proszę go sprawdzić

[Marchwiak]

Logfile of HijackThis v1.99.1
Scan saved at 20:03:00, on 2007-06-02
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avant Browser\avant.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wp.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O8 - Extra context menu item: Blokuj wszystkie obrazy z tego serwera - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Dodaj do listy blokowanych reklam - C:\Program Files\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Otwórz w nowym Avant Browser - C:\Program Files\Avant Browser\OpenInNewBrowser.htm
O8 - Extra context menu item: Otwórz wszystkie adresy z tej strony... - C:\Program Files\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Podświetl - C:\Program Files\Avant Browser\Highlight.htm
O8 - Extra context menu item: Szukaj - C:\Program Files\Avant Browser\Search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (file missing)
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{81C04815-C7B0-402E-94EC-A8E6F181C517}: NameServer = 85.255.115.51,85.255.112.187
O17 - HKLM\System\CCS\Services\Tcpip\..\{8969B710-CB2F-4D46-AE26-9CA44012E201}: NameServer = 85.255.115.51,85.255.112.187
O17 - HKLM\System\CCS\Services\Tcpip\..\{922580BA-8EFF-48E5-899C-44ACDB28604C}: NameServer = 62.148.87.180,213.17.145.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{E5A1E56C-890D-4F1E-9039-5E2C544B3460}: NameServer = 85.255.115.51,85.255.112.187
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.51 85.255.112.187
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.51 85.255.112.187
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.51 85.255.112.187
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: NVIDIA Display Driver Service (Omega 1.6693) (P) (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

objawy:
nie ładują mi się wszystkie stronki, a czasami miast tej której chcialem mam xxx wyniki w google. Spyware Terminator nic nie wynajduje, AVG Anti-Spyware cos znajduje, kasuje, a potem od nowa, Avast nic nie widzi.

edit:

ComboScan v20070306.20 run by jurek on 2007-06-02 at 20:09:43
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as jurek.exe) -----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 20:09:45, on 2007-06-02
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avant Browser\avant.exe
D:\instalki\comboscan.exe
C:\PROGRA~1\HIJACK~1\jurek.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wp.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O8 - Extra context menu item: Blokuj wszystkie obrazy z tego serwera - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Dodaj do listy blokowanych reklam - C:\Program Files\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Otwórz w nowym Avant Browser - C:\Program Files\Avant Browser\OpenInNewBrowser.htm
O8 - Extra context menu item: Otwórz wszystkie adresy z tej strony... - C:\Program Files\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Podświetl - C:\Program Files\Avant Browser\Highlight.htm
O8 - Extra context menu item: Szukaj - C:\Program Files\Avant Browser\Search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (file missing)
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{81C04815-C7B0-402E-94EC-A8E6F181C517}: NameServer = 85.255.115.51,85.255.112.187
O17 - HKLM\System\CCS\Services\Tcpip\..\{8969B710-CB2F-4D46-AE26-9CA44012E201}: NameServer = 85.255.115.51,85.255.112.187
O17 - HKLM\System\CCS\Services\Tcpip\..\{922580BA-8EFF-48E5-899C-44ACDB28604C}: NameServer = 62.148.87.180,213.17.145.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{E5A1E56C-890D-4F1E-9039-5E2C544B3460}: NameServer = 85.255.115.51,85.255.112.187
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.51 85.255.112.187
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.51 85.255.112.187
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.51 85.255.112.187
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: NVIDIA Display Driver Service (Omega 1.6693) (P) (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe


-- Files created between 2007-05-02 and 2007-06-02 -----------------------------

2007-06-02 19:13:36 0 d---s---- C:\Documents and Settings\rodzice\UserData
2007-05-26 00:18:34 3968 --a------ C:\WINDOWS\System32\drivers\AvgAsCln.sys
2007-05-26 00:18:26 0 d-------- C:\Program Files\Grisoft
2007-05-26 00:15:33 8192 --a------ C:\WINDOWS\System32\kbdkor.dll
2007-05-26 00:15:33 8704 --a------ C:\WINDOWS\System32\kbdjpn.dll
2007-05-26 00:15:33 6144 --a------ C:\WINDOWS\System32\kbd106.dll
2007-05-26 00:15:33 5632 --a------ C:\WINDOWS\System32\kbd103.dll
2007-05-26 00:15:33 6144 --a------ C:\WINDOWS\System32\kbd101c.dll
2007-05-26 00:15:33 6144 --a------ C:\WINDOWS\System32\kbd101b.dll
2007-05-24 18:36:33 0 d-------- C:\Program Files\Common Files\ACD Systems<ACDSYS~1>
2007-05-24 18:36:33 0 d-------- C:\Program Files\ACD Systems<ACDSYS~1>
2007-05-19 18:31:30 0 d-------- C:\WINDOWS\System32\appmgmt
2007-05-19 18:21:22 0 d-------- C:\WINDOWS\ShellNew
2007-05-14 23:58:31 122880 --a------ C:\WINDOWS\UnGins.exe
2007-05-14 15:04:58 86016 --a------ C:\WINDOWS\unvise32.exe
2007-05-14 11:36:45 0 d-------- C:\Program Files\VSD Software<VSDSOF~1>
2007-05-11 21:48:16 0 d-------- C:\Program Files\CyberLink<CYBERL~1>
2007-05-11 21:47:40 23040 -ra------ C:\WINDOWS\System32\drivers\GVCplDrv.sys
2007-05-10 15:51:30 0 d-------- C:\Program Files\Apple Software Update<APPLES~1>
2007-05-10 15:49:19 0 d-------- C:\Program Files\QuickTime<QUICKT~1>
2007-05-09 17:02:55 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-05-08 23:45:29 23600 --a------ C:\WINDOWS\System32\drivers\TVICHW32.SYS
2007-05-07 19:54:47 0 d-------- C:\Program Files\OpenOffice.org 2.0<OPENOF~1.0>
2007-05-06 18:50:46 0 d-------- C:\Program Files\Common Files\Adobe
2007-05-06 12:10:28 0 d-------- C:\WINDOWS\System32\ReinstallBackups<REINST~1>
2007-05-06 12:04:41 921600 --a------ C:\WINDOWS\System32\nwiz.exe
2007-05-06 12:04:41 1019904 --a------ C:\WINDOWS\System32\nvwimg.dll
2007-05-06 12:04:40 1646592 --a------ C:\WINDOWS\System32\nvwdmcpl.dll
2007-05-06 12:04:40 462848 --a------ C:\WINDOWS\System32\nvshell.dll
2007-05-06 12:04:40 1441792 --a------ C:\WINDOWS\System32\nview.dll
2007-05-06 12:04:40 1339392 --a------ C:\WINDOWS\System32\nvdspsch.exe
2007-05-06 12:04:40 442368 --a------ C:\WINDOWS\System32\nvappbar.exe
2007-05-06 12:04:40 393216 --a------ C:\WINDOWS\System32\keystone.exe
2007-05-06 12:04:04 0 d-------- C:\Program Files\MultiRes
2007-05-06 12:03:19 0 d-------- C:\Program Files\Nvidia Omega Drivers<NVIDIA~1>
2007-05-05 13:18:09 0 d-------- C:\Program Files\Lavalys
2007-05-05 13:11:55 0 d-------- C:\Program Files\SpeedFan
2007-05-03 18:05:12 0 d-------- C:\Documents and Settings\rodzice\Application Data\Spyware Terminator<SPYWAR~1>
2007-05-03 13:57:33 138368 --a------ C:\WINDOWS\System32\drivers\sp_rsdrv2.sys<SP_RSD~1.SYS>
2007-05-03 13:56:51 0 d-------- C:\Documents and Settings\jurek\Application Data\Spyware Terminator<SPYWAR~1>
2007-05-03 13:56:41 0 d-------- C:\Program Files\Spyware Terminator<SPYWAR~1>
2007-05-02 17:56:33 737280 --a------ C:\WINDOWS\iun6002.exe
2007-05-02 17:56:27 0 d-------- C:\Program Files\Codec Pack - All In 1<CODECP~1>
2007-05-02 17:55:52 0 d-------- C:\Program Files\Matroska Pack<MATROS~1>
2007-05-02 17:55:08 0 d-------- C:\Program Files\XviD
2007-05-02 15:42:41 0 d-------- C:\WINDOWS\System32\Cult3D


-- Find3M Report ---------------------------------------------------------------

2007-05-30 20:15:27 0 d-------- C:\Documents and Settings\jurek\Dane aplikacji\Macromedia<MACROM~1>
2007-05-24 18:37:13 0 d-------- C:\Documents and Settings\jurek\Dane aplikacji\ACD Systems<ACDSYS~1>
2007-05-19 18:28:09 0 d-------- C:\Documents and Settings\jurek\Dane aplikacji\OpenOffice.org2<OPENOF~1.ORG>
2007-05-19 18:25:45 0 d---s---- C:\Documents and Settings\jurek\Dane aplikacji\Microsoft<MICROS~1>
2007-05-16 11:00:48 0 d-------- C:\Documents and Settings\jurek\Dane aplikacji\Sun
2007-05-12 10:57:42 0 d-------- C:\Documents and Settings\jurek\Dane aplikacji\AdobeUM
2007-05-12 10:57:14 0 d-------- C:\Documents and Settings\jurek\Dane aplikacji\Adobe
2007-05-11 21:51:36 0 d-------- C:\Documents and Settings\jurek\Dane aplikacji\CyberLink<CYBERL~1>
2007-05-09 17:05:29 0 d-------- C:\Documents and Settings\jurek\Dane aplikacji\Gadu-Gadu<GADU-G~1>
2007-05-09 17:02:33 0 d-------- C:\Program Files\Common Files\InstallShield<INSTAL~1>
2007-05-08 19:28:11 0 d-------- C:\Program Files\Gadu-Gadu<GADU-G~1>
2007-05-01 16:37:49 0 d-------- C:\Program Files\Messenger<MESSEN~1>
2007-04-30 23:38:35 0 d-------- C:\Program Files\MarBit
2007-04-30 19:45:42 0 d-------- C:\Program Files\Java
2007-04-30 17:46:10 745600 --a------ C:\WINDOWS\System32\aswBoot.exe
2007-04-30 17:35:28 95872 --a------ C:\WINDOWS\System32\AVASTSS.scr
2007-04-30 16:51:00 16896 --a------ C:\WINDOWS\System32\tftp.exe
2007-04-30 16:51:00 42496 --a------ C:\WINDOWS\System32\ftp.exe
2007-04-30 12:30:55 0 d-------- C:\Program Files\DAEMON Tools<DAEMON~1>
2007-04-30 11:43:12 0 d-------- C:\Program Files\Common Files\Java
2007-04-29 23:11:44 0 d-------- C:\Program Files\Mplayer
2007-04-29 22:46:51 0 d-------- C:\Program Files\Common Files\ODBC
2007-04-29 22:46:48 0 d-------- C:\Program Files\Common Files\SpeechEngines<SPEECH~1>
2007-04-29 22:46:23 62 --ahs---- C:\Documents and Settings\jurek\Dane aplikacji\desktop.ini
2007-04-29 22:43:30 133120 --a------ C:\WINDOWS\System32\sfc_os.dll
2007-04-29 22:33:29 0 d-------- C:\Program Files\ASUS
2007-04-29 22:32:22 4608 --a------ C:\WINDOWS\System32\w95inf32.dll
2007-04-29 22:32:22 2272 --a------ C:\WINDOWS\System32\w95inf16.dll
2007-04-29 22:32:15 0 d-------- C:\Program Files\PCI Audio Applications<PCIAUD~1>
2007-04-29 22:31:53 0 d-------- C:\Program Files\C-Media
2007-04-29 22:28:34 0 d-------- C:\Program Files\Alwil Software<ALWILS~1>
2007-04-29 22:26:18 0 d--h----- C:\Program Files\WindowsUpdate<WINDOW~2>
2007-04-29 22:25:32 0 d-------- C:\Program Files\IrfanView<IRFANV~1>
2007-04-29 22:21:00 0 d-------- C:\Program Files\Avant Browser<AVANTB~1>
2007-04-29 22:19:31 0 d-------- C:\Documents and Settings\jurek\Dane aplikacji\Avant Profiles<AVANTP~1>
2007-04-29 22:15:57 355830 --a------ C:\WINDOWS\System32\perfh015.dat
2007-04-29 22:15:57 49712 --a------ C:\WINDOWS\System32\perfc015.dat
2007-04-29 22:15:39 0 d-------- C:\Documents and Settings\jurek\Dane aplikacji\Identities<IDENTI~1>
2007-04-29 22:08:38 0 d-------- C:\Program Files\microsoft frontpage<MICROS~1>
2007-04-29 22:08:17 0 -rahs---- C:\MSDOS.SYS
2007-04-29 22:08:17 0 -rahs---- C:\IO.SYS
2007-04-29 22:08:17 0 --a------ C:\CONFIG.SYS
2007-04-29 22:08:17 0 --a------ C:\AUTOEXEC.BAT
2007-04-29 22:06:32 0 d-------- C:\Program Files\Movie Maker<MOVIEM~1>
2007-04-29 22:05:46 0 d-------- C:\Program Files\Common Files\MSSoap
2007-04-29 22:05:10 21856 --a------ C:\WINDOWS\System32\emptyregdb.dat<EMPTYR~1.DAT>
2007-04-29 22:04:51 0 d-------- C:\Program Files\Usługi online<USUGIO~1>
2007-04-29 22:04:36 0 d-------- C:\Program Files\Windows NT<WINDOW~1>
2007-04-29 22:04:36 0 d-------- C:\Program Files\MSN Gaming Zone<MSNGAM~1>


-- Registry Dump ---------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvMcTray.dll,NvTaskbarInit"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"C-Media Mixer"="Mixer.exe /startup"
"SpywareTerminator"="\"C:\\Program Files\\Spyware Terminator\\SpywareTerminatorShield.exe\""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"system"="kdpuj.exe"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e0088136-f705-11db-8dda-00a1b0a2c575}]
Shell\AutoRun\command H:\Autorun.exe


-- End of ComboScan: finished at 2007-06-02 at 20:10:17 ------------------------

[wojtas]

popraw logi w tagi zaznacz myszka caly log i nacisnij quote

[Marchwiak]

teraz dobrze? wrzucic inne logi?

[wojtas]

skasuj wpisy

O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{81C04815-C7B0-402E-94EC-A8E6F181C517}: NameServer = 85.255.115.51,85.255.112.187
O17 - HKLM\System\CCS\Services\Tcpip\..\{8969B710-CB2F-4D46-AE26-9CA44012E201}: NameServer = 85.255.115.51,85.255.112.187
O17 - HKLM\System\CCS\Services\Tcpip\..\{922580BA-8EFF-48E5-899C-44ACDB28604C}: NameServer = 62.148.87.180,213.17.145.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{E5A1E56C-890D-4F1E-9039-5E2C544B3460}: NameServer = 85.255.115.51,85.255.112.187
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.51 85.255.112.187
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.51 85.255.112.187
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.51 85.255.112.187

Ściągnij program http://downloads.subratam.org/Fixwareout.exe i zastosuj go

[Marchwiak]

Fixwareout Last edited 5/15/2007
Post this report in the forums please
...
&raquo;&raquo;&raquo;&raquo;&raquo;Prerun check
HKLM\SOFTWARE\~\Winlogon\ "System"="kdpuj.exe"

&raquo;&raquo;&raquo;&raquo;&raquo;

&raquo;&raquo;&raquo;&raquo;&raquo; Postrun check
HKLM\SOFTWARE\~\Winlogon\ "system"=""
....
....
&raquo;&raquo;&raquo;&raquo;&raquo; Misc files.
....
&raquo;&raquo;&raquo;&raquo;&raquo; Checking for older varients.
....

Search five digit cs, dm, kd, jb, other, files.
The following files NEED TO BE SUBMITTED to one of the following URL'S for further inspection.


Click browse, find the file then click submit.
http://www.virustotal.com/flash/index_en.html
Or http://virusscan.jotti.org/

&raquo;&raquo;&raquo;&raquo;&raquo; Other
C:\WINDOWS\Temp\kdpuj.ren 66575 2001-10-26

&raquo;&raquo;&raquo;&raquo;&raquo; Current runs
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvMcTray.dll,NvTaskbarInit"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"C-Media Mixer"="Mixer.exe /startup"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\ctfmon.exe"
....
Hosts file was reset, If you use a custom hosts file please replace it
&raquo;&raquo;&raquo;&raquo;&raquo; End report &raquo;&raquo;&raquo;&raquo;&raquo;

cos tam mowil, zeby kliknac dnsbak.reg mam to zrobic?

[wojtas]

sciagnij: ATF_Cleaner

http://www.atribune.org/ccount/click.php?id=1
zaznacz
Windows Temp
Temporary internet files
i wcisnij EMPTY SELECTED

cos tam mowil, zeby kliknac dnsbak.reg mam to zrobic?

pokaz screena

daj loga z:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

[Marchwiak]

ComboScan v20070306.20 run by jurek on 2007-06-04 at 18:31:10
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as jurek.exe) -----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 18:31:16, on 2007-06-04
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Avant Browser\avant.exe
D:\instalki\comboscan.exe
C:\PROGRA~1\HIJACK~1\jurek.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wp.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\Programy\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O8 - Extra context menu item: Blokuj wszystkie obrazy z tego serwera - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Dodaj do listy blokowanych reklam - C:\Program Files\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Otwórz w nowym Avant Browser - C:\Program Files\Avant Browser\OpenInNewBrowser.htm
O8 - Extra context menu item: Otwórz wszystkie adresy z tej strony... - C:\Program Files\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Podświetl - C:\Program Files\Avant Browser\Highlight.htm
O8 - Extra context menu item: Szukaj - C:\Program Files\Avant Browser\Search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: NVIDIA Display Driver Service (Omega 1.6693) (P) (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe


-- Files created between 2007-05-04 and 2007-06-04 -----------------------------

2007-06-04 13:20:01 8367 --a------ C:\dnsbak.reg
2007-06-04 13:19:54 0 d-------- C:\fixwareout<FIXWAR~1>
2007-06-02 22:30:53 249856 -----n--- C:\WINDOWS\Setup1.exe
2007-06-02 22:30:52 73216 --a------ C:\WINDOWS\ST6UNST.EXE
2007-06-02 21:30:01 0 d-------- C:\Program Files\LizardTech<LIZARD~1>
2007-06-02 19:13:36 0 d---s---- C:\Documents and Settings\rodzice\UserData
2007-05-26 00:18:34 3968 --a------ C:\WINDOWS\System32\drivers\AvgAsCln.sys
2007-05-26 00:18:26 0 d-------- C:\Program Files\Grisoft
2007-05-26 00:15:33 8192 --a------ C:\WINDOWS\System32\kbdkor.dll
2007-05-26 00:15:33 8704 --a------ C:\WINDOWS\System32\kbdjpn.dll
2007-05-26 00:15:33 6144 --a------ C:\WINDOWS\System32\kbd106.dll
2007-05-26 00:15:33 5632 --a------ C:\WINDOWS\System32\kbd103.dll
2007-05-26 00:15:33 6144 --a------ C:\WINDOWS\System32\kbd101c.dll
2007-05-26 00:15:33 6144 --a------ C:\WINDOWS\System32\kbd101b.dll
2007-05-24 18:36:33 0 d-------- C:\Program Files\Common Files\ACD Systems<ACDSYS~1>
2007-05-24 18:36:33 0 d-------- C:\Program Files\ACD Systems<ACDSYS~1>
2007-05-19 18:31:30 0 d-------- C:\WINDOWS\System32\appmgmt
2007-05-19 18:21:22 0 d-------- C:\WINDOWS\ShellNew
2007-05-14 23:58:31 122880 --a------ C:\WINDOWS\UnGins.exe
2007-05-14 15:04:58 86016 --a------ C:\WINDOWS\unvise32.exe
2007-05-14 11:36:45 0 d-------- C:\Program Files\VSD Software<VSDSOF~1>
2007-05-11 21:48:16 0 d-------- C:\Program Files\CyberLink<CYBERL~1>
2007-05-11 21:47:40 23040 -ra------ C:\WINDOWS\System32\drivers\GVCplDrv.sys
2007-05-10 15:51:30 0 d-------- C:\Program Files\Apple Software Update<APPLES~1>
2007-05-10 15:49:19 0 d-------- C:\Program Files\QuickTime<QUICKT~1>
2007-05-09 17:02:55 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-05-08 23:45:29 23600 --a------ C:\WINDOWS\System32\drivers\TVICHW32.SYS
2007-05-07 19:54:47 0 d-------- C:\Program Files\OpenOffice.org 2.0<OPENOF~1.0>
2007-05-06 18:50:46 0 d-------- C:\Program Files\Common Files\Adobe
2007-05-06 12:10:28 0 d-------- C:\WINDOWS\System32\ReinstallBackups<REINST~1>
2007-05-06 12:04:41 921600 --a------ C:\WINDOWS\System32\nwiz.exe
2007-05-06 12:04:41 1019904 --a------ C:\WINDOWS\System32\nvwimg.dll
2007-05-06 12:04:40 1646592 --a------ C:\WINDOWS\System32\nvwdmcpl.dll
2007-05-06 12:04:40 462848 --a------ C:\WINDOWS\System32\nvshell.dll
2007-05-06 12:04:40 1441792 --a------ C:\WINDOWS\System32\nview.dll
2007-05-06 12:04:40 1339392 --a------ C:\WINDOWS\System32\nvdspsch.exe
2007-05-06 12:04:40 442368 --a------ C:\WINDOWS\System32\nvappbar.exe
2007-05-06 12:04:40 393216 --a------ C:\WINDOWS\System32\keystone.exe
2007-05-06 12:04:04 0 d-------- C:\Program Files\MultiRes
2007-05-06 12:03:19 0 d-------- C:\Program Files\Nvidia Omega Drivers<NVIDIA~1>
2007-05-05 13:18:09 0 d-------- C:\Program Files\Lavalys
2007-05-05 13:11:55 0 d-------- C:\Program Files\SpeedFan


-- Find3M Report ---------------------------------------------------------------

2007-06-03 15:07:35 0 d-------- C:\Program Files\Spyware Terminator<SPYWAR~1>
2007-05-30 20:15:27 0 d-------- C:\Documents and Settings\jurek\Dane aplikacji\Macromedia<MACROM~1>
2007-05-24 18:37:13 0 d-------- C:\Documents and Settings\jurek\Dane aplikacji\ACD Systems<ACDSYS~1>
2007-05-19 18:28:09 0 d-------- C:\Documents and Settings\jurek\Dane aplikacji\OpenOffice.org2<OPENOF~1.ORG>
2007-05-19 18:25:45 0 d---s---- C:\Documents and Settings\jurek\Dane aplikacji\Microsoft<MICROS~1>
2007-05-16 11:00:48 0 d-------- C:\Documents and Settings\jurek\Dane aplikacji\Sun
2007-05-12 10:57:42 0 d-------- C:\Documents and Settings\jurek\Dane aplikacji\AdobeUM
2007-05-12 10:57:14 0 d-------- C:\Documents and Settings\jurek\Dane aplikacji\Adobe
2007-05-11 21:51:36 0 d-------- C:\Documents and Settings\jurek\Dane aplikacji\CyberLink<CYBERL~1>
2007-05-09 17:05:29 0 d-------- C:\Documents and Settings\jurek\Dane aplikacji\Gadu-Gadu<GADU-G~1>
2007-05-09 17:02:33 0 d-------- C:\Program Files\Common Files\InstallShield<INSTAL~1>
2007-05-08 19:28:11 0 d-------- C:\Program Files\Gadu-Gadu<GADU-G~1>
2007-05-06 12:03:04 737280 --a------ C:\WINDOWS\iun6002.exe
2007-05-02 17:56:33 0 d-------- C:\Program Files\Codec Pack - All In 1<CODECP~1>
2007-05-02 17:55:58 0 d-------- C:\Program Files\Matroska Pack<MATROS~1>
2007-05-02 17:55:09 0 d-------- C:\Program Files\XviD
2007-05-01 16:37:49 0 d-------- C:\Program Files\Messenger<MESSEN~1>
2007-04-30 23:38:35 0 d-------- C:\Program Files\MarBit
2007-04-30 19:45:42 0 d-------- C:\Program Files\Java
2007-04-30 17:46:10 745600 --a------ C:\WINDOWS\System32\aswBoot.exe
2007-04-30 17:35:28 95872 --a------ C:\WINDOWS\System32\AVASTSS.scr
2007-04-30 16:51:00 16896 --a------ C:\WINDOWS\System32\tftp.exe
2007-04-30 16:51:00 42496 --a------ C:\WINDOWS\System32\ftp.exe
2007-04-30 12:30:55 0 d-------- C:\Program Files\DAEMON Tools<DAEMON~1>
2007-04-30 11:43:12 0 d-------- C:\Program Files\Common Files\Java
2007-04-29 23:11:44 0 d-------- C:\Program Files\Mplayer
2007-04-29 22:46:51 0 d-------- C:\Program Files\Common Files\ODBC
2007-04-29 22:46:48 0 d-------- C:\Program Files\Common Files\SpeechEngines<SPEECH~1>
2007-04-29 22:46:23 62 --ahs---- C:\Documents and Settings\jurek\Dane aplikacji\desktop.ini
2007-04-29 22:43:30 133120 --a------ C:\WINDOWS\System32\sfc_os.dll
2007-04-29 22:33:29 0 d-------- C:\Program Files\ASUS
2007-04-29 22:32:22 4608 --a------ C:\WINDOWS\System32\w95inf32.dll
2007-04-29 22:32:22 2272 --a------ C:\WINDOWS\System32\w95inf16.dll
2007-04-29 22:32:15 0 d-------- C:\Program Files\PCI Audio Applications<PCIAUD~1>
2007-04-29 22:31:53 0 d-------- C:\Program Files\C-Media
2007-04-29 22:28:34 0 d-------- C:\Program Files\Alwil Software<ALWILS~1>
2007-04-29 22:26:18 0 d--h----- C:\Program Files\WindowsUpdate<WINDOW~2>
2007-04-29 22:25:32 0 d-------- C:\Program Files\IrfanView<IRFANV~1>
2007-04-29 22:21:00 0 d-------- C:\Program Files\Avant Browser<AVANTB~1>
2007-04-29 22:19:31 0 d-------- C:\Documents and Settings\jurek\Dane aplikacji\Avant Profiles<AVANTP~1>
2007-04-29 22:15:57 355830 --a------ C:\WINDOWS\System32\perfh015.dat
2007-04-29 22:15:57 49712 --a------ C:\WINDOWS\System32\perfc015.dat
2007-04-29 22:15:39 0 d-------- C:\Documents and Settings\jurek\Dane aplikacji\Identities<IDENTI~1>
2007-04-29 22:08:38 0 d-------- C:\Program Files\microsoft frontpage<MICROS~1>
2007-04-29 22:08:17 0 -rahs---- C:\MSDOS.SYS
2007-04-29 22:08:17 0 -rahs---- C:\IO.SYS
2007-04-29 22:08:17 0 --a------ C:\CONFIG.SYS
2007-04-29 22:08:17 0 --a------ C:\AUTOEXEC.BAT
2007-04-29 22:06:32 0 d-------- C:\Program Files\Movie Maker<MOVIEM~1>
2007-04-29 22:05:46 0 d-------- C:\Program Files\Common Files\MSSoap
2007-04-29 22:05:10 21856 --a------ C:\WINDOWS\System32\emptyregdb.dat<EMPTYR~1.DAT>
2007-04-29 22:04:51 0 d-------- C:\Program Files\Usługi online<USUGIO~1>
2007-04-29 22:04:36 0 d-------- C:\Program Files\Windows NT<WINDOW~1>
2007-04-29 22:04:36 0 d-------- C:\Program Files\MSN Gaming Zone<MSNGAM~1>


-- Registry Dump ---------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvMcTray.dll,NvTaskbarInit"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"C-Media Mixer"="Mixer.exe /startup"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e0088136-f705-11db-8dda-00a1b0a2c575}]
Shell\AutoRun\command H:\Autorun.exe


-- End of ComboScan: finished at 2007-06-04 at 18:31:38 ------------------------

a screen'a nie pokaze, bo to przy uruchamianiu windowsa wyskoczylo. To bylo w tej 'tabliczce' co mówiła, że scan zakonczony i jak coś nie tak z IE to mam ten pliczek uruchomic. (Wczesniej nie bylo go na HD)

[wojtas]

w logach jest ok

Autor postu otrzymał pochwałę

[Marchwiak]

dzięki