znikający protokół tcp/ip na panelu połączeń sieciowych

[L_Devil]

Witam!

W ciągu ostatnich trzech dni pięć razy z połączenia domowego (LAN przez switch'a) zainstalowanego na moim komputerze z systemem Windows XP Pro, SP2 wyparowywał protokół TCP/IP tak, jakby został odinstalowany. W związku z tym reszta użytkowników mojej sieci nie może się łączyć z internetem, podczas gdy ja łącze zachowuję. Kreator połączeń internetowych za każdym razem był w stanie naprawić problem.

Teraz z kolej (po trzech dniach) wyparowała mi ikonka Avasta z traya, więc podejrzewam wirusa.

Kod: Zaznacz wszystko

Logfile of HijackThis v1.99.1
Scan saved at 13:52:35, on 2008-01-10
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\spoolsv.exe
G:\WINDOWS\Explorer.EXE
G:\WINDOWS\RTHDCPL.EXE
F:\PowerDVD\PDVDServ.exe
G:\Program Files\QuickTime\qttask.exe
G:\WINDOWS\system32\RunDLL32.exe
G:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
G:\Program Files\Messenger\msmsgs.exe
G:\WINDOWS\system32\ctfmon.exe
G:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
F:\InterVideo\Common\Bin\WinCinemaMgr.exe
G:\Program Files\OpenOffice.org 2.3\program\soffice.exe
G:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
G:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
G:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
F:\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
J:\mysql\bin\mysqld-nt.exe
F:\CDBurnerXP\NMSAccessU.exe
G:\WINDOWS\system32\nvsvc32.exe
G:\Program Files\Cyberlink\Shared files\RichVideo.exe
G:\WINDOWS\System32\svchost.exe
F:\VMware\VMware Workstation\vmware-authd.exe
G:\WINDOWS\system32\vmnat.exe
G:\WINDOWS\system32\vmnetdhcp.exe
G:\Program Files\iPod\bin\iPodService.exe
J:\Piotrek\Programy\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] G:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [RemoteControl] F:\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE G:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] G:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LanguageShortcut] F:\PowerDVD\Language\Language.exe
O4 - HKLM\..\Run: [iTunesHelper] "F:\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "G:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] G:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [avast!] F:\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MSMSGS] "G:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] G:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = G:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OpenOffice.org 2.3.lnk = G:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Startup: WinMySQLadmin.lnk = J:\mysql\bin\winmysqladmin.exe
O4 - Global Startup: Device Detector 3.lnk = G:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = F:\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Monitor Apache Servers.lnk = J:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://F:\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mdz: G:\Program Files\Internet Explorer\Plugins\npmod32.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virusscanner/kavwebscan_unicode.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.mapa.lodz.pl/VIEWERS/mgaxctrl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.12) - http://www.yougamers.com/systeminfo/MSC3.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - G:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O23 - Service: Adobe LM Service - Adobe Systems - G:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2 - Unknown owner - J:\Program Files\Apache Group\Apache2\bin\Apache.exe" -k runservice (file missing)
O23 - Service: Autodesk Licensing Service - Autodesk - G:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ewido anti-spyware 4.0 guard - Unknown owner - F:\ewido anti-spyware 4.0\guard.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - G:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - G:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - G:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - F:\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: MySQL41 - Unknown owner - J:\mysql\bin\mysqld-nt".exe (file missing)
O23 - Service: NMSAccessU - Unknown owner - F:\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - G:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - G:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - F:\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - G:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware NAT Service - VMware, Inc. - G:\WINDOWS\system32\vmnat.exe

Kod: Zaznacz wszystko

"Silent Runners.vbs", revision 48, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"MSMSGS" = ""G:\Program Files\Messenger\msmsgs.exe" /background" [MS]
"ctfmon.exe" = "G:\WINDOWS\system32\ctfmon.exe" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"SunJavaUpdateSched" = "G:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" ["setup"]
"SkyTel" = "SkyTel.EXE" ["Realtek Semiconductor Corp."]
"RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."]
"RemoteControl" = "F:\PowerDVD\PDVDServ.exe" ["Cyberlink Corp."]
"QuickTime Task" = ""G:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NvMediaCenter" = "RunDLL32.exe NvMCTray.dll,NvTaskbarInit" [MS]
"NvCplDaemon" = "RUNDLL32.EXE G:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"NeroFilterCheck" = "G:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"LanguageShortcut" = "F:\PowerDVD\Language\Language.exe" [null data]
"iTunesHelper" = ""F:\iTunes\iTunesHelper.exe"" ["Apple Computer, Inc."]
"ISUSScheduler" = ""G:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start" ["InstallShield Software Corporation"]
"ISUSPM Startup" = "G:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup" ["InstallShield Software Corporation"]
"avast!" = "F:\Avast4\ashDisp.exe" [file not found]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
  -> {HKLM...CLSID} = "SSVHelper Class"
                   \InProcServer32\(Default) = "G:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
  -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
                   \InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"
                   \InProcServer32\(Default) = "G:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
  -> {HKLM...CLSID} = "Microsoft Office Outlook"
                   \InProcServer32\(Default) = "F:\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
  -> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook"
                   \InProcServer32\(Default) = "F:\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = "F:\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
  -> {HKLM...CLSID} = "WinRAR"
                   \InProcServer32\(Default) = "F:\WinRAR\rarext.dll" [null data]
"{6B19FEC2-A45B-11CF-9045-00A0C9039735}" = "Registered ActiveX Controls"
  -> {HKLM...CLSID} = "Registered ActiveX Controls"
                   \InProcServer32\(Default) = "F:\Microsoft Visual Studio\Common\MSDev98\Bin\IDE\DEVXPGL.DLL" [MS]
"{D545EBD1-BD92-11CF-8772-00A0C9039735}" = "Developer Studio Components"
  -> {HKLM...CLSID} = "Developer Studio Components"
                   \InProcServer32\(Default) = "F:\Microsoft Visual Studio\Common\MSDev98\Bin\IDE\DEVXPGL.DLL" [MS]
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
  -> {HKLM...CLSID} = "iTunes"
                   \InProcServer32\(Default) = "F:\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."]
"{e82a2d71-5b2f-43a0-97b8-81be15854de8}" = "ShellLink for Application References"
  -> {HKLM...CLSID} = "ShellLink for Application References"
                   \InProcServer32\(Default) = "G:\WINDOWS\system32\dfshim.dll" [MS]
"{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}" = "Shell Icon Handler for Application References"
  -> {HKLM...CLSID} = "Shell Icon Handler for Application References"
                   \InProcServer32\(Default) = "G:\WINDOWS\system32\dfshim.dll" [MS]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
  -> {HKLM...CLSID} = "Portable Media Devices"
                   \InProcServer32\(Default) = "G:\WINDOWS\system32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
  -> {HKLM...CLSID} = "Portable Media Devices Menu"
                   \InProcServer32\(Default) = "G:\WINDOWS\system32\Audiodev.dll" [MS]
"{6DEA92E9-8682-4b6a-97DE-354772FE5727}" = "Autodesk DWF Preview"
  -> {HKLM...CLSID} = "ACDWFTHMBPRXY"
                   \InProcServer32\(Default) = "G:\Program Files\Common Files\Autodesk Shared\AcDwfThmbPrxy16.dll" ["Autodesk"]
"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
  -> {HKLM...CLSID} = "avast"
                   \InProcServer32\(Default) = "F:\Avast4\ashShell.dll" ["ALWIL Software"]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
  -> {HKLM...CLSID} = "DesktopContext Class"
                   \InProcServer32\(Default) = "G:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
  -> {HKLM...CLSID} = "NVIDIA CPL Extension"
                   \InProcServer32\(Default) = "G:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
  -> {HKLM...CLSID} = "Desktop Explorer"
                   \InProcServer32\(Default) = "G:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = "G:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
  -> {HKLM...CLSID} = "nView Desktop Context Menu"
                   \InProcServer32\(Default) = "G:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{23170F69-40C1-278A-1000-000100020000}" = "7-Zip Shell Extension"
  -> {HKLM...CLSID} = "7-Zip Shell Extension"
                   \InProcServer32\(Default) = "F:\7-Zip\7-zip.dll" ["Igor Pavlov"]
"{792F0537-F929-4eb7-AC1D-FB6334C71550}" = "LG Phone"
  -> {HKLM...CLSID} = "LG Phone"
                   \InProcServer32\(Default) = "F:\TELEFO~1\Phone.dll" ["LG Electornics"]
"{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" = "OpenOffice.org Column Handler"
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = ""G:\Program Files\OpenOffice.org 2.3\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
"{087B3AE3-E237-4467-B8DB-5A38AB959AC9}" = "OpenOffice.org Infotip Handler"
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = ""G:\Program Files\OpenOffice.org 2.3\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
"{63542C48-9552-494A-84F7-73AA6A7C99C1}" = "OpenOffice.org Property Sheet Handler"
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = ""G:\Program Files\OpenOffice.org 2.3\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
"{3B092F0C-7696-40E3-A80F-68D74DA84210}" = "OpenOffice.org Thumbnail Viewer"
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = ""G:\Program Files\OpenOffice.org 2.3\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "ewido anti-spyware 4.0"
  -> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
                   \InProcServer32\(Default) = "F:\ewido anti-spyware 4.0\shellexecutehook.dll" ["Anti-Malware Development a.s."]

HKLM\Software\Classes\PROTOCOLS\Filter\
INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = "G:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\(Default) = "OpenOffice.org Column Handler"
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = ""G:\Program Files\OpenOffice.org 2.3\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
  -> {HKLM...CLSID} = "PDF Shell Extension"
                   \InProcServer32\(Default) = "F:\Adobe Reader 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"
  -> {HKLM...CLSID} = "7-Zip Shell Extension"
                   \InProcServer32\(Default) = "F:\7-Zip\7-zip.dll" ["Igor Pavlov"]
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
  -> {HKLM...CLSID} = "avast"
                   \InProcServer32\(Default) = "F:\Avast4\ashShell.dll" ["ALWIL Software"]
ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
  -> {HKLM...CLSID} = "CContextScan Object"
                   \InProcServer32\(Default) = "F:\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  -> {HKLM...CLSID} = "WinRAR"
                   \InProcServer32\(Default) = "F:\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"
  -> {HKLM...CLSID} = "7-Zip Shell Extension"
                   \InProcServer32\(Default) = "F:\7-Zip\7-zip.dll" ["Igor Pavlov"]
Convert\(Default) = "{9f95ca1a-e80e-4c0f-acd1-4c9b7900b982}"
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = "F:\Microsoft DirectX 9.0 SDK (Summer 2004)\Utilities\txview.dll" [null data]
ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
  -> {HKLM...CLSID} = "CContextScan Object"
                   \InProcServer32\(Default) = "F:\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  -> {HKLM...CLSID} = "WinRAR"
                   \InProcServer32\(Default) = "F:\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
  -> {HKLM...CLSID} = "avast"
                   \InProcServer32\(Default) = "F:\Avast4\ashShell.dll" ["ALWIL Software"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  -> {HKLM...CLSID} = "WinRAR"
                   \InProcServer32\(Default) = "F:\WinRAR\rarext.dll" [null data]


Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\
"Wallpaper" = "G:\Documents and Settings\Piotrek\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"


Startup items in "Piotrek" & "All Users" startup folders:
---------------------------------------------------------

G:\Documents and Settings\Piotrek\Menu Start\Programy\Autostart
"Adobe Gamma" -> shortcut to: "G:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]
"OpenOffice.org 2.3" -> shortcut to: "G:\Program Files\OpenOffice.org 2.3\program\quickstart.exe" [null data]
"WinMySQLadmin" -> shortcut to: "J:\mysql\bin\winmysqladmin.exe" [file not found]

G:\Documents and Settings\All Users\Menu Start\Programy\Autostart
"Device Detector 3" -> shortcut to: "G:\Program Files\Olympus\DeviceDetector\DevDtct2.exe" ["OLYMPUS IMAGING CORP."]
"InterVideo WinCinema Manager" -> shortcut to: "F:\InterVideo\Common\Bin\WinCinemaMgr.exe" ["InterVideo Inc."]
"Monitor Apache Servers" -> shortcut to: "J:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe" ["Apache Software Foundation"]


Enabled Scheduled Tasks:
------------------------

"Symantec NetDetect" -> launches: "G:\Program Files\Symantec\LiveUpdate\NDetect.exe" [file not found]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000004\LibraryPath = "%SystemRoot%\System32\nwprovau.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 24
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Explorer Bars

HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\
{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = (no title provided)
  -> {HKLM...CLSID} = "&Badanie"
                   \InProcServer32\(Default) = "F:\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}"
  -> {HKCU...CLSID} = "Java Plug-in"
                   \InProcServer32\(Default) = "G:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]
  -> {HKLM...CLSID} = "Java Plug-in 1.5.0_06"
                   \InProcServer32\(Default) = "G:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll" ["Sun Microsystems, Inc."]

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Badanie"

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "G:\Program Files\Messenger\msmsgs.exe" [MS]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Autodesk Licensing Service, Autodesk Licensing Service, ""G:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe"" ["Autodesk"]
Cyberlink RichVideo Service(CRVS), RichVideo, ""G:\Program Files\Cyberlink\Shared files\RichVideo.exe"" [empty string]
iPodService, iPodService, "G:\Program Files\iPod\bin\iPodService.exe" ["Apple Computer, Inc."]
Machine Debug Manager, MDM, ""G:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS]
MySQL41, MySQL41, ""J:\mysql\bin\mysqld-nt" --defaults-file="J:\mysql\my.ini" MySQL41" [null data]
NMSAccessU, NMSAccessU, "F:\CDBurnerXP\NMSAccessU.exe" [null data]
NVIDIA Display Driver Service, NVSvc, "G:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
RaySat_3dsmax8 Server, mi-raysat_3dsmax8, "F:\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe" [null data]
VMware Authorization Service, VMAuthdService, "F:\VMware\VMware Workstation\vmware-authd.exe" ["VMware, Inc."]
VMware DHCP Service, VMnetDHCP, "G:\WINDOWS\system32\vmnetdhcp.exe" ["VMware, Inc."]
VMware NAT Service, VMware NAT Service, "G:\WINDOWS\system32\vmnat.exe" ["VMware, Inc."]


Keyboard Driver Filters:
------------------------

HKLM\System\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}\
"UpperFilters" = INFECTION WARNING! "DumaNT" ["Windows (R) 2000 DDK provider"]


Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]


----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
  launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
  took 745 seconds.
+ The search for all Registry CLSIDs containing dormant Explorer Bars
  took 14 seconds.
---------- (total run time: 789 seconds)


[Dzi@dek]

Logi czyste.

[L_Devil]

Any other suggestions? Przeinstalowałem Avasta. Restartuję. Klikam dwa razy na ikonkę - "Aby samodzielnie wyszukać plik kliknij przycisk przeglądaj" Zaglądam do folderu z Avastem. Program wyparował w czasie restartu. Nie ma binarek.

[Dzi@dek]

Odinstaluj i pousuwaj wszystko co związane z avastem, przeczyść rejestr http://www.programosy.pl/program,jv16-powertools.html i ponownie go zainstaluj.
Pokaż jeszcze log z combofix http://www.programosy.pl/program,combofix.html

[L_Devil]

Mam drania!

Cała konfiguracja połączenia udostępnianego wypadała razem z firewall'em Windowsa, który był rozbrajany przez trojana. Wyłapałem próbę połączenia z netem aplikacji "flec006", pogooglałem i znalazłem to:
http://www.bleepingcomputer.com/startups/flec006.exe-15244.html

"Description: Added by the Troj/Bagle-KP Trojan."

Log z ComboFixa:

ComboFix 08-01-13.1 - Piotrek 2008-01-13 21:25:39.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1548 [GMT 1:00]
Running from: J:\Piotrek\Programy\HiJackThis\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

G:\WINDOWS\system32\aadafac4_r.dll
G:\WINDOWS\system32\drivers\srosa.sys
G:\WINDOWS\system32\wintems.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_SROSA
-------\srosa


((((((((((((((((((((((((( Files Created from 2007-12-13 to 2008-01-13 )))))))))))))))))))))))))))))))
.

2008-01-13 19:05 . 2008-01-13 21:06 <DIR> d--h----- G:\Documents and Settings\Piotrek\Dane aplikacji\m
2008-01-13 14:56 . 2008-01-13 14:56 <DIR> d--h----- G:\Documents and Settings\Mama\Dane aplikacji\m
2008-01-12 16:24 . 2008-01-12 16:24 <DIR> d-------- G:\Program Files\jv16 PowerTools 2007
2008-01-12 16:24 . 2008-01-12 16:24 23 --a------ G:\WINDOWS\system32\dccbddfbfcfe_r.ocx
2008-01-09 11:28 . 2008-01-09 11:28 <DIR> d-------- G:\Documents and Settings\All Users\Dane aplikacji\FLEXnet
2008-01-09 11:19 . 2005-03-31 01:06 36,864 --------- G:\WINDOWS\system32\CTCamMgr.dll
2008-01-08 22:44 . 2004-08-14 02:03 673,212 --------- G:\WINDOWS\system32\drivers\hldrrr.exe
2008-01-08 22:17 . 2008-01-13 20:09 <DIR> d-------- G:\WINDOWS\system32\drivers\down
2008-01-07 18:52 . 2008-01-07 18:56 <DIR> d-------- G:\Program Files\Common Files\Roxio Shared
2008-01-03 16:03 . 2008-01-03 16:03 <DIR> d--hs---- G:\WINDOWS\ftpcache
2007-12-28 18:30 . 2007-12-28 18:30 <DIR> d-------- G:\Documents and Settings\Piotrek\Dane aplikacji\Soldat
2007-12-20 16:55 . 2007-12-20 16:57 <DIR> d-------- G:\Documents and Settings\Piotrek\.gimp-2.2

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-13 18:05 --------- d-----w G:\Documents and Settings\Piotrek\Dane aplikacji\OpenOffice.org2
2008-01-13 13:52 --------- d-----w G:\Documents and Settings\LocalService\Dane aplikacji\VMware
2008-01-13 13:52 --------- d-----w G:\Documents and Settings\All Users\Dane aplikacji\VMware
2008-01-11 15:43 357 ----a-w G:\Documents and Settings\Piotrek\.cb_layout.bin
2008-01-09 12:55 --------- d-----w G:\Documents and Settings\Piotrek\Dane aplikacji\Skype
2008-01-09 10:36 --------- d--h--w G:\Program Files\InstallShield Installation Information
2008-01-09 10:26 --------- d-----w G:\Program Files\Common Files\Adobe
2008-01-09 10:22 --------- d-----w G:\Program Files\Creative
2008-01-08 21:41 --------- d-----w G:\Program Files\Common Files\Wise Installation Wizard
2008-01-08 21:02 --------- d-----w G:\Documents and Settings\Piotrek\Dane aplikacji\.bittorrent
2008-01-07 19:55 --------- d-----w G:\Documents and Settings\Piotrek\Dane aplikacji\VMware
2007-12-15 13:52 --------- d-----w G:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
2007-12-08 11:35 --------- d-----w G:\Program Files\directx
2007-12-08 11:30 --------- d-----w G:\Documents and Settings\Piotrek\Dane aplikacji\ImgBurn
2007-12-08 10:37 --------- d-----w G:\Documents and Settings\Piotrek\Dane aplikacji\Daz Productions
2007-12-02 16:56 --------- d-----w G:\Documents and Settings\Piotrek\Dane aplikacji\InstallShield
2007-11-30 21:21 --------- d-----w G:\Documents and Settings\Piotrek\Dane aplikacji\TrueCrypt
2007-11-25 13:33 --------- d-----w G:\Program Files\Common Files\DAZ
2007-11-24 18:05 1,834 ----a-w G:\Documents and Settings\Piotrek\Dane aplikacji\SAS7_000.DAT
2007-11-23 21:33 --------- d-----w G:\Documents and Settings\Piotrek\Dane aplikacji\FileZilla
2006-12-31 16:33 1,001,472 ----a-w G:\Documents and Settings\Piotrek\SiegeScreenSaver.exe
2005-05-19 22:42 226,784 ----a-w G:\Documents and Settings\Piotrek\OTCHLAN.EXE
.

((((((((((((((((((((((((((((( snapshot@2007-11-01_21.43.17.79 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-10-28 12:42:12 53,248 ----a-w G:\WINDOWS\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2007-12-07 18:32:50 53,248 ----a-w G:\WINDOWS\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
- 2007-10-28 12:42:12 12,800 ----a-w G:\WINDOWS\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2007-12-07 18:32:50 12,800 ----a-w G:\WINDOWS\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2007-10-28 12:42:13 473,600 ----a-w G:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2007-12-07 18:32:51 473,600 ----a-w G:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
- 2007-10-28 12:42:07 2,676,224 ----a-w G:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2007-12-07 18:32:44 2,676,224 ----a-w G:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2007-10-28 12:42:08 2,846,720 ----a-w G:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2007-12-07 18:32:45 2,846,720 ----a-w G:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2007-10-28 12:42:09 563,712 ----a-w G:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2007-12-07 18:32:46 563,712 ----a-w G:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2007-10-28 12:42:09 567,296 ----a-w G:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2007-12-07 18:32:47 567,296 ----a-w G:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2007-10-28 12:42:10 576,000 ----a-w G:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2007-12-07 18:32:47 576,000 ----a-w G:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2007-10-28 12:42:10 577,024 ----a-w G:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2007-12-07 18:32:47 577,024 ----a-w G:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2007-10-28 12:42:11 577,536 ----a-w G:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2007-12-07 18:32:48 577,536 ----a-w G:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2007-10-28 12:42:11 577,536 ----a-w G:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2007-12-07 18:32:49 577,536 ----a-w G:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2007-10-28 12:42:11 578,560 ----a-w G:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2007-12-07 18:32:49 578,560 ----a-w G:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2007-10-28 12:42:13 578,560 ----a-w G:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2007-12-07 18:32:51 578,560 ----a-w G:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2007-10-28 12:42:13 145,920 ----a-w G:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2007-12-07 18:32:51 145,920 ----a-w G:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2007-10-28 12:42:14 159,232 ----a-w G:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2007-12-07 18:32:51 159,232 ----a-w G:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2007-10-28 12:42:14 364,544 ----a-w G:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2007-12-07 18:32:52 364,544 ----a-w G:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2007-10-28 12:42:14 178,176 ----a-w G:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2007-12-07 18:32:52 178,176 ----a-w G:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2007-10-28 12:42:12 223,232 ----a-w G:\WINDOWS\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2007-12-07 18:32:50 223,232 ----a-w G:\WINDOWS\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
- 2004-06-14 15:17:16 323,584 ----a-w G:\WINDOWS\Downloaded Program Files\isusweb.dll
+ 2005-02-16 15:15:20 401,408 ----a-w G:\WINDOWS\Downloaded Program Files\isusweb.dll
+ 2000-08-31 07:00:00 163,328 ----a-w G:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
+ 2008-01-13 20:25:06 237,568 ----a-w G:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-13 20:25:06 8,192 ----a-w G:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-13 20:25:06 237,568 ----a-w G:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-13 20:25:06 8,192 ----a-w G:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-13 20:25:06 2,236,416 ----a-w G:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-13 20:25:07 17,743,872 ----a-w G:\WINDOWS\erdnt\Hiv-backup\Users\00000006\NTUSER.DAT
+ 2008-01-13 20:25:07 118,784 ----a-w G:\WINDOWS\erdnt\Hiv-backup\Users\00000007\UsrClass.dat
- 2007-03-13 09:57:10 163,328 ----a-w G:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2000-08-31 07:00:00 163,328 ----a-w G:\WINDOWS\erdnt\subs\ERDNT.EXE
- 2006-09-08 10:27:04 10,134 ----a-r G:\WINDOWS\Installer\{05CF63AC-8BEF-417E-8820-4F7D28601A47}\ARPPRODUCTICON.exe
+ 2007-11-25 19:35:31 10,134 ----a-r G:\WINDOWS\Installer\{05CF63AC-8BEF-417E-8820-4F7D28601A47}\ARPPRODUCTICON.exe
+ 2008-01-07 19:16:49 26,694 ----a-r G:\WINDOWS\Installer\{D9CDB463-BB48-4B80-B1B6-5B940A4621E0}\controlPanelIcon.exe
+ 2008-01-07 19:16:49 10,134 ----a-r G:\WINDOWS\Installer\{D9CDB463-BB48-4B80-B1B6-5B940A4621E0}\SystemFolder_msiexec.exe
- 1998-10-29 14:45:06 306,688 ----a-w G:\WINDOWS\IsUninst.exe
+ 1998-10-29 15:45:06 306,688 ----a-w G:\WINDOWS\IsUninst.exe
- 2007-06-16 23:11:58 51,200 ----a-w G:\WINDOWS\NirCmd.exe
+ 2000-08-31 07:00:00 51,200 ----a-w G:\WINDOWS\NirCmd.exe
+ 2005-11-22 20:14:10 8,192 ----a-w G:\WINDOWS\system32\AlienbrainConnector.dll
- 2007-09-06 10:09:49 801,144 ----a-w G:\WINDOWS\system32\aswBoot.exe
+ 2006-09-25 16:45:08 666,240 ----a-w G:\WINDOWS\system32\aswBoot.exe
- 2007-09-06 10:00:07 95,608 ----a-w G:\WINDOWS\system32\AVASTSS.scr
+ 2006-09-25 16:37:03 90,112 ----a-w G:\WINDOWS\system32\AVASTSS.scr
+ 2007-12-02 17:12:01 98,304 ----a-w G:\WINDOWS\system32\CmdLineExt.dll
+ 2007-11-07 15:06:26 1,785,856 ----a-w G:\WINDOWS\system32\daz-qsa.dll
+ 2007-11-07 15:06:26 6,131,712 ----a-w G:\WINDOWS\system32\daz-qt-mt.dll
- 2007-09-06 10:00:53 26,624 ----a-w G:\WINDOWS\system32\drivers\aavmker4.sys
+ 2006-09-25 16:37:49 24,560 ----a-w G:\WINDOWS\system32\drivers\aavmker4.sys
- 2007-09-06 10:05:25 92,848 ----a-w G:\WINDOWS\system32\drivers\aswmon.sys
+ 2006-09-25 16:40:55 85,952 ----a-w G:\WINDOWS\system32\drivers\aswmon.sys
- 2007-09-06 10:05:10 94,416 ----a-w G:\WINDOWS\system32\drivers\aswmon2.sys
+ 2006-09-25 16:40:41 87,424 ----a-w G:\WINDOWS\system32\drivers\aswmon2.sys
- 2007-09-06 10:03:02 23,152 ----a-w G:\WINDOWS\system32\drivers\aswRdr.sys
+ 2006-09-25 16:39:25 16,352 ----a-w G:\WINDOWS\system32\drivers\aswRdr.sys
- 2007-09-06 10:02:20 42,912 ----a-w G:\WINDOWS\system32\drivers\aswTdi.sys
+ 2006-09-25 16:39:01 36,176 ----a-w G:\WINDOWS\system32\drivers\aswTdi.sys
+ 2007-11-09 22:19:52 278,984 ----a-w G:\WINDOWS\system32\drivers\atksgt.sys
+ 2008-01-13 10:26:31 13,824 ----a-w G:\WINDOWS\system32\drivers\down\101953.exe
+ 2008-01-13 10:26:34 93,188 ----a-w G:\WINDOWS\system32\drivers\down\103640.exe
+ 2008-01-09 15:28:53 471,556 ----a-w G:\WINDOWS\system32\drivers\down\109561968.exe
+ 2008-01-09 15:28:40 471,556 ----a-w G:\WINDOWS\system32\drivers\down\109562234.exe
+ 2008-01-09 15:28:51 483,844 ----a-w G:\WINDOWS\system32\drivers\down\109580031.exe
+ 2008-01-09 15:28:52 13,824 ----a-w G:\WINDOWS\system32\drivers\down\109591140.exe
+ 2008-01-09 15:29:12 483,844 ----a-w G:\WINDOWS\system32\drivers\down\109593687.exe
+ 2008-01-09 15:29:12 13,824 ----a-w G:\WINDOWS\system32\drivers\down\109612484.exe
+ 2008-01-09 15:29:28 8,036 ----a-w G:\WINDOWS\system32\drivers\down\109627531.exe
+ 2008-01-09 15:29:30 8,036 ----a-w G:\WINDOWS\system32\drivers\down\109629843.exe
+ 2008-01-09 15:30:14 6,958 ----a-w G:\WINDOWS\system32\drivers\down\109673312.exe
+ 2008-01-09 15:30:14 6,958 ----a-w G:\WINDOWS\system32\drivers\down\109673328.exe
+ 2008-01-09 15:30:44 34,214 ----a-w G:\WINDOWS\system32\drivers\down\109686171.exe
+ 2008-01-09 15:30:45 34,214 ----a-w G:\WINDOWS\system32\drivers\down\109686359.exe
+ 2008-01-09 15:30:54 7,897 ----a-w G:\WINDOWS\system32\drivers\down\109709875.exe
+ 2008-01-09 15:30:52 7,897 ----a-w G:\WINDOWS\system32\drivers\down\109710968.exe
+ 2008-01-09 15:32:23 9,761 ----a-w G:\WINDOWS\system32\drivers\down\109802593.exe
+ 2008-01-09 15:32:26 9,761 ----a-w G:\WINDOWS\system32\drivers\down\109803468.exe
+ 2008-01-12 10:18:13 8,036 ----a-w G:\WINDOWS\system32\drivers\down\109890.exe
+ 2008-01-12 10:14:22 13,824 ----a-w G:\WINDOWS\system32\drivers\down\110937.exe
+ 2008-01-13 10:26:41 8,036 ----a-w G:\WINDOWS\system32\drivers\down\111656.exe
+ 2008-01-09 16:56:09 471,556 ----a-w G:\WINDOWS\system32\drivers\down\114811656.exe
+ 2008-01-09 16:56:16 471,556 ----a-w G:\WINDOWS\system32\drivers\down\114812187.exe
+ 2008-01-09 16:56:24 483,844 ----a-w G:\WINDOWS\system32\drivers\down\114829171.exe
+ 2008-01-09 16:56:30 483,844 ----a-w G:\WINDOWS\system32\drivers\down\114836437.exe
+ 2008-01-09 16:56:29 13,824 ----a-w G:\WINDOWS\system32\drivers\down\114844546.exe
+ 2008-01-09 16:56:31 3,383 ----a-w G:\WINDOWS\system32\drivers\down\114848968.exe
+ 2008-01-09 16:56:31 13,824 ----a-w G:\WINDOWS\system32\drivers\down\114850750.exe
+ 2008-01-09 16:56:42 471,556 ----a-w G:\WINDOWS\system32\drivers\down\114851312.exe
+ 2008-01-09 16:56:57 8,036 ----a-w G:\WINDOWS\system32\drivers\down\114876718.exe
+ 2008-01-09 16:57:00 8,036 ----a-w G:\WINDOWS\system32\drivers\down\114878937.exe
+ 2008-01-09 16:57:38 6,958 ----a-w G:\WINDOWS\system32\drivers\down\114918046.exe
+ 2008-01-09 16:57:38 6,958 ----a-w G:\WINDOWS\system32\drivers\down\114918062.exe
+ 2008-01-09 16:58:02 34,214 ----a-w G:\WINDOWS\system32\drivers\down\114928140.exe
+ 2008-01-09 16:57:56 34,214 ----a-w G:\WINDOWS\system32\drivers\down\114928171.exe
+ 2008-01-09 16:58:25 7,897 ----a-w G:\WINDOWS\system32\drivers\down\114964531.exe
+ 2008-01-09 16:58:28 7,897 ----a-w G:\WINDOWS\system32\drivers\down\114967156.exe
+ 2008-01-09 16:58:36 21,298 ----a-w G:\WINDOWS\system32\drivers\down\114975046.exe
+ 2008-01-09 16:58:38 21,298 ----a-w G:\WINDOWS\system32\drivers\down\114978609.exe
+ 2008-01-09 17:00:01 9,761 ----a-w G:\WINDOWS\system32\drivers\down\115060578.exe
+ 2008-01-09 17:00:02 9,761 ----a-w G:\WINDOWS\system32\drivers\down\115061593.exe
+ 2008-01-13 12:49:11 93,188 ----a-w G:\WINDOWS\system32\drivers\down\121468.exe
+ 2008-01-10 12:52:24 93,188 ----a-w G:\WINDOWS\system32\drivers\down\125062.exe
+ 2008-01-09 21:01:29 93,188 ----a-w G:\WINDOWS\system32\drivers\down\129536812.exe
+ 2008-01-09 21:01:30 13,824 ----a-w G:\WINDOWS\system32\drivers\down\129543578.exe
+ 2008-01-09 21:01:31 13,824 ----a-w G:\WINDOWS\system32\drivers\down\129544750.exe
+ 2008-01-09 21:01:54 8,036 ----a-w G:\WINDOWS\system32\drivers\down\129567296.exe
+ 2008-01-09 21:01:55 8,036 ----a-w G:\WINDOWS\system32\drivers\down\129568390.exe
+ 2008-01-09 21:02:47 6,958 ----a-w G:\WINDOWS\system32\drivers\down\129621015.exe
+ 2008-01-09 21:02:47 6,958 ----a-w G:\WINDOWS\system32\drivers\down\129621375.exe
+ 2008-01-09 21:03:14 34,214 ----a-w G:\WINDOWS\system32\drivers\down\129641562.exe
+ 2008-01-09 21:03:16 34,214 ----a-w G:\WINDOWS\system32\drivers\down\129641781.exe
+ 2008-01-09 21:03:23 7,897 ----a-w G:\WINDOWS\system32\drivers\down\129655156.exe
+ 2008-01-09 21:03:24 7,897 ----a-w G:\WINDOWS\system32\drivers\down\129656531.exe
+ 2008-01-09 21:03:34 21,298 ----a-w G:\WINDOWS\system32\drivers\down\129668328.exe
+ 2008-01-09 21:03:35 21,298 ----a-w G:\WINDOWS\system32\drivers\down\129669468.exe
+ 2008-01-09 21:05:07 9,761 ----a-w G:\WINDOWS\system32\drivers\down\129760421.exe
+ 2008-01-09 21:05:07 9,761 ----a-w G:\WINDOWS\system32\drivers\down\129760531.exe
+ 2008-01-13 10:27:01 3,502 ----a-w G:\WINDOWS\system32\drivers\down\132218.exe
+ 2008-01-12 10:14:41 8,036 ----a-w G:\WINDOWS\system32\drivers\down\133281.exe
+ 2008-01-13 12:49:15 13,824 ----a-w G:\WINDOWS\system32\drivers\down\137890.exe
+ 2008-01-13 12:49:19 93,188 ----a-w G:\WINDOWS\system32\drivers\down\139218.exe
+ 2008-01-10 01:06:37 93,188 ----a-w G:\WINDOWS\system32\drivers\down\144246875.exe
+ 2008-01-10 01:06:50 483,844 ----a-w G:\WINDOWS\system32\drivers\down\144249343.exe
+ 2008-01-10 01:06:53 483,844 ----a-w G:\WINDOWS\system32\drivers\down\144251578.exe
+ 2008-01-10 01:06:53 13,824 ----a-w G:\WINDOWS\system32\drivers\down\144266000.exe
+ 2008-01-10 01:06:54 13,824 ----a-w G:\WINDOWS\system32\drivers\down\144267671.exe
+ 2008-01-10 01:07:09 8,036 ----a-w G:\WINDOWS\system32\drivers\down\144282437.exe
+ 2008-01-10 01:07:48 6,958 ----a-w G:\WINDOWS\system32\drivers\down\144321781.exe
+ 2008-01-10 01:07:54 34,214 ----a-w G:\WINDOWS\system32\drivers\down\144325140.exe
+ 2008-01-10 01:08:04 21,298 ----a-w G:\WINDOWS\system32\drivers\down\144338562.exe
+ 2008-01-10 01:09:08 6,958 ----a-w G:\WINDOWS\system32\drivers\down\144399812.exe
+ 2008-01-10 01:09:23 34,214 ----a-w G:\WINDOWS\system32\drivers\down\144416390.exe
+ 2008-01-10 01:09:27 9,761 ----a-w G:\WINDOWS\system32\drivers\down\144421062.exe
+ 2008-01-10 01:09:33 21,298 ----a-w G:\WINDOWS\system32\drivers\down\144427328.exe
+ 2008-01-10 01:10:46 9,761 ----a-w G:\WINDOWS\system32\drivers\down\144499718.exe
+ 2008-01-13 12:49:25 8,036 ----a-w G:\WINDOWS\system32\drivers\down\147328.exe
+ 2008-01-12 14:24:04 93,188 ----a-w G:\WINDOWS\system32\drivers\down\14858671.exe
+ 2008-01-12 14:24:20 13,824 ----a-w G:\WINDOWS\system32\drivers\down\14877593.exe
+ 2008-01-12 14:24:45 471,556 ----a-w G:\WINDOWS\system32\drivers\down\14887656.exe
+ 2008-01-10 16:58:31 93,188 ----a-w G:\WINDOWS\system32\drivers\down\14903093.exe
+ 2008-01-12 14:24:57 8,036 ----a-w G:\WINDOWS\system32\drivers\down\14913828.exe
+ 2008-01-10 16:58:42 93,188 ----a-w G:\WINDOWS\system32\drivers\down\14938750.exe
+ 2008-01-10 16:58:44 13,824 ----a-w G:\WINDOWS\system32\drivers\down\14951328.exe
+ 2008-01-12 14:25:42 3,502 ----a-w G:\WINDOWS\system32\drivers\down\14958437.exe
+ 2008-01-12 14:26:48 6,958 ----a-w G:\WINDOWS\system32\drivers\down\15025156.exe
+ 2008-01-13 18:01:43 93,188 ----a-w G:\WINDOWS\system32\drivers\down\15033015.exe
+ 2008-01-10 17:00:07 93,188 ----a-w G:\WINDOWS\system32\drivers\down\15034796.exe
+ 2008-01-12 14:27:52 34,214 ----a-w G:\WINDOWS\system32\drivers\down\15040703.exe
+ 2008-01-10 17:00:37 8,036 ----a-w G:\WINDOWS\system32\drivers\down\15060093.exe
+ 2008-01-13 18:01:55 483,844 ----a-w G:\WINDOWS\system32\drivers\down\15071671.exe
+ 2008-01-13 18:01:56 13,824 ----a-w G:\WINDOWS\system32\drivers\down\15083625.exe
+ 2008-01-13 18:02:11 93,188 ----a-w G:\WINDOWS\system32\drivers\down\15096281.exe
+ 2008-01-13 18:02:35 96,772 ----a-w G:\WINDOWS\system32\drivers\down\15098765.exe
+ 2008-01-12 14:28:02 7,897 ----a-w G:\WINDOWS\system32\drivers\down\15098796.exe
+ 2008-01-13 18:02:42 8,036 ----a-w G:\WINDOWS\system32\drivers\down\15129062.exe
+ 2008-01-13 18:03:17 3,502 ----a-w G:\WINDOWS\system32\drivers\down\15164312.exe
+ 2008-01-10 17:02:31 6,958 ----a-w G:\WINDOWS\system32\drivers\down\15179046.exe
+ 2008-01-12 14:29:40 9,761 ----a-w G:\WINDOWS\system32\drivers\down\15197593.exe
+ 2008-01-10 17:03:07 34,214 ----a-w G:\WINDOWS\system32\drivers\down\15200906.exe
+ 2008-01-13 18:04:01 8,086 ----a-w G:\WINDOWS\system32\drivers\down\15208140.exe
+ 2008-01-13 18:04:07 6,958 ----a-w G:\WINDOWS\system32\drivers\down\15215125.exe
+ 2008-01-10 17:03:23 7,897 ----a-w G:\WINDOWS\system32\drivers\down\15227156.exe
+ 2008-01-13 18:05:03 93,188 ----a-w G:\WINDOWS\system32\drivers\down\15266453.exe
+ 2008-01-13 18:05:06 13,824 ----a-w G:\WINDOWS\system32\drivers\down\15273875.exe
+ 2008-01-13 18:05:27 96,772 ----a-w G:\WINDOWS\system32\drivers\down\15288906.exe
+ 2008-01-13 18:05:36 13,824 ----a-w G:\WINDOWS\system32\drivers\down\15304187.exe
+ 2008-01-13 19:05:43 271,282 ----a-w G:\WINDOWS\system32\drivers\down\15304390.exe
+ 2008-01-13 18:05:47 8,036 ----a-w G:\WINDOWS\system32\drivers\down\15314421.exe
+ 2008-01-10 17:05:06 9,761 ----a-w G:\WINDOWS\system32\drivers\down\15330703.exe
+ 2008-01-13 18:06:27 3,502 ----a-w G:\WINDOWS\system32\drivers\down\15353359.exe
+ 2008-01-13 18:07:12 8,086 ----a-w G:\WINDOWS\system32\drivers\down\15399687.exe
+ 2008-01-13 18:07:22 6,958 ----a-w G:\WINDOWS\system32\drivers\down\15410031.exe
+ 2008-01-13 18:07:33 34,214 ----a-w G:\WINDOWS\system32\drivers\down\15417484.exe
+ 2008-01-13 18:07:40 7,897 ----a-w G:\WINDOWS\system32\drivers\down\15427031.exe
+ 2008-01-13 18:09:23 9,761 ----a-w G:\WINDOWS\system32\drivers\down\15527265.exe
+ 2008-01-13 10:27:28 6,958 ----a-w G:\WINDOWS\system32\drivers\down\159343.exe
+ 2008-01-13 12:49:47 3,502 ----a-w G:\WINDOWS\system32\drivers\down\169046.exe
+ 2008-01-10 12:52:26 13,824 ----a-w G:\WINDOWS\system32\drivers\down\173156.exe
+ 2008-01-13 10:28:12 34,214 ----a-w G:\WINDOWS\system32\drivers\down\185968.exe
+ 2008-01-10 12:52:41 93,188 ----a-w G:\WINDOWS\system32\drivers\down\187156.exe
+ 2008-01-13 19:05:45 93,188 ----a-w G:\WINDOWS\system32\drivers\down\18911046.exe
+ 2008-01-13 19:05:55 8,036 ----a-w G:\WINDOWS\system32\drivers\down\18921906.exe
+ 2008-01-13 19:06:31 3,502 ----a-w G:\WINDOWS\system32\drivers\down\18958281.exe
+ 2008-01-13 19:07:13 8,086 ----a-w G:\WINDOWS\system32\drivers\down\19000359.exe
+ 2008-01-13 19:07:16 6,958 ----a-w G:\WINDOWS\system32\drivers\down\19004359.exe
+ 2008-01-13 19:07:28 34,214 ----a-w G:\WINDOWS\system32\drivers\down\19010796.exe
+ 2008-01-13 19:07:33 7,897 ----a-w G:\WINDOWS\system32\drivers\down\19020093.exe
+ 2008-01-13 19:09:38 9,761 ----a-w G:\WINDOWS\system32\drivers\down\19146265.exe
+ 2008-01-10 12:52:52 8,036 ----a-w G:\WINDOWS\system32\drivers\down\198593.exe
+ 2008-01-13 12:50:18 6,958 ----a-w G:\WINDOWS\system32\drivers\down\200750.exe
+ 2008-01-13 12:50:35 34,214 ----a-w G:\WINDOWS\system32\drivers\down\205125.exe
+ 2008-01-13 10:28:32 7,897 ----a-w G:\WINDOWS\system32\drivers\down\222796.exe
+ 2008-01-12 10:20:05 6,958 ----a-w G:\WINDOWS\system32\drivers\down\222937.exe
+ 2008-01-13 12:50:41 7,897 ----a-w G:\WINDOWS\system32\drivers\down\222968.exe
+ 2008-01-12 10:20:28 34,214 ----a-w G:\WINDOWS\system32\drivers\down\235656.exe
+ 2008-01-11 17:19:38 471,556 ----a-w G:\WINDOWS\system32\drivers\down\24030906.exe
+ 2008-01-11 17:19:41 13,824 ----a-w G:\WINDOWS\system32\drivers\down\24048500.exe
+ 2008-01-11 17:19:54 93,188 ----a-w G:\WINDOWS\system32\drivers\down\24061796.exe
+ 2008-01-11 17:19:57 6,591 ----a-w G:\WINDOWS\system32\drivers\down\24064453.exe
+ 2008-01-11 17:19:57 13,824 ----a-w G:\WINDOWS\system32\drivers\down\24065250.exe
+ 2008-01-11 17:20:05 8,036 ----a-w G:\WINDOWS\system32\drivers\down\24072093.exe
+ 2008-01-11 17:20:25 8,036 ----a-w G:\WINDOWS\system32\drivers\down\24092781.exe
+ 2008-01-11 17:21:36 6,958 ----a-w G:\WINDOWS\system32\drivers\down\24164218.exe
+ 2008-01-11 17:21:42 6,958 ----a-w G:\WINDOWS\system32\drivers\down\24170562.exe
+ 2008-01-11 17:21:57 34,214 ----a-w G:\WINDOWS\system32\drivers\down\24182203.exe
+ 2008-01-11 17:22:17 34,214 ----a-w G:\WINDOWS\system32\drivers\down\24189750.exe
+ 2008-01-11 17:22:17 7,897 ----a-w G:\WINDOWS\system32\drivers\down\24203421.exe
+ 2008-01-11 17:22:28 7,897 ----a-w G:\WINDOWS\system32\drivers\down\24214515.exe
+ 2008-01-11 17:24:08 9,761 ----a-w G:\WINDOWS\system32\drivers\down\24315140.exe
+ 2008-01-11 17:24:08 9,761 ----a-w G:\WINDOWS\system32\drivers\down\24315218.exe
+ 2008-01-12 10:20:36 7,897 ----a-w G:\WINDOWS\system32\drivers\down\253093.exe
+ 2008-01-10 12:53:53 6,958 ----a-w G:\WINDOWS\system32\drivers\down\260734.exe
+ 2008-01-10 12:54:30 34,214 ----a-w G:\WINDOWS\system32\drivers\down\270125.exe
+ 2008-01-13 12:51:52 9,761 ----a-w G:\WINDOWS\system32\drivers\down\294500.exe
+ 2008-01-13 10:29:44 9,761 ----a-w G:\WINDOWS\system32\drivers\down\295718.exe
+ 2008-01-12 18:31:02 93,188 ----a-w G:\WINDOWS\system32\drivers\down\29676296.exe
+ 2008-01-12 18:31:05 13,824 ----a-w G:\WINDOWS\system32\drivers\down\29682531.exe
+ 2008-01-12 18:31:25 8,036 ----a-w G:\WINDOWS\system32\drivers\down\29702140.exe
+ 2008-01-12 18:32:00 3,502 ----a-w G:\WINDOWS\system32\drivers\down\29737359.exe
+ 2008-01-12 18:32:51 6,958 ----a-w G:\WINDOWS\system32\drivers\down\29788734.exe
+ 2008-01-12 18:33:05 34,214 ----a-w G:\WINDOWS\system32\drivers\down\29795421.exe
+ 2008-01-10 21:06:26 93,188 ----a-w G:\WINDOWS\system32\drivers\down\29807296.exe
+ 2008-01-10 21:06:30 13,824 ----a-w G:\WINDOWS\system32\drivers\down\29817000.exe
+ 2008-01-10 21:06:45 8,036 ----a-w G:\WINDOWS\system32\drivers\down\29831468.exe
+ 2008-01-12 18:33:53 7,897 ----a-w G:\WINDOWS\system32\drivers\down\29850046.exe
+ 2008-01-10 21:08:29 6,958 ----a-w G:\WINDOWS\system32\drivers\down\29936640.exe
+ 2008-01-12 18:35:39 9,761 ----a-w G:\WINDOWS\system32\drivers\down\29957250.exe
+ 2008-01-10 21:10:10 34,214 ----a-w G:\WINDOWS\system32\drivers\down\30009140.exe
+ 2008-01-10 21:10:18 7,897 ----a-w G:\WINDOWS\system32\drivers\down\30042281.exe
+ 2008-01-10 21:11:50 9,761 ----a-w G:\WINDOWS\system32\drivers\down\30137640.exe
+ 2008-01-10 12:54:46 7,897 ----a-w G:\WINDOWS\system32\drivers\down\312734.exe
+ 2008-01-13 13:55:52 93,188 ----a-w G:\WINDOWS\system32\drivers\down\313796.exe
+ 2008-01-13 13:55:55 13,824 ----a-w G:\WINDOWS\system32\drivers\down\322515.exe
+ 2008-01-13 13:56:13 96,772 ----a-w G:\WINDOWS\system32\drivers\down\337828.exe
+ 2008-01-13 13:56:19 8,036 ----a-w G:\WINDOWS\system32\drivers\down\346218.exe
+ 2008-01-12 10:22:43 9,761 ----a-w G:\WINDOWS\system32\drivers\down\380437.exe
+ 2008-01-13 13:57:00 3,502 ----a-w G:\WINDOWS\system32\drivers\down\385265.exe
+ 2008-01-11 21:25:46 93,188 ----a-w G:\WINDOWS\system32\drivers\down\38797234.exe
+ 2008-01-11 21:25:38 13,824 ----a-w G:\WINDOWS\system32\drivers\down\38802593.exe
+ 2008-01-11 21:25:48 3,383 ----a-w G:\WINDOWS\system32\drivers\down\38813953.exe
+ 2008-01-11 21:25:48 13,824 ----a-w G:\WINDOWS\system32\drivers\down\38816015.exe
+ 2008-01-11 21:26:03 93,188 ----a-w G:\WINDOWS\system32\drivers\down\38829250.exe
+ 2008-01-11 21:26:04 8,036 ----a-w G:\WINDOWS\system32\drivers\down\38831515.exe
+ 2008-01-11 21:26:15 8,036 ----a-w G:\WINDOWS\system32\drivers\down\38842093.exe
+ 2008-01-11 21:27:36 6,958 ----a-w G:\WINDOWS\system32\drivers\down\38923531.exe
+ 2008-01-11 21:27:36 6,958 ----a-w G:\WINDOWS\system32\drivers\down\38924421.exe
+ 2008-01-11 21:27:50 34,214 ----a-w G:\WINDOWS\system32\drivers\down\38929921.exe
+ 2008-01-11 21:28:23 34,214 ----a-w G:\WINDOWS\system32\drivers\down\38930812.exe
+ 2008-01-11 21:27:58 7,897 ----a-w G:\WINDOWS\system32\drivers\down\38945109.exe
+ 2008-01-11 21:28:32 7,897 ----a-w G:\WINDOWS\system32\drivers\down\38979390.exe
+ 2008-01-11 21:29:44 9,761 ----a-w G:\WINDOWS\system32\drivers\down\39050671.exe
+ 2008-01-11 21:29:50 9,761 ----a-w G:\WINDOWS\system32\drivers\down\39057562.exe
+ 2008-01-10 12:56:27 9,761 ----a-w G:\WINDOWS\system32\drivers\down\415000.exe
+ 2008-01-13 13:57:47 6,958 ----a-w G:\WINDOWS\system32\drivers\down\434984.exe
+ 2008-01-13 13:58:05 34,214 ----a-w G:\WINDOWS\system32\drivers\down\439406.exe
+ 2008-01-12 22:37:11 13,824 ----a-w G:\WINDOWS\system32\drivers\down\44448515.exe
+ 2008-01-12 22:37:33 93,188 ----a-w G:\WINDOWS\system32\drivers\down\44467984.exe
+ 2008-01-12 22:37:40 8,036 ----a-w G:\WINDOWS\system32\drivers\down\44476859.exe
+ 2008-01-12 22:38:14 3,502 ----a-w G:\WINDOWS\system32\drivers\down\44511781.exe
+ 2008-01-12 22:39:11 6,958 ----a-w G:\WINDOWS\system32\drivers\down\44569156.exe
+ 2008-01-12 22:39:23 34,214 ----a-w G:\WINDOWS\system32\drivers\down\44575734.exe
+ 2008-01-12 22:39:42 7,897 ----a-w G:\WINDOWS\system32\drivers\down\44590500.exe
+ 2008-01-12 22:41:30 9,761 ----a-w G:\WINDOWS\system32\drivers\down\44703484.exe
+ 2008-01-13 13:58:09 7,897 ----a-w G:\WINDOWS\system32\drivers\down\456609.exe
+ 2008-01-08 21:45:13 471,556 ----a-w G:\WINDOWS\system32\drivers\down\45752562.exe
+ 2008-01-08 21:45:36 13,824 ----a-w G:\WINDOWS\system32\drivers\down\45795109.exe
+ 2008-01-08 21:45:57 8,036 ----a-w G:\WINDOWS\system32\drivers\down\45816609.exe
+ 2008-01-08 21:46:29 6,958 ----a-w G:\WINDOWS\system32\drivers\down\45849187.exe
+ 2008-01-08 21:46:50 34,214 ----a-w G:\WINDOWS\system32\drivers\down\45854093.exe
+ 2008-01-08 21:47:00 7,897 ----a-w G:\WINDOWS\system32\drivers\down\45878000.exe
+ 2008-01-08 21:47:10 21,304 ----a-w G:\WINDOWS\system32\drivers\down\45889218.exe
+ 2008-01-08 21:48:15 23,266 ----a-w G:\WINDOWS\system32\drivers\down\45953515.exe
+ 2008-01-08 21:48:41 9,761 ----a-w G:\WINDOWS\system32\drivers\down\45979953.exe
+ 2008-01-12 01:31:18 458,244 ----a-w G:\WINDOWS\system32\drivers\down\53543000.exe
+ 2008-01-12 01:31:30 13,824 ----a-w G:\WINDOWS\system32\drivers\down\53551375.exe
+ 2008-01-12 01:31:45 93,188 ----a-w G:\WINDOWS\system32\drivers\down\53561265.exe
+ 2008-01-12 01:32:03 13,824 ----a-w G:\WINDOWS\system32\drivers\down\53590984.exe
+ 2008-01-12 01:32:09 93,188 ----a-w G:\WINDOWS\system32\drivers\down\53592875.exe
+ 2008-01-12 01:32:11 8,036 ----a-w G:\WINDOWS\system32\drivers\down\53595859.exe
+ 2008-01-12 01:32:18 8,036 ----a-w G:\WINDOWS\system32\drivers\down\53605468.exe
+ 2008-01-12 01:33:35 6,958 ----a-w G:\WINDOWS\system32\drivers\down\53682468.exe
+ 2008-01-12 01:33:35 6,958 ----a-w G:\WINDOWS\system32\drivers\down\53682500.exe
+ 2008-01-12 01:34:09 34,214 ----a-w G:\WINDOWS\system32\drivers\down\53711953.exe
+ 2008-01-12 01:34:16 7,897 ----a-w G:\WINDOWS\system32\drivers\down\53722921.exe
+ 2008-01-12 01:34:27 34,214 ----a-w G:\WINDOWS\system32\drivers\down\53729296.exe
+ 2008-01-12 01:34:33 7,897 ----a-w G:\WINDOWS\system32\drivers\down\53739703.exe
+ 2008-01-12 01:35:50 9,761 ----a-w G:\WINDOWS\system32\drivers\down\53817125.exe
+ 2008-01-12 01:35:53 9,761 ----a-w G:\WINDOWS\system32\drivers\down\53821000.exe
+ 2008-01-13 13:59:50 9,761 ----a-w G:\WINDOWS\system32\drivers\down\557828.exe
+ 2008-01-13 02:43:00 93,188 ----a-w G:\WINDOWS\system32\drivers\down\59193359.exe
+ 2008-01-13 02:43:15 13,824 ----a-w G:\WINDOWS\system32\drivers\down\59212078.exe
+ 2008-01-13 02:43:43 8,036 ----a-w G:\WINDOWS\system32\drivers\down\59239578.exe
+ 2008-01-13 02:44:21 3,502 ----a-w G:\WINDOWS\system32\drivers\down\59277875.exe
+ 2008-01-13 02:45:16 6,958 ----a-w G:\WINDOWS\system32\drivers\down\59333937.exe
+ 2008-01-13 02:45:51 34,214 ----a-w G:\WINDOWS\system32\drivers\down\59364453.exe
+ 2008-01-13 02:46:02 7,897 ----a-w G:\WINDOWS\system32\drivers\down\59377921.exe
+ 2008-01-13 02:47:54 9,761 ----a-w G:\WINDOWS\system32\drivers\down\59489328.exe
+ 2008-01-09 01:49:40 471,556 ----a-w G:\WINDOWS\system32\drivers\down\60428578.exe
+ 2008-01-09 01:49:41 13,824 ----a-w G:\WINDOWS\system32\drivers\down\60440875.exe
+ 2008-01-09 01:49:55 8,036 ----a-w G:\WINDOWS\system32\drivers\down\60453453.exe
+ 2008-01-09 01:50:33 6,958 ----a-w G:\WINDOWS\system32\drivers\down\60492453.exe
+ 2008-01-09 01:50:44 34,214 ----a-w G:\WINDOWS\system32\drivers\down\60501140.exe
+ 2008-01-09 01:50:57 7,897 ----a-w G:\WINDOWS\system32\drivers\down\60516171.exe
+ 2008-01-09 01:51:05 21,304 ----a-w G:\WINDOWS\system32\drivers\down\60524750.exe
+ 2008-01-09 01:52:05 23,266 ----a-w G:\WINDOWS\system32\drivers\down\60585375.exe
+ 2008-01-09 01:52:32 9,761 ----a-w G:\WINDOWS\system32\drivers\down\60608890.exe
+ 2008-01-12 05:37:17 93,188 ----a-w G:\WINDOWS\system32\drivers\down\68302125.exe
+ 2008-01-12 05:37:34 13,824 ----a-w G:\WINDOWS\system32\drivers\down\68320968.exe
+ 2008-01-12 05:37:40 93,188 ----a-w G:\WINDOWS\system32\drivers\down\68326046.exe
+ 2008-01-12 05:37:42 13,824 ----a-w G:\WINDOWS\system32\drivers\down\68330250.exe
+ 2008-01-12 05:37:59 93,188 ----a-w G:\WINDOWS\system32\drivers\down\68346265.exe
+ 2008-01-12 05:38:00 8,036 ----a-w G:\WINDOWS\system32\drivers\down\68347531.exe
+ 2008-01-12 05:38:03 8,036 ----a-w G:\WINDOWS\system32\drivers\down\68350906.exe
+ 2008-01-12 05:39:21 6,958 ----a-w G:\WINDOWS\system32\drivers\down\68428625.exe
+ 2008-01-12 05:39:22 6,958 ----a-w G:\WINDOWS\system32\drivers\down\68429734.exe
+ 2008-01-12 05:39:26 34,214 ----a-w G:\WINDOWS\system32\drivers\down\68432718.exe
+ 2008-01-12 05:39:28 34,214 ----a-w G:\WINDOWS\system32\drivers\down\68434500.exe
+ 2008-01-12 05:39:34 7,897 ----a-w G:\WINDOWS\system32\drivers\down\68441093.exe
+ 2008-01-12 05:39:34 7,897 ----a-w G:\WINDOWS\system32\drivers\down\68441109.exe
+ 2008-01-12 05:41:08 9,761 ----a-w G:\WINDOWS\system32\drivers\down\68534531.exe
+ 2008-01-12 05:41:08 9,761 ----a-w G:\WINDOWS\system32\drivers\down\68534546.exe
+ 2008-01-13 06:49:22 93,188 ----a-w G:\WINDOWS\system32\drivers\down\73976421.exe
+ 2008-01-13 06:49:34 13,824 ----a-w G:\WINDOWS\system32\drivers\down\73991640.exe
+ 2008-01-13 06:50:06 8,036 ----a-w G:\WINDOWS\system32\drivers\down\74022875.exe
+ 2008-01-13 06:50:48 3,502 ----a-w G:\WINDOWS\system32\drivers\down\74064750.exe
+ 2008-01-13 06:51:45 6,958 ----a-w G:\WINDOWS\system32\drivers\down\74123203.exe
+ 2008-01-13 06:52:17 34,214 ----a-w G:\WINDOWS\system32\drivers\down\74152359.exe
+ 2008-01-13 06:52:28 7,897 ----a-w G:\WINDOWS\system32\drivers\down\74164718.exe
+ 2008-01-13 06:54:06 9,761 ----a-w G:\WINDOWS\system32\drivers\down\74263859.exe
+ 2008-01-09 05:53:25 471,556 ----a-w G:\WINDOWS\system32\drivers\down\75057343.exe
+ 2008-01-09 05:53:30 13,824 ----a-w G:\WINDOWS\system32\drivers\down\75070140.exe
+ 2008-01-09 05:54:00 8,036 ----a-w G:\WINDOWS\system32\drivers\down\75099578.exe
+ 2008-01-09 05:54:35 6,958 ----a-w G:\WINDOWS\system32\drivers\down\75134593.exe
+ 2008-01-09 05:54:46 34,214 ----a-w G:\WINDOWS\system32\drivers\down\75144375.exe
+ 2008-01-09 05:54:57 7,897 ----a-w G:\WINDOWS\system32\drivers\down\75156437.exe
+ 2008-01-09 05:55:04 21,304 ----a-w G:\WINDOWS\system32\drivers\down\75164484.exe
+ 2008-01-09 05:56:07 23,266 ----a-w G:\WINDOWS\system32\drivers\down\75227515.exe
+ 2008-01-09 05:56:29 9,761 ----a-w G:\WINDOWS\system32\drivers\down\75249234.exe
+ 2008-01-12 09:42:43 471,556 ----a-w G:\WINDOWS\system32\drivers\down\83018968.exe
+ 2008-01-12 09:42:45 13,824 ----a-w G:\WINDOWS\system32\drivers\down\83032500.exe
+ 2008-01-12 09:43:06 93,188 ----a-w G:\WINDOWS\system32\drivers\down\83051390.exe
+ 2008-01-12 09:43:19 13,824 ----a-w G:\WINDOWS\system32\drivers\down\83066968.exe
+ 2008-01-12 09:44:20 8,036 ----a-w G:\WINDOWS\system32\drivers\down\83126125.exe
+ 2008-01-12 09:44:21 8,036 ----a-w G:\WINDOWS\system32\drivers\down\83128484.exe
+ 2008-01-12 09:45:50 6,958 ----a-w G:\WINDOWS\system32\drivers\down\83217500.exe
+ 2008-01-12 09:45:51 6,958 ----a-w G:\WINDOWS\system32\drivers\down\83218656.exe
+ 2008-01-12 09:46:02 34,214 ----a-w G:\WINDOWS\system32\drivers\down\83226484.exe
+ 2008-01-12 09:46:17 34,214 ----a-w G:\WINDOWS\system32\drivers\down\83226515.exe
+ 2008-01-12 09:46:10 7,897 ----a-w G:\WINDOWS\system32\drivers\down\83237203.exe
+ 2008-01-12 09:46:25 7,897 ----a-w G:\WINDOWS\system32\drivers\down\83251796.exe
+ 2008-01-12 09:47:51 9,761 ----a-w G:\WINDOWS\system32\drivers\down\83338625.exe
+ 2008-01-12 09:47:51 9,761 ----a-w G:\WINDOWS\system32\drivers\down\83338656.exe
+ 2008-01-12 10:17:52 13,824 ----a-w G:\WINDOWS\system32\drivers\down\88734.exe
+ 2008-01-09 09:57:20 483,844 ----a-w G:\WINDOWS\system32\drivers\down\89691671.exe
+ 2008-01-09 09:57:25 13,824 ----a-w G:\WINDOWS\system32\drivers\down\89703390.exe
+ 2008-01-09 09:57:41 471,556 ----a-w G:\WINDOWS\system32\drivers\down\89712921.exe
+ 2008-01-09 09:57:49 8,036 ----a-w G:\WINDOWS\system32\drivers\down\89727687.exe
+ 2008-01-09 09:58:28 6,958 ----a-w G:\WINDOWS\system32\drivers\down\89764562.exe
+ 2008-01-09 09:58:57 34,214 ----a-w G:\WINDOWS\system32\drivers\down\89777359.exe
+ 2008-01-09 09:59:08 7,897 ----a-w G:\WINDOWS\system32\drivers\down\89807343.exe
+ 2008-01-09 09:59:24 21,304 ----a-w G:\WINDOWS\system32\drivers\down\89823078.exe
+ 2008-01-09 10:00:31 9,761 ----a-w G:\WINDOWS\system32\drivers\down\89890921.exe
+ 2008-01-11 13:13:23 471,556 ----a-w G:\WINDOWS\system32\drivers\down\9237906.exe
+ 2008-01-11 13:12:53 3,383 ----a-w G:\WINDOWS\system32\drivers\down\9237953.exe
+ 2008-01-11 13:13:00 13,824 ----a-w G:\WINDOWS\system32\drivers\down\9247453.exe
+ 2008-01-11 13:13:28 93,188 ----a-w G:\WINDOWS\system32\drivers\down\9271078.exe
+ 2008-01-11 13:13:35 483,844 ----a-w G:\WINDOWS\system32\drivers\down\9271359.exe
+ 2008-01-11 13:13:36 13,824 ----a-w G:\WINDOWS\system32\drivers\down\9283859.exe
+ 2008-01-11 13:14:01 458,244 ----a-w G:\WINDOWS\system32\drivers\down\9297453.exe
+ 2008-01-11 13:13:52 8,036 ----a-w G:\WINDOWS\system32\drivers\down\9298453.exe
+ 2008-01-11 13:14:13 8,036 ----a-w G:\WINDOWS\system32\drivers\down\9320312.exe
+ 2008-01-11 13:15:42 6,958 ----a-w G:\WINDOWS\system32\drivers\down\9408906.exe
+ 2008-01-11 13:15:42 6,958 ----a-w G:\WINDOWS\system32\drivers\down\9408921.exe
+ 2008-01-11 13:16:11 34,214 ----a-w G:\WINDOWS\system32\drivers\down\9421265.exe
+ 2008-01-11 13:16:48 34,214 ----a-w G:\WINDOWS\system32\drivers\down\9421359.exe
+ 2008-01-11 13:16:23 7,897 ----a-w G:\WINDOWS\system32\drivers\down\9447171.exe
+ 2008-01-11 13:17:00 7,897 ----a-w G:\WINDOWS\system32\drivers\down\9487359.exe
+ 2008-01-12 10:14:08 93,188 ----a-w G:\WINDOWS\system32\drivers\down\94968.exe
+ 2008-01-11 13:18:11 9,761 ----a-w G:\WINDOWS\system32\drivers\down\9557500.exe
+ 2008-01-11 13:18:32 9,761 ----a-w G:\WINDOWS\system32\drivers\down\9580421.exe
+ 2005-07-28 07:18:40 685,056 ----a-w G:\WINDOWS\system32\drivers\hardlock.sys
+ 2007-11-09 22:19:52 25,416 ----a-w G:\WINDOWS\system32\drivers\lirsgt.sys
+ 2007-05-03 20:22:04 188,672 ----a-w G:\WINDOWS\system32\drivers\truecrypt.sys
+ 2001-12-19 10:45:00 8,576 ----a-w G:\WINDOWS\system32\drivers\VCdRom.sys
+ 2007-11-07 14:56:14 2,076,672 ----a-w G:\WINDOWS\system32\dz3delight.dll
+ 2007-11-07 15:24:34 32,256 ----a-w G:\WINDOWS\system32\dzbryce6.dll
+ 2007-11-07 15:20:36 65,536 ----a-w G:\WINDOWS\system32\dzcarrara.dll
+ 2007-11-07 15:20:24 8,704,000 ----a-w G:\WINDOWS\system32\dzcore.dll
+ 2007-11-07 15:24:34 180,224 ----a-w G:\WINDOWS\system32\dzwrapper.dll
- 2007-10-28 23:40:52 282,128 ----a-w G:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-01-10 11:02:57 292,480 ----a-w G:\WINDOWS\system32\FNTCACHE.DAT
- 2005-09-23 07:20:28 837,904 ----a-w G:\WINDOWS\system32\hha.dll
+ 1999-12-03 05:25:52 837,904 ----a-w G:\WINDOWS\system32\hha.dll
- 2006-03-31 09:45:14 128,648 ----a-w G:\WINDOWS\system32\Macromed\Flash\GetFlash.exe
+ 2006-01-02 10:13:32 128,648 ----a-w G:\WINDOWS\system32\Macromed\Flash\GetFlash.exe
- 2006-01-12 08:53:36 20,480 ----a-w G:\WINDOWS\system32\Macromed\Flash\UninstFl.exe
+ 2006-01-03 14:14:12 20,480 ----a-w G:\WINDOWS\system32\Macromed\Flash\UninstFl.exe
+ 2005-11-06 00:09:34 221,184 ----a-w G:\WINDOWS\system32\NxN_alienbrain_EEM.dll
+ 2005-11-06 00:09:34 675,840 ----a-w G:\WINDOWS\system32\NxN_alienbrain_IntegrationForms_128.dll
+ 2005-11-06 00:09:34 212,992 ----a-w G:\WINDOWS\system32\NxN_alienbrain_IntegrationFramework_128.dll
+ 2005-11-06 00:09:34 1,224,704 ----a-w G:\WINDOWS\system32\NxN_alienbrain_Library_128.dll
+ 2005-11-06 00:09:34 90,112 ----a-w G:\WINDOWS\system32\NxN_alienbrain_WIF_128.dll
+ 2005-11-06 00:09:34 1,273,856 ----a-w G:\WINDOWS\system32\NxN_alienbrain_XDK_128.dll
+ 2005-11-22 20:15:12 348,160 ----a-w G:\WINDOWS\system32\PerforceConnector.dll
+ 2005-07-20 17:08:26 104,576 ----a-w G:\WINDOWS\system32\Setup\aladdin\hasphl\aksclass.sys
+ 2004-07-06 12:37:44 7,168 ----a-w G:\WINDOWS\system32\Setup\aladdin\hasphl\akscoinst.dll
+ 2005-07-20 17:08:26 327,808 ----a-w G:\WINDOWS\system32\Setup\aladdin\hasphl\akshasp.sys
+ 2005-07-20 17:08:28 100,096 ----a-w G:\WINDOWS\system32\Setup\aladdin\hasphl\aksusb.sys
+ 2005-07-28 07:18:40 685,056 ----a-w G:\WINDOWS\system32\Setup\aladdin\hasphl\hardlock.sys
- 2007-07-22 17:39:27 279,552 ----a-w G:\WINDOWS\system32\swreg.exe
+ 2000-08-31 07:00:00 156,160 ----a-w G:\WINDOWS\system32\swreg.exe
+ 2005-11-06 00:10:32 860,211 --s-a-w G:\WINDOWS\system32\XSIFtk-3.6.2.1.dll
+ 2008-01-13 20:30:48 16,384 ----atw G:\WINDOWS\Temp\Perflib_Perfdata_2f0.dat
- 2004-03-29 15:23:44 90,112 ----a-w G:\WINDOWS\unvise32.exe
+ 2004-03-29 16:23:44 90,112 ----a-w G:\WINDOWS\unvise32.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="G:\Program Files\Messenger\msmsgs.exe" [2004-08-03 23:44 1667584]
"ctfmon.exe"="G:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:44 15360]
"german.exe"="G:\WINDOWS\system32\wintems.exe" [ ]
"mule_st_key"="G:\Documents and Settings\Piotrek\Dane aplikacji\m\flec006.exe" [2004-08-14 02:03 673212]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="G:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2004-08-14 02:03 673212]
"SkyTel"="SkyTel.EXE" [2006-05-16 17:04 2879488 G:\WINDOWS\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-18 13:27 16207872 G:\WINDOWS\RTHDCPL.exe]
"RemoteControl"="F:\PowerDVD\PDVDServ.exe" [2005-12-07 22:57 30208]
"QuickTime Task"="G:\Program Files\QuickTime\qttask.exe" [2006-06-03 09:29 155648]
"nwiz"="nwiz.exe" [2006-06-01 17:22 1519616 G:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 17:22 86016 G:\WINDOWS\system32\nvmctray.dll]
"NvCplDaemon"="G:\WINDOWS\system32\NvCpl.dll" [2006-06-01 17:22 7618560]
"NeroFilterCheck"="G:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"LanguageShortcut"="F:\PowerDVD\Language\Language.exe" [2006-05-18 11:29 49152]
"iTunesHelper"="F:\iTunes\iTunesHelper.exe" [2006-02-23 15:45 278528]
"ISUSScheduler"="G:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 16:15 81920]
"ISUSPM Startup"="G:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 16:15 221184]

G:\Documents and Settings\Piotrek\Menu Start\Programy\Autostart\
Adobe Gamma.lnk - G:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-09-21 19:18:02]
OpenOffice.org 2.3.lnk - G:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 22:57:56]

G:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Device Detector 3.lnk - G:\Program Files\Olympus\DeviceDetector\DevDtct2.exe [2006-12-24 23:18:28]
InterVideo WinCinema Manager.lnk - F:\InterVideo\Common\Bin\WinCinemaMgr.exe [2007-01-20 19:01:27]
Monitor Apache Servers.lnk - J:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe [2004-09-23 16:18:46]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

R0 iteraid;ITERAID_Service_Install;G:\WINDOWS\system32\drivers\iteraid.sys [2004-10-29 12:21]
R1 vcdrom;Virtual CD-ROM Device Driver;G:\WINDOWS\system32\drivers\VCdRom.sys [2001-12-19 11:45]
R2 MySQL41;MySQL41;"J:\mysql\bin\mysqld-nt" []
R2 NMSAccessU;NMSAccessU;F:\CDBurnerXP\NMSAccessU.exe [2007-10-12 08:34]
S3 ASPI;Advanced SCSI Programming Interface Driver;G:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 07:05]
S3 GVCplDrv;GVCplDrv;G:\WINDOWS\system32\drivers\GVCplDrv.sys [2004-05-02 09:47]
S3 ldiskl;ldiskl;G:\DOCUME~1\Piotrek\USTAWI~1\Temp\ldiskl.sys []
S3 VNUSB;VN Series Device;G:\WINDOWS\system32\DRIVERS\VNUSB.sys [2006-04-07 17:06]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
\Shell\AutoRun\command - I:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{07d0e995-effb-11da-8f90-806d6172696f}]
\Shell\AutoRun\command - H:\CDSAMPLE\AUTORUN\AUTORUN.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{07d0e996-effb-11da-8f90-806d6172696f}]
\Shell\AutoRun\command - I:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6803b262-9f44-11dc-beeb-005056c00008}]
\Shell\AutoRun\command - G:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL nircmd.exe execmd CALL Hacks\switchblade\tools\start.bat

.
Contents of the 'Scheduled Tasks' folder
"2008-01-13 20:31:03 G:\WINDOWS\Tasks\Symantec NetDetect.job"
- G:\Program Files\Symantec\LiveUpdate\NDetect.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-13 21:30:00
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MySql]
"ImagePath"="J:/mysql/bin/mysqld-nt.exe"
.
Completion time: 2008-01-13 21:34:07 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-13 20:34:05
ComboFix2.txt 2007-11-01 20:44:38
ComboFix3.txt 2006-11-07 17:51:58

Jak się diabelstwa pozbyć?

[wojtas]

bedzie ciezko...

Wykonaj to co jest podane w tym temacie

sciagasz i instalujesz:

http://www.programosy.pl/program,comodo-firewall.html

odłączasz sie kompletnie od neta:



Otworz notatnik i wklej w nim to:

File::
G:\WINDOWS\system32\drivers\hldrrr.exe
G:\DOCUME~1\Piotrek\USTAWI~1\Temp\ldiskl.sys

Folder::
G:\WINDOWS\system32\drivers\down
G:\Documents and Settings\Piotrek\Dane aplikacji\m
G:\Documents and Settings\Mama\Dane aplikacji\m

Driver::
ldiskl

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"german.exe"=-
"mule_st_key"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6803b262-9f44-11dc-beeb-005056c00008}]

Plik >>> zapisz jako CFScript.txt .Plik przeciągnij i upuść na ikonę ComboFixa (tak jak tu ) . Potwierdz >>> zresetuje sie komputer

(jeśli pojawi się pytanie "1 or 2" - to wpisz 1 i naciśnij ENTER). Rozpocznie się proces usuwania

sciagasz SafeBootKeyRepair.exe i naprawiasz tryb awaryjny

te pliki:

G:\WINDOWS\system32\dccbddfbfcfe_r.ocx
G:\WINDOWS\system32\dzcarrara.dll

przeskanuj tu:

http://virusscan.jotti.org/
http://www.virustotal.com/



Potem nowy log z hijacka oraz combofixa oraz raporty ze skanow

[Dzi@dek]

Wywal na razie to:
Wklej do notatnika:

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{07d0e995-effb-11da-8f90-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{07d0e996-effb-11da-8f90-806d6172696f}]

Plik Zapisz jako... CFScript - najlepiej jeśli zapiszesz w
takiej lokalizacji, by ikona CFScript.txt znalazła się obok ikony ComboFix.exe
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe
Potwierdz zresetuje sie komputer.

Jeśli pojawi się pytanie "1 or 2" - to wpisz 1 i naciśnij ENTER. Rozpocznie się proces usuwania.

Daj nowe logi z Combofix

[kepa416]

Any other suggestions? Przeinstalowałem Avasta. Restartuję. Klikam dwa razy na ikonkę - "Aby samodzielnie wyszukać plik kliknij przycisk przeglądaj" Zaglądam do folderu z Avastem. Program wyparował w czasie restartu. Nie ma binarek.

Jeśli chodzi o to to j amiałem podobny przypadek na tym forum był opisany to był rootkit który wywalał mi tak samo avasta..

[L_Devil]

wwdc.exe <- poszło

Instalacja comodo <- Błąd: "Error 0 running command ./CFP_Setup_3.0.15.277_XP_Vista_x64.exe"

Combofix.exe <- poszło, log poniżej:

Kod: Zaznacz wszystko

Piotrek - 08-01-14 18:49:36,09    Dodatek Service Pack 2
ComboFix 06.10.19 - Running from: "G:\Documents and Settings\Piotrek"
Command switches used :: "G:\Documents and Settings\Piotrek\Pulpit\Virus\CFScript.txt"

(((((((((((((((((((((((((((((((   Files Created from 2007-12-14 to 2008-01-14  ))))))))))))))))))))))))))))))))))


2008-01-09   11:19   36,864   ---------   G:\WINDOWS\system32\CTCamMgr.dll


((((((((((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))))   


2008-01-14 18:46   108928   --a------   G:\WINDOWS\system32\drivers\srosa.sys
2008-01-14 18:46   --------   d--------   G:\Documents and Settings\Piotrek\Dane aplikacji\OpenOffice.org2
2008-01-13 21:06   --------   d--h-----   G:\Documents and Settings\Piotrek\Dane aplikacji\m
2008-01-12 16:24   --------   d--------   G:\Program Files\jv16 PowerTools 2007
2008-01-09 13:55   --------   d--------   G:\Documents and Settings\Piotrek\Dane aplikacji\Skype
2008-01-09 11:36   --------   d--h-----   G:\Program Files\InstallShield Installation Information
2008-01-09 11:34   --------   d--------   G:\Program Files\Common Files
2008-01-09 11:26   --------   d--------   G:\Program Files\Common Files\Adobe
2008-01-09 11:22   --------   d--------   G:\Program Files\Creative
2008-01-08 22:41   --------   d--------   G:\Program Files\Common Files\Wise Installation Wizard
2008-01-08 22:02   --------   d--------   G:\Documents and Settings\Piotrek\Dane aplikacji\.bittorrent
2008-01-07 20:55   --------   d--------   G:\Documents and Settings\Piotrek\Dane aplikacji\VMware
2008-01-07 18:56   --------   d--------   G:\Program Files\Common Files\Roxio Shared
2007-12-28 18:30   --------   d--------   G:\Documents and Settings\Piotrek\Dane aplikacji\Soldat
2007-12-15 15:13   --------   d--------   G:\Program Files\Common Files\Microsoft Shared
2007-12-13 16:57   --------   d---s----   G:\Documents and Settings\Piotrek\Dane aplikacji\Microsoft
2007-12-08 12:35   --------   d--------   G:\Program Files\directx
2007-12-08 12:30   --------   d--------   G:\Documents and Settings\Piotrek\Dane aplikacji\ImgBurn
2007-12-08 11:37   --------   d--------   G:\Documents and Settings\Piotrek\Dane aplikacji\Daz Productions
2007-12-02 18:12   98304   --a------   G:\WINDOWS\system32\CmdLineExt.dll
2007-12-02 17:56   --------   d--------   G:\Documents and Settings\Piotrek\Dane aplikacji\InstallShield
2007-11-30 22:21   --------   d--------   G:\Documents and Settings\Piotrek\Dane aplikacji\TrueCrypt
2007-11-25 14:33   --------   d--------   G:\Program Files\Common Files\DAZ
2007-11-24 19:05   1834   --a------   G:\Documents and Settings\Piotrek\Dane aplikacji\SAS7_000.DAT
2007-11-23 22:33   --------   d--------   G:\Documents and Settings\Piotrek\Dane aplikacji\FileZilla
2007-11-18 12:45   --------   d--------   G:\Program Files\Common Files\DESIGNER
2007-11-07 16:24   32256   --a------   G:\WINDOWS\system32\dzbryce6.dll
2007-11-07 16:24   180224   --a------   G:\WINDOWS\system32\dzwrapper.dll
2007-11-07 16:20   8704000   --a------   G:\WINDOWS\system32\dzcore.dll
2007-11-07 16:20   65536   --a------   G:\WINDOWS\system32\dzcarrara.dll
2007-11-07 16:06   6131712   --a------   G:\WINDOWS\system32\daz-qt-mt.dll
2007-11-07 16:06   1785856   --a------   G:\WINDOWS\system32\daz-qsa.dll
2007-11-07 15:56   2076672   --a------   G:\WINDOWS\system32\dz3delight.dll
2007-11-01 20:34   80   --a------   G:\WINDOWS\gmer_uninstall.cmd
2007-10-22 03:39   267272   --a------   G:\WINDOWS\system32\xactengine2_10.dll
2007-10-22 03:37   17928   --a------   G:\WINDOWS\system32\X3DAudio1_2.dll


((((((((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"G:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"ctfmon.exe"="G:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SunJavaUpdateSched"="G:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"SkyTel"="SkyTel.EXE"
"RTHDCPL"="RTHDCPL.EXE"
"RemoteControl"="F:\\PowerDVD\\PDVDServ.exe"
"QuickTime Task"="\"G:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit"
"NvCplDaemon"="RUNDLL32.EXE G:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"NeroFilterCheck"="G:\\WINDOWS\\system32\\NeroCheck.exe"
"LanguageShortcut"="F:\\PowerDVD\\Language\\Language.exe"
"iTunesHelper"="\"F:\\iTunes\\iTunesHelper.exe\""
"ISUSScheduler"="\"G:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"ISUSPM Startup"="G:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Moduł wstępnego ładowania interfejsu Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Demon buforu kategorii składników"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"ClassicShell"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"EnableLUA"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveAutoRun"=dword:03ffffff
"NoDriveTypeAutoRun"=dword:000000ff

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]   
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
G:\WINDOWS\tasks\Symantec NetDetect.job

Completion time: 08-01-14 18:51:31.28
G:\ComboFix.txt ... 08-01-14 18:51
G:\ComboFix2.txt ... 08-01-13 21:34


SafeBootKeyRepair.exe <- poszło, log poniżej:

Kod: Zaznacz wszystko

Reg export of SafeBoot key after repair:
========================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot]
"AlternateShell"="cmd.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\AppMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Base]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Boot Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Boot file system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\CryptSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\DcomLaunch]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmadmin]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmboot.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmio.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmload.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmserver]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\EventLog]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\HelpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Netlogon]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PCI Configuration]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PlugPlay]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PNP Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Primary disk]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\RpcSs]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\SCSI Class]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sermouse.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\SRService]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\System Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\WinMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]
@="Universal Serial Bus controllers"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]
@="CD-ROM Drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]
@="Standard floppy disk controller"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]
@="PCMCIA Adapters"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
@="SCSIAdapter"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]
@="Floppy disk drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
@="Human Interface Devices"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\AFD]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\AppMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Base]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Boot Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Boot file system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Browser]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\CryptSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\DcomLaunch]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Dhcp]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmadmin]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmboot.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmio.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmload.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmserver]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\DnsCache]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\EventLog]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\HelpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\ip6fw.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\ipnat.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LanmanServer]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LanmanWorkstation]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LmHosts]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Messenger]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NDIS]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NDIS Wrapper]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Ndisuio]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBIOS]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBIOSGroup]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBT]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetDDEGroup]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Netlogon]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetMan]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Network]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetworkProvider]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\nm]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\nm.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NtLmSsp]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PCI Configuration]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PlugPlay]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PNP Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PNP_TDI]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Primary disk]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpcdd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpdd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpwd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdsessmgr]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\RpcSs]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SCSI Class]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sermouse.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SharedAccess]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SRService]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Streams Drivers]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\System Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Tcpip]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\TDI]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\tdpipe.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\tdtcp.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\termservice]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\UploadMgr]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\vga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\WinMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\WZCSVC]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{36FC9E60-C465-11CF-8056-444553540000}]
@="Universal Serial Bus controllers"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}]
@="CD-ROM Drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}]
@="Standard floppy disk controller"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}]
@="Net"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}]
@="NetClient"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}]
@="NetService"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}]
@="NetTrans"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}]
@="PCMCIA Adapters"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
@="SCSIAdapter"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}]
@="Floppy disk drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
@="Human Interface Devices"

========================

Żaden z dwóch plików nie zawieraja wirusa, zdaniem obu skanerów.

Log z HijackThis:

Kod: Zaznacz wszystko

Logfile of HijackThis v1.99.1
Scan saved at 19:00:54, on 2008-01-14
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\spoolsv.exe
G:\WINDOWS\Explorer.EXE
G:\WINDOWS\RTHDCPL.EXE
F:\PowerDVD\PDVDServ.exe
G:\Program Files\QuickTime\qttask.exe
G:\WINDOWS\system32\RunDLL32.exe
G:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
G:\Program Files\Messenger\msmsgs.exe
G:\WINDOWS\system32\ctfmon.exe
G:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
F:\InterVideo\Common\Bin\WinCinemaMgr.exe
G:\Program Files\OpenOffice.org 2.3\program\soffice.exe
G:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
G:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
G:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
F:\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
J:\mysql\bin\mysqld-nt.exe
F:\CDBurnerXP\NMSAccessU.exe
G:\WINDOWS\system32\nvsvc32.exe
G:\Program Files\Cyberlink\Shared files\RichVideo.exe
G:\WINDOWS\System32\svchost.exe
F:\VMware\VMware Workstation\vmware-authd.exe
G:\WINDOWS\system32\vmnat.exe
G:\WINDOWS\system32\vmnetdhcp.exe
G:\Program Files\iPod\bin\iPodService.exe
G:\WINDOWS\System32\svchost.exe
J:\Piotrek\Programy\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] G:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [RemoteControl] F:\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE G:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] G:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LanguageShortcut] F:\PowerDVD\Language\Language.exe
O4 - HKLM\..\Run: [iTunesHelper] "F:\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "G:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] G:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [MSMSGS] "G:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] G:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = G:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OpenOffice.org 2.3.lnk = G:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Startup: WinMySQLadmin.lnk = J:\mysql\bin\winmysqladmin.exe
O4 - Global Startup: Device Detector 3.lnk = G:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = F:\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Monitor Apache Servers.lnk = J:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://F:\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mdz: G:\Program Files\Internet Explorer\Plugins\npmod32.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virusscanner/kavwebscan_unicode.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.mapa.lodz.pl/VIEWERS/mgaxctrl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.12) - http://www.yougamers.com/systeminfo/MSC3.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - G:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O23 - Service: Adobe LM Service - Adobe Systems - G:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2 - Unknown owner - J:\Program Files\Apache Group\Apache2\bin\Apache.exe" -k runservice (file missing)
O23 - Service: Autodesk Licensing Service - Autodesk - G:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ewido anti-spyware 4.0 guard - Unknown owner - F:\ewido anti-spyware 4.0\guard.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - G:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - G:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - G:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - F:\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: MySQL41 - Unknown owner - J:\mysql\bin\mysqld-nt".exe (file missing)
O23 - Service: NMSAccessU - Unknown owner - F:\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - G:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - G:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - F:\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - G:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware NAT Service - VMware, Inc. - G:\WINDOWS\system32\vmnat.exe

Log z SilentRunners:

Kod: Zaznacz wszystko

"Silent Runners.vbs", revision 48, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"MSMSGS" = ""G:\Program Files\Messenger\msmsgs.exe" /background" [MS]
"ctfmon.exe" = "G:\WINDOWS\system32\ctfmon.exe" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"SunJavaUpdateSched" = "G:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" ["setup"]
"SkyTel" = "SkyTel.EXE" ["Realtek Semiconductor Corp."]
"RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."]
"RemoteControl" = "F:\PowerDVD\PDVDServ.exe" ["Cyberlink Corp."]
"QuickTime Task" = ""G:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NvMediaCenter" = "RunDLL32.exe NvMCTray.dll,NvTaskbarInit" [MS]
"NvCplDaemon" = "RUNDLL32.EXE G:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"NeroFilterCheck" = "G:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"LanguageShortcut" = "F:\PowerDVD\Language\Language.exe" [null data]
"iTunesHelper" = ""F:\iTunes\iTunesHelper.exe"" ["Apple Computer, Inc."]
"ISUSScheduler" = ""G:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start" ["InstallShield Software Corporation"]
"ISUSPM Startup" = "G:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup" ["InstallShield Software Corporation"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
  -> {HKLM...CLSID} = "SSVHelper Class"
                   \InProcServer32\(Default) = "G:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
  -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
                   \InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"
                   \InProcServer32\(Default) = "G:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
  -> {HKLM...CLSID} = "Microsoft Office Outlook"
                   \InProcServer32\(Default) = "F:\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
  -> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook"
                   \InProcServer32\(Default) = "F:\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = "F:\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
  -> {HKLM...CLSID} = "WinRAR"
                   \InProcServer32\(Default) = "F:\WinRAR\rarext.dll" [null data]
"{6B19FEC2-A45B-11CF-9045-00A0C9039735}" = "Registered ActiveX Controls"
  -> {HKLM...CLSID} = "Registered ActiveX Controls"
                   \InProcServer32\(Default) = "F:\Microsoft Visual Studio\Common\MSDev98\Bin\IDE\DEVXPGL.DLL" [MS]
"{D545EBD1-BD92-11CF-8772-00A0C9039735}" = "Developer Studio Components"
  -> {HKLM...CLSID} = "Developer Studio Components"
                   \InProcServer32\(Default) = "F:\Microsoft Visual Studio\Common\MSDev98\Bin\IDE\DEVXPGL.DLL" [MS]
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
  -> {HKLM...CLSID} = "iTunes"
                   \InProcServer32\(Default) = "F:\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."]
"{e82a2d71-5b2f-43a0-97b8-81be15854de8}" = "ShellLink for Application References"
  -> {HKLM...CLSID} = "ShellLink for Application References"
                   \InProcServer32\(Default) = "G:\WINDOWS\system32\dfshim.dll" [MS]
"{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}" = "Shell Icon Handler for Application References"
  -> {HKLM...CLSID} = "Shell Icon Handler for Application References"
                   \InProcServer32\(Default) = "G:\WINDOWS\system32\dfshim.dll" [MS]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
  -> {HKLM...CLSID} = "Portable Media Devices"
                   \InProcServer32\(Default) = "G:\WINDOWS\system32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
  -> {HKLM...CLSID} = "Portable Media Devices Menu"
                   \InProcServer32\(Default) = "G:\WINDOWS\system32\Audiodev.dll" [MS]
"{6DEA92E9-8682-4b6a-97DE-354772FE5727}" = "Autodesk DWF Preview"
  -> {HKLM...CLSID} = "ACDWFTHMBPRXY"
                   \InProcServer32\(Default) = "G:\Program Files\Common Files\Autodesk Shared\AcDwfThmbPrxy16.dll" ["Autodesk"]
"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
  -> {HKLM...CLSID} = "avast"
                   \InProcServer32\(Default) = "F:\Avast4\ashShell.dll" ["ALWIL Software"]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
  -> {HKLM...CLSID} = "DesktopContext Class"
                   \InProcServer32\(Default) = "G:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
  -> {HKLM...CLSID} = "NVIDIA CPL Extension"
                   \InProcServer32\(Default) = "G:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
  -> {HKLM...CLSID} = "Desktop Explorer"
                   \InProcServer32\(Default) = "G:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = "G:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
  -> {HKLM...CLSID} = "nView Desktop Context Menu"
                   \InProcServer32\(Default) = "G:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{23170F69-40C1-278A-1000-000100020000}" = "7-Zip Shell Extension"
  -> {HKLM...CLSID} = "7-Zip Shell Extension"
                   \InProcServer32\(Default) = "F:\7-Zip\7-zip.dll" ["Igor Pavlov"]
"{792F0537-F929-4eb7-AC1D-FB6334C71550}" = "LG Phone"
  -> {HKLM...CLSID} = "LG Phone"
                   \InProcServer32\(Default) = "F:\TELEFO~1\Phone.dll" ["LG Electornics"]
"{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" = "OpenOffice.org Column Handler"
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = ""G:\Program Files\OpenOffice.org 2.3\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
"{087B3AE3-E237-4467-B8DB-5A38AB959AC9}" = "OpenOffice.org Infotip Handler"
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = ""G:\Program Files\OpenOffice.org 2.3\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
"{63542C48-9552-494A-84F7-73AA6A7C99C1}" = "OpenOffice.org Property Sheet Handler"
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = ""G:\Program Files\OpenOffice.org 2.3\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
"{3B092F0C-7696-40E3-A80F-68D74DA84210}" = "OpenOffice.org Thumbnail Viewer"
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = ""G:\Program Files\OpenOffice.org 2.3\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "ewido anti-spyware 4.0"
  -> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
                   \InProcServer32\(Default) = "F:\ewido anti-spyware 4.0\shellexecutehook.dll" ["Anti-Malware Development a.s."]

HKLM\Software\Classes\PROTOCOLS\Filter\
INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = "G:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\(Default) = "OpenOffice.org Column Handler"
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = ""G:\Program Files\OpenOffice.org 2.3\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
  -> {HKLM...CLSID} = "PDF Shell Extension"
                   \InProcServer32\(Default) = "F:\Adobe Reader 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"
  -> {HKLM...CLSID} = "7-Zip Shell Extension"
                   \InProcServer32\(Default) = "F:\7-Zip\7-zip.dll" ["Igor Pavlov"]
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
  -> {HKLM...CLSID} = "avast"
                   \InProcServer32\(Default) = "F:\Avast4\ashShell.dll" ["ALWIL Software"]
ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
  -> {HKLM...CLSID} = "CContextScan Object"
                   \InProcServer32\(Default) = "F:\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  -> {HKLM...CLSID} = "WinRAR"
                   \InProcServer32\(Default) = "F:\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"
  -> {HKLM...CLSID} = "7-Zip Shell Extension"
                   \InProcServer32\(Default) = "F:\7-Zip\7-zip.dll" ["Igor Pavlov"]
Convert\(Default) = "{9f95ca1a-e80e-4c0f-acd1-4c9b7900b982}"
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = "F:\Microsoft DirectX 9.0 SDK (Summer 2004)\Utilities\txview.dll" [null data]
ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
  -> {HKLM...CLSID} = "CContextScan Object"
                   \InProcServer32\(Default) = "F:\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  -> {HKLM...CLSID} = "WinRAR"
                   \InProcServer32\(Default) = "F:\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
  -> {HKLM...CLSID} = "avast"
                   \InProcServer32\(Default) = "F:\Avast4\ashShell.dll" ["ALWIL Software"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  -> {HKLM...CLSID} = "WinRAR"
                   \InProcServer32\(Default) = "F:\WinRAR\rarext.dll" [null data]


Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\
"Wallpaper" = "G:\Documents and Settings\Piotrek\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"


Startup items in "Piotrek" & "All Users" startup folders:
---------------------------------------------------------

G:\Documents and Settings\Piotrek\Menu Start\Programy\Autostart
"Adobe Gamma" -> shortcut to: "G:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]
"OpenOffice.org 2.3" -> shortcut to: "G:\Program Files\OpenOffice.org 2.3\program\quickstart.exe" [null data]
"WinMySQLadmin" -> shortcut to: "J:\mysql\bin\winmysqladmin.exe" [file not found]

G:\Documents and Settings\All Users\Menu Start\Programy\Autostart
"Device Detector 3" -> shortcut to: "G:\Program Files\Olympus\DeviceDetector\DevDtct2.exe" ["OLYMPUS IMAGING CORP."]
"InterVideo WinCinema Manager" -> shortcut to: "F:\InterVideo\Common\Bin\WinCinemaMgr.exe" ["InterVideo Inc."]
"Monitor Apache Servers" -> shortcut to: "J:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe" ["Apache Software Foundation"]


Enabled Scheduled Tasks:
------------------------

"Symantec NetDetect" -> launches: "G:\Program Files\Symantec\LiveUpdate\NDetect.exe" [file not found]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 26
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Explorer Bars

HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\
{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = (no title provided)
  -> {HKLM...CLSID} = "&Badanie"
                   \InProcServer32\(Default) = "F:\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}"
  -> {HKCU...CLSID} = "Java Plug-in"
                   \InProcServer32\(Default) = "G:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]
  -> {HKLM...CLSID} = "Java Plug-in 1.5.0_06"
                   \InProcServer32\(Default) = "G:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll" ["Sun Microsystems, Inc."]

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Badanie"

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "G:\Program Files\Messenger\msmsgs.exe" [MS]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Autodesk Licensing Service, Autodesk Licensing Service, ""G:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe"" ["Autodesk"]
Cyberlink RichVideo Service(CRVS), RichVideo, ""G:\Program Files\Cyberlink\Shared files\RichVideo.exe"" [empty string]
HTTP SSL, HTTPFilter, "G:\WINDOWS\System32\svchost.exe -k HTTPFilter" {"G:\WINDOWS\System32\w3ssl.dll" [MS]}
iPodService, iPodService, "G:\Program Files\iPod\bin\iPodService.exe" ["Apple Computer, Inc."]
Machine Debug Manager, MDM, ""G:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS]
MySQL41, MySQL41, ""J:\mysql\bin\mysqld-nt" --defaults-file="J:\mysql\my.ini" MySQL41" [null data]
NMSAccessU, NMSAccessU, "F:\CDBurnerXP\NMSAccessU.exe" [null data]
NVIDIA Display Driver Service, NVSvc, "G:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
RaySat_3dsmax8 Server, mi-raysat_3dsmax8, "F:\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe" [null data]
VMware Authorization Service, VMAuthdService, "F:\VMware\VMware Workstation\vmware-authd.exe" ["VMware, Inc."]
VMware DHCP Service, VMnetDHCP, "G:\WINDOWS\system32\vmnetdhcp.exe" ["VMware, Inc."]
VMware NAT Service, VMware NAT Service, "G:\WINDOWS\system32\vmnat.exe" ["VMware, Inc."]


Keyboard Driver Filters:
------------------------

HKLM\System\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}\
"UpperFilters" = INFECTION WARNING! "DumaNT" ["Windows (R) 2000 DDK provider"]


Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]


----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
  launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
  took 686 seconds.
+ The search for all Registry CLSIDs containing dormant Explorer Bars
  took 12 seconds.
---------- (total run time: 729 seconds)

Log z ComboFix:

[code]Piotrek - 08-01-14 19:15:21,59 Dodatek Service Pack 2
ComboFix 06.10.19 - Running from: "G:\Documents and Settings\Piotrek\Pulpit\Virus"

((((((((((((((((((((((((((((((( Files Created from 2007-12-14 to 2008-01-14 ))))))))))))))))))))))))))))))))))


2008-01-09 11:19 36,864 --------- G:\WINDOWS\system32\CTCamMgr.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2008-01-14 18:46 108928 --a------ G:\WINDOWS\system32\drivers\srosa.sys
2008-01-14 18:46 -------- d-------- G:\Documents and Settings\Piotrek\Dane aplikacji\OpenOffice.org2
2008-01-13 21:06 -------- d--h----- G:\Documents and Settings\Piotrek\Dane aplikacji\m
2008-01-12 16:24 -------- d-------- G:\Program Files\jv16 PowerTools 2007
2008-01-09 13:55 -------- d-------- G:\Documents and Settings\Piotrek\Dane aplikacji\Skype
2008-01-09 11:36 -------- d--h----- G:\Program Files\InstallShield Installation Information
2008-01-09 11:34 -------- d-------- G:\Program Files\Common Files
2008-01-09 11:26 -------- d-------- G:\Program Files\Common Files\Adobe
2008-01-09 11:22 -------- d-------- G:\Program Files\Creative
2008-01-08 22:41 -------- d-------- G:\Program Files\Common Files\Wise Installation Wizard
2008-01-08 22:02 -------- d-------- G:\Documents and Settings\Piotrek\Dane aplikacji\.bittorrent
2008-01-07 20:55 -------- d-------- G:\Documents and Settings\Piotrek\Dane aplikacji\VMware
2008-01-07 18:56 -------- d-------- G:\Program Files\Common Files\Roxio Shared
2007-12-28 18:30 -------- d-------- G:\Documents and Settings\Piotrek\Dane aplikacji\Soldat
2007-12-15 15:13 -------- d-------- G:\Program Files\Common Files\Microsoft Shared
2007-12-13 16:57 -------- d---s---- G:\Documents and Settings\Piotrek\Dane aplikacji\Microsoft
2007-12-08 12:35 -------- d-------- G:\Program Files\directx
2007-12-08 12:30 -------- d-------- G:\Documents and Settings\Piotrek\Dane aplikacji\ImgBurn
2007-12-08 11:37 -------- d-------- G:\Documents and Settings\Piotrek\Dane aplikacji\Daz Productions
2007-12-02 18:12 98304 --a------ G:\WINDOWS\system32\CmdLineExt.dll
2007-12-02 17:56 -------- d-------- G:\Documents and Settings\Piotrek\Dane aplikacji\InstallShield
2007-11-30 22:21 -------- d-------- G:\Documents and Settings\Piotrek\Dane aplikacji\TrueCrypt
2007-11-25 14:33 -------- d-------- G:\Program Files\Common Files\DAZ
2007-11-24 19:05 1834 --a------ G:\Documents and Settings\Piotrek\Dane aplikacji\SAS7_000.DAT
2007-11-23 22:33 -------- d-------- G:\Documents and Settings\Piotrek\Dane aplikacji\FileZilla
2007-11-18 12:45 -------- d-------- G:\Program Files\Common Files\DESIGNER
2007-11-07 16:24 32256 --a------ G:\WINDOWS\system32\dzbryce6.dll
2007-11-07 16:24 180224 --a------ G:\WINDOWS\system32\dzwrapper.dll
2007-11-07 16:20 8704000 --a------ G:\WINDOWS\system32\dzcore.dll
2007-11-07 16:20 65536 --a------ G:\WINDOWS\system32\dzcarrara.dll
2007-11-07 16:06 6131712 --a------ G:\WINDOWS\system32\daz-qt-mt.dll
2007-11-07 16:06 1785856 --a------ G:\WINDOWS\system32\daz-qsa.dll
2007-11-07 15:56 2076672 --a------ G:\WINDOWS\system32\dz3delight.dll
2007-11-01 20:34 80 --a------ G:\WINDOWS\gmer_uninstall.cmd
2007-10-22 03:39 267272 --a------ G:\WINDOWS\system32\xactengine2_10.dll
2007-10-22 03:37 17928 --a------ G:\WINDOWS\system32\X3DAudio1_2.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"G:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"ctfmon.exe"="G:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SunJavaUpdateSched"="G:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"SkyTel"="SkyTel.EXE"
"RTHDCPL"="RTHDCPL.EXE"
"RemoteControl"="F:\\PowerDVD\\PDVDServ.exe"
"QuickTime Task"="\"G:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit"
"NvCplDaemon"="RUNDLL32.EXE G:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"NeroFilterCheck"="G:\\WINDOWS\\system32\\NeroCheck.exe"
"LanguageShortcut"="F:\\PowerDVD\\Language\\Language.exe"
"iTunesHelper"="\"F:\\iTunes\\iTunesHelper.exe\""
"ISUSScheduler"="\"G:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"ISUSPM Startup"="G:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Moduł wstępnego ładowania interfejsu Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Demon buforu kategorii składników"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"ClassicShell"=dword:00000000

[HKEY_CURR

[wojtas]

zainstaluj:

http://www.programosy.pl/program,outpost-personal-firewall-pro.html


Pobierz i uruchom narzędzie
The Avenger
Zaznacz opcję Input script manually i kliknij na Lupkę z prawej strony. W okienku, które się otworzy wklejasz:

Files to delete:

G:\WINDOWS\system32\drivers\srosa.sys

Folders to delete:

G:\Documents and Settings\Piotrek\Dane aplikacji\m

Klikasz Done, a następnie zielone światełko i zgadzasz się na restart klikając OK.
Po restarcie w HijackThis usuwasz wpis/y

Kasujesz ręcznie z dysku plik: C:\Avenger\backup.zip i wklejasz na forum raport: C:\avenger.txt + log z combofixa i hijacka

[L_Devil]

Firewall się trzyma po dwóch restartach. Logi:

Kod: Zaznacz wszystko

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\xgjyekqu

*******************

Script file located at: \??\G:\aufwpohq.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at G:\Avenger

*******************

Beginning to process script file:

File G:\WINDOWS\system32\drivers\srosa.sys deleted successfully.
Folder G:\Documents and Settings\Piotrek\Dane aplikacji\m deleted successfully.

Completed script processing.

*******************

Finished!  Terminate.

Kod: Zaznacz wszystko

Logfile of HijackThis v1.99.1
Scan saved at 21:51:56, on 2008-01-19
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\spoolsv.exe
G:\WINDOWS\Explorer.EXE
G:\WINDOWS\RTHDCPL.EXE
F:\PowerDVD\PDVDServ.exe
G:\Program Files\QuickTime\qttask.exe
G:\WINDOWS\system32\RunDLL32.exe
G:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
G:\Program Files\Messenger\msmsgs.exe
G:\WINDOWS\system32\ctfmon.exe
G:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
F:\InterVideo\Common\Bin\WinCinemaMgr.exe
G:\Program Files\OpenOffice.org 2.3\program\soffice.exe
G:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
G:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
G:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
F:\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
J:\mysql\bin\mysqld-nt.exe
F:\CDBurnerXP\NMSAccessU.exe
G:\WINDOWS\system32\nvsvc32.exe
G:\Program Files\Cyberlink\Shared files\RichVideo.exe
G:\WINDOWS\System32\svchost.exe
F:\VMware\VMware Workstation\vmware-authd.exe
G:\WINDOWS\system32\vmnat.exe
G:\WINDOWS\system32\vmnetdhcp.exe
J:\Piotrek\Programy\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] G:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [RemoteControl] F:\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE G:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] G:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LanguageShortcut] F:\PowerDVD\Language\Language.exe
O4 - HKLM\..\Run: [iTunesHelper] "F:\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "G:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] G:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [OutpostMonitor] F:\OUTPOS~1\op_mon.exe /tray /noservice
O4 - HKLM\..\Run: [OutpostFeedBack] "F:\Outpost Firewall Pro\feedback.exe" /dump:os_startup
O4 - HKCU\..\Run: [MSMSGS] "G:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] G:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = G:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OpenOffice.org 2.3.lnk = G:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Startup: WinMySQLadmin.lnk = J:\mysql\bin\winmysqladmin.exe
O4 - Global Startup: Device Detector 3.lnk = G:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = F:\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Monitor Apache Servers.lnk = J:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://F:\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - F:\Outpost Firewall Pro\ie_bar.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mdz: G:\Program Files\Internet Explorer\Plugins\npmod32.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virusscanner/kavwebscan_unicode.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.mapa.lodz.pl/VIEWERS/mgaxctrl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.12) - http://www.yougamers.com/systeminfo/MSC3.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - G:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - AppInit_DLLs: f:\outpos~1\wl_hook.dll
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - F:\OUTPOS~1\acs.exe
O23 - Service: Adobe LM Service - Adobe Systems - G:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2 - Unknown owner - J:\Program Files\Apache Group\Apache2\bin\Apache.exe" -k runservice (file missing)
O23 - Service: Autodesk Licensing Service - Autodesk - G:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ewido anti-spyware 4.0 guard - Unknown owner - F:\ewido anti-spyware 4.0\guard.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - G:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - G:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - G:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - F:\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: MySQL41 - Unknown owner - J:\mysql\bin\mysqld-nt".exe (file missing)
O23 - Service: NMSAccessU - Unknown owner - F:\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - G:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - G:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - F:\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - G:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware NAT Service - VMware, Inc. - G:\WINDOWS\system32\vmnat.exe

Kod: Zaznacz wszystko

Piotrek - 08-01-19 21:56:39,32    Dodatek Service Pack 2
ComboFix 06.10.19 - Running from: "G:\Documents and Settings\Piotrek\Pulpit\Virus"

(((((((((((((((((((((((((((((((   Files Created from 2007-12-19 to 2008-01-19  ))))))))))))))))))))))))))))))))))


2008-01-19   21:32   443,424   --a------   G:\WINDOWS\system32\drivers\SandBox.sys
2008-01-19   21:32   200,464   --a------   G:\WINDOWS\system32\drivers\afw.sys
2008-01-14   22:53   70,660   --a------   G:\WINDOWS\system32\mdelk.exe
2008-01-09   11:19   36,864   ---------   G:\WINDOWS\system32\CTCamMgr.dll


((((((((((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))))   


2008-01-19 21:48   --------   d--------   G:\Documents and Settings\Piotrek\Dane aplikacji\OpenOffice.org2
2008-01-19 21:33   --------   d--------   G:\Documents and Settings\Piotrek\Dane aplikacji\Agnitum
2008-01-19 21:32   --------   d--------   G:\Program Files\Common Files\Microsoft Shared
2008-01-19 15:36   --------   d--------   G:\Documents and Settings\Piotrek\Dane aplikacji\.bittorrent
2008-01-12 16:24   --------   d--------   G:\Program Files\jv16 PowerTools 2007
2008-01-09 13:55   --------   d--------   G:\Documents and Settings\Piotrek\Dane aplikacji\Skype
2008-01-09 11:36   --------   d--h-----   G:\Program Files\InstallShield Installation Information
2008-01-09 11:34   --------   d--------   G:\Program Files\Common Files
2008-01-09 11:26   --------   d--------   G:\Program Files\Common Files\Adobe
2008-01-09 11:22   --------   d--------   G:\Program Files\Creative
2008-01-08 22:41   --------   d--------   G:\Program Files\Common Files\Wise Installation Wizard
2008-01-07 20:55   --------   d--------   G:\Documents and Settings\Piotrek\Dane aplikacji\VMware
2008-01-07 18:56   --------   d--------   G:\Program Files\Common Files\Roxio Shared
2007-12-28 18:30   --------   d--------   G:\Documents and Settings\Piotrek\Dane aplikacji\Soldat
2007-12-13 16:57   --------   d---s----   G:\Documents and Settings\Piotrek\Dane aplikacji\Microsoft
2007-12-08 12:35   --------   d--------   G:\Program Files\directx
2007-12-08 12:30   --------   d--------   G:\Documents and Settings\Piotrek\Dane aplikacji\ImgBurn
2007-12-08 11:37   --------   d--------   G:\Documents and Settings\Piotrek\Dane aplikacji\Daz Productions
2007-12-02 18:12   98304   --a------   G:\WINDOWS\system32\CmdLineExt.dll
2007-12-02 17:56   --------   d--------   G:\Documents and Settings\Piotrek\Dane aplikacji\InstallShield
2007-11-30 22:21   --------   d--------   G:\Documents and Settings\Piotrek\Dane aplikacji\TrueCrypt
2007-11-25 14:33   --------   d--------   G:\Program Files\Common Files\DAZ
2007-11-24 19:05   1834   --a------   G:\Documents and Settings\Piotrek\Dane aplikacji\SAS7_000.DAT
2007-11-23 22:33   --------   d--------   G:\Documents and Settings\Piotrek\Dane aplikacji\FileZilla
2007-11-07 16:24   32256   --a------   G:\WINDOWS\system32\dzbryce6.dll
2007-11-07 16:24   180224   --a------   G:\WINDOWS\system32\dzwrapper.dll
2007-11-07 16:20   8704000   --a------   G:\WINDOWS\system32\dzcore.dll
2007-11-07 16:20   65536   --a------   G:\WINDOWS\system32\dzcarrara.dll
2007-11-07 16:06   6131712   --a------   G:\WINDOWS\system32\daz-qt-mt.dll
2007-11-07 16:06   1785856   --a------   G:\WINDOWS\system32\daz-qsa.dll
2007-11-07 15:56   2076672   --a------   G:\WINDOWS\system32\dz3delight.dll
2007-11-01 20:34   80   --a------   G:\WINDOWS\gmer_uninstall.cmd
2007-10-22 03:39   267272   --a------   G:\WINDOWS\system32\xactengine2_10.dll
2007-10-22 03:37   17928   --a------   G:\WINDOWS\system32\X3DAudio1_2.dll


((((((((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"G:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"ctfmon.exe"="G:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SunJavaUpdateSched"="G:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"SkyTel"="SkyTel.EXE"
"RTHDCPL"="RTHDCPL.EXE"
"RemoteControl"="F:\\PowerDVD\\PDVDServ.exe"
"QuickTime Task"="\"G:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit"
"NvCplDaemon"="RUNDLL32.EXE G:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"NeroFilterCheck"="G:\\WINDOWS\\system32\\NeroCheck.exe"
"LanguageShortcut"="F:\\PowerDVD\\Language\\Language.exe"
"iTunesHelper"="\"F:\\iTunes\\iTunesHelper.exe\""
"ISUSScheduler"="\"G:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"ISUSPM Startup"="G:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"
"OutpostMonitor"="F:\\OUTPOS~1\\op_mon.exe /tray /noservice"
"OutpostFeedBack"="\"F:\\Outpost Firewall Pro\\feedback.exe\" /dump:os_startup"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Moduł wstępnego ładowania interfejsu Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Demon buforu kategorii składników"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"ClassicShell"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"EnableLUA"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveAutoRun"=dword:03ffffff
"NoDriveTypeAutoRun"=dword:000000ff

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]   
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
G:\WINDOWS\tasks\Symantec NetDetect.job

Completion time: 08-01-19 21:59:20.00
G:\ComboFix.txt ... 08-01-19 21:59
G:\ComboFix2.txt ... 08-01-14 19:16
G:\ComboFix3.txt ... 08-01-14 18:51


[wojtas]

sciagnij killbox’a

Odpalasz Killboxa zaznacz opcję Delete on Reboot następnie w polu Full Path of File to Delete wklej ścieżkę

C:\WINDOWS\system32\mdelk.exe

i nacisnij x
Program będzie pytał o restart (oczywiście zgadzasz się)

[L_Devil]

Zabity.

Ale mam problem:
Mój komputer jest bramą internetową dla kilku kolejnych w sieci (przez switcha). Od momentu jak zainstalowałem tego firewalla, na pozostałych kompach sieć nie działa dobrze, tzn. DHCP przypisuje IP, DNSy działają (zmiana domeny na IP), ale połączenie się z dowolnym adresem jest niemożliwe. Co robię nie tak?

[wojtas]

pewnie firewall cos blokuje jednak nie znam sie na nim wiec albo odinstaluj go i zobacz czy dziala . jak bedzie działac to zostaw tak jak jest