Wykryto wyłączony javascript
Aktualnie masz wyłączony javascript. Kilka funkcji może nie działać. Włącz ponownie javascript, aby korzystać z pełnej funkcjonalności.
Logi - Komunikatu podczas przeglądania Internetu

Rozpoczęty przez db45 , 16 10 2008 18:01
Temat jest zamknięty
2 odpowiedzi w tym temacie
#1 db45

Emerytura
945 postów
Napisano 16 10 2008 - 18:01
Witam
Proszę o sprawdzenie loga z Combofix'a. Sprawdziłem samemu HJT i nic groźnego nie znalazłem, a "nęcą" mnie komunikaty o podanie użytkownika i hasła podczas przeglądania internetu.

Log:
ComboFix 08-08-04.06 - Tomek i Agata 2008-10-16 17:57:16.3 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.1544 [GMT 2:00]
Running from: C:\Documents and Settings\Tomek i Agata\Pulpit\Skróty pulpitu\ComboFix.exe

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED [img]http://www.forum.tweaks.pl/public/style_emoticons/default/excl.gif[/img][/b][/color]
.
- REDUCED FUNCTIONALITY MODE -
.

(((((((((((((((((((((((((   Files Created from 2008-09-16 to 2008-10-16  )))))))))))))))))))))))))))))))
.

2008-10-02 19:46 . 2003-09-24 09:44	1,230,336	-ra------	C:\WINDOWS\system32\MSXML4.dll
2008-10-02 19:46 . 2003-09-24 09:43	626,960	-ra------	C:\WINDOWS\system32\hpvaut32.dll
2008-10-02 19:46 . 2003-09-24 09:43	487,424	-ra------	C:\WINDOWS\system32\hpvcp70.dll
2008-10-02 19:46 . 2003-09-24 09:43	344,064	-ra------	C:\WINDOWS\system32\hpvcr70.dll
2008-10-02 19:46 . 2003-09-24 09:44	82,432	-ra------	C:\WINDOWS\system32\MSXML4r.dll
2008-10-02 19:46 . 2003-09-24 09:44	44,544	-ra------	C:\WINDOWS\system32\MSXML4a.dll
2008-10-02 19:32 . 2008-10-02 19:32	<DIR>	d--------	C:\Program Files\HP
2008-10-01 14:26 . 2008-10-01 14:26	<DIR>	d--------	C:\Program Files\SystemRequirementsLab
2008-10-01 14:26 . 2008-10-01 14:26	<DIR>	d--------	C:\Documents and Settings\Tomek i Agata\SystemRequirementsLab
2008-09-30 17:00 . 2008-09-30 17:00	0	--a------	C:\WINDOWS\iplayer.INI
2008-09-30 16:53 . 2008-09-30 16:53	<DIR>	d--------	C:\Program Files\InterActual
2008-09-28 18:29 . 2008-10-16 13:26	<DIR>	d--------	C:\Documents and Settings\Tomek i Agata\Dane aplikacji\HLSW
2008-09-18 11:35 . 2008-09-30 22:39	721	--a------	C:\WINDOWS\cdplayer.ini
2008-09-16 12:10 . 2008-09-16 12:10	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\LightScribe

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-16 08:10	---------	d-----w	C:\Documents and Settings\Tomek i Agata\Dane aplikacji\OpenOffice.org2
2008-10-16 08:10	---------	d-----w	C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2008-10-15 19:21	5,736	--sha-w	C:\WINDOWS\system32\drivers\fidbox2.idx
2008-10-15 19:21	442,400	--sha-w	C:\WINDOWS\system32\drivers\fidbox2.dat
2008-10-15 19:21	23,332	--sha-w	C:\WINDOWS\system32\drivers\fidbox.idx
2008-10-15 19:21	2,311,712	--sha-w	C:\WINDOWS\system32\drivers\fidbox.dat
2008-10-14 12:02	---------	d-----w	C:\Program Files\Tlen.pl
2008-10-06 18:02	29,624	----a-w	C:\Documents and Settings\Tomek i Agata\Dane aplikacji\GDIPFONTCACHEV1.DAT
2008-10-02 21:53	---------	d-----w	C:\Program Files\Hewlett-Packard
2008-09-28 16:20	---------	d--h--w	C:\Program Files\InstallShield Installation Information
2008-09-23 12:52	---------	d-----w	C:\Program Files\Driver Cleaner
2008-09-19 16:56	22,328	----a-w	C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-09-19 16:56	103,736	----a-w	C:\WINDOWS\system32\PnkBstrB.exe
2008-09-16 09:46	---------	d-----w	C:\Program Files\Common Files\Ahead
2008-09-09 04:19	---------	d-----w	C:\Program Files\MSECache
2008-09-07 16:39	87,608	----a-w	C:\Documents and Settings\Tomek i Agata\Dane aplikacji\inst.exe
2008-09-07 16:39	47,360	----a-w	C:\Documents and Settings\Tomek i Agata\Dane aplikacji\pcouffin.sys
2008-09-07 16:39	---------	d-----w	C:\Documents and Settings\Tomek i Agata\Dane aplikacji\Vso
2008-09-02 13:39	2,743	----a-w	C:\Documents and Settings\Tomek i Agata\svchosts.exe
2008-09-02 12:28	---------	d-----w	C:\Program Files\Opera
2008-08-25 16:39	---------	d-----w	C:\Program Files\TRADOS
2008-08-25 16:39	---------	d-----w	C:\Documents and Settings\All Users\Dane aplikacji\TRADOS
2008-08-25 16:11	---------	d-----w	C:\Program Files\Common Files\InstallShield
2008-08-25 16:09	---------	d-----w	C:\Program Files\CATCount
2008-08-20 17:05	24,944	----a-w	C:\WINDOWS\system32\drivers\GVTDrv.sys
2008-08-17 19:50	---------	d-----w	C:\Program Files\OCCT
2008-08-11 11:59	107,888	----a-w	C:\WINDOWS\system32\CmdLineExt.dll
2008-08-11 11:44	669,184	----a-w	C:\WINDOWS\system32\pbsvc.exe
2008-08-11 11:44	66,872	----a-w	C:\WINDOWS\system32\PnkBstrA.exe
2008-08-11 11:44	22,328	----a-w	C:\Documents and Settings\Tomek i Agata\Dane aplikacji\PnkBstrK.sys
2008-08-02 19:59	499,712	----a-w	C:\WINDOWS\system32\msvcp71.dll
2008-08-02 19:59	348,160	----a-w	C:\WINDOWS\system32\msvcr71.dll
2008-08-02 16:25	16,608	----a-w	C:\WINDOWS\gdrv.sys
2008-07-30 19:17	315,392	----a-w	C:\WINDOWS\HideWin.exe
.

------- Sigcheck -------

2001-08-18 08:24  327168  e7774698bb0d14b0710a9a31e209f9b6	C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
2004-08-03 23:14  359040  9f4b36614a0fc234525ba224957de55c	C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
2004-08-03 23:14  359040  6a603809f598332dbedd535bdbce313e	C:\WINDOWS\system32\drivers\tcpip.sys
.
(((((((((((((((((((((((((((((   snapshot_2008-08-16_11.43.50.00   )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-09-09 04:20:22	38,240	----a-r	C:\WINDOWS\Installer\{90120000-0020-0415-0000-0000000FF1CE}\O12ConvIcon.exe
- 2008-08-04 18:16:02	25,214	----a-r	C:\WINDOWS\Installer\{B28B351F-1232-46EA-85EF-B8EA91641045}\ARPPRODUCTICON.exe
+ 2008-09-16 09:46:48	25,214	----a-r	C:\WINDOWS\Installer\{B28B351F-1232-46EA-85EF-B8EA91641045}\ARPPRODUCTICON.exe
- 2008-07-30 21:56:10	16,384	----a-w	C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-09-19 21:29:41	16,384	----a-w	C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-07-30 21:56:10	32,768	----a-w	C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat
+ 2008-09-19 21:29:41	32,768	----a-w	C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat
- 2008-07-30 21:56:10	32,768	----a-w	C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat
+ 2008-09-19 21:29:41	32,768	----a-w	C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat
- 2008-08-15 19:00:31	187,920	----a-w	C:\WINDOWS\system32\drivers\klif.sys
+ 2008-09-16 13:47:27	213,008	----a-w	C:\WINDOWS\system32\drivers\klif.sys
- 2008-08-15 19:05:31	1,450,120	----a-w	C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-09-19 21:29:51	1,468,128	----a-w	C:\WINDOWS\system32\FNTCACHE.DAT
+ 2007-11-02 13:34:40	23,552	----a-w	C:\WINDOWS\system32\INETWH32.dll
+ 2005-06-20 17:11:20	285,472	----a-w	C:\WINDOWS\system32\itiimg3.dll
+ 2007-11-02 13:34:40	296,448	----a-w	C:\WINDOWS\system32\midas.dll
+ 2007-11-02 13:34:40	351,232	----a-w	C:\WINDOWS\system32\RoboEx32.dll
- 2003-07-28 13:06:38	117,231	----a-w	C:\WINDOWS\system32\spool\drivers\w32x86\3\hpf3xo09.dat
+ 2003-11-08 01:45:29	117,231	----a-w	C:\WINDOWS\system32\spool\drivers\w32x86\3\hpf3xo09.dat
- 2003-07-28 12:31:44	204,800	----a-w	C:\WINDOWS\system32\spool\drivers\w32x86\3\hpz2ku09.dll
+ 2003-11-08 01:45:30	204,800	----a-w	C:\WINDOWS\system32\spool\drivers\w32x86\3\hpz2ku09.dll
- 2003-07-28 13:16:06	245,760	----a-w	C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzcfg09.exe
+ 2003-11-08 01:45:30	245,760	----a-w	C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzcfg09.exe
- 2003-07-28 13:12:06	208,896	----a-w	C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzcoi09.dll
+ 2003-11-08 01:45:30	208,896	----a-w	C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzcoi09.dll
- 2003-07-28 13:12:56	270,336	----a-w	C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzcon09.dll
+ 2003-11-08 01:45:30	270,336	----a-w	C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzcon09.dll
- 2003-07-28 12:58:00	643,072	----a-w	C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzeng09.exe
+ 2003-11-08 01:45:30	643,072	----a-w	C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzeng09.exe
- 2003-07-28 13:45:32	81,920	----a-w	C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzflt09.dll
+ 2003-11-08 01:45:30	81,920	----a-w	C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzflt09.dll
- 2003-06-19 10:45:22	221,184	----a-w	C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzime09.dll
+ 2003-11-08 01:45:30	221,184	----a-w	C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzime09.dll
- 2003-07-28 13:17:18	200,704	----a-w	C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzjui09.dll
+ 2003-11-08 01:45:30	200,704	----a-w	C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzjui09.dll
- 2003-07-28 13:18:48	147,512	----a-w	C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzlnt09.dll
+ 2003-11-08 01:45:30	147,512	----a-w	C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzlnt09.dll
- 2003-07-28 12:42:08	479,232	----a-w	C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzpm309.dll
+ 2003-11-08 01:45:30	479,232	----a-w	C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzpm309.dll
- 2003-07-28 13:25:58	335,872	----a-w	C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzpre09.exe
+ 2003-11-08 01:45:30	335,872	----a-w	C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzpre09.exe
- 2003-07-28 12:46:46	9,691,136	----a-w	C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzr3209.dll
+ 2003-11-08 01:45:32	9,740,288	----a-w	C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzr3209.dll
- 2002-10-30 10:10:22	49,152	----a-w	C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzrer09.dll
+ 2003-11-08 01:45:32	49,152	----a-w	C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzrer09.dll
- 2003-06-19 10:46:06	380,928	----a-w	C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzres09.dll
+ 2003-11-08 01:45:32	380,928	----a-w	C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzres09.dll
- 2003-07-28 12:35:30	319,488	----a-w	C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzrm309.dll
+ 2003-11-08 01:45:32	327,680	----a-w	C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzrm309.dll
- 2003-07-28 13:40:56	376,832	----a-w	C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzstc09.exe
+ 2003-11-08 01:45:32	376,832	----a-w	C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzstc09.exe
- 2003-07-28 13:06:08	172,032	----a-w	C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzstw09.exe
+ 2003-11-08 01:45:32	172,032	----a-w	C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzstw09.exe
- 2003-07-28 13:44:18	73,728	----a-w	C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztbi09.dll
+ 2003-11-08 01:45:32	73,728	----a-w	C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztbi09.dll
- 2003-07-28 13:43:44	188,416	----a-w	C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztbu09.exe
+ 2003-11-08 01:45:32	188,416	----a-w	C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztbu09.exe
- 2003-07-28 13:34:24	442,368	----a-w	C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztbx09.exe
+ 2003-11-08 01:45:32	442,368	----a-w	C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztbx09.exe
+ 2003-11-08 01:45:32	188,416	----a-w	C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
- 2003-07-28 13:44:50	163,891	----a-w	C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzvip09.dll
+ 2003-11-08 01:45:32	163,891	----a-w	C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzvip09.dll
+ 2003-11-08 01:45:29	117,231	----a-w	C:\WINDOWS\system32\spool\drivers\w32x86\hpdeskjet_51003913\hpf3xo09.dat
+ 2003-11-08 01:45:30	204,800	----a-w	C:\WINDOWS\system32\spool\drivers\w32x86\hpdeskjet_51003913\hpz2ku09.dll
+ 2003-11-08 01:45:30	245,760	----a-w	C:\WINDOWS\system32\spool\drivers\w32x86\hpdeskjet_51003913\hpzcfg09.exe
+ 2003-11-08 01:45:30	208,896	----a-w	C:\WINDOWS\system32\spool\drivers\w32x86\hpdeskjet_51003913\hpzcoi09.dll
+ 2003-11-08 01:45:30	270,336	----a-w	C:\WINDOWS\system32\spool\drivers\w32x86\hpdeskjet_51003913\hpzcon09.dll
+ 2003-11-08 01:45:30	643,072	----a-w	C:\WINDOWS\system32\spool\drivers\w32x86\hpdeskjet_51003913\hpzeng09.exe
+ 2003-11-08 01:45:30	81,920	----a-w	C:\WINDOWS\system32\spool\drivers\w32x86\hpdeskjet_51003913\hpzflt09.dll
+ 2003-11-08 01:45:30	221,184	----a-w	C:\WINDOWS\system32\spool\drivers\w32x86\hpdeskjet_51003913\hpzime09.dll
+ 2003-11-08 01:45:30	200,704	----a-w	C:\WINDOWS\system32\spool\drivers\w32x86\hpdeskjet_51003913\hpzjui09.dll
+ 2003-11-08 01:45:30	147,512	----a-w	C:\WINDOWS\system32\spool\drivers\w32x86\hpdeskjet_51003913\hpzlnt09.dll
+ 2003-11-08 01:45:30	479,232	----a-w	C:\WINDOWS\system32\spool\drivers\w32x86\hpdeskjet_51003913\hpzpm309.dll
+ 2003-11-08 01:45:30	335,872	----a-w	C:\WINDOWS\system32\spool\drivers\w32x86\hpdeskjet_51003913\hpzpre09.exe
+ 2003-11-08 01:45:32	9,740,288	----a-w	C:\WINDOWS\system32\spool\drivers\w32x86\hpdeskjet_51003913\hpzr3209.dll
+ 2003-11-08 01:45:32	49,152	----a-w	C:\WINDOWS\system32\spool\drivers\w32x86\hpdeskjet_51003913\hpzrer09.dll
+ 2003-11-08 01:45:32	380,928	----a-w	C:\WINDOWS\system32\spool\drivers\w32x86\hpdeskjet_51003913\hpzres09.dll
+ 2003-11-08 01:45:32	327,680	----a-w	C:\WINDOWS\system32\spool\drivers\w32x86\hpdeskjet_51003913\hpzrm309.dll
+ 2003-11-08 01:45:32	376,832	----a-w	C:\WINDOWS\system32\spool\drivers\w32x86\hpdeskjet_51003913\hpzstc09.exe
+ 2003-11-08 01:45:32	172,032	----a-w	C:\WINDOWS\system32\spool\drivers\w32x86\hpdeskjet_51003913\hpzstw09.exe
+ 2003-11-08 01:45:32	73,728	----a-w	C:\WINDOWS\system32\spool\drivers\w32x86\hpdeskjet_51003913\hpztbi09.dll
+ 2003-11-08 01:45:32	188,416	----a-w	C:\WINDOWS\system32\spool\drivers\w32x86\hpdeskjet_51003913\hpztbu09.exe
+ 2003-11-08 01:45:32	442,368	----a-w	C:\WINDOWS\system32\spool\drivers\w32x86\hpdeskjet_51003913\hpztbx09.exe
+ 2003-11-08 01:45:32	163,891	----a-w	C:\WINDOWS\system32\spool\drivers\w32x86\hpdeskjet_51003913\hpzvip09.dll
+ 2005-09-22 21:48:08	479,232	----a-w	C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcm80.dll
+ 2005-09-22 21:48:08	548,864	----a-w	C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcp80.dll
+ 2005-09-22 21:48:06	626,688	----a-w	C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcr80.dll
.
-- Snapshot reset to current date --
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2008-03-20 12:04 2127296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-16 14:01 13529088]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-16 14:01 86016]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-08-02 21:59 185896]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2008-04-25 18:21 201992]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 11:24 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 19:51 233472]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-11-08 03:45 188416]
"RTHDCPL"="RTHDCPL.EXE" [2008-06-27 11:23 16875008 C:\WINDOWS\RTHDCPL.exe]
"SoundMan"="SOUNDMAN.EXE" [2008-06-18 18:01 77824 C:\WINDOWS\SoundMan.exe]
"AlcWzrd"="ALCWZRD.EXE" [2008-06-19 16:42 2808832 C:\WINDOWS\alcwzrd.exe]
"nwiz"="nwiz.exe" [2008-05-16 14:01 1630208 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:44 15360]

C:\Documents and Settings\Tomek i Agata\Menu Start\Programy\Autostart\
GIGABYTE Gamer HUD.lnk - C:\Documents and Settings\Tomek i Agata\Dane aplikacji\Microsoft\Installer\{1A3210EE-7494-4879-9270-A721ED7F9947}\HUD.exe1_1A3210EE749448799270A721ED7F9947.exe [2008-07-30 14:58:08 40960]
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 16:41:28 393216]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
BOOKcase 4.0.lnk - C:\Program Files\TEXTware\BOOKcase40\BC40CASE.exe [2008-08-04 20:01:51 426028]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i263_32.drv

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 02:38 34672 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
--a------ 2007-07-02 12:27 219520 C:\Program Files\Alcohol Soft\Alcohol 120\AxCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]
--a------ 2006-08-01 17:04 3313664 C:\Program Files\BearShare\BearShare.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2006-12-23 18:05 143360 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyTuneVPro]
--a------ 2007-07-26 15:05 20480 C:\Program Files\GIGABYTE\ET5Pro\ETcall.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2005-08-11 16:30 249856 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2005-08-11 16:30 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-08-04 00:44 1667584 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 15:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 04:27 144784 C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-08-02 21:59 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\GRY\\Assasin's Creed\\AssassinsCreed_Dx9.exe"=
"D:\\GRY\\Assasin's Creed\\AssassinsCreed_Dx10.exe"=
"D:\\GRY\\Assasin's Creed\\AssassinsCreed_Launcher.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\BearShare\\BearShare.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"D:\\Program Files\\Sierra\\FEAR\\FEAR.exe"=
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"E:\\Program Files\\Codemasters\\DiRT\\DiRT.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"E:\\Program Files\\valve\\hlsw.exe"=
"E:\\Program Files\\valve\\hl.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 18:29]
R0 pe3ah4nc;DiRT Environment Driver (pe3ah4nc);C:\WINDOWS\system32\drivers\pe3ah4nc.sys [2007-05-18 21:53]
R0 ps6ah4nc;DiRT Synchronization Driver (ps6ah4nc);C:\WINDOWS\system32\drivers\ps6ah4nc.sys [2007-05-18 21:52]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-03-25 20:07]
S2 pr2ah4nc;DiRT Drivers Auto Removal (pr2ah4nc);C:\WINDOWS\system32\pr2ah4nc.exe svc []
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Komunikator - C:\Program Files\Tlen.pl\tlen.exe
MSConfigStartUp-DAEMON Tools Lite - C:\Program Files\DAEMON Tools Lite\daemon.exe
MSConfigStartUp-Flashget - C:\Program Files\FlashGet\FlashGet.exe
MSConfigStartUp-Komunikator - C:\Program Files\Tlen.pl\tlen.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Tomek i Agata\Dane aplikacji\Mozilla\Firefox\Profiles\qb4ed8hd.default\


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-16 17:57:46
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-10-16 17:59:27
ComboFix-quarantined-files.txt  2008-10-16 15:59:25
ComboFix2.txt  2008-08-16 09:44:18
ComboFix3.txt  2008-08-05 15:21:43

Pre-Run: 2,354,864,128 bajtów wolnych
Post-Run: 2,447,196,160 bajtów wolnych

266
Z góry dzięki za pomoc.
0
Do góry
#2 ordynat

Zaawansowany użytkownik
804 postów
Napisano 16 10 2008 - 20:13
2008-09-02 13:39 2,743 ----a-w C:\Documents and Settings\Tomek i Agata\svchosts.exe
W tej lokalizacji nie powinno być żadnego pliku o rozszerzeniu *.exe, a tym bardziej jakiegoś dziwadła "svchosts.exe".

Sprawdź go na --> http://virusscan.jotti.org/
albo na http://www.virustotal.com/en/indexf.html.

ordynat