Wyskakujace bloki ataków

Kruk_I · 16 Maj 2007 14:02

Logfile of HijackThis v1.99.1 Scan saved at 15:44:47, on 2007-05-16 Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avast4\aswUpdSv.exe C:\Program Files\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\Program Files\Nero\ODD Toolkit\DVDTray.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\PROGRA~1\NEOSTR~1\CnxMon.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe C:\PROGRA~1\Avast4\ashDisp.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\WINDOWS\System32\RUNDLL32.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\System32\NSecurity.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Avast4\ashWebSv.exe C:\Program Files\Avast4\ashMaiSv.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Avast4\ashSimpl.exe C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe C:\PROGRA~1\NEOSTR~1\ComComp.exe C:\PROGRA~1\NEOSTR~1\Watch.exe C:\Program Files\AQQ\AQQ.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Program Files\Real\RealPlayer\realplay.exe C:\Documents and Settings\Administrator!\Pulpit\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [DVDTray] C:\Program Files\Nero\ODD Toolkit\DVDTray.exe O4 - HKLM…\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM…\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb03.exe O4 - HKLM…\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe O4 - HKLM…\Run: [speedTouch USB Diagnostics] “C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon O4 - HKLM…\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe O4 - HKLM…\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe O4 - HKLM…\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot O4 - HKLM…\Run: [Network Security] C:\WINDOWS\System32\NSecurity.exe O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU…\Run: [AQQ] C:\PROGRA~1\AQQ\AQQ.exe O4 - HKCU…\Run: [Network Security] C:\WINDOWS\System32\NSecurity.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Przyspieszenie uruchomienia programu AutoCAD.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O17 - HKLM\System\CCS\Services\Tcpip…{B7B365D5-6922-4A18-978A-192E5540A9A6}: NameServer = 194.204.159.1 217.98.63.164 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

To moj wykaz z hijackthis o co chodzi, mam antyvirusa Avastv4.7 Home co jakis czas wyswitlal komunikat ze zablokowal atak na pewien plik (niestety nie pamietam jaki) myslalem ze to jakis spam no i narazie sie uspokoilo chodz obawiam sie ze to nie koniec problemow

teraz zaczal mi wyskakiwac taki komunikat od Kerio

daje Zamknij ale to nic nie pomaga i dreczy i meczy strasznie ;/

przeskanowalem ad-aware i wykryl kilka rzeczy ktore niezwlocznie usunolem

co do avasta przy wlanczaniu wyskoczyl komunikat ze jest vir w systemie operacyjnym i ze sie musi wylaczyc aby go usunac klikam OK lecz nastepnym komunikatem jest

Przepraszamy uzytkownik nie ma okreslonych praw do wykoniania tej operacji… co jest ??

Kilka dni temu robilem format całego kompuetra…

Prosze o sprawdzenie loga i pomoc

Gutek · 16 Maj 2007 14:21

w trybie awaryjnym usuń wpisy HJT, a plik i folder ręcznie

Daj log z Combofix

Kruk_I · 16 Maj 2007 15:08

“Administrator!” - 2007-05-16 16:57:45 Dodatek Service Pack. 1 ComboFix 07-05.13.2.V - Running from: “C:\Documents and Settings\Administrator!\Pulpit” ((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-16 )))))))))))))))))))))))))))))))))) 2007-05-16 16:51 524,288 --ah----- C:\DOCUME~1\ADMINI~2\NTUSER.DAT 2007-05-16 16:51 2007-05-16 16:51 2007-05-16 16:51 2007-05-16 16:51 2007-05-16 16:51 2007-05-16 16:51 2007-05-16 16:51 2007-05-16 16:42 2007-05-15 19:07 21,840 --a----t- C:\WINDOWS\system32\SIntfNT.dll 2007-05-15 19:07 17,212 --a----t- C:\WINDOWS\system32\SIntf32.dll 2007-05-15 19:07 12,067 --a----t- C:\WINDOWS\system32\SIntf16.dll 2007-05-14 21:51 2007-05-08 20:14 2007-05-08 19:12 182,880 --a------ C:\WINDOWS\system32\iuengine.dll 2007-05-08 12:50 679,936 --a------ C:\WINDOWS\system32\D3DX81ab.dll 2007-05-08 12:47 2007-05-08 12:20 52,209 --a------ C:\WINDOWS\War3Unin.dat 2007-05-08 12:20 2,829 --a------ C:\WINDOWS\War3Unin.pif 2007-05-08 12:20 139,264 --a------ C:\WINDOWS\War3Unin.exe 2007-05-08 12:05 223,128 --a------ C:\WINDOWS\system32\drivers\dtscsi.sys 2007-05-08 12:05 2007-05-07 19:42 90,240 --a------ C:\WINDOWS\system32\drivers\sptd4557.sys 2007-05-07 19:42 664,064 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-05-07 17:34 2007-05-07 17:32 2007-05-07 17:32 2007-05-07 17:32 2007-05-07 17:29 2007-05-07 17:28 2007-05-07 17:24 2007-05-07 17:23 2007-05-06 16:22 2007-05-06 12:37 532 --a------ C:\TEMP\assault.bat 2007-05-06 12:37 388,466 --a------ C:\TEMP\Assault2.exe 2007-05-06 12:37 298,527 --a------ C:\TEMP\Fonts.exe 2007-05-06 12:37 2007-05-06 12:37 2007-05-06 12:22 2007-05-06 12:22 2007-05-06 12:20 2007-05-06 12:18 2007-05-06 12:18 2007-05-06 12:18 2007-05-06 11:00 2007-05-05 22:02 2007-05-05 22:02 2007-05-05 21:59 2007-05-05 21:59 2007-05-05 21:58 208,896 --a------ C:\WINDOWS\system32\nvudisp.exe 2007-05-05 21:58 2007-05-05 21:57 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE 2007-05-05 21:57 2007-05-05 21:46 2007-05-05 21:45 2007-05-05 21:44 17,480 --a------ C:\WINDOWS\system32\drivers\hamachi.sys 2007-05-05 21:44 2007-05-05 21:44 2007-05-05 18:33 2,928 --a------ C:\WINDOWS\mozver.dat 2007-05-05 18:33 0 --a------ C:\WINDOWS\nsreg.dat 2007-05-05 18:33 2007-05-05 18:32 2007-05-05 18:32 2007-05-05 18:32 2007-05-05 18:32 2007-05-05 18:32 2007-05-05 18:32 2007-05-05 18:32 2007-05-05 18:32 2007-05-05 18:32 2007-05-05 18:32 2007-05-05 18:32 2007-05-05 18:32 2007-05-05 18:32 2007-05-05 18:32 2007-05-05 18:32 2007-05-05 18:32 2007-05-05 18:32 2007-05-05 18:32 2007-05-05 18:32 2007-05-05 18:32 2007-05-05 18:32 2007-05-05 18:32 2007-05-05 18:32 2007-05-05 18:32 2007-05-05 18:32 2007-05-05 18:32 2007-05-05 18:32 2007-05-05 18:32 2007-05-05 18:32 2007-05-05 18:32 2007-05-05 18:32 2007-05-05 18:32 2007-05-05 18:32 2007-05-05 18:32 2007-05-05 18:32 2007-05-05 18:32 2007-05-05 18:32 2007-05-05 18:32 2007-05-05 18:32 2007-05-05 18:32 2007-05-05 18:32 2007-05-05 18:32 2007-05-05 18:32 2007-05-05 18:32 2007-05-05 18:32 2007-05-05 18:32 2007-05-05 18:32 2007-05-05 18:32 2007-05-05 18:32 2007-05-05 18:32 2007-05-05 18:32 2007-05-05 18:32 2007-05-05 18:32 2007-05-05 18:32 2007-05-05 18:32 2007-05-05 18:32 2007-05-05 18:32 2007-05-05 18:30 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll 2007-05-05 18:30 8,192 --a------ C:\WINDOWS\system32\kbdkor.dll 2007-05-05 18:30 6,144 --a------ C:\WINDOWS\system32\kbd106.dll 2007-05-05 18:30 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll 2007-05-05 18:30 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll 2007-05-05 18:30 5,632 --a------ C:\WINDOWS\system32\kbd103.dll 2007-05-05 18:30 2007-05-05 18:28 2007-05-05 18:28 2007-05-05 18:28 2007-05-05 18:20 2007-05-05 18:09 94,552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2007-05-05 18:09 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2007-05-05 18:09 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2007-05-05 18:09 26,888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2007-05-05 18:09 23,416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2007-05-05 18:08 95,872 --a------ C:\WINDOWS\system32\AVASTSS.scr 2007-05-05 18:08 745,600 --a------ C:\WINDOWS\system32\aswBoot.exe 2007-05-05 18:08 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll 2007-05-05 18:08 348,160 --a------ C:\WINDOWS\system32\MSVCR71.dll 2007-05-05 18:08 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll 2007-05-05 18:08 2007-05-05 18:05 2007-05-05 18:05 2007-05-05 18:03 2007-05-05 18:03 2007-05-05 18:03 2007-05-05 18:02 2007-05-05 17:55 32,768 --a------ C:\WINDOWS\system32\WooDial2000.dll 2007-05-05 17:54 70,688 --a------ C:\WINDOWS\system32\drivers\alcaudsl.sys 2007-05-05 17:54 53,600 --a------ C:\WINDOWS\system32\drivers\alcan5wn.sys 2007-05-05 17:54 5,606 --a------ C:\WINDOWS\system32\stci.dll 2007-05-05 17:54 5,280 --a------ C:\WINDOWS\system32\drivers\alcawh.sys 2007-05-05 17:54 41,068 --------- C:\WINDOWS\system32\ActPanel.dll 2007-05-05 17:54 3,968 --a------ C:\WINDOWS\system32\drivers\alcacr.sys 2007-05-05 17:54 2007-05-05 17:54 2007-05-05 17:54 2007-05-05 17:53 2007-05-05 17:52 2007-05-05 17:47 77,440 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys 2007-05-05 17:47 56,832 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys 2007-05-05 17:47 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys 2007-05-05 17:47 50,048 --a------ C:\WINDOWS\system32\drivers\DMusic.sys 2007-05-05 17:47 5,888 --a------ C:\WINDOWS\system32\drivers\splitter.sys 2007-05-05 17:47 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys 2007-05-05 17:47 2,816 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys 2007-05-05 17:47 159,360 --a------ C:\WINDOWS\system32\drivers\kmixer.sys 2007-05-05 17:47 142,208 --a------ C:\WINDOWS\system32\drivers\aec.sys 2007-05-05 17:47 114,765 --a------ C:\WINDOWS\system32\hpzlnt03.dll 2007-05-05 17:46 57,856 --a------ C:\WINDOWS\system32\drivers\redbook.sys 2007-05-05 17:46 376 --a------ C:\WINDOWS\mozregistry.dat 2007-05-05 17:46 24,960 --a------ C:\WINDOWS\system32\drivers\usbprint.sys 2007-05-05 17:46 2007-05-05 17:45 9,856 --a------ C:\WINDOWS\system32\drivers\gameenum.sys 2007-05-05 17:45 70,144 --a------ C:\WINDOWS\system32\usbui.dll 2007-05-05 17:45 57,856 --a------ C:\WINDOWS\system32\drivers\drmk.sys 2007-05-05 17:45 27,392 --a------ C:\WINDOWS\system32\drivers\VIAAGP.SYS 2007-05-05 17:45 2,944 --a------ C:\WINDOWS\system32\drivers\msmpu401.sys 2007-05-05 17:45 134,272 --a------ C:\WINDOWS\system32\drivers\portcls.sys 2007-05-05 17:45 2007-05-05 17:44 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll 2007-05-05 17:44 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll 2007-05-05 17:44 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll 2007-05-05 17:44 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll 2007-05-05 17:44 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll 2007-05-05 17:44 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll 2007-05-05 17:44 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll 2007-05-05 17:44 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll 2007-05-05 17:44 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll 2007-05-05 17:44 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll 2007-05-05 17:44 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll 2007-05-05 17:44 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll 2007-05-05 17:44 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll 2007-05-05 17:44 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll 2007-05-05 17:44 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll 2007-05-05 17:44 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll 2007-05-05 17:44 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll 2007-05-05 17:44 14,208 --a------ C:\WINDOWS\system32\drivers\usbscan.sys 2007-05-05 17:44 2007-05-05 17:44 2007-05-05 17:44 2007-05-05 17:44 2007-05-05 17:44 2007-05-05 17:43 9,936 --a------ C:\WINDOWS\system\LZEXPAND.DLL 2007-05-05 17:43 9,168 --a------ C:\WINDOWS\system\VER.DLL 2007-05-05 17:43 85,532 --a------ C:\WINDOWS\system32\dgsetup.dll 2007-05-05 17:43 83,456 --a------ C:\WINDOWS\system\OLECLI.DLL 2007-05-05 17:43 82,380 --a------ C:\WINDOWS\system32\drivers\AFS2K.SYS 2007-05-05 17:43 72,192 --a------ C:\WINDOWS\system32\storprop.dll 2007-05-05 17:43 70,096 --a------ C:\WINDOWS\system\AVICAP.DLL 2007-05-05 17:43 7,168 --a------ C:\WINDOWS\system32\kbdcz.dll 2007-05-05 17:43 69,712 --a------ C:\WINDOWS\system\MMSYSTEM.DLL 2007-05-05 17:43 67,072 --a------ C:\WINDOWS\NOTEPAD.EXE 2007-05-05 17:43 6,656 --a------ C:\WINDOWS\system32\kbdycl.dll 2007-05-05 17:43 6,656 --a------ C:\WINDOWS\system32\kbdsl1.dll 2007-05-05 17:43 6,656 --a------ C:\WINDOWS\system32\kbdsl.dll 2007-05-05 17:43 6,656 --a------ C:\WINDOWS\system32\kbdhu.dll 2007-05-05 17:43 6,656 --a------ C:\WINDOWS\system32\kbdcz2.dll 2007-05-05 17:43 6,656 --a------ C:\WINDOWS\system32\kbdcz1.dll 2007-05-05 17:43 6,656 --a------ C:\WINDOWS\system32\kbdcr.dll 2007-05-05 17:43 6,656 --a------ C:\WINDOWS\system32\KBDAL.DLL 2007-05-05 17:43 6,656 --a------ C:\WINDOWS\system32\batt.dll 2007-05-05 17:43 5,632 --a------ C:\WINDOWS\system32\kbdro.dll 2007-05-05 17:43 5,632 --a------ C:\WINDOWS\system32\kbdhu1.dll 2007-05-05 17:43 5,120 --a------ C:\WINDOWS\system\SHELL.DLL 2007-05-05 17:43 33,376 --a------ C:\WINDOWS\system\COMMDLG.DLL 2007-05-05 17:43 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll 2007-05-05 17:43 24,064 --a------ C:\WINDOWS\system\OLESVR.DLL 2007-05-05 17:43 19,200 --a------ C:\WINDOWS\system\TAPI.DLL 2007-05-05 17:43 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll 2007-05-05 17:43 15,360 --a------ C:\WINDOWS\TASKMAN.EXE 2007-05-05 17:43 13,312 --a------ C:\WINDOWS\system32\irclass.dll 2007-05-05 17:43 127,008 --a------ C:\WINDOWS\system\MSVIDEO.DLL 2007-05-05 17:43 109,488 --a------ C:\WINDOWS\system\AVIFILE.DLL 2007-05-05 17:43 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll 2007-05-05 17:43 10,496 --a------ C:\WINDOWS\system32\drivers\irenum.sys 2007-05-05 17:43 2007-05-05 17:43 2007-05-05 17:43 2007-05-05 17:43 2007-05-05 17:43 2007-05-05 17:43 2007-05-05 17:43 2007-05-05 17:43 2007-05-05 17:43 2007-05-05 17:43 2007-05-05 17:43 2007-05-05 17:42 2007-05-05 17:42 2007-05-05 17:42 2007-05-05 17:42 2007-05-05 17:42 2007-05-05 17:41 2007-05-05 17:41 2007-05-05 17:40 44,852 -ra------ C:\WINDOWS\system32\drivers\viaudio.sys 2007-05-05 17:38 50,112 --a------ C:\WINDOWS\system32\drivers\VIADSK.SYS 2007-05-05 17:38 2007-05-05 17:38 2007-05-05 17:36 306,688 --a------ C:\WINDOWS\IsUninst.exe 2007-05-05 17:36 3,033 --a------ C:\WINDOWS\system32\drivers\VIAPFD.SYS 2007-05-05 17:36 24,064 --a------ C:\WINDOWS\autoload.exe 2007-05-05 17:36 2007-05-05 17:30 2007-05-05 17:22 2,920,448 --------- C:\WINDOWS\UNNMP.exe 2007-05-05 17:22 2007-05-05 17:21 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe 2007-05-05 17:20 2007-05-05 17:19 997,888 --a------ C:\WINDOWS\system32\wmvdmoe2.dll 2007-05-05 17:19 981,504 --a------ C:\WINDOWS\system32\wmnetmgr.dll 2007-05-05 17:19 892,416 --a------ C:\WINDOWS\system32\wmspdmoe.dll 2007-05-05 17:19 82,432 --a------ C:\WINDOWS\system32\drmstor.dll 2007-05-05 17:19 816,264 --a------ C:\WINDOWS\system32\wmvdmod.dll 2007-05-05 17:19 81,408 --a------ C:\WINDOWS\system32\logagent.exe 2007-05-05 17:19 760,968 --a------ C:\WINDOWS\system32\wmsdmod.dll 2007-05-05 17:19 678,912 --a------ C:\WINDOWS\system32\drmv2clt.dll 2007-05-05 17:19 670,208 --a------ C:\WINDOWS\system32\wmadmoe.dll 2007-05-05 17:19 6,656 --a------ C:\WINDOWS\system32\laprxy.dll 2007-05-05 17:19 486,536 --a------ C:\WINDOWS\system32\wmspdmod.dll 2007-05-05 17:19 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll 2007-05-05 17:19 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll 2007-05-05 17:19 410,248 --a------ C:\WINDOWS\system32\wmadmod.dll 2007-05-05 17:19 384,512 --a------ C:\WINDOWS\system32\mp4sdmod.dll 2007-05-05 17:19 38,912 --------- C:\WINDOWS\system32\picn20.dll 2007-05-05 17:19 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll 2007-05-05 17:19 316,040 --a------ C:\WINDOWS\system32\mp43dmod.dll 2007-05-05 17:19 301,712 --a------ C:\WINDOWS\system32\drmclien.dll 2007-05-05 17:19 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll 2007-05-05 17:19 253,952 --a------ C:\WINDOWS\system32\msnetobj.dll 2007-05-05 17:19 241,664 --a------ C:\WINDOWS\system32\qasf.dll 2007-05-05 17:19 241,664 --a------ C:\WINDOWS\system32\mpg4dmod.dll 2007-05-05 17:19 24,064 --------- C:\WINDOWS\system32\msxml3a.dll 2007-05-05 17:19 232,960 --a------ C:\WINDOWS\system32\blackbox.dll 2007-05-05 17:19 218,112 --a------ C:\WINDOWS\system32\wmasf.dll 2007-05-05 17:19 2,977,792 --------- C:\WINDOWS\UNNeroVision.exe 2007-05-05 17:19 143,360 --a------ C:\WINDOWS\system32\wmidx.dll 2007-05-05 17:19 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll 2007-05-05 17:19 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll 2007-05-05 17:19 1,111,040 --a------ C:\WINDOWS\system32\wmsdmoe2.dll 2007-05-05 17:19 2007-05-05 17:18 2007-05-05 17:18 2007-05-05 17:18 2007-05-05 17:17 98,816 --a------ C:\WINDOWS\system32\dmstyle.dll 2007-05-05 17:17 974,848 --a------ C:\WINDOWS\system32\dxdiag.exe 2007-05-05 17:17 83,968 --a------ C:\WINDOWS\system32\drivers\nabtsfec.sys 2007-05-05 17:17 80,896 --a------ C:\WINDOWS\system32\dpvsetup.exe 2007-05-05 17:17 8,192 --a------ C:\WINDOWS\system32\d3d8thk.dll 2007-05-05 17:17 797,184 --a------ C:\WINDOWS\system32\d3dim700.dll 2007-05-05 17:17 79,360 --a------ C:\WINDOWS\system32\dpwsockx.dll 2007-05-05 17:17 77,824 --a------ C:\WINDOWS\system32\dpmodemx.dll 2007-05-05 17:17 76,800 --a------ C:\WINDOWS\system32\dmscript.dll 2007-05-05 17:17 733,184 --a------ C:\WINDOWS\system32\qedwipes.dll 2007-05-05 17:17 723,968 --a------ C:\WINDOWS\system32\dpnet.dll 2007-05-05 17:17 7,424 --a------ C:\WINDOWS\system32\drivers\mskssrv.sys 2007-05-05 17:17 68,096 --a------ C:\WINDOWS\system32\dpnhupnp.dll 2007-05-05 17:17 64,512 --a------ C:\WINDOWS\system32\amstream.dll 2007-05-05 17:17 602,624 --a------ C:\WINDOWS\system32\dx7vb.dll 2007-05-05 17:17 58,368 --a------ C:\WINDOWS\system32\dmcompos.dll 2007-05-05 17:17 52,096 --a------ C:\WINDOWS\system32\drivers\msdv.sys 2007-05-05 17:17 5,504 --a------ C:\WINDOWS\system32\drivers\mstee.sys 2007-05-05 17:17 5,248 --a------ C:\WINDOWS\system32\drivers\mspclock.sys 2007-05-05 17:17 491,520 --a------ C:\WINDOWS\system32\dsdmoprp.dll 2007-05-05 17:17 48,512 --a------ C:\WINDOWS\system32\drivers\stream.sys 2007-05-05 17:17 470,528 --a------ C:\WINDOWS\system32\qdvd.dll 2007-05-05 17:17 47,104 --a------ C:\WINDOWS\system32\wstdecod.dll 2007-05-05 17:17 46,592 --a------ C:\WINDOWS\system32\dxdllreg.exe 2007-05-05 17:17 4,608 --a------ C:\WINDOWS\system32\drivers\mspqm.sys 2007-05-05 17:17 4,096 --a------ C:\WINDOWS\system32\ksuser.dll 2007-05-05 17:17 4,096 --a------ C:\WINDOWS\system32\drivers\swenum.sys 2007-05-05 17:17 381,952 --a------ C:\WINDOWS\system32\dsound.dll 2007-05-05 17:17 381,952 --a------ C:\WINDOWS\system32\dpvoice.dll 2007-05-05 17:17 354,816 --a------ C:\WINDOWS\system32\psisdecd.dll 2007-05-05 17:17 34,304 --a------ C:\WINDOWS\system32\mciqtz32.dll 2007-05-05 17:17 33,280 --a------ C:\WINDOWS\system32\dmloader.dll 2007-05-05 17:17 324,096 --a------ C:\WINDOWS\system32\mswebdvd.dll 2007-05-05 17:17 32,768 --a------ C:\WINDOWS\system32\dpnhpast.dll 2007-05-05 17:17 316,928 --a------ C:\WINDOWS\system32\qdv.dll 2007-05-05 17:17 3,072 --a------ C:\WINDOWS\system32\dpnlobby.dll 2007-05-05 17:17 3,072 --a------ C:\WINDOWS\system32\dpnaddr.dll 2007-05-05 17:17 292,864 --a------ C:\WINDOWS\system32\ddraw.dll 2007-05-05 17:17 28,160 --a------ C:\WINDOWS\system32\dplaysvr.exe 2007-05-05 17:17 27,136 --a------ C:\WINDOWS\system32\dmband.dll 2007-05-05 17:17 257,024 --a------ C:\WINDOWS\system32\qcap.dll 2007-05-05 17:17 24,064 --a------ C:\WINDOWS\system32\ddrawex.dll 2007-05-05 17:17 230,400 --a------ C:\WINDOWS\system32\dplayx.dll 2007-05-05 17:17 19,968 --a------ C:\WINDOWS\system32\dpvacm.dll 2007-05-05 17:17 186,880 --a------ C:\WINDOWS\system32\dsdmo.dll 2007-05-05 17:17 181,248 --a------ C:\WINDOWS\system32\dmime.dll 2007-05-05 17:17 18,944 --a------ C:\WINDOWS\system32\encapi.dll 2007-05-05 17:17 18,688 --a------ C:\WINDOWS\system32\drivers\wstcodec.sys 2007-05-05 17:17 18,432 --a------ C:\WINDOWS\system32\dswave.dll 2007-05-05 17:17 16,896 --a------ C:\WINDOWS\system32\msyuv.dll 2007-05-05 17:17 16,896 --a------ C:\WINDOWS\system32\dpnsvr.exe 2007-05-05 17:17 16,384 --a------ C:\WINDOWS\system32\drivers\ccdecode.sys 2007-05-05 17:17 15,104 --a------ C:\WINDOWS\system32\drivers\mpe.sys 2007-05-05 17:17 14,976 --a------ C:\WINDOWS\system32\drivers\streamip.sys 2007-05-05 17:17 132,608 --a------ C:\WINDOWS\system32\devenum.dll 2007-05-05 17:17 130,304 --a------ C:\WINDOWS\system32\drivers\ks.sys 2007-05-05 17:17 13,312 --a------ C:\WINDOWS\system32\msdmo.dll 2007-05-05 17:17 122,880 --a------ C:\WINDOWS\system32\dmusic.dll 2007-05-05 17:17 112,128 --a------ C:\WINDOWS\system32\dpvvox.dll 2007-05-05 17:17 11,392 --a------ C:\WINDOWS\system32\drivers\bdasup.sys 2007-05-05 17:17 100,864 --a------ C:\WINDOWS\system32\dmsynth.dll 2007-05-05 17:17 10,880 --a------ C:\WINDOWS\system32\drivers\slip.sys 2007-05-05 17:17 10,112 --a------ C:\WINDOWS\system32\drivers\ndisip.sys 2007-05-05 17:17 1,962,496 --a------ C:\WINDOWS\system32\quartz.dll 2007-05-05 17:17 1,798,144 --a------ C:\WINDOWS\system32\qedit.dll 2007-05-05 17:17 1,769,472 --a------ C:\WINDOWS\system32\dxdiagn.dll 2007-05-05 17:17 1,703,936 --a------ C:\WINDOWS\system32\d3d9.dll 2007-05-05 17:17 1,294,336 --a------ C:\WINDOWS\system32\dsound3d.dll 2007-05-05 17:17 1,230,336 --a------ C:\WINDOWS\system32\msvidctl.dll 2007-05-05 17:17 1,201,152 --a------ C:\WINDOWS\system32\d3d8.dll 2007-05-05 17:17 1,189,888 --a------ C:\WINDOWS\system32\dx8vb.dll 2007-05-05 17:14 2007-05-05 17:03 2,621,440 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT 2007-05-05 17:03 2007-05-05 17:03 2007-05-05 17:03 2007-05-05 17:03 2007-05-05 17:03 2007-05-05 17:03 2007-05-05 17:03 2007-05-05 17:03 2007-05-05 17:02 233,472 --ah----- C:\DOCUME~1\NETWOR~1\NTUSER.DAT 2007-05-05 17:02 233,472 --ah----- C:\DOCUME~1\LOCALS~1\NTUSER.DAT 2007-05-05 17:02 2007-05-05 17:02 2007-05-05 17:02 2007-05-05 17:02 2007-05-05 17:02 2007-05-05 17:02 2007-05-05 16:57 233,472 —h----- C:\DOCUME~1\DEFAUL~1\NTUSER.DAT 2007-05-05 16:57 0 -rahs---- C:\MSDOS.SYS 2007-05-05 16:57 0 -rahs---- C:\IO.SYS 2007-05-05 16:57 0 --a------ C:\CONFIG.SYS 2007-05-05 16:57 0 --a------ C:\AUTOEXEC.BAT 2007-05-05 16:57 2007-05-05 16:57 2007-05-05 16:56 112,128 --a------ C:\WINDOWS\system32\mapi32.dll 2007-05-05 16:55 2007-05-05 16:55 2007-05-05 16:55 2007-05-05 16:54 2007-05-05 16:53 81,920 --a------ C:\WINDOWS\system32\isign32.dll 2007-05-05 16:53 69,632 --a------ C:\WINDOWS\system32\icwdial.dll 2007-05-05 16:53 67,584 --a------ C:\WINDOWS\system32\acctres.dll 2007-05-05 16:53 61,440 --a------ C:\WINDOWS\system32\icwphbk.dll 2007-05-05 16:53 49,152 --a------ C:\WINDOWS\system32\inetres.dll 2007-05-05 16:53 40,960 --a------ C:\WINDOWS\system32\safrslv.dll 2007-05-05 16:53 39,424 --a------ C:\WINDOWS\system32\safrcdlg.dll 2007-05-05 16:53 33,792 --a------ C:\WINDOWS\system32\racpldlg.dll 2007-05-05 16:53 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe 2007-05-05 16:53 28,672 --a------ C:\WINDOWS\system32\isrdbg32.dll 2007-05-05 16:53 270,336 --a------ C:\WINDOWS\system32\inetcfg.dll 2007-05-05 16:53 26,624 --a------ C:\WINDOWS\system32\safrdm.dll 2007-05-05 16:53 221,696 --a------ C:\WINDOWS\system32\qmgr.dll 2007-05-05 16:53 17,408 --a------ C:\WINDOWS\system32\qmgrprxy.dll 2007-05-05 16:53 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll 2007-05-05 16:53 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll 2007-05-05 16:53 11,264 --a------ C:\WINDOWS\system32\atrace.dll 2007-05-05 16:53 2007-05-05 16:53 2007-05-05 16:53 2007-05-05 16:53 2007-05-05 16:53 2007-05-05 16:52 9,728 --a------ C:\WINDOWS\system32\mstinit.exe 2007-05-05 16:52 81,408 --a------ C:\WINDOWS\system32\msoert2.dll 2007-05-05 16:52 73,728 --a------ C:\WINDOWS\system32\ils.dll 2007-05-05 16:52 69,248 --a------ C:\WINDOWS\system32\drivers\sr.sys 2007-05-05 16:52 65,536 --a------ C:\WINDOWS\system32\msconf.dll 2007-05-05 16:52 63,488 --a------ C:\WINDOWS\system32\srclient.dll 2007-05-05 16:52 587,776 --a------ C:\WINDOWS\system32\inetcomm.dll 2007-05-05 16:52 32,256 --a------ C:\WINDOWS\system32\mnmdd.dll 2007-05-05 16:52 253,952 --a------ C:\WINDOWS\system32\mstask.dll 2007-05-05 16:52 24,576 --a------ C:\WINDOWS\system32\nmmkcert.dll 2007-05-05 16:52 228,864 --a------ C:\WINDOWS\system32\msoeacct.dll 2007-05-05 16:52 227,328 --a------ C:\WINDOWS\system32\srrstr.dll 2007-05-05 16:52 21,856 --a------ C:\WINDOWS\system32\emptyregdb.dat 2007-05-05 16:52 160,256 --a------ C:\WINDOWS\system32\schedsvc.dll 2007-05-05 16:52 159,232 --a------ C:\WINDOWS\system32\srsvc.dll 2007-05-05 16:52 2007-05-05 16:52 2007-05-05 16:51 73,216 --a------ C:\WINDOWS\system32\avwav.dll 2007-05-05 16:51 5,632 --a------ C:\WINDOWS\system32\write.exe 2007-05-05 16:51 494,592 --a------ C:\WINDOWS\system32\hypertrm.dll 2007-05-05 16:51 44,544 --a------ C:\WINDOWS\system32\hticons.dll 2007-05-05 16:51 183,296 --a------ C:\WINDOWS\system32\accwiz.exe 2007-05-05 16:51 16,384 --a------ C:\WINDOWS\system32\avmeter.dll 2007-05-05 16:51 139,264 --a------ C:\WINDOWS\system32\sndvol32.exe 2007-05-05 16:51 125,440 --a------ C:\WINDOWS\system32\sndrec32.exe 2007-05-05 16:51 2007-05-05 16:51 2007-05-05 16:51 2007-05-05 16:51 2007-05-05 16:51 2007-05-05 16:50 99,328 --a------ C:\WINDOWS\system32\clipbrd.exe 2007-05-05 16:50 9,728 --a------ C:\WINDOWS\system32\xolehlp.dll 2007-05-05 16:50 9,728 --a------ C:\WINDOWS\system32\reset.exe 2007-05-05 16:50 9,216 --a------ C:\WINDOWS\system32\wuauserv.dll 2007-05-05 16:50 9,216 --a------ C:\WINDOWS\system32\icaapi.dll 2007-05-05 16:50 89,088 --a------ C:\WINDOWS\system32\tscfgwmi.dll 2007-05-05 16:50 869,376 --a------ C:\WINDOWS\system32\msdtctm.dll 2007-05-05 16:50 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll 2007-05-05 16:50 83,968 --a------ C:\WINDOWS\system32\mtxoci.dll 2007-05-05 16:50 82,432 --a------ C:\WINDOWS\system32\comrepl.dll 2007-05-05 16:50 80,896 --a------ C:\WINDOWS\system32\charmap.exe 2007-05-05 16:50 75,912 --a------ C:\WINDOWS\system32\rdpwsx.dll 2007-05-05 16:50 61,952 --a------ C:\WINDOWS\system32\rdshost.exe 2007-05-05 16:50 605,696 --a------ C:\WINDOWS\system32\getuname.dll 2007-05-05 16:50 6,144 --a------ C:\WINDOWS\system32\msdtc.exe 2007-05-05 16:50 598,016 --a------ C:\WINDOWS\system32\mstscax.dll 2007-05-05 16:50 582,656 --a------ C:\WINDOWS\system32\catsrvut.dll 2007-05-05 16:50 57,856 --a------ C:\WINDOWS\system32\licwmi.dll 2007-05-05 16:50 57,344 --a------ C:\WINDOWS\system32\sol.exe 2007-05-05 16:50 56,832 --a------ C:\WINDOWS\system32\remotepg.dll 2007-05-05 16:50 56,832 --a------ C:\WINDOWS\system32\colbact.dll 2007-05-05 16:50 55,808 --a------ C:\WINDOWS\system32\freecell.exe 2007-05-05 16:50 54,784 --a------ C:\WINDOWS\system32\msdtclog.dll 2007-05-05 16:50 54,272 --a------ C:\WINDOWS\system32\stclient.dll 2007-05-05 16:50 534,016 --a------ C:\WINDOWS\system32\spider.exe 2007-05-05 16:50 53,248 --a------ C:\WINDOWS\system32\servdeps.dll 2007-05-05 16:50 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe 2007-05-05 16:50 495,616 --a------ C:\WINDOWS\system32\comuid.dll 2007-05-05 16:50 468,480 --a------ C:\WINDOWS\system32\clbcatq.dll 2007-05-05 16:50 44,032 --a------ C:\WINDOWS\system32\rdpclip.exe 2007-05-05 16:50 40,960 --a------ C:\WINDOWS\system32\tscupgrd.exe 2007-05-05 16:50 4,608 --a------ C:\WINDOWS\system32\rdpcfgex.dll 2007-05-05 16:50 4,096 --a------ C:\WINDOWS\system32\mtxex.dll 2007-05-05 16:50 390,144 --a------ C:\WINDOWS\system32\mstsc.exe 2007-05-05 16:50 38,024 --a------ C:\WINDOWS\system32\drivers\termdd.sys 2007-05-05 16:50 359,936 --a------ C:\WINDOWS\system32\msdtcprx.dll 2007-05-05 16:50 35,328 --a------ C:\WINDOWS\system32\winchat.exe 2007-05-05 16:50 342,016 --a------ C:\WINDOWS\system32\mspaint.exe 2007-05-05 16:50 33,792 --a------ C:\WINDOWS\system32\regini.exe 2007-05-05 16:50 32,768 --a------ C:\WINDOWS\system32\cfgbkend.dll 2007-05-05 16:50 25,600 --a------ C:\WINDOWS\system32\comaddin.dll 2007-05-05 16:50 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll 2007-05-05 16:50 231,424 --a------ C:\WINDOWS\system32\avtapi.dll 2007-05-05 16:50 22,528 --a------ C:\WINDOWS\system32\qwinsta.exe 2007-05-05 16:50 22,528 --a------ C:\WINDOWS\system32\msg.exe 2007-05-05 16:50 215,040 --a------ C:\WINDOWS\system32\catsrv.dll 2007-05-05 16:50 201,216 --a------ C:\WINDOWS\system32\termsrv.dll 2007-05-05 16:50 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll 2007-05-05 16:50 20,232 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys 2007-05-05 16:50 19,456 --a------ C:\WINDOWS\system32\qprocess.exe 2007-05-05 16:50 189,440 --a------ C:\WINDOWS\system32\wuaueng.dll 2007-05-05 16:50 182,400 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys 2007-05-05 16:50 177,152 --a------ C:\WINDOWS\system32\cmprops.dll 2007-05-05 16:50 17,920 --a------ C:\WINDOWS\system32\tsshutdn.exe 2007-05-05 16:50 17,408 --a------ C:\WINDOWS\system32\qappsrv.exe 2007-05-05 16:50 16,896 --a------ C:\WINDOWS\system32\mmfutil.dll 2007-05-05 16:50 16,384 --a------ C:\WINDOWS\system32\tskill.exe 2007-05-05 16:50 16,384 --a------ C:\WINDOWS\system32\rwinsta.exe 2007-05-05 16:50 151,040 --a------ C:\WINDOWS\system32\msdtcuiu.dll 2007-05-05 16:50 15,872 --a------ C:\WINDOWS\system32\logoff.exe 2007-05-05 16:50 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll 2007-05-05 16:50 15,360 --a------ C:\WINDOWS\system32\tsdiscon.exe 2007-05-05 16:50 15,360 --a------ C:\WINDOWS\system32\tscon.exe 2007-05-05 16:50 15,360 --a------ C:\WINDOWS\system32\shadow.exe 2007-05-05 16:50 147,456 --a------ C:\WINDOWS\system32\comsnap.dll 2007-05-05 16:50 142,336 --a------ C:\WINDOWS\system32\wuauclt.exe 2007-05-05 16:50 14,848 --a------ C:\WINDOWS\system32\rdpsnd.dll 2007-05-05 16:50 135,680 --a------ C:\WINDOWS\system32\rdchost.dll 2007-05-05 16:50 130,048 --a------ C:\WINDOWS\system32\sessmgr.exe 2007-05-05 16:50 128,000 --a------ C:\WINDOWS\system32\mshearts.exe 2007-05-05 16:50 12,288 --a------ C:\WINDOWS\system32\rdsaddin.exe 2007-05-05 16:50 119,808 --a------ C:\WINDOWS\system32\winmine.exe 2007-05-05 16:50 118,272 --a------ C:\WINDOWS\system32\mplay32.exe 2007-05-05 16:50 115,976 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys 2007-05-05 16:50 115,200 --a------ C:\WINDOWS\system32\calc.exe 2007-05-05 16:50 11,144 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys 2007-05-05 16:50 100,864 --a------ C:\WINDOWS\system32\clbcatex.dll 2007-05-05 16:50 1,225 --a------ C:\WINDOWS\system32\usrlogon.cmd 2007-05-05 16:50 1,172,992 --a------ C:\WINDOWS\system32\comsvcs.dll 2007-05-05 16:50 2007-05-05 16:50 2007-05-05 16:50 (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-05-07 15:28:14 67,298 ----a-w C:\WINDOWS\system32\perfc015.dat 2007-05-07 15:28:14 436,322 ----a-w C:\WINDOWS\system32\perfh015.dat 2007-05-05 16:30:25 2,560 ----a-w C:\WINDOWS\system32\BitCometRes.dll 2007-05-05 15:44:21 -------- d-----w C:\DOCUME~1\ADMINI~1\DANEAP~1\Folder przesyłania Share-to-Web 2007-05-05 14:55:33 -------- d-----w C:\Program Files\Usługi online (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-24 06:12] {37B85A21-692B-4205-9CAD-2626E4993404}=C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL [2007-05-05 18:28] {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}=C:\Program Files\BitComet\tools\BitCometBHO.dll [2007-01-11 17:05] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] “NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” “DVDTray”=“C:\Program Files\Nero\ODD Toolkit\DVDTray.exe” “Share-to-Web Namespace Daemon”=“C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe” “HPDJ Taskbar Utility”=“C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb03.exe” “WooCnxMon”=“C:\PROGRA~1\NEOSTR~1\CnxMon.exe” “SpeedTouch USB Diagnostics”="“C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon" “WOOWATCH”=“C:\PROGRA~1\NEOSTR~1\Watch.exe” “WOOTASKBARICON”=“C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe” “avast!”=“C:\PROGRA~1\Avast4\ashDisp.exe” “NvCplDaemon”=“RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup” “nwiz”=“nwiz.exe /install” “NvMediaCenter”=“RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit” “TkBellExe”="“C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2001-07-09 11:50] “DVDTray”=“C:\Program Files\Nero\ODD Toolkit\DVDTray.exe” [2004-09-03 10:58] “Share-to-Web Namespace Daemon”=“C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe” [2002-04-11 04:19] “HPDJ Taskbar Utility”=“C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb03.exe” [2001-07-05 18:43] “WooCnxMon”=“C:\PROGRA~1\NEOSTR~1\CnxMon.exe” [2003-10-16 18:07] “SpeedTouch USB Diagnostics”=“C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” [2004-01-26 11:38] “WOOWATCH”=“C:\PROGRA~1\NEOSTR~1\Watch.exe” [2003-10-16 18:07] “WOOTASKBARICON”=“C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe” [2003-10-16 18:07] “avast!”=“C:\PROGRA~1\Avast4\ashDisp.exe” [2007-04-30 17:42] “NvCplDaemon”=“C:\WINDOWS\System32\NvCpl.dll” [2006-06-01 17:22] “nwiz”=“nwiz.exe” [2006-06-01 17:22 C:\WINDOWS\system32\nwiz.exe]) “NvMediaCenter”=“C:\WINDOWS\System32\NvMcTray.dll” [2006-06-01 17:22] “TkBellExe”=“C:\Program Files\Common Files\Real\Update_OB\realsched.exe” [2007-05-06 12:18] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\System32\ctfmon.exe” [2002-09-29 00:00] “AQQ”=“C:\PROGRA~1\AQQ\AQQ.exe” [2006-06-05 16:59] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] “CTFMON.EXE”=“C:\WINDOWS\System32\ctfmon.exe” “AQQ”=“C:\PROGRA~1\AQQ\AQQ.exe” [HKEY_USERS.default\software\microsoft\windows\currentversion\run] “Network Security”=“C:\WINDOWS\System32\NSecurity.exe” HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages msv1_0\0\0 Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages scecli\0\0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService DnsCache\0\0 rpcss RpcSs\0\0 imgsvc StiSvc\0\0 termsvcs TermService\0\0 HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost ~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ backup-20070516-165327-259 O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL backup-20070516-165327-956 O4 - HKCU…\Run: [Network Security] C:\WINDOWS\System32\NSecurity.exe backup-20070516-165327-176 O4 - HKLM…\Run: [Network Security] C:\WINDOWS\System32\NSecurity.exe ******************************************************************** catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-05-16 17:04:53 Windows 5.1.2600 Dodatek Service Pack. 1 NTFS scanning hidden processes … ? [3560] scanning hidden services … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden processes: 1 hidden services: 0 hidden files: 0 ******************************************************************** Completion time: 2007-05-16 17:05:16 - machine was rebooted C:\ComboFix-quarantined-files.txt … 2007-05-16 17:05

usunołem tamte logi w trybie awaryjnym… przynajmniej przestalo sie to wyswietlac

Złączono Posta : 16.05.2007 (Sro) 17:11

powiedz tylko ze Ty to wszystko przeczytasz :o :o

Gutek · 16 Maj 2007 15:25

Otwórz Notatnik i wklej w nim to:

Plik >>> Zapisz jako >>> Ustaw rozszerzenie z TXT na Wszystkie pliki >>> zapisz pod nazwą FIX.REG >>> kliknij podwójnie zrobiony plik i potwierdź >>> reset kompa

Kruk_I · 16 Maj 2007 22:03

Zrobione to log z hijackthis po wszystkich “operacjach”…

Logfile of HijackThis v1.99.1 Scan saved at 00:02:00, on 2007-05-17 Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avast4\aswUpdSv.exe C:\Program Files\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Nero\ODD Toolkit\DVDTray.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\PROGRA~1\NEOSTR~1\CnxMon.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe C:\PROGRA~1\Avast4\ashDisp.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\WINDOWS\System32\RUNDLL32.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\System32\svcchosst.exe C:\WINDOWS\System32\ctfmon.exe C:\PROGRA~1\AQQ\AQQ.exe C:\Program Files\Avast4\ashMaiSv.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\Avast4\ashWebSv.exe C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe C:\PROGRA~1\NEOSTR~1\ComComp.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\PROGRA~1\NEOSTR~1\Watch.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Documents and Settings\Administrator!\Pulpit\Ściągnięte\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotinfolink.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [DVDTray] C:\Program Files\Nero\ODD Toolkit\DVDTray.exe O4 - HKLM…\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM…\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb03.exe O4 - HKLM…\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe O4 - HKLM…\Run: [speedTouch USB Diagnostics] “C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon O4 - HKLM…\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe O4 - HKLM…\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe O4 - HKLM…\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot O4 - HKLM…\Run: [msvccc66] svcchosst.exe O4 - HKLM…\RunServices: [msvccc66] svcchosst.exe O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU…\Run: [AQQ] C:\PROGRA~1\AQQ\AQQ.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Przyspieszenie uruchomienia programu AutoCAD.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O17 - HKLM\System\CCS\Services\Tcpip…{B7B365D5-6922-4A18-978A-192E5540A9A6}: NameServer = 194.204.159.1 217.98.63.164 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

Złączono Posta : 17.05.2007 (Czw) 0:04

Zrobione to log z hijackthis po wszystkich “operacjach”…

Logfile of HijackThis v1.99.1 Scan saved at 00:02:00, on 2007-05-17 Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avast4\aswUpdSv.exe C:\Program Files\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Nero\ODD Toolkit\DVDTray.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\PROGRA~1\NEOSTR~1\CnxMon.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe C:\PROGRA~1\Avast4\ashDisp.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\WINDOWS\System32\RUNDLL32.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\System32\svcchosst.exe C:\WINDOWS\System32\ctfmon.exe C:\PROGRA~1\AQQ\AQQ.exe C:\Program Files\Avast4\ashMaiSv.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\Avast4\ashWebSv.exe C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe C:\PROGRA~1\NEOSTR~1\ComComp.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\PROGRA~1\NEOSTR~1\Watch.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Documents and Settings\Administrator!\Pulpit\Ściągnięte\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotinfolink.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [DVDTray] C:\Program Files\Nero\ODD Toolkit\DVDTray.exe O4 - HKLM…\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM…\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb03.exe O4 - HKLM…\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe O4 - HKLM…\Run: [speedTouch USB Diagnostics] “C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon O4 - HKLM…\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe O4 - HKLM…\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe O4 - HKLM…\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot O4 - HKLM…\Run: [msvccc66] svcchosst.exe O4 - HKLM…\RunServices: [msvccc66] svcchosst.exe O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU…\Run: [AQQ] C:\PROGRA~1\AQQ\AQQ.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Przyspieszenie uruchomienia programu AutoCAD.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O17 - HKLM\System\CCS\Services\Tcpip…{B7B365D5-6922-4A18-978A-192E5540A9A6}: NameServer = 194.204.159.1 217.98.63.164 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

qrczak13 · 16 Maj 2007 22:22

Pobierz Windows Worms Doors Cleaner, ustaw znaczki na zielono, Netbios może być na żółto.

Po użyciu narzędzia wymagany jest restart.

Ściągasz Pocket Killbox,

zaznaczasz Delete on reboot , w polu full path of file wklej ścieżkę:

C:\WINDOWS\System32\svcchosst.exe

i naciskasz X czerwony. Program poprosi o reset kompa, co robisz.

Usuń w HJT.

Nowy log HJT i SilentRunners.

Kruk_I · 17 Maj 2007 16:01

zrobione…

hijackthis

Logfile of HijackThis v1.99.1 Scan saved at 18:00:53, on 2007-05-17 Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Avast4\aswUpdSv.exe C:\Program Files\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Nero\ODD Toolkit\DVDTray.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\PROGRA~1\NEOSTR~1\CnxMon.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\PROGRA~1\Avast4\ashDisp.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\WINDOWS\System32\RUNDLL32.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\System32\ctfmon.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe D:\Diablo II\Game.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Avast4\ashMaiSv.exe C:\Program Files\Avast4\ashWebSv.exe C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe C:\PROGRA~1\NEOSTR~1\ComComp.exe C:\Program Files\AQQ\AQQ.exe C:\PROGRA~1\NEOSTR~1\Watch.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\WINDOWS\System32\WScript.exe C:\Documents and Settings\Administrator!\Pulpit\Ściągnięte\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotinfolink.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [DVDTray] C:\Program Files\Nero\ODD Toolkit\DVDTray.exe O4 - HKLM…\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM…\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb03.exe O4 - HKLM…\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe O4 - HKLM…\Run: [speedTouch USB Diagnostics] “C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon O4 - HKLM…\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe O4 - HKLM…\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe O4 - HKLM…\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU…\Run: [AQQ] C:\PROGRA~1\AQQ\AQQ.exe O4 - HKCU…\Run: [Odkurzacz-MCD] C:\Program Files\Odkurzacz\odk_mcd.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Przyspieszenie uruchomienia programu AutoCAD.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O17 - HKLM\System\CCS\Services\Tcpip…{B7B365D5-6922-4A18-978A-192E5540A9A6}: NameServer = 194.204.159.1 217.98.63.164 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

Złączono Posta : 17.05.2007 (Czw) 18:05

no i sillent runner

“Silent Runners.vbs”, revision R50, http://www.silentrunners.org/ Operating System: Windows XP Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “CTFMON.EXE” = “C:\WINDOWS\System32\ctfmon.exe” [MS] “AQQ” = “C:\PROGRA~1\AQQ\AQQ.exe” [“AQQ Sp. z o.o.”] “Odkurzacz-MCD” = “C:\Program Files\Odkurzacz\odk_mcd.exe” [“Franmo Software”] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “NeroFilterCheck” = “C:\WINDOWS\system32\NeroCheck.exe” [“Ahead Software Gmbh”] “DVDTray” = “C:\Program Files\Nero\ODD Toolkit\DVDTray.exe” [“Hewlett-Packard Company”] “Share-to-Web Namespace Daemon” = “C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe” [“Hewlett-Packard”] “HPDJ Taskbar Utility” = “C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb03.exe” [“HP”] “WooCnxMon” = “C:\PROGRA~1\NEOSTR~1\CnxMon.exe” [empty string] “SpeedTouch USB Diagnostics” = ““C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon” [“THOMSON Telecom Belgium”] “WOOWATCH” = “C:\PROGRA~1\NEOSTR~1\Watch.exe” [“France Télécom R&D”] “WOOTASKBARICON” = “C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe” [“France Télécom R&D”] “avast!” = “C:\PROGRA~1\Avast4\ashDisp.exe” [“ALWIL Software”] “NvCplDaemon” = “RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup” [MS] “nwiz” = “nwiz.exe /install” [“NVIDIA Corporation”] “NvMediaCenter” = “RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit” [MS] “TkBellExe” = ““C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot” [“RealNetworks, Inc.”] HKLM\Software\Microsoft\Active Setup\Installed Components\ {306D6C21-C1B6-4629-986C-E59E1875B8AF}(Default) = (no title provided) \StubPath = ““C:\WINDOWS\System32\rundll32.exe” “C:\Program Files\Messenger\msgsc.dll”,ShowIconsUser” [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM…CLSID} = “AcroIEHlprObj Class” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”] {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}(Default) = “BitComet ClickCapture” -> {HKLM…CLSID} = “BitComet Helper” \InProcServer32(Default) = “C:\Program Files\BitComet\tools\BitCometBHO.dll” [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\System32\hticons.dll” [“Hilgraeve, Inc.”] “{0006F045-0000-0000-C000-000000000046}” = “Microsoft Outlook Custom Icon Handler” -> {HKLM…CLSID} = “Rozszerzenie ikon plików programu Outlook” \InProcServer32(Default) = “C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL” [MS] “{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Microsoft Office\Office10\msohev.dll” [MS] “{A4DF5659-0801-4A60-9607-1C48695EFDA9}” = “Folder przesyłania Share-to-Web” -> {HKLM…CLSID} = “Folder przesyłania Share-to-Web” \InProcServer32(Default) = “C:\Program Files\Hewlett-Packard\HP Share-to-Web\HPGS2WNS.DLL” [“Hewlett-Packard”] “{472083B0-C522-11CF-8763-00608CC02F24}” = “avast” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Avast4\ashShell.dll” [“ALWIL Software”] “{A70C977A-BF00-412C-90B7-034C51DA2439}” = “NvCpl DesktopContext Class” -> {HKLM…CLSID} = “DesktopContext Class” \InProcServer32(Default) = “C:\WINDOWS\System32\nvcpl.dll” [“NVIDIA Corporation”] “{FFB699E0-306A-11d3-8BD1-00104B6F7516}” = “Play on my TV helper” -> {HKLM…CLSID} = “NVIDIA CPL Extension” \InProcServer32(Default) = “C:\WINDOWS\System32\nvcpl.dll” [“NVIDIA Corporation”] “{E0D79304-84BE-11CE-9641-444553540000}” = “WinZip” -> {HKLM…CLSID} = “WinZip” \InProcServer32(Default) = “C:\PROGRA~1\WINZIP\WZSHLSTB.DLL” [“WinZip Computing LP”] “{E0D79305-84BE-11CE-9641-444553540000}” = “WinZip” -> {HKLM…CLSID} = “WinZip” \InProcServer32(Default) = “C:\PROGRA~1\WINZIP\WZSHLSTB.DLL” [“WinZip Computing LP”] “{E0D79306-84BE-11CE-9641-444553540000}” = “WinZip” -> {HKLM…CLSID} = “WinZip” \InProcServer32(Default) = “C:\PROGRA~1\WINZIP\WZSHLSTB.DLL” [“WinZip Computing LP”] “{E0D79307-84BE-11CE-9641-444553540000}” = “WinZip” -> {HKLM…CLSID} = “WinZip” \InProcServer32(Default) = “C:\PROGRA~1\WINZIP\WZSHLSTB.DLL” [“WinZip Computing LP”] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] “{1CDB2949-8F65-4355-8456-263E7C208A5D}” = “Desktop Explorer” -> {HKLM…CLSID} = “Desktop Explorer” \InProcServer32(Default) = “C:\WINDOWS\System32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A47}” = “Desktop Explorer Menu” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\System32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A48}” = “nView Desktop Context Menu” -> {HKLM…CLSID} = “nView Desktop Context Menu” \InProcServer32(Default) = “C:\WINDOWS\System32\nvshell.dll” [“NVIDIA Corporation”] “{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}” = “Shell Extensions for RealOne Player” -> {HKLM…CLSID} = “RealOne Player Context Menu Class” \InProcServer32(Default) = “C:\Program Files\Real\RealPlayer\rpshell.dll” [“RealNetworks, Inc.”] “{AC1DB655-4F9A-4c39-8AD2-A65324A4C446}” = “Autodesk Drawing Preview” -> {HKLM…CLSID} = “ACTHUMBNAIL” \InProcServer32(Default) = “C:\Program Files\Common Files\Autodesk Shared\Thumbnail\AcThumbnail16.dll” [“Autodesk”] “{36A21736-36C2-4C11-8ACB-D4136F2B57BD}” = “Uchwyt nakładania ikony podpisu cyfrowego” -> {HKLM…CLSID} = “AcSignIcon” \InProcServer32(Default) = “C:\WINDOWS\System32\AcSignIcon.dll” [“Autodesk”] “{6DEA92E9-8682-4b6a-97DE-354772FE5727}” = “Autodesk DWF Preview” -> {HKLM…CLSID} = “ACDWFTHMBPRXY” \InProcServer32(Default) = “C:\Program Files\Common Files\Autodesk Shared\Thumbnail\AcDwfThmbPrxy16.dll” [“Autodesk”] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = “PDF Column Info” -> {HKLM…CLSID} = “PDF Shell Extension” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll” [“Adobe Systems, Inc.”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Avast4\ashShell.dll” [“ALWIL Software”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] WinZip(Default) = “{E0D79304-84BE-11CE-9641-444553540000}” -> {HKLM…CLSID} = “WinZip” \InProcServer32(Default) = “C:\PROGRA~1\WINZIP\WZSHLSTB.DLL” [“WinZip Computing LP”] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] WinZip(Default) = “{E0D79304-84BE-11CE-9641-444553540000}” -> {HKLM…CLSID} = “WinZip” \InProcServer32(Default) = “C:\PROGRA~1\WINZIP\WZSHLSTB.DLL” [“WinZip Computing LP”] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Avast4\ashShell.dll” [“ALWIL Software”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] WinZip(Default) = “{E0D79304-84BE-11CE-9641-444553540000}” -> {HKLM…CLSID} = “WinZip” \InProcServer32(Default) = “C:\PROGRA~1\WINZIP\WZSHLSTB.DLL” [“WinZip Computing LP”] Default executables: -------------------- HKCU\Software\Classes.scr(Default) = “AutoCADScriptFile” <> HKCU\Software\Classes\AutoCADScriptFile\shell\open\command(Default) = "“C:\WINDOWS\System32\notepad.exe” “%1"” [MS] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} “undockwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ “Wallpaper” = “C:\Documents and Settings\Administrator!\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\Documents and Settings\Administrator!\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Startup items in “Administrator!” & “All Users” startup folders: ---------------------------------------------------------------- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart “Adobe Reader Speed Launch” -> shortcut to: “C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe” [“Adobe Systems Incorporated”] “Microsoft Office” -> shortcut to: “C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l” [MS] “Przyspieszenie uruchomienia programu AutoCAD” -> shortcut to: “C:\Program Files\Common Files\Autodesk Shared\acstart16.exe” [null data] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ HKLM\Software\Classes\CLSID{01002DB2-8170-4D9B-A8B1-DDC9DD114E03}(Default) = “Volet Wanadoo” Implemented Categories{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32(Default) = “C:\PROGRA~1\NEOSTR~1\audience\audience.dll” [empty string] HKLM\Software\Classes\CLSID{3BAF4A27-C764-4E1A-A6F4-62F7A7E5E51C}(Default) = “ToolBand Class” Implemented Categories{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32(Default) = “C:\PROGRA~1\NEOSTR~1\audience\audience.dll” [empty string] HKLM\Software\Classes\CLSID{5BF498C0-931E-4A4F-B33F-456D07137EAA}(Default) = “Volet Wanadoo” Implemented Categories{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32(Default) = “C:\PROGRA~1\NEOSTR~1\audience\audience.dll” [empty string] Miscellaneous IE Hijack Points ------------------------------ HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\ <> “{08C06D61-F1F3-4799-86F8-BE1A89362C85}” = (no title provided) -> {HKLM…CLSID} = “Search Class” \InProcServer32(Default) = “C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL” [empty string] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ avast! Antivirus, avast! Antivirus, ““C:\Program Files\Avast4\ashServ.exe”” [“ALWIL Software”] avast! iAVS4 Control Service, aswUpdSv, ““C:\Program Files\Avast4\aswUpdSv.exe”” [“ALWIL Software”] avast! Mail Scanner, avast! Mail Scanner, ““C:\Program Files\Avast4\ashMaiSv.exe” /service” [“ALWIL Software”] avast! Web Scanner, avast! Web Scanner, ““C:\Program Files\Avast4\ashWebSv.exe” /service” [“ALWIL Software”] LightScribeService Direct Disc Labeling Service, LightScribeService, “C:\Program Files\Common Files\LightScribe\LSSrvc.exe” [“Hewlett-Packard Company”] NVIDIA Display Driver Service, NVSvc, “C:\WINDOWS\System32\nvsvc32.exe” [“NVIDIA Corporation”] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ hpzlnt03\Driver = “hpzlnt03.dll” [“HP”] ---------- <>: Suspicious data at a malware launch point. <>: Suspicious data at a browser hijack point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer “No” at the first message box and “Yes” at the second message box. ---------- (total run time: 188 seconds, including 2 seconds for message boxes)

qrczak13 · 17 Maj 2007 19:02

Logi ok.

Poczytaj o zbednikach w autostarcie.

Kruk_I · 24 Maj 2007 15:24

dzieki za pomoc, a wlasciwie odwalenie calej roboty ;p