- Kod: Zaznacz wszystko
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:28:40, on 2008-11-04
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\VDOTool\TBPanel.exe
D:\WINDOWS\system32\RunDll32.exe
D:\Adrian\Programy\PowerCinema\PCMService.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\WINDOWS\system32\ctfmon.exe
D:\Adrian\Programy\Gadu-Gadu\gg.exe
D:\Adrian\Programy\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
D:\Adrian\Programy\SetPoint\SetPoint.exe
D:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
D:\Adrian\Programy\PowerCinema\Kernel\TV\CLCapSvc.exe
D:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
D:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\PnkBstrA.exe
D:\Adrian\Programy\PowerCinema\Kernel\TV\CLSched.exe
D:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
D:\Adrian\Programy\Xfire\xfire.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Documents and Settings\Adik\Moje dokumenty\firefox.exe
D:\DOCUME~1\Adik\USTAWI~1\Temp\winovlod.exe
D:\DOCUME~1\Adik\USTAWI~1\Temp\winuaro.exe
D:\DOCUME~1\Adik\USTAWI~1\Temp\qxocuy.exe
D:\Adrian\Programy\Ad-Aware\aawservice.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\OpenOffice.org 3\program\swriter.exe
D:\Program Files\OpenOffice.org 3\program\soffice.exe
D:\Program Files\OpenOffice.org 3\program\soffice.bin
D:\Documents and Settings\Adik\Pulpit\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: YouTube To ALLPlayer - {61DB16C5-B733-43F4-872E-B20DC9E72740} - D:\Adrian\Programy\ALLPlayer\YouTubeToALLPlayer.dll
O4 - HKLM\..\Run: [Gainward] D:\Program Files\VDOTool\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [CM108Sound] RunDll32 CM108.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [PCMService] "D:\Adrian\Programy\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "D:\Adrian\Programy\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Steam] "C:\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.0.lnk = D:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: Rejestracja produktu Logitech.lnk = D:\Program Files\Common Files\LogiShared\eReg\SetPoint\eReg.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = D:\Adrian\Programy\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = D:\Adrian\Programy\SetPoint\SetPoint.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - D:\Adrian\Programy\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Adrian\Programy\Ad-Aware\aawservice.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - D:\Adrian\Programy\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - D:\Adrian\Programy\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - D:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - D:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - D:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
--
End of file - 5062 bytes
Z góry dziękuje za pomoc.
Oto logi z ComboFix'a . Do tego dorzucam prośbę, mógłbyś trochę jaśniej wytłumaczyć co trzeba z tym zrobić gdyż jestem w tych sprawach totalnie zielony i pisanie takie jak ty na dole nie wiele mi mówi
. Sorka ale no cóż .
- Kod: Zaznacz wszystko
ComboFix 08-11-03.06 - Adik 2008-11-04 16:44:40.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.652 [GMT 1:00]
Uruchomiony z: d:\documents and settings\Adik\Pulpit\ComboFix.exe
* Utworzono nowy punkt przywracania
.
((((((((((((((((((((((((( Pliki utworzone od 2008-10-04 do 2008-11-04 )))))))))))))))))))))))))))))))
.
2008-11-04 16:04 . 2008-11-04 16:04 <DIR> d-------- d:\documents and settings\Adik\Dane aplikacji\OpenOffice.org
2008-11-04 16:03 . 2008-11-04 16:03 <DIR> d-------- d:\program files\OpenOffice.org 3
2008-11-04 16:01 . 2008-11-04 16:01 <DIR> d-------- d:\program files\SkanerOnline
2008-11-04 15:45 . 2008-11-04 15:45 <DIR> d--h----- d:\windows\system32\GroupPolicy
2008-11-04 14:40 . 2008-11-04 14:41 <DIR> d-------- d:\documents and settings\All Users\Dane aplikacji\Lavasoft
2008-11-03 19:52 . 2008-11-03 19:52 688,128 --a------ d:\windows\system32\mmamr.ax
2008-11-03 19:52 . 2008-11-03 19:52 487,936 --a------ d:\windows\system32\madFlac.ax
2008-11-03 19:52 . 2008-11-03 19:52 258,048 --a------ d:\windows\system32\libFLAC.dll
2008-11-03 19:51 . 2008-11-03 19:51 2,490,368 --a------ d:\windows\system32\ffdshow.ax
2008-11-03 19:51 . 2008-11-03 19:51 892,928 --a------ d:\windows\system32\iconv.dll
2008-11-03 19:51 . 2008-11-03 19:51 675,840 --a------ d:\windows\system32\ac3filter.ax
2008-11-03 19:51 . 2008-11-03 19:51 516,096 --a------ d:\windows\system32\MP4Splitter.ax
2008-11-03 19:51 . 2008-11-03 19:51 348,160 --a------ d:\windows\system32\CoreVorbis.ax
2008-11-03 19:51 . 2008-11-03 19:51 319,488 --a------ d:\windows\system32\CoreAAC.ax
2008-11-03 19:51 . 2008-11-03 19:51 301,568 --a------ d:\windows\system32\l3codecp.acm
2008-11-03 19:49 . 2008-11-03 19:49 <DIR> d-------- d:\program files\Real Alternative
2008-11-03 19:49 . 2008-11-03 19:49 1,415,680 --a------ d:\windows\system32\WMV9VCM.dll
2008-11-03 19:44 . 2008-11-03 19:44 <DIR> d-------- d:\program files\NAPI-PROJEKT
2008-11-03 19:42 . 2008-11-03 19:42 <DIR> d-------- d:\documents and settings\Adik\Dane aplikacji\Media Player Classic
2008-11-03 18:46 . 2008-09-16 01:14 3,596,288 --a------ d:\windows\system32\qt-dx331.dll
2008-11-03 18:46 . 2008-11-03 19:51 860,160 --a------ d:\windows\system32\lameACM.acm
2008-11-03 18:46 . 2008-01-10 13:15 755,027 --a------ d:\windows\system32\xvidcore.dll
2008-11-03 18:46 . 2008-09-16 01:11 683,520 --a------ d:\windows\system32\divx.dll
2008-11-03 18:46 . 2004-01-25 17:18 217,088 --a------ d:\windows\system32\yv12vfw.dll
2008-11-03 18:46 . 2007-09-04 17:56 164,352 --a------ d:\windows\system32\unrar.dll
2008-11-03 18:46 . 2008-01-10 13:16 159,839 --a------ d:\windows\system32\xvidvfw.dll
2008-11-03 18:46 . 2008-11-03 19:51 118,784 --a------ d:\windows\system32\ac3acm.acm
2008-11-03 18:46 . 2008-09-16 01:12 81,920 --a------ d:\windows\system32\dpl100.dll
2008-11-03 18:46 . 2008-06-12 19:36 7,680 --a------ d:\windows\system32\ff_vfw.dll
2008-11-03 18:46 . 2007-07-10 17:10 547 --a------ d:\windows\system32\ff_vfw.dll.manifest
2008-11-03 18:46 . 2008-10-03 13:30 414 --a------ d:\windows\system32\lame_acm.xml
2008-11-03 18:46 . 2008-07-30 20:09 38 --a------ d:\windows\avisplitter.ini
2008-11-03 18:45 . 2008-11-03 18:46 <DIR> d-------- d:\program files\K-Lite Codec Pack
2008-11-03 15:33 . 2008-11-03 15:33 674,600 --a------ d:\windows\system32\pbsvc.exe
2008-11-03 15:17 . 2008-11-03 15:17 <DIR> d-------- d:\windows\Logs
2008-11-02 20:00 . 2008-11-02 20:00 <DIR> d-------- d:\windows\system32\AGEIA
2008-11-02 20:00 . 2008-11-02 20:02 <DIR> d-------- d:\windows\NV1774817752.TMP
2008-11-02 20:00 . 2008-11-04 14:40 <DIR> d-------- d:\program files\Common Files\Wise Installation Wizard
2008-11-02 20:00 . 2008-11-02 20:00 <DIR> d-------- d:\program files\AGEIA Technologies
2008-11-02 20:00 . 2008-10-07 13:33 201,157 --a------ d:\windows\system32\nvapps.nvb
2008-11-01 17:03 . 2008-11-01 17:04 <DIR> d-------- d:\documents and settings\Adik\Dane aplikacji\Hamachi
2008-11-01 17:03 . 2008-11-01 17:03 15,440 --a------ d:\windows\system32\drivers\hamachi.sys
2008-11-01 14:29 . 2008-11-01 14:29 <DIR> d-------- d:\documents and settings\Adik\Dane aplikacji\PCToolsSpamMonitorPlus
2008-11-01 14:29 . 2008-11-01 14:29 <DIR> d-------- d:\documents and settings\Adik\Dane aplikacji\PCToolsFirewallPlus
2008-11-01 14:28 . 2008-11-01 14:28 <DIR> d-------- d:\documents and settings\LocalService\Dane aplikacji\X10 Commander
2008-11-01 14:27 . 2008-11-01 14:58 <DIR> d-a------ d:\documents and settings\All Users\Dane aplikacji\TEMP
2008-11-01 14:26 . 2008-11-01 14:58 <DIR> d-------- d:\documents and settings\All Users\Dane aplikacji\PC Tools
2008-10-31 18:16 . 2008-10-31 18:17 <DIR> d-------- d:\documents and settings\Adik\Dane aplikacji\mIRC
2008-10-31 13:54 . 2008-10-31 13:54 <DIR> d-------- d:\documents and settings\Adik\Dane aplikacji\Ventrilo
2008-10-31 11:36 . 2008-10-31 11:36 <DIR> d-------- d:\documents and settings\Adik\Dane aplikacji\CyberLink
2008-10-31 11:35 . 2008-10-31 11:35 <DIR> d-------- d:\program files\X10 Hardware
2008-10-31 11:35 . 2008-10-31 11:35 <DIR> d-------- d:\program files\CyberLink
2008-10-31 11:35 . 2008-10-31 11:35 <DIR> d-------- d:\program files\Common Files\X10
2008-10-31 11:35 . 2008-11-02 09:55 <DIR> d-------- d:\documents and settings\All Users\Dane aplikacji\CyberLink
2008-10-31 11:35 . 2005-04-20 14:06 1,645,320 --a------ d:\windows\system32\gdiplus.dll
2008-10-31 11:35 . 2005-04-20 14:06 1,233,920 --a------ d:\windows\system32\msxml4.dll
2008-10-31 11:35 . 2003-02-21 04:42 348,160 --a------ d:\windows\system32\msvcr71.dll
2008-10-31 11:35 . 2002-01-05 03:37 344,064 --a------ d:\windows\system32\msvcr70.dll
2008-10-31 11:35 . 2005-04-20 14:06 198,144 --a------ d:\windows\system32\_psisdecd.dll
2008-10-31 11:35 . 1999-06-25 09:56 127,184 --a------ d:\windows\Unwise.exe
2008-10-31 11:35 . 2005-04-20 14:06 82,432 --a------ d:\windows\system32\msxml4r.dll
2008-10-31 11:35 . 2005-04-20 14:06 44,544 --a------ d:\windows\system32\msxml4a.dll
2008-10-31 11:34 . 2008-01-08 07:17 1,302,368 -ra------ d:\windows\system32\drivers\3xHybrid.sys
2008-10-31 11:34 . 2008-01-08 07:17 105,056 -ra------ d:\windows\system32\NXPMV32.dll
2008-10-31 11:34 . 2004-08-04 00:44 54,784 --a------ d:\windows\system32\vfwwdm32.dll
2008-10-31 11:34 . 2004-08-04 00:44 54,784 --a--c--- d:\windows\system32\dllcache\vfwwdm32.dll
2008-10-31 11:34 . 2008-01-08 07:17 9,824 -ra------ d:\windows\system32\34CoInstaller.dll
2008-10-31 11:06 . 2004-08-03 23:08 26,496 --a--c--- d:\windows\system32\dllcache\usbstor.sys
2008-10-31 11:05 . 2008-10-31 11:05 <DIR> d-------- d:\documents and settings\LocalService\Dane aplikacji\Xfire
2008-10-31 10:59 . 2008-11-04 16:35 182,640 --a------ d:\windows\system32\PnkBstrB.exe
2008-10-31 10:59 . 2008-11-04 16:35 139,344 --a------ d:\windows\system32\drivers\PnkBstrK.sys
2008-10-31 10:59 . 2008-11-03 15:33 22,328 --a------ d:\documents and settings\Adik\Dane aplikacji\PnkBstrK.sys
2008-10-31 10:58 . 2008-10-31 10:58 <DIR> d-------- d:\windows\system32\LogFiles
2008-10-31 10:58 . 2008-11-03 15:36 66,872 --a------ d:\windows\system32\PnkBstrA.exe
2008-10-31 10:58 . 2008-10-31 10:58 277 --a------ d:\windows\game.ini
2008-10-31 10:36 . 2008-10-31 10:36 <DIR> d--hs---- d:\windows\ftpcache
2008-10-31 09:51 . 2008-10-31 09:51 <DIR> d-------- d:\documents and settings\Adik\Dane aplikacji\Logitech
2008-10-31 09:51 . 2008-10-31 09:51 127,034 -r------- d:\windows\bwUnin-8.1.1.50-8876480SL.exe
2008-10-31 09:48 . 2008-10-31 09:48 <DIR> d-------- d:\documents and settings\NetworkService\Dane aplikacji\Xfire
2008-10-31 09:47 . 2008-10-31 09:47 <DIR> d-------- d:\documents and settings\LocalService\Menu Start
2008-10-31 09:35 . 2008-10-31 09:35 <DIR> d-------- d:\windows\ServicePackFiles
2008-10-31 09:33 . 2004-07-17 11:40 19,528 --a------ d:\windows\[u]0[/u]02316_.tmp
2008-10-31 09:32 . 2008-10-31 09:36 <DIR> d-------- d:\windows\EHome
2008-10-31 09:24 . 2008-10-31 09:24 <DIR> d-------- d:\program files\Common Files\LogiShared
2008-10-31 09:24 . 2008-10-31 09:24 <DIR> d-------- d:\documents and settings\Adik\Dane aplikacji\Leadertech
2008-10-31 09:23 . 2004-08-04 00:44 192,000 --a------ d:\windows\system32\iuengine.dll
2008-10-31 09:23 . 2004-08-04 00:36 53,504 --a------ d:\windows\system32\drivers\i8042prt.sys
2008-10-31 09:23 . 2004-08-04 00:36 53,504 --a--c--- d:\windows\system32\dllcache\i8042prt.sys
2008-10-31 09:23 . 2004-08-04 00:38 24,960 --a------ d:\windows\system32\drivers\kbdclass.sys
2008-10-31 09:23 . 2004-08-04 00:38 24,960 --a--c--- d:\windows\system32\dllcache\kbdclass.sys
2008-10-31 09:23 . 2008-10-31 09:23 0 --ah----- d:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-10-31 09:23 . 2008-10-31 09:23 0 --ah----- d:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-10-31 09:21 . 2008-11-03 15:00 <DIR> d--h----- d:\program files\InstallShield Installation Information
2008-10-31 09:21 . 2008-10-31 09:49 <DIR> d-------- d:\program files\Common Files\Logitech
2008-10-31 09:21 . 2008-10-31 09:21 <DIR> d-------- d:\documents and settings\All Users\Dane aplikacji\Logitech
2008-10-31 09:21 . 2008-10-31 09:21 <DIR> d-------- d:\documents and settings\All Users\Dane aplikacji\LogiShrd
2008-10-31 09:21 . 2008-10-31 09:21 <DIR> d-------- d:\documents and settings\Adik\Dane aplikacji\InstallShield
2008-10-31 09:21 . 2007-04-23 04:00 163,840 --a------ d:\windows\system32\kemutb.dll
2008-10-31 09:21 . 2007-04-23 04:00 135,168 --a------ d:\windows\system32\KemUtil.dll
2008-10-31 09:21 . 2007-04-23 04:00 110,592 --a------ d:\windows\system32\KemWnd.dll
2008-10-31 09:21 . 2007-04-23 04:00 69,632 --a------ d:\windows\system32\KemXML.dll
2008-10-31 08:59 . 2008-10-31 09:00 <DIR> d-------- d:\documents and settings\Adik\Gadu-Gadu
2008-10-31 08:57 . 2008-11-04 11:55 <DIR> d-------- d:\documents and settings\Adik\Dane aplikacji\Xfire
2008-10-31 08:54 . 2008-10-31 08:54 0 --a------ d:\windows\nsreg.dat
2008-10-31 08:49 . 2008-10-31 11:08 <DIR> d-------- D:\Adrian
2008-10-31 08:44 . 2008-11-02 20:02 <DIR> d-------- d:\windows\nview
2008-10-31 08:44 . 2008-10-07 13:33 453,152 --a------ d:\windows\system32\nvudisp.exe
2008-10-31 08:44 . 2008-11-04 16:39 192,107 --a------ d:\windows\system32\nvapps.xml
2008-10-31 08:44 . 2008-10-07 13:33 18,477 --a------ d:\windows\system32\nvdisp.nvu
2008-10-31 08:44 . 2007-07-23 03:34 17,254 --a------ d:\windows\system32\nvwsapps.xml
2008-10-31 08:43 . 2008-10-31 11:34 <DIR> d-------- d:\program files\Common Files\InstallShield
2008-10-31 08:43 . 2008-10-02 10:07 453,152 --a------ d:\windows\system32\NVUNINST.EXE
2008-10-31 08:43 . 2008-11-04 16:44 558 --a------ d:\windows\DFC.INI
2008-10-31 08:40 . 2008-10-31 08:46 <DIR> d-------- d:\program files\VDOTool
2008-10-31 08:40 . 2007-03-16 10:11 12,256 --a------ d:\windows\system32\drivers\TBPanel.sys
2008-10-31 08:39 . 2004-08-03 23:07 171,776 --a------ d:\windows\system32\drivers\kmixer.sys
2008-10-31 08:39 . 2004-08-03 22:39 142,464 --a------ d:\windows\system32\drivers\aec.sys
2008-10-31 08:39 . 2004-08-03 23:15 82,944 --a------ d:\windows\system32\drivers\wdmaud.sys
2008-10-31 08:39 . 2004-08-03 23:15 60,800 --a------ d:\windows\system32\drivers\sysaudio.sys
2008-10-31 08:39 . 2001-08-17 22:00 54,272 --a------ d:\windows\system32\drivers\swmidi.sys
2008-10-31 08:39 . 2001-08-17 22:00 54,272 --a--c--- d:\windows\system32\dllcache\swmidi.sys
2008-10-31 08:39 . 2004-08-03 23:07 52,864 --a------ d:\windows\system32\drivers\dmusic.sys
2008-10-31 08:39 . 2004-08-03 23:07 6,400 --a------ d:\windows\system32\drivers\splitter.sys
2008-10-31 08:39 . 2004-08-03 23:07 2,944 --a------ d:\windows\system32\drivers\drmkaud.sys
2008-10-31 08:38 . 2004-08-03 23:15 145,792 --a------ d:\windows\system32\drivers\portcls.sys
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-03 18:49 921,600 ----a-w d:\windows\system32\vorbisenc.dll
2008-11-03 18:49 9,216 ----a-w d:\windows\system32\cpuinf32.dll
2008-11-03 18:49 524,288 ----a-w d:\windows\system32\DivXsm.exe
2008-11-03 18:49 45,056 ----a-w d:\windows\system32\ogg.dll
2008-11-03 18:49 245,760 ----a-w d:\windows\system32\mplvpx.dll
2008-11-03 18:49 237,568 ----a-w d:\windows\system32\OggDS.dll
2008-11-03 18:49 188,416 ----a-w d:\windows\system32\vorbis.dll
2008-10-30 21:46 --------- d-----w d:\program files\microsoft frontpage
2008-10-30 21:45 558,142 ----a-w d:\windows\java\Packages\E1JTBHJT.ZIP
2008-10-30 21:45 155,995 ----a-w d:\windows\java\Packages\YWIIXFT3.ZIP
2008-10-30 21:43 --------- d-----w d:\program files\Usługi online
2008-10-09 00:48 42,320 ----a-w d:\windows\system32\xfcodec.dll
2008-09-04 08:31 288,024 ----a-w d:\windows\system32\PhysXCplUI.exe
2008-08-29 07:57 70,936 ----a-w d:\windows\system32\PhysXLoader.dll
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{61DB16C5-B733-43F4-872E-B20DC9E72740}]
2008-10-10 23:57 444416 --a------ d:\adrian\Programy\ALLPlayer\YouTubeToALLPlayer.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Gadu-Gadu"="d:\adrian\Programy\Gadu-Gadu\gg.exe" [2008-03-20 2127296]
"Steam"="c:\steam\Steam.exe" [2008-11-03 1488120]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gainward"="d:\program files\VDOTool\TBPanel.exe" [2007-06-26 2165272]
"NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"PCMService"="d:\adrian\Programy\PowerCinema\PCMService.exe" [2005-04-20 127118]
"NvMediaCenter"="d:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"nwiz"="nwiz.exe" [2008-10-07 d:\windows\system32\nwiz.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 d:\windows\KHALMNPR.Exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\System32\CTFMON.EXE" [2004-08-04 15360]
d:\documents and settings\Adik\Menu Start\Programy\Autostart\
OpenOffice.org 3.0.lnk - d:\program files\OpenOffice.org 3\program\quickstart.exe [2008-09-12 453632]
d:\documents and settings\All Users\Menu Start\Programy\Autostart\
Logitech Desktop Messenger.lnk - d:\adrian\Programy\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-10-31 67128]
Logitech SetPoint.lnk - d:\adrian\Programy\SetPoint\SetPoint.exe [2008-10-31 692224]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UacDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Adrian\\Programy\\Xfire\\xfire.exe"=
"d:\\Adrian\\Programy\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"d:\\WINDOWS\\system32\\PnkBstrA.exe"=
"d:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Adrian\\Programy\\PowerCinema\\PowerCinema.exe"=
"c:\\Call of Duty 4\\iw3mp.exe"=
"d:\\Adrian\\Programy\\mIRC\\mirc.exe"=
"c:\\BROOD\\Brood.exe"=
"d:\\Adrian\\Programy\\PowerCinema\\PCMService.exe"=
"d:\\WINDOWS\\KHALMNPR.EXE"=
"d:\\WINDOWS\\system32\\userinit.exe"=
"d:\\Program Files\\VDOTool\\TBPanel.exe"=
"d:\\WINDOWS\\system32\\nwiz.exe"=
"d:\\WINDOWS\\system32\\ctfmon.exe"=
"d:\\WINDOWS\\system32\\wuauclt.exe"=
"c:\\COD BETA WAW\\CoDWaWbeta.exe"=
R3 3xHybrid;Philips SAA713x PCI Card;d:\windows\system32\DRIVERS\3xHybrid.sys [2008-01-08 1302368]
R3 abp470n5;abp470n5;d:\windows\system32\drivers\qeimnn.sys [ ]
R3 CM1083264;C-Media CM108 Like Sound UDAX Interface;d:\windows\system32\drivers\CM108.sys [2006-12-21 1294336]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{48ce368f-a9cf-11dd-a124-4c0010541f67}]
\SHeLL\AuTOpLay\coMmAnd - G:\bkggxw.exe
\SHeLL\AutoRun\command - G:\bkggxw.exe
\SHeLL\exPLore\CoMManD - G:\bkggxw.exe
\SHeLL\oPeN\COmManD - G:\bkggxw.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d675657f-a728-11dd-a119-4c0010541f67}]
\sHElL\AUtoPlAy\command - G:\mfqeu.pif
\sHElL\AutoRun\command - G:\mfqeu.pif
\sHElL\exPlore\commANd - G:\mfqeu.pif
\sHElL\oPEn\CommAnD - G:\mfqeu.pif
*Newly Created Service* - PROCEXP90
.
- - - - USUNIĘTO PUSTE WPISY - - - -
HKLM-Run-CM108Sound - CM108.cpl
.
------- Skan uzupełniający -------
.
FireFox -: Profile - d:\documents and settings\Adik\Dane aplikacji\Mozilla\Firefox\Profiles\s0gls42l.default\
FF -: plugin - d:\documents and settings\Adik\Moje dokumenty\plugins\npnul32.dll
FF -: plugin - d:\documents and settings\Adik\Moje dokumenty\plugins\nppl3260.dll
FF -: plugin - d:\documents and settings\Adik\Moje dokumenty\plugins\nprpjplug.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-04 16:48:36
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
Czas ukończenia: 2008-11-04 16:49:25
ComboFix-quarantined-files.txt 2008-11-04 15:49:23
Przed: 43 372 093 440 bajtów wolnych
Po: 45,236,158,464 bajtów wolnych
WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
262
. Kiedy wciskam opcje Tryb Awaryjny pojawia się migający kursor po czym komputer resetuje się. Martwią mnie również jakieś 3 piknięcia po odpaleniu komputera, wcześniej się to nie zdarzało. ;/
