CentrumXP Forum Tematyka portalu CentrumXP.pl Bezpieczeństwo Wirus a moze robal

Wirus a moze robal

Zeskanowałem kompa skanerami on line i w trybie awaryjnym kasperskim (wykrył trojana ktorego tamte nie wykryły,oczywiscie del))ale dalej mi sie wydaje ze mam wira:

2 svchosty system
2 svchosty usluga sieciowa
1 usluga lokalna

otwarte porty to
tcp
110 pop3
135 epmap
139 netbios–ssn
3306 mysql
udp
123 ntp
137 netbios ns
138 netbios dgm
1900 ssdp
skanowałem ale wydaje mi sie ze mam wira

to mi pisze w programie do ściągania z irca
139 :: Normally Ms Netbios–SSN but could be Chode – God Message worm – Msinit – Netlog – Network – Qaz

hijack nie wiem dlaczego pokazuje tylko 2 procesy svchost
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\D–Tools\daemon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
C:\WINDOWS\system32\ctfmon.exe
G:\usr\MYSQL\bin\mysqld.exe
C:\Program Files\Kerio\Personal Firewall\persfw.exe
C:\wincmd\WinCmd32.exe
C:\Downloads\hijackthis\HijackThis.exe

R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\se.dll/sp.html
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\se.dll/sp.html
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.2:8080
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 – URLSearchHook: (no name) – {8952A998–1E7E–4716–B23D–3DBE03910972} – (no file)
O2 – BHO: (no name) – {00320615–B6C2–40A6–8F99–F1C52D674FAD} – (no file)
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 – BHO: (no name) – {7012A191–2B5A–4AA9–8013–34E3889C6156} – (no file)
O2 – BHO: IeCatch2 Class – {A5366673–E8CA–11D3–9CD9–0090271D075B} – C:\PROGRA~1\FlashGet\jccatch.dll
O3 – Toolbar: FlashGet Bar – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – C:\PROGRA~1\FlashGet\fgiebar.dll
O4 – HKLM\..\Run: [DAEMON Tools–1033] "C:\Program Files\D–Tools\daemon.exe" –lang 1033
O4 – HKLM\..\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
O4 – HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 – Extra context menu item: Ściągnij przy pomocy FlashGet'a – C:\Program Files\FlashGet\jc_link.htm
O8 – Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a – C:\Program Files\FlashGet\jc_all.htm
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 – Extra button: (no name) – {85d1f590–48f4–11d9–9669–0800200c9a66} – %windir%\bdoscandel.exe (file missing)
O9 – Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 – {85d1f590–48f4–11d9–9669–0800200c9a66} – %windir%\bdoscandel.exe (file missing)
O9 – Extra button: Badanie – {92780B25–18CC–41C8–B9BE–3C9C571A8263} – C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 – Extra button: (no name) – {CD67F990–D8E9–11d2–98FE–00C0F0318AFE} – (no file)
O9 – Extra button: FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:\PROGRA~1\FlashGet\flashget.exe
O9 – Extra 'Tools' menuitem: &FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:\PROGRA~1\FlashGet\flashget.exe
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra 'Tools' menuitem: Windows Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O16 – DPF: {15AD4789–CDB4–47E1–A9DA–992EE8E6BAD6} – http://public.windupdates.com/get_file.php? bt=ie&p=d9e142b50554d145ae1adefa032956f30588130c7a248 97b98c70b21112bdefdf8e14f292f641a9fbac16900c5eb337458 afea412a57f92bf92a995c7b068353:4988410fc26869297cfaa5002feb2f13
O16 – DPF: {5D86DDB5–BDF9–441B–9E9E–D4730F4EE499} (BDSCANONLINE Control) – http://www.bitdefender.com/scan8/oscan8.cab
O16 – DPF: {7B297BFD–85E4–4092–B2AF–16A91B2EA103} (WScanCtl Class) – http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 – DPF: {C5E28B9D–0A68–4B50–94E9–E8F6B4697514} (NsvPlayX Control) – http://www.tv.poloniaonline.us/nsvplayx_vp3_mp3.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{17917715–DBEF–45D1–8923–229777FAD687}: NameServer = 192.168.0.2
O17 – HKLM\System\CS1\Services\Tcpip\..\{17917715–DBEF–45D1–8923–229777FAD687}: NameServer = 192.168.0.2
O17 – HKLM\System\CS2\Services\Tcpip\..\{17917715–DBEF–45D1–8923–229777FAD687}: NameServer = 192.168.0.2
O18 – Filter: text/html – {229F8A67–DD66–4B8C–94ED–B1C1B2734B5B} – (no file)
O18 – Filter: text/plain – {229F8A67–DD66–4B8C–94ED–B1C1B2734B5B} – (no file)
O23 – Service: Ati HotKey Poller – Unknown owner – C:\WINDOWS\system32\Ati2evxx.exe
O23 – Service: ATI Smart – Unknown owner – C:\WINDOWS\system32\ati2sgag.exe
O23 – Service: C–DillaCdaC11BA – Macrovision – C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 – Service: kavsvc – Kaspersky Lab – C:\Program Files\Kaspersky Lab\Kaspersky Anti–Virus Personal\kavsvc.exe
O23 – Service: MySql – Unknown owner – G:\usr/MYSQL/bin/mysqld.exe
O23 – Service: Panda Firewall Service (PAVFIRES) – Unknown owner – C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe (file missing)
O23 – Service: Panda anti–virus service (PAVSRV) – Unknown owner – C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe (file missing)
O23 – Service: Kerio Personal Firewall (PersFw) – Kerio Technologies – C:\Program Files\Kerio\Personal Firewall\persfw.exe
O23 – Service: Power Manager (PowerManager) – Unknown owner – C:\WINDOWS\svchost.exe (file missing)
O23 – Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) – Unknown owner – %ProgramFiles%\WinPcap\rpcapd.exe" –d –f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

Odpowiedzi: 20

Bobi:

Odnosnie czego ??
God Message osobiscie bym olał – nic go nie znajduje, co do portu to wyłacz posłanća spod services.msc, port zablokuj firewallem
Systemowi zafunduj witaminke w postaci Windows Update.


No dobra to dzieki Bobi i El nino
Mowgli
Dodano
13.05.2005 22:39:16
Mowgli:
...jest pytanie co dalej?

Odnosnie czego ??
God Message osobiscie bym olał – nic go nie znajduje, co do portu to wyłacz posłanća spod services.msc, port zablokuj firewallem
Systemowi zafunduj witaminke w postaci Windows Update.
Bobi
Dodano
13.05.2005 17:09:23
tego pliku nie ma localNRD.dll
ale dodałem to do rejestru i nie ma juz Vx2 po zeskanowaniu spyhunterem ,ale jest pytanie co dalej?
Mowgli
Dodano
13.05.2005 13:12:45
W logu niczego nie widać albo ślepawy juz jestem.
Poszukaj na dysku pliku localNRD.dll oraz zrob sprzatanie w Tempach, czyt. oproznij
Otworz notatnik i wklej do niego:
Windows Registry Editor Version 5.00

[–HKEY_CURRENT_USER\Software\LocalNRD]

Zapisz z rozszerzeniem *.reg i dodaj do rejestru.
Bobi
Dodano
12.05.2005 23:48:59




log spy hunter
###########################Runnning Processes DATA###########################
processName = SMSS.EXE File Size = 50688 File Path = \SystemRoot\System32\smss.exe ModuleMD5 = bb98b73f337bcce0737999250c43e1ef
processName = WINLOGON.EXE File Size = 504832 File Path = \??\C:\WINDOWS\system32\winlogon.exe ModuleMD5 = 0344407089b08548d4feba62bb0f32d0
processName = SERVICES.EXE File Size = 108544 File Path = C:\WINDOWS\system32\services.exe ModuleMD5 = 3da8d964d2cc12ef8e8c342471a37917
processName = LSASS.EXE File Size = 13312 File Path = C:\WINDOWS\system32\lsass.exe ModuleMD5 = f485fefc8cc4fd29243d800be5d275d1
processName = ATI2EVXX.EXE File Size = 389120 File Path = C:\WINDOWS\system32\Ati2evxx.exe ModuleMD5 = 4deaa162480367b232f3ee3a6d34084b
processName = SVCHOST.EXE File Size = 14336 File Path = C:\WINDOWS\system32\svchost.exe ModuleMD5 = ba98327e90022dbd6ee76490e0622e2e
processName = SVCHOST.EXE File Size = 14336 File Path = C:\WINDOWS\System32\svchost.exe ModuleMD5 = ba98327e90022dbd6ee76490e0622e2e
processName = SPOOLSV.EXE File Size = 57856 File Path = C:\WINDOWS\system32\spoolsv.exe ModuleMD5 = bebe8a85954ff460374fd5a0cd21e19b
processName = CDAC11BA.EXE File Size = 54784 File Path = C:\WINDOWS\system32\drivers\CDAC11BA.EXE ModuleMD5 = 9bdbda21d3ba8e374fd06a405be10215
processName = ATI2EVXX.EXE File Size = 389120 File Path = C:\WINDOWS\system32\Ati2evxx.exe ModuleMD5 = 4deaa162480367b232f3ee3a6d34084b
processName = DAEMON.EXE File Size = 81920 File Path = C:\Program Files\D–Tools\daemon.exe ModuleMD5 = 804fbb66ec6ca862b840d173efc638a7
processName = AMOUMAIN.EXE File Size = 159744 File Path = C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe ModuleMD5 = 954e3832905199a7b63534c4f0f6ad04
processName = MDM.EXE File Size = 322120 File Path = C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE ModuleMD5 = 11f714f85530a2bd134074dc30e99fca
processName = MYSQLD.EXE File Size = 2928700 File Path = G:\usr\MYSQL\bin\mysqld.exe ModuleMD5 = b90e7dd15d998ed0665d34a0c53193c0
processName = CTFMON.EXE File Size = 15360 File Path = C:\WINDOWS\system32\ctfmon.exe ModuleMD5 = cbfa30492d70ce3938d8a7783d0c0436
processName = PERSFW.EXE File Size = 389120 File Path = C:\Program Files\Kerio\Personal Firewall\persfw.exe ModuleMD5 = 66d4c8071060d4dd3719e7035f897786
processName = EXPLORER.EXE File Size = 1033728 File Path = C:\WINDOWS\explorer.exe ModuleMD5 = 379098a96e6c165b659de7e4328010ea
processName = IEXPLORE.EXE File Size = 93184 File Path = C:\Program Files\Internet Explorer\iexplore.exe ModuleMD5 = 94e790cb14279ff3ea244daf0864b8a6
processName = SPYHUNTER.EXE File Size = 2469888 File Path = C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe ModuleMD5 = b0966fa7fbc70d83e6bdbf7257247bff
processName = SVCHOST.EXE File Size = 14336 File Path = C:\WINDOWS\system32\svchost.exe ModuleMD5 = ba98327e90022dbd6ee76490e0622e2e
###########################REGISTRY MD5 DATA###########################

Name=DAEMON Tools–1033 Data="C:\Program Files\D–Tools\daemon.exe" –lang 1033 FileSize = 81920 MD5=804fbb66ec6ca862b840d173efc638a7
Name=WheelMouse Data=C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
FileSize = 159744 MD5=954e3832905199a7b63534c4f0f6ad04



Name=ctfmon.exe Data=C:\WINDOWS\system32\ctfmon.exe
FileSize = 15360 MD5=cbfa30492d70ce3938d8a7783d0c0436


Name=CTFMON.EXE Data=C:\WINDOWS\system32\CTFMON.EXE
FileSize = 15360 MD5=cbfa30492d70ce3938d8a7783d0c0436

#############################FILE MD5 DATA#############################

#############################SERVICES DATA#############################
Service Name = ALG Service Display Name = Usługa bramy warstwy aplikacji Opened = YES Status = Running Query = SUCCESS Service Type = 16 Service Start Type = 3 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\alg.exe Binary Size = 44544 Binary MD5 = 9d12991bc6b6c5c0fbab4c06e7073df1
Service Name = Ati HotKey Poller Service Display Name = Ati HotKey Poller Opened = YES Status = Running Query = SUCCESS Service Type = 272 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\Ati2evxx.exe Binary Size = 389120 Binary MD5 = 4deaa162480367b232f3ee3a6d34084b
Service Name = AudioSrv Service Display Name = Windows Audio Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe –k netsvcs Binary Size = 0 Binary MD5 =
Service Name = C–DillaCdaC11BA Service Display Name = C–DillaCdaC11BA Opened = YES Status = Running Query = SUCCESS Service Type = 16 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\drivers\CDAC11BA.EXE Binary Size = 54784 Binary MD5 = 9bdbda21d3ba8e374fd06a405be10215
Service Name = CryptSvc Service Display Name = Usługi kryptograficzne Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe –k netsvcs Binary Size = 0 Binary MD5 =
Service Name = DcomLaunch Service Display Name = Program uruchamiający proces serwera DCOM Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost –k DcomLaunch Binary Size = 0 Binary MD5 =
Service Name = Dhcp Service Display Name = Klient DHCP Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe –k netsvcs Binary Size = 0 Binary MD5 =
Service Name = dmserver Service Display Name = Menedźer dysków logicznych Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe –k netsvcs Binary Size = 0 Binary MD5 =
Service Name = Dnscache Service Display Name = Klient DNS Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe –k NetworkService Binary Size = 0 Binary MD5 =
Service Name = ERSvc Service Display Name = Usługa raportowania błędów Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 0 Service Binary Path = C:\WINDOWS\System32\svchost.exe –k netsvcs Binary Size = 0 Binary MD5 =
Service Name = Eventlog Service Display Name = Dziennik zdarzeń Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\services.exe Binary Size = 108544 Binary MD5 = 3da8d964d2cc12ef8e8c342471a37917
Service Name = EventSystem Service Display Name = System zdarzeń COM+ Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 3 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe –k netsvcs Binary Size = 0 Binary MD5 =
Service Name = helpsvc Service Display Name = Pomoc i obsługa techniczna Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe –k netsvcs Binary Size = 0 Binary MD5 =
Service Name = kavsvc Service Display Name = kavsvc Opened = YES Status = Running Query = SUCCESS Service Type = 16 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\Program Files\Kaspersky Lab\Kaspersky Anti–Virus Personal\kavsvc.exe Binary Size = 548970 Binary MD5 = acbf80667fa2d12f741dd24e187781ef
Service Name = lanmanserver Service Display Name = Serwer Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe –k netsvcs Binary Size = 0 Binary MD5 =
Service Name = lanmanworkstation Service Display Name = Stacja robocza Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe –k netsvcs Binary Size = 0 Binary MD5 =
Service Name = LmHosts Service Display Name = Pomoc TCP/IP NetBIOS Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe –k LocalService Binary Size = 0 Binary MD5 =
Service Name = MDM Service Display Name = Machine Debug Manager Opened = YES Status = Running Query = SUCCESS Service Type = 272 Service Start Type = 2 Service Error Control = 1 Service Binary Path = "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE" Binary Size = 0 Binary MD5 =
Service Name = MySql Service Display Name = MySql Opened = YES Status = Running Query = SUCCESS Service Type = 16 Service Start Type = 2 Service Error Control = 1 Service Binary Path = G:\usr/MYSQL/bin/mysqld.exe Binary Size = 2928700 Binary MD5 = b90e7dd15d998ed0665d34a0c53193c0
Service Name = Netman Service Display Name = Połączenia sieciowe Opened = YES Status = Running Query = SUCCESS Service Type = 288 Service Start Type = 3 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe –k netsvcs Binary Size = 0 Binary MD5 =
Service Name = Nla Service Display Name = Rozpoznawanie lokalizacji w sieci (NLA) Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 3 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe –k netsvcs Binary Size = 0 Binary MD5 =
Service Name = PersFw Service Display Name = Kerio Personal Firewall Opened = YES Status = Running Query = SUCCESS Service Type = 272 Service Start Type = 2 Service Error Control = 1 Service Binary Path = "C:\Program Files\Kerio\Personal Firewall\persfw.exe" Binary Size = 0 Binary MD5 =
Service Name = PlugPlay Service Display Name = Plug and Play Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\services.exe Binary Size = 108544 Binary MD5 = 3da8d964d2cc12ef8e8c342471a37917
Service Name = PolicyAgent Service Display Name = Usługi IPSEC Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\lsass.exe Binary Size = 13312 Binary MD5 = f485fefc8cc4fd29243d800be5d275d1
Service Name = ProtectedStorage Service Display Name = Magazyn chroniony Opened = YES Status = Running Query = SUCCESS Service Type = 288 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\lsass.exe Binary Size = 13312 Binary MD5 = f485fefc8cc4fd29243d800be5d275d1
Service Name = RasMan Service Display Name = Menedźer połączeń usługi Dostęp zdalny Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 3 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe –k netsvcs Binary Size = 0 Binary MD5 =
Service Name = RemoteRegistry Service Display Name = Rejestr zdalny Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe –k LocalService Binary Size = 0 Binary MD5 =
Service Name = RpcSs Service Display Name = Zdalne wywoływanie procedur (RPC) Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost –k rpcss Binary Size = 0 Binary MD5 =
Service Name = SamSs Service Display Name = Menedźer kont zabezpieczeń Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\lsass.exe Binary Size = 13312 Binary MD5 = f485fefc8cc4fd29243d800be5d275d1
Service Name = Schedule Service Display Name = Harmonogram zadań Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe –k netsvcs Binary Size = 0 Binary MD5 =
Service Name = seclogon Service Display Name = Logowanie pomocnicze Opened = YES Status = Running Query = SUCCESS Service Type = 288 Service Start Type = 2 Service Error Control = 0 Service Binary Path = C:\WINDOWS\System32\svchost.exe –k netsvcs Binary Size = 0 Binary MD5 =
Service Name = SENS Service Display Name = Zawiadomienie o zdarzeniu systemowym Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe –k netsvcs Binary Size = 0 Binary MD5 =
Service Name = SharedAccess Service Display Name = Zapora systemu Windows/Udostępnianie połączenia internetowego Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe –k netsvcs Binary Size = 0 Binary MD5 =
Service Name = ShellHWDetection Service Display Name = Wykrywanie sprzętu powłoki Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 0 Service Binary Path = C:\WINDOWS\System32\svchost.exe –k netsvcs Binary Size = 0 Binary MD5 =
Service Name = Spooler Service Display Name = Bufor wydruku Opened = YES Status = Running Query = SUCCESS Service Type = 272 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\spoolsv.exe Binary Size = 57856 Binary MD5 = bebe8a85954ff460374fd5a0cd21e19b
Service Name = SSDPSRV Service Display Name = Usługa odnajdywania SSDP Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 3 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe –k LocalService Binary Size = 0 Binary MD5 =
Service Name = stisvc Service Display Name = Windows Image Acquisition (WIA) Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 3 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe –k imgsvc Binary Size = 0 Binary MD5 =
Service Name = TapiSrv Service Display Name = Telefonia Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 3 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe –k netsvcs Binary Size = 0 Binary MD5 =
Service Name = TermService Service Display Name = Usługi terminalowe Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 3 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost –k DComLaunch Binary Size = 0 Binary MD5 =
Service Name = Themes Service Display Name = Kompozycje Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe –k netsvcs Binary Size = 0 Binary MD5 =
Service Name = TrkWks Service Display Name = Klient śledzenia łączy rozproszonych Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe –k netsvcs Binary Size = 0 Binary MD5 =
Service Name = UMWdf Service Display Name = Windows User Mode Driver Framework Opened = YES Status = Running Query = SUCCESS Service Type = 16 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\wdfmgr.exe Binary Size = 38912 Binary MD5 = c81b8635dee0d3ef5f64b3dd643023a5
Service Name = W32Time Service Display Name = Usługa Czas systemu Windows Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe –k netsvcs Binary Size = 0 Binary MD5 =
Service Name = WebClient Service Display Name = WebClient Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe –k LocalService Binary Size = 0 Binary MD5 =
Service Name = winmgmt Service Display Name = Instrumentacja zarządzania Windows Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 0 Service Binary Path = C:\WINDOWS\system32\svchost.exe –k netsvcs Binary Size = 0 Binary MD5 =
Service Name = wuauserv Service Display Name = Aktualizacje automatyczne Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe –k netsvcs Binary Size = 0 Binary MD5 =
Service Name = WZCSVC Service Display Name = Konfiguracja zerowej sieci bezprzewodowej Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe –k netsvcs Binary Size = 0 Binary MD5 =
#############################WINLOGON DATA#############################

Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent Filepath = C:\WINDOWS\system32\Ati2evxx.dll File Size = 86016 File MD5 = fb1356fa822d188007b9de19e2e28605
Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain Filepath = C:\WINDOWS\system32\crypt32.dll File Size = 601088 File MD5 = 060b3caec5c1ab811914ea564eb3baac
Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet Filepath = C:\WINDOWS\system32\cryptnet.dll File Size = 63488 File MD5 = 9970ddf394abec14f45979d27763cded
Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll Filepath = C:\WINDOWS\system32\cscdll.dll File Size = 102400 File MD5 = a352f5a966c87062590483c64e3c6015
Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp Filepath = C:\WINDOWS\system32\wlnotify.dll File Size = 93184 File MD5 = 0a983f1161b4b97c6c20d55069eb796a
Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule Filepath = C:\WINDOWS\system32\wlnotify.dll File Size = 93184 File MD5 = 0a983f1161b4b97c6c20d55069eb796a
Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy Filepath = C:\WINDOWS\system32\sclgntfy.dll File Size = 22016 File MD5 = e427445fe7535951f709997c2c0a2ea7
Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn Filepath = C:\WINDOWS\system32\WlNotify.dll File Size = 93184 File MD5 = 0a983f1161b4b97c6c20d55069eb796a
Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv Filepath = C:\WINDOWS\system32\wlnotify.dll File Size = 93184 File MD5 = 0a983f1161b4b97c6c20d55069eb796a
Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon Filepath = C:\WINDOWS\system32\wlnotify.dll File Size = 93184 File MD5 = 0a983f1161b4b97c6c20d55069eb796a
##########################BROWSER ADD–ON DATA##########################

CLSID = {E0E899AB–F487–11D5–8D29–0050BA6940E3} FilePath = C:\PROGRA~1\FlashGet\fgiebar.dll File Size = 86016 File MD5 = 94d01cba4fbb4eb408f02f549ca5d815 Description = FlashGet Bar

CLSID = {4D5C8C25–D075–11d0–B416–00C04FB90376} FilePath = C:\WINDOWS\system32\shdocvw.dll File Size = 1483264 File MD5 = 4a714b3179528e2653f9c61bfdf924fa

CLSID = {30D02401–6A81–11D0–8274–00C04FD5AE38} FilePath = C:\WINDOWS\system32\browseui.dll File Size = 1017344 File MD5 = b1d505cc52bf3531dcf6d19d02b12e1f
CLSID = {EFA24E61–B078–11D0–89E4–00C04FC9E26E} FilePath = C:\WINDOWS\system32\shdocvw.dll File Size = 1483264 File MD5 = 4a714b3179528e2653f9c61bfdf924fa
CLSID = {EFA24E62–B078–11D0–89E4–00C04FC9E26E} FilePath = C:\WINDOWS\system32\shdocvw.dll File Size = 1483264 File MD5 = 4a714b3179528e2653f9c61bfdf924fa

CLSID = {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} FilePath = C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll File Size = 54248 File MD5 = fc7850324464e4d19a24a03d882b5cc4
CLSID = {A5366673–E8CA–11D3–9CD9–0090271D075B} FilePath = C:\PROGRA~1\FlashGet\jccatch.dll File Size = 65536 File MD5 = f2fafe3cb6412c89f43d88ccebe308f3

CLSID = {08B0E5C0–4FCB–11CF–AAA5–00401C608501} FilePath = File Size = 0 File MD5 =
CLSID = {92780B25–18CC–41C8–B9BE–3C9C571A8263} FilePath = File Size = 0 File MD5 =
CLSID = {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} FilePath = File Size = 0 File MD5 =
CLSID = {FB5F1910–F110–11d2–BB9E–00C04F795683} FilePath = File Size = 0 File MD5 =

CLSID = CmdMapping FilePath = File Size = 0 File MD5 =

CLSID = {CFBFAE00–17A6–11D0–99CB–00C04FD64497} FilePath = C:\WINDOWS\system32\shdocvw.dll File Size = 1483264 File MD5 = 4a714b3179528e2653f9c61bfdf924fa Description =
##########################LSP CHAIN DATA##########################

Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 246784 File MD5 = 83387067b25e000e64b178a62e5dcd24
Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 246784 File MD5 = 83387067b25e000e64b178a62e5dcd24
Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 246784 File MD5 = 83387067b25e000e64b178a62e5dcd24
Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004 Filepath = C:\WINDOWS\system32\rsvpsp.dll File Size = 90112 File MD5 = a21a54285bba35f48afdedf787e969e9
Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005 Filepath = C:\WINDOWS\system32\rsvpsp.dll File Size = 90112 File MD5 = a21a54285bba35f48afdedf787e969e9
Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 246784 File MD5 = 83387067b25e000e64b178a62e5dcd24
Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 246784 File MD5 = 83387067b25e000e64b178a62e5dcd24
Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 246784 File MD5 = 83387067b25e000e64b178a62e5dcd24
Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 246784 File MD5 = 83387067b25e000e64b178a62e5dcd24
Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 246784 File MD5 = 83387067b25e000e64b178a62e5dcd24
Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 246784 File MD5 = 83387067b25e000e64b178a62e5dcd24
##########################UNINSTALL DATA##########################

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\"SubEdit–Player" DisplayName = "SubEdit–Player"
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Ad–aware 6 Personal DisplayName = Ad–aware 6 Personal
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Advanced Administrative Tools DisplayName = Advanced Administrative Tools
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\ALLPlayer V2.X DisplayName = ALLPlayer V2.X
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\ATI Display Driver DisplayName = ATI Display Driver
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Autodesk Express Viewer DisplayName = Autodesk Express Viewer InstallLocation = C:\Program Files\Autodesk\Autodesk Express Viewer
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\BitComet DisplayName = BitComet 0.56
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Branding
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\CdaC13Ba DisplayName = SafeCast Shared Components InstallLocation = C:\Program Files\Common Files\Macrovision Shared\SafeCast\Install\
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\CDex
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\CesarFTP 0.99g_is1 DisplayName = CesarFTP 0.99g
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Cheating–Death DisplayName = Cheating–Death 4.29.0
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\CloneCD DisplayName = CloneCD InstallLocation = C:\Program Files\SlySoft\CloneCD
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Codec_is1 DisplayName = Codec 7.8d
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\DirectAnimation
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\DXM_Runtime
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\EAX Unified DisplayName = EAX Unified
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\eDonkey2000 DisplayName = eDonkey2000
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\ET3 DisplayName = English Translator 3
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\eTeacher 4.0 angielski DisplayName = eTeacher 4.0 angielski
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\FlashGet(JetCar) DisplayName = FlashGet(JetCar)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Gadu–Gadu DisplayName = Gadu–Gadu 6.1
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\GFI LANguard Network Security Scanner_is1 DisplayName = GFI LANguard Network Security Scanner 3.0
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\HijackThis DisplayName = HijackThis 1.99.1
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\ICW
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\IE40
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\IEData
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield Uninstall Information
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Invision 2.0
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Invision 2.0 Build 3515 DisplayName = Invision 2.0 Build 3515
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Kaspersky Anti–Virus Personal DisplayName = Kaspersky Anti–Virus Personal
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB834707 DisplayName = Poprawka systemu Windows XP – KB834707
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB873333 DisplayName = Poprawka systemu Windows XP – KB873333
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB873339 DisplayName = Poprawka systemu Windows XP – KB873339
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB884016
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB885250 DisplayName = Poprawka systemu Windows XP – KB885250
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB885835 DisplayName = Poprawka systemu Windows XP – KB885835
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB885836 DisplayName = Poprawka systemu Windows XP – KB885836
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB885894 DisplayName = Poprawka systemu Windows XP – KB885894
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB886185 DisplayName = Poprawka systemu Windows XP – KB886185
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB887742 DisplayName = Poprawka systemu Windows XP – KB887742
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB888113 DisplayName = Poprawka systemu Windows XP – KB888113
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB888302 DisplayName = Poprawka systemu Windows XP – KB888302
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB890175 DisplayName = Poprawka systemu Windows XP – KB890175
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB890859 DisplayName = Poprawka systemu Windows XP – KB890859
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB890923 DisplayName = Poprawka systemu Windows XP – KB890923
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB891781 DisplayName = Poprawka systemu Windows XP – KB891781
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB893066 DisplayName = Poprawka systemu Windows XP – KB893066
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB893086 DisplayName = Poprawka systemu Windows XP – KB893086
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB893803 DisplayName = Windows Installer 3.1 (KB893803)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\mIRC DisplayName = mIRC
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MkS_Vir DisplayName = mks_vir 2004
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Moonlight–Elecard MPEG Player 2.3 DisplayName = Moonlight–Elecard MPEG Player InstallLocation = C:\Program Files\Moonlight Cordless\Moonlight–Elecard MPEG Player 2.3
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MotoGP2_is1 DisplayName = MotoGP2
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox (1.0.3) DisplayName = Mozilla Firefox (1.0.3) InstallLocation = C:\Program Files\Mozilla Firefox
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MSI30–Beta1
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MSI30–Beta2
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MSI30–KB884016
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MSI30–RC1
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MSI30–RC2
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MSI30a–KB884016
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MSI31–Beta
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MSI31–RC1
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MSTTS DisplayName = Microsoft Text–to–Speech Engine 4.0 (English)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Nero – Burning Rom!UninstallKey DisplayName = Nero 6 Ultra Edition
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\NetMeeting
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\OutlookExpress
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\PCHealth
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\PestPatrol Standard Edition (Evaluation)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\PowerGG DisplayName = PowerGG
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\QuickTime DisplayName = QuickTime
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Red Alert 2 DisplayName = Command & Conquer Red Alert 2
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\ShockwaveFlash
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\SkanerOnline DisplayName = Skaner on–line mks_vir
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\SpeedFan DisplayName = SpeedFan (remove only)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Tibia_is1 DisplayName = Tibia 7.4
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\UltraISO_is1 DisplayName = UltraISO V7.0 ME
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\WheelMouse DisplayName = A4Tech iWheelWorks V7.38
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Winamp DisplayName = Winamp (remove only)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Wincmd DisplayName = Windows Commander (Remove or Repair)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows Media Format Runtime DisplayName = Windows Media Format Runtime
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows Media Player DisplayName = Windows Media Player 10
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows SR 2.0 DisplayName = Windows SR 2.0
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\WinRAR archiver DisplayName = WinRAR archiver
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\WOLAPI DisplayName = Westwood Shared Internet Components
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\ZxSniffer DisplayName = ZxSniffer
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{0BEDBD4E–2D34–47B5–9973–57E62B29307C} DisplayName = ATI Control Panel
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8–6813–11D6–A77B–00B0D0150000} DisplayName = J2SE Runtime Environment 5.0 InstallLocation =
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{350C9415–3D7C–4EE8–BAA9–00BCB3D54227} DisplayName = WebFldrs XP InstallLocation =
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{38420AB3–8788–4DA2–A296–E8B6F328876F} DisplayName = EA SPORTS Rugby 2005 InstallLocation = g:\Program Files\EA Sports\EA SPORTS Rugby 2005
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{3DED3A72–61A8–4B87–98A5–EF0BC8038AA0} DisplayName = DAEMON Tools InstallLocation =
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{5058B085–AA79–41E5–A726–681B4C4B846E} DisplayName = ACDSee 5.0 PowerPack InstallLocation = C:\Program Files\ACD Systems\
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{51C8741C–4A91–42A6–B6A2–CB891F7398A1} DisplayName = Kerio Personal Firewall 2.1.5
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{5783F2D7–0201–0415–0002–0060B0CE6BBA} DisplayName = AutoCAD 2004 InstallLocation =
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{68E1BAC6–F79F–43C4–AF03–A89F53F748D3} DisplayName = Microsoft XML Parser InstallLocation =
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{6C362EE4–011C–11D5–941B–0050DA2D7AE1} DisplayName = Microsoft Speech 5.0 InstallLocation =
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{90110415–6000–11D3–8CFE–0150048383C9} DisplayName = Microsoft Office Professional Edition 2003 InstallLocation = C:\Program Files\Microsoft Office\
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86–7AD7–1038–7646–CEA000000001} DisplayName = Adobe Reader 6.0.2 CE InstallLocation = C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{E91563B4–D9EC–11D5–A2BB–00606771B69D} InstallLocation = C:\Program Files\Panda Software\Panda Antivirus Platinum
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{EE5B8E34–973C–4FBE–AC83–99F064009FC7} DisplayName = SpyHunter InstallLocation = C:\Program Files\Enigma Software Group\SpyHunter
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{FB08F381–6533–4108–B7DD–039E11FBC27E} DisplayName = Realtek AC'97 Audio


log kombajn
L2Mfix 1.03

Running From:
C:\DOWNLO~1\hm\l2mfix



RegDACL 5.1 – Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999–2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(ID–NI) ALLOW Read BUILTIN\Uytkownicy
(ID–IO) ALLOW Read BUILTIN\Uytkownicy
(ID–NI) ALLOW Read BUILTIN\Uytkownicy zaawansowani
(ID–IO) ALLOW Read BUILTIN\Uytkownicy zaawansowani
(ID–NI) ALLOW Full access BUILTIN\Administratorzy
(ID–IO) ALLOW Full access BUILTIN\Administratorzy
(ID–NI) ALLOW Full access ZARZDZANIE NT\SYSTEM
(ID–IO) ALLOW Full access ZARZDZANIE NT\SYSTEM
(ID–IO) ALLOW Full access TWRCA–WACICIEL



Setting registry permissions:


RegDACL 5.1 – Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999–2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!


Denying C(CI) access for predefined group "Administrators"
– adding new ACCESS DENY entry


Registry Permissions set too:

RegDACL 5.1 – Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999–2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(CI) DENY ––C––––––– BUILTIN\Administratorzy
(ID–NI) ALLOW Read BUILTIN\Uytkownicy
(ID–IO) ALLOW Read BUILTIN\Uytkownicy
(ID–NI) ALLOW Read BUILTIN\Uytkownicy zaawansowani
(ID–IO) ALLOW Read BUILTIN\Uytkownicy zaawansowani
(ID–NI) ALLOW Full access BUILTIN\Administratorzy
(ID–IO) ALLOW Full access BUILTIN\Administratorzy
(ID–NI) ALLOW Full access ZARZDZANIE NT\SYSTEM
(ID–IO) ALLOW Full access ZARZDZANIE NT\SYSTEM
(ID–IO) ALLOW Full access TWRCA–WACICIEL



Setting up for Reboot


Starting Reboot!

C:\Downloads\hm\l2mfix
System Rebooted!

Running From:
C:\Downloads\hm\l2mfix

killing explorer and rundll32.exe

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002–2003 Craig.Peacock@beyondlogic.org
Killing PID 1784 'explorer.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002–2003 Craig.Peacock@beyondlogic.org
Error, Cannot find a process with an image name of rundll32.exe

Scanning First Pass. Please Wait!

First Pass Completed

Second Pass Scanning

Second pass Completed!

Zipping up files for submission:
adding: clear.reg (188 bytes security) (deflated 2%)
adding: echo.reg (188 bytes security) (deflated 5%)
adding: direct.txt (188 bytes security) (stored 0%)
adding: lo2.txt (188 bytes security) (deflated 70%)
adding: readme.txt (188 bytes security) (deflated 49%)
adding: report.txt (188 bytes security) (deflated 63%)
adding: test.txt (188 bytes security) (stored 0%)
adding: test2.txt (188 bytes security) (stored 0%)
adding: test3.txt (188 bytes security) (stored 0%)
adding: test5.txt (188 bytes security) (stored 0%)
adding: backregs/shell.reg (188 bytes security) (deflated 73%)

Restoring Registry Permissions:


RegDACL 5.1 – Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999–2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!


Revoking access for predefined group "Administrators"
Inherited ACE can not be revoked here!
Inherited ACE can not be revoked here!


Registry permissions set too:

RegDACL 5.1 – Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999–2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(ID–NI) ALLOW Read BUILTIN\Uytkownicy
(ID–IO) ALLOW Read BUILTIN\Uytkownicy
(ID–NI) ALLOW Read BUILTIN\Uytkownicy zaawansowani
(ID–IO) ALLOW Read BUILTIN\Uytkownicy zaawansowani
(ID–NI) ALLOW Full access BUILTIN\Administratorzy
(ID–IO) ALLOW Full access BUILTIN\Administratorzy
(ID–NI) ALLOW Full access ZARZDZANIE NT\SYSTEM
(ID–IO) ALLOW Full access ZARZDZANIE NT\SYSTEM
(ID–IO) ALLOW Full access TWRCA–WACICIEL


Restoring Sedebugprivilege:

Granting SeDebugPrivilege to Administrators ... failed (GetAccountSid(Administrators)=1332


The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
"DLLName"="Ati2evxx.dll"
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000001
"Lock"="AtiLockEvent"
"Logoff"="AtiLogoffEvent"
"Logon"="AtiLogonEvent"
"Disconnect"="AtiDisConnectEvent"
"Reconnect"="AtiReConnectEvent"
"Safe"=dword:00000000
"Shutdown"="AtiShutdownEvent"
"StartScreenSaver"="AtiStartScreenSaverEvent"
"StartShell"="AtiStartShellEvent"
"Startup"="AtiStartupEvent"
"StopScreenSaver"="AtiStopScreenSaverEvent"
"Unlock"="AtiUnLockEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001


The following are the files found:
****************************************************************************

Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
REGEDIT4

[–HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""
****************************************************************************
Desktop.ini Contents:
****************************************************************************
****************************************************************************

Mowgli
Dodano
12.05.2005 22:55:18
@Mowgli, jeszcze dwie rzeczy chce wiedzieć.
– Zrob loga tym "kombajnem" funkcja spod 1 i pokaz plik wynikowy w poscie
– Chciałbym zobaczyc szczegóły tego co niby znajduje SpyHunter, klucze rejestru i inne ktore program wypluwa (rozciagnij kolumny tak aby całosc była widoczna)
Bobi
Dodano
12.05.2005 21:39:28
Mowgli:
Flashgeta(JetCar)wer.1.65 z witamina (numerem seryjnym)


Co się szczypiesz – tu sami swoi. My piszemy normalnie – "kradziony", a nie półsłówek uzywamy.
Lisowczyk
Dodano
12.05.2005 20:35:44
Flashgeta(JetCar)wer.1.65 z witamina (numerem seryjnym)

l2mfix uruchomilem to narzedzie właczyła sie jakas konsola dałem 2 i zrestartował sie na starcie cos tam porobiło ale dalej jest vx2 nie wiem czy o to chodzi pierwszy raz widze taki kombajn
Mowgli
Dodano
12.05.2005 20:29:22
SpyHunter przyczepił sie do Flashgeta oraz pozostałosci po syfie ktory juz usuwalismy na poczatku
Masz Flashgeta w wersji darmowej z roznymi "prezentami" czy Professional ??

Poza tym mamy dobrze maskujacego sie VX2, sciagnij l2mfix.exe
Uruchom system w trybie awaryjnym i zastartuj to narzedzie (po rozpakowaniu uruchom plik *.bat)
Bobi
Dodano
12.05.2005 15:14:19
OS: Windows XP
Product Edition: Evaluation
PestPatrol.exe: 20041227 4.4.4.81
PestPatrolCL.exe: 20041215 4.4.4.80
Pest Database: 20050505

Pests found:

AdServer.com Spyware Cookie,C:\Documents and Settings\Administrator\Cookies\administrator@adserver[1].txt,na,na,20050512,00–50–FC–A8–62–95,POL
Bluestreak.com Spyware Cookie,C:\Documents and Settings\Administrator\Cookies\administrator@bluestreak[1].txt,na,na,20050512,00–50–FC–A8–62–95,POL
DomainSponsor.com Spyware Cookie,C:\Documents and Settings\Administrator\Cookies\administrator@domainsponsor[1].txt,na,na,20050512,00–50–FC–A8–62–95,POL
FastClick.com Spyware Cookie,C:\Documents and Settings\Administrator\Cookies\administrator@fastclick[2].txt,na,na,20050512,00–50–FC–A8–62–95,POL
DomainSponsor.com Spyware Cookie,C:\Documents and Settings\Administrator\Cookies\administrator@landing.domainsponsor[1].txt,na,na,20050512,00–50–FC–A8–62–95,POL
Revenue.net Spyware Cookie,C:\Documents and Settings\Administrator\Cookies\administrator@revenue[2].txt,na,na,20050512,00–50–FC–A8–62–95,POL
TribalFusion.com Spyware Cookie,C:\Documents and Settings\Administrator\Cookies\administrator@tribalfusion[2].txt,na,na,20050512,00–50–FC–A8–62–95,POL
BookedSpace,HKEY_CLASSES_ROOT\localnrddll.localnrddllobj.1,na,na,20050512,00–50–FC–A8–62–95,POL
FlashGet,HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar|{e0e899ab–f487–11d5–8d29–0050ba6940e3},na,na,20050512,00–50–FC–A8–62–95,POL
FlashGet,HKEY_CLASSES_ROOT\clsid\{a5366673–e8ca–11d3–9cd9–0090271d075b},na,na,20050512,00–50–FC–A8–62–95,POL
FlashGet,HKEY_CLASSES_ROOT\clsid\{e0e899ab–f487–11d5–8d29–0050ba6940e3},na,na,20050512,00–50–FC–A8–62–95,POL
FlashGet,HKEY_LOCAL_MACHINE\software\classes\clsid\{a5366673–e8ca–11d3–9cd9–0090271d075b},na,na,20050512,00–50–FC–A8–62–95,POL
FlashGet,HKEY_LOCAL_MACHINE\software\classes\clsid\{e0e899ab–f487–11d5–8d29–0050ba6940e3},na,na,20050512,00–50–FC–A8–62–95,POL
FlashGet,HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{a5366673–e8ca–11d3–9cd9–0090271d075b},na,na,20050512,00–50–FC–A8–62–95,POL
IBIS Toolbar,HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\userdata\sto,na,na,20050512,00–50–FC–A8–62–95,POL
ToonComics,HKEY_LOCAL_MACHINE\software\msbb,na,na,20050512,00–50–FC–A8–62–95,POL
WebSearch Toolbar,HKEY_CLASSES_ROOT\clsid\{708be496–e202–497b–bc31–9cf47e3bf8d6},na,na,20050512,00–50–FC–A8–62–95,POL
WebSearch Toolbar,HKEY_CLASSES_ROOT\clsid\{6e21f428–5617–47f7–aed8–b2e1d8fba711},na,na,20050512,00–50–FC–A8–62–95,POL
WinTools,HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\userdata|tuid,na,na,20050512,00–50–FC–A8–62–95,POL
Ezula,C:\WINDOWS\conscorr.ini,na,na,20050512,00–50–FC–A8–62–95,POL
FlashGet,C:\Program Files\flashget\flashget.exe,na,na,20050512,00–50–FC–A8–62–95,POL
FlashGet,C:\Program Files\flashget\jccatch.dll,na,na,20050512,00–50–FC–A8–62–95,POL
FlashGet,C:\Program Files\flashget\unreg.inf,na,na,20050512,00–50–FC–A8–62–95,POL
FlashGet,C:\Program Files\flashget\skin\xp_luna.ini,na,na,20050512,00–50–FC–A8–62–95,POL
FlashGet,C:\Program Files\flashget\fgiebar.dll,na,na,20050512,00–50–FC–A8–62–95,POL
FlashGet,C:\Program Files\flashget\flashget.chm,na,na,20050512,00–50–FC–A8–62–95,POL
FlashGet,C:\Program Files\flashget\skin\normal.ini,na,na,20050512,00–50–FC–A8–62–95,POL
FlashGet,C:\Program Files\flashget\skin\sky(gradient).ini,na,na,20050512,00–50–FC–A8–62–95,POL
FlashGet,C:\Program Files\flashget\skin\xp_luna(gradient).ini,na,na,20050512,00–50–FC–A8–62–95,POL
FlashGet,C:\Program Files\flashget\language\jcukr.ini,na,na,20050512,00–50–FC–A8–62–95,POL
FlashGet,C:\Program Files\flashget\skin\imagebk.ini,na,na,20050512,00–50–FC–A8–62–95,POL
FlashGet,C:\Program Files\flashget\language\jcswe.ini,na,na,20050512,00–50–FC–A8–62–95,POL
FlashGet,C:\Program Files\flashget\language\jcthi.ini,na,na,20050512,00–50–FC–A8–62–95,POL
FlashGet,C:\Program Files\flashget\language\jctur.ini,na,na,20050512,00–50–FC–A8–62–95,POL
FlashGet,C:\Program Files\flashget\language\jcslo.ini,na,na,20050512,00–50–FC–A8–62–95,POL
FlashGet,C:\Program Files\flashget\language\jcsrl.ini,na,na,20050512,00–50–FC–A8–62–95,POL
FlashGet,C:\Program Files\flashget\language\jcsvk.ini,na,na,20050512,00–50–FC–A8–62–95,POL
FlashGet,C:\Program Files\flashget\language\jcptp.ini,na,na,20050512,00–50–FC–A8–62–95,POL
FlashGet,C:\Program Files\flashget\language\jcrom.ini,na,na,20050512,00–50–FC–A8–62–95,POL
FlashGet,C:\Program Files\flashget\language\jcrus.ini,na,na,20050512,00–50–FC–A8–62–95,POL
FlashGet,C:\Program Files\flashget\language\jcnor.ini,na,na,20050512,00–50–FC–A8–62–95,POL
FlashGet,C:\Program Files\flashget\language\jcpls.ini,na,na,20050512,00–50–FC–A8–62–95,POL
FlashGet,C:\Program Files\flashget\language\jcpob.ini,na,na,20050512,00–50–FC–A8–62–95,POL
FlashGet,C:\Program Files\flashget\language\jclat.ini,na,na,20050512,00–50–FC–A8–62–95,POL
FlashGet,C:\Program Files\flashget\language\jcltu.ini,na,na,20050512,00–50–FC–A8–62–95,POL
FlashGet,C:\Program Files\flashget\language\jcnld.ini,na,na,20050512,00–50–FC–A8–62–95,POL
FlashGet,C:\Program Files\flashget\language\jcita.ini,na,na,20050512,00–50–FC–A8–62–95,POL
FlashGet,C:\Program Files\flashget\language\jcjpn.ini,na,na,20050512,00–50–FC–A8–62–95,POL
FlashGet,C:\Program Files\flashget\language\jckor.ini,na,na,20050512,00–50–FC–A8–62–95,POL
FlashGet,C:\Program Files\flashget\language\jcfra.ini,na,na,20050512,00–50–FC–A8–62–95,POL
FlashGet,C:\Program Files\flashget\language\jcheb.ini,na,na,20050512,00–50–FC–A8–62–95,POL
FlashGet,C:\Program Files\flashget\language\jchun.ini,na,na,20050512,00–50–FC–A8–62–95,POL
FlashGet,C:\Program Files\flashget\language\jceng.ini,na,na,20050512,00–50–FC–A8–62–95,POL
FlashGet,C:\Program Files\flashget\language\jcesp.ini,na,na,20050512,00–50–FC–A8–62–95,POL
FlashGet,C:\Program Files\flashget\language\jcfin.ini,na,na,20050512,00–50–FC–A8–62–95,POL
FlashGet,C:\Program Files\flashget\language\jcdax.ini,na,na,20050512,00–50–FC–A8–62–95,POL
FlashGet,C:\Program Files\flashget\language\jcdeu.ini,na,na,20050512,00–50–FC–A8–62–95,POL
FlashGet,C:\Program Files\flashget\language\jcell.ini,na,na,20050512,00–50–FC–A8–62–95,POL
FlashGet,C:\Program Files\flashget\language\jcchs.ini,na,na,20050512,00–50–FC–A8–62–95,POL
FlashGet,C:\Program Files\flashget\language\jccht.ini,na,na,20050512,00–50–FC–A8–62–95,POL
FlashGet,C:\Program Files\flashget\language\jccze.ini,na,na,20050512,00–50–FC–A8–62–95,POL
FlashGet,C:\Program Files\flashget\jc_link.htm,na,na,20050512,00–50–FC–A8–62–95,POL
FlashGet,C:\Program Files\flashget\language\jcbul.ini,na,na,20050512,00–50–FC–A8–62–95,POL
FlashGet,C:\Program Files\flashget\language\jccat.ini,na,na,20050512,00–50–FC–A8–62–95,POL
FlashGet,C:\Program Files\flashget\uninstalllib.exe,na,na,20050512,00–50–FC–A8–62–95,POL
FlashGet,C:\Program Files\flashget\jc_all.htm,na,na,20050512,00–50–FC–A8–62–95,POL
FlashGet Directory,C:\Program Files\flashget,na,na,20050512,00–50–FC–A8–62–95,POL
FlashGet Directory,C:\Program Files\flashget\ads,na,na,20050512,00–50–FC–A8–62–95,POL
FlashGet Directory,C:\Program Files\flashget\ads\cache434,na,na,20050512,00–50–FC–A8–62–95,POL
FlashGet?,C:\Program Files\flashget\ads\cache434\B_100000.htm,na,na,20050512,00–50–FC–A8–62–95,POL
FlashGet?,C:\Program Files\flashget\ads\cache434\B_118700.htm,na,na,20050512,00–50–FC–A8–62–95,POL
FlashGet?,C:\Program Files\flashget\ads\cache434\B_356300.htm,na,na,20050512,00–50–FC–A8–62–95,POL
FlashGet?,C:\Program Files\flashget\ads\cache434\B_372700.htm,na,na,20050512,00–50–FC–A8–62–95,POL
FlashGet?,C:\Program Files\flashget\ads\cache434\B_434_0_0_373000.gif,na,na,20050512,00–50–FC–A8–62–95,POL
FlashGet?,C:\Program Files\flashget\ads\cache434\B_434_2_0_127200.gif,na,na,20050512,00–50–FC–A8–62–95,POL
FlashGet?,C:\Program Files\flashget\ads\cache434\B_434_2_0_127200.htm,na,na,20050512,00–50–FC–A8–62–95,POL
FlashGet?,C:\Program Files\flashget\ads\cache434\B_434_2_0_144000.htm,na,na,20050512,00–50–FC–A8–62–95,POL
FlashGet?,C:\Program Files\flashget\ads\cache434\B_434_2_0_144000.swf,na,na,20050512,00–50–FC–A8–62–95,POL
FlashGet?,C:\Program Files\flashget\ads\cache434\B_434_2_0_282500.htm,na,na,20050512,00–50–FC–A8–62–95,POL
FlashGet?,C:\Program Files\flashget\ads\cache434\B_434_2_0_282500.swf,na,na,20050512,00–50–FC–A8–62–95,POL
FlashGet?,C:\Program Files\flashget\ads\cache434\B_434_2_0_297800.gif,na,na,20050512,00–50–FC–A8–62–95,POL
FlashGet?,C:\Program Files\flashget\ads\cache434\B_434_2_0_297800.htm,na,na,20050512,00–50–FC–A8–62–95,POL
FlashGet?,C:\Program Files\flashget\ads\cache434\B_434_2_2_127200.gif,na,na,20050512,00–50–FC–A8–62–95,POL
FlashGet?,C:\Program Files\flashget\ads\cache434\B_434_2_2_127200.htm,na,na,20050512,00–50–FC–A8–62–95,POL
FlashGet?,C:\Program Files\flashget\ads\cache434\B_434_2_4_100100.htm,na,na,20050512,00–50–FC–A8–62–95,POL
FlashGet?,C:\Program Files\flashget\ads\cache434\B_434_2_4_127200.gif,na,na,20050512,00–50–FC–A8–62–95,POL
FlashGet?,C:\Program Files\flashget\ads\cache434\B_434_2_4_127200.htm,na,na,20050512,00–50–FC–A8–62–95,POL
FlashGet?,C:\Program Files\flashget\ads\cache434\B_434_2_4_282500.htm,na,na,20050512,00–50–FC–A8–62–95,POL
FlashGet?,C:\Program Files\flashget\ads\cache434\B_434_2_4_282500.swf,na,na,20050512,00–50–FC–A8–62–95,POL
FlashGet?,C:\Program Files\flashget\ads\cache434\t_B_100000.htm,na,na,20050512,00–50–FC–A8–62–95,POL
FlashGet?,C:\Program Files\flashget\ads\cache434\t_B_107500.htm,na,na,20050512,00–50–FC–A8–62–95,POL
FlashGet?,C:\Program Files\flashget\ads\cache434\t_B_107600.htm,na,na,20050512,00–50–FC–A8–62–95,POL
FlashGet?,C:\Program Files\flashget\ads\cache434\t_B_118700.htm,na,na,20050512,00–50–FC–A8–62–95,POL
FlashGet?,C:\Program Files\flashget\ads\cache434\t_B_356300.htm,na,na,20050512,00–50–FC–A8–62–95,POL
FlashGet?,C:\Program Files\flashget\ads\cache434\t_B_372700.htm,na,na,20050512,00–50–FC–A8–62–95,POL
FlashGet?,C:\Program Files\flashget\ads\cache434\t_B_434_2_0_100100.htm,na,na,20050512,00–50–FC–A8–62–95,POL
FlashGet?,C:\Program Files\flashget\ads\cache434\t_B_434_2_4_100100.htm,na,na,20050512,00–50–FC–A8–62–95,POL
FlashGet?,C:\Program Files\flashget\Default.bk1,na,na,20050512,00–50–FC–A8–62–95,POL
FlashGet?,C:\Program Files\flashget\Default.bk2,na,na,20050512,00–50–FC–A8–62–95,POL
FlashGet?,C:\Program Files\flashget\Default.bk3,na,na,20050512,00–50–FC–A8–62–95,POL
FlashGet?,C:\Program Files\flashget\Default.jcd,na,na,20050512,00–50–FC–A8–62–95,POL
FlashGet?,C:\Program Files\flashget\Default.jcd.bak,na,na,20050512,00–50–FC–A8–62–95,POL
FlashGet?,C:\Program Files\flashget\default1.GIF,na,na,20050512,00–50–FC–A8–62–95,POL
FlashGet?,C:\Program Files\flashget\flashget.exe.manifest,na,na,20050512,00–50–FC–A8–62–95,POL
FlashGet?,C:\Program Files\flashget\INSTALL.LOG,na,na,20050512,00–50–FC–A8–62–95,POL
FlashGet Directory,C:\Program Files\flashget\language,na,na,20050512,00–50–FC–A8–62–95,POL
FlashGet?,C:\Program Files\flashget\License.txt,na,na,20050512,00–50–FC–A8–62–95,POL
FlashGet?,C:\Program Files\flashget\mirrors.lst,na,na,20050512,00–50–FC–A8–62–95,POL
FlashGet?,C:\Program Files\flashget\mymirror.lst,na,na,20050512,00–50–FC–A8–62–95,POL
FlashGet?,C:\Program Files\flashget\Normal.jcs,na,na,20050512,00–50–FC–A8–62–95,POL
FlashGet?,C:\Program Files\flashget\Readme.txt,na,na,20050512,00–50–FC–A8–62–95,POL
FlashGet Directory,C:\Program Files\flashget\Skin,na,na,20050512,00–50–FC–A8–62–95,POL
FlashGet?,C:\Program Files\flashget\Skin\Leftback.jpg,na,na,20050512,00–50–FC–A8–62–95,POL
FlashGet?,C:\Program Files\flashget\Skin\logo_bg.gif,na,na,20050512,00–50–FC–A8–62–95,POL
FlashGet?,C:\Program Files\flashget\Skin\TestBk.jpg,na,na,20050512,00–50–FC–A8–62–95,POL
FlashGet Directory,C:\Program Files\flashget\sounds,na,na,20050512,00–50–FC–A8–62–95,POL
FlashGet?,C:\Program Files\flashget\sounds\added.wav,na,na,20050512,00–50–FC–A8–62–95,POL
FlashGet?,C:\Program Files\flashget\sounds\all_done.wav,na,na,20050512,00–50–FC–A8–62–95,POL
FlashGet?,C:\Program Files\flashget\sounds\done.wav,na,na,20050512,00–50–FC–A8–62–95,POL
FlashGet?,C:\Program Files\flashget\sounds\error.wav,na,na,20050512,00–50–FC–A8–62–95,POL
FlashGet?,C:\Program Files\flashget\Start.cdi,na,na,20050512,00–50–FC–A8–62–95,POL
FlashGet?,C:\Program Files\flashget\Table.jcs,na,na,20050512,00–50–FC–A8–62–95,POL
FlashGet?,C:\Program Files\flashget\UNWISE.EXE,na,na,20050512,00–50–FC–A8–62–95,POL
FlashGet?,C:\Program Files\flashget\whatsnew.txt,na,na,20050512,00–50–FC–A8–62–95,POL


Mowgli
Dodano
12.05.2005 13:21:41
Mowgli:
zajarzyłem o co ci chodzi usunac recznie ale cos w regedit sie nie da :/(nie umiem)

Pokaz szczegoły odnoszace sie do rejestru, plików etc
Trzeba bedzie sie wziasc za robótki reczne.
PS: Pest czy ten drugi program znalazł coś ??
Był to ten God Message czy jaies inne smieci ??
Bobi
Dodano
11.05.2005 23:24:42
Ale skanujesz i znajduje coś czy po prostu musisz zaplacić zeby w ogolne zaskanować ??

musze zapłacic zeby usunac ale zajarzyłem o co ci chodzi usunac recznie ale cos w regedit sie nie da :/(nie umiem)
Gmw_v0.1.zip, Gmw.vbs, Gmw.hta, Godmessage.html, 2ascii.bin, Onz.exe

nie skojarzyłem an poczatku ale przeszukałem i nie ma nic z tych plikow
Mowgli
Dodano
11.05.2005 21:13:06
Mowgli:
potrzebny crack zeby usunac to co znajdzie :/ w tym i w tym programie (płatne)

Ale skanujesz i znajduje coś czy po prostu musisz zaplacić zeby w ogolne zaskanować ??
Mowgli:
Poszukaj na dysku plików wymienionych w linku od EL NINO

nie kojarze

Gmw_v0.1.zip, Gmw.vbs, Gmw.hta, Godmessage.html, 2ascii.bin, Onz.exe
Bobi
Dodano
10.05.2005 22:45:07
potrzebny crack zeby usunac to co znajdzie :/ w tym i w tym programie (płatne)
Poszukaj na dysku plików wymienionych w linku od EL NINO

nie kojarze
Mowgli
Dodano
10.05.2005 22:24:54
Czysto
PS: Na przyszłosc nie zasmiecaj komus tematu tylko zrob własny nowy albo dopisz sie do swojego starszego
Bobi
Dodano
10.05.2005 18:46:11
Siemka ja tylko tak profilaktycznie, chociarz ostatnio zauwazylem chocby w grze Utrate pakietow – moze cos z Loga da sie wyczytac:

Logfile of HijackThis v1.99.1
Scan saved at 16:33:57, on 2005–05–10
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\AutoConnect\AutoConnect.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\devldr32.exe
C:\Downloads\HijackThis.exe

R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O4 – HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 – HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 – HKCU\..\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe
O4 – Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{5C37F46D–EC3D–45AB–9B83–A52666ED2139}: NameServer = 194.204.152.34 217.98.63.164
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\System32\nvsvc32.exe
rayan
Dodano
10.05.2005 18:36:36
Zerknij tutaj >> http://www.2–spyware.com/remove–godmessage–worm.html
Sciagnij podany tam removal software oraz ewentualnie Pestpatrola bo ten podobno rowniez sobie radzi z tym syfem.
Poszukaj na dysku plików wymienionych w linku od EL NINO
Bobi
Dodano
10.05.2005 16:45:17
Co pokazuje taki komunikat/log ?

Nakładka na mirca Invision 2.0
Jestes wpiety do netu bezposrednio czy tez jestes w jakiejs sieci LAN ?

jestem w sieci lan
a tamte porty sa w porzadku ???
Mowgli
Dodano
10.05.2005 14:15:51
139 :: Normally Ms Netbios–SSN but could be Chode – God Message worm – Msinit – Netlog – Network – Qaz
Co pokazuje taki komunikat/log ?

Jestes wpiety do netu bezposrednio czy tez jestes w jakiejs sieci LAN ?
EL NINO
Dodano
09.05.2005 23:24:29
z panda juz ok
zostały te porty skanery nic nie wykrywaja
a porty sa otwarte nawet jak nic nie robie
nie wiem jak usunac tcp 139 zablokowałem go zapora ogniowa przychodzace i odchodzace ale dalej jest otwarty a w regedit z tej sciezki
HCU\Software\Microsoft\Windows\CurrentVersion\Run\
sa dwie rzeczy
cfmon exe
i domyslna wartosc nie ustalona

a tamte porty sa w porzadku
Mowgli
Dodano
09.05.2005 21:58:07
Mowgli
Dodano:
08.05.2005 22:04:52
Komentarzy:
20
Strona 1 / 2