proszę o sprawdzenie loga

[Rafał123]

Czesc. Problem jest taki że bez przerwy pojawiają mi sie reklamy w Internet Explorel i w tray'u ostrzeżenie ze mam wirusa (nie z mojego atywirusa)

Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:07:15, on 2007-11-02
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Video Add-on\icthis.exe
C:\Program Files\Video Add-on\isfmntr.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Invention Pilot\Type Pilot\TypePlt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Video Add-on\icmntr.exe
C:\Program Files\Video Add-on\isfmm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Documents and Settings\TL\Pulpit\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {B499D34E-58EF-4927-AB9F-7AF52B2C4C82} - C:\Program Files\Video Add-on\isfmdl.dll
O3 - Toolbar: IE Custom Tools - {062F3F8B-CB94-4D76-A98A-EF800A438F01} - C:\Program Files\Video Add-on\ictmdl.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Type Pilot] "C:\Program Files\Invention Pilot\Type Pilot\TypePlt.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\Video Add-on\icthis.exe
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\Video Add-on\isfmntr.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

--
End of file - 4261 bytes


[Dzi@dek]

Wyłącz przywracanie systemu i w awaryjnym kasujesz wpisy w HJ:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: (no name) - {B499D34E-58EF-4927-AB9F-7AF52B2C4C82} - C:\Program Files\Video Add-on\isfmdl.dll
O3 - Toolbar: IE Custom Tools - {062F3F8B-CB94-4D76-A98A-EF800A438F01} - C:\Program Files\Video Add-on\ictmdl.dll
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\Video Add-on\icthis.exe
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\Video Add-on\isfmntr.exe

Instalowałes to

O4 - HKCU\..\Run: [Type Pilot] "C:\Program Files\Invention Pilot\Type Pilot\TypePlt.exe"

Pogrubione foldery usuwasz ręcznie z dysku w drugiej kolejności.
Daj log-a z Combofix-a i HJ

[Red]

O4 - HKCU\..\Run: [Type Pilot] "C:\Program Files\Invention Pilot\Type Pilot\TypePlt.exe"

to jest spoko:

http://programy.internetstandard.pl/pc/producent/1498/Invention.Pilot..Inc..html

[wojtas]

zastosuj rowniez to:

smitfraudfix z opcji 2

[Rafał123]

Wszystko było w porządku do czasu gdy nie zaczął mi sie internet co jakiś czas rozłączać, tzn modem sagem się resetuje co jakiś czas, np gdy wyłączam Forefox'a. Co się mogło stać?

Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:00:18, on 2007-11-06
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\system32\spoolsv.exe
D:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS.0\system32\nvsvc32.exe
C:\WINDOWS.0\Explorer.EXE
C:\WINDOWS.0\system32\RunDLL32.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS.0\system32\ctfmon.exe
C:\Program Files\AutoConnect\AutoConnect.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS.0\system32\devldr32.exe
C:\WINDOWS.0\system32\wscntfy.exe
C:\Program Files\USDownloader\USDownloader.exe
C:\Fraps\fraps.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Rafał.SEAGATE-2INSTAL\Pulpit\Programy\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Program Files\FlashGet\jccatch.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS.0\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\ctfmon.exe
O4 - HKCU\..\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet'a - D:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet'a - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - D:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS.0\system32\nvsvc32.exe

--
End of file - 6095 bytes


[Precel]

uzyj wwdc

[Rafał123]

Wskazuje że wszystko jest wporządku

[Dzi@dek]

Daj log-a z Combofix-a

[Rafał123]

Kod: Zaznacz wszystko

ComboFix 07-11-06.4 - Rafał 2007-11-06 15:11:35.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1250.1.1045.18.619 [GMT 1:00]
Running from: C:\Documents and Settings\Rafał.SEAGATE-2INSTAL\Pulpit\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((   Files Created from 2007-10-06 to 2007-11-06  )))))))))))))))))))))))))))))))
.

2007-11-06 15:11   51,200   --a------   C:\WINDOWS.0\NirCmd.exe
2007-11-06 14:09   <DIR>   d--------   C:\Program Files\Neostrada TP
2007-11-06 14:09   143,360   --a------   C:\WINDOWS.0\autoclk.exe
2007-11-06 14:09   22,395   --a------   C:\WINDOWS.0\system32\drivers\fpga.bin
2007-11-06 12:07   <DIR>   d--------   C:\Downloads
2007-11-05 20:23   <DIR>   d--------   C:\Program Files\DivX
2007-11-04 21:31   3,727,720   --a------   C:\WINDOWS.0\system32\d3dx9_35.dll
2007-11-04 21:31   1,358,192   --a------   C:\WINDOWS.0\system32\D3DCompiler_35.dll
2007-11-04 21:31   444,776   --a------   C:\WINDOWS.0\system32\d3dx10_35.dll
2007-11-04 21:31   267,112   --a------   C:\WINDOWS.0\system32\xactengine2_9.dll
2007-11-04 21:31   62,232   -r-------   C:\WINDOWS.0\system32\GameuxInstallHelper.dll
2007-11-01 13:36   <DIR>   d--------   C:\Program Files\Common Files\DirectX
2007-11-01 13:25   278,728   --a------   C:\WINDOWS.0\system32\drivers\atksgt.sys
2007-11-01 13:25   25,416   --a------   C:\WINDOWS.0\system32\drivers\lirsgt.sys
2007-10-28 14:58   4,096   --a------   C:\WINDOWS.0\d3dx.dat
2007-10-23 20:59   <DIR>   d--------   C:\Program Files\USDownloader
2007-10-23 16:06   2,560   --a------   C:\WINDOWS.0\system32\bitcometres.dll
2007-10-23 13:23   <DIR>   d--------   C:\Program Files\Microsoft Works
2007-10-23 13:22   <DIR>   d--------   C:\Program Files\Microsoft.NET
2007-10-23 13:20   <DIR>   d--------   C:\WINDOWS.0\SHELLNEW
2007-10-23 13:19   <DIR>   d--------   C:\Documents and Settings\All Users.WINDOWS.0\Dane aplikacji\Microsoft Help
2007-10-20 01:56   1,044,480   --a------   C:\WINDOWS.0\system32\libdivx.dll
2007-10-20 01:56   200,704   --a------   C:\WINDOWS.0\system32\ssldivx.dll
2007-10-18 14:01   <DIR>   d--------   C:\Program Files\Common Files\Vbox
2007-10-17 18:58   184,320   --a------   C:\WINDOWS.0\system32\RALMain.dll
2007-10-17 18:58   32,768   --a------   C:\WINDOWS.0\system32\MLPagAx.dll
2007-10-17 16:05   33,340   --a------   C:\WINDOWS.0\system32\dbmsqlgc.dll
2007-10-17 16:05   24,576   --a------   C:\WINDOWS.0\system32\dbmsgnet.dll
2007-10-17 16:04   <DIR>   d--------   C:\WINDOWS.0\Cache
2007-10-17 16:04   <DIR>   d--------   C:\Program Files\Microsoft SQL Server
2007-10-17 16:04   765,952   ---------   C:\WINDOWS.0\system32\msvcp71d.dll
2007-10-17 16:04   544,768   ---------   C:\WINDOWS.0\system32\msvcr71d.dll
2007-10-17 16:02   <DIR>   d--------   C:\WINDOWS.0\system32\URTTEMP
2007-10-17 15:55   171,008   --a------   C:\WINDOWS.0\system32\drivers\MarvinBus.sys
2007-10-17 15:54   <DIR>   d--------   C:\WINDOWS.0\Downloaded Installations
2007-10-17 15:53   <DIR>   d--------   C:\Documents and Settings\All Users.WINDOWS.0\Dane aplikacji\Pinnacle Studio
2007-10-17 13:48   <DIR>   d--------   C:\Documents and Settings\Rafał.SEAGATE-2INSTAL\Dane aplikacji\GetRightToGo
2007-10-17 12:55   262,144   --a------   C:\WINDOWS.0\system32\wrap_oal.dll
2007-10-17 12:55   86,016   --a------   C:\WINDOWS.0\system32\OpenAL32.dll
2007-10-16 14:18   84,992   --a------   C:\WINDOWS.0\system32\ATL70.DLL
2007-10-16 14:17   <DIR>   d--------   C:\Program Files\SmartSound Software
2007-10-16 14:17   90,112   --a------   C:\WINDOWS.0\unvise32.exe
2007-10-16 14:14   <DIR>   d---s----   C:\Documents and Settings\Rafał.SEAGATE-2INSTAL\UserData
2007-10-16 14:14   <DIR>   d---s----   C:\Documents and Settings\Rafał.SEAGATE-2INSTAL\UserData
2007-10-16 14:13   <DIR>   d--------   C:\Documents and Settings\All Users.WINDOWS.0\Dane aplikacji\Pinnacle
2007-10-16 14:13   14,165   --a------   C:\WINDOWS.0\system32\drivers\Pclepci.sys
2007-10-14 10:53   <DIR>   d--------   C:\Program Files\Google
2007-10-14 10:25   <DIR>   d--------   C:\Documents and Settings\Rafał.SEAGATE-2INSTAL\Dane aplikacji\InternetCalls
2007-10-14 10:22   <DIR>   d--------   C:\Documents and Settings\Rafał.SEAGATE-2INSTAL\Dane aplikacji\VoipBuster
2007-10-12 15:53   1,124,720   --a------   C:\WINDOWS.0\system32\D3DCompiler_34.dll
2007-10-12 15:53   443,752   --a------   C:\WINDOWS.0\system32\d3dx10_34.dll
2007-10-12 15:53   266,088   --a------   C:\WINDOWS.0\system32\xactengine2_8.dll
2007-10-12 15:53   18,280   --a------   C:\WINDOWS.0\system32\x3daudio1_2.dll
2007-10-12 15:52   3,497,832   --a------   C:\WINDOWS.0\system32\d3dx9_34.dll
2007-10-10 13:03   <DIR>   d--------   C:\Fraps
2007-10-07 10:45   <DIR>   d--------   C:\Bestplayer 1.0
2007-10-07 10:34   <DIR>   d--------   C:\Documents and Settings\Rafał.SEAGATE-2INSTAL\Dane aplikacji\vlc
2007-10-07 10:31   <DIR>   d--------   C:\Program Files\VideoLAN

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-06 13:10   23   ----a-w   C:\WINDOWS.0\system32\drivers\adidsl.cfg
2007-11-06 13:09   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2007-11-06 11:24   ---------   d---a-w   C:\Documents and Settings\All Users.WINDOWS.0\Dane aplikacji\TEMP
2007-11-06 10:23   ---------   d-----w   C:\Program Files\AutoConnect
2007-11-05 15:03   ---------   d-----w   C:\Documents and Settings\Rafał.SEAGATE-2INSTAL\Dane aplikacji\FileZilla
2007-10-22 12:51   ---------   d-----w   C:\Documents and Settings\Rafał.SEAGATE-2INSTAL\Dane aplikacji\Skype
2007-10-09 12:22   228,642   ----a-w   C:\WINDOWS.0\rFactor Data Acquisition Plugin Uninstaller.exe
2007-10-05 13:11   ---------   d-----w   C:\Program Files\Common Files\Wise Installation Wizard
2007-10-05 13:11   ---------   d-----w   C:\Program Files\AGEIA Technologies
2007-10-03 12:47   ---------   d-----w   C:\Program Files\USB Vibration
2007-10-02 13:54   ---------   d-----w   C:\Program Files\kRk Software
2007-09-29 15:50   ---------   d-----w   C:\Program Files\USB Vibration Joystick
2007-09-27 12:49   14,656   ----a-w   C:\WINDOWS.0\gdrv.sys
2007-09-11 06:55   81,920   ----a-w   C:\WINDOWS.0\system32\frapsvid.dll
2007-09-07 13:52   ---------   d-----w   C:\Documents and Settings\Rafał.SEAGATE-2INSTAL\Dane aplikacji\Tlen.pl
2007-08-23 18:14   43,520   ----a-w   C:\WINDOWS.0\system32\CmdLineExt03.dll
2007-08-16 16:07   1,386,496   ----a-w   C:\WINDOWS.0\system32\msvbvm60.dll
2007-08-12 09:31   298,104   ----a-w   C:\WINDOWS.0\system32\imon.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS.0\system32\NvCpl.dll" [2006-10-22 11:22]
"nwiz"="nwiz.exe" [2006-10-22 11:22 C:\WINDOWS.0\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2006-10-22 11:22 C:\WINDOWS.0\system32\nvmctray.dll]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-08-12 10:31]
"adiras"="adiras.exe" [2004-01-28 14:42 C:\WINDOWS.0\adiras.exe]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-03 23:29]
"CTFMON.EXE"="C:\WINDOWS.0\system32\ctfmon.exe" [2004-08-03 23:44]
"AutoConnect"="C:\Program Files\AutoConnect\AutoConnect.exe" [2004-08-28 19:27]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-03 23:55]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"nltide3"=cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N

C:\Documents and Settings\All Users.WINDOWS.0\Menu Start\Programy\Autostart\
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2007-11-06 14:10:02]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS.0^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users.WINDOWS.0\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS.0\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS.0^Menu Start^Programy^Autostart^DSLMON.lnk]
path=C:\Documents and Settings\All Users.WINDOWS.0\Menu Start\Programy\Autostart\DSLMON.lnk
backup=C:\WINDOWS.0\pss\DSLMON.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Rafał.SEAGATE-2INSTAL^Menu Start^Programy^Autostart^Adobe Gamma.lnk]
path=C:\Documents and Settings\Rafał.SEAGATE-2INSTAL\Menu Start\Programy\Autostart\Adobe Gamma.lnk
backup=C:\WINDOWS.0\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\36X Raid Configurer]
C:\WINDOWS.0\system32\JMRaidSetup.exe boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DataLayer]
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyTuneV]
C:\Program Files\Gigabyte\ET5\ETcall.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget]
D:\Program Files\FlashGet\flashget.exe /min

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InternetCalls]
"D:\Program Files\InternetCalls.com\InternetCalls\InternetCalls.exe" -nosplash -minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]
C:\WINDOWS.0\JM\JMInsIDE.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KMRemote]
D:\Program Files\KM Remote\kmremote.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Komunikator]
D:\Program Files\Tlen.pl\tlen.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipBuster]
"D:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" -nosplash -minimized

R0 hotcore2;hotcore2;C:\WINDOWS.0\system32\drivers\hotcore2.sys
S3 efipsk;efipsk;\??\C:\DOCUME~1\RAFA~1.SEA\USTAWI~1\Temp\efipsk.sys
S3 gdrv;gdrv;\??\C:\WINDOWS.0\gdrv.sys
S3 MarkFun_NT;MarkFun_NT;\??\C:\Program Files\Gigabyte\@BIOS\markfun.w32

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-06 15:12:49
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-06 15:13:10
.
   --- E O F ---


[ Dodano: Dzisiaj o 16:28 ]
Już wszystko w porządku, wystarczyło przeinstalować sterowniki