przy wlanczaniu kompa

[wronka16]

Witajcie
Przy wlanczaniu komputera pojawia mi sie taki błąd

gdy wcisne OK lub anuluj to restartuje komputer

[Batonn]

Moze to byc Netsky virus . Sprobuj uruchomic to narzedzie do usuwania tego smiecia w trybie awaryjnym (o ile Ci on dziala).
Jezeli nie podziala, to zerknij jeszcze tu lub tu

[Jot]

Przy "włanczaniu"?



Gdzie są Admini?...

Autor postu otrzymał pochwałę

[Lukesh]

Przenosze do dzialu Bezpieczenstwo, a Ty wstaw logi wg opisu: http://forum.programosy.pl/hijackthis-amp-silent-runners-gtobsuga-i-umieszczanie-vt9452.html

[Red]

Jot,zajmuj się proszę innymi sprawami na forum.

ps.


co do samego winlogon.exe,pewnie trzeba bedzie go podmienić z płytki instalacyjnej.Posiadasz?

[wronka16]

Kod: Zaznacz wszystko

Logfile of HijackThis v1.99.1
Scan saved at 22:20:24, on 2007-08-03
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Clock Tray Skins\ClockTraySkins.exe
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Neostrada TP\NeostradaTP.exe
C:\Program Files\Neostrada TP\ComComp.exe
C:\Program Files\Neostrada TP\Watch.exe
D:\PowerMenu_1_5_1\PowerMenu.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Winamp\winamp.exe
D:\Gry\Tibia 8.0\tibiaauto.exe
C:\Documents and Settings\Tomek\Pulpit\hijackthis_199\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://szukaj.wp.pl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
O4 - HKLM\..\Run: [Resume copy] copyfstq.exe /startup
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Clock Tray Skins\ClockTraySkins.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Statystyki dla ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7B46E612-6D80-4160-AB94-8B744B5BFFC8}: NameServer = 194.204.159.1 217.98.63.164
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: ole2disp32 - C:\WINDOWS\SYSTEM32\ole2disp32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcccoms.exe



A płytkę instalacyjną posiadam.

[wojtas]

ten plik:

C:\WINDOWS\SYSTEM32\ole2disp32.dll

przeskanuj tu:

http://virusscan.jotti.org/
http://www.virustotal.com/

i daj raporty oraz

daj loga z combofixa

[wronka16]

Kod: Zaznacz wszystko

http://virusscan.jotti.org/
Scan taken on 04 Aug 2007 15:40:14 (GMT)
A-Squared    
Found nothing
AntiVir    
Found nothing
ArcaVir    
Found nothing
Avast    
Found nothing
AVG Antivirus    
Found nothing
BitDefender    
Found nothing
ClamAV    
Found nothing
CPsecure    
Found nothing
Dr.Web    
Found nothing
F-Prot Antivirus    
Found nothing
F-Secure Anti-Virus    
Found nothing
Fortinet    
Found nothing
Kaspersky Anti-Virus    
Found nothing
NOD32    
Found nothing
Norman Virus Control    
Found nothing
Panda Antivirus    
Found nothing
Rising Antivirus    
Found nothing
Sophos Antivirus    
Found nothing
VirusBuster    
Found nothing
VBA32    
Found nothing

Kod: Zaznacz wszystko

ComboFix 07-08-04.3 - "Tomek" 2007-08-04 17:44:41.1 BˆĄd wej˜cia: Brak aparatu skrypt˘w dla plik˘w o rozszerzeniu ".vbs". - NTFS
BˆĄd wej˜cia: Brak aparatu skrypt˘w dla plik˘w o rozszerzeniu ".vbs".
BˆĄd wej˜cia: Brak aparatu skrypt˘w dla plik˘w o rozszerzeniu ".vbs".


(((((((((((((((((((((((((   Files Created from 2007-07-04 to 2007-08-04  )))))))))))))))))))))))))))))))


2007-08-04 17:44   51,200   --a------   C:\WINDOWS\nircmd.exe
2007-08-03 22:17   <DIR>   d--------   C:\Program Files\Mozilla ActiveX Control v1.7.1
2007-08-03 09:43   <DIR>   d--------   C:\Program Files\Google
2007-08-02 19:35   <DIR>   d--------   C:\Program Files\Uniblue
2007-08-02 19:35   <DIR>   d--------   C:\DOCUME~1\Tomek\DANEAP~1\Uniblue
2007-08-02 16:08   82,258   --a------   C:\WINDOWS\system32\drivers\klin.dat
2007-08-02 16:08   82,258   --a------   C:\WINDOWS\system32\drivers\klick.dat
2007-08-02 16:07   6,432   --ahs----   C:\WINDOWS\system32\drivers\fidbox2.dat
2007-08-02 16:07   571,680   --ahs----   C:\WINDOWS\system32\drivers\fidbox.dat
2007-08-02 16:07   <DIR>   d--------   C:\Program Files\Kaspersky Lab
2007-08-02 16:07   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\DANEAP~1\Kaspersky Lab
2007-08-02 16:00   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\DANEAP~1\Kaspersky Lab Setup Files
2007-08-02 12:47   2,321,408   --a------   C:\WINDOWS\system32\TUKernel.exe
2007-08-02 12:35   <DIR>   d--h-----   C:\WINDOWS\Icons
2007-08-02 11:54   29,704   --a------   C:\WINDOWS\system32\uxtuneup.dll
2007-08-02 11:54   <DIR>   d--------   C:\Program Files\TuneUp Utilities 2007
2007-08-02 11:53   <DIR>   d--------   C:\Program Files\Common Files\Wise Installation Wizard
2007-07-26 12:48   8   --a------   C:\WINDOWS\system32\96d0ed29.dat
2007-07-26 12:39   2,804,448   --a------   C:\WINDOWS\sysUtil.exe
2007-07-24 19:35   <DIR>   d--------   C:\Program Files\Winamp
2007-07-22 22:22   <DIR>   d--------   C:\Program Files\Onet
2007-07-22 22:22   <DIR>   d--------   C:\DOCUME~1\Tomek\DANEAP~1\Onet
2007-07-22 22:22   <DIR>   d--------   C:\DOCUME~1\Tomek\DANEAP~1\MozillaControl
2007-07-22 22:22   <DIR>   d--------   C:\DOCUME~1\Tomek\DANEAP~1\Listonosz
2007-07-22 22:22   <DIR>   d--------   C:\DOCUME~1\Tomek\DANEAP~1\AutoUpdate
2007-07-22 21:43   <DIR>   d--------   C:\Program Files\No-IP
2007-07-22 20:33   <DIR>   d--------   C:\DOCUME~1\Tomek\DANEAP~1\TuneUp Software
2007-07-22 20:32   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\DANEAP~1\TuneUp Software
2007-07-22 20:04   <DIR>   d--------   C:\Program Files\Link Commander
2007-07-22 20:04   <DIR>   d--------   C:\DOCUME~1\Tomek\DANEAP~1\Resort Labs
2007-07-22 19:58   <DIR>   d--------   C:\Program Files\Clock Tray Skins
2007-07-22 12:49   3,688   --a------   C:\WINDOWS\system32\d3d9caps.dat
2007-07-18 02:21   <DIR>   d--------   C:\Program Files\thriXXX
2007-07-18 00:32   <DIR>   d--------   C:\Program Files\Valve
2007-07-17 23:24   <DIR>   d--h-----   C:\angielski_tmp
2007-07-16 10:28   30,512   --a------   C:\WINDOWS\system32\mdimon.dll
2007-07-16 10:27   32,592   --a------   C:\WINDOWS\system32\msonpmon.dll
2007-07-16 10:24   <DIR>   d--------   C:\Program Files\MSBuild
2007-07-16 10:24   <DIR>   d--------   C:\Program Files\Microsoft Works
2007-07-16 10:17   <DIR>   d--------   C:\WINDOWS\SHELLNEW
2007-07-16 10:15   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\DANEAP~1\Microsoft Help
2007-07-16 10:14   <DIR>   dr-h-----   C:\MSOCache
2007-07-15 14:09   <DIR>   d--------   C:\WINDOWS\system32\PreInstall
2007-07-14 23:23   <DIR>   d--h-----   C:\WINDOWS\PIF
2007-07-14 23:02   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\DANEAP~1\Symantec
2007-07-14 23:01   <DIR>   d--------   C:\Program Files\Common Files\Symantec Shared
2007-07-14 22:54   22,752   --a------   C:\WINDOWS\system32\spupdsvc.exe
2007-07-14 22:54   <DIR>   d--------   C:\WINDOWS\system32\pl-pl
2007-07-14 22:53   <DIR>   d--------   C:\WINDOWS\system32\appmgmt
2007-07-13 21:56   <DIR>   d--h-----   C:\WINDOWS\$hf_mig$
2007-07-13 21:51   20,480   --a------   C:\WINDOWS\system32\normaliz.dll
2007-07-11 11:53   81,768   --a------   C:\WINDOWS\system32\xinput1_3.dll
2007-07-11 11:53   62,744   --a------   C:\WINDOWS\system32\xinput1_2.dll
2007-07-11 11:53   443,752   --a------   C:\WINDOWS\system32\d3dx10_34.dll
2007-07-11 11:53   443,752   --a------   C:\WINDOWS\system32\d3dx10_33.dll
2007-07-11 11:53   3,497,832   --a------   C:\WINDOWS\system32\d3dx9_34.dll
2007-07-11 11:53   3,495,784   --a------   C:\WINDOWS\system32\d3dx9_33.dll
2007-07-11 11:53   3,426,072   --a------   C:\WINDOWS\system32\d3dx9_32.dll
2007-07-11 11:53   266,088   --a------   C:\WINDOWS\system32\xactengine2_8.dll
2007-07-11 11:53   261,480   --a------   C:\WINDOWS\system32\xactengine2_7.dll
2007-07-11 11:53   255,848   --a------   C:\WINDOWS\system32\xactengine2_6.dll
2007-07-11 11:53   251,672   --a------   C:\WINDOWS\system32\xactengine2_5.dll
2007-07-11 11:53   237,848   --a------   C:\WINDOWS\system32\xactengine2_4.dll
2007-07-11 11:53   236,824   --a------   C:\WINDOWS\system32\xactengine2_3.dll
2007-07-11 11:53   2,414,360   --a------   C:\WINDOWS\system32\d3dx9_31.dll
2007-07-11 11:53   2,297,552   --a------   C:\WINDOWS\system32\d3dx9_26.dll
2007-07-11 11:53   18,280   --a------   C:\WINDOWS\system32\x3daudio1_2.dll
2007-07-11 11:53   15,128   --a------   C:\WINDOWS\system32\x3daudio1_1.dll
2007-07-11 11:53   1,124,720   --a------   C:\WINDOWS\system32\D3DCompiler_34.dll
2007-07-11 11:53   1,123,696   --a------   C:\WINDOWS\system32\D3DCompiler_33.dll
2007-07-10 23:03   <DIR>   d--------   C:\DOCUME~1\Tomek\DANEAP~1\atitray
2007-07-10 20:48   <DIR>   d--------   C:\Program Files\eMule
2007-07-09 14:45   1,004   --a------   C:\WINDOWS\unins000.dat
2007-07-08 01:18   <DIR>   d--------   C:\DOCUME~1\Tomek\.jpi_cache
2007-07-06 19:32   221,184   --a------   C:\WINDOWS\system32\wmpns.dll
2007-07-06 11:31   <DIR>   d--------   C:\DOCUME~1\Tomek\DANEAP~1\Tibia


((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-04 09:42   ---------   d--------   C:\Program Files\Neostrada TP
2007-08-04 09:41   8540   --ahs----   C:\WINDOWS\system32\drivers\fidbox.idx
2007-08-04 09:41   1484   --ahs----   C:\WINDOWS\system32\drivers\fidbox2.idx
2007-08-02 13:18   49492   --a------   C:\WINDOWS\system32\perfc015.dat
2007-08-02 13:18   355486   --a------   C:\WINDOWS\system32\perfh015.dat
2007-08-02 11:59   ---------   d--------   C:\DOCUME~1\Tomek\DANEAP~1\Hamachi
2007-08-02 11:41   ---------   d--h-----   C:\Program Files\InstallShield Installation Information
2007-07-21 17:24   ---------   d--------   C:\DOCUME~1\Tomek\DANEAP~1\BearShare
2007-07-16 10:53   ---------   d--------   C:\Program Files\Messenger
2007-07-14 23:34   ---------   d--------   C:\Program Files\DAEMON Tools
2007-07-10 23:00   ---------   d--------   C:\Program Files\MultiRes
2007-07-10 22:57   451072   --a------   C:\WINDOWS\Radeon Omega Drivers v3.8.252 Uninstall.exe
2007-07-09 21:06   ---------   d--------   C:\Program Files\Common Files\InstallShield
2007-06-29 10:33   ---------   d--------   C:\Program Files\Gadu-Gadu
2007-06-28 12:51   206088   --a------   C:\WINDOWS\system32\klogon.dll
2007-06-28 12:50   22457   --a------   C:\WINDOWS\system32\drivers\klop.dat
2007-06-26 12:33   ---------   d--------   C:\Program Files\Common Files\Adobe Systems Shared
2007-06-26 12:18   ---------   d--------   C:\Program Files\Lexmark 3300 Series
2007-06-25 22:20   ---------   d--------   C:\DOCUME~1\Tomek\DANEAP~1\Real
2007-06-24 10:43   ---------   d--------   C:\Program Files\CamStudio
2007-06-21 23:49   ---------   d--------   C:\Program Files\Real Alternative
2007-06-21 23:49   ---------   d--------   C:\Program Files\K-Lite Codec Pack
2007-06-21 09:21   ---------   d--------   C:\DOCUME~1\Tomek\DANEAP~1\Help
2007-06-21 01:05   ---------   d--------   C:\Program Files\BitLord
2007-06-20 23:28   ---------   d--------   C:\Program Files\DaemonTools_WhenUSave_Installer
2007-06-20 23:25   682232   --a------   C:\WINDOWS\system32\drivers\sptd.sys
2007-06-20 15:53   ---------   d--------   C:\Program Files\Hamachi
2007-06-20 15:52   26056   --a------   C:\WINDOWS\system32\drivers\hamachi.sys
2007-06-19 22:38   ---------   d--------   C:\Program Files\SMS Sender
2007-06-19 13:55   ---------   d--------   C:\DOCUME~1\Tomek\DANEAP~1\Leadertech
2007-06-19 12:16   ---------   d--------   C:\Program Files\Common Files\SpeechEngines
2007-06-19 12:16   ---------   d--------   C:\Program Files\Common Files\ODBC
2007-06-19 12:08   1156   --a------   C:\WINDOWS\mozver.dat
2007-06-19 11:04   ---------   d--------   C:\Program Files\BearShare Applications
2007-06-19 10:54   ---------   d--------   C:\Program Files\Alwil Software
2007-06-19 10:50   9694   --a------   C:\WINDOWS\irunin.dat
2007-06-19 10:50   720896   --a------   C:\WINDOWS\iun6002.exe
2007-06-19 10:47   2504217   ----s----   C:\WINDOWS\system32\TibiaAutoSetup_1_14_0.exe
2007-06-19 10:45   0   --a------   C:\WINDOWS\nsreg.dat
2007-06-19 10:40   23   --a------   C:\WINDOWS\system32\drivers\adidsl.cfg
2007-06-19 10:39   ---------   d--------   C:\Program Files\SAGEM
2007-06-19 10:39   ---------   d--------   C:\Program Files\Java Web Start
2007-06-19 10:37   ---------   d--------   C:\Program Files\NVIDIA Corporation
2007-06-19 10:37   ---------   d--------   C:\Program Files\Common Files\NVIDIA Shared
2007-06-19 10:35   ---------   d--------   C:\Program Files\ABIT
2007-06-19 10:26   ---------   d--------   C:\Program Files\microsoft frontpage
2007-06-19 10:25   0   -rahs----   C:\MSDOS.SYS
2007-06-19 10:25   0   -rahs----   C:\IO.SYS
2007-06-19 10:25   0   --a------   C:\CONFIG.SYS
2007-06-19 10:25   0   --a------   C:\AUTOEXEC.BAT
2007-06-19 10:24   ---------   d--h-----   C:\Program Files\WindowsUpdate
2007-06-19 10:23   ---------   d--------   C:\Program Files\Movie Maker
2007-06-19 10:23   ---------   d--------   C:\Program Files\Common Files\MSSoap
2007-06-19 10:22   21856   --a------   C:\WINDOWS\system32\emptyregdb.dat
2007-06-19 10:21   ---------   d--------   C:\Program Files\Windows NT
2007-06-19 10:21   ---------   d--------   C:\Program Files\MSN Gaming Zone
2007-05-16 17:19   85504   --a--c---   C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 17:19   510976   --a--c---   C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 17:19   1314816   --a--c---   C:\WINDOWS\system32\dllcache\msoe.dll
2007-05-16 17:18   86528   --a--c---   C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 17:18   683520   --a--c---   C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 17:18   683520   --a------   C:\WINDOWS\system32\inetcomm.dll
2007-05-04 14:55   3079680   --a--c---   C:\WINDOWS\system32\dllcache\mshtml.dll
   ---------      C:\Program Files\Usługi online


(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-03 20:51]
"WooCnxMon"="C:\PROGRA~1\NEOSTR~1\CnxMon.exe" [2003-10-16 18:07]
"WOOWATCH"="C:\PROGRA~1\NEOSTR~1\Watch.exe" [2003-10-16 18:07]
"WOOTASKBARICON"="C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe" [2003-10-16 18:07]
"Resume copy"="copyfstq.exe" [2002-03-24 12:54 C:\WINDOWS\COPYFSTQ.EXE]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2007-06-28 12:51]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-04 00:29]
"SkinClock"="C:\Program Files\Clock Tray Skins\ClockTraySkins.exe" [2007-07-22 19:58]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [2007-07-24 11:29]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoResolveSearch"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLowDiskSpaceChecks"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ole2disp32]
ole2disp32.dll 2003-02-10 10:22 9760 C:\WINDOWS\system32\ole2disp32.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Espace Client"=C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe web

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
"WinampAgent"=C:\Program Files\Winamp\winampa.exe


HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{985fbd53-1e4c-11dc-b3f0-806d6172696f}]
AutoRun\command- E:\start.exe


Contents of the 'Scheduled Tasks' folder
2007-08-03 15:31:55 C:\WINDOWS\Tasks\1-Click Maintenance.job - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-04 17:48:01
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A\1\5\1c]
"Order"=hex:08,00,00,00,02,00,00,00,b8,01,00,00,01,00,00,00,04,00,00,00,8c,..

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-04 17:49:27

   --- E O F ---


[wojtas]

C:\Program Files\BearShare Applications

skasuj ten folder

po za tym w logu nic nie widze

[wronka16]

Skasowałem i nic nie pomogło

[wojtas]

Użyj WWDC :
http://www.firewallleaktester.com/wwdc.htm
Zmień opcje z disable na enable. Uruchom ponownie komputer.
Tak powinny wyglądać porty (NetBIOS może być żółty) :
http://www.firewallleaktester.com/images_site/wwdc.jpg

wejdz do konsoli odzyskiwania:

http://www.searchengines.pl/phpbb203/index.php?showtopic=14270

i wpisz:

expand X:\i386\winlogon.ex_ C:\Windows\sytem32\winlogon.exe

X- literka Twojego cd romu