \InProcServer32(Default) = “C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll” [“SEIKO EPSON CORPORATION”] Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ HKLM\Software\Classes\CLSID{01002DB2-8170-4D9B-A8B1-DDC9DD114E03}(Default) = “Volet Wanadoo” Implemented Categories{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32(Default) = “C:\PROGRA~1\NEOSTR~1\audience\audience.dll” [empty string] HKLM\Software\Classes\CLSID{3BAF4A27-C764-4E1A-A6F4-62F7A7E5E51C}(Default) = “ToolBand Class” Implemented Categories{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32(Default) = “C:\PROGRA~1\NEOSTR~1\audience\audience.dll” [empty string] HKLM\Software\Classes\CLSID{5BF498C0-931E-4A4F-B33F-456D07137EAA}(Default) = “Volet Wanadoo” Implemented Categories{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32(Default) = “C:\PROGRA~1\NEOSTR~1\audience\audience.dll” [empty string] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ “MenuText” = “Sun Java Console” “CLSIDExtension” = “{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}” -> {HKCU…CLSID} = “Java Plug-in 1.6.0_01” \InProcServer32(Default) = “C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll” [“Sun Microsystems, Inc.”] -> {HKLM…CLSID} = “Java Plug-in 1.6.0_01” \InProcServer32(Default) = “C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll” [“Sun Microsystems, Inc.”] Miscellaneous IE Hijack Points ------------------------------ HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\ <> “{08C06D61-F1F3-4799-86F8-BE1A89362C85}” = (no title provided) -> {HKLM…CLSID} = “Search Class” \InProcServer32(Default) = “C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL” [empty string] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ avast! Antivirus, avast! Antivirus, ““D:\Program Files\Avast4\ashServ.exe”” [“ALWIL Software”] avast! iAVS4 Control Service, aswUpdSv, ““D:\Program Files\Avast4\aswUpdSv.exe”” [“ALWIL Software”] avast! Mail Scanner, avast! Mail Scanner, ““D:\Program Files\Avast4\ashMaiSv.exe” /service” [“ALWIL Software”] avast! Web Scanner, avast! Web Scanner, ““D:\Program Files\Avast4\ashWebSv.exe” /service” [“ALWIL Software”] LightScribeService Direct Disc Labeling Service, LightScribeService, ““C:\Program Files\Common Files\LightScribe\LSSrvc.exe”” [“Hewlett-Packard Company”] Machine Debug Manager, MDM, ““C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe”” [MS] nTune Service, nTuneService, “C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe /StartService” [“NVIDIA”] NVIDIA Display Driver Service, NVSvc, “C:\WINDOWS\system32\nvsvc32.exe” [“NVIDIA Corporation”] Windows User Mode Driver Framework, UMWdf, “C:\WINDOWS\system32\wdfmgr.exe” [MS] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ EPSON Stylus D68 Series 2KMonitor5E\Driver = “E_FLMAAE.DLL” [“SEIKO EPSON CORPORATION”] ---------- <>: Suspicious data at a browser hijack point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer “No” at the first message box and “Yes” at the second message box. ---------- (total run time: 37 seconds, including 6 seconds for message boxes) CODE “Maciej Wardzinski” - 2007-05-09 14:16:02 Dodatek Service Pack 2 ComboFix 07-05.07.3.V - Running from: “D:\Program Files\ComboFix” ((((((((((((((((((((((((((((((( Files Created from 2007-04-09 to 2007-05-09 )))))))))))))))))))))))))))))))))) 2007-05-09 13:29 2007-05-09 13:22 18,200 --a------ C:\WINDOWS\system32\wups2.dll 2007-05-09 13:22 2007-05-09 13:21 2007-05-09 13:08 2007-05-09 11:50 46,892 --a------ C:\WINDOWS\system32\adadix16.dll 2007-05-09 11:50 46,167 --a------ C:\WINDOWS\system32\drivers\adildr.sys 2007-05-09 11:50 4,981 --a------ C:\WINDOWS\system32\adadix2k.dll 2007-05-09 11:50 22,395 --a------ C:\WINDOWS\system32\drivers\fpga.bin 2007-05-09 11:50 155,648 --a------ C:\WINDOWS\system32\adadix32.dll 2007-05-09 11:50 135,168 --a------ C:\WINDOWS\system32\unaddrv.exe 2007-05-09 11:50 127,497 --a------ C:\WINDOWS\system32\drivers\adiusbaw.sys 2007-05-09 11:50 127,456 --a------ C:\WINDOWS\system32\ipdetect.exe 2007-05-09 11:50 126,976 --a------ C:\WINDOWS\system32\coclassfast.dll 2007-05-09 11:50 2007-05-09 11:49 2007-05-09 10:45 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll 2007-05-09 10:31 2007-05-09 10:25 197,120 --a------ C:\WINDOWS\patchw32.dll 2007-05-09 10:25 2007-05-09 10:19 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll 2007-05-09 02:44 2007-05-09 02:08 1 --a------ C:\WINDOWS\system32\SI.bin 2007-05-09 00:50 2007-05-09 00:36 2007-05-09 00:35 86,214 --a------ C:\WINDOWS\system32\EPPICPrinterDB.dat 2007-05-09 00:35 79,679 --a------ C:\WINDOWS\system32\E_FLMAAE.DLL 2007-05-09 00:35 65,536 --a------ C:\WINDOWS\system32\EPPicMgr.dll 2007-05-09 00:35 64,000 --a------ C:\WINDOWS\system32\E_FBCBAAE.DLL 2007-05-09 00:35 49,152 --a------ C:\WINDOWS\system32\E_DCINST.DLL 2007-05-09 00:35 479,232 --a------ C:\WINDOWS\system32\PICSDK.dll 2007-05-09 00:35 4,943 --a------ C:\WINDOWS\system32\EPPICPattern6.dat 2007-05-09 00:35 34,304 --a------ C:\WINDOWS\system32\E_FBCHAAE.DLL 2007-05-09 00:35 26,154 --a------ C:\WINDOWS\system32\EPPICPattern1.dat 2007-05-09 00:35 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys 2007-05-09 00:35 24,903 --a------ C:\WINDOWS\system32\EPPICPattern3.dat 2007-05-09 00:35 21,390 --a------ C:\WINDOWS\system32\EPPICPattern5.dat 2007-05-09 00:35 20,148 --a------ C:\WINDOWS\system32\EPPICPattern2.dat 2007-05-09 00:35 114,688 --a------ C:\WINDOWS\system32\EpPicPrt.dll 2007-05-09 00:35 11,811 --a------ C:\WINDOWS\system32\EPPICPattern4.dat 2007-05-09 00:35 1,146 --a------ C:\WINDOWS\system32\EPPICPresetData_DU.dat 2007-05-09 00:35 1,139 --a------ C:\WINDOWS\system32\EPPICPresetData_PT.dat 2007-05-09 00:35 1,139 --a------ C:\WINDOWS\system32\EPPICPresetData_BP.dat 2007-05-09 00:35 1,136 --a------ C:\WINDOWS\system32\EPPICPresetData_ES.dat 2007-05-09 00:35 1,129 --a------ C:\WINDOWS\system32\EPPICPresetData_FR.dat 2007-05-09 00:35 1,129 --a------ C:\WINDOWS\system32\EPPICPresetData_CF.dat 2007-05-09 00:35 1,120 --a------ C:\WINDOWS\system32\EPPICPresetData_IT.dat 2007-05-09 00:35 1,107 --a------ C:\WINDOWS\system32\EPPICPresetData_GE.dat 2007-05-09 00:35 1,104 --a------ C:\WINDOWS\system32\EPPICPresetData_EN.dat 2007-05-09 00:22 2007-05-09 00:02 2007-05-09 00:02 2007-05-08 23:56 2007-05-08 23:55 2007-05-08 23:52 99,024 --a------ C:\WINDOWS\MozillaUninstall.exe 2007-05-08 23:52 98,512 --a------ C:\WINDOWS\GREUninstall.exe 2007-05-08 23:52 8,753 --a------ C:\WINDOWS\mozver.dat 2007-05-08 23:52 335 --a------ C:\WINDOWS\nsreg.dat 2007-05-08 23:52 2007-05-08 23:52 2007-05-08 23:50 2007-05-08 23:50 2007-05-08 23:41 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys 2007-05-08 23:41 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys 2007-05-08 23:41 43,528 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys 2007-05-08 23:41 129,784 --------- C:\WINDOWS\system32\pxafs.dll 2007-05-08 23:41 2007-05-08 23:41 2007-05-08 23:37 2007-05-08 23:30 2007-05-08 23:30 2007-05-08 23:23 5 --ahs---- C:\WINDOWS\system32\dadcfbed1_s.dll 2007-05-08 23:09 58,624 --a------ C:\WINDOWS\system32\drivers\redbook.sys 2007-05-08 23:09 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys 2007-05-08 23:08 77,312 --a------ C:\WINDOWS\system32\usbui.dll 2007-05-08 23:08 2007-05-08 23:07 9,936 --a------ C:\WINDOWS\system\LZEXPAND.DLL 2007-05-08 23:07 9,168 --a------ C:\WINDOWS\system\VER.DLL 2007-05-08 23:07 85,532 --a------ C:\WINDOWS\system32\dgsetup.dll 2007-05-08 23:07 83,456 --a------ C:\WINDOWS\system\OLECLI.DLL 2007-05-08 23:07 8,704 --a------ C:\WINDOWS\system32\batt.dll 2007-05-08 23:07 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll 2007-05-08 23:07 75,776 --a------ C:\WINDOWS\system32\storprop.dll 2007-05-08 23:07 70,144 --a------ C:\WINDOWS\NOTEPAD.EXE 2007-05-08 23:07 70,096 --a------ C:\WINDOWS\system\AVICAP.DLL 2007-05-08 23:07 7,168 --a------ C:\WINDOWS\system32\kbdcz.dll 2007-05-08 23:07 69,552 --a------ C:\WINDOWS\system\MMSYSTEM.DLL 2007-05-08 23:07 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll 2007-05-08 23:07 6,656 --a------ C:\WINDOWS\system32\kbdycl.dll 2007-05-08 23:07 6,656 --a------ C:\WINDOWS\system32\kbdsl1.dll 2007-05-08 23:07 6,656 --a------ C:\WINDOWS\system32\kbdsl.dll 2007-05-08 23:07 6,656 --a------ C:\WINDOWS\system32\kbdhu.dll 2007-05-08 23:07 6,656 --a------ C:\WINDOWS\system32\kbdcz2.dll 2007-05-08 23:07 6,656 --a------ C:\WINDOWS\system32\kbdcz1.dll 2007-05-08 23:07 6,656 --a------ C:\WINDOWS\system32\kbdcr.dll 2007-05-08 23:07 6,656 --a------ C:\WINDOWS\system32\KBDAL.DLL 2007-05-08 23:07 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll 2007-05-08 23:07 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll 2007-05-08 23:07 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll 2007-05-08 23:07 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll 2007-05-08 23:07 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll 2007-05-08 23:07 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll 2007-05-08 23:07 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll 2007-05-08 23:07 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll 2007-05-08 23:07 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll 2007-05-08 23:07 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll 2007-05-08 23:07 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll 2007-05-08 23:07 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll 2007-05-08 23:07 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll 2007-05-08 23:07 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll 2007-05-08 23:07 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll 2007-05-08 23:07 5,632 --a------ C:\WINDOWS\system32\kbdro.dll 2007-05-08 23:07 5,632 --a------ C:\WINDOWS\system32\kbdhu1.dll 2007-05-08 23:07 5,120 --a------ C:\WINDOWS\system\SHELL.DLL 2007-05-08 23:07 33,376 --a------ C:\WINDOWS\system\COMMDLG.DLL 2007-05-08 23:07 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll 2007-05-08 23:07 24,064 --a------ C:\WINDOWS\system\OLESVR.DLL 2007-05-08 23:07 19,200 --a------ C:\WINDOWS\system\TAPI.DLL 2007-05-08 23:07 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll 2007-05-08 23:07 15,360 --a------ C:\WINDOWS\TASKMAN.EXE 2007-05-08 23:07 13,312 --a------ C:\WINDOWS\system32\irclass.dll 2007-05-08 23:07 127,008 --a------ C:\WINDOWS\system\MSVIDEO.DLL 2007-05-08 23:07 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys 2007-05-08 23:07 109,488 --a------ C:\WINDOWS\system\AVIFILE.DLL 2007-05-08 23:07 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll 2007-05-08 23:07 2007-05-08 23:07 2007-05-08 23:07 2007-05-08 23:07 2007-05-08 23:06 2007-05-08 23:06 2007-05-08 23:06 2007-05-08 23:06 2007-05-08 23:06 2007-05-08 23:06 2007-05-08 23:06 2007-05-08 23:06 2007-05-08 23:06 2007-05-08 23:06 2007-05-08 23:06 2007-05-08 23:06 2007-05-08 23:06 2007-05-08 23:06 2007-05-08 23:06 2007-05-08 23:06 2007-05-08 23:06 2007-05-08 23:01 2007-05-08 23:01 2007-05-08 23:01 2007-05-08 23:01 2007-05-08 23:01 2007-05-08 23:01 2007-05-08 23:01 2007-05-08 23:01 2007-05-08 23:01 2007-05-08 23:01 2007-05-08 23:01 2007-05-08 23:01 2007-05-08 23:01 2007-05-08 23:01 2007-05-08 23:01 2007-05-08 23:01 2007-05-08 23:01 2007-05-08 23:01 2007-05-08 23:01 2007-05-08 23:01 2007-05-08 23:01 2007-05-08 23:01 2007-05-08 23:01 2007-05-08 23:01 2007-05-08 23:01 2007-05-08 23:01 2007-05-08 23:01 2007-05-08 23:01 2007-05-08 23:01 2007-05-08 23:01 2007-05-08 23:01 2007-05-08 23:01 2007-05-08 23:01 2007-05-08 23:01 2007-05-08 23:01 2007-05-08 23:01 2007-05-08 23:01 2007-05-08 23:01 2007-05-08 23:01 2007-05-08 23:01 2007-05-08 23:01 2007-05-08 23:01 2007-05-08 23:01 2007-05-08 23:01 2007-05-08 23:01 2007-05-08 23:01 2007-05-08 23:01 2007-05-08 23:01 2007-05-08 23:01 2007-05-08 23:01 2007-05-08 23:01 2007-05-08 23:01 2007-05-08 23:01 2007-05-08 23:01 2007-05-08 23:01 2007-05-08 23:01 2007-05-08 23:01 2007-05-08 23:01 2007-05-08 23:01 2007-05-08 23:01 2007-05-08 23:01 2007-05-08 22:59 32,768 --a------ C:\WINDOWS\system32\WooDial2000.dll 2007-05-08 22:47 95,872 --a------ C:\WINDOWS\system32\AvastSS.scr 2007-05-08 22:47 94,552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2007-05-08 22:47 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2007-05-08 22:47 745,600 --a------ C:\WINDOWS\system32\aswBoot.exe 2007-05-08 22:47 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2007-05-08 22:47 26,888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2007-05-08 22:47 23,416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2007-05-08 22:08 2007-05-08 21:55 24,064 --------- C:\WINDOWS\system32\msxml3a.dll 2007-05-08 21:55 2,977,792 --------- C:\WINDOWS\UNNeroVision.exe 2007-05-08 21:55 2,916,352 --------- C:\WINDOWS\UNNMP.exe 2007-05-08 21:54 38,912 --------- C:\WINDOWS\system32\picn20.dll 2007-05-08 21:54 2007-05-08 21:53 2007-05-08 21:53 2007-05-08 21:52 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll 2007-05-08 21:52 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll 2007-05-08 21:52 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll 2007-05-08 21:52 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll 2007-05-08 21:52 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe 2007-05-08 21:52 106,496 --------- C:\WINDOWS\system32\TwnLib20.dll 2007-05-08 21:52 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll 2007-05-08 21:52 2007-05-08 21:47 2007-05-08 21:42 2007-05-08 21:42 2007-05-08 21:40 2007-05-08 21:36 6,702 --a------ C:\WINDOWS\system32\drivers\FlashSys.sys 2007-05-08 21:36 327,168 --a------ C:\WINDOWS\IsUninst.exe 2007-05-08 21:36 18,359 --a------ C:\WINDOWS\system32\Ntaccess.sys 2007-05-08 21:36 2007-05-08 21:35 2007-05-08 21:34 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys 2007-05-08 21:34 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys 2007-05-08 21:34 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys 2007-05-08 21:34 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys 2007-05-08 21:34 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys 2007-05-08 21:34 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys 2007-05-08 21:34 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys 2007-05-08 21:34 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2007-05-08 21:34 40,960 -r------- C:\WINDOWS\system32\ChCfg.exe 2007-05-08 21:34 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys 2007-05-08 21:34 4,096 --a------ C:\WINDOWS\system32\ksuser.dll 2007-05-08 21:34 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys 2007-05-08 21:34 171,776 --a------ C:\WINDOWS\system32\drivers\kmixer.sys 2007-05-08 21:34 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys 2007-05-08 21:34 135,168 -r------- C:\WINDOWS\system32\RtlCPAPI.dll 2007-05-08 21:34 2007-05-08 21:33 9,709,568 -r------- C:\WINDOWS\RTLCPL.exe 2007-05-08 21:33 86,016 -r------- C:\WINDOWS\SoundMan.exe 2007-05-08 21:33 69,632 -r------- C:\WINDOWS\Alcmtr.exe 2007-05-08 21:33 487,424 -r------- C:\WINDOWS\RtlExUpd.dll 2007-05-08 21:33 4,275,712 -r------- C:\WINDOWS\system32\drivers\RtkHDAud.Sys 2007-05-08 21:33 364,544 -r------- C:\WINDOWS\RtlUpd.exe 2007-05-08 21:33 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe 2007-05-08 21:33 2,879,488 -r------- C:\WINDOWS\SkyTel.exe 2007-05-08 21:33 2,808,832 -r------- C:\WINDOWS\alcwzrd.exe 2007-05-08 21:33 2,158,592 -r------- C:\WINDOWS\MicCal.exe 2007-05-08 21:33 16,207,872 -r------- C:\WINDOWS\RTHDCPL.exe 2007-05-08 21:33 2007-05-08 21:33 2007-05-08 21:28 180,224 --a------ C:\WINDOWS\system32\nvudisp.exe 2007-05-08 21:28 2007-05-08 21:24 9,728 -ra------ C:\WINDOWS\system32\bdco1ins.dll 2007-05-08 21:24 9,728 -ra------ C:\WINDOWS\system32\bdco1.dll 2007-05-08 21:24 36,352 -ra------ C:\WINDOWS\system32\drivers\AmdK8.sys 2007-05-08 21:24 35,840 -ra------ C:\WINDOWS\system32\nvconrm.dll 2007-05-08 21:24 35,840 -ra------ C:\WINDOWS\system32\NVCOI.DLL 2007-05-08 21:24 34,176 -ra------ C:\WINDOWS\system32\drivers\NVENETFD.sys 2007-05-08 21:24 305,152 -ra------ C:\WINDOWS\system32\drivers\nvnrm.sys 2007-05-08 21:24 289,792 -ra------ C:\WINDOWS\system32\idecoiins.dll 2007-05-08 21:24 289,792 -ra------ C:\WINDOWS\system32\idecoi.dll 2007-05-08 21:24 222,592 -ra------ C:\WINDOWS\system32\drivers\nvsnpu.sys 2007-05-08 21:24 208,896 -ra------ C:\WINDOWS\system32\nvusmb.exe 2007-05-08 21:24 208,896 -ra------ C:\WINDOWS\system32\nvunrm.exe 2007-05-08 21:24 208,896 -ra------ C:\WINDOWS\system32\NVUNINST.EXE 2007-05-08 21:24 208,896 --------- C:\WINDOWS\system32\nvuide.exe 2007-05-08 21:24 204,288 -ra------ C:\WINDOWS\system32\fdco1ins.dll 2007-05-08 21:24 204,288 -ra------ C:\WINDOWS\system32\fdco1.dll 2007-05-08 21:24 159,232 -ra------ C:\WINDOWS\system32\fdco_l1036.dll 2007-05-08 21:24 159,232 -ra------ C:\WINDOWS\system32\fdco_l1034.dll 2007-05-08 21:24 159,232 -ra------ C:\WINDOWS\system32\fdco_l1031.dll 2007-05-08 21:24 158,720 -ra------ C:\WINDOWS\system32\fdco_l1046.dll 2007-05-08 21:24 158,720 -ra------ C:\WINDOWS\system32\fdco_l1040.dll 2007-05-08 21:24 156,672 -ra------ C:\WINDOWS\system32\fdco_l1042.dll 2007-05-08 21:24 156,672 -ra------ C:\WINDOWS\system32\fdco_l1041.dll 2007-05-08 21:24 155,648 -ra------ C:\WINDOWS\system32\fdco_l1028.dll 2007-05-08 21:24 155,136 -ra------ C:\WINDOWS\system32\fdco_l2052.dll 2007-05-08 21:24 13,056 -ra------ C:\WINDOWS\system32\drivers\nvnetbus.sys 2007-05-08 21:24 101,632 -ra------ C:\WINDOWS\system32\drivers\nvtcp.sys 2007-05-08 21:24 100,736 -ra------ C:\WINDOWS\system32\drivers\nvata.sys 2007-05-08 21:24 2007-05-08 21:24 2007-05-08 21:24 2007-05-08 21:21 2,097,152 --ah----- C:\DOCUME~1\MACIEJ~1\NTUSER.DAT 2007-05-08 21:21 2007-05-08 21:21 2007-05-08 21:21 2007-05-08 21:21 2007-05-08 21:21 2007-05-08 21:21 2007-05-08 21:21 2007-05-08 21:20 262,144 --ah----- C:\DOCUME~1\NETWOR~1\NTUSER.DAT 2007-05-08 21:20 262,144 --ah----- C:\DOCUME~1\LOCALS~1\NTUSER.DAT 2007-05-08 21:20 2007-05-08 21:20 2007-05-08 21:20 2007-05-08 21:20 2007-05-08 21:20 2007-05-08 21:20 2007-05-08 21:17 229,376 —h----- C:\DOCUME~1\DEFAUL~1\NTUSER.DAT 2007-05-08 21:17 112,128 --a------ C:\WINDOWS\system32\mapi32.dll 2007-05-08 21:17 0 -rahs---- C:\MSDOS.SYS 2007-05-08 21:17 0 -rahs---- C:\IO.SYS 2007-05-08 21:17 0 --a------ C:\CONFIG.SYS 2007-05-08 21:17 0 --a------ C:\AUTOEXEC.BAT 2007-05-08 21:17 2007-05-08 21:17 2007-05-08 21:16 11,264 --a------ C:\WINDOWS\system32\atrace.dll 2007-05-08 21:16 2007-05-08 21:16 2007-05-08 21:16 2007-05-08 21:16 2007-05-08 21:16 2007-05-08 21:16 2007-05-08 21:15 86,016 --a------ C:\WINDOWS\system32\isign32.dll 2007-05-08 21:15 81,920 --a------ C:\WINDOWS\system32\ils.dll 2007-05-08 21:15 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll 2007-05-08 21:15 73,728 --a------ C:\WINDOWS\system32\icwdial.dll 2007-05-08 21:15 73,472 --a------ C:\WINDOWS\system32\drivers\sr.sys 2007-05-08 21:15 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll 2007-05-08 21:15 69,632 --a------ C:\WINDOWS\system32\msconf.dll 2007-05-08 21:15 678,400 --a------ C:\WINDOWS\system32\inetcomm.dll 2007-05-08 21:15 67,584 --a------ C:\WINDOWS\system32\srclient.dll 2007-05-08 21:15 67,584 --a------ C:\WINDOWS\system32\acctres.dll 2007-05-08 21:15 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll 2007-05-08 21:15 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll 2007-05-08 21:15 49,664 --a------ C:\WINDOWS\system32\inetres.dll 2007-05-08 21:15 466,200 --a------ C:\WINDOWS\system32\wuapi.dll 2007-05-08 21:15 45,568 --a------ C:\WINDOWS\system32\safrslv.dll 2007-05-08 21:15 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll 2007-05-08 21:15 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll 2007-05-08 21:15 41,240 --a------ C:\WINDOWS\system32\wups.dll 2007-05-08 21:15 382,464 --a------ C:\WINDOWS\system32\qmgr.dll 2007-05-08 21:15 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll 2007-05-08 21:15 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe 2007-05-08 21:15 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll 2007-05-08 21:15 29,696 --a------ C:\WINDOWS\system32\safrdm.dll 2007-05-08 21:15 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll 2007-05-08 21:15 278,528 --a------ C:\WINDOWS\system32\mstask.dll 2007-05-08 21:15 278,528 --a------ C:\WINDOWS\system32\inetcfg.dll 2007-05-08 21:15 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll 2007-05-08 21:15 240,128 --a------ C:\WINDOWS\system32\srrstr.dll 2007-05-08 21:15 22,528 --a------ C:\WINDOWS\system32\fltMc.exe 2007-05-08 21:15 195,352 --a------ C:\WINDOWS\system32\wuaueng1.dll 2007-05-08 21:15 192,000 --a------ C:\WINDOWS\system32\schedsvc.dll 2007-05-08 21:15 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll 2007-05-08 21:15 175,384 --a------ C:\WINDOWS\system32\wuauclt1.exe 2007-05-08 21:15 173,536 --a------ C:\WINDOWS\system32\wuweb.dll 2007-05-08 21:15 171,008 --a------ C:\WINDOWS\system32\srsvc.dll 2007-05-08 21:15 16,896 --a------ C:\WINDOWS\system32\fltlib.dll 2007-05-08 21:15 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll 2007-05-08 21:15 128,280 --a------ C:\WINDOWS\system32\wucltui.dll 2007-05-08 21:15 125,208 --a------ C:\WINDOWS\system32\wuauclt.exe 2007-05-08 21:15 124,800 --a------ C:\WINDOWS\system32\drivers\fltMgr.sys 2007-05-08 21:15 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll 2007-05-08 21:15 12,288 --a------ C:\WINDOWS\system32\mstinit.exe 2007-05-08 21:15 105,984 --a------ C:\WINDOWS\system32\msoert2.dll 2007-05-08 21:15 1,343,768 --a------ C:\WINDOWS\system32\wuaueng.dll 2007-05-08 21:15 2007-05-08 21:15 2007-05-08 21:15 2007-05-08 21:15 2007-05-08 21:15 2007-05-08 21:15 2007-05-08 21:14 949,248 --a------ C:\WINDOWS\system32\msdtctm.dll 2007-05-08 21:14 94,720 --a------ C:\WINDOWS\system32\tscfgwmi.dll 2007-05-08 21:14 90,112 --a------ C:\WINDOWS\system32\mtxoci.dll 2007-05-08 21:14 9,728 --a------ C:\WINDOWS\system32\reset.exe 2007-05-08 21:14 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll 2007-05-08 21:14 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll 2007-05-08 21:14 82,432 --a------ C:\WINDOWS\system32\comrepl.dll 2007-05-08 21:14 80,896 --a------ C:\WINDOWS\system32\charmap.exe 2007-05-08 21:14 73,216 --a------ C:\WINDOWS\system32\avwav.dll 2007-05-08 21:14 67,072 --a------ C:\WINDOWS\system32\rdshost.exe 2007-05-08 21:14 655,360 --a------ C:\WINDOWS\system32\mstscax.dll 2007-05-08 21:14 628,224 --a------ C:\WINDOWS\system32\catsrvut.dll 2007-05-08 21:14 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe 2007-05-08 21:14 62,464 --a------ C:\WINDOWS\system32\colbact.dll 2007-05-08 21:14 605,696 --a------ C:\WINDOWS\system32\getuname.dll 2007-05-08 21:14 60,928 --a------ C:\WINDOWS\system32\remotepg.dll 2007-05-08 21:14 6,144 --a------ C:\WINDOWS\system32\msdtc.exe 2007-05-08 21:14 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll 2007-05-08 21:14 57,344 --a------ C:\WINDOWS\system32\sol.exe 2007-05-08 21:14 55,808 --a------ C:\WINDOWS\system32\freecell.exe 2007-05-08 21:14 540,160 --a------ C:\WINDOWS\system32\comuid.dll 2007-05-08 21:14 54,272 --a------ C:\WINDOWS\system32\stclient.dll 2007-05-08 21:14 539,136 --a------ C:\WINDOWS\system32\spider.exe 2007-05-08 21:14 501,248 --a------ C:\WINDOWS\system32\clbcatq.dll 2007-05-08 21:14 5,632 --a------ C:\WINDOWS\system32\write.exe 2007-05-08 21:14 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe 2007-05-08 21:14 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe 2007-05-08 21:14 44,544 --a------ C:\WINDOWS\system32\hticons.dll 2007-05-08 21:14 425,472 --a------ C:\WINDOWS\system32\msdtcprx.dll 2007-05-08 21:14 408,576 --a------ C:\WINDOWS\system32\mstsc.exe 2007-05-08 21:14 4,608 --a------ C:\WINDOWS\system32\rdpcfgex.dll 2007-05-08 21:14 4,096 --a------ C:\WINDOWS\system32\mtxex.dll 2007-05-08 21:14 38,912 --a------ C:\WINDOWS\system32\cfgbkend.dll 2007-05-08 21:14 35,328 --a------ C:\WINDOWS\system32\winchat.exe 2007-05-08 21:14 349,696 --a------ C:\WINDOWS\system32\hypertrm.dll 2007-05-08 21:14 345,088 --a------ C:\WINDOWS\system32\mspaint.exe 2007-05-08 21:14 33,792 --a------ C:\WINDOWS\system32\regini.exe 2007-05-08 21:14 296,448 --a------ C:\WINDOWS\system32\termsrv.dll 2007-05-08 21:14 25,600 --a------ C:\WINDOWS\system32\comaddin.dll 2007-05-08 21:14 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll 2007-05-08 21:14 231,424 --a------ C:\WINDOWS\system32\avtapi.dll 2007-05-08 21:14 229,888 --a------ C:\WINDOWS\system32\catsrv.dll 2007-05-08 21:14 22,528 --a------ C:\WINDOWS\system32\qwinsta.exe 2007-05-08 21:14 22,528 --a------ C:\WINDOWS\system32\msg.exe 2007-05-08 21:14 21,896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys 2007-05-08 21:14 21,856 --a------ C:\WINDOWS\system32\emptyregdb.dat 2007-05-08 21:14 20,992 --a------ C:\WINDOWS\system32\qprocess.exe 2007-05-08 21:14 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll 2007-05-08 21:14 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll 2007-05-08 21:14 187,904 --a------ C:\WINDOWS\system32\accwiz.exe 2007-05-08 21:14 17,920 --a------ C:\WINDOWS\system32\tsshutdn.exe 2007-05-08 21:14 17,408 --a------ C:\WINDOWS\system32\qappsrv.exe 2007-05-08 21:14 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll 2007-05-08 21:14 16,384 --a------ C:\WINDOWS\system32\tskill.exe 2007-05-08 21:14 16,384 --a------ C:\WINDOWS\system32\rwinsta.exe 2007-05-08 21:14 16,384 --a------ C:\WINDOWS\system32\avmeter.dll 2007-05-08 21:14 15,872 --a------ C:\WINDOWS\system32\logoff.exe 2007-05-08 21:14 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll 2007-05-08 21:14 15,360 --a------ C:\WINDOWS\system32\tsdiscon.exe 2007-05-08 21:14 15,360 --a------ C:\WINDOWS\system32\tscon.exe 2007-05-08 21:14 15,360 --a------ C:\WINDOWS\system32\shadow.exe 2007-05-08 21:14 147,968 --a------ C:\WINDOWS\system32\rdchost.dll 2007-05-08 21:14 147,456 --a------ C:\WINDOWS\system32\comsnap.dll 2007-05-08 21:14 141,824 --a------ C:\WINDOWS\system32\sessmgr.exe 2007-05-08 21:14 139,400 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys 2007-05-08 21:14 139,264 --a------ C:\WINDOWS\system32\sndvol32.exe 2007-05-08 21:14 132,608 --a------ C:\WINDOWS\system32\sndrec32.exe 2007-05-08 21:14 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe 2007-05-08 21:14 128,000 --a------ C:\WINDOWS\system32\mshearts.exe 2007-05-08 21:14 124,928 --a------ C:\WINDOWS\system32\mplay32.exe 2007-05-08 21:14 12,040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys 2007-05-08 21:14 119,808 --a------ C:\WINDOWS\system32\winmine.exe 2007-05-08 21:14 115,200 --a------ C:\WINDOWS\system32\calc.exe 2007-05-08 21:14 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll 2007-05-08 21:14 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll 2007-05-08 21:14 11,264 --a------ C:\WINDOWS\system32\icaapi.dll 2007-05-08 21:14 103,424 --a------ C:\WINDOWS\system32\clipbrd.exe 2007-05-08 21:14 1,251,840 --a------ C:\WINDOWS\system32\comsvcs.dll 2007-05-08 21:14 1,225 --a------ C:\WINDOWS\system32\usrlogon.cmd 2007-05-08 21:14 2007-05-08 21:14 2007-05-08 21:14 2007-05-08 21:14 2007-05-08 21:14 2007-05-08 21:14 2007-05-08 21:13 58,880 --a------ C:\WINDOWS\system32\licwmi.dll 2007-05-08 21:13 56,320 --a------ C:\WINDOWS\system32\servdeps.dll 2007-05-08 21:13 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys 2007-05-08 21:13 196,864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys 2007-05-08 21:13 187,904 --a------ C:\WINDOWS\system32\cmprops.dll 2007-05-08 21:13 17,920 --a------ C:\WINDOWS\system32\mmfutil.dll (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-05-09 08:55:36 -------- d-----w C:\DOCUME~1\MACIEJ~1\DANEAP~1.\Skype 2007-05-09 08:31:23 -------- d-----w C:\DOCUME~1\MACIEJ~1\DANEAP~1.\Atari 2007-05-09 00:44:37 -------- d-----w C:\DOCUME~1\MACIEJ~1\DANEAP~1.\Leadertech 2007-05-08 21:56:38 -------- d-----w C:\DOCUME~1\MACIEJ~1\DANEAP~1.\Gadu-Gadu 2007-05-08 21:52:53 -------- d-----w C:\DOCUME~1\MACIEJ~1\DANEAP~1.\Talkback 2007-05-08 21:50:28 -------- d-----w C:\DOCUME~1\MACIEJ~1\DANEAP~1.\COWON 2007-05-08 21:41:44 -------- d-----w C:\DOCUME~1\MACIEJ~1\DANEAP~1.\MusicIP 2007-05-08 21:30:40 -------- d-----w C:\DOCUME~1\MACIEJ~1\DANEAP~1.\BitTorrent 2007-05-08 19:56:54 49,492 ----a-w C:\WINDOWS\system32\perfc015.dat 2007-05-08 19:56:54 355,486 ----a-w C:\WINDOWS\system32\perfh015.dat 2007-05-08 19:16:30 -------- d-----w C:\Program Files\Usługi online (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] “{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}”=“D:\Program Files\Acrobat 7.0\ActiveX\AcroIEHelper.dll” “{53707962-6F74-2D53-2644-206D7942484F}”=“D:\PROGRA~1\SPYBOT~1\SDHelper.dll” “{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}”=“C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll” “{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}”=“C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] “NvCplDaemon”=“RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup” “nwiz”=“nwiz.exe /install” “NvMediaCenter”=“RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit” “RTHDCPL”=“RTHDCPL.EXE” “SkyTel”=“SkyTel.EXE” “Alcmtr”=“ALCMTR.EXE” “LiveMonitor”=“C:\Program Files\MSI\Live Update 3\LMonitor.exe” @=”" “NVIDIA nTune”="“C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe” clear" “NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” “avast!”=“D:\PROGRA~1\Avast4\ashDisp.exe” “EPSON Stylus D68 Series”=“C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE /P23 “EPSON Stylus D68 Series” /O6 “USB001” /M “Stylus D68"” “SunJavaUpdateSched”=”“C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe”" “WooCnxMon”=“C:\PROGRA~1\NEOSTR~1\CnxMon.exe” “WOOWATCH”=“C:\PROGRA~1\NEOSTR~1\Watch.exe” “WOOTASKBARICON”=“C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe” [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] “Gadu-Gadu”="“D:\Program Files\Gadu-Gadu\gg.exe” /tray" “Skype”="“C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized" “ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages msv1_0\0\0 Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages scecli\0\0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter HTTPFilter\0\0 LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService DnsCache\0\0 DcomLaunch DcomLaunch\0TermService\0\0 rpcss RpcSs\0\0 imgsvc StiSvc\0\0 termsvcs TermService\0\0 HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_WEBNTACCESS ******************************************************************** catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-05-09 14:16:50 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden services … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 ******************************************************************** Completion time: 2007-05-09 14:16:51 C:\ComboFix-quarantined-files.tx

t … 2007-05-09 14:16

Monczkin · 9 Maj 2007 12:34

_ryba_maciej_19 popraw znaczniki w poscie.