Prosze o sprwdzenie loga,mam jakiegos WORMA

Bor4t · 30 Marzec 2007 15:18

Oto log z ComboFix PRZED podłączeniem się do internetu :

“ˆuki” - 07-03-30 17:16:16 Dodatek Service Pack. 1 ComboFix 07-03-27.4.2 - Running from: “D:\Documents and Settings\ˆuki\Pulpit” ((((((((((((((((((((((((((((((( Files Created from 2007-02-28 to 2007-03-30 )))))))))))))))))))))))))))))))))) 2007-03-30 17:05 2007-03-30 08:02 2007-03-30 07:59 2007-03-29 17:14 2007-03-29 17:01 2007-03-28 20:44 2007-03-25 09:19 2,297,552 --a------ D:\WINDOWS\system32\d3dx9_26.dll 2007-03-15 12:00 466,432 --a------ D:\WINDOWS\system32\SkanerOnline.dll 2007-03-13 15:32 (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-03-25 09:38 98304 --a------ D:\WINDOWS\system32\cmdlineext.dll 2007-02-16 14:58 -------- d-------- D:\Program Files\project64 v1.5 2007-02-16 14:58 -------- d-------- D:\Program Files\project64 v1.5 2007-02-16 14:52 4096 --a------ D:\WINDOWS\d3dx.dat 2007-02-16 14:25 -------- d-------- D:\Program Files\project64 1.6 2007-02-16 14:25 -------- d-------- D:\Program Files\project64 1.6 2007-02-12 20:06 -------- d-------- D:\Program Files\quicktime 2007-02-12 20:06 -------- d-------- D:\Program Files\quicktime 2007-02-10 11:52 -------- d-------- D:\Program Files\disc2phone 2007-02-10 11:52 -------- d-------- D:\Program Files\disc2phone 2007-02-10 11:51 67298 --a------ D:\WINDOWS\system32\perfc015.dat 2007-02-10 11:51 436322 --a------ D:\WINDOWS\system32\perfh015.dat 2007-02-10 11:48 -------- d-------- D:\Program Files\sony ericsson 2007-02-10 11:48 -------- d-------- D:\Program Files\sony ericsson 2007-02-10 11:46 94064 --a------ D:\WINDOWS\system32\drivers\k510mdm.sys 2007-02-10 11:46 85408 --a------ D:\WINDOWS\system32\drivers\k510mgmt.sys 2007-02-10 11:46 8336 --a------ D:\WINDOWS\system32\drivers\k510mdfl.sys 2007-02-10 11:46 83344 --a------ D:\WINDOWS\system32\drivers\k510obex.sys 2007-02-10 11:46 6176 --a------ D:\WINDOWS\system32\drivers\k510cmnt.sys 2007-02-10 11:46 6176 --a------ D:\WINDOWS\system32\drivers\k510cm.sys 2007-02-10 11:46 58288 --a------ D:\WINDOWS\system32\drivers\k510bus.sys 2007-02-10 11:46 5808 --a------ D:\WINDOWS\system32\drivers\k510whnt.sys 2007-02-10 11:46 5808 --a------ D:\WINDOWS\system32\drivers\k510wh.sys 2007-01-19 09:40 89088 --a------ D:\WINDOWS\system32\skaneronlineuninstall.exe (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] “CTFMON.EXE”=“D:\WINDOWS\System32\ctfmon.exe” “Komunikator”=“D:\Program Files\Tlen.pl\tlen.exe” “NETIANET”=“D:\Program Files\Netia\Net\netianet.exe” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] “NvCplDaemon”=“RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup” “nwiz”=“nwiz.exe /install” “NvMediaCenter”=“RunDLL32.exe NvMCTray.dll,NvTaskbarInit” “Logitech Utility”=“Logi_MwX.Exe” “SigmatelSysTrayApp”=“sttray.exe” “avgnt”="“D:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe” /min" “SpeedTouch USB Diagnostics”="“D:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon" “Adobe Photo Downloader”="“D:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe”" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] “Installed”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] “NoChange”=“1” “Installed”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] “Installed”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Digital Imaging Monitor.lnk] “backup”=“D:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup” “location”=“Common Startup” “command”=“D:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe " “item”=“HP Digital Imaging Monitor” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Image Zone - szybkie uruchamianie.lnk] “backup”=“D:\WINDOWS\pss\HP Image Zone - szybkie uruchamianie.lnkCommon Startup” “location”=“Common Startup” “command”=“D:\PROGRA~1\HP\DIGITA~1\bin\hpqthb08.exe -s” “item”=“HP Image Zone - szybkie uruchamianie” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk] “path”=“D:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk” “backup”=“D:\WINDOWS\pss\Microsoft Office.lnkCommon Startup” “location”=“Common Startup” “command”=“D:\PROGRA~1\MICROS~2\Office\OSA9.EXE -b -l” “item”=“Microsoft Office” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=”" “hkey”=“HKLM” “command”="" “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“apdproxy” “hkey”=“HKLM” “command”="“D:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe”" “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“hpcmpmgr” “hkey”=“HKLM” “command”="“D:\Program Files\HP\hpcoretech\hpcmpmgr.exe”" “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“HPWuSchd2” “hkey”=“HKLM” “command”="“D:\Program Files\HP\HP Software Update\HPWuSchd2.exe”" “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelAudioStudio] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“IntelAudioStudio” “hkey”=“HKLM” “command”="“D:\Program Files\Intel Audio Studio\IntelAudioStudio.exe” BOOT" “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“NeroCheck” “hkey”=“HKLM” “command”=“D:\WINDOWS\system32\NeroCheck.exe” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“qttask” “hkey”=“HKLM” “command”="“D:\Program Files\QuickTime\qttask.exe” -atboottime" “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“PDVDServ” “hkey”=“HKLM” “command”="“D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe”" “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“Application Launcher” “hkey”=“HKLM” “command”="“D:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe” /startoptions" “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“winampa” “hkey”=“HKLM” “command”=“D:\Program Files\Winamp\winampa.exe” “inimapping”=“0” [HKEY_USERS.default\software\microsoft\windows\currentversion\run] “NETIANET”=“D:\Program Files\Netia\Net\netianet.exe” [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] “SecurityProviders”=“msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll” [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 ******************************************************************** catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 http://www.gmer.net scanning hidden processes … scanning hidden services … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 ******************************************************************** Completion time: 07-03-30 17:16:51 D:\ComboFix3.txt … 07-03-30 16:44 D:\ComboFix2.txt … 07-03-30 17:07 A to po włączeniu internetu ( netii ) “ˆuki” - 07-03-30 17:18:24 Dodatek Service Pack. 1 ComboFix 07-03-27.4.2 - Running from: “D:\Documents and Settings\ˆuki\Pulpit” ((((((((((((((((((((((((((((((( Files Created from 2007-02-28 to 2007-03-30 )))))))))))))))))))))))))))))))))) 2007-03-30 17:05 2007-03-30 08:02 2007-03-30 07:59 2007-03-29 17:14 2007-03-29 17:01 2007-03-28 20:44 2007-03-25 09:19 2,297,552 --a------ D:\WINDOWS\system32\d3dx9_26.dll 2007-03-15 12:00 466,432 --a------ D:\WINDOWS\system32\SkanerOnline.dll 2007-03-13 15:32 (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-03-25 09:38 98304 --a------ D:\WINDOWS\system32\cmdlineext.dll 2007-02-16 14:58 -------- d-------- D:\Program Files\project64 v1.5 2007-02-16 14:58 -------- d-------- D:\Program Files\project64 v1.5 2007-02-16 14:52 4096 --a------ D:\WINDOWS\d3dx.dat 2007-02-16 14:25 -------- d-------- D:\Program Files\project64 1.6 2007-02-16 14:25 -------- d-------- D:\Program Files\project64 1.6 2007-02-12 20:06 -------- d-------- D:\Program Files\quicktime 2007-02-12 20:06 -------- d-------- D:\Program Files\quicktime 2007-02-10 11:52 -------- d-------- D:\Program Files\disc2phone 2007-02-10 11:52 -------- d-------- D:\Program Files\disc2phone 2007-02-10 11:51 67298 --a------ D:\WINDOWS\system32\perfc015.dat 2007-02-10 11:51 436322 --a------ D:\WINDOWS\system32\perfh015.dat 2007-02-10 11:48 -------- d-------- D:\Program Files\sony ericsson 2007-02-10 11:48 -------- d-------- D:\Program Files\sony ericsson 2007-02-10 11:46 94064 --a------ D:\WINDOWS\system32\drivers\k510mdm.sys 2007-02-10 11:46 85408 --a------ D:\WINDOWS\system32\drivers\k510mgmt.sys 2007-02-10 11:46 8336 --a------ D:\WINDOWS\system32\drivers\k510mdfl.sys 2007-02-10 11:46 83344 --a------ D:\WINDOWS\system32\drivers\k510obex.sys 2007-02-10 11:46 6176 --a------ D:\WINDOWS\system32\drivers\k510cmnt.sys 2007-02-10 11:46 6176 --a------ D:\WINDOWS\system32\drivers\k510cm.sys 2007-02-10 11:46 58288 --a------ D:\WINDOWS\system32\drivers\k510bus.sys 2007-02-10 11:46 5808 --a------ D:\WINDOWS\system32\drivers\k510whnt.sys 2007-02-10 11:46 5808 --a------ D:\WINDOWS\system32\drivers\k510wh.sys 2007-01-19 09:40 89088 --a------ D:\WINDOWS\system32\skaneronlineuninstall.exe (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] “CTFMON.EXE”=“D:\WINDOWS\System32\ctfmon.exe” “Komunikator”=“D:\Program Files\Tlen.pl\tlen.exe” “NETIANET”=“D:\Program Files\Netia\Net\netianet.exe” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] “NvCplDaemon”=“RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup” “nwiz”=“nwiz.exe /install” “NvMediaCenter”=“RunDLL32.exe NvMCTray.dll,NvTaskbarInit” “Logitech Utility”=“Logi_MwX.Exe” “SigmatelSysTrayApp”=“sttray.exe” “avgnt”="“D:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe” /min" “SpeedTouch USB Diagnostics”="“D:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon" “Adobe Photo Downloader”="“D:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe”" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] “Installed”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] “NoChange”=“1” “Installed”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] “Installed”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Digital Imaging Monitor.lnk] “backup”=“D:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup” “location”=“Common Startup” “command”=“D:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe " “item”=“HP Digital Imaging Monitor” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Image Zone - szybkie uruchamianie.lnk] “backup”=“D:\WINDOWS\pss\HP Image Zone - szybkie uruchamianie.lnkCommon Startup” “location”=“Common Startup” “command”=“D:\PROGRA~1\HP\DIGITA~1\bin\hpqthb08.exe -s” “item”=“HP Image Zone - szybkie uruchamianie” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk] “path”=“D:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk” “backup”=“D:\WINDOWS\pss\Microsoft Office.lnkCommon Startup” “location”=“Common Startup” “command”=“D:\PROGRA~1\MICROS~2\Office\OSA9.EXE -b -l” “item”=“Microsoft Office” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=”" “hkey”=“HKLM” “command”="" “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“apdproxy” “hkey”=“HKLM” “command”="“D:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe”" “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“hpcmpmgr” “hkey”=“HKLM” “command”="“D:\Program Files\HP\hpcoretech\hpcmpmgr.exe”" “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“HPWuSchd2” “hkey”=“HKLM” “command”="“D:\Program Files\HP\HP Software Update\HPWuSchd2.exe”" “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelAudioStudio] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“IntelAudioStudio” “hkey”=“HKLM” “command”="“D:\Program Files\Intel Audio Studio\IntelAudioStudio.exe” BOOT" “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“NeroCheck” “hkey”=“HKLM” “command”=“D:\WINDOWS\system32\NeroCheck.exe” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“qttask” “hkey”=“HKLM” “command”="“D:\Program Files\QuickTime\qttask.exe” -atboottime" “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“PDVDServ” “hkey”=“HKLM” “command”="“D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe”" “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“Application Launcher” “hkey”=“HKLM” “command”="“D:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe” /startoptions" “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“winampa” “hkey”=“HKLM” “command”=“D:\Program Files\Winamp\winampa.exe” “inimapping”=“0” [HKEY_USERS.default\software\microsoft\windows\currentversion\run] “NETIANET”=“D:\Program Files\Netia\Net\netianet.exe” [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] “SecurityProviders”=“msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll” [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 ******************************************************************** catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 http://www.gmer.net scanning hidden processes … scanning hidden services … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 ******************************************************************** Completion time: 07-03-30 17:18:36 D:\ComboFix2.txt … 07-03-30 17:16 D:\ComboFix3.txt … 07-03-30 17:07 Złączono Posta: 30.03.2007 (Pią) 17:19 Log z ComboScan :

Złączono Posta : 30.03.2007 (Pią) 20:16

raport z ewido :

__________________________________________________

ewido anti-spyware online scanner

http://www.ewido.net

__________________________________________________

Name: TrackingCookie.Adocean

Path: D:\Documents and Settings\łuki\Cookies\łuki@gde.adocean[2].txt

Risk: Medium

Name: TrackingCookie.Gemius

Path: D:\Documents and Settings\łuki\Cookies\łuki@hit.gemius[1].txt

Risk: Medium

Name: TrackingCookie.Adocean

Path: D:\Documents and Settings\łuki\Cookies\łuki@my.adocean[2].txt

Risk: Medium

Name: TrackingCookie.Tradedoubler

Path: D:\Documents and Settings\łuki\Cookies\łuki@tradedoubler[2].txt

Risk: Medium

Name: TrackingCookie.Gemius

Path: :mozilla.25:D:\Documents and Settings\łuki\Dane aplikacji\Mozilla\Firefox\Profiles\w4a3v4mi.default\cookies.txt

Risk: Medium

Name: TrackingCookie.Gemius

Path: :mozilla.26:D:\Documents and Settings\łuki\Dane aplikacji\Mozilla\Firefox\Profiles\w4a3v4mi.default\cookies.txt

Risk: Medium

Name: TrackingCookie.Netflame

Path: :mozilla.32:D:\Documents and Settings\łuki\Dane aplikacji\Mozilla\Firefox\Profiles\w4a3v4mi.default\cookies.txt

Risk: Medium

Name: TrackingCookie.Adocean

Path: :mozilla.35:D:\Documents and Settings\łuki\Dane aplikacji\Mozilla\Firefox\Profiles\w4a3v4mi.default\cookies.txt

Risk: Medium

Name: TrackingCookie.Adocean

Path: :mozilla.36:D:\Documents and Settings\łuki\Dane aplikacji\Mozilla\Firefox\Profiles\w4a3v4mi.default\cookies.txt

Risk: Medium

Name: TrackingCookie.Statcounter

Path: :mozilla.42:D:\Documents and Settings\łuki\Dane aplikacji\Mozilla\Firefox\Profiles\w4a3v4mi.default\cookies.txt

Risk: Medium

Name: TrackingCookie.Paypal

Path: :mozilla.43:D:\Documents and Settings\łuki\Dane aplikacji\Mozilla\Firefox\Profiles\w4a3v4mi.default\cookies.txt

Risk: Medium

Name: TrackingCookie.Tradedoubler

Path: :mozilla.57:D:\Documents and Settings\łuki\Dane aplikacji\Mozilla\Firefox\Profiles\w4a3v4mi.default\cookies.txt

Risk: Medium

Name: TrackingCookie.Tradedoubler

Path: :mozilla.58:D:\Documents and Settings\łuki\Dane aplikacji\Mozilla\Firefox\Profiles\w4a3v4mi.default\cookies.txt

Risk: Medium

Name: TrackingCookie.Tradedoubler

Path: :mozilla.59:D:\Documents and Settings\łuki\Dane aplikacji\Mozilla\Firefox\Profiles\w4a3v4mi.default\cookies.txt

Risk: Medium

Name: TrackingCookie.Adocean

Path: :mozilla.61:D:\Documents and Settings\łuki\Dane aplikacji\Mozilla\Firefox\Profiles\w4a3v4mi.default\cookies.txt

Risk: Medium

Name: TrackingCookie.Adocean

Path: :mozilla.62:D:\Documents and Settings\łuki\Dane aplikacji\Mozilla\Firefox\Profiles\w4a3v4mi.default\cookies.txt

Risk: Medium

Name: TrackingCookie.Webtrendslive

Path: :mozilla.65:D:\Documents and Settings\łuki\Dane aplikacji\Mozilla\Firefox\Profiles\w4a3v4mi.default\cookies.txt

Risk: Medium

Name: TrackingCookie.Toplist

Path: :mozilla.70:D:\Documents and Settings\łuki\Dane aplikacji\Mozilla\Firefox\Profiles\w4a3v4mi.default\cookies.txt

Risk: Medium

Name: TrackingCookie.Adocean

Path: :mozilla.71:D:\Documents and Settings\łuki\Dane aplikacji\Mozilla\Firefox\Profiles\w4a3v4mi.default\cookies.txt

Risk: Medium

Name: TrackingCookie.Adocean

Path: :mozilla.72:D:\Documents and Settings\łuki\Dane aplikacji\Mozilla\Firefox\Profiles\w4a3v4mi.default\cookies.txt

Risk: Medium

Name: TrackingCookie.Adocean

Path: :mozilla.75:D:\Documents and Settings\łuki\Dane aplikacji\Mozilla\Firefox\Profiles\w4a3v4mi.default\cookies.txt

Risk: Medium

Name: TrackingCookie.Adocean

Path: :mozilla.76:D:\Documents and Settings\łuki\Dane aplikacji\Mozilla\Firefox\Profiles\w4a3v4mi.default\cookies.txt

Risk: Medium

Name: TrackingCookie.Atdmt

Path: :mozilla.77:D:\Documents and Settings\łuki\Dane aplikacji\Mozilla\Firefox\Profiles\w4a3v4mi.default\cookies.txt

Risk: Medium

Name: TrackingCookie.Webtrends

Path: :mozilla.78:D:\Documents and Settings\łuki\Dane aplikacji\Mozilla\Firefox\Profiles\w4a3v4mi.default\cookies.txt

Risk: Medium

z kasperkyego :

Nazwa zainfekowanego obiektu Nazwa wirusa Ostatnie działanie

C:\Documents and Settings\All Users\Dane aplikacji\Microsoft\Dr Watson\user.dmp Object is locked pominięty

C:\WINDOWS$NtUninstallKB828035$\msgsvc.dll Object is locked pominięty

C:\WINDOWS$NtUninstallKB828035$\wkssvc.dll Object is locked pominięty

C:\WINDOWS$NtUninstallKB828741$\catsrv.dll Object is locked pominięty

C:\WINDOWS$NtUninstallKB828741$\catsrvut.dll Object is locked pominięty

C:\WINDOWS$NtUninstallKB828741$\clbcatex.dll Object is locked pominięty

C:\WINDOWS$NtUninstallKB828741$\clbcatq.dll Object is locked pominięty

C:\WINDOWS$NtUninstallKB828741$\colbact.dll Object is locked pominięty

C:\WINDOWS$NtUninstallKB828741$\comadmin.dll Object is locked pominięty

C:\WINDOWS$NtUninstallKB828741$\comrepl.exe Object is locked pominięty

C:\WINDOWS$NtUninstallKB828741$\comsvcs.dll Object is locked pominięty

C:\WINDOWS$NtUninstallKB828741$\comuid.dll Object is locked pominięty

C:\WINDOWS$NtUninstallKB828741$\es.dll Object is locked pominięty

C:\WINDOWS$NtUninstallKB828741$\migregdb.exe Object is locked pominięty

C:\WINDOWS$NtUninstallKB828741$\msdtcprx.dll Object is locked pominięty

C:\WINDOWS$NtUninstallKB828741$\msdtctm.dll Object is locked pominięty

C:\WINDOWS$NtUninstallKB828741$\msdtcuiu.dll Object is locked pominięty

C:\WINDOWS$NtUninstallKB828741$\mtxclu.dll Object is locked pominięty

C:\WINDOWS$NtUninstallKB828741$\mtxoci.dll Object is locked pominięty

C:\WINDOWS$NtUninstallKB828741$\rpcrt4.dll Object is locked pominięty

C:\WINDOWS$NtUninstallKB828741$\txflog.dll Object is locked pominięty

C:\WINDOWS$NtUninstallKB835732$\callcont.dll Object is locked pominięty

C:\WINDOWS$NtUninstallKB835732$\cmdevtgprov.dll Object is locked pominięty

C:\WINDOWS$NtUninstallKB835732$\evtgprov.dll Object is locked pominięty

C:\WINDOWS$NtUninstallKB835732$\gdi32.dll Object is locked pominięty

C:\WINDOWS$NtUninstallKB835732$\h323.tsp Object is locked pominięty

C:\WINDOWS$NtUninstallKB835732$\h323msp.dll Object is locked pominięty

C:\WINDOWS$NtUninstallKB835732$\helpctr.exe Object is locked pominięty

C:\WINDOWS$NtUninstallKB835732$\ipnathlp.dll Object is locked pominięty

C:\WINDOWS$NtUninstallKB835732$\lsasrv.dll Object is locked pominięty

C:\WINDOWS$NtUninstallKB835732$\mf3216.dll Object is locked pominięty

C:\WINDOWS$NtUninstallKB835732$\msasn1.dll Object is locked pominięty

C:\WINDOWS$NtUninstallKB835732$\msgina.dll Object is locked pominięty

C:\WINDOWS$NtUninstallKB835732$\mst120.dll Object is locked pominięty

C:\WINDOWS$NtUninstallKB835732$\netapi32.dll Object is locked pominięty

C:\WINDOWS$NtUninstallKB835732$\nmcom.dll Object is locked pominięty

C:\WINDOWS$NtUninstallKB835732$\rtcdll.dll Object is locked pominięty

C:\WINDOWS$NtUninstallKB835732$\schannel.dll Object is locked pominięty

C:\WINDOWS$NtUninstallKB839645$\xpsp2res.dll Object is locked pominięty

C:\WINDOWS$NtUninstallQ828026$\msdxm.ocx Object is locked pominięty

C:\WINDOWS$NtUninstallQ828026$\wmpcore.dll Object is locked pominięty

C:\WINDOWS\system32\olmto4li.ini Zainfekowanych: not-a-virus:AdWare.Win32.Sahat.ao pominięty

D:\WINDOWS\system32\config\system.LOG Object is locked pominięty

D:\WINDOWS\system32\config\software.LOG Object is locked pominięty

D:\WINDOWS\system32\config\default.LOG Object is locked pominięty

D:\WINDOWS\system32\config\SECURITY Object is locked pominięty

D:\WINDOWS\system32\config\SAM Object is locked pominięty

D:\WINDOWS\system32\config\SECURITY.LOG Object is locked pominięty

D:\WINDOWS\system32\config\SAM.LOG Object is locked pominięty

D:\WINDOWS\system32\config\AppEvent.Evt Object is locked pominięty

D:\WINDOWS\system32\config\SecEvent.Evt Object is locked pominięty

D:\WINDOWS\system32\config\SysEvent.Evt Object is locked pominięty

D:\WINDOWS\system32\config\SYSTEM Object is locked pominięty

D:\WINDOWS\system32\config\SOFTWARE Object is locked pominięty

D:\WINDOWS\system32\config\DEFAULT Object is locked pominięty

D:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked pominięty

D:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked pominięty

D:\WINDOWS\system32\h323log.txt Object is locked pominięty

D:\WINDOWS\system32\4958432ld.exe Zainfekowanych: Trojan-Proxy.Win32.Dlena.an pominięty

D:\WINDOWS\system32\i Zainfekowanych: Trojan-Downloader.BAT.Ftp.ab pominięty

D:\WINDOWS\system32\o Zainfekowanych: Trojan-Downloader.BAT.Ftp.ab pominięty

D:\WINDOWS\Debug\PASSWD.LOG Object is locked pominięty

D:\WINDOWS\Debug\oakley.log Object is locked pominięty

D:\WINDOWS\Sti_Trace.log Object is locked pominięty

D:\WINDOWS\wiaservc.log Object is locked pominięty

D:\WINDOWS\wiadebug.log Object is locked pominięty

D:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked pominięty

D:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat Object is locked pominięty

D:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG Object is locked pominięty

D:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked pominięty

D:\Documents and Settings\LocalService\NTUSER.DAT Object is locked pominięty

D:\Documents and Settings\LocalService\Ustawienia lokalne\Historia\History.IE5\index.dat Object is locked pominięty

D:\Documents and Settings\LocalService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat Object is locked pominięty

D:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat Object is locked pominięty

D:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG Object is locked pominięty

D:\Documents and Settings\LocalService\Cookies\index.dat Object is locked pominięty

D:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked pominięty

D:\Documents and Settings\łuki\NTUSER.DAT Object is locked pominięty

D:\Documents and Settings\łuki\Ustawienia lokalne\Historia\History.IE5\index.dat Object is locked pominięty

D:\Documents and Settings\łuki\Ustawienia lokalne\Historia\History.IE5\MSHist012007033020070331\index.dat Object is locked pominięty

D:\Documents and Settings\łuki\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat Object is locked pominięty

D:\Documents and Settings\łuki\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat Object is locked pominięty

D:\Documents and Settings\łuki\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG Object is locked pominięty

D:\Documents and Settings\łuki\Ustawienia lokalne\Temp~ROMFN_00000954 Object is locked pominięty

D:\Documents and Settings\łuki\Cookies\index.dat Object is locked pominięty

D:\Documents and Settings\łuki\Dane aplikacji\Tlen.pl\Profiles\liszz\DataBase\chats.idx Object is locked pominięty

D:\Documents and Settings\łuki\Dane aplikacji\Tlen.pl\Profiles\liszz\DataBase\chats.dat Object is locked pominięty

D:\Documents and Settings\łuki\ntuser.dat.LOG Object is locked pominięty

D:\System Volume Information_restore{DD9A2965-CD0D-45E0-B247-92ED2C2BB19F}\RP91\change.log Object is locked pominięty

E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked pominięty

H:\System Volume Information_restore{DD9A2965-CD0D-45E0-B247-92ED2C2BB19F}\RP91\change.log Object is locked pominięty

Złączono Posta : 30.03.2007 (Pią) 21:41

Znowu pojawia się to samo : D:\WINDOWS\system32\wmupdat44821.exe.

worm.

Joan · 30 Marzec 2007 23:49

usun wszystko co znalazły skanery.

reinstal sterownika od kontrolera usb i gunza.

Ściągasz narzędzie KillBox, zaznaczasz Delete on Reboot, potem klikasz All Files i wklejasz do pola Full Path of File to Delete ścieżkę:

D:\WINDOWS\system32\wmupdat44821.exe

Klikasz X i reset sysa.

Bor4t · 31 Marzec 2007 06:55

Ja nawet nie wiem co to jest ten gunz - w internecie pisze że to jakiś hax.

Złączono Posta : 31.03.2007 (Sob) 9:13

Większość z owych robaków pojawia się od razu po włączeniu internetu . Są one lokalizowane w D:\WINDOWS\system32\ i tutaj jest losowa nazwa ,np. “o” , “i” , lub “wmupdat + cyferki”. Te same pliki ciągle się generują na nowo.

adam9870 · 31 Marzec 2007 08:35

Czy masz pozamykane porty programem Windows Worms Doors Cleaner (wszystkie znaczki maja być na zielono, jeżeli któryś z nich będzie na żółto to go zostaw) ??

Przeskanuj system jeszcze raz ewido i kasperskim i wklej raporty plus log z ComboFix.

Bor4t · 31 Marzec 2007 09:41

Tak ,pozamykałem wszystko DOOM CLEANEREM, dziwi mnie dlatego robaki pojawiają się na nowo. Logi :

EWIDO

__________________________________________________

ewido anti-spyware online scanner

http://www.ewido.net

__________________________________________________

Name: TrackingCookie.Gemius

Path: D:\Documents and Settings\łuki\Cookies\łuki@hit.gemius[2].txt

Risk: Medium

Name: TrackingCookie.Adocean

Path: D:\Documents and Settings\łuki\Cookies\łuki@gde.adocean[2].txt

Risk: Medium

Name: TrackingCookie.Adocean

Path: D:\Documents and Settings\łuki\Cookies\łuki@my.adocean[2].txt

Risk: Medium

Name: TrackingCookie.Gemius

Path: D:\Documents and Settings\łuki\Cookies\łuki@hit.gemius[1].txt

Risk: Medium

Name: TrackingCookie.Gemius

Path: :mozilla.6:D:\Documents and Settings\łuki\Dane aplikacji\Mozilla\Firefox\Profiles\w4a3v4mi.default\cookies.txt

Risk: Medium

Name: TrackingCookie.Gemius

Path: :mozilla.7:D:\Documents and Settings\łuki\Dane aplikacji\Mozilla\Firefox\Profiles\w4a3v4mi.default\cookies.txt

Risk: Medium

Name: TrackingCookie.Adocean

Path: :mozilla.9:D:\Documents and Settings\łuki\Dane aplikacji\Mozilla\Firefox\Profiles\w4a3v4mi.default\cookies.txt

Risk: Medium

Name: TrackingCookie.Adocean

Path: :mozilla.10:D:\Documents and Settings\łuki\Dane aplikacji\Mozilla\Firefox\Profiles\w4a3v4mi.default\cookies.txt

Risk: Medium

Name: TrackingCookie.Tradedoubler

Path: :mozilla.15:D:\Documents and Settings\łuki\Dane aplikacji\Mozilla\Firefox\Profiles\w4a3v4mi.default\cookies.txt

Risk: Medium

Name: TrackingCookie.Statcounter

Path: :mozilla.31:D:\Documents and Settings\łuki\Dane aplikacji\Mozilla\Firefox\Profiles\w4a3v4mi.default\cookies.txt

Risk: Medium

Name: TrackingCookie.Yieldmanager

Path: :mozilla.63:D:\Documents and Settings\łuki\Dane aplikacji\Mozilla\Firefox\Profiles\w4a3v4mi.default\cookies.txt

Risk: Medium

Name: TrackingCookie.Yieldmanager

Path: :mozilla.64:D:\Documents and Settings\łuki\Dane aplikacji\Mozilla\Firefox\Profiles\w4a3v4mi.default\cookies.txt

Risk: Medium

Name: TrackingCookie.Yieldmanager

Path: :mozilla.65:D:\Documents and Settings\łuki\Dane aplikacji\Mozilla\Firefox\Profiles\w4a3v4mi.default\cookies.txt

Risk: Medium

Name: TrackingCookie.Yieldmanager

Path: :mozilla.66:D:\Documents and Settings\łuki\Dane aplikacji\Mozilla\Firefox\Profiles\w4a3v4mi.default\cookies.txt

Risk: Medium

Name: TrackingCookie.Adocean

Path: :mozilla.86:D:\Documents and Settings\łuki\Dane aplikacji\Mozilla\Firefox\Profiles\w4a3v4mi.default\cookies.txt

Risk: Medium

Name: TrackingCookie.Adocean

Path: :mozilla.87:D:\Documents and Settings\łuki\Dane aplikacji\Mozilla\Firefox\Profiles\w4a3v4mi.default\cookies.txt

Risk: Medium

Name: TrackingCookie.Fastclick

Path: :mozilla.88:D:\Documents and Settings\łuki\Dane aplikacji\Mozilla\Firefox\Profiles\w4a3v4mi.default\cookies.txt

Risk: Medium

Name: TrackingCookie.Fastclick

Path: :mozilla.89:D:\Documents and Settings\łuki\Dane aplikacji\Mozilla\Firefox\Profiles\w4a3v4mi.default\cookies.txt

Risk: Medium

Name: TrackingCookie.Burstnet

Path: :mozilla.91:D:\Documents and Settings\łuki\Dane aplikacji\Mozilla\Firefox\Profiles\w4a3v4mi.default\cookies.txt

Risk: Medium

Name: TrackingCookie.Fastclick

Path: :mozilla.92:D:\Documents and Settings\łuki\Dane aplikacji\Mozilla\Firefox\Profiles\w4a3v4mi.default\cookies.txt

Risk: Medium

Name: TrackingCookie.Fastclick

Path: :mozilla.93:D:\Documents and Settings\łuki\Dane aplikacji\Mozilla\Firefox\Profiles\w4a3v4mi.default\cookies.txt

Risk: Medium

Name: TrackingCookie.Realmedia

Path: :mozilla.94:D:\Documents and Settings\łuki\Dane aplikacji\Mozilla\Firefox\Profiles\w4a3v4mi.default\cookies.txt

Risk: Medium

Name: TrackingCookie.Realmedia

Path: :mozilla.96:D:\Documents and Settings\łuki\Dane aplikacji\Mozilla\Firefox\Profiles\w4a3v4mi.default\cookies.txt

Risk: Medium

Name: TrackingCookie.Realmedia

Path: :mozilla.97:D:\Documents and Settings\łuki\Dane aplikacji\Mozilla\Firefox\Profiles\w4a3v4mi.default\cookies.txt

Risk: Medium

Name: TrackingCookie.Realmedia

Path: :mozilla.98:D:\Documents and Settings\łuki\Dane aplikacji\Mozilla\Firefox\Profiles\w4a3v4mi.default\cookies.txt

Risk: Medium

Name: TrackingCookie.Realmedia

Path: :mozilla.101:D:\Documents and Settings\łuki\Dane aplikacji\Mozilla\Firefox\Profiles\w4a3v4mi.default\cookies.txt

Risk: Medium

Name: TrackingCookie.Atdmt

Path: :mozilla.119:D:\Documents and Settings\łuki\Dane aplikacji\Mozilla\Firefox\Profiles\w4a3v4mi.default\cookies.txt

Risk: Medium

COMBOFIX

“uki” - 07-03-31 10:50:37 Dodatek Service Pack. 1

ComboFix 07-03-27.4.2 - Running from: “D:\Documents and Settings\uki\Pulpit”

((((((((((((((((((((((((((((((( Files Created from 2007-02-28 to 2007-03-31 ))))))))))))))))))))))))))))))))))

2007-03-31 09:10

2007-03-31 08:37

2007-03-30 18:46

2007-03-30 17:25

2007-03-30 17:05

2007-03-30 08:02

2007-03-30 07:59

2007-03-29 17:14

2007-03-29 17:01

2007-03-28 20:44

2007-03-25 09:19 2,297,552 --a------ D:\WINDOWS\system32\d3dx9_26.dll

2007-03-15 12:00 466,432 --a------ D:\WINDOWS\system32\SkanerOnline.dll

2007-03-13 15:32

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-03-25 09:38 98304 --a------ D:\WINDOWS\system32\cmdlineext.dll

2007-02-16 14:58 -------- d-------- D:\Program Files\project64 v1.5

2007-02-16 14:52 4096 --a------ D:\WINDOWS\d3dx.dat

2007-02-16 14:25 -------- d-------- D:\Program Files\project64 1.6

2007-02-12 20:06 -------- d-------- D:\Program Files\quicktime

2007-02-10 11:52 -------- d-------- D:\Program Files\disc2phone

2007-02-10 11:51 67298 --a------ D:\WINDOWS\system32\perfc015.dat

2007-02-10 11:51 436322 --a------ D:\WINDOWS\system32\perfh015.dat

2007-02-10 11:48 -------- d-------- D:\Program Files\sony ericsson

2007-02-10 11:46 94064 --a------ D:\WINDOWS\system32\drivers\k510mdm.sys

2007-02-10 11:46 85408 --a------ D:\WINDOWS\system32\drivers\k510mgmt.sys

2007-02-10 11:46 8336 --a------ D:\WINDOWS\system32\drivers\k510mdfl.sys

2007-02-10 11:46 83344 --a------ D:\WINDOWS\system32\drivers\k510obex.sys

2007-02-10 11:46 6176 --a------ D:\WINDOWS\system32\drivers\k510cmnt.sys

2007-02-10 11:46 6176 --a------ D:\WINDOWS\system32\drivers\k510cm.sys

2007-02-10 11:46 58288 --a------ D:\WINDOWS\system32\drivers\k510bus.sys

2007-02-10 11:46 5808 --a------ D:\WINDOWS\system32\drivers\k510whnt.sys

2007-02-10 11:46 5808 --a------ D:\WINDOWS\system32\drivers\k510wh.sys

2007-01-19 09:40 89088 --a------ D:\WINDOWS\system32\skaneronlineuninstall.exe

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]

“CTFMON.EXE”=“D:\WINDOWS\System32\ctfmon.exe”

“Komunikator”=“D:\Program Files\Tlen.pl\tlen.exe”

“NETIANET”=“D:\Program Files\Netia\Net\netianet.exe”

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]

“NvCplDaemon”=“RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup”

“nwiz”=“nwiz.exe /install”

“NvMediaCenter”=“RunDLL32.exe NvMCTray.dll,NvTaskbarInit”

“Logitech Utility”=“Logi_MwX.Exe”

“SigmatelSysTrayApp”=“sttray.exe”

“avgnt”="“D:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe” /min"

“SpeedTouch USB Diagnostics”="“D:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon"

“Adobe Photo Downloader”="“D:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe”"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]

“Installed”=“1”

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]

“NoChange”=“1”

“Installed”=“1”

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]

“Installed”=“1”

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Digital Imaging Monitor.lnk]

“backup”=“D:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup”

“location”=“Common Startup”

“command”="D:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe "

“item”=“HP Digital Imaging Monitor”

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Image Zone - szybkie uruchamianie.lnk]

“backup”=“D:\WINDOWS\pss\HP Image Zone - szybkie uruchamianie.lnkCommon Startup”

“location”=“Common Startup”

“command”=“D:\PROGRA~1\HP\DIGITA~1\bin\hpqthb08.exe -s”

“item”=“HP Image Zone - szybkie uruchamianie”

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk]

“path”=“D:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk”

“backup”=“D:\WINDOWS\pss\Microsoft Office.lnkCommon Startup”

“location”=“Common Startup”

“command”=“D:\PROGRA~1\MICROS~2\Office\OSA9.EXE -b -l”

“item”=“Microsoft Office”

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]