Wolna neostrada

vinimiki · 15 Październik 2007 18:27

proszę o sprawdzenie loga przeszedłem z 512 na 1 mb neostrady a działa tak samo albo wolniej

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:12:39, on 2007-10-15 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Gadu-Gadu\gg.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Skype\Phone\Skype.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\PROGRA~1\MICROS~4\rapimgr.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Skype\Plugin Manager\SkypePM.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\System32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit.exe,C:\WINDOWS\system32\ntos.exe, O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM…\Run: [ZoneAlarm Client] “C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe” O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [H/PC Connection Agent] “C:\Program Files\Microsoft ActiveSync\wcescomm.exe” O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘USŁUGA LOKALNA’) O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’) O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SYSTEM’) O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’) O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra ‘Tools’ menuitem: Utwórz łącze Ulubione dla urządzenia przenośnego… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: iSiloX Clipper - {C86027A6-12A1-4298-B6EA-A42AC6EE6C7C} - C:\Program Files\iSilo\iSiloX\iSiloXIE.dll (HKCU) O9 - Extra ‘Tools’ menuitem: iSiloX Clipper… - {C86027A6-12A1-4298-B6EA-A42AC6EE6C7C} - C:\Program Files\iSilo\iSiloX\iSiloXIE.dll (HKCU) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab O17 - HKLM\System\CCS\Services\Tcpip…{8704520B-7339-47B7-BCA5-306EA44352A7}: NameServer = 194.204.159.1 217.98.63.164 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Autodata Limited License Service - Unknown owner - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\Win32\RpcDataSrv.exe O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\RpcSandraSrv.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe – End of file - 7770 bytes

LostWorld · 15 Październik 2007 19:16

Automat :

Pobierz program SDFix

Opis programu

vinimiki · 16 Październik 2007 07:22

raport z SDFix

SDFix: Version 1.109 Run by mimi on 2007-10-16 at 09:11 Microsoft Windows XP [Wersja 5.1.2600] Running From: C:\SDFix Safe Mode: Checking Services: Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting… Normal Mode: Checking Files: Trojan Files Found: C:\WINDOWS\system32\wsnpoem\audio.dll - Deleted C:\WINDOWS\system32\wsnpoem\video.dll - Deleted C:\WINDOWS\system32\ntos.exe - Deleted Removing Temp Files… ADS Check: C:\WINDOWS No streams found. C:\WINDOWS\system32 No streams found. C:\WINDOWS\system32\svchost.exe No streams found. C:\WINDOWS\system32\ntoskrnl.exe No streams found. Final Check: Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] “C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\Win32\RpcDataSrv.exe”=“C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\Win32\RpcDataSrv.exe:*:Enabled:SiSoftware Database Agent Service” “C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\RpcSandraSrv.exe”=“C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service” “C:\Program Files\Skype\Phone\Skype.exe”=“C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype” [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] Remaining Files: --------------- File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes: Mon 30 Apr 2007 848 A.SH. — “C:\WINDOWS\system32\KGyGaAvL.sys” Tue 12 Jun 2007 4,348 …SH. — “C:\Documents and Settings\All Users\DRM\DRMv1.bak” Fri 7 Oct 2005 994,056 A…H. — “C:\WINDOWS\SoftwareDistribution\Download\4ff62c249c2fbfdca2885e15f6739f78\BIT9C.tmp” Mon 11 Apr 2005 484,592 A…H. — “C:\WINDOWS\SoftwareDistribution\Download\542608b5eb0b623dad0087191d0737de\BIT94.tmp” Fri 2 Jun 2006 982,864 A…H. — “C:\WINDOWS\SoftwareDistribution\Download\86fec2ec763d50482691ab609a9ccbb4\BIT98.tmp” Thu 21 Sep 2006 827,216 A…H. — “C:\WINDOWS\SoftwareDistribution\Download\b69fca0ff65ffc440c9b1062ec4479e2\BITAB.tmp” Thu 8 Dec 2005 150,060 A…H. — “C:\WINDOWS\SoftwareDistribution\Download\c18e13f862e731f5f8bdb6fde98381d9\BIT88.tmp” Wed 29 Mar 2006 2,385,160 A…H. — “C:\WINDOWS\SoftwareDistribution\Download\c84e26852f261c8c28af39aa23daa003\BIT8F.tmp” Finished!

adam9870 · 16 Październik 2007 13:44

Wykonaj i wklej log z ComboFix.

vinimiki · 16 Październik 2007 19:03

ComboFix 07-10-16.1 - mimi 2007-10-16 20:53:22.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.933 [GMT 2:00] Running from: C:\Documents and Settings\mimi\Pulpit\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\myglobalsearch C:\Program Files\myglobalsearch\bar\History\search C:\WINDOWS\system32\wsnpoem C:\WINDOWS\system32\wsnpoem\audio.dll.cla . ((((((((((((((((((((((((( Files Created from 2007-09-16 to 2007-10-16 ))))))))))))))))))))))))))))))) . 2007-10-16 09:10 2007-10-10 10:28 584,192 -----c— C:\WINDOWS\system32\dllcache\rpcrt4.dll 2007-10-04 22:00 2007-10-01 22:45 2007-09-28 22:14 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-09-27 22:48 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys 2007-09-27 22:48 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll 2007-09-27 22:48 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys 2007-09-27 22:48 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys 2007-09-27 22:48 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys 2007-09-27 00:26 2007-09-20 16:00 12,015,648 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2007-09-20 15:57 2007-09-19 09:44 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-16 18:56 146,012 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2007-10-16 18:19 --------- d-----w C:\Documents and Settings\mimi\Dane aplikacji\Skype 2007-09-27 20:51 --------- d-----w C:\Program Files\Nokia 2007-09-27 20:51 --------- d-----w C:\Program Files\Common Files\Nokia 2007-09-19 07:41 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\PC Suite 2007-09-13 01:51 --------- d-----w C:\Program Files\eMule 2007-09-06 14:14 75,248 ----a-w C:\WINDOWS\zllsputility.exe 2007-09-06 10:05 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys 2007-09-06 10:05 92,848 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys 2007-09-06 10:03 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys 2007-09-06 10:02 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys 2007-09-06 10:00 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys 2007-08-16 17:28 --------- d-----w C:\Documents and Settings\mimi\Dane aplikacji\CyberLink 2007-03-07 20:36 30,240 ----a-w C:\Documents and Settings\mimi\Dane aplikacji\GDIPFONTCACHEV1.DAT 2004-03-11 12:27 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe 2007-04-30 10:24:45 848 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys . – Snapshot reset to current date – . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-09-06 12:06] “PCSuiteTrayApplication”=“C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe” [2007-03-23 13:20] “ZoneAlarm Client”=“C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe” [2007-09-06 16:14] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2006-02-17 15:03] “Skype”=“C:\Program Files\Skype\Phone\Skype.exe” [2007-05-28 14:52] “ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 01:44] “H/PC Connection Agent”=“C:\Program Files\Microsoft ActiveSync\wcescomm.exe” [2006-06-27 02:54] [HKEY_USERS.default\software\microsoft\windows\currentversion\run] “Nokia.PCSync”=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys R0 viasraid;viasraid;C:\WINDOWS\system32\DRIVERS\viasraid.sys R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys S3 GT680x;BearPaw 2448TA Plus Usb Scanner;C:\WINDOWS\system32\Drivers\Gt680x.sys [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{7c24a54b-15e0-11dc-98ec-000e509168cd}] AutoRun\command - H:\InstallTomTomHOME.exe . Contents of the ‘Scheduled Tasks’ folder “2007-10-16 18:26:01 C:\WINDOWS\Tasks\HP Usg Daily.job” . ************************************************************************** catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-16 20:57:47 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-10-16 21:00:18 - machine was rebooted C:\ComboFix-quarantined-files.txt … 2007-09-29 10:52 C:\ComboFix2.txt … 2007-09-29 10:52 C:\ComboFix3.txt … 2007-09-28 22:54 . — E O F —

Gutek · 16 Październik 2007 21:10

Skan AVG Anti-Spyware 7.5 po update + raport

vinimiki · 17 Październik 2007 22:21

przy sklanowaniu combo fixem wyskakuje info ze jest problem z aplikacja sed.cfexe a pozniej jest traki log

ComboFix 07-10-16.1 - mimi 2007-10-18 0:14:37.5 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1048 [GMT 2:00] Running from: C:\Documents and Settings\mimi\Pulpit\diagnostykas kompa\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2007-09-17 to 2007-10-17 ))))))))))))))))))))))))))))))) . 2007-10-18 00:08 2007-10-18 00:08 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2007-10-18 00:08 1,559,040 --a------ C:\WINDOWS\system32\xvidcore.dll 2007-10-18 00:08 739,840 --a------ C:\WINDOWS\system32\divx.dll 2007-10-18 00:08 282,624 --a------ C:\WINDOWS\system32\xvidvfw.dll 2007-10-18 00:08 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll 2007-10-18 00:08 164,352 --a------ C:\WINDOWS\system32\unrar.dll 2007-10-18 00:08 81,920 --a------ C:\WINDOWS\system32\dpl100.dll 2007-10-18 00:08 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll 2007-10-17 23:26 2007-10-17 10:48 2007-10-16 09:10 2007-10-10 10:28 584,192 -----c— C:\WINDOWS\system32\dllcache\rpcrt4.dll 2007-10-04 22:00 2007-10-01 22:45 2007-09-28 22:14 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-09-27 22:48 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys 2007-09-27 22:48 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll 2007-09-27 22:48 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys 2007-09-27 22:48 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys 2007-09-27 22:48 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys 2007-09-27 00:26 2007-09-20 16:00 13,291,552 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2007-09-20 15:57 2007-09-19 09:44 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-17 22:08 --------- d-----w C:\Documents and Settings\mimi\Dane aplikacji\Skype 2007-10-17 22:04 160,460 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2007-09-27 20:51 --------- d-----w C:\Program Files\Nokia 2007-09-27 20:51 --------- d-----w C:\Program Files\Common Files\Nokia 2007-09-19 07:41 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\PC Suite 2007-09-13 01:51 --------- d-----w C:\Program Files\eMule 2007-09-06 14:14 75,248 ----a-w C:\WINDOWS\zllsputility.exe 2007-09-06 14:14 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll 2007-09-06 10:09 801,144 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-09-06 10:05 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys 2007-09-06 10:05 92,848 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys 2007-09-06 10:03 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys 2007-09-06 10:02 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys 2007-09-06 10:00 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr 2007-09-06 10:00 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys 2007-08-21 06:18 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-07-30 17:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll 2007-07-30 17:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll 2007-07-30 17:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe 2007-07-30 17:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll 2007-07-30 17:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll 2007-07-30 17:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll 2007-07-30 17:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll 2007-07-30 17:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll 2007-03-07 20:36 30,240 ----a-w C:\Documents and Settings\mimi\Dane aplikacji\GDIPFONTCACHEV1.DAT 2004-03-11 12:27 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe 2007-04-30 10:24:45 848 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-09-06 12:06] “PCSuiteTrayApplication”=“C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe” [2007-03-23 13:20] “ZoneAlarm Client”=“C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe” [2007-09-06 16:14] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2006-02-17 15:03] “Skype”=“C:\Program Files\Skype\Phone\Skype.exe” [2007-05-28 14:52] “ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 01:44] “H/PC Connection Agent”=“C:\Program Files\Microsoft ActiveSync\wcescomm.exe” [2006-06-27 02:54] [HKEY_USERS.default\software\microsoft\windows\currentversion\run] “Nokia.PCSync”=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys R0 viasraid;viasraid;C:\WINDOWS\system32\DRIVERS\viasraid.sys R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys S3 GT680x;BearPaw 2448TA Plus Usb Scanner;C:\WINDOWS\system32\Drivers\Gt680x.sys [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{7c24a54b-15e0-11dc-98ec-000e509168cd}] AutoRun\command - H:\InstallTomTomHOME.exe . Contents of the ‘Scheduled Tasks’ folder “2007-10-17 18:26:02 C:\WINDOWS\Tasks\HP Usg Daily.job” . ************************************************************************** catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-18 00:17:12 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-10-18 0:18:06 C:\ComboFix-quarantined-files.txt … 2007-09-29 10:52 C:\ComboFix2.txt … 2007-10-16 21:00 C:\ComboFix3.txt … 2007-09-29 10:52 . — E O F —