rcwawa utworzono 8 czerwca 2007 utworzono 8 czerwca 2007 hey. mam problem po zainstalowaniu error safe (oczywiscie dalem sie zrobic w bambusa)mam same problemy IE uruchamimi sie samo ciagle jakie pliki .dll chca sie dodac do system32 robilem skanowania: avaste professional, spybote'em, spyware doctor (skanowalem nim na samym koncu ale znalazl 81 infekcji) oto log z hijacka moze znajdziecie tu jakies smici Logfile of HijackThis v1.99.1 Scan saved at 10:52:05, on 2007-06-08 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: D:WINDOWSsystem32winlogon.exe D:WINDOWSsystem32services.exe D:WINDOWSsystem32lsass.exe D:WINDOWSsystem32Ati2evxx.exe D:WINDOWSsystem32svchost.exe D:WINDOWSSystem32svchost.exe D:Program FilesAlwil SoftwareAvast4aswUpdSv.exe D:Program FilesAlwil SoftwareAvast4ashServ.exe D:WINDOWSsystem32spoolsv.exe D:Program FilesAlwil SoftwareAvast4ashMaiSv.exe D:Program FilesAlwil SoftwareAvast4ashWebSv.exe D:WINDOWSsystem32Ati2evxx.exe D:WINDOWSExplorer.EXE D:Program FilesAshampooAshampoo FireWallFireWall.exe D:PROGRA~1ALWILS~1Avast4ashDisp.exe D:Program FilesPhilipsSound Agent 2mc500cpl.exe D:Program FilesBillP StudiosWinPatrolwinpatrol.exe D:Program FilesTlen.pltlen.exe D:Program FilesSpybot - Search & DestroyTeaTimer.exe D:Program FilesSpyware Doctorswdsvc.exe D:Program FilesSpyware Doctorsvcntaux.exe D:Program FilesOperaOpera.exe D:Program FilesSpyware Doctorsdtrayapp.exe D:Program FilesSpyware Doctorswdoctor.exe D:Program FilesUsługi onlineHijackThis.exe R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page = www.onet.pl R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://www.winamp.com/player/lite.php R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll O2 - BHO: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - D:PROGRA~1MEGAUP~1MEGAUP~1.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:PROGRA~1SPYBOT~1SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:Program FilesJavajre1.6.0binssv.dll O3 - Toolbar: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - D:PROGRA~1MEGAUP~1MEGAUP~1.DLL O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - D:WINDOWSImageShackToolbarImageShackToolbar.dll O4 - HKLM..Run: [Ashampoo FireWall] "D:Program FilesAshampooAshampoo FireWallFireWall.exe" -TRAY O4 - HKLM..Run: [avast!] D:PROGRA~1ALWILS~1Avast4ashDisp.exe O4 - HKLM..Run: [QveCtl2Tray] D:Program FilesPhilipsSound Agent 2mc500cpl.exe O4 - HKLM..Run: [WinPatrol] D:Program FilesBillP StudiosWinPatrolwinpatrol.exe O4 - HKLM..Run: [sDTray] D:Program FilesSpyware DoctorSDTrayApp.exe O4 - HKCU..Run: [Komunikator] D:Program FilesTlen.pltlen.exe O4 - HKCU..Run: [spybotSD TeaTimer] D:Program FilesSpybot - Search & DestroyTeaTimer.exe O8 - Extra context menu item: &Clean Traces - D:Program FilesDAPPrivacy Packagedapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - D:Program FilesDAPdapextie.htm O8 - Extra context menu item: Download &all with DAP - D:Program FilesDAPdapextie2.htm O8 - Extra context menu item: Post Image to Blog - res://D:WINDOWSImageShackToolbarImageShackToolbar.dll/5003 O8 - Extra context menu item: Tag This Image - res://D:WINDOWSImageShackToolbarImageShackToolbar.dll/5002 O8 - Extra context menu item: Transload Image to ImageShack - res://D:WINDOWSImageShackToolbarImageShackToolbar.dll/5004 O8 - Extra context menu item: Upload All Images to ImageShack - res://D:WINDOWSImageShackToolbarImageShackToolbar.dll/5000 O8 - Extra context menu item: Upload Image to ImageShack - res://D:WINDOWSImageShackToolbarImageShackToolbar.dll/5001 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:Program FilesJavajre1.6.0binssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:Program FilesJavajre1.6.0binssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:Program FilesMessengermsmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:Program FilesMessengermsmsgs.exe (file missing) O10 - Unknown file in Winsock LSP: d:program filesashampooashampoo firewallspi.dll O10 - Unknown file in Winsock LSP: d:program filesashampooashampoo firewallspi.dll O10 - Unknown file in Winsock LSP: d:program filesashampooashampoo firewallspi.dll O10 - Unknown file in Winsock LSP: d:program filesashampooashampoo firewallspi.dll O10 - Unknown file in Winsock LSP: d:program filesashampooashampoo firewallspi.dll O10 - Unknown file in Winsock LSP: d:program filesashampooashampoo firewallspi.dll O15 - Trusted Zone: http://toolbar.imageshack.us O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) - http://toolbar.imageshack.us/toolbar/ImageShackToolbar.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:Program FilesAlwil SoftwareAvast4aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:WINDOWSsystem32Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - D:WINDOWSsystem32ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - D:Program FilesAlwil SoftwareAvast4ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - D:Program FilesAlwil SoftwareAvast4ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - D:Program FilesAlwil SoftwareAvast4ashWebSv.exe" /service (file missing) O23 - Service: Harmonogram automatycznej usługi LiveUpdate - Unknown owner - D:Program FilesSymantecLiveUpdateALUSchedulerSvc.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - D:Program FilesCyberLinkShared FilesRichVideo.exe O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - D:Program FilesSpyware Doctorsvcntaux.exe O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - D:Program FilesSpyware Doctorswdsvc.exe
CatchMe komentarz 8 czerwca 2007 komentarz 8 czerwca 2007 Log jest czysty. Wklej loga z Silent Runners i ComboFix.
rcwawa komentarz 9 czerwca 2007 Autor komentarz 9 czerwca 2007 log z silenta "Silent Runners.vbs", revision R50, http://www.silentrunners.org/Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCUSoftwareMicrosoftWindowsCurrentVersionRun {++} "Komunikator" = "D:Program FilesTlen.pltlen.exe" ["o2.pl Sp. z o.o."] "SpybotSD TeaTimer" = "D:Program FilesSpybot - Search & DestroyTeaTimer.exe" ["Safer Networking Limited"] HKLMSoftwareMicrosoftWindowsCurrentVersionRun {++} "avast!" = "D:PROGRA~1ALWILS~1Avast4ashDisp.exe" ["ALWIL Software"] "QveCtl2Tray" = "D:Program FilesPhilipsSound Agent 2mc500cpl.exe" ["QSound Labs, Inc."] "WinPatrol" = "D:Program FilesBillP StudiosWinPatrolwinpatrol.exe" ["BillP Studios"] "SDTray" = "D:Program FilesSpyware DoctorSDTrayApp.exe" ["PC Tools"] "Ashampoo FireWall" = ""D:Program FilesAshampooAshampoo FireWallFireWall.exe" -TRAY" [null data] HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM...CLSID} = "AcroIEHlprObj Class" InProcServer32(Default) = "D:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll" ["Adobe Systems Incorporated"] {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}(Default) = (no title provided) -> {HKLM...CLSID} = "MEGAUPLOADTOOLBAR" InProcServer32(Default) = "D:PROGRA~1MEGAUP~1MEGAUP~1.DLL" ["MegaUpload"] {53707962-6F74-2D53-2644-206D7942484F}(Default) = (no title provided) -> {HKLM...CLSID} = (no title provided) InProcServer32(Default) = "D:PROGRA~1SPYBOT~1SDHelper.dll" ["Safer Networking Limited"] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided) -> {HKLM...CLSID} = "SSVHelper Class" InProcServer32(Default) = "D:Program FilesJavajre1.6.0binssv.dll" ["Sun Microsystems, Inc."] HKLMSoftwareMicrosoftWindowsCurrentVersionShell ExtensionsApproved "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania" -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania" InProcServer32(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" InProcServer32(Default) = "D:WINDOWSsystem32hticons.dll" ["Hilgraeve, Inc."] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" InProcServer32(Default) = "D:Program FilesWinRARrarext.dll" [null data] "{472083B0-C522-11CF-8763-00608CC02F24}" = "avast" -> {HKLM...CLSID} = "avast" InProcServer32(Default) = "D:Program FilesAlwil SoftwareAvast4ashShell.dll" ["ALWIL Software"] "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" = "OpenOffice.org Column Handler" -> {HKLM...CLSID} = (no title provided) InProcServer32(Default) = ""D:Program FilesOpenOffice.org 2.2programshlxthdl.dll"" ["Sun Microsystems, Inc."] "{087B3AE3-E237-4467-B8DB-5A38AB959AC9}" = "OpenOffice.org Infotip Handler" -> {HKLM...CLSID} = (no title provided) InProcServer32(Default) = ""D:Program FilesOpenOffice.org 2.2programshlxthdl.dll"" ["Sun Microsystems, Inc."] "{63542C48-9552-494A-84F7-73AA6A7C99C1}" = "OpenOffice.org Property Sheet Handler" -> {HKLM...CLSID} = (no title provided) InProcServer32(Default) = ""D:Program FilesOpenOffice.org 2.2programshlxthdl.dll"" ["Sun Microsystems, Inc."] "{3B092F0C-7696-40E3-A80F-68D74DA84210}" = "OpenOffice.org Thumbnail Viewer" -> {HKLM...CLSID} = (no title provided) InProcServer32(Default) = ""D:Program FilesOpenOffice.org 2.2programshlxthdl.dll"" ["Sun Microsystems, Inc."] HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerShellExecuteHooks <<!>> "{8A61098D-612B-4EF2-943D-64E920684061}" = "*g" (unwritable string) -> {HKLM...CLSID} = (no title provided) InProcServer32(Default) = "D:WINDOWSsystem32wvuspop.dll" [file not found] HKLMSoftwareMicrosoftWindows NTCurrentVersionWinlogonNotify <<!>> AtiExtEventDLLName = "Ati2evxx.dll" ["ATI Technologies Inc."] HKLMSoftwareClassesFoldershellexColumnHandlers {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}(Default) = "OpenOffice.org Column Handler" -> {HKLM...CLSID} = (no title provided) InProcServer32(Default) = ""D:Program FilesOpenOffice.org 2.2programshlxthdl.dll"" ["Sun Microsystems, Inc."] {F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" InProcServer32(Default) = "D:Program FilesAdobeAcrobat 7.0ActiveXPDFShell.dll" ["Adobe Systems, Inc."] HKLMSoftwareClasses*shellexContextMenuHandlers avast(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}" -> {HKLM...CLSID} = "avast" InProcServer32(Default) = "D:Program FilesAlwil SoftwareAvast4ashShell.dll" ["ALWIL Software"] DAP_Menu(Default) = "{BED4C38B-F765-45AC-8C56-613F76BBF43E}" -> {HKLM...CLSID} = "DAPMenuShellExt Class" InProcServer32(Default) = "D:PROGRA~1DAPPRIVAC~1DAPCTX~1.DLL" ["Speedbit Ltd."] DAP_ShredMenu(Default) = "{BED4C38B-F765-45AC-8C56-613F76BBF43E}" -> {HKLM...CLSID} = "DAPMenuShellExt Class" InProcServer32(Default) = "D:PROGRA~1DAPPRIVAC~1DAPCTX~1.DLL" ["Speedbit Ltd."] WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" InProcServer32(Default) = "D:Program FilesWinRARrarext.dll" [null data] HKLMSoftwareClassesDirectoryshellexContextMenuHandlers DAP_ShredMenu(Default) = "{BED4C38B-F765-45AC-8C56-613F76BBF43E}" -> {HKLM...CLSID} = "DAPMenuShellExt Class" InProcServer32(Default) = "D:PROGRA~1DAPPRIVAC~1DAPCTX~1.DLL" ["Speedbit Ltd."] WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" InProcServer32(Default) = "D:Program FilesWinRARrarext.dll" [null data] HKLMSoftwareClassesFoldershellexContextMenuHandlers avast(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}" -> {HKLM...CLSID} = "avast" InProcServer32(Default) = "D:Program FilesAlwil SoftwareAvast4ashShell.dll" ["ALWIL Software"] WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" InProcServer32(Default) = "D:Program FilesWinRARrarext.dll" [null data] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer "NoSMMyDocs" = (REG_DWORD) hex:0x00000001 {User Configuration|Administrative Templates|Start Menu and Taskbar| Remove Documents menu from Start Menu} "NoRecentDocsMenu" = (REG_DWORD) hex:0x00000000 {unrecognized setting} "NoSMMyPictures" = (REG_DWORD) hex:0x00000001 {User Configuration|Administrative Templates|Start Menu and Taskbar| Remove My Pictures icon from Start Menu} "NoFind" = (REG_DWORD) hex:0x00000000 {unrecognized setting} "NoChangeStartMenu" = (REG_DWORD) hex:0x00000000 {unrecognized setting} "ClearRecentDocsOnExit" = (REG_DWORD) hex:0x00000000 {unrecognized setting} "NoRecentDocsHistory" = (REG_DWORD) hex:0x00000000 {unrecognized setting} "NoStartMenuMFUprogramsList" = (REG_DWORD) hex:0x00000001 {unrecognized setting} HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem "shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCUSoftwareMicrosoftInternet ExplorerDesktopGeneral "Wallpaper" = "D:WINDOWSsystem32configsystemprofileUstawienia lokalneDane aplikacjiMicrosoftWallpaper1.bmp" Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCUControl PanelDesktop "Wallpaper" = "D:Documents and SettingsMarcinUstawienia lokalneDane aplikacjiMicrosoftWallpaper1.bmp" Enabled Screen Saver: --------------------- HKCUControl PanelDesktop "SCRNSAVE.EXE" = "D:WINDOWSSystem32logon.scr" [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLMSystemCurrentControlSetServicesWinsock2ParametersNameSpace_Catalog5Catalog_E tries {++} 000000000001LibraryPath = "%SystemRoot%System32mswsock.dll" [MS] 000000000002LibraryPath = "%SystemRoot%System32winrnr.dll" [MS] 000000000003LibraryPath = "%SystemRoot%System32mswsock.dll" [MS] Transport Service Providers HKLMSystemCurrentControlSetServicesWinsock2ParametersProtocol_Catalog9Catalog_En ries {++} 0000000000##PackedCatalogItem (contains) DLL [Company Name], (at) ## range: D:Program FilesAshampooAshampoo FireWallspi.dll [null data], 01 - 05, 16 %SystemRoot%system32mswsock.dll [MS], 06 - 15, 17 - 19 %SystemRoot%system32rsvpsp.dll [MS], 20 - 21 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCUSoftwareMicrosoftInternet ExplorerToolbarWebBrowser "{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}" -> {HKLM...CLSID} = "MEGAUPLOADTOOLBAR" InProcServer32(Default) = "D:PROGRA~1MEGAUP~1MEGAUP~1.DLL" ["MegaUpload"] HKLMSoftwareMicrosoftInternet ExplorerToolbar "{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}" = (no title provided) -> {HKLM...CLSID} = "MEGAUPLOADTOOLBAR" InProcServer32(Default) = "D:PROGRA~1MEGAUP~1MEGAUP~1.DLL" ["MegaUpload"] "{6932D140-ABC4-4073-A44C-D4A541665E35}" = "ImageShack Toolbar" -> {HKLM...CLSID} = "ImageShack Toolbar" InProcServer32(Default) = "D:WINDOWSImageShackToolbarImageShackToolbar.dll" ["ImageShack Corp."] Extensions (Tools menu items, main toolbar menu buttons) HKLMSoftwareMicrosoftInternet ExplorerExtensions {08B0E5C0-4FCB-11CF-AAA5-00401C608501} "MenuText" = "Sun Java Console" "CLSIDExtension" = "{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" {FB5F1910-F110-11D2-BB9E-00C04F795683} "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "D:Program FilesMessengermsmsgs.exe" [file not found] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Ati HotKey Poller, Ati HotKey Poller, "D:WINDOWSsystem32Ati2evxx.exe" ["ATI Technologies Inc."] avast! Antivirus, avast! Antivirus, ""D:Program FilesAlwil SoftwareAvast4ashServ.exe"" ["ALWIL Software"] avast! iAVS4 Control Service, aswUpdSv, ""D:Program FilesAlwil SoftwareAvast4aswUpdSv.exe"" ["ALWIL Software"] avast! Mail Scanner, avast! Mail Scanner, ""D:Program FilesAlwil SoftwareAvast4ashMaiSv.exe" /service" ["ALWIL Software"] avast! Web Scanner, avast! Web Scanner, ""D:Program FilesAlwil SoftwareAvast4ashWebSv.exe" /service" ["ALWIL Software"] Cyberlink RichVideo Service(CRVS), RichVideo, ""D:Program FilesCyberLinkShared FilesRichVideo.exe"" [empty string] Spyware Doctor Auxiliary Service, sdAuxService, "D:Program FilesSpyware Doctorsvcntaux.exe" ["PC Tools"] Spyware Doctor Service, sdCoreService, "D:Program FilesSpyware Doctorswdsvc.exe" ["PC Tools"] Windows User Mode Driver Framework, UMWdf, "D:WINDOWSsystem32wdfmgr.exe" [MS] Print Monitors: --------------- HKLMSystemCurrentControlSetControlPrintMonitors SUGS2 LangmonDriver = "SUGS2LMK.DLL" ["Samsung Electronics."] ---------- <<!>>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 89 seconds. ---------- (total run time: 131 seconds) Log z ComboFix "Marcin" - 2007-06-09 8:39:45 Dodatek Service Pack 2 NTFS ComboFix 07-06-3B - Running from: "D:Documents and SettingsMarcin" ((((((((((((((((((((((((( Files Created from 2007-05-09 to 2007-06-09 ))))))))))))))))))))))))))))))) 2007-06-09 08:16 53,693 -ra------ D:WINDOWSUNDPX2K.sys 2007-06-09 08:16 15,429 -ra------ D:WINDOWSsystem32driversSacm2K.sys 2007-06-09 08:16 135,168 -ra------ D:WINDOWSUNDPX2K.exe 2007-06-09 08:16 <DIR> d-------- D:WINDOWSLastGood 2007-06-08 14:32 <DIR> d-------- D:DOCUME~1ElaDANEAP~1WinPatrol 2007-06-08 13:15 58,420 --a------ D:WINDOWSsystem32yvolydsb.dll 2007-06-08 10:43 83,536 --a------ D:WINDOWSsystem32driversiksyssec.sys 2007-06-08 10:43 626,688 --a------ D:WINDOWSsystem32msvcr80.dll 2007-06-08 10:43 59,984 --a------ D:WINDOWSsystem32driversiksysflt.sys 2007-06-08 10:43 52,304 --a------ D:WINDOWSsystem32driversikfilesec.sys 2007-06-08 10:43 39,248 --a------ D:WINDOWSsystem32driversikfileflt.sys 2007-06-08 10:43 26,064 --a------ D:WINDOWSsystem32driverskcom.sys 2007-06-08 10:43 <DIR> d-------- D:Program FilesSpyware Doctor 2007-06-08 10:43 <DIR> d-------- D:DOCUME~1MarcinDANEAP~1PC Tools 2007-06-07 22:32 58,420 --a------ D:WINDOWSsystem32kulypycf.dll 2007-06-07 21:32 55,316 --a------ D:WINDOWSsystem32vjikmrbu.dll 2007-06-06 21:31 55,316 --a------ D:WINDOWSsystem32lhtdvdcf.dll 2007-06-06 21:25 2,580 --a------ D:WINDOWSsystem32ujkrfvon.exe 2007-06-06 20:56 <DIR> d-------- D:DOCUME~1ALLUSE~1DANEAP~1Spybot - Search & Destroy 2007-06-06 20:48 <DIR> d-------- D:VundoFix Backups 2007-06-06 16:44 14,868 --a------ D:WINDOWSsystem32qjwakhbp.exe 2007-06-06 16:44 10,752 --a------ D:WINDOWSsystem32j5291437.dll 2007-06-06 16:32 6,656 --a------ D:DOCUME~1Marcinkeygen.exe 2007-06-06 16:32 35 --a------ D:DOCUME~1Marcinreadme.bat 2007-06-01 21:24 487,424 --a------ D:WINDOWSsystem32msvcp70.dll 2007-06-01 21:24 344,064 --a------ D:WINDOWSsystem32msvcr70.dll 2007-06-01 18:26 <DIR> d-------- D:WINDOWSsystem32NtmsData 2007-06-01 15:52 <DIR> d-------- D:Program FilesTweakNow PowerPack 2006 2007-06-01 15:52 <DIR> d-------- D:DOCUME~1MarcinDANEAP~1TweakNow PowerPack 2007-06-01 15:43 <DIR> d-------- D:Program FilesCommon Filesmapserv 2007-06-01 15:43 <DIR> d-------- D:Program FilesCommon FilesGIS 2007-06-01 15:40 <DIR> d-------- D:Program FilesMap & Travel Route Planner 2007 2007-06-01 15:28 <DIR> d-------- D:WINDOWSDownloaded Installations 2007-06-01 15:28 <DIR> d-------- D:Program FilesBillP Studios 2007-06-01 15:28 <DIR> d-------- D:DOCUME~1MarcinDANEAP~1WinPatrol 2007-06-01 15:27 <DIR> d-------- D:Program Filesrokitny 2007-06-01 14:47 520,192 --------- D:WINDOWSsystem32ati2sgag.exe 2007-05-27 17:52 <DIR> d-------- D:Program FilesActivision Value 2007-05-23 15:31 <DIR> d-------- D:Program FilesDAEMON Tools 2007-05-22 16:08 <DIR> d-------- D:Program FilesGta2 2007-05-21 20:52 <DIR> d-------- D:Program FilesRockstar Games 2007-05-21 17:12 40,960 --a------ D:WINDOWSsystem32FXDV1to2.dll 2007-05-21 17:12 368,912 --a------ D:WINDOWSsystem32vbar332.dll 2007-05-21 17:12 118,784 --a------ D:WINDOWSsystem32msstdfmt.dll 2007-05-21 15:21 <DIR> d-------- D:Program Filesdirectx 2007-05-20 19:35 <DIR> d-------- D:Program FilesGameSpy Arcade 2007-05-20 12:12 <DIR> d-------- D:DOCUME~1MarcinDANEAP~1CyberLink 2007-05-20 12:09 <DIR> d-------- D:DOCUME~1ALLUSE~1DANEAP~1CyberLink 2007-05-20 12:06 <DIR> d-------- D:Program FilesCyberLink 2007-05-20 09:06 <DIR> d-------- D:DOCUME~1ElaDANEAP~1OpenOffice.org2 2007-05-18 20:20 <DIR> d-------- D:Program FilesCommon FilesSkype 2007-05-17 20:11 <DIR> d-------- D:DOCUME~1ElaDANEAP~1MEGAUPLOADTOOLBAR 2007-05-17 17:07 <DIR> d-------- D:DOCUME~1ElaDANEAP~1Opera 2007-05-17 17:05 <DIR> d-------- D:DOCUME~1ElaDANEAP~1Skype 2007-05-17 14:34 81,768 --a------ D:WINDOWSsystem32xinput1_3.dll 2007-05-17 14:34 443,752 --a------ D:WINDOWSsystem32d3dx10_33.dll 2007-05-17 14:34 3,495,784 --a------ D:WINDOWSsystem32d3dx9_33.dll 2007-05-17 14:34 3,426,072 --a------ D:WINDOWSsystem32d3dx9_32.dll 2007-05-17 14:34 261,480 --a------ D:WINDOWSsystem32xactengine2_7.dll 2007-05-17 14:34 255,848 --a------ D:WINDOWSsystem32xactengine2_6.dll 2007-05-17 14:34 251,672 --a------ D:WINDOWSsystem32xactengine2_5.dll 2007-05-17 14:34 237,848 --a------ D:WINDOWSsystem32xactengine2_4.dll 2007-05-17 14:34 2,414,360 --a------ D:WINDOWSsystem32d3dx9_31.dll 2007-05-17 14:34 15,128 --a------ D:WINDOWSsystem32x3daudio1_1.dll 2007-05-17 14:34 1,123,696 --a------ D:WINDOWSsystem32D3DCompiler_33.dll 2007-05-17 14:33 <DIR> d--h----- D:WINDOWSmsdownld.tmp 2007-05-17 07:24 221,184 --a------ D:WINDOWSsystem32wmpns.dll 2007-05-17 07:24 1,310,720 --ah----- D:DOCUME~1ElaNTUSER.DAT 2007-05-17 07:24 <DIR> dr-h----- D:DOCUME~1ElaDane aplikacji 2007-05-17 07:24 <DIR> dr------- D:DOCUME~1ElaUlubione 2007-05-17 07:24 <DIR> dr------- D:DOCUME~1ElaMoje dokumenty 2007-05-17 07:24 <DIR> dr------- D:DOCUME~1ElaMenu Start 2007-05-17 07:24 <DIR> d--h----- D:DOCUME~1ElaUstawienia lokalne 2007-05-17 07:24 <DIR> d--h----- D:DOCUME~1ElaSzablony 2007-05-17 07:24 <DIR> d-------- D:DOCUME~1ElaPulpit 2007-05-13 11:32 <DIR> d--hs---- D:WINDOWSftpcache 2007-05-12 18:16 <DIR> d-------- D:Program FilesEa Sports 2007-05-10 17:56 <DIR> d-------- D:Program FilesOpenOffice.org 2.2 2007-05-09 18:21 6,656 --a------ D:WINDOWSsystem32WnASPI32.dll 2007-05-09 18:21 3,870,720 --a------ D:WINDOWSsystem32qt-mt323.dll 2007-05-09 18:21 <DIR> d-------- D:Program FilesParagon Software (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-06-08 08:52:05 -------- d-----w D:Program FilesUsługi online 2007-06-06 20:24:58 -------- d-----w D:DOCUME~1MarcinDANEAP~1OpenOffice.org2 2007-06-06 19:19:06 -------- d-----w D:DOCUME~1MarcinDANEAP~1Skype 2007-06-06 14:00:40 -------- d-----w D:DOCUME~1MarcinDANEAP~1Tlen.pl 2007-06-01 19:23:59 -------- d--h--w D:Program FilesInstallShield Installation Information 2007-05-21 14:39:28 -------- d-----w D:Program FilesOpera 2007-05-20 17:33:12 -------- d-----w D:Program FilesCodemasters 2007-05-18 18:20:42 -------- d-----w D:Program FilesSkype 2007-05-16 19:13:24 -------- d-----w D:Program FilesDAP 2007-05-15 18:47:01 -------- d-----w D:Program FilesLavasoft 2007-05-10 17:37:08 -------- d-----w D:Program FilesTlen.pl 2007-05-10 16:43:32 -------- d-----w D:Program FileseMule 2007-05-10 16:05:35 -------- d-----w D:Program FilesAOL Security Toolbar 2007-05-10 15:56:05 -------- d-----w D:Program FilesOpenOffice.org 2.1 2007-05-06 10:38:03 -------- d-----w D:Program FilesMarBit 2007-05-01 18:31:42 74,786 ----a-w D:WINDOWSsystem32perfc015.dat 2007-05-01 18:31:42 449,026 ----a-w D:WINDOWSsystem32perfh015.dat 2007-05-01 18:24:57 -------- d-----w D:Program FilesPhilips 2007-05-01 17:30:03 -------- d-----w D:Program FilesPivot Stickfigure Animator 2007-05-01 13:06:48 -------- d-----w D:Program FilesAlwil Software 2007-05-01 11:56:06 -------- d-----w D:Program FilesSymantec 2007-05-01 11:56:06 -------- d-----w D:Program FilesCommon FilesSymantec Shared 2007-04-30 20:27:47 -------- d-----w D:Program FilesF1 2006 2007-04-30 15:46:10 745,600 ----a-w D:WINDOWSsystem32aswBoot.exe 2007-04-30 15:41:55 85,952 ----a-w D:WINDOWSsystem32driversaswmon.sys 2007-04-30 15:41:42 94,552 ----a-w D:WINDOWSsystem32driversaswmon2.sys 2007-04-30 15:39:41 23,416 ----a-w D:WINDOWSsystem32driversaswRdr.sys 2007-04-30 15:38:51 43,176 ----a-w D:WINDOWSsystem32driversaswTdi.sys 2007-04-30 15:37:23 26,888 ----a-w D:WINDOWSsystem32driversaavmker4.sys 2007-04-30 15:35:28 95,872 ----a-w D:WINDOWSsystem32AvastSS.scr 2007-04-29 21:47:19 -------- d-----w D:Program FilesJAP 2007-04-25 17:42:15 -------- d-----w D:Program FilesAtari 2007-04-25 17:37:50 -------- d--h--r D:DOCUME~1MarcinDANEAP~1SecuROM 2007-04-25 17:37:49 108,144 ----a-w D:WINDOWSsystem32CmdLineExt.dll 2007-04-25 17:09:13 682,232 ----a-w D:WINDOWSsystem32driverssptd.sys 2007-04-20 17:08:39 21,840 ----atw D:WINDOWSsystem32SIntfNT.dll 2007-04-20 17:08:39 17,212 ----atw D:WINDOWSsystem32SIntf32.dll 2007-04-20 17:08:39 12,067 ----atw D:WINDOWSsystem32SIntf16.dll 2007-04-20 16:58:02 -------- d-----w D:Program FilesHard Truck 2007-04-18 16:14:32 2,854,400 ----a-w D:WINDOWSsystem32msi.dll 2007-04-18 05:04:39 -------- d-----w D:Program FilesPamela 2007-04-18 05:04:39 -------- d-----w D:DOCUME~1MarcinDANEAP~1Pamela 2007-04-17 14:14:12 -------- d-----w D:DOCUME~1MarcinDANEAP~1Lavasoft 2007-04-17 14:13:49 -------- d-----w D:Program FilesCommon FilesWise Installation Wizard 2007-04-14 09:08:11 -------- d-----w D:DOCUME~1MarcinDANEAP~1MegauploadToolbar 2007-04-14 08:41:59 -------- d-----w D:Program FilesMegauploadToolbar 2007-04-12 18:46:13 -------- d-----w D:DOCUME~1MarcinDANEAP~1AdobeUM 2007-04-10 19:47:16 -------- d-----w D:Program FilesCommon FilesOnet.pl 2007-04-10 19:43:40 -------- d-----w D:DOCUME~1MarcinDANEAP~1MozillaControl 2007-04-10 19:43:14 -------- d-----w D:DOCUME~1MarcinDANEAP~1Onet 2007-04-10 19:43:05 -------- d-----w D:DOCUME~1MarcinDANEAP~1Listonosz 2007-04-10 19:43:05 -------- d-----w D:DOCUME~1MarcinDANEAP~1AutoUpdate 2007-04-10 19:42:58 -------- d-----w D:Program FilesOnet 2007-04-09 15:58:54 -------- d-----w D:DOCUME~1MarcinDANEAP~1Opera 2007-04-09 15:31:12 -------- d-----w D:Program FilesCommon FilesReal 2007-04-09 15:31:09 -------- d-----w D:DOCUME~1MarcinDANEAP~1Hamachi 2007-04-09 15:30:55 -------- d-----w D:Program FilesATI Technologies 2007-04-09 15:30:18 -------- d-----w D:Program FilesCarReplacer 2007-04-03 10:03:29 1,289 ----a-w D:WINDOWSmozver.dat 2007-03-17 13:45:36 293,376 ----a-w D:WINDOWSsystem32winsrv.dll 2007-03-15 10:00:36 466,432 ----a-w D:WINDOWSsystem32SkanerOnline.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=D:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll [2005-09-24 07:12] {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}=D:PROGRA~1MEGAUP~1MEGAUP~1.DLL [2006-10-31 08:55] {53707962-6F74-2D53-2644-206D7942484F}=D:PROGRA~1SPYBOT~1SDHelper.dll [2005-05-31 01:04] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=D:Program FilesJavajre1.6.0binssv.dll [2007-05-10 17:53] [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] "avast!"="D:PROGRA~1ALWILS~1Avast4ashDisp.exe" [2007-04-30 17:42] "QveCtl2Tray"="D:Program FilesPhilipsSound Agent 2mc500cpl.exe" [2003-09-20 11:41] "WinPatrol"="D:Program FilesBillP StudiosWinPatrolwinpatrol.exe" [2007-04-03 13:54] "SDTray"="D:Program FilesSpyware DoctorSDTrayApp.exe" [2007-06-08 10:44] "Ashampoo FireWall"="D:Program FilesAshampooAshampoo FireWallFireWall.exe" [2007-04-05 14:57] [HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun] "Komunikator"="D:Program FilesTlen.pltlen.exe" [2006-10-02 11:30] "SpybotSD TeaTimer"="D:Program FilesSpybot - Search & DestroyTeaTimer.exe" [2005-05-31 01:04] [HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer] "NoSMMyDocs"=1 (0x1) "NoRecentDocsMenu"=0 (0x0) "NoSMMyPictures"=1 (0x1) "NoChangeStartMenu"=0 (0x0) "ClearRecentDocsOnExit"=0 (0x0) "NoRecentDocsHistory"=0 (0x0) "MaxRecentDocs"=11 (0xb) "NoStartMenuMFUprogramsList"=1 (0x1) [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellExecuteHoo s] "{8A61098D-612B-4EF2-943D-64E920684061}"="D:WINDOWSsystem32wvuspop.dll" [] [HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsafebootminimalsdauxservice] [HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsafebootminimalsdcoreservice] [HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionrun-] "Skype"="D:Program FilesSkypePhoneSkype.exe" /nosplash /minimized HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionsvchost *netsvcs* [HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{ea0 8a43-5bea-11d9-a05d-806d6172696f}] AutoRuncommand- E:setup.exe ************************************************************************** catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-06-09 08:44:32 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINEsystemControlSet003ServicesH a r m o n o g r a m a u t o m a t y c z n e j u s Bu g i L i v e U p d a t e ] "ImagePath"=""D:Program FilesSymantecLiveUpdateALUSchedulerSvc.exe"" [HKEY_LOCAL_MACHINEsystemControlSet003Serviceshelpsvc] "ServiceDll"="%WINDIR%PCHealthHelpCtrBinariespchsvc.dll" [HKEY_LOCAL_MACHINEsystemControlSet003ServicesHidServ] "ServiceDll"="%SystemRoot%System32hidserv.dll" [HKEY_LOCAL_MACHINEsystemControlSet003Serviceshidusb] "ImagePath"="system32DRIVERShidusb.sys" [HKEY_LOCAL_MACHINEsystemControlSet003Serviceshpn] [HKEY_LOCAL_MACHINEsystemControlSet003ServicesHTTP] "ImagePath"="System32DriversHTTP.sys" [HKEY_LOCAL_MACHINEsystemControlSet003ServicesHTTPFilter] "ServiceDll"="%SystemRoot%System32w3ssl.dll" Completion time: 2007-06-09 8:45:29 --- E O F ---
CatchMe komentarz 9 czerwca 2007 komentarz 9 czerwca 2007 Widzę, że usuwałeś Vundo automatem. Ale w logu jest od cholery jeszcze tego... więc usuwamy. 1. Ściągnij: WWDC - Zmień wszystkie opcje z disable na enable i uruchom ponownie komputer. - Prawidłowy układ portów przedstawia zdjęcie: http://www.firewallleaktester.com/images_site/wwdc.jpg * NetBIOS może być żółty. Pobierz i uruchom narzędzie : The Avenger Zaznacz opcję Input script manually i kliknij na Lupkę z prawej strony. W okienku, które się otworzy wklejasz: Files to delete:D:WINDOWSsystem32yvolydsb.dll D:WINDOWSsystem32kulypycf.dll D:WINDOWSsystem32vjikmrbu.dll D:WINDOWSsystem32lhtdvdcf.dll D:WINDOWSsystem32ujkrfvon.exe D:WINDOWSsystem32qjwakhbp.exe D:WINDOWSsystem32j5291437.dll D:DOCUME~1Marcinkeygen.exe D:DOCUME~1Marcinreadme.bat registry values to delete: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellExecuteHook | {8A61098D-612B-4EF2-943D-64E920684061} Klikasz Done, a następnie zielone światełko i zgadzasz się na restart klikając OK. Kasujesz ręcznie z dysku plik: C:Avengerbackup.zip i wklejasz na forum raport: C:avenger.txt + log z HijackThis + log z Silent Runners + log z ComboFix
rcwawa komentarz 9 czerwca 2007 Autor komentarz 9 czerwca 2007 oki skasowalem raport z avengera Logfile of The Avenger version 1, by Swandog46Running from registry key: RegistryMachineSystemCurrentControlSetServicesajvdgwfd ******************* Script file located at: ??D:Program Filesafgximum.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at D:Avenger ******************* Beginning to process script file: Registry value HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellExecuteHook |{8A61098D-612B-4EF2-943D-64E920684061} deleted successfully. Completed script processing. ******************* Finished! Terminate. Log z Hijacka Logfile of HijackThis v1.99.1Scan saved at 09:50:16, on 2007-06-09 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: D:WINDOWSSystem32smss.exe D:WINDOWSsystem32csrss.exe D:WINDOWSsystem32winlogon.exe D:WINDOWSsystem32services.exe D:WINDOWSsystem32lsass.exe D:WINDOWSsystem32Ati2evxx.exe D:WINDOWSsystem32svchost.exe D:WINDOWSsystem32svchost.exe D:WINDOWSSystem32svchost.exe D:WINDOWSsystem32svchost.exe D:WINDOWSsystem32svchost.exe D:Program FilesAlwil SoftwareAvast4aswUpdSv.exe D:Program FilesAlwil SoftwareAvast4ashServ.exe D:WINDOWSsystem32spoolsv.exe D:Program FilesLavasoftAd-Aware 2007aawservice.exe D:Program FilesCyberLinkShared FilesRichVideo.exe D:WINDOWSsystem32Ati2evxx.exe D:WINDOWSExplorer.EXE D:Program FilesSpyware Doctorsvcntaux.exe D:PROGRA~1ALWILS~1Avast4ashDisp.exe D:Program FilesPhilipsSound Agent 2mc500cpl.exe D:Program FilesBillP StudiosWinPatrolwinpatrol.exe D:Program FilesSpyware DoctorSDTrayApp.exe D:Program FilesAshampooAshampoo FireWallFireWall.exe D:Program FilesSpyware Doctorswdsvc.exe D:Program FilesTlen.pltlen.exe D:Program FilesSpybot - Search & DestroyTeaTimer.exe D:WINDOWSsystem32wdfmgr.exe D:Program FilesAlwil SoftwareAvast4ashMaiSv.exe D:Program FilesAlwil SoftwareAvast4ashWebSv.exe D:WINDOWSsystem32wbemwmiprvse.exe D:WINDOWSsystem32wuauclt.exe D:WINDOWSsystem32wscntfy.exe D:Program FilesOperaOpera.exe D:Documents and SettingsMarcinPulpitHijackThis.exe R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page = www.onet.pl R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://www.winamp.com/player/lite.php R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll O2 - BHO: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - D:PROGRA~1MEGAUP~1MEGAUP~1.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:PROGRA~1SPYBOT~1SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:Program FilesJavajre1.6.0binssv.dll O3 - Toolbar: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - D:PROGRA~1MEGAUP~1MEGAUP~1.DLL O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - D:WINDOWSImageShackToolbarImageShackToolbar.dll O4 - HKLM..Run: [avast!] D:PROGRA~1ALWILS~1Avast4ashDisp.exe O4 - HKLM..Run: [QveCtl2Tray] D:Program FilesPhilipsSound Agent 2mc500cpl.exe O4 - HKLM..Run: [WinPatrol] D:Program FilesBillP StudiosWinPatrolwinpatrol.exe O4 - HKLM..Run: [sDTray] D:Program FilesSpyware DoctorSDTrayApp.exe O4 - HKLM..Run: [Ashampoo FireWall] "D:Program FilesAshampooAshampoo FireWallFireWall.exe" -TRAY O4 - HKCU..Run: [Komunikator] D:Program FilesTlen.pltlen.exe O4 - HKCU..Run: [spybotSD TeaTimer] D:Program FilesSpybot - Search & DestroyTeaTimer.exe O8 - Extra context menu item: &Clean Traces - D:Program FilesDAPPrivacy Packagedapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - D:Program FilesDAPdapextie.htm O8 - Extra context menu item: Download &all with DAP - D:Program FilesDAPdapextie2.htm O8 - Extra context menu item: Post Image to Blog - res://D:WINDOWSImageShackToolbarImageShackToolbar.dll/5003 O8 - Extra context menu item: Tag This Image - res://D:WINDOWSImageShackToolbarImageShackToolbar.dll/5002 O8 - Extra context menu item: Transload Image to ImageShack - res://D:WINDOWSImageShackToolbarImageShackToolbar.dll/5004 O8 - Extra context menu item: Upload All Images to ImageShack - res://D:WINDOWSImageShackToolbarImageShackToolbar.dll/5000 O8 - Extra context menu item: Upload Image to ImageShack - res://D:WINDOWSImageShackToolbarImageShackToolbar.dll/5001 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:Program FilesJavajre1.6.0binssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:Program FilesJavajre1.6.0binssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:Program FilesMessengermsmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:Program FilesMessengermsmsgs.exe (file missing) O10 - Unknown file in Winsock LSP: d:program filesashampooashampoo firewallspi.dll O10 - Unknown file in Winsock LSP: d:program filesashampooashampoo firewallspi.dll O10 - Unknown file in Winsock LSP: d:program filesashampooashampoo firewallspi.dll O10 - Unknown file in Winsock LSP: d:program filesashampooashampoo firewallspi.dll O10 - Unknown file in Winsock LSP: d:program filesashampooashampoo firewallspi.dll O10 - Unknown file in Winsock LSP: d:program filesashampooashampoo firewallspi.dll O15 - Trusted Zone: http://toolbar.imageshack.us O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) - http://toolbar.imageshack.us/toolbar/ImageShackToolbar.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL O20 - Winlogon Notify: wingdm32 - D:WINDOWS O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:Program FilesLavasoftAd-Aware 2007aawservice.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:Program FilesAlwil SoftwareAvast4aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:WINDOWSsystem32Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - D:WINDOWSsystem32ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - D:Program FilesAlwil SoftwareAvast4ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - D:Program FilesAlwil SoftwareAvast4ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - D:Program FilesAlwil SoftwareAvast4ashWebSv.exe" /service (file missing) O23 - Service: Harmonogram automatycznej usługi LiveUpdate - Unknown owner - D:Program FilesSymantecLiveUpdateALUSchedulerSvc.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - D:Program FilesCyberLinkShared FilesRichVideo.exe O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - D:Program FilesSpyware Doctorsvcntaux.exe O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - D:Program FilesSpyware Doctorswdsvc.exe Log z Silent Runners "Silent Runners.vbs", revision R50, http://www.silentrunners.org/Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCUSoftwareMicrosoftWindowsCurrentVersionRun {++} "Komunikator" = "D:Program FilesTlen.pltlen.exe" ["o2.pl Sp. z o.o."] "SpybotSD TeaTimer" = "D:Program FilesSpybot - Search & DestroyTeaTimer.exe" ["Safer Networking Limited"] HKLMSoftwareMicrosoftWindowsCurrentVersionRun {++} "avast!" = "D:PROGRA~1ALWILS~1Avast4ashDisp.exe" ["ALWIL Software"] "QveCtl2Tray" = "D:Program FilesPhilipsSound Agent 2mc500cpl.exe" ["QSound Labs, Inc."] "WinPatrol" = "D:Program FilesBillP StudiosWinPatrolwinpatrol.exe" ["BillP Studios"] "SDTray" = "D:Program FilesSpyware DoctorSDTrayApp.exe" ["PC Tools"] "Ashampoo FireWall" = ""D:Program FilesAshampooAshampoo FireWallFireWall.exe" -TRAY" [null data] HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM...CLSID} = "AcroIEHlprObj Class" InProcServer32(Default) = "D:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll" ["Adobe Systems Incorporated"] {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}(Default) = (no title provided) -> {HKLM...CLSID} = "MEGAUPLOADTOOLBAR" InProcServer32(Default) = "D:PROGRA~1MEGAUP~1MEGAUP~1.DLL" ["MegaUpload"] {53707962-6F74-2D53-2644-206D7942484F}(Default) = (no title provided) -> {HKLM...CLSID} = (no title provided) InProcServer32(Default) = "D:PROGRA~1SPYBOT~1SDHelper.dll" ["Safer Networking Limited"] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided) -> {HKLM...CLSID} = "SSVHelper Class" InProcServer32(Default) = "D:Program FilesJavajre1.6.0binssv.dll" ["Sun Microsystems, Inc."] HKLMSoftwareMicrosoftWindowsCurrentVersionShell ExtensionsApproved "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania" -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania" InProcServer32(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" InProcServer32(Default) = "D:WINDOWSsystem32hticons.dll" ["Hilgraeve, Inc."] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" InProcServer32(Default) = "D:Program FilesWinRARrarext.dll" [null data] "{472083B0-C522-11CF-8763-00608CC02F24}" = "avast" -> {HKLM...CLSID} = "avast" InProcServer32(Default) = "D:Program FilesAlwil SoftwareAvast4ashShell.dll" ["ALWIL Software"] "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" = "OpenOffice.org Column Handler" -> {HKLM...CLSID} = (no title provided) InProcServer32(Default) = ""D:Program FilesOpenOffice.org 2.2programshlxthdl.dll"" ["Sun Microsystems, Inc."] "{087B3AE3-E237-4467-B8DB-5A38AB959AC9}" = "OpenOffice.org Infotip Handler" -> {HKLM...CLSID} = (no title provided) InProcServer32(Default) = ""D:Program FilesOpenOffice.org 2.2programshlxthdl.dll"" ["Sun Microsystems, Inc."] "{63542C48-9552-494A-84F7-73AA6A7C99C1}" = "OpenOffice.org Property Sheet Handler" -> {HKLM...CLSID} = (no title provided) InProcServer32(Default) = ""D:Program FilesOpenOffice.org 2.2programshlxthdl.dll"" ["Sun Microsystems, Inc."] "{3B092F0C-7696-40E3-A80F-68D74DA84210}" = "OpenOffice.org Thumbnail Viewer" -> {HKLM...CLSID} = (no title provided) InProcServer32(Default) = ""D:Program FilesOpenOffice.org 2.2programshlxthdl.dll"" ["Sun Microsystems, Inc."] HKLMSystemCurrentControlSetControlSession Manager <<!>> "BootExecute" = "autocheck autochk *"|"lsdelete" [null data] HKLMSoftwareMicrosoftWindows NTCurrentVersionWinlogonNotify <<!>> AtiExtEventDLLName = "Ati2evxx.dll" ["ATI Technologies Inc."] HKLMSoftwareClassesFoldershellexColumnHandlers {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}(Default) = "OpenOffice.org Column Handler" -> {HKLM...CLSID} = (no title provided) InProcServer32(Default) = ""D:Program FilesOpenOffice.org 2.2programshlxthdl.dll"" ["Sun Microsystems, Inc."] {F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" InProcServer32(Default) = "D:Program FilesAdobeAcrobat 7.0ActiveXPDFShell.dll" ["Adobe Systems, Inc."] HKLMSoftwareClasses*shellexContextMenuHandlers avast(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}" -> {HKLM...CLSID} = "avast" InProcServer32(Default) = "D:Program FilesAlwil SoftwareAvast4ashShell.dll" ["ALWIL Software"] DAP_Menu(Default) = "{BED4C38B-F765-45AC-8C56-613F76BBF43E}" -> {HKLM...CLSID} = "DAPMenuShellExt Class" InProcServer32(Default) = "D:PROGRA~1DAPPRIVAC~1DAPCTX~1.DLL" ["Speedbit Ltd."] DAP_ShredMenu(Default) = "{BED4C38B-F765-45AC-8C56-613F76BBF43E}" -> {HKLM...CLSID} = "DAPMenuShellExt Class" InProcServer32(Default) = "D:PROGRA~1DAPPRIVAC~1DAPCTX~1.DLL" ["Speedbit Ltd."] WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" InProcServer32(Default) = "D:Program FilesWinRARrarext.dll" [null data] HKLMSoftwareClassesDirectoryshellexContextMenuHandlers DAP_ShredMenu(Default) = "{BED4C38B-F765-45AC-8C56-613F76BBF43E}" -> {HKLM...CLSID} = "DAPMenuShellExt Class" InProcServer32(Default) = "D:PROGRA~1DAPPRIVAC~1DAPCTX~1.DLL" ["Speedbit Ltd."] WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" InProcServer32(Default) = "D:Program FilesWinRARrarext.dll" [null data] HKLMSoftwareClassesFoldershellexContextMenuHandlers avast(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}" -> {HKLM...CLSID} = "avast" InProcServer32(Default) = "D:Program FilesAlwil SoftwareAvast4ashShell.dll" ["ALWIL Software"] WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" InProcServer32(Default) = "D:Program FilesWinRARrarext.dll" [null data] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer "NoSMMyDocs" = (REG_DWORD) hex:0x00000001 {User Configuration|Administrative Templates|Start Menu and Taskbar| Remove Documents menu from Start Menu} "NoRecentDocsMenu" = (REG_DWORD) hex:0x00000000 {unrecognized setting} "NoSMMyPictures" = (REG_DWORD) hex:0x00000001 {User Configuration|Administrative Templates|Start Menu and Taskbar| Remove My Pictures icon from Start Menu} "NoChangeStartMenu" = (REG_DWORD) hex:0x00000000 {unrecognized setting} "ClearRecentDocsOnExit" = (REG_DWORD) hex:0x00000000 {unrecognized setting} "NoRecentDocsHistory" = (REG_DWORD) hex:0x00000000 {unrecognized setting} "NoStartMenuMFUprogramsList" = (REG_DWORD) hex:0x00000001 {unrecognized setting} HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem "shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCUSoftwareMicrosoftInternet ExplorerDesktopGeneral "Wallpaper" = "D:WINDOWSsystem32configsystemprofileUstawienia lokalneDane aplikacjiMicrosoftWallpaper1.bmp" Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCUControl PanelDesktop "Wallpaper" = "D:Documents and SettingsMarcinUstawienia lokalneDane aplikacjiMicrosoftWallpaper1.bmp" Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLMSystemCurrentControlSetServicesWinsock2ParametersNameSpace_Catalog5Catalog_E tries {++} 000000000001LibraryPath = "%SystemRoot%System32mswsock.dll" [MS] 000000000002LibraryPath = "%SystemRoot%System32winrnr.dll" [MS] 000000000003LibraryPath = "%SystemRoot%System32mswsock.dll" [MS] Transport Service Providers HKLMSystemCurrentControlSetServicesWinsock2ParametersProtocol_Catalog9Catalog_En ries {++} 0000000000##PackedCatalogItem (contains) DLL [Company Name], (at) ## range: D:Program FilesAshampooAshampoo FireWallspi.dll [null data], 01 - 05, 16 %SystemRoot%system32mswsock.dll [MS], 06 - 15, 17 - 19 %SystemRoot%system32rsvpsp.dll [MS], 20 - 21 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCUSoftwareMicrosoftInternet ExplorerToolbarWebBrowser "{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}" -> {HKLM...CLSID} = "MEGAUPLOADTOOLBAR" InProcServer32(Default) = "D:PROGRA~1MEGAUP~1MEGAUP~1.DLL" ["MegaUpload"] HKLMSoftwareMicrosoftInternet ExplorerToolbar "{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}" = (no title provided) -> {HKLM...CLSID} = "MEGAUPLOADTOOLBAR" InProcServer32(Default) = "D:PROGRA~1MEGAUP~1MEGAUP~1.DLL" ["MegaUpload"] "{6932D140-ABC4-4073-A44C-D4A541665E35}" = "ImageShack Toolbar" -> {HKLM...CLSID} = "ImageShack Toolbar" InProcServer32(Default) = "D:WINDOWSImageShackToolbarImageShackToolbar.dll" ["ImageShack Corp."] Extensions (Tools menu items, main toolbar menu buttons) HKLMSoftwareMicrosoftInternet ExplorerExtensions {08B0E5C0-4FCB-11CF-AAA5-00401C608501} "MenuText" = "Sun Java Console" "CLSIDExtension" = "{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" {FB5F1910-F110-11D2-BB9E-00C04F795683} "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "D:Program FilesMessengermsmsgs.exe" [file not found] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Ad-Aware 2007 Service, aawservice, ""D:Program FilesLavasoftAd-Aware 2007aawservice.exe"" ["Lavasoft AB"] Ati HotKey Poller, Ati HotKey Poller, "D:WINDOWSsystem32Ati2evxx.exe" ["ATI Technologies Inc."] avast! Antivirus, avast! Antivirus, ""D:Program FilesAlwil SoftwareAvast4ashServ.exe"" ["ALWIL Software"] avast! iAVS4 Control Service, aswUpdSv, ""D:Program FilesAlwil SoftwareAvast4aswUpdSv.exe"" ["ALWIL Software"] avast! Mail Scanner, avast! Mail Scanner, ""D:Program FilesAlwil SoftwareAvast4ashMaiSv.exe" /service" ["ALWIL Software"] avast! Web Scanner, avast! Web Scanner, ""D:Program FilesAlwil SoftwareAvast4ashWebSv.exe" /service" ["ALWIL Software"] Cyberlink RichVideo Service(CRVS), RichVideo, ""D:Program FilesCyberLinkShared FilesRichVideo.exe"" [empty string] Spyware Doctor Auxiliary Service, sdAuxService, "D:Program FilesSpyware Doctorsvcntaux.exe" ["PC Tools"] Spyware Doctor Service, sdCoreService, "D:Program FilesSpyware Doctorswdsvc.exe" ["PC Tools"] Windows User Mode Driver Framework, UMWdf, "D:WINDOWSsystem32wdfmgr.exe" [MS] Print Monitors: --------------- HKLMSystemCurrentControlSetControlPrintMonitors SUGS2 LangmonDriver = "SUGS2LMK.DLL" ["Samsung Electronics."] ---------- <<!>>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 84 seconds. ---------- (total run time: 130 seconds) Log z ComboFix "Marcin" - 2007-06-09 9:54:29 Dodatek Service Pack 2 NTFS ComboFix 07-06-3B - Running from: "D:Documents and SettingsMarcinPulpitpobrane" ((((((((((((((((((((((((( Files Created from 2007-05-09 to 2007-06-09 ))))))))))))))))))))))))))))))) 2007-06-09 09:44 <DIR> d-------- D:avenger 2007-06-09 08:51 <DIR> d-------- D:DOCUME~1ALLUSE~1DANEAP~1Lavasoft 2007-06-09 08:45 49,152 --a------ D:WINDOWSnircmd.exe 2007-06-09 08:16 53,693 -ra------ D:WINDOWSUNDPX2K.sys 2007-06-09 08:16 15,429 -ra------ D:WINDOWSsystem32driversSacm2K.sys 2007-06-09 08:16 135,168 -ra------ D:WINDOWSUNDPX2K.exe 2007-06-08 14:32 <DIR> d-------- D:DOCUME~1ElaDANEAP~1WinPatrol 2007-06-08 13:15 58,420 --a------ D:WINDOWSsystem32yvolydsb.dll 2007-06-08 10:43 83,536 --a------ D:WINDOWSsystem32driversiksyssec.sys 2007-06-08 10:43 626,688 --a------ D:WINDOWSsystem32msvcr80.dll 2007-06-08 10:43 59,984 --a------ D:WINDOWSsystem32driversiksysflt.sys 2007-06-08 10:43 52,304 --a------ D:WINDOWSsystem32driversikfilesec.sys 2007-06-08 10:43 39,248 --a------ D:WINDOWSsystem32driversikfileflt.sys 2007-06-08 10:43 26,064 --a------ D:WINDOWSsystem32driverskcom.sys 2007-06-08 10:43 <DIR> d-------- D:Program FilesSpyware Doctor 2007-06-08 10:43 <DIR> d-------- D:DOCUME~1MarcinDANEAP~1PC Tools 2007-06-07 22:32 58,420 --a------ D:WINDOWSsystem32kulypycf.dll 2007-06-07 21:32 55,316 --a------ D:WINDOWSsystem32vjikmrbu.dll 2007-06-06 21:31 55,316 --a------ D:WINDOWSsystem32lhtdvdcf.dll 2007-06-06 21:25 2,580 --a------ D:WINDOWSsystem32ujkrfvon.exe 2007-06-06 20:56 <DIR> d-------- D:DOCUME~1ALLUSE~1DANEAP~1Spybot - Search & Destroy 2007-06-06 20:48 <DIR> d-------- D:VundoFix Backups 2007-06-06 16:44 14,868 --a------ D:WINDOWSsystem32qjwakhbp.exe 2007-06-06 16:44 10,752 --a------ D:WINDOWSsystem32j5291437.dll 2007-06-06 16:32 6,656 --a------ D:DOCUME~1Marcinkeygen.exe 2007-06-06 16:32 35 --a------ D:DOCUME~1Marcinreadme.bat 2007-06-04 15:18 9,344 --a------ D:WINDOWSsystem32driversNSDriver.sys 2007-06-04 15:17 8,320 --a------ D:WINDOWSsystem32driversAWRTRD.sys 2007-06-04 15:14 6,272 --a------ D:WINDOWSsystem32driversAWRTPD.sys 2007-06-01 21:24 487,424 --a------ D:WINDOWSsystem32msvcp70.dll 2007-06-01 21:24 344,064 --a------ D:WINDOWSsystem32msvcr70.dll 2007-06-01 18:26 <DIR> d-------- D:WINDOWSsystem32NtmsData 2007-06-01 15:52 <DIR> d-------- D:Program FilesTweakNow PowerPack 2006 2007-06-01 15:52 <DIR> d-------- D:DOCUME~1MarcinDANEAP~1TweakNow PowerPack 2007-06-01 15:43 <DIR> d-------- D:Program FilesCommon Filesmapserv 2007-06-01 15:43 <DIR> d-------- D:Program FilesCommon FilesGIS 2007-06-01 15:40 <DIR> d-------- D:Program FilesMap & Travel Route Planner 2007 2007-06-01 15:28 <DIR> d-------- D:WINDOWSDownloaded Installations 2007-06-01 15:28 <DIR> d-------- D:Program FilesBillP Studios 2007-06-01 15:28 <DIR> d-------- D:DOCUME~1MarcinDANEAP~1WinPatrol 2007-06-01 15:27 <DIR> d-------- D:Program Filesrokitny 2007-06-01 14:47 520,192 --------- D:WINDOWSsystem32ati2sgag.exe 2007-05-27 17:52 <DIR> d-------- D:Program FilesActivision Value 2007-05-23 15:31 <DIR> d-------- D:Program FilesDAEMON Tools 2007-05-22 16:08 <DIR> d-------- D:Program FilesGta2 2007-05-21 20:52 <DIR> d-------- D:Program FilesRockstar Games 2007-05-21 17:12 40,960 --a------ D:WINDOWSsystem32FXDV1to2.dll 2007-05-21 17:12 368,912 --a------ D:WINDOWSsystem32vbar332.dll 2007-05-21 17:12 118,784 --a------ D:WINDOWSsystem32msstdfmt.dll 2007-05-21 15:21 <DIR> d-------- D:Program Filesdirectx 2007-05-20 19:35 <DIR> d-------- D:Program FilesGameSpy Arcade 2007-05-20 12:12 <DIR> d-------- D:DOCUME~1MarcinDANEAP~1CyberLink 2007-05-20 12:09 <DIR> d-------- D:DOCUME~1ALLUSE~1DANEAP~1CyberLink 2007-05-20 12:06 <DIR> d-------- D:Program FilesCyberLink 2007-05-20 09:06 <DIR> d-------- D:DOCUME~1ElaDANEAP~1OpenOffice.org2 2007-05-18 20:20 <DIR> d-------- D:Program FilesCommon FilesSkype 2007-05-17 20:11 <DIR> d-------- D:DOCUME~1ElaDANEAP~1MEGAUPLOADTOOLBAR 2007-05-17 17:07 <DIR> d-------- D:DOCUME~1ElaDANEAP~1Opera 2007-05-17 17:05 <DIR> d-------- D:DOCUME~1ElaDANEAP~1Skype 2007-05-17 14:34 81,768 --a------ D:WINDOWSsystem32xinput1_3.dll 2007-05-17 14:34 443,752 --a------ D:WINDOWSsystem32d3dx10_33.dll 2007-05-17 14:34 3,495,784 --a------ D:WINDOWSsystem32d3dx9_33.dll 2007-05-17 14:34 3,426,072 --a------ D:WINDOWSsystem32d3dx9_32.dll 2007-05-17 14:34 261,480 --a------ D:WINDOWSsystem32xactengine2_7.dll 2007-05-17 14:34 255,848 --a------ D:WINDOWSsystem32xactengine2_6.dll 2007-05-17 14:34 251,672 --a------ D:WINDOWSsystem32xactengine2_5.dll 2007-05-17 14:34 237,848 --a------ D:WINDOWSsystem32xactengine2_4.dll 2007-05-17 14:34 2,414,360 --a------ D:WINDOWSsystem32d3dx9_31.dll 2007-05-17 14:34 15,128 --a------ D:WINDOWSsystem32x3daudio1_1.dll 2007-05-17 14:34 1,123,696 --a------ D:WINDOWSsystem32D3DCompiler_33.dll 2007-05-17 14:33 <DIR> d--h----- D:WINDOWSmsdownld.tmp 2007-05-17 07:24 221,184 --a------ D:WINDOWSsystem32wmpns.dll 2007-05-17 07:24 1,310,720 --ah----- D:DOCUME~1ElaNTUSER.DAT 2007-05-17 07:24 <DIR> dr-h----- D:DOCUME~1ElaDane aplikacji 2007-05-17 07:24 <DIR> dr------- D:DOCUME~1ElaUlubione 2007-05-17 07:24 <DIR> dr------- D:DOCUME~1ElaMoje dokumenty 2007-05-17 07:24 <DIR> dr------- D:DOCUME~1ElaMenu Start 2007-05-17 07:24 <DIR> d--h----- D:DOCUME~1ElaUstawienia lokalne 2007-05-17 07:24 <DIR> d--h----- D:DOCUME~1ElaSzablony 2007-05-17 07:24 <DIR> d-------- D:DOCUME~1ElaPulpit 2007-05-13 11:32 <DIR> d--hs---- D:WINDOWSftpcache 2007-05-12 18:16 <DIR> d-------- D:Program FilesEa Sports 2007-05-10 17:56 <DIR> d-------- D:Program FilesOpenOffice.org 2.2 2007-05-09 18:21 6,656 --a------ D:WINDOWSsystem32WnASPI32.dll 2007-05-09 18:21 3,870,720 --a------ D:WINDOWSsystem32qt-mt323.dll 2007-05-09 18:21 <DIR> d-------- D:Program FilesParagon Software (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-06-09 06:51:34 -------- d-----w D:Program FilesLavasoft 2007-06-09 06:51:18 -------- d-----w D:Program FilesCommon FilesWise Installation Wizard 2007-06-08 08:52:05 -------- d-----w D:Program FilesUsługi online 2007-06-06 20:24:58 -------- d-----w D:DOCUME~1MarcinDANEAP~1OpenOffice.org2 2007-06-06 19:19:06 -------- d-----w D:DOCUME~1MarcinDANEAP~1Skype 2007-06-06 14:00:40 -------- d-----w D:DOCUME~1MarcinDANEAP~1Tlen.pl 2007-06-01 19:23:59 -------- d--h--w D:Program FilesInstallShield Installation Information 2007-05-21 14:39:28 -------- d-----w D:Program FilesOpera 2007-05-20 17:33:12 -------- d-----w D:Program FilesCodemasters 2007-05-18 18:20:42 -------- d-----w D:Program FilesSkype 2007-05-16 19:13:24 -------- d-----w D:Program FilesDAP 2007-05-10 17:37:08 -------- d-----w D:Program FilesTlen.pl 2007-05-10 16:43:32 -------- d-----w D:Program FileseMule 2007-05-10 16:05:35 -------- d-----w D:Program FilesAOL Security Toolbar 2007-05-10 15:56:05 -------- d-----w D:Program FilesOpenOffice.org 2.1 2007-05-06 10:38:03 -------- d-----w D:Program FilesMarBit 2007-05-01 18:31:42 74,786 ----a-w D:WINDOWSsystem32perfc015.dat 2007-05-01 18:31:42 449,026 ----a-w D:WINDOWSsystem32perfh015.dat 2007-05-01 18:24:57 -------- d-----w D:Program FilesPhilips 2007-05-01 17:30:03 -------- d-----w D:Program FilesPivot Stickfigure Animator 2007-05-01 13:06:48 -------- d-----w D:Program FilesAlwil Software 2007-05-01 11:56:06 -------- d-----w D:Program FilesSymantec 2007-05-01 11:56:06 -------- d-----w D:Program FilesCommon FilesSymantec Shared 2007-04-30 20:27:47 -------- d-----w D:Program FilesF1 2006 2007-04-30 15:46:10 745,600 ----a-w D:WINDOWSsystem32aswBoot.exe 2007-04-30 15:41:55 85,952 ----a-w D:WINDOWSsystem32driversaswmon.sys 2007-04-30 15:41:42 94,552 ----a-w D:WINDOWSsystem32driversaswmon2.sys 2007-04-30 15:39:41 23,416 ----a-w D:WINDOWSsystem32driversaswRdr.sys 2007-04-30 15:38:51 43,176 ----a-w D:WINDOWSsystem32driversaswTdi.sys 2007-04-30 15:37:23 26,888 ----a-w D:WINDOWSsystem32driversaavmker4.sys 2007-04-30 15:35:28 95,872 ----a-w D:WINDOWSsystem32AvastSS.scr 2007-04-29 21:47:19 -------- d-----w D:Program FilesJAP 2007-04-25 17:42:15 -------- d-----w D:Program FilesAtari 2007-04-25 17:37:50 -------- d--h--r D:DOCUME~1MarcinDANEAP~1SecuROM 2007-04-25 17:37:49 108,144 ----a-w D:WINDOWSsystem32CmdLineExt.dll 2007-04-25 17:09:13 682,232 ----a-w D:WINDOWSsystem32driverssptd.sys 2007-04-20 17:08:39 21,840 ----atw D:WINDOWSsystem32SIntfNT.dll 2007-04-20 17:08:39 17,212 ----atw D:WINDOWSsystem32SIntf32.dll 2007-04-20 17:08:39 12,067 ----atw D:WINDOWSsystem32SIntf16.dll 2007-04-20 16:58:02 -------- d-----w D:Program FilesHard Truck 2007-04-18 16:14:32 2,854,400 ----a-w D:WINDOWSsystem32msi.dll 2007-04-18 05:04:39 -------- d-----w D:Program FilesPamela 2007-04-18 05:04:39 -------- d-----w D:DOCUME~1MarcinDANEAP~1Pamela 2007-04-17 14:14:12 -------- d-----w D:DOCUME~1MarcinDANEAP~1Lavasoft 2007-04-14 09:08:11 -------- d-----w D:DOCUME~1MarcinDANEAP~1MegauploadToolbar 2007-04-14 08:41:59 -------- d-----w D:Program FilesMegauploadToolbar 2007-04-13 13:19:52 7,680 ----a-w D:WINDOWSsystem32lsdelete.exe 2007-04-12 18:46:13 -------- d-----w D:DOCUME~1MarcinDANEAP~1AdobeUM 2007-04-10 19:47:16 -------- d-----w D:Program FilesCommon FilesOnet.pl 2007-04-10 19:43:40 -------- d-----w D:DOCUME~1MarcinDANEAP~1MozillaControl 2007-04-10 19:43:14 -------- d-----w D:DOCUME~1MarcinDANEAP~1Onet 2007-04-10 19:43:05 -------- d-----w D:DOCUME~1MarcinDANEAP~1Listonosz 2007-04-10 19:43:05 -------- d-----w D:DOCUME~1MarcinDANEAP~1AutoUpdate 2007-04-10 19:42:58 -------- d-----w D:Program FilesOnet 2007-04-09 15:58:54 -------- d-----w D:DOCUME~1MarcinDANEAP~1Opera 2007-04-09 15:31:12 -------- d-----w D:Program FilesCommon FilesReal 2007-04-09 15:31:09 -------- d-----w D:DOCUME~1MarcinDANEAP~1Hamachi 2007-04-09 15:30:55 -------- d-----w D:Program FilesATI Technologies 2007-04-09 15:30:18 -------- d-----w D:Program FilesCarReplacer 2007-04-03 10:03:29 1,289 ----a-w D:WINDOWSmozver.dat 2007-03-17 13:45:36 293,376 ----a-w D:WINDOWSsystem32winsrv.dll 2007-03-15 10:00:36 466,432 ----a-w D:WINDOWSsystem32SkanerOnline.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=D:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll [2005-09-24 07:12] {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}=D:PROGRA~1MEGAUP~1MEGAUP~1.DLL [2006-10-31 08:55] {53707962-6F74-2D53-2644-206D7942484F}=D:PROGRA~1SPYBOT~1SDHelper.dll [2005-05-31 01:04] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=D:Program FilesJavajre1.6.0binssv.dll [2007-05-10 17:53] [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] "avast!"="D:PROGRA~1ALWILS~1Avast4ashDisp.exe" [2007-04-30 17:42] "QveCtl2Tray"="D:Program FilesPhilipsSound Agent 2mc500cpl.exe" [2003-09-20 11:41] "WinPatrol"="D:Program FilesBillP StudiosWinPatrolwinpatrol.exe" [2007-04-03 13:54] "SDTray"="D:Program FilesSpyware DoctorSDTrayApp.exe" [2007-06-08 10:44] "Ashampoo FireWall"="D:Program FilesAshampooAshampoo FireWallFireWall.exe" [2007-04-05 14:57] [HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun] "Komunikator"="D:Program FilesTlen.pltlen.exe" [2006-10-02 11:30] "SpybotSD TeaTimer"="D:Program FilesSpybot - Search & DestroyTeaTimer.exe" [2005-05-31 01:04] [HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer] "NoSMMyDocs"=1 (0x1) "NoRecentDocsMenu"=0 (0x0) "NoSMMyPictures"=1 (0x1) "NoChangeStartMenu"=0 (0x0) "ClearRecentDocsOnExit"=0 (0x0) "NoRecentDocsHistory"=0 (0x0) "MaxRecentDocs"=11 (0xb) "NoStartMenuMFUprogramsList"=1 (0x1) [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifywingdm32] [HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsafebootminimalaawservice] [HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsafebootminimalsdauxservice] [HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsafebootminimalsdcoreservice] [HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionrun-] "Skype"="D:Program FilesSkypePhoneSkype.exe" /nosplash /minimized HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionsvchost *netsvcs* [HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{ea0 8a43-5bea-11d9-a05d-806d6172696f}] AutoRuncommand- E:setup.exe ************************************************************************** catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-06-09 09:56:25 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINEsystemControlSet003ServicesH a r m o n o g r a m a u t o m a t y c z n e j u s Bu g i L i v e U p d a t e ] "ImagePath"=""D:Program FilesSymantecLiveUpdateALUSchedulerSvc.exe"" [HKEY_LOCAL_MACHINEsystemControlSet003Serviceshelpsvc] "ServiceDll"="%WINDIR%PCHealthHelpCtrBinariespchsvc.dll" [HKEY_LOCAL_MACHINEsystemControlSet003ServicesHidServ] "ServiceDll"="%SystemRoot%System32hidserv.dll" [HKEY_LOCAL_MACHINEsystemControlSet003Serviceshidusb] "ImagePath"="system32DRIVERShidusb.sys" [HKEY_LOCAL_MACHINEsystemControlSet003Serviceshpn] [HKEY_LOCAL_MACHINEsystemControlSet003ServicesHTTP] "ImagePath"="System32DriversHTTP.sys" [HKEY_LOCAL_MACHINEsystemControlSet003ServicesHTTPFilter] "ServiceDll"="%SystemRoot%System32w3ssl.dll" Completion time: 2007-06-09 9:57:21 D:ComboFix2.txt ... 2007-06-09 08:45 --- E O F ---
CatchMe komentarz 9 czerwca 2007 komentarz 9 czerwca 2007 Nic nie usunąłeś ... więc zrób tak: W HijackThis kasujesz: O20 - Winlogon Notify: wingdm32 - D:WINDOWS Otwórz Notatnik i wklej w nim to: Windows Registry Editor Version 5.00[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSession Manager] "BootExecute"=hex(7):61,00,75,00,74,00,6f,00,63,00,68,00,65,00,63,00,6b,00,20, 00,61,00,75,00,74,00,6f,00,63,00,68,00,6b,00,20,00,2a,00,00,00,00,00 Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.REG >>> Uruchom plik FIX.REG w trybie awaryjnym >>> Uruchom ponownie komputer. Ściagnij: Gmer`a, w jego zakładce CMD dla zaznaczonej podopcji CMD wkleić: gmer -killallgmer -del file D:WINDOWSsystem32yvolydsb.dll gmer -del file D:WINDOWSsystem32kulypycf.dll gmer -del file D:WINDOWSsystem32vjikmrbu.dll gmer -del file D:WINDOWSsystem32lhtdvdcf.dll gmer -del file D:WINDOWSsystem32ujkrfvon.exe gmer -del file D:WINDOWSsystem32qjwakhbp.exe gmer -del file D:WINDOWSsystem32j5291437.dll gmer -del file D:DOCUME~1Marcinkeygen.exe gmer -del file D:DOCUME~1Marcinreadme.bat gmer -reboot - Następnie nowe logi. 2007-06-06 16:32 35 --a------
rcwawa komentarz 9 czerwca 2007 Autor komentarz 9 czerwca 2007 przy usowaniu gmer'em wyskakuje komunikat, ze nie moze usunac pliku i tak po kolei kazdy z tych, ktore mialem wkleic ps. z ciekawosci do czego jest ten klucz do rejestru? po dodaniu go troche wolniej sie uruchamia caly autostart EDIT: zrobilemto po swojemu nie wiem czy dobrze logi Hijack Logfile of HijackThis v1.99.1Scan saved at 22:47:25, on 2007-06-09 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: D:WINDOWSSystem32smss.exe D:WINDOWSsystem32csrss.exe D:WINDOWSsystem32winlogon.exe D:WINDOWSsystem32services.exe D:WINDOWSsystem32lsass.exe D:WINDOWSsystem32Ati2evxx.exe D:WINDOWSsystem32svchost.exe D:WINDOWSsystem32svchost.exe D:WINDOWSSystem32svchost.exe D:WINDOWSsystem32svchost.exe D:WINDOWSsystem32svchost.exe D:Program FilesAlwil SoftwareAvast4aswUpdSv.exe D:Program FilesAlwil SoftwareAvast4ashServ.exe D:WINDOWSsystem32spoolsv.exe D:Program FilesLavasoftAd-Aware 2007aawservice.exe D:Program FilesSpyware Doctorsvcntaux.exe D:Program FilesSpyware Doctorswdsvc.exe D:WINDOWSsystem32wdfmgr.exe D:Program FilesAlwil SoftwareAvast4ashMaiSv.exe D:Program FilesAlwil SoftwareAvast4ashWebSv.exe D:WINDOWSsystem32Ati2evxx.exe D:PROGRA~1ALWILS~1Avast4ashDisp.exe D:Program FilesPhilipsSound Agent 2mc500cpl.exe D:Program FilesBillP StudiosWinPatrolwinpatrol.exe D:Program FilesSpyware DoctorSDTrayApp.exe D:Program FilesAshampooAshampoo FireWallFireWall.exe D:Program FilesTlen.pltlen.exe D:Program FilesSpybot - Search & DestroyTeaTimer.exe D:Program FilesOperaOpera.exe D:ComboFix19961.cfexe D:WINDOWSexplorer.exe D:Documents and SettingsMarcinPulpitpobraneHijackThis.exe R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page = www.onet.pl R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://www.winamp.com/player/lite.php R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll O2 - BHO: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - D:PROGRA~1MEGAUP~1MEGAUP~1.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:PROGRA~1SPYBOT~1SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:Program FilesJavajre1.6.0binssv.dll O3 - Toolbar: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - D:PROGRA~1MEGAUP~1MEGAUP~1.DLL O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - D:WINDOWSImageShackToolbarImageShackToolbar.dll O4 - HKLM..Run: [avast!] D:PROGRA~1ALWILS~1Avast4ashDisp.exe O4 - HKLM..Run: [QveCtl2Tray] D:Program FilesPhilipsSound Agent 2mc500cpl.exe O4 - HKLM..Run: [WinPatrol] D:Program FilesBillP StudiosWinPatrolwinpatrol.exe O4 - HKLM..Run: [sDTray] D:Program FilesSpyware DoctorSDTrayApp.exe O4 - HKLM..Run: [Ashampoo FireWall] "D:Program FilesAshampooAshampoo FireWallFireWall.exe" -TRAY O4 - HKCU..Run: [Komunikator] D:Program FilesTlen.pltlen.exe O4 - HKCU..Run: [spybotSD TeaTimer] D:Program FilesSpybot - Search & DestroyTeaTimer.exe O8 - Extra context menu item: &Clean Traces - D:Program FilesDAPPrivacy Packagedapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - D:Program FilesDAPdapextie.htm O8 - Extra context menu item: Download &all with DAP - D:Program FilesDAPdapextie2.htm O8 - Extra context menu item: Post Image to Blog - res://D:WINDOWSImageShackToolbarImageShackToolbar.dll/5003 O8 - Extra context menu item: Tag This Image - res://D:WINDOWSImageShackToolbarImageShackToolbar.dll/5002 O8 - Extra context menu item: Transload Image to ImageShack - res://D:WINDOWSImageShackToolbarImageShackToolbar.dll/5004 O8 - Extra context menu item: Upload All Images to ImageShack - res://D:WINDOWSImageShackToolbarImageShackToolbar.dll/5000 O8 - Extra context menu item: Upload Image to ImageShack - res://D:WINDOWSImageShackToolbarImageShackToolbar.dll/5001 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:Program FilesJavajre1.6.0binssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:Program FilesJavajre1.6.0binssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:Program FilesMessengermsmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:Program FilesMessengermsmsgs.exe (file missing) O10 - Unknown file in Winsock LSP: d:program filesashampooashampoo firewallspi.dll O10 - Unknown file in Winsock LSP: d:program filesashampooashampoo firewallspi.dll O10 - Unknown file in Winsock LSP: d:program filesashampooashampoo firewallspi.dll O10 - Unknown file in Winsock LSP: d:program filesashampooashampoo firewallspi.dll O10 - Unknown file in Winsock LSP: d:program filesashampooashampoo firewallspi.dll O10 - Unknown file in Winsock LSP: d:program filesashampooashampoo firewallspi.dll O15 - Trusted Zone: http://toolbar.imageshack.us O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) - http://toolbar.imageshack.us/toolbar/ImageShackToolbar.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL O20 - Winlogon Notify: wingdm32 - D:WINDOWS O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:Program FilesLavasoftAd-Aware 2007aawservice.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:Program FilesAlwil SoftwareAvast4aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:WINDOWSsystem32Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - D:WINDOWSsystem32ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - D:Program FilesAlwil SoftwareAvast4ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - D:Program FilesAlwil SoftwareAvast4ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - D:Program FilesAlwil SoftwareAvast4ashWebSv.exe" /service (file missing) O23 - Service: Harmonogram automatycznej usługi LiveUpdate - Unknown owner - D:Program FilesSymantecLiveUpdateALUSchedulerSvc.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - D:Program FilesCyberLinkShared FilesRichVideo.exe O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - D:Program FilesSpyware Doctorsvcntaux.exe O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - D:Program FilesSpyware Doctorswdsvc.exe ComboFix "Marcin" - 2007-06-09 22:40:43 Dodatek Service Pack 2 NTFS ComboFix 07-06-3B - Running from: "D:Documents and SettingsMarcinPulpitpobrane" ((((((((((((((((((((((((( Files Created from 2007-05-09 to 2007-06-09 ))))))))))))))))))))))))))))))) 2007-06-09 21:59 528 --a------ D:FIX.REG 2007-06-09 09:44 <DIR> d-------- D:avenger 2007-06-09 08:51 <DIR> d-------- D:DOCUME~1ALLUSE~1DANEAP~1Lavasoft 2007-06-09 08:45 49,152 --a------ D:WINDOWSnircmd.exe 2007-06-09 08:16 53,693 -ra------ D:WINDOWSUNDPX2K.sys 2007-06-09 08:16 15,429 -ra------ D:WINDOWSsystem32driversSacm2K.sys 2007-06-09 08:16 135,168 -ra------ D:WINDOWSUNDPX2K.exe 2007-06-08 14:32 <DIR> d-------- D:DOCUME~1ElaDANEAP~1WinPatrol 2007-06-08 10:43 83,536 --a------ D:WINDOWSsystem32driversiksyssec.sys 2007-06-08 10:43 626,688 --a------ D:WINDOWSsystem32msvcr80.dll 2007-06-08 10:43 59,984 --a------ D:WINDOWSsystem32driversiksysflt.sys 2007-06-08 10:43 52,304 --a------ D:WINDOWSsystem32driversikfilesec.sys 2007-06-08 10:43 39,248 --a------ D:WINDOWSsystem32driversikfileflt.sys 2007-06-08 10:43 26,064 --a------ D:WINDOWSsystem32driverskcom.sys 2007-06-08 10:43 <DIR> d-------- D:Program FilesSpyware Doctor 2007-06-08 10:43 <DIR> d-------- D:DOCUME~1MarcinDANEAP~1PC Tools 2007-06-06 20:56 <DIR> d-------- D:DOCUME~1ALLUSE~1DANEAP~1Spybot - Search & Destroy 2007-06-06 20:48 <DIR> d-------- D:VundoFix Backups 2007-06-04 15:18 9,344 --a------ D:WINDOWSsystem32driversNSDriver.sys 2007-06-04 15:17 8,320 --a------ D:WINDOWSsystem32driversAWRTRD.sys 2007-06-04 15:14 6,272 --a------ D:WINDOWSsystem32driversAWRTPD.sys 2007-06-01 21:24 487,424 --a------ D:WINDOWSsystem32msvcp70.dll 2007-06-01 21:24 344,064 --a------ D:WINDOWSsystem32msvcr70.dll 2007-06-01 18:26 <DIR> d-------- D:WINDOWSsystem32NtmsData 2007-06-01 15:52 <DIR> d-------- D:Program FilesTweakNow PowerPack 2006 2007-06-01 15:52 <DIR> d-------- D:DOCUME~1MarcinDANEAP~1TweakNow PowerPack 2007-06-01 15:43 <DIR> d-------- D:Program FilesCommon Filesmapserv 2007-06-01 15:43 <DIR> d-------- D:Program FilesCommon FilesGIS 2007-06-01 15:40 <DIR> d-------- D:Program FilesMap & Travel Route Planner 2007 2007-06-01 15:28 <DIR> d-------- D:WINDOWSDownloaded Installations 2007-06-01 15:28 <DIR> d-------- D:Program FilesBillP Studios 2007-06-01 15:28 <DIR> d-------- D:DOCUME~1MarcinDANEAP~1WinPatrol 2007-06-01 15:27 <DIR> d-------- D:Program Filesrokitny 2007-06-01 14:47 520,192 --------- D:WINDOWSsystem32ati2sgag.exe 2007-05-27 17:52 <DIR> d-------- D:Program FilesActivision Value 2007-05-23 15:31 <DIR> d-------- D:Program FilesDAEMON Tools 2007-05-22 16:08 <DIR> d-------- D:Program FilesGta2 2007-05-21 20:52 <DIR> d-------- D:Program FilesRockstar Games 2007-05-21 17:12 40,960 --a------ D:WINDOWSsystem32FXDV1to2.dll 2007-05-21 17:12 368,912 --a------ D:WINDOWSsystem32vbar332.dll 2007-05-21 17:12 118,784 --a------ D:WINDOWSsystem32msstdfmt.dll 2007-05-21 15:21 <DIR> d-------- D:Program Filesdirectx 2007-05-20 19:35 <DIR> d-------- D:Program FilesGameSpy Arcade 2007-05-20 12:12 <DIR> d-------- D:DOCUME~1MarcinDANEAP~1CyberLink 2007-05-20 12:09 <DIR> d-------- D:DOCUME~1ALLUSE~1DANEAP~1CyberLink 2007-05-20 12:06 <DIR> d-------- D:Program FilesCyberLink 2007-05-20 09:06 <DIR> d-------- D:DOCUME~1ElaDANEAP~1OpenOffice.org2 2007-05-18 20:20 <DIR> d-------- D:Program FilesCommon FilesSkype 2007-05-17 20:11 <DIR> d-------- D:DOCUME~1ElaDANEAP~1MEGAUPLOADTOOLBAR 2007-05-17 17:07 <DIR> d-------- D:DOCUME~1ElaDANEAP~1Opera 2007-05-17 17:05 <DIR> d-------- D:DOCUME~1ElaDANEAP~1Skype 2007-05-17 14:34 81,768 --a------ D:WINDOWSsystem32xinput1_3.dll 2007-05-17 14:34 443,752 --a------ D:WINDOWSsystem32d3dx10_33.dll 2007-05-17 14:34 3,495,784 --a------ D:WINDOWSsystem32d3dx9_33.dll 2007-05-17 14:34 3,426,072 --a------ D:WINDOWSsystem32d3dx9_32.dll 2007-05-17 14:34 261,480 --a------ D:WINDOWSsystem32xactengine2_7.dll 2007-05-17 14:34 255,848 --a------ D:WINDOWSsystem32xactengine2_6.dll 2007-05-17 14:34 251,672 --a------ D:WINDOWSsystem32xactengine2_5.dll 2007-05-17 14:34 237,848 --a------ D:WINDOWSsystem32xactengine2_4.dll 2007-05-17 14:34 2,414,360 --a------ D:WINDOWSsystem32d3dx9_31.dll 2007-05-17 14:34 15,128 --a------ D:WINDOWSsystem32x3daudio1_1.dll 2007-05-17 14:34 1,123,696 --a------ D:WINDOWSsystem32D3DCompiler_33.dll 2007-05-17 14:33 <DIR> d--h----- D:WINDOWSmsdownld.tmp 2007-05-17 07:24 221,184 --a------ D:WINDOWSsystem32wmpns.dll 2007-05-17 07:24 1,310,720 --ah----- D:DOCUME~1ElaNTUSER.DAT 2007-05-17 07:24 <DIR> dr-h----- D:DOCUME~1ElaDane aplikacji 2007-05-17 07:24 <DIR> dr------- D:DOCUME~1ElaUlubione 2007-05-17 07:24 <DIR> dr------- D:DOCUME~1ElaMoje dokumenty 2007-05-17 07:24 <DIR> dr------- D:DOCUME~1ElaMenu Start 2007-05-17 07:24 <DIR> d--h----- D:DOCUME~1ElaUstawienia lokalne 2007-05-17 07:24 <DIR> d--h----- D:DOCUME~1ElaSzablony 2007-05-17 07:24 <DIR> d-------- D:DOCUME~1ElaPulpit 2007-05-13 11:32 <DIR> d--hs---- D:WINDOWSftpcache 2007-05-12 18:16 <DIR> d-------- D:Program FilesEa Sports 2007-05-10 17:56 <DIR> d-------- D:Program FilesOpenOffice.org 2.2 2007-05-09 18:21 6,656 --a------ D:WINDOWSsystem32WnASPI32.dll 2007-05-09 18:21 3,870,720 --a------ D:WINDOWSsystem32qt-mt323.dll 2007-05-09 18:21 <DIR> d-------- D:Program FilesParagon Software (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-06-09 06:51:34 -------- d-----w D:Program FilesLavasoft 2007-06-09 06:51:18 -------- d-----w D:Program FilesCommon FilesWise Installation Wizard 2007-06-08 08:52:05 -------- d-----w D:Program FilesUsługi online 2007-06-06 20:24:58 -------- d-----w D:DOCUME~1MarcinDANEAP~1OpenOffice.org2 2007-06-06 19:19:06 -------- d-----w D:DOCUME~1MarcinDANEAP~1Skype 2007-06-06 14:00:40 -------- d-----w D:DOCUME~1MarcinDANEAP~1Tlen.pl 2007-06-01 19:23:59 -------- d--h--w D:Program FilesInstallShield Installation Information 2007-05-21 14:39:28 -------- d-----w D:Program FilesOpera 2007-05-20 17:33:12 -------- d-----w D:Program FilesCodemasters 2007-05-18 18:20:42 -------- d-----w D:Program FilesSkype 2007-05-16 19:13:24 -------- d-----w D:Program FilesDAP 2007-05-10 17:37:08 -------- d-----w D:Program FilesTlen.pl 2007-05-10 16:43:32 -------- d-----w D:Program FileseMule 2007-05-10 16:05:35 -------- d-----w D:Program FilesAOL Security Toolbar 2007-05-10 15:56:05 -------- d-----w D:Program FilesOpenOffice.org 2.1 2007-05-06 10:38:03 -------- d-----w D:Program FilesMarBit 2007-05-01 18:31:42 74,786 ----a-w D:WINDOWSsystem32perfc015.dat 2007-05-01 18:31:42 449,026 ----a-w D:WINDOWSsystem32perfh015.dat 2007-05-01 18:24:57 -------- d-----w D:Program FilesPhilips 2007-05-01 17:30:03 -------- d-----w D:Program FilesPivot Stickfigure Animator 2007-05-01 13:06:48 -------- d-----w D:Program FilesAlwil Software 2007-05-01 11:56:06 -------- d-----w D:Program FilesSymantec 2007-05-01 11:56:06 -------- d-----w D:Program FilesCommon FilesSymantec Shared 2007-04-30 20:27:47 -------- d-----w D:Program FilesF1 2006 2007-04-30 15:46:10 745,600 ----a-w D:WINDOWSsystem32aswBoot.exe 2007-04-30 15:41:55 85,952 ----a-w D:WINDOWSsystem32driversaswmon.sys 2007-04-30 15:41:42 94,552 ----a-w D:WINDOWSsystem32driversaswmon2.sys 2007-04-30 15:39:41 23,416 ----a-w D:WINDOWSsystem32driversaswRdr.sys 2007-04-30 15:38:51 43,176 ----a-w D:WINDOWSsystem32driversaswTdi.sys 2007-04-30 15:37:23 26,888 ----a-w D:WINDOWSsystem32driversaavmker4.sys 2007-04-30 15:35:28 95,872 ----a-w D:WINDOWSsystem32AvastSS.scr 2007-04-29 21:47:19 -------- d-----w D:Program FilesJAP 2007-04-25 17:42:15 -------- d-----w D:Program FilesAtari 2007-04-25 17:37:50 -------- d--h--r D:DOCUME~1MarcinDANEAP~1SecuROM 2007-04-25 17:37:49 108,144 ----a-w D:WINDOWSsystem32CmdLineExt.dll 2007-04-25 17:09:13 682,232 ----a-w D:WINDOWSsystem32driverssptd.sys 2007-04-20 17:08:39 21,840 ----atw D:WINDOWSsystem32SIntfNT.dll 2007-04-20 17:08:39 17,212 ----atw D:WINDOWSsystem32SIntf32.dll 2007-04-20 17:08:39 12,067 ----atw D:WINDOWSsystem32SIntf16.dll 2007-04-20 16:58:02 -------- d-----w D:Program FilesHard Truck 2007-04-18 16:14:32 2,854,400 ----a-w D:WINDOWSsystem32msi.dll 2007-04-18 05:04:39 -------- d-----w D:DOCUME~1MarcinDANEAP~1Pamela 2007-04-17 14:14:12 -------- d-----w D:DOCUME~1MarcinDANEAP~1Lavasoft 2007-04-14 09:08:11 -------- d-----w D:DOCUME~1MarcinDANEAP~1MegauploadToolbar 2007-04-14 08:41:59 -------- d-----w D:Program FilesMegauploadToolbar 2007-04-13 13:19:52 7,680 ----a-w D:WINDOWSsystem32lsdelete.exe 2007-04-12 18:46:13 -------- d-----w D:DOCUME~1MarcinDANEAP~1AdobeUM 2007-04-10 19:47:16 -------- d-----w D:Program FilesCommon FilesOnet.pl 2007-04-10 19:43:40 -------- d-----w D:DOCUME~1MarcinDANEAP~1MozillaControl 2007-04-10 19:43:14 -------- d-----w D:DOCUME~1MarcinDANEAP~1Onet 2007-04-10 19:43:05 -------- d-----w D:DOCUME~1MarcinDANEAP~1Listonosz 2007-04-10 19:43:05 -------- d-----w D:DOCUME~1MarcinDANEAP~1AutoUpdate 2007-04-10 19:42:58 -------- d-----w D:Program FilesOnet 2007-04-09 15:58:54 -------- d-----w D:DOCUME~1MarcinDANEAP~1Opera 2007-04-09 15:31:12 -------- d-----w D:Program FilesCommon FilesReal 2007-04-09 15:31:09 -------- d-----w D:DOCUME~1MarcinDANEAP~1Hamachi 2007-04-09 15:30:55 -------- d-----w D:Program FilesATI Technologies 2007-04-09 15:30:18 -------- d-----w D:Program FilesCarReplacer 2007-04-03 10:03:29 1,289 ----a-w D:WINDOWSmozver.dat 2007-03-17 13:45:36 293,376 ----a-w D:WINDOWSsystem32winsrv.dll 2007-03-15 10:00:36 466,432 ----a-w D:WINDOWSsystem32SkanerOnline.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=D:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll [2005-09-24 07:12] {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}=D:PROGRA~1MEGAUP~1MEGAUP~1.DLL [2006-10-31 08:55] {53707962-6F74-2D53-2644-206D7942484F}=D:PROGRA~1SPYBOT~1SDHelper.dll [2005-05-31 01:04] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=D:Program FilesJavajre1.6.0binssv.dll [2007-05-10 17:53] [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] "avast!"="D:PROGRA~1ALWILS~1Avast4ashDisp.exe" [2007-04-30 17:42] "QveCtl2Tray"="D:Program FilesPhilipsSound Agent 2mc500cpl.exe" [2003-09-20 11:41] "WinPatrol"="D:Program FilesBillP StudiosWinPatrolwinpatrol.exe" [2007-04-03 13:54] "SDTray"="D:Program FilesSpyware DoctorSDTrayApp.exe" [2007-06-08 10:44] "Ashampoo FireWall"="D:Program FilesAshampooAshampoo FireWallFireWall.exe" [2007-04-05 14:57] [HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun] "Komunikator"="D:Program FilesTlen.pltlen.exe" [2006-10-02 11:30] "SpybotSD TeaTimer"="D:Program FilesSpybot - Search & DestroyTeaTimer.exe" [2005-05-31 01:04] [HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer] "NoSMMyDocs"=1 (0x1) "NoRecentDocsMenu"=0 (0x0) "NoSMMyPictures"=1 (0x1) "NoChangeStartMenu"=0 (0x0) "ClearRecentDocsOnExit"=0 (0x0) "NoRecentDocsHistory"=0 (0x0) "MaxRecentDocs"=11 (0xb) "NoStartMenuMFUprogramsList"=1 (0x1) [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifywingdm32] [HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsafebootminimalaawservice] [HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsafebootminimalsdauxservice] [HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsafebootminimalsdcoreservice] [HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionrun-] "Skype"="D:Program FilesSkypePhoneSkype.exe" /nosplash /minimized HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionsvchost *netsvcs* [HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{ea0 8a43-5bea-11d9-a05d-806d6172696f}] AutoRuncommand- E:setup.exe ((((((((((((((((((((((((( Files Created from 2007-05-09 to 2007-06-09 ))))))))))))))))))))))))))))))) No new files created in this timespan (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-06-09 06:51:34 -------- d-----w D:Program FilesLavasoft 2007-06-09 06:51:18 -------- d-----w D:Program FilesCommon FilesWise Installation Wizard 2007-06-08 08:52:05 -------- d-----w D:Program FilesUsługi online 2007-06-06 20:24:58 -------- d-----w D:DOCUME~1MarcinDANEAP~1OpenOffice.org2 2007-06-06 19:19:06 -------- d-----w D:DOCUME~1MarcinDANEAP~1Skype 2007-06-06 14:00:40 -------- d-----w D:DOCUME~1MarcinDANEAP~1Tlen.pl 2007-06-01 19:23:59 -------- d--h--w D:Program FilesInstallShield Installation Information 2007-05-21 14:39:28 -------- d-----w D:Program FilesOpera 2007-05-20 17:33:12 -------- d-----w D:Program FilesCodemasters 2007-05-18 18:20:42 -------- d-----w D:Program FilesSkype 2007-05-16 19:13:24 -------- d-----w D:Program FilesDAP 2007-05-10 17:37:08 -------- d-----w D:Program FilesTlen.pl 2007-05-10 16:43:32 -------- d-----w D:Program FileseMule 2007-05-10 16:05:35 -------- d-----w D:Program FilesAOL Security Toolbar 2007-05-10 15:56:05 -------- d-----w D:Program FilesOpenOffice.org 2.1 2007-05-06 10:38:03 -------- d-----w D:Program FilesMarBit 2007-05-01 18:31:42 74,786 ----a-w D:WINDOWSsystem32perfc015.dat 2007-05-01 18:31:42 449,026 ----a-w D:WINDOWSsystem32perfh015.dat 2007-05-01 18:24:57 -------- d-----w D:Program FilesPhilips 2007-05-01 17:30:03 -------- d-----w D:Program FilesPivot Stickfigure Animator 2007-05-01 13:06:48 -------- d-----w D:Program FilesAlwil Software 2007-05-01 11:56:06 -------- d-----w D:Program FilesSymantec 2007-05-01 11:56:06 -------- d-----w D:Program FilesCommon FilesSymantec Shared 2007-04-30 20:27:47 -------- d-----w D:Program FilesF1 2006 2007-04-30 15:46:10 745,600 ----a-w D:WINDOWSsystem32aswBoot.exe 2007-04-30 15:41:55 85,952 ----a-w D:WINDOWSsystem32driversaswmon.sys 2007-04-30 15:41:42 94,552 ----a-w D:WINDOWSsystem32driversaswmon2.sys 2007-04-30 15:39:41 23,416 ----a-w D:WINDOWSsystem32driversaswRdr.sys 2007-04-30 15:38:51 43,176 ----a-w D:WINDOWSsystem32driversaswTdi.sys 2007-04-30 15:37:23 26,888 ----a-w D:WINDOWSsystem32driversaavmker4.sys 2007-04-30 15:35:28 95,872 ----a-w D:WINDOWSsystem32AvastSS.scr 2007-04-29 21:47:19 -------- d-----w D:Program FilesJAP 2007-04-25 17:42:15 -------- d-----w D:Program FilesAtari 2007-04-25 17:37:50 -------- d--h--r D:DOCUME~1MarcinDANEAP~1SecuROM 2007-04-25 17:37:49 108,144 ----a-w D:WINDOWSsystem32CmdLineExt.dll 2007-04-25 17:09:13 682,232 ----a-w D:WINDOWSsystem32driverssptd.sys 2007-04-20 17:08:39 21,840 ----atw D:WINDOWSsystem32SIntfNT.dll 2007-04-20 17:08:39 17,212 ----atw D:WINDOWSsystem32SIntf32.dll 2007-04-20 17:08:39 12,067 ----atw D:WINDOWSsystem32SIntf16.dll 2007-04-20 16:58:02 -------- d-----w D:Program FilesHard Truck 2007-04-18 16:14:32 2,854,400 ----a-w D:WINDOWSsystem32msi.dll 2007-04-18 05:04:39 -------- d-----w D:DOCUME~1MarcinDANEAP~1Pamela 2007-04-17 14:14:12 -------- d-----w D:DOCUME~1MarcinDANEAP~1Lavasoft 2007-04-14 09:08:11 -------- d-----w D:DOCUME~1MarcinDANEAP~1MegauploadToolbar 2007-04-14 08:41:59 -------- d-----w D:Program FilesMegauploadToolbar 2007-04-13 13:19:52 7,680 ----a-w D:WINDOWSsystem32lsdelete.exe 2007-04-12 18:46:13 -------- d-----w D:DOCUME~1MarcinDANEAP~1AdobeUM 2007-04-10 19:47:16 -------- d-----w D:Program FilesCommon FilesOnet.pl 2007-04-10 19:43:40 -------- d-----w D:DOCUME~1MarcinDANEAP~1MozillaControl 2007-04-10 19:43:14 -------- d-----w D:DOCUME~1MarcinDANEAP~1Onet 2007-04-10 19:43:05 -------- d-----w D:DOCUME~1MarcinDANEAP~1Listonosz 2007-04-10 19:43:05 -------- d-----w D:DOCUME~1MarcinDANEAP~1AutoUpdate 2007-04-10 19:42:58 -------- d-----w D:Program FilesOnet 2007-04-09 15:58:54 -------- d-----w D:DOCUME~1MarcinDANEAP~1Opera 2007-04-09 15:31:12 -------- d-----w D:Program FilesCommon FilesReal 2007-04-09 15:31:09 -------- d-----w D:DOCUME~1MarcinDANEAP~1Hamachi 2007-04-09 15:30:55 -------- d-----w D:Program FilesATI Technologies 2007-04-09 15:30:18 -------- d-----w D:Program FilesCarReplacer 2007-04-03 10:03:29 1,289 ----a-w D:WINDOWSmozver.dat 2007-03-17 13:45:36 293,376 ----a-w D:WINDOWSsystem32winsrv.dll 2007-03-15 10:00:36 466,432 ----a-w D:WINDOWSsystem32SkanerOnline.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=D:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll [2005-09-24 07:12] {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}=D:PROGRA~1MEGAUP~1MEGAUP~1.DLL [2006-10-31 08:55] {53707962-6F74-2D53-2644-206D7942484F}=D:PROGRA~1SPYBOT~1SDHelper.dll [2005-05-31 01:04] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=D:Program FilesJavajre1.6.0binssv.dll [2007-05-10 17:53] [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] "avast!"="D:PROGRA~1ALWILS~1Avast4ashDisp.exe" [2007-04-30 17:42] "QveCtl2Tray"="D:Program FilesPhilipsSound Agent 2mc500cpl.exe" [2003-09-20 11:41] "WinPatrol"="D:Program FilesBillP StudiosWinPatrolwinpatrol.exe" [2007-04-03 13:54] "SDTray"="D:Program FilesSpyware DoctorSDTrayApp.exe" [2007-06-08 10:44] "Ashampoo FireWall"="D:Program FilesAshampooAshampoo FireWallFireWall.exe" [2007-04-05 14:57] [HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun] "Komunikator"="D:Program FilesTlen.pltlen.exe" [2006-10-02 11:30] "SpybotSD TeaTimer"="D:Program FilesSpybot - Search & DestroyTeaTimer.exe" [2005-05-31 01:04] [HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer] "NoSMMyDocs"=1 (0x1) "NoRecentDocsMenu"=0 (0x0) "NoSMMyPictures"=1 (0x1) "NoChangeStartMenu"=0 (0x0) "ClearRecentDocsOnExit"=0 (0x0) "NoRecentDocsHistory"=0 (0x0) "MaxRecentDocs"=11 (0xb) "NoStartMenuMFUprogramsList"=1 (0x1) [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifywingdm32] [HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsafebootminimalaawservice] [HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsafebootminimalsdauxservice] [HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsafebootminimalsdcoreservice] [HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionrun-] "Skype"="D:Program FilesSkypePhoneSkype.exe" /nosplash /minimized HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionsvchost *netsvcs* [HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{ea0 8a43-5bea-11d9-a05d-806d6172696f}] AutoRuncommand- E:setup.exe ************************************************************************** catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-06-09 22:44:07 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINEsystemControlSet003ServicesH a r m o n o g r a m a u t o m a t y c z n e j u s Bu g i L i v e U p d a t e ] "ImagePath"=""D:Program FilesSymantecLiveUpdateALUSchedulerSvc.exe"" [HKEY_LOCAL_MACHINEsystemControlSet003Serviceshelpsvc] "ServiceDll"="%WINDIR%PCHealthHelpCtrBinariespchsvc.dll" [HKEY_LOCAL_MACHINEsystemControlSet003ServicesHidServ] "ServiceDll"="%SystemRoot%System32hidserv.dll" [HKEY_LOCAL_MACHINEsystemControlSet003Serviceshidusb] "ImagePath"="system32DRIVERShidusb.sys" [HKEY_LOCAL_MACHINEsystemControlSet003Serviceshpn] [HKEY_LOCAL_MACHINEsystemControlSet003ServicesHTTP] "ImagePath"="System32DriversHTTP.sys" [HKEY_LOCAL_MACHINEsystemControlSet003ServicesHTTPFilter] "ServiceDll"="%SystemRoot%System32w3ssl.dll" [HKEY_LOCAL_MACHINEsystemControlSet003ServicesH a r m o n o g r a m a u t o m a t y c z n e j u s Bu g i L i v e U p d a t e ] "ImagePath"=""D:Program FilesSymantecLiveUpdateALUSchedulerSvc.exe"" [HKEY_LOCAL_MACHINEsystemControlSet003Serviceshelpsvc] "ServiceDll"="%WINDIR%PCHealthHelpCtrBinariespchsvc.dll" [HKEY_LOCAL_MACHINEsystemControlSet003ServicesHidServ] "ServiceDll"="%SystemRoot%System32hidserv.dll" [HKEY_LOCAL_MACHINEsystemControlSet003Serviceshidusb] "ImagePath"="system32DRIVERShidusb.sys" [HKEY_LOCAL_MACHINEsystemControlSet003Serviceshpn] [HKEY_LOCAL_MACHINEsystemControlSet003ServicesHTTP] "ImagePath"="System32DriversHTTP.sys" [HKEY_LOCAL_MACHINEsystemControlSet003ServicesHTTPFilter] "ServiceDll"="%SystemRoot%System32w3ssl.dll" Completion time: 2007-06-09 22:44:36 D:ComboFix2.txt ... 2007-06-09 09:57 D:ComboFix3.txt ... 2007-06-09 08:45 --- E O F --- Silent Runners "Silent Runners.vbs", revision R50, http://www.silentrunners.org/Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCUSoftwareMicrosoftWindowsCurrentVersionRun {++} "Komunikator" = "D:Program FilesTlen.pltlen.exe" ["o2.pl Sp. z o.o."] "SpybotSD TeaTimer" = "D:Program FilesSpybot - Search & DestroyTeaTimer.exe" ["Safer Networking Limited"] HKLMSoftwareMicrosoftWindowsCurrentVersionRun {++} "avast!" = "D:PROGRA~1ALWILS~1Avast4ashDisp.exe" ["ALWIL Software"] "QveCtl2Tray" = "D:Program FilesPhilipsSound Agent 2mc500cpl.exe" ["QSound Labs, Inc."] "WinPatrol" = "D:Program FilesBillP StudiosWinPatrolwinpatrol.exe" ["BillP Studios"] "SDTray" = "D:Program FilesSpyware DoctorSDTrayApp.exe" ["PC Tools"] "Ashampoo FireWall" = ""D:Program FilesAshampooAshampoo FireWallFireWall.exe" -TRAY" [null data] HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM...CLSID} = "AcroIEHlprObj Class" InProcServer32(Default) = "D:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll" ["Adobe Systems Incorporated"] {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}(Default) = (no title provided) -> {HKLM...CLSID} = "MEGAUPLOADTOOLBAR" InProcServer32(Default) = "D:PROGRA~1MEGAUP~1MEGAUP~1.DLL" ["MegaUpload"] {53707962-6F74-2D53-2644-206D7942484F}(Default) = (no title provided) -> {HKLM...CLSID} = (no title provided) InProcServer32(Default) = "D:PROGRA~1SPYBOT~1SDHelper.dll" ["Safer Networking Limited"] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided) -> {HKLM...CLSID} = "SSVHelper Class" InProcServer32(Default) = "D:Program FilesJavajre1.6.0binssv.dll" ["Sun Microsystems, Inc."] HKLMSoftwareMicrosoftWindowsCurrentVersionShell ExtensionsApproved "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania" -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania" InProcServer32(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" InProcServer32(Default) = "D:WINDOWSsystem32hticons.dll" ["Hilgraeve, Inc."] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" InProcServer32(Default) = "D:Program FilesWinRARrarext.dll" [null data] "{472083B0-C522-11CF-8763-00608CC02F24}" = "avast" -> {HKLM...CLSID} = "avast" InProcServer32(Default) = "D:Program FilesAlwil SoftwareAvast4ashShell.dll" ["ALWIL Software"] "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" = "OpenOffice.org Column Handler" -> {HKLM...CLSID} = (no title provided) InProcServer32(Default) = ""D:Program FilesOpenOffice.org 2.2programshlxthdl.dll"" ["Sun Microsystems, Inc."] "{087B3AE3-E237-4467-B8DB-5A38AB959AC9}" = "OpenOffice.org Infotip Handler" -> {HKLM...CLSID} = (no title provided) InProcServer32(Default) = ""D:Program FilesOpenOffice.org 2.2programshlxthdl.dll"" ["Sun Microsystems, Inc."] "{63542C48-9552-494A-84F7-73AA6A7C99C1}" = "OpenOffice.org Property Sheet Handler" -> {HKLM...CLSID} = (no title provided) InProcServer32(Default) = ""D:Program FilesOpenOffice.org 2.2programshlxthdl.dll"" ["Sun Microsystems, Inc."] "{3B092F0C-7696-40E3-A80F-68D74DA84210}" = "OpenOffice.org Thumbnail Viewer" -> {HKLM...CLSID} = (no title provided) InProcServer32(Default) = ""D:Program FilesOpenOffice.org 2.2programshlxthdl.dll"" ["Sun Microsystems, Inc."] HKLMSoftwareMicrosoftWindows NTCurrentVersionWinlogonNotify <<!>> AtiExtEventDLLName = "Ati2evxx.dll" ["ATI Technologies Inc."] HKLMSoftwareClassesFoldershellexColumnHandlers {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}(Default) = "OpenOffice.org Column Handler" -> {HKLM...CLSID} = (no title provided) InProcServer32(Default) = ""D:Program FilesOpenOffice.org 2.2programshlxthdl.dll"" ["Sun Microsystems, Inc."] {F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" InProcServer32(Default) = "D:Program FilesAdobeAcrobat 7.0ActiveXPDFShell.dll" ["Adobe Systems, Inc."] HKLMSoftwareClasses*shellexContextMenuHandlers avast(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}" -> {HKLM...CLSID} = "avast" InProcServer32(Default) = "D:Program FilesAlwil SoftwareAvast4ashShell.dll" ["ALWIL Software"] DAP_Menu(Default) = "{BED4C38B-F765-45AC-8C56-613F76BBF43E}" -> {HKLM...CLSID} = "DAPMenuShellExt Class" InProcServer32(Default) = "D:PROGRA~1DAPPRIVAC~1DAPCTX~1.DLL" ["Speedbit Ltd."] DAP_ShredMenu(Default) = "{BED4C38B-F765-45AC-8C56-613F76BBF43E}" -> {HKLM...CLSID} = "DAPMenuShellExt Class" InProcServer32(Default) = "D:PROGRA~1DAPPRIVAC~1DAPCTX~1.DLL" ["Speedbit Ltd."] WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" InProcServer32(Default) = "D:Program FilesWinRARrarext.dll" [null data] HKLMSoftwareClassesDirectoryshellexContextMenuHandlers DAP_ShredMenu(Default) = "{BED4C38B-F765-45AC-8C56-613F76BBF43E}" -> {HKLM...CLSID} = "DAPMenuShellExt Class" InProcServer32(Default) = "D:PROGRA~1DAPPRIVAC~1DAPCTX~1.DLL" ["Speedbit Ltd."] WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" InProcServer32(Default) = "D:Program FilesWinRARrarext.dll" [null data] HKLMSoftwareClassesFoldershellexContextMenuHandlers avast(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}" -> {HKLM...CLSID} = "avast" InProcServer32(Default) = "D:Program FilesAlwil SoftwareAvast4ashShell.dll" ["ALWIL Software"] WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" InProcServer32(Default) = "D:Program FilesWinRARrarext.dll" [null data] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer "NoSMMyDocs" = (REG_DWORD) hex:0x00000001 {User Configuration|Administrative Templates|Start Menu and Taskbar| Remove Documents menu from Start Menu} "NoRecentDocsMenu" = (REG_DWORD) hex:0x00000000 {unrecognized setting} "NoSMMyPictures" = (REG_DWORD) hex:0x00000001 {User Configuration|Administrative Templates|Start Menu and Taskbar| Remove My Pictures icon from Start Menu} "NoChangeStartMenu" = (REG_DWORD) hex:0x00000000 {unrecognized setting} "ClearRecentDocsOnExit" = (REG_DWORD) hex:0x00000000 {unrecognized setting} "NoRecentDocsHistory" = (REG_DWORD) hex:0x00000000 {unrecognized setting} "NoStartMenuMFUprogramsList" = (REG_DWORD) hex:0x00000001 {unrecognized setting} HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem "shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCUSoftwareMicrosoftInternet ExplorerDesktopGeneral "Wallpaper" = "D:WINDOWSsystem32configsystemprofileUstawienia lokalneDane aplikacjiMicrosoftWallpaper1.bmp" Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCUControl PanelDesktop "Wallpaper" = "D:Documents and SettingsMarcinUstawienia lokalneDane aplikacjiMicrosoftWallpaper1.bmp" Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLMSystemCurrentControlSetServicesWinsock2ParametersNameSpace_Catalog5Catalog_E tries {++} 000000000001LibraryPath = "%SystemRoot%System32mswsock.dll" [MS] 000000000002LibraryPath = "%SystemRoot%System32winrnr.dll" [MS] 000000000003LibraryPath = "%SystemRoot%System32mswsock.dll" [MS] Transport Service Providers HKLMSystemCurrentControlSetServicesWinsock2ParametersProtocol_Catalog9Catalog_En ries {++} 0000000000##PackedCatalogItem (contains) DLL [Company Name], (at) ## range: D:Program FilesAshampooAshampoo FireWallspi.dll [null data], 01 - 05, 16 %SystemRoot%system32mswsock.dll [MS], 06 - 15, 17 - 19 %SystemRoot%system32rsvpsp.dll [MS], 20 - 21 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCUSoftwareMicrosoftInternet ExplorerToolbarWebBrowser "{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}" -> {HKLM...CLSID} = "MEGAUPLOADTOOLBAR" InProcServer32(Default) = "D:PROGRA~1MEGAUP~1MEGAUP~1.DLL" ["MegaUpload"] HKLMSoftwareMicrosoftInternet ExplorerToolbar "{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}" = (no title provided) -> {HKLM...CLSID} = "MEGAUPLOADTOOLBAR" InProcServer32(Default) = "D:PROGRA~1MEGAUP~1MEGAUP~1.DLL" ["MegaUpload"] "{6932D140-ABC4-4073-A44C-D4A541665E35}" = "ImageShack Toolbar" -> {HKLM...CLSID} = "ImageShack Toolbar" InProcServer32(Default) = "D:WINDOWSImageShackToolbarImageShackToolbar.dll" ["ImageShack Corp."] Extensions (Tools menu items, main toolbar menu buttons) HKLMSoftwareMicrosoftInternet ExplorerExtensions {08B0E5C0-4FCB-11CF-AAA5-00401C608501} "MenuText" = "Sun Java Console" "CLSIDExtension" = "{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" {FB5F1910-F110-11D2-BB9E-00C04F795683} "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "D:Program FilesMessengermsmsgs.exe" [file not found] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Ad-Aware 2007 Service, aawservice, ""D:Program FilesLavasoftAd-Aware 2007aawservice.exe"" ["Lavasoft AB"] Ati HotKey Poller, Ati HotKey Poller, "D:WINDOWSsystem32Ati2evxx.exe" ["ATI Technologies Inc."] avast! Antivirus, avast! Antivirus, ""D:Program FilesAlwil SoftwareAvast4ashServ.exe"" ["ALWIL Software"] avast! iAVS4 Control Service, aswUpdSv, ""D:Program FilesAlwil SoftwareAvast4aswUpdSv.exe"" ["ALWIL Software"] avast! Mail Scanner, avast! Mail Scanner, ""D:Program FilesAlwil SoftwareAvast4ashMaiSv.exe" /service" ["ALWIL Software"] avast! Web Scanner, avast! Web Scanner, ""D:Program FilesAlwil SoftwareAvast4ashWebSv.exe" /service" ["ALWIL Software"] Spyware Doctor Auxiliary Service, sdAuxService, "D:Program FilesSpyware Doctorsvcntaux.exe" ["PC Tools"] Spyware Doctor Service, sdCoreService, "D:Program FilesSpyware Doctorswdsvc.exe" ["PC Tools"] Windows User Mode Driver Framework, UMWdf, "D:WINDOWSsystem32wdfmgr.exe" [MS] Print Monitors: --------------- HKLMSystemCurrentControlSetControlPrintMonitors SUGS2 LangmonDriver = "SUGS2LMK.DLL" ["Samsung Electronics."] ---------- <<!>>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 47 seconds. ---------- (total run time: 97 seconds)
CatchMe komentarz 10 czerwca 2007 komentarz 10 czerwca 2007 Jeszcze został jeden plik do usunięcia: 1. Otwórz program Pocket Killbox. W nim zaznacz opcję Delete on reboot a także All files . W Path wklej tę ścieżkę dostępu: C:WINDOWSsystem32wingdm32.dll Krzyżykiem zatwierdź kasację i zresetuj komputer. Następnie w HijackThis kasujesz wpis i wrzucasz logi: O20 - Winlogon Notify: wingdm32 - D:WINDOWS
rcwawa komentarz 10 czerwca 2007 Autor komentarz 10 czerwca 2007 O20 - Winlogon Notify: wingdm32 - D:WINDOWS to juz poprzedno kasowalem Hijacek ale spowrotem jest teraz po tej operacji Pcet Killbox'em komp nie chcial ruszyc wyskakiwal blad ze niewykrywa dysku systemowego lub jest blad dysku i nie chcial ani linux ale windows odpalic. wsadzilem plytke z windowsem i ustawilem start z CD i ruszyl (oryginalnie bylo floppy) pozniej ustawilem jeszcze zbey odpal z twardego dysku i tez normalnie dziala. Hijack znowu wykrywa to O20 - Winlogon Notify: wingdm32 - D:WINDOWS
CatchMe komentarz 10 czerwca 2007 komentarz 10 czerwca 2007 No to nie jest wina plików tylko coś ze sprzętem... dlaczego niby linux miałby się nie odpalić po usunięciu pliku windowsa?? Musisz usunąć ten plik ... spróbuj w trybie awaryjnym.
Spawn komentarz 14 czerwca 2007 komentarz 14 czerwca 2007 Mam podobny problem a mianowicie kilka razy dziennie (przewaznie jak lacze sie z netemi odpalam IE ) avast wyskakuje mi zkomunikatem ze znalazl konia trojanskiego a potem kiedy wlacze kwarantanne albo go usune wyskakuje mi reklamiarz i otwiera mi sie strona z error safe. Nie jestem az takobeznany w kompie i nie rozumiem tego co napisaliscie powyzej tak wiec prosze was o wytlumaczenie mi co mam zrobic w bardziej przyziemny i zrozumialy dla mnie sposob z gory dziekuje za pomoc
CatchMe komentarz 14 czerwca 2007 komentarz 14 czerwca 2007 Załóż nowy temat i tam wklej opis jaki i logi.
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.