Wštki
satyr - Pią Wrz 28, 2007 12:48 am
Witam.
Nie mam pojęcia co to było, aczkolwiek strasznie natrętne
Proszę sprawdźcie logi....
Kod: Zaznacz wszystkoComboFix 07-09-21.2 - "fikthor" 2007-09-28 2:22:19.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1128 [GMT 2:00]
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2007-08-28 to 2007-09-28 )))))))))))))))))))))))))))))))
.
2007-09-28 02:20 365,013 --a------ C:\WINNT\system32\drivers\Ids_cfg.dat
2007-09-28 02:11 51,200 --a------ C:\WINNT\NirCmd.exe
2007-09-28 01:50 68,888 --a------ C:\WINNT\system32\xinput1_3.dll
2007-09-28 01:50 2,414,360 --a------ C:\WINNT\system32\d3dx9_31.dll
2007-09-28 01:49 <DIR> d----c--- C:\WINNT\system32\DRVSTORE
2007-09-28 01:49 <DIR> d-------- C:\WINNT\system32\AGEIA
2007-09-28 01:49 <DIR> d-------- C:\Program Files\AGEIA Technologies
2007-09-28 01:42 <DIR> d-------- C:\Program Files\DAEMON Tools
2007-09-28 01:36 685,816 --a------ C:\WINNT\system32\drivers\sptd.sys
2007-09-28 00:09 1,156 --a------ C:\WINNT\mozver.dat
2007-09-27 23:46 <DIR> d-------- C:\WINNT\pss
2007-09-27 23:41 <DIR> d-------- C:\DOCUME~1\fikthor\DANEAP~1\Opera
2007-09-27 23:28 <DIR> d-------- C:\DOCUME~1\fikthor\DANEAP~1\FastStone
2007-09-27 23:21 0 --a------ C:\WINNT\nsreg.dat
2007-09-27 23:21 <DIR> d-------- C:\DOCUME~1\fikthor\DANEAP~1\Talkback
2007-09-27 23:14 <DIR> d-------- C:\WINNT\system32\NtmsData
2007-09-27 23:07 <DIR> d-------- C:\Program Files\Tiny Firewall Pro
2007-09-27 23:07 <DIR> d-------- C:\Program Files\Common Files\PFShared
2007-09-27 23:04 58,624 --a------ C:\WINNT\system32\drivers\redbook.sys
2007-09-27 23:02 <DIR> d--hs---- C:\WINNT\Installer
2007-09-27 23:01 <DIR> dr-h----- C:\DOCUME~1\DEFAUL~1\Ustawienia lokalne
2007-09-27 23:01 <DIR> dr-h----- C:\DOCUME~1\DEFAUL~1\Dane aplikacji
2007-09-27 23:01 <DIR> dr-h----- C:\DOCUME~1\ALLUSE~1\Dane aplikacji
2007-09-27 23:01 <DIR> dr------- C:\DOCUME~1\DEFAUL~1\Menu Start
2007-09-27 23:01 <DIR> dr------- C:\DOCUME~1\ALLUSE~1\Menu Start
2007-09-27 23:01 <DIR> dr------- C:\DOCUME~1\ALLUSE~1\Dokumenty
2007-09-27 23:01 <DIR> d--h----- C:\DOCUME~1\DEFAUL~1\Szablony
2007-09-27 23:01 <DIR> d--h----- C:\DOCUME~1\ALLUSE~1\Szablony
2007-09-27 23:01 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\Ulubione
2007-09-27 23:01 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\Pulpit
2007-09-27 23:01 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\Moje dokumenty
2007-09-27 23:01 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Ulubione
2007-09-27 23:01 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Pulpit
2007-09-27 22:38 <DIR> d--h----- C:\WINNT\PIF
2007-09-27 22:29 <DIR> d-------- C:\DOCUME~1\fikthor\DANEAP~1\Media Player Classic
2007-09-27 22:20 <DIR> d-------- C:\Program Files\Clock Tray Skins
2007-09-27 22:18 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Spybot - Search & Destroy
2007-09-27 22:16 <DIR> d-------- C:\Program Files\Apple Software Update
2007-09-27 22:16 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Apple Computer
2007-09-27 22:16 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Apple
2007-09-27 22:15 7,680 --a------ C:\WINNT\system32\ff_vfw.dll
2007-09-27 22:15 348,160 --a------ C:\WINNT\system32\msvcr71.dll
2007-09-27 22:15 3,596,288 --a------ C:\WINNT\system32\qt-dx331.dll
2007-09-27 22:15 163,840 --a------ C:\WINNT\system32\unrar.dll
2007-09-27 22:15 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2007-09-27 22:11 <DIR> d-------- C:\Program Files\Lavasoft
2007-09-27 22:11 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-09-27 22:11 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Lavasoft
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-28 02:16 22474 --a------ C:\WINNT\system32\drivers\kmxcfg.u2k
2007-09-27 23:04 512096 --a------ C:\WINNT\system32\drivers\amon.sys
2007-09-27 23:04 298104 --a------ C:\WINNT\system32\imon.dll
2007-09-27 23:04 15424 --a------ C:\WINNT\system32\drivers\nod32drv.sys
2007-09-27 22:34 --------- d-------- C:\Program Files\AvRack
2007-09-27 21:58 --------- d-------- C:\DOCUME~1\fikthor\DANEAP~1\Help
2007-09-27 21:34 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-09-27 21:34 --------- d-------- C:\Program Files\ATI Technologies
2007-09-27 21:31 --------- d-------- C:\Program Files\EPOX
2007-09-27 21:30 --------- d-------- C:\Program Files\Realtek Sound Manager
2007-09-27 21:28 --------- d-------- C:\Program Files\Microsoft IntelliPoint
2007-09-27 21:28 --------- d-------- C:\Program Files\Common Files\InstallShield
2007-08-22 04:33 46432 --a------ C:\WINNT\system32\drivers\ativvpxx.vp
2007-08-22 04:09 352256 --a------ C:\WINNT\system32\ATIDEMGX.dll
2007-08-22 03:48 8306688 --a------ C:\WINNT\system32\atioglx2.dll
2007-08-22 03:19 266240 --a------ C:\WINNT\system32\atikvmag.dll
2007-08-22 03:15 172032 --a------ C:\WINNT\system32\atiok3x2.dll
2007-08-22 03:13 49152 --a------ C:\WINNT\system32\drivers\ati2erec.dll
2007-08-07 13:58 8320 --a------ C:\WINNT\system32\drivers\AWRTRD.sys
2007-08-07 13:56 9344 --a------ C:\WINNT\system32\drivers\NSDriver.sys
--------- C:\Program Files\Usługi online
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2003-05-16 01:41]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-04-21 21:10]
"AAWTray"="C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe" [2007-08-08 15:53]
"QuickTime Task"="D:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
"SoundMan"="SOUNDMAN.EXE" [2003-10-08 11:41 C:\WINNT\soundman.exe]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-09-27 23:04]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]
"SkinClock"="C:\Program Files\Clock Tray Skins\ClockTraySkins.exe" [2007-07-29 10:55]
"AMonitor"="C:\Program Files\Tiny Firewall Pro\amon.exe" [2005-05-12 16:03]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"nlsf"=cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll"
"tscuninstall"=%systemroot%\system32\tscupgrd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
UmxWnp.Dll 2004-04-14 06:02 73793 C:\WINNT\system32\UmxWNP.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=UmxSbxExw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINNT\system32\ctfmon.exe
R0 KmxNdis;KmxNdis;C:\WINNT\system32\DRIVERS\kmxndis.sys
R0 SI3112r;Silicon Image SiI 3112 SATARaid Controller;C:\WINNT\system32\DRIVERS\si3112r.sys
R1 KmxAgent;KmxAgent;C:\WINNT\system32\DRIVERS\kmxagent.sys
R1 KmxFile;KmxFile;C:\WINNT\system32\DRIVERS\KmxFile.sys
R1 KmxFw;KmxFw;C:\WINNT\system32\DRIVERS\kmxfw.sys
R1 KmxIds;KmxIds;C:\WINNT\system32\DRIVERS\kmxids.sys
R2 KmxBiG;KmxBiG;C:\WINNT\system32\DRIVERS\KmxBiG.sys
R2 KmxSbx;KmxSbx;C:\WINNT\system32\DRIVERS\KmxSbx.sys
R2 UmxAgent;FW Event Manager;"C:\Program Files\Tiny Firewall Pro\UmxAgent.exe"
R2 UmxCfg;FW Configuration Interpreter;"C:\Program Files\Common Files\PFShared\UmxCfg.exe"
R2 UmxLU;FW Live Update;"C:\Program Files\Common Files\PFShared\umxlu.exe"
R2 UmxPol;FW Policy Manager;"C:\Program Files\Common Files\PFShared\UmxPol.exe"
R3 KmxCfg;KmxCfg;C:\WINNT\system32\DRIVERS\kmxcfg.sys
R3 Point32;Microsoft IntelliPoint Filter Driver;C:\WINNT\system32\DRIVERS\point32.sys
*Newly Created Service* - CATCHME
.
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-28 02:24:04
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-09-28 2:24:55
.
--- E O F ---
Kod: Zaznacz wszystko"Silent Runners.vbs", revision 49, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"SpybotSD TeaTimer" = "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" ["Safer Networking Limited"]
"SkinClock" = "C:\Program Files\Clock Tray Skins\ClockTraySkins.exe" [null data]
"AMonitor" = "C:\Program Files\Tiny Firewall Pro\amon.exe" ["Tiny Software, Inc."]
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"IntelliPoint" = ""C:\Program Files\Microsoft IntelliPoint\point32.exe"" [MS]
"ATIPTA" = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."]
"AAWTray" = "C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe" [null data]
"QuickTime Task" = ""D:\Program Files\QuickTime\QTTask.exe" -atboottime" ["Apple Inc."]
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"nod32kui" = ""C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE" ["Eset "]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Spybot-S&D IE Protection"
\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINNT\system32\hticons.dll" ["Hilgraeve, Inc."]
"{3028902F-6374-48b2-8DC6-9725E775B926}" = "IE Microsoft AutoComplete"
-> {HKLM...CLSID} = "IE Microsoft AutoComplete"
\InProcServer32\(Default) = "C:\WINNT\system32\browseui.dll" [MS]
"{EFA24E62-B078-11d0-89E4-00C04FC9E26E}" = "History Band"
-> {HKLM...CLSID} = "History Band"
\InProcServer32\(Default) = "C:\WINNT\system32\shdocvw.dll" [MS]
"{20082881-FC36-4E47-9A7A-644C95FF749F}" = "IntelliPoint Wireless Control Panel Property Page"
-> {HKLM...CLSID} = "Wireless Property Page"
\InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliPoint\ipcplwir.dll"" [MS]
"{AF90F543-6A3A-4C1B-8B16-ECEC073E69BE}" = "IntelliPoint Wheel Control Panel Property Page"
-> {HKLM...CLSID} = "Wheel Property Page"
\InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliPoint\ipcplwhl.dll"" [MS]
"{653DCCC2-13DB-45B2-A389-427885776CFE}" = "IntelliPoint Activities Control Panel Property Page"
-> {HKLM...CLSID} = "Activities Property Page"
\InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliPoint\ipcplact.dll"" [MS]
"{124597D8-850A-41AE-849C-017A4FA99CA2}" = "IntelliPoint Buttons Control Panel Property Page"
-> {HKLM...CLSID} = "Buttons Property Page"
\InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliPoint\ipcplbtn.dll"" [MS]
"{B089FE88-FB52-11D3-BDF1-0050DA34150D}" = "NOD32 Context Menu Shell Extension"
-> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\
<<!>> "AppInit_DLLs" = "UmxSbxExw.dll" ["Tiny Software Inc."]
HKLM\System\CurrentControlSet\Control\Session Manager\
<<!>> "BootExecute" = "autocheck autochk *"|"lsdelete" [null data]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]
<<!>> PFW\DLLName = "UmxWnp.Dll" ["Tiny Software Inc."]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"
-> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"
-> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]
Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------
Note: detected settings may not have any effect.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\
"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}
"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\fikthor\Dane aplikacji\FastStone\FSIV\FSViewerWallPaper.bmp"
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
C:\WINNT\system32\imon.dll ["Eset "], 01 - 05, 21
%SystemRoot%\system32\mswsock.dll [MS], 06 - 08, 11 - 20
%SystemRoot%\system32\rsvpsp.dll [MS], 09 - 10
Toolbars, Explorer Bars, Extensions:
------------------------------------
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\
"MenuText" = "Spybot - Search & Destroy Configuration"
"CLSIDExtension" = "{53707962-6F74-2D53-2644-206D7942484F}"
-> {HKLM...CLSID} = "Spybot-S&D IE Protection"
\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
Ad-Aware 2007 Service, aawservice, ""C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe"" ["Lavasoft AB"]
Ati HotKey Poller, Ati HotKey Poller, "C:\WINNT\system32\Ati2evxx.exe" ["ATI Technologies Inc."]
FW Configuration Interpreter, UmxCfg, ""C:\Program Files\Common Files\PFShared\UmxCfg.exe"" ["Tiny Software, Inc."]
FW Event Manager, UmxAgent, ""C:\Program Files\Tiny Firewall Pro\UmxAgent.exe"" ["Tiny Software, Inc."]
FW Live Update, UmxLU, ""C:\Program Files\Common Files\PFShared\umxlu.exe"" ["Tiny Software, Inc."]
FW Policy Manager, UmxPol, ""C:\Program Files\Common Files\PFShared\UmxPol.exe"" ["Tiny Software Inc."]
FW User-Mode Helper, UmxFwHlp, ""C:\Program Files\Tiny Firewall Pro\UmxFwHlp.exe"" ["Tiny Software, Inc."]
NOD32 Kernel Service, NOD32krn, ""C:\Program Files\Eset\nod32krn.exe"" ["Eset "]
----------
<<!>>: Suspicious data at a malware launch point.
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 23 seconds, including 4 seconds for message boxes)
Kod: Zaznacz wszystkoLogfile of HijackThis v1.99.1
Scan saved at 02:36:55, on 2007-09-28
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\PFShared\UmxCfg.exe
C:\Program Files\Tiny Firewall Pro\UmxFwHlp.exe
C:\Program Files\Common Files\PFShared\UmxPol.exe
C:\Program Files\Tiny Firewall Pro\UmxAgent.exe
C:\Program Files\Tiny Firewall Pro\UmxTray.exe
C:\WINNT\system32\Ati2evxx.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Common Files\PFShared\umxlu.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\WINNT\SOUNDMAN.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Clock Tray Skins\ClockTraySkins.exe
C:\WINNT\system32\wscntfy.exe
D:\Program Files\Portable Total Commander 6.54a PL\TOTALCMD.EXE
C:\WINNT\explorer.exe
C:\WINNT\system32\notepad.exe
D:\Program Files\Opera\Opera.exe
D:\Program Files\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Clock Tray Skins\ClockTraySkins.exe
O4 - HKCU\..\Run: [AMonitor] C:\Program Files\Tiny Firewall Pro\amon.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O20 - Winlogon Notify: PFW - C:\WINNT\SYSTEM32\UmxWnp.Dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: FW Event Manager (UmxAgent) - Tiny Software, Inc. - C:\Program Files\Tiny Firewall Pro\UmxAgent.exe
O23 - Service: FW Configuration Interpreter (UmxCfg) - Tiny Software, Inc. - C:\Program Files\Common Files\PFShared\UmxCfg.exe
O23 - Service: FW User-Mode Helper (UmxFwHlp) - Tiny Software, Inc. - C:\Program Files\Tiny Firewall Pro\UmxFwHlp.exe
O23 - Service: FW Live Update (UmxLU) - Tiny Software, Inc. - C:\Program Files\Common Files\PFShared\umxlu.exe
O23 - Service: FW Policy Manager (UmxPol) - Tiny Software Inc. - C:\Program Files\Common Files\PFShared\UmxPol.exe
pp3088 - Pią Wrz 28, 2007 7:57 am
Wydaje mi się, że jest czysto.
Przeskanuj UmxWnp.Dll na http://virusscan.jotti.org/.
slake1 - Pią Wrz 28, 2007 1:05 pm
Plik powinien być czysty, mam go u siebie
satyr - Pią Wrz 28, 2007 1:15 pm
Dzięki
Teraz wszystko powinno grać.