z internetem/pobieraniem

[Chaber*]

Mam problem: Mam neostarde (512) i od jakiegos czasu wszytkie pobierania mi sie zacinaja tzn. np jak ogladam jakis filmik na necie zacina sie, jak pobieram plik to pobierze sie z 10% i sie zacina. Co moge zrobic aby wkoncu bylo normalnie. Prosze o pomoc...

PS. zacina sie jak pobieram internetem explorerem i takze jak uzwyam firefox'a. robilem reinstalacje neo tez nie pomoglo

[Lukesh]

Po pierwsze - trzeba wykluczyc ingerencje 'smieci'.

Zastosuj sie do wskazowek z tematu: http://forum.programosy.pl/bad-generic-host-process-for-win32-services-vt79489.html
Zrob skan on-line www.ewido.com
na sam koniec wstaw CALE logi wg opisu: http://forum.programosy.pl/hijackthis-amp-silent-runners-gtobsuga-i-umieszczanie-vt9452.html

[Dzi@dek]

Chaber*
Podaj konfigurację sprzętu.

oraz:

Po pierwsze - trzeba wykluczyc ingerencje 'smieci'.

Arrow Zastosuj sie do wskazowek z tematu: http://forum.programosy.pl/bad-generic-host-process-for-win32-services-vt79489.html
Arrow Zrob skan on-line www.ewido.com
Arrow na sam koniec wstaw CALE logi wg opisu: http://forum.programosy.pl/hijackthis-amp-silent-runners-gtobsuga-i-umieszczanie-vt9452.html

[Chaber*]

Sprzet:
System: Windows XP Professional , Service Pack 2
Komputer: Intel Celeron 1,70GHz, 1GB RAM
Karta Graficzna: GeForce FX 5200 128MB
Cos jeszcze?

Log HiJackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:30:36, on 2007-10-21
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Eset\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe
C:\Program Files\Eset\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\CTFMON.EXE
C:\PROGRA~1\NEOSTR~1\ComComp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\NEOSTR~1\Watch.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Admin\Pulpit\ewido_micro.exe
C:\Documents and Settings\Admin\Pulpit\HiJackThis.exe

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1a1ddc19-5893-43ab-a73f-f41a0f34d115} - (no file)
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: (no name) - {96ebbe6a-2864-4345-b32b-26ee9be524b5} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [egui] "C:\Program Files\Eset\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &똠i퉓nij przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &똠i퉓nij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {112857FE-03FF-11D5-9A3F-0080C8D85044} (GameDesire Solitaires) - http://67.15.101.3/g_bin/pl/solitaire_2_0_0_24.cab
O16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} (GameDesire Card Games) - http://67.15.101.3/g_bin/pl/cards_2_0_0_73.cab
O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (Ganymede Board Games) - http://67.15.101.3/g_bin/pl/boards_2_0_0_30.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/webplayer/stage6/windows/AutoDLDivXWebPlayerInstaller.cab
O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://67.15.101.3/g_bin/pl/poker_2_0_0_43.cab
O16 - DPF: {BFA1F11D-3121-AFE1-4112-894323212DAC} (GameDesire Word Games) - http://67.15.101.3/g_bin/pl/words_2_0_0_46.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E23FABEE-12E3-33DA-DA12-195DAC123984} (GameDesire Mahjong) - http://67.15.101.3/g_bin/pl/mahjong_2_0_0_24.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool - http://67.15.101.3/g_bin/pl/billard8_2_0_0_34.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) - http://67.15.101.3/g_bin/pl/snooker_2_0_0_28.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{81B793EA-C6FE-4B09-AEE6-69A025DC0047}: NameServer = 194.204.159.1 217.98.63.164
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: winzzd32 - winzzd32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\Eset\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - Eset - C:\Program Files\Eset\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

--
End of file - 7118 bytes

Log Silent Runners:

"Silent Runners.vbs", revision 52, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"WOOWATCH" = "C:\PROGRA~1\NEOSTR~1\Watch.exe" ["France Telecom R&D"]
"WOOTASKBARICON" = "C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe" ["France Telecom R&D"]
"WooCnxMon" = "C:\PROGRA~1\NEOSTR~1\CnxMon.exe" [empty string]
"WheelMouse" = "C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe" ["A4Tech Co.,Ltd."]
"SpeedTouch USB Diagnostics" = ""C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon" ["THOMSON Telecom Belgium"]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"IMJPMIG8.1" = "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32" [MS]
"IMEKRMIG6.1" = "C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [MS]
"MSPY2002" = "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC" [null data]
"PHIME2002ASync" = "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC" [MS]
"PHIME2002A" = "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName" [MS]
"egui" = ""C:\Program Files\Eset\ESET NOD32 Antivirus\egui.exe" /hide /waitservice" ["Eset"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}\(Default) = "flashget urlcatch"
-> {HKLM...CLSID} = "FGCatchUrl"
\InProcServer32\(Default) = "C:\Program Files\FlashGet\jccatch.dll" ["www.flashget.com"]
{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Megaupload Toolbar"
\InProcServer32\(Default) = "C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL" ["MEGAUPLOAD "]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll" ["Sun Microsystems, Inc."]
{F156768E-81EF-470C-9057-481BA8380DBA}\(Default) = (no title provided)
-> {HKLM...CLSID} = "FlashGet GetFlash Class"
\InProcServer32\(Default) = "C:\Program Files\FlashGet\getflash.dll" ["www.flashget.com"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = (no title provided)

Niewiem czy to caly log czy zostal uciety. Nie wyskoczylo mi zadne okienko po skanie.
Przeskanawalem tym skanerem na www.ewido.com. znalazlo chyba 31 "infekcji", usunelem je.
Zrobilem to z tymi portami.
PS. nadal sie zacina

[Lukesh]

To nie jest caly log. Poczekaj az wygeneruje sie do konca i dopiero wtedy wstaw nam go tutaj.

[Chaber*]

Wyskakuje mi blad
"Host skryptow systemu Windows"
Skrypt:C:/...Silent Runners.vbs
Wiersz: 1728
Znak: 6
Blad: nieprawidlowe wywolanie procedury lub nieprawidlowy argument
Kod: 800A0005
Zrodlo: Microsoft VBScript - blad czasu wykonania

i pokazuje sie uciety log...

[Lukesh]

Sciagnij: http://www.symantec.com/avcenter/noscript.exe

zmien z disable na enable:



Po tym wygenerujesz poprawny log.

[Chaber*]

Nadal wyskakuje mi ten blad...

[Kuba1]

Hijackthis>>Do a system scan>>Zaznacz poniższe wpisy i wciśnij Fix Checked

O2 - BHO: (no name) - {1a1ddc19-5893-43ab-a73f-f41a0f34d115} - (no file)
O3 - Toolbar: (no name) - {96ebbe6a-2864-4345-b32b-26ee9be524b5} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O20 - Winlogon Notify: winzzd32 - winzzd32.dll (file missing)

Następnie:

Pobierz narzędzie SDFix


*Klikamy 2 krotknie na ikonę SDFix.exe,program wypakuje się domyślnie do lokalizacji C:\SDFix

*Wchodzimy do trybu awaryjnego z obsługą sieci:
>>>>>>Jak wejść do trybu awaryjnego z obsługą sieci?

*F8 podczas bootowania systemu.
*Używamy narzędzia BootSafe.exe zaznaczamy opcje Safe Mode- Networking i klikamy reboot

*Gdy już jesteśmy w trybie awaryjnym,wchodzimy do folderu SDFix i uruchamiamy narzędzie klikająć
2-krotnie na plik RunThis.bat lewym przyciskiem myszy.

*Wciskamy Y co uruchomi proces usuwania

*Kiedy proces usuwania się zakończy wciskamy dowolny klawisz>>nastąpi restart.

*Po restarcie SDFix dokończy proces usuwania,kiedy w oknie narzędzia SDFix pojawi się napis Finished
klikamy dowolny klawisz,narzędzie zakończy swoją pracę,na pulpicie załadują się ikony.

*Wchodzimy do folderu SDFix i kopiujemy zawartość pliku tekstowego Report.txt i wklejamy go na forum



Następnie zastosuj SmitFraudFix z opcji nr 2 w trybie awaryjnym.



Następnie daj log z ComboFix

[Chaber*]

Report.txt:

SDFix: Version 1.110

Run by Admin on 2007-10-22 at 22:12

Microsoft Windows XP [Wersja 5.1.2600]

Running From: C:\SDFIX\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\WINDOWS\system32\inst.dat - Deleted
C:\WINDOWS\system32\pk.bin - Deleted



Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Gadu-Gadu\\gg.exe"="C:\\Program Files\\Gadu-Gadu\\gg.exe:*:Enabled:Gadu-Gadu - program glowny"
"C:\\Documents and Settings\\Admin\\Moje dokumenty\\chaber.chabra@neostrada.pl\\samp-server.exe"="C:\\Documents and Settings\\Admin\\Moje dokumenty\\chaber.chabra@neostrada.pl\\samp-server.exe:*:Enabled:samp-server"
"C:\\Documents and Settings\\Admin\\Moje dokumenty\\chaber.chabra@neostrada.pl\\Downloader.exe"="C:\\Documents and Settings\\Admin\\Moje dokumenty\\chaber.chabra@neostrada.pl\\Downloader.exe:*:Enabled:Downloader Module"
"C:\\WINDOWS\\System32\\dpvsetup.exe"="C:\\WINDOWS\\System32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\System32\\rundll32.exe"="C:\\WINDOWS\\System32\\rundll32.exe:*:Enabled:Uruchamia plik DLL jako aplikacj©"
"C:\\Documents and Settings\\Admin\\Pulpit\\serwer sa-mp\\samp-server.exe"="C:\\Documents and Settings\\Admin\\Pulpit\\serwer sa-mp\\samp-server.exe:*:Enabled:samp-server"
"E:\\GTA San Andreas\\samp-server.exe"="E:\\GTA San Andreas\\samp-server.exe:*:Enabled:samp-server"
"D:\\Soldat\\Soldat.exe"="D:\\Soldat\\Soldat.exe:*:Enabled:Soldat"
"C:\\Program Files\\mIRC 6.14 PL\\mirc.exe"="C:\\Program Files\\mIRC 6.14 PL\\mirc.exe:*:Enabled:mIRC"
"D:\\Gry\\Soldat\\Soldat.exe"="D:\\Gry\\Soldat\\Soldat.exe:*:Enabled:Soldat"
"C:\\RECYCLER\\services.exe"="C:\\RECYCLER\\services.exe:*:Enabled:services.exe"
"C:\\totalcmd\\TOTALCMD.EXE"="C:\\totalcmd\\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"D:\\Gry\\FIFA 2007\\fifa07.exe"="D:\\Gry\\FIFA 2007\\fifa07.exe:*:Enabled:fifa07"
"C:\\Program Files\\Konnekt\\konnekt.exe"="C:\\Program Files\\Konnekt\\konnekt.exe:*:Enabled:Konnekt - Core"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\totalcmd\\TOTALCMD.EXE"="C:\\Program Files\\totalcmd\\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"D:\\Gry\\Jakie˜ g˘wna do Silkroada\\srobot.exe"="D:\\Gry\\Jakie˜ g˘wna do Silkroada\\srobot.exe:*:Enabled:HookSrv"
"D:\\Gry\\Bot\\srobot.exe"="D:\\Gry\\Bot\\srobot.exe:*:Enabled:HookSrv"
"C:\\Documents and Settings\\Admin\\Moje dokumenty\\R˘ľne\\Marcin\\SopCast\\SopCast.exe"="C:\\Documents and Settings\\Admin\\Moje dokumenty\\R˘ľne\\Marcin\\SopCast\\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\\Documents and Settings\\Admin\\Dane aplikacji\\SopCast\\adv\\SopAdver.exe"="C:\\Documents and Settings\\Admin\\Dane aplikacji\\SopCast\\adv\\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\\Program Files\\Ares\\Ares.exe"="C:\\Program Files\\Ares\\Ares.exe:*:Enabled:Ares p2p for windows"
"D:\\Gry\\Silkroad\\Silkroad\\srobot.exe"="D:\\Gry\\Silkroad\\Silkroad\\srobot.exe:*:Enabled:HookSrv"
"D:\\Gry\\Silkroad\\Silkroad\\SilkErrSender.exe"="D:\\Gry\\Silkroad\\Silkroad\\SilkErrSender.exe:*:Enabled:FTPSender MFC ?? ????"
"C:\\Documents and Settings\\Admin\\Moje dokumenty\\R˘ľne\\Marcin\\kolejne g˘wno\\PPStream\\PPStream.exe"="C:\\Documents and Settings\\Admin\\Moje dokumenty\\R˘ľne\\Marcin\\kolejne g˘wno\\PPStream\\PPStream.exe:*:Enabled:PPStream"
"C:\\Documents and Settings\\Admin\\Moje dokumenty\\R˘ľne\\Marcin\\kolejne g˘wno\\TVAnts\\Tvants.exe"="C:\\Documents and Settings\\Admin\\Moje dokumenty\\R˘ľne\\Marcin\\kolejne g˘wno\\TVAnts\\Tvants.exe:*:Enabled:TVAnts"
"C:\\Program Files\\Motorola\\RSD Lite\\SDL.exe"="C:\\Program Files\\Motorola\\RSD Lite\\SDL.exe:*:Enabled:SDL"
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:Enabled:BlueSoleil"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\\Program Files\\SSI\\Silent Hunter II\\Shell\\SH2.exe"="C:\\Program Files\\SSI\\Silent Hunter II\\Shell\\SH2.exe:*:Enabled:SH2"
"C:\\Program Files\\SopCast\\SopCast.exe"="C:\\Program Files\\SopCast\\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\\Documents and Settings\\Admin\\Pulpit\\CabalTemp\\ESTdnheadless.exe"="C:\\Documents and Settings\\Admin\\Pulpit\\CabalTemp\\ESTdnheadless.exe:*:Enabled:EST! download engine"
"D:\\Gry\\Soldat\\Soldat\\Soldat.exe"="D:\\Gry\\Soldat\\Soldat\\Soldat.exe:*:Enabled:Soldat"
"C:\\Program Files\\K-litePro\\k-litepro.exe"="C:\\Program Files\\K-litePro\\k-litepro.exe:*:Enabled:K-litePro Ultimate File Sharing"
"C:\\Program Files\\TrustyFiles\\TrustyFiles.exe"="C:\\Program Files\\TrustyFiles\\TrustyFiles.exe:*:Enabled:TrustyFiles"
"D:\\Gry\\CS\\Valve\\hl.exe"="D:\\Gry\\CS\\Valve\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Hamachi\\hamachi.exe"="C:\\Program Files\\Hamachi\\hamachi.exe:*:Enabled:Hamachi Client"
"D:\\Gry\\CS\\Valve\\hlds.exe"="D:\\Gry\\CS\\Valve\\hlds.exe:*:Enabled:HLDS Launcher"
"C:\\Program Files\\FlashGet\\FlashGet.exe"="C:\\Program Files\\FlashGet\\FlashGet.exe:*:Enabled:Flashget"
"C:\\Documents and Settings\\Admin\\Pulpit\\tbot\\Nowy folder\\server.exe"="C:\\Documents and Settings\\Admin\\Pulpit\\tbot\\Nowy folder\\server.exe:*:Enabled:server"
"E:\\bot\\server.exe"="E:\\bot\\server.exe:*:Enabled:server"
"E:\\Silkroad\\server.exe"="E:\\Silkroad\\server.exe:*:Enabled:server"
"E:\\Silkroad\\SilkErrSender.exe"="E:\\Silkroad\\SilkErrSender.exe:*:Disabled:FTPSender MFC ?? ????"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files:
---------------

File Backups: - C:\SDFIX\SDFix\backups\backups.zip

Files with Hidden Attributes:

Sat 8 Apr 2006 1,682 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Sat 8 Apr 2006 56 ..SHR --- "C:\WINDOWS\system32\1DEAF079D4.sys"
Sun 21 Oct 2007 1,024 A..H. --- "C:\System Volume Information\_restore{40573AFF-35AA-4577-BDD7-3F93435E2926}\RP90\A0114308.sys"
Sun 21 Oct 2007 2,306,464 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f9b62c523270737ca53e2e97cb6a72e8\BIT1C6.tmp"
Sun 21 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\aff5d7c797f1e254b0042756b4877f70\BIT1C7.tmp"
Fri 28 Jul 2006 337,320 A..H. --- "C:\Program Files\Common Files\Motorola Shared\MotPCSDrivers\difxapi.dll"
Sun 21 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2c439b144dbc54edc69ce3283d5b564a\download\BIT1CC.tmp"
Sun 21 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\1b4906af34b69bb3b3bff77c77c36269\download\BIT1CD.tmp"
Sun 21 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\8dbbbabcb76e285ba1fc36473ae27cab\download\BIT1CE.tmp"
Sun 21 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\7114ffd3cd4d468147fd5a2649585a08\download\BIT1CF.tmp"
Sun 21 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\becfb2439d7d5a97f7e2da7b1433c139\download\BIT1D3.tmp"
Sun 21 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b96fd0fc9127b63cb918ae445c185893\download\BIT2E7.tmp"
Sun 21 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\6f93bb347f2cb0c5a40d28e0a2271bd3\download\BIT338.tmp"
Sun 21 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\6adaf981e12b6d73d603b0b7cd1bd3b0\download\BIT370.tmp"
Sun 21 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\e7d103bf6120355e60a3a9eea016f02d\download\BIT371.tmp"
Sun 21 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b20bd6aa0e5b652fb8a3da0ecc98072c\download\BIT372.tmp"

Finished!

Combofix:

ComboFix 07-10-22.7 - Admin 2007-10-22 22:24:21.1 - FAT32x86
BˆĄd wej˜cia: Brak aparatu skrypt˘w dla plik˘w o rozszerzeniu ".vbs".
Running from: C:\Documents and Settings\Admin\Pulpit\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\Cfx32.lic
C:\WINDOWS\system32\cfx32.ocx
C:\WINDOWS\system32\components

.
((((((((((((((((((((((((( Files Created from 2007-09-22 to 2007-10-22 )))))))))))))))))))))))))))))))
.

2007-10-22 22:23 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-22 22:02 <DIR> d-------- C:\WINDOWS\ERUNT
2007-10-21 10:31 <DIR> d--hs---- C:\FOUND.000
2007-10-12 15:58 4,992 --a------ C:\WINDOWS\system32\drivers\loop.sys
2007-10-12 15:58 4,992 --a------ C:\WINDOWS\system32\dllcache\loop.sys
2007-10-08 15:49 <DIR> dr-h----- C:\Documents and Settings\Admin\Dane aplikacji\SecuROM
2007-10-06 14:33 <DIR> d-------- C:\Documents and Settings\Admin\Dane aplikacji\uTorrent
2007-10-06 14:25 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2007-10-05 15:27 <DIR> d-------- C:\Downloads
2007-10-05 15:18 <DIR> d-------- C:\Program Files\FlashGet

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-22 14:47 77,824 ----a-w C:\WINDOWS\system32\kdfapi.dll
2007-10-22 14:47 53,248 ----a-w C:\WINDOWS\system32\Kdfhok.dll
2007-10-22 14:47 362,312 ----a-w C:\WINDOWS\system32\kdfmgr.exe
2007-10-08 13:49 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-09-21 07:17 28,680 ----a-w C:\WINDOWS\system32\drivers\epfwtdir.sys
2007-09-21 07:15 33,288 ----a-w C:\WINDOWS\system32\drivers\eamon.sys
2007-09-21 07:15 25,096 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys
2007-09-15 15:12 --------- d-----w C:\Program Files\Binboy
2007-09-13 13:30 25,544 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2007-09-13 13:30 --------- d-----w C:\Program Files\Hamachi
2007-08-29 16:27 --------- d-----w C:\Documents and Settings\Admin\Dane aplikacji\Soldat
2007-07-30 17:19 92,504 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 17:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 17:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 17:19 549,720 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 17:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 17:19 53,080 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 17:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 17:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 17:19 325,976 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 17:19 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-07-30 17:19 207,736 ----a-w C:\WINDOWS\system32\muweb.dll
2007-07-30 17:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 17:19 203,096 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 17:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 17:19 1,712,984 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 17:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-07-30 17:18 33,624 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2007-07-26 23:06 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-07-26 23:06 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2006-04-08 08:26:38 1,682 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2006-04-08 08:26:38 56 --sh--r C:\WINDOWS\system32\1DEAF079D4.sys
2007-05-24 09:59:14 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\MSHist012007052420070525\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WOOWATCH"="C:\PROGRA~1\NEOSTR~1\Watch.exe" [2003-10-16 19:07]
"WOOTASKBARICON"="C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe" [2003-10-16 19:07]
"WooCnxMon"="C:\PROGRA~1\NEOSTR~1\CnxMon.exe" [2003-10-16 19:07]
"WheelMouse"="C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe" [2002-12-27 16:48]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 11:38]
"egui"="C:\Program Files\Eset\ESET NOD32 Antivirus\egui.exe" [2007-09-21 09:16]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-01 17:22]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 22:44]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Admin^Menu Start^Programy^Autostart^Adobe Gamma.lnk]
path=C:\Documents and Settings\Admin\Menu Start\Programy\Autostart\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Admin^Menu Start^Programy^Autostart^Sid Registration.lnk]
path=C:\Documents and Settings\Admin\Menu Start\Programy\Autostart\Sid Registration.lnk
backup=C:\WINDOWS\pss\Sid Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^BTTray.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\BTTray.lnk
backup=C:\WINDOWS\pss\BTTray.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!ewido]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AMENREGSBOLDGREY]
C:\Documents and Settings\All Users\Dane aplikacji\Ante new amen regs\Acid flag.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray]
"C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EdHTML]
C:\Program Files\Binboy\EdHTMLv5.0\EdHTML.exe /none

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget]
"C:\Program Files\FlashGet\FlashGet.exe" /min

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMEKRMIG6.1]
C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MailScanner]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MKS_VIR_2006]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Odkurzacz-MCD]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OPTIONRDR]
C:\DOCUME~1\Admin\DANEAP~1\CAMPBE~1\bird city user.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
"C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
D:\Gry\CS\Steam.exe -silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"EdHTML"=C:\Program Files\Binboy\EdHTMLv5.0\EdHTML.exe /none

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
AutoRun\command - G:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{489cb468-4a13-11db-aff9-000e501331b0}]
AutoRun\command - G:\Autorun.exe

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2007-10-19 17:08:40 C:\WINDOWS\Tasks\1-Click Maintenance.job"
.
**************************************************************************

catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-22 22:26:08
Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-22 22:26:42
.
--- E O F ---

Tamte wpisy usunelem tak jak mowiles ^^ (byly tylko 2 3 gdzies przepadl^^)

[Kuba1]

Te 2 pliki:

C:\WINDOWS\system32\ssldivx.dll
C:\WINDOWS\system32\libdivx.dll

Skanujesz na www.virustotal.com i wklejasz raporty.
Masz infekcje na Pen- Drive musisz sformatowac go, inaczej po każdym podłączeniu do komputera infekcja powroci.
Otwórz notatnik Windows-a i wklej w nim:

Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{489cb468-4a13-11db-aff9-000e501331b0}]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OPTIONRDR]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AMENREGSBOLDGREY]

Wykonaj te polecenia:

Usuwanie Adware LOP
Narzędzie 1 No Lop

Wyglad narzędzia:



Klikamy na Search and Destroy

Po pracy narzędzie utworzy log w lokalizacji C:\NoLop.log

Pokaż ten raport.

Sćiągnij ATF-cleaner
Wejdź w tryb awaryjny.
Zaznacz
>>History i wciśnij Empty Selected.

Wróć z logiem z Hijackthis, Silentrrunners oraz ComboFix.

[Chaber*]

W tych plikach C:/Windows... skaner nic nie znalazl. tym programem NoLop takze nic nie znalazlo wiec nie ma sensu wklejac logu. usunelem historie. tutaj logi:
HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:48:50, on 2007-10-27
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Eset\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Eset\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe
C:\PROGRA~1\NEOSTR~1\ComComp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\NEOSTR~1\Watch.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Admin\Pulpit\HiJackThis.exe

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [egui] "C:\Program Files\Eset\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &똠i퉓nij przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &똠i퉓nij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {112857FE-03FF-11D5-9A3F-0080C8D85044} (GameDesire Solitaires) - http://67.15.101.3/g_bin/pl/solitaire_2_0_0_24.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} (GameDesire Card Games) - http://67.15.101.3/g_bin/pl/cards_2_0_0_73.cab
O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (Ganymede Board Games) - http://67.15.101.3/g_bin/pl/boards_2_0_0_30.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/webplayer/stage6/windows/AutoDLDivXWebPlayerInstaller.cab
O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://67.15.101.3/g_bin/pl/poker_2_0_0_43.cab
O16 - DPF: {BFA1F11D-3121-AFE1-4112-894323212DAC} (GameDesire Word Games) - http://67.15.101.3/g_bin/pl/words_2_0_0_46.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E23FABEE-12E3-33DA-DA12-195DAC123984} (GameDesire Mahjong) - http://67.15.101.3/g_bin/pl/mahjong_2_0_0_24.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool Cool - http://67.15.101.3/g_bin/pl/billard8_2_0_0_34.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) - http://67.15.101.3/g_bin/pl/snooker_2_0_0_28.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{81B793EA-C6FE-4B09-AEE6-69A025DC0047}: NameServer = 194.204.159.1 217.98.63.164
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\Eset\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - Eset - C:\Program Files\Eset\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

--
End of file - 6329 bytes

SilentRunners:

"Silent Runners.vbs", revision 52, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"WOOWATCH" = "C:\PROGRA~1\NEOSTR~1\Watch.exe" ["France Telecom R&D"]
"WOOTASKBARICON" = "C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe" ["France Telecom R&D"]
"WooCnxMon" = "C:\PROGRA~1\NEOSTR~1\CnxMon.exe" [empty string]
"WheelMouse" = "C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe" ["A4Tech Co.,Ltd."]
"SpeedTouch USB Diagnostics" = ""C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon" ["THOMSON Telecom Belgium"]
"egui" = ""C:\Program Files\Eset\ESET NOD32 Antivirus\egui.exe" /hide /waitservice" ["Eset"]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}\(Default) = "flashget urlcatch"
-> {HKLM...CLSID} = "FGCatchUrl"
\InProcServer32\(Default) = "C:\Program Files\FlashGet\jccatch.dll" ["www.flashget.com"]
{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Megaupload Toolbar"
\InProcServer32\(Default) = "C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL" ["MEGAUPLOAD "]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll" ["Sun Microsystems, Inc."]
{F156768E-81EF-470C-9057-481BA8380DBA}\(Default) = (no title provided)
-> {HKLM...CLSID} = "FlashGet GetFlash Class"
\InProcServer32\(Default) = "C:\Program Files\FlashGet\getflash.dll" ["www.flashget.com"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = (no title provided)

(tylko tyle bo nadal wyskakuje ten blad)

Log z CodeFix:

ComboFix 07-10-26.4 - Admin 2007-10-27 17:58:01.2 - FAT32x86
Running from: C:\Documents and Settings\Admin\Pulpit\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2007-09-27 to 2007-10-27 )))))))))))))))))))))))))))))))
.

2007-10-27 17:21 106 --a------ C:\delete.bat
2007-10-23 18:27 <DIR> d-------- C:\Program Files\HyCam2
2007-10-22 22:23 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-22 22:02 <DIR> d-------- C:\WINDOWS\ERUNT
2007-10-12 15:58 4,992 --a------ C:\WINDOWS\system32\drivers\loop.sys
2007-10-12 15:58 4,992 --a------ C:\WINDOWS\system32\dllcache\loop.sys
2007-10-08 15:49 <DIR> dr-h----- C:\Documents and Settings\Admin\Dane aplikacji\SecuROM
2007-10-06 14:33 <DIR> d-------- C:\Documents and Settings\Admin\Dane aplikacji\uTorrent
2007-10-06 14:25 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2007-10-05 15:27 <DIR> d-------- C:\Downloads
2007-10-05 15:18 <DIR> d-------- C:\Program Files\FlashGet

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-27 10:57 77,824 ----a-w C:\WINDOWS\system32\kdfapi.dll
2007-10-27 10:57 53,248 ----a-w C:\WINDOWS\system32\Kdfhok.dll
2007-10-27 10:57 362,312 ----a-w C:\WINDOWS\system32\kdfmgr.exe
2007-10-08 13:49 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-09-26 18:04 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Eset
2007-09-21 07:17 28,680 ----a-w C:\WINDOWS\system32\drivers\epfwtdir.sys
2007-09-21 07:15 33,288 ----a-w C:\WINDOWS\system32\drivers\eamon.sys
2007-09-21 07:15 25,096 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys
2007-09-15 15:12 --------- d-----w C:\Program Files\Binboy
2007-09-13 13:30 25,544 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2007-09-13 13:30 --------- d-----w C:\Program Files\Hamachi
2007-08-29 16:27 --------- d-----w C:\Documents and Settings\Admin\Dane aplikacji\Soldat
2007-07-30 17:19 92,504 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 17:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 17:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 17:19 549,720 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 17:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 17:19 53,080 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 17:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 17:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 17:19 325,976 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 17:19 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-07-30 17:19 207,736 ----a-w C:\WINDOWS\system32\muweb.dll
2007-07-30 17:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 17:19 203,096 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 17:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 17:19 1,712,984 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 17:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-07-30 17:18 33,624 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2006-04-08 08:26:38 1,682 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2006-04-08 08:26:38 56 --sh--r C:\WINDOWS\system32\1DEAF079D4.sys
2007-05-24 09:59:14 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\MSHist012007052420070525\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WOOWATCH"="C:\PROGRA~1\NEOSTR~1\Watch.exe" [2003-10-16 19:07]
"WOOTASKBARICON"="C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe" [2003-10-16 19:07]
"WooCnxMon"="C:\PROGRA~1\NEOSTR~1\CnxMon.exe" [2003-10-16 19:07]
"WheelMouse"="C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe" [2002-12-27 16:48]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 11:38]
"egui"="C:\Program Files\Eset\ESET NOD32 Antivirus\egui.exe" [2007-09-21 09:16]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-01 17:22]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 22:44]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Admin^Menu Start^Programy^Autostart^Adobe Gamma.lnk]
path=C:\Documents and Settings\Admin\Menu Start\Programy\Autostart\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Admin^Menu Start^Programy^Autostart^Sid Registration.lnk]
path=C:\Documents and Settings\Admin\Menu Start\Programy\Autostart\Sid Registration.lnk
backup=C:\WINDOWS\pss\Sid Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^BTTray.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\BTTray.lnk
backup=C:\WINDOWS\pss\BTTray.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!ewido]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AMENREGSBOLDGREY]
C:\Documents and Settings\All Users\Dane aplikacji\Ante new amen regs\Acid flag.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray]
"C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EdHTML]
C:\Program Files\Binboy\EdHTMLv5.0\EdHTML.exe /none

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget]
"C:\Program Files\FlashGet\FlashGet.exe" /min

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMEKRMIG6.1]
C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MailScanner]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MKS_VIR_2006]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Odkurzacz-MCD]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OPTIONRDR]
C:\DOCUME~1\Admin\DANEAP~1\CAMPBE~1\bird city user.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
"C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
D:\Gry\CS\Steam.exe -silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"EdHTML"=C:\Program Files\Binboy\EdHTMLv5.0\EdHTML.exe /none

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
AutoRun\command - G:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{489cb468-4a13-11db-aff9-000e501331b0}]
AutoRun\command - G:\Autorun.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-10-26 16:10:24 C:\WINDOWS\Tasks\1-Click Maintenance.job"
.
**************************************************************************

catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-27 18:00:23
Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-27 18:01:19
.
--- E O F ---

Nadal sie zacina^^

PS. wytlumacz dokladniej oco chodzi z tym notatnikiem windowsa (i z tymi logami). czy tylko wkleic czy nazwac jakos ten plik?