Regulamin forum
1. Każdy temat powinien odzwierciedlać treść wątku.2. W przypadku wklejania logów; należy je wykonać od razu przynajmniej z dwóch narzędzi: FRST oraz z GMER
3. Wszelkie logi proszę publikować na przeznaczonych do tego stronach a w poście wklejać tylko link.
4. Nie wskazane jest skracanie logów, należy wkleić cały - od początku, do końca.
5. Nie wskazane jest podczepianie się do tematów innych użytkowników - proszę założyć nowy temat w dziale Bezpieczeństwo, ułatwi to pomoc sprawdzającemu.
6. Osoby nie posiadające odpowiedniej wiedzy, nie powinny sprawdzać logów, ponieważ grozi to poważnym uszkodzeniem systemu lub aplikacji zainstalowanych na komputerze.
7. Należy dokładnie opisać problem, występujące objawy oraz wszelkie podjęte działania.
8. Każdy skrypt jest unikatowy, napisany dla każdego przypadku z osobna, więc nie może być stosowany przez innych.
9. W przypadku zamieszczenia zrzutu ekranu (screenshot'a) proszę korzystać z zewnętrznego serwisu oferującego hosting zdjęć.
Prosze o sprawdzenei loga
07 Sie 2007, 00:52
- Kod:
Logfile of HijackThis v1.99.1
Scan saved at 23:52:10, on 06/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\ezNTSvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Nero\Nero 7\Core\nero.exe
C:\Program Files\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=64&bd=pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=64&bd=pavilion&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\ezShellStart.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {8dde2322-9f8c-4ebd-b638-d23c549b24d3} - C:\WINDOWS\system32\msacabl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: Wyslij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyslij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=64&bd=pavilion&pf=laptop
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: msacabl - C:\WINDOWS\SYSTEM32\msacabl.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: EasyBits Magic Desktop Services for Windows NT (ezntsvc) - EasyBits Software Corp. - C:\WINDOWS\system32\ezNTSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
07 Sie 2007, 01:24
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\ezShellStart.exe
O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
O2 - BHO: (no name) - {8dde2322-9f8c-4ebd-b638-d23c549b24d3} - C:\WINDOWS\system32\msacabl.dll
O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
O20 - Winlogon Notify: msacabl - C:\WINDOWS\SYSTEM32\msacabl.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
Usuwasz HiJackThisem
https://www.instalki.pl/programy/downlo ... llBox.html
Wklejasz tam nastepujące śćieżki:
C:\WINDOWS\SYSTEM32\msacabl.dll
C:\WINDOWS\SYSTEM32\WgaLogon.dll
C:\Program Files\MyGlobalSearch
C:\WINDOWS\System32\ezShellStart.exe
i naciskasz czerwony X
Jeżeli pisze "File couldn`t delete wybierasz opcje:
-Delete after reboot
Dodaj nowy log z HiJacka i Combofixa. Przeczyść rejestr jednym z tych dwóch programów:
RegCleaner
jv16 Power Tools
Warto przeczyścić tempy i pliki tymczasowe:
CCleaner
Pozdrawiam
07 Sie 2007, 01:34
spoko, dzieki wielki 
edit:
log z hijack:
log z combofixa:
edit:
log z hijack:
- Kod:
Logfile of HijackThis v1.99.1
Scan saved at 00:51:51, on 07/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=64&bd=pavilion&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=64&bd=pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=64&bd=pavilion&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=64&bd=pavilion&pf=laptop
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {8dde2322-9f8c-4ebd-b638-d23c549b24d3} - C:\WINDOWS\system32\msacabl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: Wyslij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyslij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=64&bd=pavilion&pf=laptop
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: msacabl - C:\WINDOWS\SYSTEM32\msacabl.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: EasyBits Magic Desktop Services for Windows NT (ezntsvc) - EasyBits Software Corp. - C:\WINDOWS\system32\ezNTSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
log z combofixa:
- Kod:
ComboFix 07-08-04.3 - "Phantom" 2007-08-07 1:10:45.1 [GMT 1:00] - NTFS
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.True
* Created a new restore point
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Program Files\inetget2
C:\Program Files\winpop
C:\WINDOWS\system32\dn06145c37.dat
C:\WINDOWS\system32\msacabl.dll
C:\WINDOWS\system32\smvalid.exe
C:\WINDOWS\wr.txt
D:\Autorun.inf
((((((((((((((((((((((((( Files Created from 2007-07-07 to 2007-08-07 )))))))))))))))))))))))))))))))
2007-08-07 01:10 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-07 00:35 <DIR> d-------- C:\!KillBox
2007-08-07 00:32 <DIR> d-------- C:\Program Files\CCleaner
2007-08-06 23:14 <DIR> d---s---- C:\DOCUME~1\NETWOR~1\Temporary Internet Files
2007-08-06 23:14 <DIR> d---s---- C:\DOCUME~1\NETWOR~1\History
2007-08-06 21:07 <DIR> d-------- C:\Program Files\Free Download Manager
2007-08-06 21:07 <DIR> d-------- C:\Downloads
2007-08-06 19:06 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll
2007-08-06 19:06 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2007-08-06 19:06 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll
2007-08-06 19:06 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll
2007-08-06 19:06 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll
2007-08-06 18:28 <DIR> d-------- C:\Program Files\Codemasters
2007-08-05 12:18 <DIR> d-------- C:\Program Files\Kolekcja Klasyki
2007-08-04 15:51 4,096 --a------ C:\WINDOWS\d3dx.dat
2007-08-04 15:41 <DIR> d-------- C:\Program Files\JoWood
2007-08-03 21:44 <DIR> d-------- C:\Program Files\YouTube Video Downloader
2007-08-02 14:17 <DIR> d-------- C:\Program Files\Disney Interactive
2007-08-02 14:15 <DIR> d-------- C:\DOCUME~1\Phantom\WINDOWS
2007-07-30 21:09 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\NFS Underground
2007-07-30 20:41 <DIR> d-------- C:\Program Files\EA SPORTS
2007-07-29 11:10 <DIR> d-------- C:\WINDOWS\Neuromemory
2007-07-29 11:10 <DIR> d-------- C:\Program Files\Neuromemory
2007-07-23 16:19 <DIR> d-------- C:\Program Files\Alcohol Soft
2007-07-23 11:10 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2007-07-19 12:42 <DIR> d-------- C:\DOCUME~1\Phantom\APPLIC~1\CyberLink
2007-07-18 12:56 <DIR> d-------- C:\Program Files\DVD Decrypter
2007-07-16 17:28 <DIR> d-------- C:\DOCUME~1\Phantom\APPLIC~1\Media Player Classic
2007-07-15 19:23 <DIR> d-------- C:\Program Files\Windows Media Components
2007-07-15 19:22 97,280 --a------ C:\WINDOWS\system32\ccrpbds5.dll
2007-07-15 19:22 77,824 --a------ C:\WINDOWS\system32\eJ_Enumerator.dll
2007-07-15 19:22 36,864 --a------ C:\WINDOWS\system32\eJayWMExport.dll
2007-07-15 19:22 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2007-07-15 19:19 <DIR> d-------- C:\WINDOWS\speech
2007-07-15 09:52 327,168 --a------ C:\WINDOWS\IsUn0415.exe
2007-07-13 14:10 <DIR> d-------- C:\DOCUME~1\Phantom\Phone Browser
2007-07-12 11:47 108,144 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-07-10 12:59 <DIR> d-------- C:\Program Files\iTunes
2007-07-10 12:59 <DIR> d-------- C:\Program Files\iPod
2007-07-10 12:59 <DIR> d-------- C:\DOCUME~1\Phantom\APPLIC~1\Apple Computer
2007-07-10 12:57 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-07-10 12:57 <DIR> d-------- C:\Program Files\Apple Software Update
2007-07-10 12:57 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-07-08 21:57 <DIR> d-------- C:\DOCUME~1\Phantom\APPLIC~1\Nero
2007-07-08 10:43 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll
2007-07-08 10:43 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2007-07-08 10:43 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2007-07-08 10:43 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll
2007-07-08 10:43 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
2007-07-08 10:43 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2007-07-08 10:43 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2007-07-08 10:43 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll
2007-07-07 19:58 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-08-07 01:23 1001248 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-08-07 01:21 94916 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2007-08-07 01:21 397772 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-08-07 01:21 29652256 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-08-07 00:39 --------- d-------- C:\Program Files\Common Files\Sonic Shared
2007-08-06 23:48 --------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-08-06 18:28 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-04 18:54 --------- d-------- C:\Program Files\Norton Security Scan
2007-08-01 13:39 --------- d-------- C:\Program Files\Lx_cats
2007-07-29 11:09 2058 --a------ C:\WINDOWS\unins001.dat
2007-07-28 22:28 --------- d-------- C:\Program Files\RGB
2007-07-26 16:27 --------- d-------- C:\Program Files\Driving Test Complete
2007-07-21 10:39 --------- d-------- C:\DOCUME~1\Phantom\APPLIC~1\Ahead
2007-07-21 04:54 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-07-14 19:51 --------- d-------- C:\Program Files\IrfanView
2007-07-10 12:58 --------- d-------- C:\Program Files\QuickTime Alternative
2007-07-09 17:19 --------- d-------- C:\DOCUME~1\Phantom\APPLIC~1\Skype
2007-07-09 15:42 --------- d-------- C:\Program Files\MoorHunt
2007-07-09 12:07 --------- d-------- C:\Program Files\Gadu-Gadu
2007-07-08 12:05 639224 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-07-08 11:17 --------- d-------- C:\Program Files\Fraps
2007-07-06 22:35 --------- d-------- C:\Program Files\MSBuild
2007-07-06 22:35 --------- d-------- C:\Program Files\Microsoft Works
2007-07-06 22:34 --------- d-------- C:\Program Files\Microsoft.NET
2007-07-06 22:30 --------- d-------- C:\Program Files\Microsoft Visual Studio 8
2007-07-04 22:33 --------- d-------- C:\Program Files\Common Files\InstallShield
2007-07-02 14:23 --------- d-------- C:\Program Files\Lexmark 4300 Series
2007-06-25 21:44 --------- d-------- C:\Program Files\Skype
2007-06-25 21:44 --------- d-------- C:\Program Files\Common Files\Skype
2007-06-18 01:13 --------- d-------- C:\Program Files\eGazety
2007-06-18 01:13 --------- d-------- C:\Program Files\Common Files\Borland Shared
2007-06-15 17:36 --------- d-------- C:\Program Files\Nokia
2007-06-15 17:36 --------- d-------- C:\Program Files\Common Files\Nokia
2007-06-13 20:39 --------- d-------- C:\DOCUME~1\Phantom\APPLIC~1\Nokia Multimedia Player
2007-06-13 18:55 0 --a------ C:\DOCUME~1\Phantom\APPLIC~1\wklnhst.dat
2007-06-13 18:55 --------- d-------- C:\DOCUME~1\Phantom\APPLIC~1\Template
2007-06-12 17:25 --------- d-------- C:\Program Files\Common Files\DirectX
2007-06-09 17:05 --------- d-------- C:\DOCUME~1\Phantom\APPLIC~1\Help
2007-06-08 12:11 --------- d-------- C:\Program Files\DivX
2007-05-31 07:45 524288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-05-31 07:44 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-05-31 07:44 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-05-31 07:44 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-05-31 07:44 740442 --a------ C:\WINDOWS\system32\DivX.dll
2007-05-09 23:58 2211 --a------ C:\Program Files\unins000.dat
2007-05-09 15:24 1156 --a------ C:\WINDOWS\mozver.dat
2002-12-17 03:00 82253 --a------ C:\Program Files\unins000.exe
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-11 05:03]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 16:02 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-06-19 10:50]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 10:23]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" [2006-11-08 18:28]
"LXCECATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll" [2005-07-20 13:46]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-07-20 06:58]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-16 05:00]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{E54729E8-BB3D-4270-9D49-7389EA579090}"= C:\WINDOWS\system32\EZUPBH~1.DLL [2007-01-17 18:38 49152]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup"
R0 iaStor;Intel AHCI Controller;C:\WINDOWS\system32\DRIVERS\iaStor.sys
R1 eabfiltr;eabfiltr;C:\WINDOWS\system32\DRIVERS\eabfiltr.sys
R1 sdpiosys;sdpiosys;C:\WINDOWS\system32\drivers\sdpiosys.sys
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI;C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
R2 ezntsvc;EasyBits Magic Desktop Services for Windows NT;C:\WINDOWS\system32\ezNTSvc.exe
R2 MSMQ;Message Queuing;C:\WINDOWS\system32\mqsvc.exe
R2 MSMQTriggers;Message Queuing Triggers;C:\WINDOWS\system32\mqtgsvc.exe
R3 HBtnKey;HBtnKey;C:\WINDOWS\system32\DRIVERS\cpqbttn.sys
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver;C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
R3 MQAC;Message Queuing access control;\??\C:\WINDOWS\system32\drivers\mqac.sys
R3 NETw3x32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows XP 32 Bit;C:\WINDOWS\system32\DRIVERS\NETw3x32.sys
R3 rimmptsk;rimmptsk;C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
R3 rimsptsk;rimsptsk;C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
R3 rismxdp;Ricoh xD-Picture Card Driver;C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
R3 RMCAST;Reliable Multicast Protocol driver;\??\C:\WINDOWS\system32\drivers\RMCast.sys
R3 sdbus;sdbus;C:\WINDOWS\system32\DRIVERS\sdbus.sys
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC);C:\WINDOWS\system32\DRIVERS\snp2uvc.sys
R3 SynTP;Synaptics TouchPad Driver;C:\WINDOWS\system32\DRIVERS\SynTP.sys
R3 Wdf01000;Wdf01000;C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
S3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver;C:\WINDOWS\system32\DRIVERS\e1e5132.sys
S3 eabusb;eabusb;C:\WINDOWS\system32\DRIVERS\eabusb.sys
S3 idsvc;Windows CardSpace;"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"
S3 LHidKe;Logitech SetPoint HID Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\LHidKE.Sys
S3 LMouKE;Logitech SetPoint Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
S3 MHN;MHN;C:\WINDOWS\System32\svchost.exe -k netsvcs
S3 MHNDRV;MHN driver;C:\WINDOWS\system32\DRIVERS\mhndrv.sys
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service;"C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe"
S3 MSIRCOMM;Microsoft IR Communications Driver;C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys
S3 nmwcd;Nokia USB Phone Parent;C:\WINDOWS\system32\drivers\nmwcd.sys
S3 nmwcdc;Nokia USB Generic;C:\WINDOWS\system32\drivers\nmwcdc.sys
S3 nmwcdcj;Nokia USB Port;C:\WINDOWS\system32\drivers\nmwcdcj.sys
S3 nmwcdcm;Nokia USB Modem;C:\WINDOWS\system32\drivers\nmwcdcm.sys
S3 odserv;Microsoft Office Diagnostics Service;"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE"
S3 sffdisk;SFF Storage Class Driver;C:\WINDOWS\system32\DRIVERS\sffdisk.sys
S3 sffp_sd;SFF Storage Protocol Driver for SDBus;C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
S3 STIrUsb;SigmaTel USB-IrDA Dongle;C:\WINDOWS\system32\DRIVERS\irstusb.sys
S3 UIUSys;Conexant Setup API;C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service;"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"
Contents of the 'Scheduled Tasks' folder
2007-08-04 17:54:42 C:\WINDOWS\Tasks\Norton Security Scan.job - C:\Program Files\Norton Security Scan\Nss.exe
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-07 01:23:47
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:0000015d
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Atari\R\1w]
"Order"=hex:08,00,00,00,02,00,00,00,4e,02,00,00,01,00,00,00,04,00,00,00,76,..
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-08-07 1:26:01 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-07 01:25
--- E O F ---
07 Sie 2007, 12:42
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: (no name) - {8dde2322-9f8c-4ebd-b638-d23c549b24d3} - C:\WINDOWS\system32\msacabl.dll
O20 - Winlogon Notify: msacabl - C:\WINDOWS\SYSTEM32\msacabl.dll
Fix w HJT.
pp3088, plik WgaLogon.dll nie jest szkodnikiem. Raportuje on piracką wersję Windowsa.
MyGlobalSearch najlepiej jest odinstalować z Panelu sterowania, gdyż potem mogą zostać śmieci w rejestrze.
fantom15, możesz pokazać jeszcze log z Silent Runners.
07 Sie 2007, 13:31
jak możecie to sprawdźcie mojego loga
- Kod:
ComboFix 07-08-04.3 - "administrator" 2007-08-07 13:24:42.1 [GMT 2:00] - NTFS
Microsoft Windows XP Professional --------- (sam zasłoniłem).Prawda
* Created a new restore point
((((((((((((((((((((((((( Files Created from 2007-07-07 to 2007-08-07 )))))))))))))))))))))))))))))))
2007-08-07 13:23 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-03 19:53 <DIR> d-------- C:\Program Files\FRISK Software
2007-08-03 19:53 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\FRISK Software
2007-08-03 18:36 <DIR> d-------- C:\Program Files\TryMedia
2007-08-03 18:36 <DIR> d-------- C:\Program Files\FreshGames
2007-07-30 17:10 524,288 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-07-30 17:10 <DIR> dr-h----- C:\DOCUME~1\ADMINI~1\Dane aplikacji
2007-07-30 17:10 <DIR> dr------- C:\DOCUME~1\ADMINI~1\Menu Start
2007-07-30 17:10 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\Ustawienia lokalne
2007-07-30 17:10 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\Szablony
2007-07-30 17:10 <DIR> d-------- C:\WINDOWS\CSC
2007-07-30 17:10 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Ulubione
2007-07-30 17:10 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Pulpit
2007-07-30 17:10 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Moje dokumenty
2007-07-30 14:47 <DIR> d--h----- C:\WINDOWS\PIF
2007-07-29 17:55 <DIR> d-------- C:\DOCUME~1\rodzinka\DANEAP~1\Languages
2007-07-29 14:40 <DIR> d-------- C:\Program Files\ExPLabs.com
2007-07-29 14:40 <DIR> d-------- C:\DOCUME~1\rodzinka\DANEAP~1\CallingID
2007-07-29 14:40 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\ExPLabs.com
2007-07-29 14:40 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\{54B37BDA-7415-4C17-A2C9-A871DC6D2370}
2007-07-28 17:54 <DIR> d-------- C:\DOCUME~1\rodzinka\DANEAP~1\Tibia
2007-07-26 16:29 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2007-07-26 16:29 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2007-07-26 16:29 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2007-07-26 16:29 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-07-26 13:23 <DIR> d-------- C:\BuilderProjects
2007-07-25 22:03 <DIR> d-------- C:\DOCUME~1\rodzinka\DANEAP~1\Temp
2007-07-25 22:03 <DIR> d-------- C:\DOCUME~1\rodzinka\DANEAP~1\GinSlots
2007-07-25 22:03 <DIR> d-------- C:\DOCUME~1\rodzinka\DANEAP~1\Common
2007-07-25 22:03 <DIR> d-------- C:\DOCUME~1\rodzinka\DANEAP~1\Adv
2007-07-25 16:33 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2007-07-25 16:33 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2007-07-22 11:47 <DIR> d-------- C:\Program Files\Common Files\iS3
2007-07-22 11:47 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\STOPzilla!
2007-07-21 10:23 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\nView_Profiles
2007-07-20 19:00 <DIR> d-------- C:\DOCUME~1\rodzinka\DANEAP~1\Artweaver
2007-07-19 15:33 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Google
2007-07-12 19:19 4,096 --a------ C:\WINDOWS\d3dx.dat
2007-07-10 11:41 <DIR> d-------- C:\DOCUME~1\rodzinka\DANEAP~1\Ethereal
2007-07-08 20:59 24,512 --a------ C:\WINDOWS\system32\drivers\VBoxDrv.sys
2007-07-08 20:59 18,720 --a------ C:\WINDOWS\system32\drivers\VBoxUSBFlt.sys
2007-07-08 20:59 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-07-08 20:54 <DIR> d-------- C:\DOCUME~1\rodzinka\DANEAP~1\VMware
2007-07-08 20:54 <DIR> d-------- C:\DOCUME~1\LOCALS~1\DANEAP~1\VMware
2007-07-08 20:48 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\VMware
2007-07-07 18:07 <DIR> d-------- C:\WINDOWS\Intelli HyperSpeed 2005
2007-07-07 12:10 <DIR> d-------- C:\Program Files\AusLogics Emergency Recovery
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-08-07 12:40 --------- d-------- C:\Program Files\Tibia2
2007-08-06 22:34 --------- d-------- C:\Program Files\Gadu-Gadu2
2007-08-06 12:18 --------- d-------- C:\Program Files\Tibia3
2007-08-04 22:37 --------- d-------- C:\DOCUME~1\rodzinka\DANEAP~1\Skype
2007-08-03 10:26 --------- d-------- C:\Program Files\eMule
2007-08-02 18:14 --------- d-------- C:\DOCUME~1\rodzinka\DANEAP~1\GanymedeNet
2007-07-27 10:26 --------- d-------- C:\Program Files\SpeedFan
2007-07-24 19:09 --------- d-------- C:\Program Files\Opera
2007-07-20 08:49 --------- d-------- C:\Program Files\EA SPORTS
2007-07-19 12:38 --------- d-------- C:\Program Files\nLite
2007-07-12 19:17 12400 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2007-07-12 19:07 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-07-08 21:05 82946 --a------ C:\WINDOWS\system32\perfc015.dat
2007-07-08 21:05 486654 --a------ C:\WINDOWS\system32\perfh015.dat
2007-07-04 16:24 --------- d-------- C:\Program Files\Ganymede
2007-06-26 16:53 766 --a------ C:\Program Files\Common Files\sms.ico
2007-06-26 16:53 70 --a------ C:\Program Files\Common Files\moje.js
2007-06-24 14:02 --------- d-------- C:\DOCUME~1\rodzinka\DANEAP~1\uTorrent
2007-06-22 15:32 --------- d-------- C:\DOCUME~1\rodzinka\DANEAP~1\Media Player Classic
2007-06-21 10:49 --------- d-------- C:\Program Files\Alcohol Soft
2007-06-21 10:46 685816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-06-20 19:44 --------- d-------- C:\Program Files\K-Lite Codec Pack
2007-06-20 18:43 4498 --a------ C:\WINDOWS\unins000.dat
2007-06-19 18:52 --------- d-------- C:\Program Files\MSBuild
2007-06-19 18:44 --------- d-------- C:\Program Files\Reference Assemblies
2007-06-19 18:11 3426 --a------ C:\WINDOWS\unins001.dat
2007-06-19 15:59 --------- d-------- C:\Program Files\Paragon Software
2007-06-19 15:51 --------- d-------- C:\Program Files\Common Files\InstallShield
2007-06-19 15:50 --------- d-------- C:\Program Files\Video Pilot SE
2007-06-19 14:29 --------- d-------- C:\Program Files\DirectShow Pack
2007-06-15 19:59 --------- d-------- C:\Program Files\Microsoft.NET
2007-06-15 19:59 --------- d-------- C:\Program Files\Microsoft ActiveSync
2007-06-15 19:46 --------- d-------- C:\Program Files\BitComet
2007-06-15 15:59 2560 --a------ C:\WINDOWS\system32\BitCometRes.dll
2007-06-15 15:34 --------- d-------- C:\Program Files\FlashGet
2007-06-14 19:14 --------- d-------- C:\Program Files\Common Files\DirectX
2007-06-13 19:34 --------- d-------- C:\Program Files\EA GAMES
2007-06-13 15:33 --------- d-------- C:\Program Files\Futuremark
2007-06-13 15:26 --------- d-------- C:\Program Files\Lavalys
2007-06-10 20:56 --------- d-------- C:\DOCUME~1\rodzinka\DANEAP~1\Gadu-Gadu
2007-06-10 19:03 --------- d-------- C:\Program Files\Lavasoft
2007-06-10 19:03 --------- d-------- C:\DOCUME~1\rodzinka\DANEAP~1\Lavasoft
2007-06-08 09:37 --------- d-------- C:\Program Files\SkanerOnline
2007-06-06 07:00 545 --a------ C:\WINDOWS\UC.PIF
2007-06-06 07:00 545 --a------ C:\WINDOWS\RAR.PIF
2007-06-06 07:00 545 --a------ C:\WINDOWS\PKZIP.PIF
2007-06-06 07:00 545 --a------ C:\WINDOWS\PKUNZIP.PIF
2007-06-06 07:00 545 --a------ C:\WINDOWS\NOCLOSE.PIF
2007-06-06 07:00 545 --a------ C:\WINDOWS\LHA.PIF
2007-06-06 07:00 545 --a------ C:\WINDOWS\ARJ.PIF
2007-06-03 21:37 11208 --a------ C:\WINDOWS\mozver.dat
2007-05-27 17:12 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-05-11 21:27 4 --a------ C:\WINDOWS\system32\proc-220146841.bin
2007-05-08 18:22 724992 --a------ C:\WINDOWS\iun6002.exe
2005-09-09 19:55 7155864 --a------ C:\Program Files\NGhost10.msi
2005-09-09 19:55 4588454 --a------ C:\Program Files\setup.exe
2005-09-09 19:55 37766164 --a------ C:\Program Files\Data1.cab
2005-09-09 19:55 35 --a------ C:\Program Files\SCSSDist.ini
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 15:21 C:\WINDOWS\system32\HdAShCut.exe]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 03:11]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2005-09-07 15:35]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-06-01 11:22]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 11:22 C:\WINDOWS\system32\nvmctray.dll]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"nwiz"="nwiz.exe" [2006-06-01 11:22 C:\WINDOWS\system32\nwiz.exe]
"LinkScanner Monitor"="C:\Program Files\ExPLabs.com\LinkScanner\LinkScannerMonitor.exe" [2007-05-02 02:52]
"F-PROT Antivirus Tray application"="C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe" [2007-04-24 15:16]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoInstrumentation"=0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FPAVServer]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^rodzinka^Menu Start^Programy^Autostart^DeskPins.lnk]
path=C:\Documents and Settings\rodzinka\Menu Start\Programy\Autostart\DeskPins.lnk
backup=C:\WINDOWS\pss\DeskPins.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
"D:\bittorrent.exe" --force_start_minimized
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget]
D:\Program Files\FlashGet\FlashGet.exe /min
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]
"C:\Program Files\Gadu-Gadu\gg.exe" /tray
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstalkiLite]
D:\Program Files\INSTALKI.pl\InstalkiLite\InstalkiLite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"szserver"=2 (0x2)
R0 FPAV_RTP;FPAV_RTP;C:\WINDOWS\system32\drivers\FStopW.sys
R0 hotcore2;hotcore2;C:\WINDOWS\system32\drivers\hotcore2.sys
R0 speedfan;speedfan;C:\WINDOWS\system32\speedfan.sys
R1 aslm75;aslm75;\??\C:\WINDOWS\system32\drivers\aslm75.sys
R1 asuskbnt;Enhanced Display Driver Helper Service;C:\WINDOWS\system32\drivers\atkkbnt.sys
R1 vmm;Virtual Machine Monitor;\??\C:\WINDOWS\system32\Drivers\vmm.sys
R2 Dnscache;Klient DNS;C:\WINDOWS\System32\svchost.exe -k NetworkService
R2 EIO;EIO;\??\C:\WINDOWS\system32\drivers\EIO.sys
R2 FPAVServer;F-PROT Antivirus for Windows system;"C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe"
R3 AEAudioService;AEAudio Service;C:\WINDOWS\system32\drivers\AEAudio.sys
R3 ndiscm;Motorola SURFboard USB Cable Modem Windows Driver;C:\WINDOWS\system32\DRIVERS\NetMotCM.sys
R3 SenFiltService;SenFilt Service;C:\WINDOWS\system32\drivers\Senfilt.sys
R3 VPCNetS2;Virtual Machine Network Services Driver;C:\WINDOWS\system32\DRIVERS\VMNetSrv.sys
S0 szkg;szkg;C:\WINDOWS\system32\DRIVERS\szkg.sys
S3 idsvc;Windows CardSpace;"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"
S3 MEMSWEEP2;MEMSWEEP2;\??\C:\WINDOWS\system32\B1.tmp
S3 PSSdk23;PSSdk23;\??\C:\WINDOWS\system32\Drivers\PsSdk23.drv
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service;"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c229c4ce-f16a-11db-8b7e-0014040ba33e}]
AutoRun\command- F:\RunGame.exe
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-07 13:26:47
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden registry entries ...
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A\1\5\1c]
"Order"=hex:08,00,00,00,02,00,00,00,b8,01,00,00,01,00,00,00,04,00,00,00,8c,..
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-08-07 13:28:37
--- E O F ---
07 Sie 2007, 14:03
slake1 napisał(a):O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: (no name) - {8dde2322-9f8c-4ebd-b638-d23c549b24d3} - C:\WINDOWS\system32\msacabl.dll
O20 - Winlogon Notify: msacabl - C:\WINDOWS\SYSTEM32\msacabl.dll
Fix w HJT.
pp3088, plik WgaLogon.dll nie jest szkodnikiem. Raportuje on piracką wersję Windowsa.
MyGlobalSearch najlepiej jest odinstalować z Panelu sterowania, gdyż potem mogą zostać śmieci w rejestrze.
fantom15, możesz pokazać jeszcze log z Silent Runners.
wszystko ok tylko ze.... ja mam oryginalna kpie winda
to jak n moze wskazywac pirata??
07 Sie 2007, 14:42
Pisze Ci, że masz pirata? To jest aktualizacja którą sprawdza czy system jest legalny. Twój jest legalny więc nie pisze, że jest piracka więc nie masz co się przejmować. Aktualizacje w Twoim przypadku można zostawić, choć jak chcesz to możesz odinstalować.
07 Sie 2007, 14:43
Dokładne wyjaśnienie znajduje się na
- Kod:
http://www.pcworld.pl/news/97387.html
07 Sie 2007, 16:24
OK, dzieki chlopaki
07 Sie 2007, 18:39
slake1 napisał(a):
pp3088, plik WgaLogon.dll nie jest szkodnikiem. Raportuje on piracką wersję Windowsa.
MyGlobalSearch najlepiej jest odinstalować z Panelu sterowania, gdyż potem mogą zostać śmieci w rejestrze.
Primo Wiem co to WgaLogon - Windows Genuine Advantage. Jak wiadomo 99% Polaków ma pirata, nie będę więc pytać czy ma czy nie. Zresztą ten szit jest niepotrzebny nawet na oryginalnej windzie.
Secundo Na końcu podałem programy do czyszczenia rejestru.
29 Sie 2007, 11:15
Wszystko jest spoko ? czy nie...
i czy normalne jest uzycie pamieci [ 240-280 MB ] czy powino byc mniejsze?
MAM 1GB RAM
i czy normalne jest uzycie pamieci [ 240-280 MB ] czy powino byc mniejsze?
MAM 1GB RAM
- Kod:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:05:47, on 2007-08-29
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\NetAssert.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://tw.msi.com.tw/autobios/VerChk/LSeries.asp?MSIOCXVersion=3.77&WorkFunction=LMonitor
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Flashget Catch Url Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{007B112A-3C57-4A65-924F-23F7E30201D7}: NameServer = 193.204.159.1,194.204.152.34
O17 - HKLM\System\CCS\Services\Tcpip\..\{1BCCEE65-D422-4170-BE8F-5306EC6A62BA}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{007B112A-3C57-4A65-924F-23F7E30201D7}: NameServer = 193.204.159.1,194.204.152.34
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\..\{007B112A-3C57-4A65-924F-23F7E30201D7}: NameServer = 193.204.159.1,194.204.152.34
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: wmphost - {5A399A9D-A549-49E1-A55E-75A985DB2DC9} - C:\WINDOWS\wmphost.dll
O21 - SSODL: wmpdev - {882ADC8E-0ECA-49F7-8A2F-783964248000} - C:\WINDOWS\wmpdev.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
29 Sie 2007, 11:46
- Kod:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O21 - SSODL: wmphost - {5A399A9D-A549-49E1-A55E-75A985DB2DC9} - C:\WINDOWS\wmphost.dll
O21 - SSODL: wmpdev - {882ADC8E-0ECA-49F7-8A2F-783964248000} - C:\WINDOWS\wmpdev.dll
Usuwasz w HJT, poprzez zaznaczenie ptaszkiem i fix checked.
Ściągnij ComboFix (na dole tej strony z linku) -
Wklej do Notatnika:
File::
C:\WINDOWS\wmphost.dll
C:\WINDOWS\wmpdev.dll
>>Plik>>Zapisz jako... >>> CFScript (najwygodniej będzie,
jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe
(czyli ikonkę CFScript.txt na ikonkę ComboFix.exe)
(jeśli pojawi się pytanie "1 or 2" - to wpisz 1 i naciśnij ENTER) Ma się rozpocząć usuwanie. (i powstanie log)
Po restarcie usuń ręcznie folder C: \Qoobox.
O17 - HKLM\System\CCS\Services\Tcpip\..\{1BCCEE65-D422-4170-BE8F-5306EC6A62BA}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
Skąd u Ciebie amerykańskie DNS`y. Bawiłeś się w ich modyfikowanie?
Dodaj nowy log z HiJacka i Combofixa. Przeczyść rejestr jednym z tych dwóch programów:
RegCleaner
jv16 Power Tools
Warto przeczyścić tempy i pliki tymczasowe:
CCleaner
29 Sie 2007, 15:27
dzieki, a co do tych DNS'ów to jak zmienić na poprawne??
a ten nowy log jak dodac??
pierwszy raz to robie
a ten nowy log jak dodac??
pierwszy raz to robie
29 Sie 2007, 16:34
30 Sie 2007, 08:03
lol ja myslalem ze nowego loga mam stworzyć a tu chodzilo zeby na stronke dac nowego 
- Kod:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:01:31, on 2007-08-30
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\NetAssert.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://tw.msi.com.tw/autobios/VerChk/LSeries.asp?MSIOCXVersion=3.77&WorkFunction=LMonitor
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Flashget Catch Url Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{007B112A-3C57-4A65-924F-23F7E30201D7}: NameServer = 194.204.159.1,194.204.152.34
O17 - HKLM\System\CS1\Services\Tcpip\..\{007B112A-3C57-4A65-924F-23F7E30201D7}: NameServer = 194.204.159.1,194.204.152.34
O17 - HKLM\System\CS2\Services\Tcpip\..\{007B112A-3C57-4A65-924F-23F7E30201D7}: NameServer = 194.204.159.1,194.204.152.34
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: wmpdev - {834548A0-8C91-45D4-9E69-82FBEC20478C} - (no file)
O21 - SSODL: wmphost - {276B084F-8C22-446C-BEA1-F57914D1E48F} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
=========================================================
- Kod:
ComboFix 07-08-30.2 - "Dom" 2007-08-30 7:53:55.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.685 [GMT 2:00]
* Created a new restore point
((((((((((((((((((((((((( Files Created from 2007-07-28 to 2007-08-30 )))))))))))))))))))))))))))))))
2007-08-29 12:57 217,088 --a------ C:\WINDOWS\mxduo.dll
2007-08-29 11:48 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-08-29 11:48 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll
2007-08-29 11:05 <DIR> d-------- C:\Program Files\Trend Micro
2007-08-29 10:18 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-28 19:19 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-08-28 09:13 <DIR> d-------- C:\Program Files\EA GAMES
2007-08-22 10:18 <DIR> d-------- C:\Program Files\City Interactive
2007-08-20 13:53 2,754,016 --a------ C:\WINDOWS\sysUtil.exe
2007-08-15 13:30 <DIR> d-------- C:\DOCUME~1\Dom\DANEAP~1\gtk-2.0
2007-08-15 13:30 <DIR> d-------- C:\DOCUME~1\Dom\.thumbnails
2007-08-15 13:29 <DIR> d-------- C:\DOCUME~1\Dom\.gimp-2.2
2007-08-14 11:04 <DIR> d-------- C:\DOCUME~1\Dom\avidemux
2007-08-06 18:04 <DIR> d-------- C:\Program Files\GaduGadu
2007-08-05 18:07 <DIR> d-------- C:\Program Files\NMG
2007-08-05 09:56 <DIR> d-------- C:\Program Files\MegauploadToolbar
2007-08-05 09:56 <DIR> d-------- C:\DOCUME~1\Dom\DANEAP~1\MegauploadToolbar
2007-08-04 12:20 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-08-04 11:04 <DIR> d-------- C:\Program Files\Chaos
2007-08-03 14:28 <DIR> d-------- C:\Program Files\Common Files\CasinoVegasShared
2007-07-30 18:34 36,864 --a------ C:\WINDOWS\system32\EGameEncrypt.dll
2007-07-28 11:29 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2007-07-28 11:29 <DIR> d-------- C:\WINDOWS\system32\windows media
2007-07-26 15:15 <DIR> d-------- C:\Program Files\Terminal Reality
2007-07-23 10:54 177,664 --a------ C:\WINDOWS\aluinst.exe
2007-07-22 13:28 <DIR> d-------- C:\DOCUME~1\Dom\DANEAP~1\STOIK
2007-07-18 18:47 <DIR> d-------- C:\Program Files\FXhome
2007-07-17 13:04 <DIR> d-------- C:\DOCUME~1\Dom\DANEAP~1\WNR
2007-07-17 09:09 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-07-17 09:09 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-07-17 09:09 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Apple
2007-07-17 08:56 <DIR> d-------- C:\Program Files\QuickTime
2007-07-15 16:50 <DIR> d-------- C:\WINDOWS\.jagex_cache_34
2007-07-13 15:23 <DIR> d-------- C:\DOCUME~1\Dom\DANEAP~1\GetRightToGo
2007-07-13 15:02 <DIR> d-------- C:\DOCUME~1\Dom\DANEAP~1\Obsidium
2007-07-12 21:07 30 --a------ C:\WINDOWS\mscpt.dat
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-08-30 07:50 --------- d-------- C:\Program Files\FlashGet
2007-08-29 21:41 --------- d-------- C:\Program Files\DBME2007
2007-08-29 09:53 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-26 10:04 --------- d-------- C:\Program Files\DivX
2007-08-25 08:40 --------- d-------- C:\Program Files\English Translator 3
2007-08-14 11:16 86016 --a------ C:\WINDOWS\system32\OpenAL32.dll
2007-08-14 11:16 262144 --a------ C:\WINDOWS\system32\wrap_oal.dll
2007-08-04 13:20 --------- d-------- C:\DOCUME~1\Dom\DANEAP~1\Skype
2007-07-31 11:17 --------- d-------- C:\Program Files\Firefox
2007-07-28 00:07 783224 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-07-28 00:02 94416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-07-28 00:02 92848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-07-28 00:00 23152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-07-27 23:59 42912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-07-27 23:58 26624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-07-27 23:57 95608 --a------ C:\WINDOWS\system32\AVASTSS.scr
2007-07-17 11:09 --------- d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Apple Computer
2007-07-17 08:45 --------- d-------- C:\Program Files\Apple Software Update
2007-07-10 15:58 729088 --a------ C:\WINDOWS\iun6002.exe
2007-07-04 21:03 --------- d-------- C:\Program Files\PowerISO
2007-07-04 20:59 --------- d-------- C:\Program Files\RegCleaner
2007-06-30 15:11 --------- d-------- C:\Program Files\Total Video Converter
2007-06-05 13:58 21840 --a----t- C:\WINDOWS\system32\SIntfNT.dll
2007-06-05 13:58 17212 --a----t- C:\WINDOWS\system32\SIntf32.dll
2007-06-05 13:58 12067 --a----t- C:\WINDOWS\system32\SIntf16.dll
1999-05-17 13:58 99840 --a------ C:\Program Files\Common Files\IRAABOUT.DLL
1998-12-09 02:53 70144 --a------ C:\Program Files\Common Files\IRAMDMTR.DLL
1998-12-09 02:53 48640 --a------ C:\Program Files\Common Files\IRALPTTR.DLL
1998-12-09 02:53 31744 --a------ C:\Program Files\Common Files\IRAWEBTR.DLL
1998-12-09 02:53 186368 --a------ C:\Program Files\Common Files\IRAREG.DLL
1998-12-09 02:53 17920 --a------ C:\Program Files\Common Files\IRASRIAL.DLL
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-07-28 00:03]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:44]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"=1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLogoff"=0 (0x0)
"NoSMHelp"=0 (0x0)
"NoRecentDocsMenu"=1 (0x1)
"NoSharedDocuments"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Piracy]
"C:\WINDOWS\SysUtil.exe" /PIRACY
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
R2 Net Assert;Net Assert;C:\WINDOWS\system32\NetAssert.exe
R3 ULI5261XP;ULi M526X Ethernet NT Driver;C:\WINDOWS\system32\DRIVERS\ULILAN51.SYS
S1 asusgsb;ASUS Virtual Video Capture Device Driver;C:\WINDOWS\system32\drivers\asusgsb32.sys
S2 spydetector;spydetector;\??\C:\Program Files\Spyware Process Detector\spydetector.sys
S3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys
S3 XDva002;XDva002;\??\C:\WINDOWS\system32\XDva002.sys
S3 XDva005;XDva005;\??\C:\WINDOWS\system32\XDva005.sys
S3 XDva007;XDva007;\??\C:\WINDOWS\system32\XDva007.sys
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-30 07:56:32
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-08-30 7:57:08
C:\ComboFix-quarantined-files.txt ... 2007-08-30 07:56