Wykryto wyłączony javascript

Aktualnie masz wyłączony javascript. Kilka funkcji może nie działać. Włącz ponownie javascript, aby korzystać z pełnej funkcjonalności.

Logi - Spowolniony system

Rozpoczęty przez Kuba793 , 30 05 2008 12:37

Temat jest zamknięty

12 odpowiedzi w tym temacie

#1 Kuba793

Początkujący

10 postów

Napisano 30 05 2008 - 12:37

Tak jak w temcie, problem z kompem: to sa moje logi

HijackThis

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:30:51, on 2008-05-30Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:D:\WINDOWS\System32\smss.exeD:\WINDOWS\system32\winlogon.exeD:\WINDOWS\system32\services.exeD:\WINDOWS\system32\lsass.exeD:\WINDOWS\system32\svchost.exeD:\WINDOWS\System32\svchost.exeD:\Program Files\Alwil Software\Avast4\aswUpdSv.exeD:\Program Files\Alwil Software\Avast4\ashServ.exeD:\WINDOWS\system32\spoolsv.exeD:\WINDOWS\Explorer.EXED:\Program Files\Bonjour\mDNSResponder.exeD:\WINDOWS\system32\nvsvc32.exeD:\Program Files\Analog Devices\SoundMAX\SMAgent.exeD:\PROGRA~1\NEOSTR~1\CnxMon.exeD:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exeD:\PROGRA~1\NEOSTR~1\TaskbarIcon.exeD:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeD:\WINDOWS\system32\RUNDLL32.EXED:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exeD:\Program Files\Alwil Software\Avast4\ashMaiSv.exeD:\Program Files\Analog Devices\SoundMAX\Smax4.exeD:\Program Files\Alwil Software\Avast4\ashWebSv.exeD:\Program Files\Common Files\Real\Update_OB\realsched.exeD:\WINDOWS\system32\ctfmon.exeD:\Program Files\Windows Live\Messenger\MsnMsgr.ExeD:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeD:\Program Files\Gadu-Gadu\gg.exeD:\Program Files\Winamp Remote\bin\OrbTray.exeD:\PROGRA~1\NEOSTR~1\NeostradaTP.exeD:\PROGRA~1\NEOSTR~1\ComComp.exeD:\WINDOWS\system32\wuauclt.exeD:\PROGRA~1\NEOSTR~1\Watch.exeD:\Program Files\Internet Explorer\iexplore.exeD:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exeD:\Program Files\Windows Live\Messenger\usnsvc.exeD:\WINDOWS\system32\wuauclt.exeD:\Program Files\Internet Explorer\iexplore.exeD:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.google.pl"]http://www.google.pl[/url]R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TPR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ŁączaR3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - D:\PROGRA~1\NEOSTR~1\SEARCH~1.DLLO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dllO2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dllO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dllO4 - HKLM\..\Run: [WooCnxMon] D:\PROGRA~1\NEOSTR~1\CnxMon.exeO4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "D:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /iconO4 - HKLM\..\Run: [WOOWATCH] D:\PROGRA~1\NEOSTR~1\Watch.exeO4 - HKLM\..\Run: [WOOTASKBARICON] D:\PROGRA~1\NEOSTR~1\TaskbarIcon.exeO4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [SoundMAXPnP] D:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exeO4 - HKLM\..\Run: [SoundMAX] "D:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /trayO4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osbootO4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /backgroundO4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeO4 - HKCU\..\Run: [Gadu-Gadu] "D:\Program Files\Gadu-Gadu\gg.exe" /trayO4 - HKCU\..\Run: [Orb] "D:\Program Files\Winamp Remote\bin\OrbTray.exe" /backgroundO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exeO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exeO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [url="http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1211118466624"]http://www.update.microsoft.com/windowsupd...b?1211118466624[/url]O17 - HKLM\System\CCS\Services\Tcpip\..\{E6DB18C7-916C-4A6F-9E88-418454FC3051}: NameServer = 194.204.159.1 217.98.63.164O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exeO23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exeO23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - D:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exeO23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - D:\Program Files\WinPcap\rpcapd.exeO23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe--End of file - 6949 bytes

ComboFix

ComboFix 08-05-29.1 - User 1 2008-05-30 12:40:43.1 - NTFSx86Microsoft Windows XP Professional  5.1.2600.3.1250.1.1045.18.674 [GMT 2:00]Running from: D:\Documents and Settings\User 1\Moje dokumenty\@neostrada.pl\ComboFix.exe * Created a new restore point<strong class='bbc'>WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED </strong>.(((((((((((((((((((((((((   Files Created from 2008-04-28 to 2008-05-30  ))))))))))))))))))))))))))))))).2008-05-30 12:30 . 2008-05-30 12:30	<DIR>	d--------	D:\Program Files\Trend Micro2008-05-30 12:19 . 2004-04-10 09:42	2,944	--a------	D:\WINDOWS\system32\mbmiodrvr.sys2008-05-30 12:18 . 2008-05-30 12:19	<DIR>	d--------	D:\Program Files\Motherboard Monitor 52008-05-30 12:01 . 2008-05-30 12:01	<DIR>	d--------	D:\Documents and Settings\All Users\Dane aplikacji\NVIDIA2008-05-29 14:57 . 2008-05-30 12:17	<DIR>	d--------	D:\Program Files\SpeedFan2008-05-29 14:57 . 2008-05-29 14:57	45	--a------	D:\WINDOWS\system32\initdebug.nfo2008-05-29 14:55 . 2008-05-29 14:55	<DIR>	d--------	D:\Program Files\Lavalys2008-05-27 19:14 . 2008-05-27 19:14	<DIR>	dr-h-----	D:\Documents and Settings\User 1\Dane aplikacji\SecuROM2008-05-27 18:52 . 2008-05-27 18:52	<DIR>	d--------	D:\Program Files\KONAMI2008-05-27 17:50 . 2008-05-27 18:41	<DIR>	d--------	D:\PES2008-05-27 17:17 . 2008-05-27 17:17	<DIR>	d--------	D:\PES 20082008-05-27 14:01 . 2008-05-27 14:05	<DIR>	d--------	D:\Program Files\Dziobas Rar Player2008-05-27 13:56 . 2008-05-27 13:56	<DIR>	d--------	D:\Program Files\Common Files\xing shared2008-05-27 13:56 . 2008-05-27 13:56	<DIR>	d--------	D:\Program Files\Common Files\Real2008-05-27 13:50 . 2008-04-14 22:51	221,184	--a------	D:\WINDOWS\system32\wmpns.dll2008-05-27 13:47 . 2008-05-27 13:47	<DIR>	d--------	D:\Program Files\Winamp Remote2008-05-27 13:47 . 2008-05-27 13:47	<DIR>	d--------	D:\Documents and Settings\All Users\Dane aplikacji\OrbNetworks2008-05-27 13:43 . 2008-05-27 13:47	<DIR>	d--------	D:\Program Files\Winamp2008-05-27 13:43 . 2008-05-27 13:49	<DIR>	d--------	D:\Documents and Settings\User 1\Dane aplikacji\Winamp2008-05-26 23:11 . 2008-05-27 14:13	754	--a------	D:\WINDOWS\WORDPAD.INI2008-05-26 21:39 . 2008-05-26 21:39	<DIR>	d--------	D:\Documents and Settings\User 1\AbiSuite2008-05-26 21:38 . 2008-05-26 21:38	<DIR>	d--------	D:\Program Files\AbiSuite22008-05-25 19:49 . 2008-05-25 19:49	<DIR>	d--------	D:\WINDOWS\Cache2008-05-24 16:59 . 2008-05-24 16:59	<DIR>	d--------	D:\Documents and Settings\User 1\Dane aplikacji\Gadu-Gadu2008-05-23 20:24 . 2008-05-23 20:24	<DIR>	d--------	D:\Program Files\Gadu-Gadu2008-05-23 20:24 . 2008-05-23 20:30	<DIR>	d--------	D:\Documents and Settings\User 1\Gadu-Gadu2008-05-22 18:02 . 2008-05-25 12:21	<DIR>	d--------	D:\Documents and Settings\User 1\Dane aplikacji\skypePM2008-05-22 18:02 . 2008-05-22 18:02	56	--ah-----	D:\WINDOWS\system32\ezsidmv.dat2008-05-22 18:01 . 2008-05-22 18:01	<DIR>	d--------	D:\Program Files\Google2008-05-22 18:00 . 2008-05-25 13:05	<DIR>	d--------	D:\Documents and Settings\All Users\Dane aplikacji\Skype2008-05-22 17:43 . 2008-05-22 17:43	<DIR>	d--------	D:\Program Files\Teamspeak2_RC22008-05-22 17:43 . 2008-05-22 17:49	<DIR>	d--------	D:\Documents and Settings\User 1\Dane aplikacji\teamspeak22008-05-22 17:43 . 2008-05-22 17:43	34,064	--a------	D:\WINDOWS\system32\lhacm.acm2008-05-22 16:36 . 2008-05-22 16:39	<DIR>	d--------	D:\Program Files\FastStone Screen Capture2008-05-22 13:31 . 2008-05-22 13:31	<DIR>	d--------	D:\Documents and Settings\All Users\Dane aplikacji\FLEXnet2008-05-22 13:25 . 2008-05-22 13:25	<DIR>	d--------	D:\Program Files\Bonjour2008-05-22 13:16 . 2008-05-22 13:16	<DIR>	d--------	D:\Program Files\Common Files\Macrovision Shared2008-05-21 16:44 . 2008-05-21 16:44	<DIR>	d--------	D:\Program Files\Analog Devices2008-05-21 16:43 . 2000-03-29 08:17	5,824	--a------	D:\WINDOWS\system32\drivers\ASUSHWIO.SYS2008-05-21 16:43 . 2008-05-21 16:43	3,455	--a------	D:\WINDOWS\Ascd_tmp.ini2008-05-20 18:26 . 2005-01-22 21:12	679,936	--a------	D:\WINDOWS\system32\D3DX81ab.dll2008-05-20 15:32 . 2008-05-20 15:32	<DIR>	d--------	D:\Program Files\WinPcap2008-05-20 15:32 . 2008-05-20 22:47	<DIR>	d--------	D:\Program Files\WC3Banlist2008-05-20 13:54 . 2008-05-25 19:52	<DIR>	d--------	D:\Program Files\Common Files\Adobe2008-05-19 21:43 . 2008-05-19 21:43	0	--a------	D:\WINDOWS\nsreg.dat2008-05-18 17:45 . 2008-05-18 18:05	139,264	--a------	D:\WINDOWS\War3Unin.exe2008-05-18 17:45 . 2008-05-18 19:13	77,705	--a------	D:\WINDOWS\War3Unin.dat2008-05-18 17:45 . 2008-05-18 18:05	2,829	--a------	D:\WINDOWS\War3Unin.pif2008-05-18 17:40 . 2008-05-28 21:01	<DIR>	d--------	D:\Program Files\Warcraft III2008-05-18 17:00 . 2008-04-14 02:17	25,856	--a------	D:\WINDOWS\system32\drivers\usbprint.sys2008-05-18 17:00 . 2001-08-17 23:59	3,072	--a------	D:\WINDOWS\system32\drivers\audstub.sys2008-04-15 00:51 . 2008-04-14 23:09	483,840	--a------	D:\WINDOWS\system32\wzcsvc.dll2008-04-15 00:51 . 2008-04-14 23:09	294,912	--a------	D:\WINDOWS\system32\msh263.drv2008-04-15 00:51 . 2008-04-14 23:09	52,736	--a------	D:\WINDOWS\system32\wzcsapi.dll2008-04-15 00:51 . 2008-04-14 22:51	23,552	--a------	D:\WINDOWS\system32\wdmaud.drv2008-04-15 00:51 . 2008-04-14 22:51	23,552	--a--c---	D:\WINDOWS\system32\dllcache\wdmaud.drv2008-04-15 00:50 . 2008-04-14 23:09	55,296	--a------	D:\WINDOWS\system32\dmutil.dll2008-04-15 00:50 . 2008-04-14 23:09	49,152	--a------	D:\WINDOWS\system32\cnbjmon.dll2008-04-15 00:50 . 2008-04-14 23:09	47,616	--a------	D:\WINDOWS\system32\iyuv_32.dll2008-04-15 00:50 . 2008-04-14 23:09	35,328	--a------	D:\WINDOWS\system32\pid.dll2008-04-15 00:50 . 2008-04-14 23:09	20,992	--a------	D:\WINDOWS\system32\hid.dll2008-04-15 00:50 . 2008-04-14 23:09	16,896	--a------	D:\WINDOWS\system32\msyuv.dll2008-04-15 00:50 . 2008-04-14 23:09	15,360	--a------	D:\WINDOWS\system32\pjlmon.dll2008-04-15 00:03 . 2008-04-14 23:09	80,256	--a------	D:\WINDOWS\system32\drivers\parport.sys2008-04-15 00:03 . 2008-04-14 23:09	46,848	--a------	D:\WINDOWS\system32\drivers\p3.sys2008-04-14 23:59 . 2008-04-14 23:09	2,067,200	--a------	D:\WINDOWS\system32\ntkrnlpa.exe2008-04-14 23:47 . 2008-04-14 23:09	40,832	--a------	D:\WINDOWS\system32\drivers\crusoe.sys2008-04-14 23:30 . 2008-04-14 23:09	39,936	--a------	D:\WINDOWS\system32\drivers\processr.sys2008-04-14 23:28 . 2008-04-14 23:09	41,856	--a------	D:\WINDOWS\system32\drivers\amdk7.sys2008-04-14 23:28 . 2008-04-14 23:09	41,472	--a------	D:\WINDOWS\system32\drivers\amdk6.sys2008-04-14 23:25 . 2008-04-14 23:09	23,296	--a------	D:\WINDOWS\system32\drivers\mouclass.sys2008-04-14 23:24 . 2008-04-14 23:09	30,208	--a------	D:\WINDOWS\system32\drivers\modem.sys2008-04-14 23:16 . 2008-04-14 23:16	1,804	--a------	D:\WINDOWS\system32\Dcache.bin2008-04-14 22:56 . 2008-04-14 22:56	332,288	--a------	D:\WINDOWS\system32\netsetup.exe2008-04-14 22:56 . 2008-04-14 22:56	332,288	--a--c---	D:\WINDOWS\system32\dllcache\netsetup.exe2008-04-14 22:55 . 2008-04-14 22:55	1,202,774	--a--c---	D:\WINDOWS\system32\dllcache\sysmain.sdb2008-04-14 22:55 . 2008-04-14 22:55	785,972	--a--c---	D:\WINDOWS\system32\dllcache\apph_sp.sdb2008-04-14 22:55 . 2008-04-14 22:55	204,396	--a--c---	D:\WINDOWS\system32\dllcache\msimain.sdb2008-04-14 22:55 . 2008-04-14 22:55	85,628	--a--c---	D:\WINDOWS\system32\dllcache\apps.chm2008-04-14 22:55 . 2008-04-14 22:55	9,424	--a--c---	D:\WINDOWS\system32\dllcache\drvmain.sdb2008-04-14 22:54 . 2008-04-14 22:54	237,870	--a--c---	D:\WINDOWS\system32\dllcache\apphelp.sdb2008-04-14 22:49 . 2008-04-14 22:49	1,852,928	--a--c---	D:\WINDOWS\system32\dllcache\acgenral.dll2008-04-14 22:48 . 2008-04-14 22:48	1,449,472	--a------	D:\WINDOWS\system32\winntbbu.dll2008-04-14 22:48 . 2008-04-14 22:48	1,449,472	--a--c---	D:\WINDOWS\system32\dllcache\winntbbu.dll2008-04-14 22:48 . 2008-04-14 22:48	219,648	--a------	D:\WINDOWS\system32\sysmon.ocx2008-04-14 22:48 . 2008-04-14 22:48	219,648	--a--c---	D:\WINDOWS\system32\dllcache\sysmon.ocx2008-04-14 22:48 . 2008-04-14 22:48	61,440	--a------	D:\WINDOWS\system32\tdc.ocx2008-04-14 22:48 . 2008-04-14 22:48	61,440	--a--c---	D:\WINDOWS\system32\dllcache\tdc.ocx2008-04-14 22:48 . 2008-04-14 22:48	5,632	--a------	D:\WINDOWS\system32\wmi.dll2008-04-14 22:48 . 2008-04-14 22:48	5,632	--a--c---	D:\WINDOWS\system32\dllcache\wmi.dll2008-04-14 22:47 . 2008-04-14 22:47	103,424	--a------	D:\WINDOWS\system32\dpcdll.dll2008-04-14 22:47 . 2008-04-14 22:47	103,424	--a--c---	D:\WINDOWS\system32\dllcache\dpcdll.dll2008-04-14 22:47 . 2008-04-14 22:47	86,016	--a------	D:\WINDOWS\system32\sl_anet.acm2008-04-14 22:47 . 2008-04-14 22:47	81,920	--a------	D:\WINDOWS\system32\proctexe.ocx2008-04-14 22:47 . 2008-04-14 22:47	81,920	--a--c---	D:\WINDOWS\system32\dllcache\proctexe.ocx2008-04-14 22:47 . 2008-04-14 22:47	57,375	--a------	D:\WINDOWS\system32\odbcji32.dll2008-04-14 22:47 . 2008-04-14 22:47	57,375	--a--c---	D:\WINDOWS\system32\dllcache\odbcji32.dll2008-04-14 22:46 . 2008-04-14 22:46	110,592	--a------	D:\WINDOWS\system32\msscript.ocx2008-04-14 22:46 . 2008-04-14 22:46	110,592	--a--c---	D:\WINDOWS\system32\dllcache\msscript.ocx2008-04-14 22:43 . 2008-04-14 22:43	847,386	--a------	D:\WINDOWS\system32\msdxm.ocx2008-04-14 22:43 . 2008-04-14 22:43	847,386	--a--c---	D:\WINDOWS\system32\dllcache\msdxm.ocx2008-04-14 22:43 . 2008-04-14 22:43	177,152	--a------	D:\WINDOWS\system32\MSCTFIME.IME2008-04-14 22:43 . 2008-04-14 22:43	177,152	--a--c---	D:\WINDOWS\system32\dllcache\msctfime.ime2008-04-14 22:43 . 2008-04-14 22:43	4,126	--a------	D:\WINDOWS\system32\msdxmlc.dll2008-04-14 22:43 . 2008-04-14 22:43	4,126	--a--c---	D:\WINDOWS\system32\dllcache\msdxmlc.dll2008-04-14 22:42 . 2008-04-14 22:42	294,912	--a------	D:\WINDOWS\system32\msaud32.acm2008-04-14 22:42 . 2008-04-14 22:42	14,848	--a------	D:\WINDOWS\system32\msadp32.acm2008-04-14 22:42 . 2008-04-14 22:42	3,584	--a------	D:\WINDOWS\system32\msafd.dll2008-04-14 22:42 . 2008-04-14 22:42	3,584	--a--c---	D:\WINDOWS\system32\dllcache\msafd.dll2008-04-14 22:40 . 2008-04-14 22:40	290,816	--a------	D:\WINDOWS\system32\l3codeca.acm2008-04-14 22:36 . 2008-04-14 22:36	16,384	--a------	D:\WINDOWS\system32\imaadp32.acm2008-04-14 22:36 . 2008-04-14 22:36	3,584	--a------	D:\WINDOWS\system32\icmp.dll2008-04-14 22:36 . 2008-04-14 22:36	3,584	--a--c---	D:\WINDOWS\system32\dllcache\icmp.dll2008-04-14 22:35 . 2008-04-14 22:35	569,856	--a------	D:\WINDOWS\system32\gpedit.dll2008-04-14 22:35 . 2008-04-14 22:35	569,856	--a--c---	D:\WINDOWS\system32\dllcache\gpedit.dll2008-04-14 22:35 . 2008-04-14 22:35	545,280	--a------	D:\WINDOWS\system32\hhctrl.ocx2008-04-14 22:35 . 2008-04-14 22:35	545,280	--a--c---	D:\WINDOWS\system32\dllcache\hhctrl.ocx2008-04-14 22:35 . 2008-04-14 22:35	9,344	--a------	D:\WINDOWS\system32\framebuf.dll2008-04-14 22:35 . 2008-04-14 22:35	9,344	--a--c---	D:\WINDOWS\system32\dllcache\framebuf.dll2008-04-14 22:33 . 2008-04-14 22:33	24,064	--a------	D:\WINDOWS\system32\pidgen.dll2008-04-14 22:33 . 2008-04-14 22:33	24,064	--a--c---	D:\WINDOWS\system32\dllcache\pidgen.dll2008-04-14 22:33 . 2008-04-14 22:33	3,072	--a------	D:\WINDOWS\system32\dpnlobby.dll2008-04-14 22:33 . 2008-04-14 22:33	3,072	--a------	D:\WINDOWS\system32\dpnaddr.dll2008-04-14 22:33 . 2008-04-14 22:33	3,072	--a--c---	D:\WINDOWS\system32\dllcache\dpnlobby.dll2008-04-14 22:33 . 2008-04-14 22:33	3,072	--a--c---	D:\WINDOWS\system32\dllcache\dpnaddr.dll.((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-05-30 10:38	---------	d-----w	D:\Program Files\Neostrada TP2008-05-27 17:14	107,888	----a-w	D:\WINDOWS\system32\CmdLineExt.dll2008-05-27 17:14	---------	d--h--w	D:\Program Files\InstallShield Installation Information2008-05-18 13:59	---------	d-----w	D:\Program Files\Windows Live2008-05-18 13:56	---------	dcsh--w	D:\Program Files\Common Files\WindowsLiveInstaller2008-05-18 13:54	---------	d-----w	D:\Documents and Settings\All Users\Dane aplikacji\WLInstaller2008-05-18 13:47	---------	d-----w	D:\Program Files\Common Files\InstallShield2008-05-18 13:40	---------	d-----w	D:\Program Files\Alwil Software2008-05-18 13:27	---------	d-----w	D:\Program Files\Thomson2008-05-18 13:26	---------	d-----w	D:\Program Files\Java Web Start2008-05-18 13:07	---------	d-----w	D:\Program Files\microsoft frontpage2008-05-18 13:04	---------	d-----w	D:\Program Files\Usługi online2008-04-14 23:04	1,246,357	----a-r	D:\WINDOWS\SET3.tmp2008-04-14 22:56	16,825	----a-r	D:\WINDOWS\SET8.tmp2008-04-14 22:56	1,088,840	----a-r	D:\WINDOWS\SET4.tmp2008-04-14 22:50	77,312	----a-w	D:\WINDOWS\system32\usbui.dll2008-04-14 22:50	75,776	----a-w	D:\WINDOWS\system32\storprop.dll2008-04-14 21:46	5,504	----a-w	D:\WINDOWS\system32\drivers\intelide.sys2008-04-14 21:35	58,880	----a-w	D:\WINDOWS\system32\drivers\redbook.sys2008-04-14 20:52	92,424	----a-w	D:\WINDOWS\system32\rdpdd.dll2008-04-14 20:52	87,176	----a-w	D:\WINDOWS\system32\rdpwsx.dll2008-04-14 20:52	40,840	----a-w	D:\WINDOWS\system32\drivers\termdd.sys2008-04-14 20:52	21,896	----a-w	D:\WINDOWS\system32\drivers\tdtcp.sys2008-04-14 20:52	139,656	----a-w	D:\WINDOWS\system32\drivers\rdpwd.sys2008-04-14 20:52	12,168	----a-w	D:\WINDOWS\system32\tsddd.dll2008-04-14 20:52	12,040	----a-w	D:\WINDOWS\system32\drivers\tdpipe.sys2008-04-14 20:50	999,936	----a-w	D:\WINDOWS\system32\syssetup.dll2008-04-14 20:49	98,304	----a-w	D:\WINDOWS\system32\actxprxy.dll2008-04-14 20:39	7,680	----a-w	D:\WINDOWS\system32\kbdsmsno.dll2008-04-14 20:04	73,472	----a-w	D:\WINDOWS\system32\drivers\sr.sys2008-04-14 19:45	49,664	----a-w	D:\WINDOWS\system32\inetres.dll2008-04-14 00:06	42,368	----a-w	D:\WINDOWS\system32\drivers\AGP440.SYS2008-04-13 22:49	146,048	----a-w	D:\WINDOWS\system32\drivers\portcls.sys2008-04-13 22:47	83,072	----a-w	D:\WINDOWS\system32\drivers\wdmaud.sys2008-04-13 22:45	60,800	----a-w	D:\WINDOWS\system32\drivers\sysaudio.sys2008-04-13 22:27	41,472	----a-w	D:\WINDOWS\system32\drivers\raspppoe.sys2008-04-13 22:27	40,576	----a-w	D:\WINDOWS\system32\drivers\ndproxy.sys2008-04-13 22:27	34,560	----a-w	D:\WINDOWS\system32\drivers\wanarp.sys2008-04-13 22:27	20,864	----a-w	D:\WINDOWS\system32\drivers\ipinip.sys2008-04-13 22:27	152,832	----a-w	D:\WINDOWS\system32\drivers\ipnat.sys2008-04-13 22:27	14,336	----a-w	D:\WINDOWS\system32\drivers\asyncmac.sys2008-04-13 22:27	10,112	----a-w	D:\WINDOWS\system32\drivers\ndistapi.sys2008-04-13 22:26	69,120	----a-w	D:\WINDOWS\system32\drivers\psched.sys2008-04-13 22:26	35,072	----a-w	D:\WINDOWS\system32\drivers\msgpc.sys2008-04-13 22:26	34,688	----a-w	D:\WINDOWS\system32\drivers\netbios.sys2008-04-13 22:26	30,592	----a-w	D:\WINDOWS\system32\drivers\rndismp.sys2008-04-13 22:26	12,800	----a-w	D:\WINDOWS\system32\drivers\usb8023.sys2008-04-13 22:24	11,264	----a-w	D:\WINDOWS\system32\drivers\irenum.sys2008-04-13 22:15	60,160	----a-w	D:\WINDOWS\system32\drivers\drmk.sys2008-04-13 22:15	6,272	----a-w	D:\WINDOWS\system32\drivers\splitter.sys2008-04-13 22:15	56,576	----a-w	D:\WINDOWS\system32\drivers\swmidi.sys2008-04-13 22:15	52,864	----a-w	D:\WINDOWS\system32\drivers\DMusic.sys2008-04-13 22:15	2,944	----a-w	D:\WINDOWS\system32\drivers\drmkaud.sys2008-04-13 22:15	172,416	----a-w	D:\WINDOWS\system32\drivers\kmixer.sys2008-04-13 22:09	7,552	----a-w	D:\WINDOWS\system32\drivers\MSKSSRV.sys2008-04-13 22:09	5,376	----a-w	D:\WINDOWS\system32\drivers\MSPCLOCK.sys2008-04-13 22:09	4,992	----a-w	D:\WINDOWS\system32\drivers\MSPQM.sys2008-04-13 22:03	129,792	----a-w	D:\WINDOWS\system32\drivers\fltMgr.sys2008-04-13 22:02	196,224	----a-w	D:\WINDOWS\system32\drivers\rdpdr.sys2008-04-13 20:09	142,592	----a-w	D:\WINDOWS\system32\drivers\aec.sys.(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="D:\WINDOWS\system32\ctfmon.exe" [2008-04-14 22:51 15360]"MsnMsgr"="D:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]"swg"="D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-24 12:43 68856]"Gadu-Gadu"="D:\Program Files\Gadu-Gadu\gg.exe" [2008-03-20 12:04 2127296]"Orb"="D:\Program Files\Winamp Remote\bin\OrbTray.exe" [2008-04-01 03:54 507904][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"WooCnxMon"="D:\PROGRA~1\NEOSTR~1\CnxMon.exe" [2003-10-16 18:07 24576]"SpeedTouch USB Diagnostics"="D:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 11:38 866816]"WOOWATCH"="D:\PROGRA~1\NEOSTR~1\Watch.exe" [2003-10-16 18:07 20480]"WOOTASKBARICON"="D:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe" [2003-10-16 18:07 53248]"avast!"="D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]"NvCplDaemon"="D:\WINDOWS\system32\NvCpl.dll" [2006-08-11 21:43 7630848]"nwiz"="nwiz.exe" [2006-08-11 21:43 1519616 D:\WINDOWS\system32\nwiz.exe]"NvMediaCenter"="D:\WINDOWS\system32\NvMcTray.dll" [2006-08-11 21:43 86016]"SoundMAXPnP"="D:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 16:28 790528]"TkBellExe"="D:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-05-27 13:56 185896][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="D:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 22:51 15360][HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\system32\\sessmgr.exe"="D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="D:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="D:\\Program Files\\Bonjour\\mDNSResponder.exe"="D:\\Program Files\\Winamp Remote\\bin\\Orb.exe"="D:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"="D:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"="D:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"="D:\\Program Files\\Gadu-Gadu\\gg.exe"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"6112:TCP"= 6112:TCP:Warcraft IIIR1 aswSP;avast! Self Protection;D:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]R2 aswFsBlk;aswFsBlk;D:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]S3 EverestDriver;Lavalys EVEREST Kernel Driver;D:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt [2005-08-18 00:00]S3 NPF;NetGroup Packet Filter Driver;D:\WINDOWS\system32\drivers\npf.sys [2005-08-02 23:10]*Newly Created Service* - CATCHME.**************************************************************************catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url]Rootkit scan 2008-05-30 12:43:18Windows 5.1.2600 Dodatek Service Pack 3 NTFSscanning hidden processes ... scanning hidden autostart entries ...scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EverestDriver]"ImagePath"="\??\D:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt".Completion time: 2008-05-30 12:44:35ComboFix-quarantined-files.txt  2008-05-30 10:44:27Pre-Run: 32,371,056,640 bajtów wolnychPost-Run: 32,649,875,456 bajtów wolnych257

0

Do góry

#2 wncvirus

Leń !

851 postów

Napisano 30 05 2008 - 20:56

Odpal hjt wybierz opcję do a system scan only.Zrobi Ci się log i zaznacz kwadraty obok poniższych wpisów i daj fix

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

Wykonaj:

SmitfraudFix.
Użyj go z opcji "Clean", czyli wpisz 2 i naciśnij ENTER.
Po jego użyciu może zajść potrzeba ustawiania od nowa tapety (czyli prawoklik na ekranie>>właściwości, itd. )
Daj z niego raport z C:\Repport.txt
[quote]Instrukcja obsługi:
1. Zastartuj komputer do trybu awaryjnego co jest opisane TUTAJ.
(można spróbować najpierw usuwać w Trybie Normalnym -często to się udaje)
2.Uruchom SmitfraudFix.exe ( podwójnie go kliknij)
3. Zainicjuje się linia komend i dostaniesz pierwszy z ekranów z prośbą o "wciśniecie jakiegokolwiek klawisza by kontynuować" więc z klawiatury ENTER:
4. Dostaniesz menu wyboru opcji na niebieskim ekranie: wpisz 2 i naciśnij ENTER
5. Zostanie uruchomione czyszczenie właściwe rozpoczęte od zabicia procesu explorer.exe (zniknie Pulpit i pasek zadań).
Następnie padnie pytanie Do you want to clean the registry? - wpisz z klawiatury Y i ENTER,
co zainicjuje usuwania kluczyków i restrykcji tapetek.
6.W dalszej kolejności narzędzie sprawdzi czy plik wininet.dll jest zainfekowany a jeśli tak, to może paść pytanie o podmianę pliku,
o ile czystą kopię znaleziono: Replace infected file? = Y i ENTER. Jeśli „wininet” nie jest zarażony, to to zostanie pominięte.
7.Finalnie może być wymagany reset komputera by ukończyć sprzątanie

po wykonaniu tego daj nowego loga z combofix.

0

Do góry

#3 Kuba793

Początkujący

10 postów

Napisano 30 05 2008 - 22:56

Rapprot.txt

SmitFraudFix v2.323Scan done at 22:52:28,79, 2008-05-30Run from D:\Documents and Settings\User 1\Moje dokumenty\@neostrada.pl\SmitfraudFixOS: Microsoft Windows XP [Wersja 5.1.2600] - Windows_NTThe filesystem type is NTFSFix run in safe mode???????????????????????? SharedTaskScheduler Before SmitFraudFix!Attention, following keys are not inevitably infected!SrchSTS.exe by S!RiSearch SharedTaskScheduler's .dll???????????????????????? Killing process???????????????????????? hosts127.0.0.1	   localhost???????????????????????? VACFixVACFixCredits: Malware Analysis & DiagnosticCode: S!Ri???????????????????????? Winsock2 FixS!Ri's WS2Fix: LSP not Found.???????????????????????? Generic Renos FixGenericRenosFix by S!Ri???????????????????????? Deleting infected files???????????????????????? IEDFixIEDFixCredits: Malware Analysis & DiagnosticCode: S!Ri???????????????????????? 404Fix404FixCredits: Malware Analysis & DiagnosticCode: S!Ri???????????????????????? DNSHKLM\SYSTEM\CCS\Services\Tcpip\..\{E6DB18C7-916C-4A6F-9E88-418454FC3051}: NameServer=194.204.159.1 217.98.63.164HKLM\SYSTEM\CS1\Services\Tcpip\..\{E6DB18C7-916C-4A6F-9E88-418454FC3051}: NameServer=194.204.159.1 217.98.63.164???????????????????????? Deleting Temp Files???????????????????????? Winlogon.System!Attention, following keys are not inevitably infected![HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]"System"=""???????????????????????? Registry Cleaning Registry Cleaning done.  ???????????????????????? SharedTaskScheduler After SmitFraudFix!Attention, following keys are not inevitably infected!SrchSTS.exe by S!RiSearch SharedTaskScheduler's .dll???????????????????????? End

ComboFix:

ComboFix 08-05-29.1 - User 1 2008-05-30 23:01:45.2 - NTFSx86Microsoft Windows XP Professional  5.1.2600.3.1250.1.1045.18.696 [GMT 2:00]Running from: D:\Documents and Settings\User 1\Moje dokumenty\@neostrada.pl\ComboFix.exe<strong class='bbc'>WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED </strong>.(((((((((((((((((((((((((   Files Created from 2008-04-28 to 2008-05-30  ))))))))))))))))))))))))))))))).2008-05-30 22:40 . 2008-05-30 22:52	1,540	--a------	D:\WINDOWS\system32\tmp.reg2008-05-30 22:39 . 2007-09-06 00:22	289,144	--a------	D:\WINDOWS\system32\VCCLSID.exe2008-05-30 22:39 . 2006-04-27 17:49	288,417	--a------	D:\WINDOWS\system32\SrchSTS.exe2008-05-30 22:39 . 2008-05-29 09:35	86,528	--a------	D:\WINDOWS\system32\VACFix.exe2008-05-30 22:39 . 2008-05-18 21:40	82,944	--a------	D:\WINDOWS\system32\IEDFix.exe2008-05-30 22:39 . 2008-05-18 21:40	82,944	--a------	D:\WINDOWS\system32\404Fix.exe2008-05-30 22:39 . 2003-06-05 21:13	53,248	--a------	D:\WINDOWS\system32\Process.exe2008-05-30 22:39 . 2004-07-31 18:50	51,200	--a------	D:\WINDOWS\system32\dumphive.exe2008-05-30 22:39 . 2007-10-04 00:36	25,600	--a------	D:\WINDOWS\system32\WS2Fix.exe2008-05-30 15:06 . 2008-05-30 15:06	<DIR>	d--------	D:\Program Files\Blender Foundation2008-05-30 15:06 . 2008-05-30 15:06	<DIR>	d--------	D:\Documents and Settings\User 1\Dane aplikacji\Blender Foundation2008-05-30 12:30 . 2008-05-30 12:30	<DIR>	d--------	D:\Program Files\Trend Micro2008-05-30 12:19 . 2004-04-10 09:42	2,944	--a------	D:\WINDOWS\system32\mbmiodrvr.sys2008-05-30 12:18 . 2008-05-30 12:19	<DIR>	d--------	D:\Program Files\Motherboard Monitor 52008-05-30 12:01 . 2008-05-30 12:01	<DIR>	d--------	D:\Documents and Settings\All Users\Dane aplikacji\NVIDIA2008-05-29 14:57 . 2008-05-30 20:54	<DIR>	d--------	D:\Program Files\SpeedFan2008-05-29 14:57 . 2008-05-29 14:57	45	--a------	D:\WINDOWS\system32\initdebug.nfo2008-05-29 14:55 . 2008-05-29 14:55	<DIR>	d--------	D:\Program Files\Lavalys2008-05-27 19:14 . 2008-05-27 19:14	<DIR>	dr-h-----	D:\Documents and Settings\User 1\Dane aplikacji\SecuROM2008-05-27 18:52 . 2008-05-27 18:52	<DIR>	d--------	D:\Program Files\KONAMI2008-05-27 17:50 . 2008-05-27 18:41	<DIR>	d--------	D:\PES2008-05-27 17:17 . 2008-05-27 17:17	<DIR>	d--------	D:\PES 20082008-05-27 14:01 . 2008-05-27 14:05	<DIR>	d--------	D:\Program Files\Dziobas Rar Player2008-05-27 13:56 . 2008-05-27 13:56	<DIR>	d--------	D:\Program Files\Common Files\xing shared2008-05-27 13:56 . 2008-05-27 13:56	<DIR>	d--------	D:\Program Files\Common Files\Real2008-05-27 13:50 . 2008-04-14 22:51	221,184	--a------	D:\WINDOWS\system32\wmpns.dll2008-05-27 13:47 . 2008-05-27 13:47	<DIR>	d--------	D:\Program Files\Winamp Remote2008-05-27 13:47 . 2008-05-27 13:47	<DIR>	d--------	D:\Documents and Settings\All Users\Dane aplikacji\OrbNetworks2008-05-27 13:43 . 2008-05-27 13:47	<DIR>	d--------	D:\Program Files\Winamp2008-05-27 13:43 . 2008-05-27 13:49	<DIR>	d--------	D:\Documents and Settings\User 1\Dane aplikacji\Winamp2008-05-26 23:11 . 2008-05-30 13:40	754	--a------	D:\WINDOWS\WORDPAD.INI2008-05-26 21:39 . 2008-05-26 21:39	<DIR>	d--------	D:\Documents and Settings\User 1\AbiSuite2008-05-26 21:38 . 2008-05-26 21:38	<DIR>	d--------	D:\Program Files\AbiSuite22008-05-25 19:49 . 2008-05-25 19:49	<DIR>	d--------	D:\WINDOWS\Cache2008-05-24 16:59 . 2008-05-24 16:59	<DIR>	d--------	D:\Documents and Settings\User 1\Dane aplikacji\Gadu-Gadu2008-05-23 20:24 . 2008-05-23 20:24	<DIR>	d--------	D:\Program Files\Gadu-Gadu2008-05-23 20:24 . 2008-05-23 20:30	<DIR>	d--------	D:\Documents and Settings\User 1\Gadu-Gadu2008-05-22 18:02 . 2008-05-25 12:21	<DIR>	d--------	D:\Documents and Settings\User 1\Dane aplikacji\skypePM2008-05-22 18:02 . 2008-05-22 18:02	56	--ah-----	D:\WINDOWS\system32\ezsidmv.dat2008-05-22 18:01 . 2008-05-22 18:01	<DIR>	d--------	D:\Program Files\Google2008-05-22 18:00 . 2008-05-25 13:05	<DIR>	d--------	D:\Documents and Settings\All Users\Dane aplikacji\Skype2008-05-22 17:43 . 2008-05-22 17:43	<DIR>	d--------	D:\Program Files\Teamspeak2_RC22008-05-22 17:43 . 2008-05-22 17:49	<DIR>	d--------	D:\Documents and Settings\User 1\Dane aplikacji\teamspeak22008-05-22 17:43 . 2008-05-22 17:43	34,064	--a------	D:\WINDOWS\system32\lhacm.acm2008-05-22 16:36 . 2008-05-22 16:39	<DIR>	d--------	D:\Program Files\FastStone Screen Capture2008-05-22 13:31 . 2008-05-22 13:31	<DIR>	d--------	D:\Documents and Settings\All Users\Dane aplikacji\FLEXnet2008-05-22 13:25 . 2008-05-22 13:25	<DIR>	d--------	D:\Program Files\Bonjour2008-05-22 13:16 . 2008-05-22 13:16	<DIR>	d--------	D:\Program Files\Common Files\Macrovision Shared2008-05-21 16:44 . 2008-05-21 16:44	<DIR>	d--------	D:\Program Files\Analog Devices2008-05-21 16:43 . 2000-03-29 08:17	5,824	--a------	D:\WINDOWS\system32\drivers\ASUSHWIO.SYS2008-05-21 16:43 . 2008-05-21 16:43	3,455	--a------	D:\WINDOWS\Ascd_tmp.ini2008-05-20 18:26 . 2005-01-22 21:12	679,936	--a------	D:\WINDOWS\system32\D3DX81ab.dll2008-05-20 15:32 . 2008-05-20 15:32	<DIR>	d--------	D:\Program Files\WinPcap2008-05-20 15:32 . 2008-05-20 22:47	<DIR>	d--------	D:\Program Files\WC3Banlist2008-05-20 13:54 . 2008-05-25 19:52	<DIR>	d--------	D:\Program Files\Common Files\Adobe2008-05-19 21:43 . 2008-05-19 21:43	0	--a------	D:\WINDOWS\nsreg.dat2008-05-18 17:45 . 2008-05-18 18:05	139,264	--a------	D:\WINDOWS\War3Unin.exe2008-05-18 17:45 . 2008-05-18 19:13	77,705	--a------	D:\WINDOWS\War3Unin.dat2008-05-18 17:45 . 2008-05-18 18:05	2,829	--a------	D:\WINDOWS\War3Unin.pif2008-05-18 17:40 . 2008-05-28 21:01	<DIR>	d--------	D:\Program Files\Warcraft III2008-05-18 17:00 . 2008-04-14 02:17	25,856	--a------	D:\WINDOWS\system32\drivers\usbprint.sys2008-05-18 17:00 . 2001-08-17 23:59	3,072	--a------	D:\WINDOWS\system32\drivers\audstub.sys2008-04-15 00:51 . 2008-04-14 23:09	483,840	--a------	D:\WINDOWS\system32\wzcsvc.dll2008-04-15 00:51 . 2008-04-14 23:09	294,912	--a------	D:\WINDOWS\system32\msh263.drv2008-04-15 00:51 . 2008-04-14 23:09	52,736	--a------	D:\WINDOWS\system32\wzcsapi.dll2008-04-15 00:51 . 2008-04-14 22:51	23,552	--a------	D:\WINDOWS\system32\wdmaud.drv2008-04-15 00:51 . 2008-04-14 22:51	23,552	--a--c---	D:\WINDOWS\system32\dllcache\wdmaud.drv2008-04-15 00:50 . 2008-04-14 23:09	55,296	--a------	D:\WINDOWS\system32\dmutil.dll2008-04-15 00:50 . 2008-04-14 23:09	49,152	--a------	D:\WINDOWS\system32\cnbjmon.dll2008-04-15 00:50 . 2008-04-14 23:09	47,616	--a------	D:\WINDOWS\system32\iyuv_32.dll2008-04-15 00:50 . 2008-04-14 23:09	35,328	--a------	D:\WINDOWS\system32\pid.dll2008-04-15 00:50 . 2008-04-14 23:09	20,992	--a------	D:\WINDOWS\system32\hid.dll2008-04-15 00:50 . 2008-04-14 23:09	16,896	--a------	D:\WINDOWS\system32\msyuv.dll2008-04-15 00:50 . 2008-04-14 23:09	15,360	--a------	D:\WINDOWS\system32\pjlmon.dll2008-04-15 00:03 . 2008-04-14 23:09	80,256	--a------	D:\WINDOWS\system32\drivers\parport.sys2008-04-15 00:03 . 2008-04-14 23:09	46,848	--a------	D:\WINDOWS\system32\drivers\p3.sys2008-04-14 23:59 . 2008-04-14 23:09	2,067,200	--a------	D:\WINDOWS\system32\ntkrnlpa.exe2008-04-14 23:47 . 2008-04-14 23:09	40,832	--a------	D:\WINDOWS\system32\drivers\crusoe.sys2008-04-14 23:30 . 2008-04-14 23:09	39,936	--a------	D:\WINDOWS\system32\drivers\processr.sys2008-04-14 23:28 . 2008-04-14 23:09	41,856	--a------	D:\WINDOWS\system32\drivers\amdk7.sys2008-04-14 23:28 . 2008-04-14 23:09	41,472	--a------	D:\WINDOWS\system32\drivers\amdk6.sys2008-04-14 23:25 . 2008-04-14 23:09	23,296	--a------	D:\WINDOWS\system32\drivers\mouclass.sys2008-04-14 23:24 . 2008-04-14 23:09	30,208	--a------	D:\WINDOWS\system32\drivers\modem.sys2008-04-14 23:16 . 2008-04-14 23:16	1,804	--a------	D:\WINDOWS\system32\Dcache.bin2008-04-14 22:56 . 2008-04-14 22:56	332,288	--a------	D:\WINDOWS\system32\netsetup.exe2008-04-14 22:56 . 2008-04-14 22:56	332,288	--a--c---	D:\WINDOWS\system32\dllcache\netsetup.exe2008-04-14 22:55 . 2008-04-14 22:55	1,202,774	--a--c---	D:\WINDOWS\system32\dllcache\sysmain.sdb2008-04-14 22:55 . 2008-04-14 22:55	785,972	--a--c---	D:\WINDOWS\system32\dllcache\apph_sp.sdb2008-04-14 22:55 . 2008-04-14 22:55	204,396	--a--c---	D:\WINDOWS\system32\dllcache\msimain.sdb2008-04-14 22:55 . 2008-04-14 22:55	85,628	--a--c---	D:\WINDOWS\system32\dllcache\apps.chm2008-04-14 22:55 . 2008-04-14 22:55	9,424	--a--c---	D:\WINDOWS\system32\dllcache\drvmain.sdb2008-04-14 22:54 . 2008-04-14 22:54	237,870	--a--c---	D:\WINDOWS\system32\dllcache\apphelp.sdb2008-04-14 22:49 . 2008-04-14 22:49	1,852,928	--a--c---	D:\WINDOWS\system32\dllcache\acgenral.dll2008-04-14 22:48 . 2008-04-14 22:48	1,449,472	--a------	D:\WINDOWS\system32\winntbbu.dll2008-04-14 22:48 . 2008-04-14 22:48	1,449,472	--a--c---	D:\WINDOWS\system32\dllcache\winntbbu.dll2008-04-14 22:48 . 2008-04-14 22:48	219,648	--a------	D:\WINDOWS\system32\sysmon.ocx2008-04-14 22:48 . 2008-04-14 22:48	219,648	--a--c---	D:\WINDOWS\system32\dllcache\sysmon.ocx2008-04-14 22:48 . 2008-04-14 22:48	61,440	--a------	D:\WINDOWS\system32\tdc.ocx2008-04-14 22:48 . 2008-04-14 22:48	61,440	--a--c---	D:\WINDOWS\system32\dllcache\tdc.ocx2008-04-14 22:48 . 2008-04-14 22:48	5,632	--a------	D:\WINDOWS\system32\wmi.dll2008-04-14 22:48 . 2008-04-14 22:48	5,632	--a--c---	D:\WINDOWS\system32\dllcache\wmi.dll2008-04-14 22:47 . 2008-04-14 22:47	103,424	--a------	D:\WINDOWS\system32\dpcdll.dll2008-04-14 22:47 . 2008-04-14 22:47	103,424	--a--c---	D:\WINDOWS\system32\dllcache\dpcdll.dll2008-04-14 22:47 . 2008-04-14 22:47	86,016	--a------	D:\WINDOWS\system32\sl_anet.acm2008-04-14 22:47 . 2008-04-14 22:47	81,920	--a------	D:\WINDOWS\system32\proctexe.ocx2008-04-14 22:47 . 2008-04-14 22:47	81,920	--a--c---	D:\WINDOWS\system32\dllcache\proctexe.ocx2008-04-14 22:47 . 2008-04-14 22:47	57,375	--a------	D:\WINDOWS\system32\odbcji32.dll2008-04-14 22:47 . 2008-04-14 22:47	57,375	--a--c---	D:\WINDOWS\system32\dllcache\odbcji32.dll2008-04-14 22:46 . 2008-04-14 22:46	110,592	--a------	D:\WINDOWS\system32\msscript.ocx2008-04-14 22:46 . 2008-04-14 22:46	110,592	--a--c---	D:\WINDOWS\system32\dllcache\msscript.ocx2008-04-14 22:43 . 2008-04-14 22:43	847,386	--a------	D:\WINDOWS\system32\msdxm.ocx2008-04-14 22:43 . 2008-04-14 22:43	847,386	--a--c---	D:\WINDOWS\system32\dllcache\msdxm.ocx2008-04-14 22:43 . 2008-04-14 22:43	177,152	--a------	D:\WINDOWS\system32\MSCTFIME.IME2008-04-14 22:43 . 2008-04-14 22:43	177,152	--a--c---	D:\WINDOWS\system32\dllcache\msctfime.ime2008-04-14 22:43 . 2008-04-14 22:43	4,126	--a------	D:\WINDOWS\system32\msdxmlc.dll2008-04-14 22:43 . 2008-04-14 22:43	4,126	--a--c---	D:\WINDOWS\system32\dllcache\msdxmlc.dll2008-04-14 22:42 . 2008-04-14 22:42	294,912	--a------	D:\WINDOWS\system32\msaud32.acm2008-04-14 22:42 . 2008-04-14 22:42	14,848	--a------	D:\WINDOWS\system32\msadp32.acm2008-04-14 22:42 . 2008-04-14 22:42	3,584	--a------	D:\WINDOWS\system32\msafd.dll2008-04-14 22:42 . 2008-04-14 22:42	3,584	--a--c---	D:\WINDOWS\system32\dllcache\msafd.dll2008-04-14 22:40 . 2008-04-14 22:40	290,816	--a------	D:\WINDOWS\system32\l3codeca.acm2008-04-14 22:36 . 2008-04-14 22:36	16,384	--a------	D:\WINDOWS\system32\imaadp32.acm2008-04-14 22:36 . 2008-04-14 22:36	3,584	--a------	D:\WINDOWS\system32\icmp.dll2008-04-14 22:36 . 2008-04-14 22:36	3,584	--a--c---	D:\WINDOWS\system32\dllcache\icmp.dll2008-04-14 22:35 . 2008-04-14 22:35	569,856	--a------	D:\WINDOWS\system32\gpedit.dll.((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-05-30 20:58	---------	d-----w	D:\Program Files\Neostrada TP2008-05-27 17:14	107,888	----a-w	D:\WINDOWS\system32\CmdLineExt.dll2008-05-27 17:14	---------	d--h--w	D:\Program Files\InstallShield Installation Information2008-05-18 13:59	---------	d-----w	D:\Program Files\Windows Live2008-05-18 13:56	---------	dcsh--w	D:\Program Files\Common Files\WindowsLiveInstaller2008-05-18 13:54	---------	d-----w	D:\Documents and Settings\All Users\Dane aplikacji\WLInstaller2008-05-18 13:47	---------	d-----w	D:\Program Files\Common Files\InstallShield2008-05-18 13:40	---------	d-----w	D:\Program Files\Alwil Software2008-05-18 13:27	---------	d-----w	D:\Program Files\Thomson2008-05-18 13:26	---------	d-----w	D:\Program Files\Java Web Start2008-05-18 13:07	---------	d-----w	D:\Program Files\microsoft frontpage2008-05-18 13:04	---------	d-----w	D:\Program Files\Usługi online2008-04-14 23:04	1,246,357	----a-r	D:\WINDOWS\SET3.tmp2008-04-14 22:56	16,825	----a-r	D:\WINDOWS\SET8.tmp2008-04-14 22:56	1,088,840	----a-r	D:\WINDOWS\SET4.tmp2008-04-14 22:50	77,312	----a-w	D:\WINDOWS\system32\usbui.dll2008-04-14 22:50	75,776	----a-w	D:\WINDOWS\system32\storprop.dll2008-04-14 21:46	5,504	----a-w	D:\WINDOWS\system32\drivers\intelide.sys2008-04-14 21:35	58,880	----a-w	D:\WINDOWS\system32\drivers\redbook.sys2008-04-14 20:52	92,424	----a-w	D:\WINDOWS\system32\rdpdd.dll2008-04-14 20:52	87,176	----a-w	D:\WINDOWS\system32\rdpwsx.dll2008-04-14 20:52	40,840	----a-w	D:\WINDOWS\system32\drivers\termdd.sys2008-04-14 20:52	21,896	----a-w	D:\WINDOWS\system32\drivers\tdtcp.sys2008-04-14 20:52	139,656	----a-w	D:\WINDOWS\system32\drivers\rdpwd.sys2008-04-14 20:52	12,168	----a-w	D:\WINDOWS\system32\tsddd.dll2008-04-14 20:52	12,040	----a-w	D:\WINDOWS\system32\drivers\tdpipe.sys2008-04-14 20:50	999,936	----a-w	D:\WINDOWS\system32\syssetup.dll2008-04-14 20:49	98,304	----a-w	D:\WINDOWS\system32\actxprxy.dll2008-04-14 20:39	7,680	----a-w	D:\WINDOWS\system32\kbdsmsno.dll2008-04-14 20:04	73,472	----a-w	D:\WINDOWS\system32\drivers\sr.sys2008-04-14 19:45	49,664	----a-w	D:\WINDOWS\system32\inetres.dll2008-04-14 00:06	42,368	----a-w	D:\WINDOWS\system32\drivers\AGP440.SYS2008-04-13 22:49	146,048	----a-w	D:\WINDOWS\system32\drivers\portcls.sys2008-04-13 22:47	83,072	----a-w	D:\WINDOWS\system32\drivers\wdmaud.sys2008-04-13 22:45	60,800	----a-w	D:\WINDOWS\system32\drivers\sysaudio.sys2008-04-13 22:27	41,472	----a-w	D:\WINDOWS\system32\drivers\raspppoe.sys2008-04-13 22:27	40,576	----a-w	D:\WINDOWS\system32\drivers\ndproxy.sys2008-04-13 22:27	34,560	----a-w	D:\WINDOWS\system32\drivers\wanarp.sys2008-04-13 22:27	20,864	----a-w	D:\WINDOWS\system32\drivers\ipinip.sys2008-04-13 22:27	152,832	----a-w	D:\WINDOWS\system32\drivers\ipnat.sys2008-04-13 22:27	14,336	----a-w	D:\WINDOWS\system32\drivers\asyncmac.sys2008-04-13 22:27	10,112	----a-w	D:\WINDOWS\system32\drivers\ndistapi.sys2008-04-13 22:26	69,120	----a-w	D:\WINDOWS\system32\drivers\psched.sys2008-04-13 22:26	35,072	----a-w	D:\WINDOWS\system32\drivers\msgpc.sys2008-04-13 22:26	34,688	----a-w	D:\WINDOWS\system32\drivers\netbios.sys2008-04-13 22:26	30,592	----a-w	D:\WINDOWS\system32\drivers\rndismp.sys2008-04-13 22:26	12,800	----a-w	D:\WINDOWS\system32\drivers\usb8023.sys2008-04-13 22:24	11,264	----a-w	D:\WINDOWS\system32\drivers\irenum.sys2008-04-13 22:15	60,160	----a-w	D:\WINDOWS\system32\drivers\drmk.sys2008-04-13 22:15	6,272	----a-w	D:\WINDOWS\system32\drivers\splitter.sys2008-04-13 22:15	56,576	----a-w	D:\WINDOWS\system32\drivers\swmidi.sys2008-04-13 22:15	52,864	----a-w	D:\WINDOWS\system32\drivers\DMusic.sys2008-04-13 22:15	2,944	----a-w	D:\WINDOWS\system32\drivers\drmkaud.sys2008-04-13 22:15	172,416	----a-w	D:\WINDOWS\system32\drivers\kmixer.sys2008-04-13 22:09	7,552	----a-w	D:\WINDOWS\system32\drivers\MSKSSRV.sys2008-04-13 22:09	5,376	----a-w	D:\WINDOWS\system32\drivers\MSPCLOCK.sys2008-04-13 22:09	4,992	----a-w	D:\WINDOWS\system32\drivers\MSPQM.sys2008-04-13 22:03	129,792	----a-w	D:\WINDOWS\system32\drivers\fltMgr.sys2008-04-13 22:02	196,224	----a-w	D:\WINDOWS\system32\drivers\rdpdr.sys2008-04-13 20:09	142,592	----a-w	D:\WINDOWS\system32\drivers\aec.sys.(((((((((((((((((((((((((((((   snapshot@2008-05-30_12.44.02,70   ))))))))))))))))))))))))))))))))))))))))).- 2008-05-30 10:26:33	2,048	--s-a-w	D:\WINDOWS\bootstat.dat+ 2008-05-30 20:57:22	2,048	--s-a-w	D:\WINDOWS\bootstat.dat- 2008-05-30 10:30:57	39,992	----a-w	D:\WINDOWS\system32\perfc009.dat+ 2008-05-30 21:01:52	39,992	----a-w	D:\WINDOWS\system32\perfc009.dat- 2008-05-30 10:30:57	49,492	----a-w	D:\WINDOWS\system32\perfc015.dat+ 2008-05-30 21:01:52	49,492	----a-w	D:\WINDOWS\system32\perfc015.dat- 2008-05-30 10:30:57	311,604	----a-w	D:\WINDOWS\system32\perfh009.dat+ 2008-05-30 21:01:52	311,604	----a-w	D:\WINDOWS\system32\perfh009.dat- 2008-05-30 10:30:57	355,486	----a-w	D:\WINDOWS\system32\perfh015.dat+ 2008-05-30 21:01:52	355,486	----a-w	D:\WINDOWS\system32\perfh015.dat+ 2008-05-30 20:57:41	16,384	----atw	D:\WINDOWS\Temp\Perflib_Perfdata_454.dat.(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="D:\WINDOWS\system32\ctfmon.exe" [2008-04-14 22:51 15360]"MsnMsgr"="D:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]"swg"="D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-24 12:43 68856]"Gadu-Gadu"="D:\Program Files\Gadu-Gadu\gg.exe" [2008-03-20 12:04 2127296]"Orb"="D:\Program Files\Winamp Remote\bin\OrbTray.exe" [2008-04-01 03:54 507904][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"WooCnxMon"="D:\PROGRA~1\NEOSTR~1\CnxMon.exe" [2003-10-16 18:07 24576]"SpeedTouch USB Diagnostics"="D:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 11:38 866816]"WOOWATCH"="D:\PROGRA~1\NEOSTR~1\Watch.exe" [2003-10-16 18:07 20480]"WOOTASKBARICON"="D:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe" [2003-10-16 18:07 53248]"avast!"="D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]"NvCplDaemon"="D:\WINDOWS\system32\NvCpl.dll" [2006-08-11 21:43 7630848]"nwiz"="nwiz.exe" [2006-08-11 21:43 1519616 D:\WINDOWS\system32\nwiz.exe]"NvMediaCenter"="D:\WINDOWS\system32\NvMcTray.dll" [2006-08-11 21:43 86016]"SoundMAXPnP"="D:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 16:28 790528]"TkBellExe"="D:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-05-27 13:56 185896][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="D:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 22:51 15360][HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\system32\\sessmgr.exe"="D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="D:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="D:\\Program Files\\Bonjour\\mDNSResponder.exe"="D:\\Program Files\\Winamp Remote\\bin\\Orb.exe"="D:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"="D:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"="D:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"="D:\\Program Files\\Gadu-Gadu\\gg.exe"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"6112:TCP"= 6112:TCP:Warcraft IIIR1 aswSP;avast! Self Protection;D:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]R2 aswFsBlk;aswFsBlk;D:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]S3 EverestDriver;Lavalys EVEREST Kernel Driver;D:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt [2005-08-18 00:00]S3 NPF;NetGroup Packet Filter Driver;D:\WINDOWS\system32\drivers\npf.sys [2005-08-02 23:10].**************************************************************************catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url]Rootkit scan 2008-05-30 23:04:35Windows 5.1.2600 Dodatek Service Pack 3 NTFSscanning hidden processes ... scanning hidden autostart entries ...scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EverestDriver]"ImagePath"="\??\D:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt".Completion time: 2008-05-30 23:05:57ComboFix-quarantined-files.txt  2008-05-30 21:05:47ComboFix2.txt  2008-05-30 10:44:36Pre-Run: 32,592,736,256 bajtów wolnychPost-Run: 32,590,311,424 bajtów wolnych270

//
Zamiast CODE używaj CODEBOX dzięki temu fajnie się ta lista zwinie
Wojtex16

0

Do góry

#4 wncvirus

Leń !

851 postów

Napisano 04 06 2008 - 13:57

Logi czyste.

0

Do góry

#5 Kuba793

Początkujący

10 postów

Napisano 05 06 2008 - 21:50

Wiec w czym może tkwić problem? Ściągnąłem SpyBot, tez nie pomoglo, defragmentacja dysków także...

0

Do góry

#6 wncvirus

Leń !

851 postów

Napisano 06 06 2008 - 18:47

Daj może loga z Silenta.

0

Do góry

#7 Jiraya.

Nowy

3 postów

Napisano 07 06 2008 - 13:23

Mam ten sam problem

0

Do góry

#8 Kuba793

Początkujący

10 postów

Napisano 07 06 2008 - 14:29

Logi z Silenta:

"Silent Runners.vbs", revision 58, [url="http://www.silentrunners.org/"]http://www.silentrunners.org/[/url]Operating System: Windows XPOutput limited to non-default values, except where indicated by "{++}"Startup items buried in registry:---------------------------------HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}"CTFMON.EXE" = "D:\WINDOWS\system32\ctfmon.exe" [MS]"MsnMsgr" = ""D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background" [MS]"swg" = "D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" ["Google Inc."]"Gadu-Gadu" = ""D:\Program Files\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu S.A."]"Orb" = ""D:\Program Files\Winamp Remote\bin\OrbTray.exe" /background" ["Orb Networks"]"BitTorrent DNA" = ""D:\Program Files\DNA\btdna.exe"" ["BitTorrent, Inc."]"SpybotSD TeaTimer" = "D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" ["Safer Networking Limited"]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}"WooCnxMon" = "D:\PROGRA~1\NEOSTR~1\CnxMon.exe" [empty string]"SpeedTouch USB Diagnostics" = ""D:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon" ["THOMSON Telecom Belgium"]"WOOWATCH" = "D:\PROGRA~1\NEOSTR~1\Watch.exe" ["France Télécom R&D"]"WOOTASKBARICON" = "D:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe" ["France Télécom R&D"]"avast!" = "D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" ["ALWIL Software"]"NvCplDaemon" = "RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]"NvMediaCenter" = "RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]"SoundMAXPnP" = "D:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" ["Analog Devices, Inc."]"TkBellExe" = ""D:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot" ["RealNetworks, Inc."]"BearShare" = ""D:\Program Files\BearShare\BearShare.exe" /pause" [file not found]"Lexmark X5100 Series" = ""D:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"" ["Lexmark International, Inc."]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{37B85A21-692B-4205-9CAD-2626E4993404}\(Default) = "My Global Search Bar BHO"  -> {HKLM...CLSID} = "My Global Search Bar BHO"                   \InProcServer32\(Default) = "D:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL" ["My Global Search"]{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)  -> {HKLM...CLSID} = "Spybot-S&D IE Protection"                   \InProcServer32\(Default) = "D:\Program Files\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"  -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"                   \InProcServer32\(Default) = "deskpan.dll" [file not found]"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"                   \InProcServer32\(Default) = "D:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]"{3028902F-6374-48b2-8DC6-9725E775B926}" = "IE Microsoft AutoComplete"  -> {HKLM...CLSID} = "IE Microsoft AutoComplete"                   \InProcServer32\(Default) = "D:\WINDOWS\system32\browseui.dll" [MS]"{EFA24E62-B078-11d0-89E4-00C04FC9E26E}" = "History Band"  -> {HKLM...CLSID} = "History Band"                   \InProcServer32\(Default) = "D:\WINDOWS\system32\shdocvw.dll" [MS]"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"  -> {HKLM...CLSID} = "avast"                   \InProcServer32\(Default) = "D:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"  -> {HKLM...CLSID} = "DesktopContext Class"                   \InProcServer32\(Default) = "D:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"  -> {HKLM...CLSID} = "NVIDIA CPL Extension"                   \InProcServer32\(Default) = "D:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"  -> {HKLM...CLSID} = "Desktop Explorer"                   \InProcServer32\(Default) = "D:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"  -> {HKLM...CLSID} = (no title provided)                   \InProcServer32\(Default) = "D:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"  -> {HKLM...CLSID} = "nView Desktop Context Menu"                   \InProcServer32\(Default) = "D:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"  -> {HKLM...CLSID} = "My Sharing Folders"                   \InProcServer32\(Default) = "D:\Program Files\Windows Live\Messenger\fsshext.8.5.1302.1018.dll" [MS]"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"  -> {HKLM...CLSID} = "WinRAR"                   \InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"  -> {HKLM...CLSID} = "RealOne Player Context Menu Class"                   \InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\<<!>> dimsntfy\DLLName = "D:\WINDOWS\System32\dimsntfy.dll" [MS]HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"  -> {HKLM...CLSID} = "avast"                   \InProcServer32\(Default) = "D:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"  -> {HKLM...CLSID} = "WinRAR"                   \InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"  -> {HKLM...CLSID} = "WinRAR"                   \InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"  -> {HKLM...CLSID} = "avast"                   \InProcServer32\(Default) = "D:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"  -> {HKLM...CLSID} = "WinRAR"                   \InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]Group Policies {GPedit.msc branch and setting}:-----------------------------------------------Note: detected settings may not have any effect.HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\"NoDrives" = (REG_DWORD) dword:0x00000000{unrecognized setting}HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\"NoDrives" = (REG_DWORD) dword:0x00000000{unrecognized setting}HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\"HideLegacyLogonScripts" = (REG_DWORD) dword:0x00000000{unrecognized setting}"HideLogoffScripts" = (REG_DWORD) dword:0x00000000{unrecognized setting}"RunLogonScriptSync" = (REG_DWORD) dword:0x00000001{unrecognized setting}"RunStartupScriptSync" = (REG_DWORD) dword:0x00000000{unrecognized setting}"HideStartupScripts" = (REG_DWORD) dword:0x00000000{unrecognized setting}HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|Shutdown: Allow system to be shut down without having to log on}"undockwithoutlogon" = (REG_DWORD) dword:0x00000001{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|Devices: Allow undock without having to log on}"HideLegacyLogonScripts" = (REG_DWORD) dword:0x00000000{unrecognized setting}"HideLogoffScripts" = (REG_DWORD) dword:0x00000000{unrecognized setting}"RunLogonScriptSync" = (REG_DWORD) dword:0x00000001{unrecognized setting}"RunStartupScriptSync" = (REG_DWORD) dword:0x00000000{unrecognized setting}"HideStartupScripts" = (REG_DWORD) dword:0x00000000{unrecognized setting}"DisableRegistryTools" = (REG_DWORD) dword:0x00000000{unrecognized setting}Active Desktop and Wallpaper:-----------------------------Active Desktop may be disabled at this entry:HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellStateDisplayed if Active Desktop enabled and wallpaper not set by Group Policy:HKCU\Software\Microsoft\Internet Explorer\Desktop\General\"Wallpaper" = "D:\WINDOWS\web\wallpaper\Idylla.bmp"Displayed if Active Desktop disabled and wallpaper not set by Group Policy:HKCU\Control Panel\Desktop\"Wallpaper" = "D:\Documents and Settings\User 1\Dane aplikacji\Microsoft\Internet Explorer\Tapeta programu Internet Explorer.bmp"Windows Portable Device AutoPlay Handlers-----------------------------------------HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\BridgeCS3ImportMediaOnArrival\"Provider" = "Adobe Bridge CS3""InvokeProgID" = "Adobe.adobebridge""InvokeVerb" = "launch"HKLM\SOFTWARE\Classes\Adobe.adobebridge\shell\launch\command\(Default) = "D:\Program Files\Adobe\Adobe Bridge CS3\bridgeproxy.exe -v %1" ["Adobe Systems, Inc."]RPCDBurningOnArrival\"Provider" = "RealPlayer""InvokeProgID" = "RealPlayer.CDBurn.6""InvokeVerb" = "open"HKCU\Software\Classes\RealPlayer.CDBurn.6\shell\open\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /burn "%1"" ["RealNetworks, Inc."]RPDeviceOnArrival\"Provider" = "RealPlayer""ProgID" = "RealPlayer.HWEventHandler"HKLM\SOFTWARE\Classes\RealPlayer.HWEventHandler\CLSID\(Default) = "{67E76F1D-BDE2-4052-913C-2752366192D2}"  -> {HKLM...CLSID} = "RealNetworks Scheduler"                   \LocalServer32\(Default) = ""D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -autoplay" ["RealNetworks, Inc."]RPPlayCDAudioOnArrival\"Provider" = "RealPlayer""InvokeProgID" = "RealPlayer.AudioCD.6""InvokeVerb" = "play"HKCU\Software\Classes\RealPlayer.AudioCD.6\shell\play\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe"  /play %1 " ["RealNetworks, Inc."]RPPlayDVDMovieOnArrival\"Provider" = "RealPlayer""InvokeProgID" = "RealPlayer.DVD.6""InvokeVerb" = "play"HKCU\Software\Classes\RealPlayer.DVD.6\shell\play\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe"  /dvd %1 " ["RealNetworks, Inc."]RPPlayMediaOnArrival\"Provider" = "RealPlayer""InvokeProgID" = "RealPlayer.AutoPlay.6""InvokeVerb" = "open"HKCU\Software\Classes\RealPlayer.AutoPlay.6\shell\open\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /autoplay "%1"" ["RealNetworks, Inc."]WinampMTPHandler\"Provider" = "Winamp""ProgID" = "Shell.HWEventHandlerShellExecute""InitCmdLine" = "D:\Program Files\Winamp\winamp.exe"HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"  -> {HKLM...CLSID} = "ShellExecute HW Event Handler"                   \LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]WinampPlayMediaOnArrival\"Provider" = "Winamp""InvokeProgID" = "Winamp.File""InvokeVerb" = "Play"HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\command\(Default) = ""D:\Program Files\Winamp\winamp.exe" "%1"" ["Nullsoft"]HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\DropTarget\CLSID = "{46986115-84D6-459c-8F95-52DD653E532E}"  -> {HKLM...CLSID} = (no title provided)                   \LocalServer32\(Default) = ""D:\Program Files\Winamp\winamp.exe"" ["Nullsoft"]Winsock2 Service Provider DLLs:-------------------------------Namespace Service ProvidersHKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]000000000004\LibraryPath = "D:\Program Files\Bonjour\mdnsNSP.dll" ["Apple Computer, Inc."]Transport Service ProvidersHKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05Toolbars, Explorer Bars, Extensions:------------------------------------ToolbarsHKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\"{37B85A29-692B-4205-9CAD-2626E4993404}"  -> {HKLM...CLSID} = "My Global Search Bar"                   \InProcServer32\(Default) = "D:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL" ["My Global Search"]HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\"{37B85A29-692B-4205-9CAD-2626E4993404}" = (no title provided)  -> {HKLM...CLSID} = "My Global Search Bar"                   \InProcServer32\(Default) = "D:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL" ["My Global Search"]Explorer BarsHKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\HKLM\SOFTWARE\Classes\CLSID\{01002DB2-8170-4D9B-A8B1-DDC9DD114E03}\(Default) = "Volet Wanadoo"Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]InProcServer32\(Default) = "D:\PROGRA~1\NEOSTR~1\audience\audience.dll" [empty string]HKLM\SOFTWARE\Classes\CLSID\{3BAF4A27-C764-4E1A-A6F4-62F7A7E5E51C}\(Default) = "ToolBand Class"Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]InProcServer32\(Default) = "D:\PROGRA~1\NEOSTR~1\audience\audience.dll" [empty string]HKLM\SOFTWARE\Classes\CLSID\{5BF498C0-931E-4A4F-B33F-456D07137EAA}\(Default) = "Volet Wanadoo"Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]InProcServer32\(Default) = "D:\PROGRA~1\NEOSTR~1\audience\audience.dll" [empty string]Extensions (Tools menu items, main toolbar menu buttons)HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\"MenuText" = "Spybot - Search && Destroy Configuration""CLSIDExtension" = "{53707962-6F74-2D53-2644-206D7942484F}"  -> {HKLM...CLSID} = "Spybot-S&D IE Protection"                   \InProcServer32\(Default) = "D:\Program Files\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"]{E2E2DD38-D088-4134-82B7-F2BA38496583}\"MenuText" = "@xpsp3res.dll,-20001""Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]Miscellaneous IE Hijack Points------------------------------HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\<<H>> "{08C06D61-F1F3-4799-86F8-BE1A89362C85}" = (no title provided)  -> {HKLM...CLSID} = "Search Class"                   \InProcServer32\(Default) = "D:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL" [empty string]Running Services (Display Name, Service Name, Path {Service DLL}):------------------------------------------------------------------##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##, Bonjour Service, ""D:\Program Files\Bonjour\mDNSResponder.exe"" ["Apple Computer, Inc."]avast! Antivirus, avast! Antivirus, ""D:\Program Files\Alwil Software\Avast4\ashServ.exe"" ["ALWIL Software"]avast! iAVS4 Control Service, aswUpdSv, ""D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" ["ALWIL Software"]avast! Mail Scanner, avast! Mail Scanner, ""D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"]avast! Web Scanner, avast! Web Scanner, ""D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]LexBce Server, LexBceS, "D:\WINDOWS\system32\LEXBCES.EXE" ["Lexmark International, Inc."]Messenger Sharing Folders USN Journal Reader service, usnjsvc, ""D:\Program Files\Windows Live\Messenger\usnsvc.exe"" [MS]NVIDIA Display Driver Service, NVSvc, "D:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]SoundMAX Agent Service, SoundMAX Agent Service (default), "D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe" ["Analog Devices, Inc."]Windows User Mode Driver Framework, UMWdf, "D:\WINDOWS\system32\wdfmgr.exe" [MS]Print Monitors:---------------HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\Lexmark Network Port\Driver = "LEXLMPM.DLL" ["Lexmark International, Inc."]---------- (launch time: 2008-06-07 13:21:47)<<!>>: Suspicious data at a malware launch point.<<H>>: Suspicious data at a browser hijack point.+ This report excludes default entries except where indicated.+ To see *everywhere* the script checks and *everything* it finds,  launch it from a command prompt or a shortcut with the -all parameter.+ To search all directories of local fixed drives for DESKTOP.INI  DLL launch points, use the -supp parameter or answer "No" at the  first message box and "Yes" at the second message box.---------- (total run time: 51 seconds, including 2 seconds for message boxes)

0

Do góry

#9 wncvirus

Leń !

851 postów

Napisano 11 06 2008 - 19:31

Włącz menadżer zadań i daj z niego screena.

0

Do góry

#10 swiader

Nowy

4 postów

Napisano 18 06 2008 - 20:36

Ja mam taki sam problem i nie wiem też co mam z tym zrobic. nie znam sie za bardzo na komputerach... To moje logi z hjt...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:35:04, on 2008-06-18
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
d:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
d:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
d:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
d:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
D:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
D:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
D:\Program Files\Registry Clean Expert\RCHelper.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
D:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
D:\Program Files\Firefox\firefox.exe
D:\Program Files\Gadu-Gadu\gg.exe
C:\WINDOWS\system32\mmc.exe
d:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [avast!] d:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "d:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "d:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "D:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "D:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BitComet] "D:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [DAEMON Tools] "d:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [EdHTML] D:\Program Files\Binboy\EdHTMLv5.0\EdHTML.exe /none
O4 - HKCU\..\Run: [Odkurzacz-MCD] d:\Program Files\Odkurzacz\odk_mcd.exe
O4 - HKCU\..\Run: [RegClean Expert Scheduler] "d:\Program Files\Registry Clean Expert\RCHelper.exe" /startup
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://D:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O17 - HKLM\System\CCS\Services\Tcpip\..\{9636C7E4-B9FA-4E6B-98FE-D1319D50EB4A}: NameServer = 194.204.159.1 217.98.63.164
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - d:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - d:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - d:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - d:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - D:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 9167 bytes

0

Do góry

#11 wncvirus

Leń !

851 postów

Napisano 18 06 2008 - 23:21

hmmm no i u ciebie to raczej nie będzie spowodowane wirusem gdyż w logu nic nie widzę podejrzanego.Możesz dać loga z combofixa.A co do tego to kosmetycznie możesz zrobić:

Odpal hjt wybierz opcję do a system scan only.Zrobi Ci się log i zaznacz kwadraty obok poniższych wpisu i daj fix

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://D:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)