• Ogłoszenie:

nie dzialaja google, niektore strony sie nie otwieraja

Bezpieczeństwo systemów, usuwanie wirusów, dobieranie programów antywirusowych. Obowiązkowe logi w tym dziale: dwa z OTL + Gmer.

nie dzialaja google, niektore strony sie nie otwieraja

Postprzez gus 23 Lip 2008, 08:57

reklama
Nie dosc, ze komputer wolno sie laduje to jeszcze ostatnio przestalo dzialac google, niektore strony sie nie wczytuja itp.

Ponizej wklejam log z combofixa:

ComboFix 08-07-21.2 - krzysiek 2008-07-23 8:35:00.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.540 [GMT 2:00]
Running from: C:\Documents and Settings\krzysiek.PRIVATE-28C405B\Pulpit\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\acjbivrf.dll
C:\WINDOWS\system32\afcgfoyx.dll
C:\WINDOWS\system32\frvibjca.ini
C:\WINDOWS\system32\nnoUDJjl.ini
C:\WINDOWS\system32\nnoUDJjl.ini2
C:\WINDOWS\system32\qoMfcddd.dll
C:\WINDOWS\system32\tptkwkur.dll
C:\WINDOWS\system32\tuvVPHAQ.dll

.
((((((((((((((((((((((((( Files Created from 2008-06-23 to 2008-07-23 )))))))))))))))))))))))))))))))
.

2008-07-23 08:38 . 2008-07-23 08:38 <DIR> d-------- C:\WINDOWS\system32\xircom
2008-07-23 08:38 . 2008-07-23 08:38 <DIR> d-------- C:\WINDOWS\srchasst
2008-07-23 08:38 . 2008-07-23 08:38 <DIR> d-------- C:\Program Files\microsoft frontpage
2008-07-22 22:32 . 2008-07-22 22:32 <DIR> d--h----- C:\ErdUndoCache
2008-07-22 21:57 . 2008-07-22 21:57 <DIR> d-------- C:\Documents and Settings\krzysiek.PRIVATE-28C405B\Dane aplikacji\DivX
2008-07-22 21:16 . 2008-07-22 21:16 <DIR> d-------- C:\Documents and Settings\krzysiek.PRIVATE-28C405B\Dane aplikacji\HP
2008-07-22 20:36 . 2008-07-22 20:36 <DIR> d--hs---- C:\Documents and Settings\NetworkService.ZARZ¤DZANIE NT
2008-07-22 20:36 . <DIR> C:\Documents and Settings\NetworkService.ZARZąDZANIE NT\Ustawienia lokalne
2008-07-22 20:36 . <DIR> C:\Documents and Settings\NetworkService.ZARZąDZANIE NT\Ustawienia lokalne
2008-07-22 20:36 . <DIR> C:\Documents and Settings\NetworkService.ZARZąDZANIE NT\Ulubione
2008-07-22 20:36 . <DIR> C:\Documents and Settings\NetworkService.ZARZąDZANIE NT\Ulubione
2008-07-22 20:36 . <DIR> C:\Documents and Settings\NetworkService.ZARZąDZANIE NT\Szablony
2008-07-22 20:36 . <DIR> C:\Documents and Settings\NetworkService.ZARZąDZANIE NT\Szablony
2008-07-22 20:36 . <DIR> C:\Documents and Settings\NetworkService.ZARZąDZANIE NT\SendTo
2008-07-22 20:36 . <DIR> C:\Documents and Settings\NetworkService.ZARZąDZANIE NT\SendTo
2008-07-22 20:36 . <DIR> C:\Documents and Settings\NetworkService.ZARZąDZANIE NT\Recent
2008-07-22 20:36 . <DIR> C:\Documents and Settings\NetworkService.ZARZąDZANIE NT\Recent
2008-07-22 20:36 . <DIR> C:\Documents and Settings\NetworkService.ZARZąDZANIE NT\Pulpit
2008-07-22 20:36 . <DIR> C:\Documents and Settings\NetworkService.ZARZąDZANIE NT\Pulpit
2008-07-22 20:36 . <DIR> C:\Documents and Settings\NetworkService.ZARZąDZANIE NT\PrintHood
2008-07-22 20:36 . <DIR> C:\Documents and Settings\NetworkService.ZARZąDZANIE NT\PrintHood
2008-07-22 20:36 . <DIR> C:\Documents and Settings\NetworkService.ZARZąDZANIE NT\NetHood
2008-07-22 20:36 . <DIR> C:\Documents and Settings\NetworkService.ZARZąDZANIE NT\NetHood
2008-07-22 20:36 . <DIR> C:\Documents and Settings\NetworkService.ZARZąDZANIE NT\Moje dokumenty
2008-07-22 20:36 . <DIR> C:\Documents and Settings\NetworkService.ZARZąDZANIE NT\Moje dokumenty
2008-07-22 20:36 . <DIR> C:\Documents and Settings\NetworkService.ZARZąDZANIE NT\Menu Start
2008-07-22 20:36 . <DIR> C:\Documents and Settings\NetworkService.ZARZąDZANIE NT\Menu Start
2008-07-22 20:36 . <DIR> C:\Documents and Settings\NetworkService.ZARZąDZANIE NT\Dane aplikacji
2008-07-22 20:36 . <DIR> C:\Documents and Settings\NetworkService.ZARZąDZANIE NT\Dane aplikacji
2008-07-22 20:36 . <DIR> C:\Documents and Settings\NetworkService.ZARZąDZANIE NT\Cookies
2008-07-22 20:36 . <DIR> C:\Documents and Settings\NetworkService.ZARZąDZANIE NT\Cookies
2008-07-22 20:36 . 2008-07-22 20:36 <DIR> d--hs---- C:\Documents and Settings\LocalService.ZARZ¤DZANIE NT
2008-07-22 20:36 . <DIR> C:\Documents and Settings\LocalService.ZARZąDZANIE NT\Ustawienia lokalne
2008-07-22 20:36 . <DIR> C:\Documents and Settings\LocalService.ZARZąDZANIE NT\Ustawienia lokalne
2008-07-22 20:36 . <DIR> C:\Documents and Settings\LocalService.ZARZąDZANIE NT\Ulubione
2008-07-22 20:36 . <DIR> C:\Documents and Settings\LocalService.ZARZąDZANIE NT\Ulubione
2008-07-22 20:36 . <DIR> C:\Documents and Settings\LocalService.ZARZąDZANIE NT\Szablony
2008-07-22 20:36 . <DIR> C:\Documents and Settings\LocalService.ZARZąDZANIE NT\Szablony
2008-07-22 20:36 . <DIR> C:\Documents and Settings\LocalService.ZARZąDZANIE NT\SendTo
2008-07-22 20:36 . <DIR> C:\Documents and Settings\LocalService.ZARZąDZANIE NT\SendTo
2008-07-22 20:36 . <DIR> C:\Documents and Settings\LocalService.ZARZąDZANIE NT\Recent
2008-07-22 20:36 . <DIR> C:\Documents and Settings\LocalService.ZARZąDZANIE NT\Recent
2008-07-22 20:36 . <DIR> C:\Documents and Settings\LocalService.ZARZąDZANIE NT\Pulpit
2008-07-22 20:36 . <DIR> C:\Documents and Settings\LocalService.ZARZąDZANIE NT\Pulpit
2008-07-22 20:36 . <DIR> C:\Documents and Settings\LocalService.ZARZąDZANIE NT\PrintHood
2008-07-22 20:36 . <DIR> C:\Documents and Settings\LocalService.ZARZąDZANIE NT\PrintHood
2008-07-22 20:36 . <DIR> C:\Documents and Settings\LocalService.ZARZąDZANIE NT\NetHood
2008-07-22 20:36 . <DIR> C:\Documents and Settings\LocalService.ZARZąDZANIE NT\NetHood
2008-07-22 20:36 . <DIR> C:\Documents and Settings\LocalService.ZARZąDZANIE NT\Moje dokumenty
2008-07-22 20:36 . <DIR> C:\Documents and Settings\LocalService.ZARZąDZANIE NT\Moje dokumenty
2008-07-22 20:36 . <DIR> C:\Documents and Settings\LocalService.ZARZąDZANIE NT\Menu Start
2008-07-22 20:36 . <DIR> C:\Documents and Settings\LocalService.ZARZąDZANIE NT\Menu Start
2008-07-22 20:36 . <DIR> C:\Documents and Settings\LocalService.ZARZąDZANIE NT\Dane aplikacji\Microsoft
2008-07-22 20:36 . <DIR> C:\Documents and Settings\LocalService.ZARZąDZANIE NT\Dane aplikacji
2008-07-22 20:36 . <DIR> C:\Documents and Settings\LocalService.ZARZąDZANIE NT\Dane aplikacji
2008-07-22 20:36 . <DIR> C:\Documents and Settings\LocalService.ZARZąDZANIE NT\Cookies
2008-07-22 20:36 . <DIR> C:\Documents and Settings\LocalService.ZARZąDZANIE NT\Cookies
2008-07-22 20:36 . 2002-01-02 03:34 <DIR> d--h----- C:\Documents and Settings\krzysiek.PRIVATE-28C405B\Ustawienia lokalne
2008-07-22 20:36 . 2008-07-22 20:37 <DIR> dr------- C:\Documents and Settings\krzysiek.PRIVATE-28C405B\Ulubione
2008-07-22 20:36 . 2008-07-22 20:36 <DIR> d--h----- C:\Documents and Settings\krzysiek.PRIVATE-28C405B\Szablony
2008-07-22 20:36 . 2008-07-23 08:30 <DIR> d-------- C:\Documents and Settings\krzysiek.PRIVATE-28C405B\Pulpit
2008-07-22 20:36 . 2008-07-22 22:57 <DIR> dr------- C:\Documents and Settings\krzysiek.PRIVATE-28C405B\Moje dokumenty
2008-07-22 20:36 . 2002-01-02 03:34 <DIR> d-------- C:\Documents and Settings\krzysiek.PRIVATE-28C405B\Menu Start
2008-07-22 20:36 . 2008-07-22 22:01 <DIR> d--h----- C:\Documents and Settings\krzysiek.PRIVATE-28C405B\Dane aplikacji
2008-07-22 20:36 . 2008-07-23 02:05 <DIR> d-------- C:\Documents and Settings\krzysiek.PRIVATE-28C405B
2008-07-22 20:36 . 262,144 C:\Documents and Settings\NetworkService.ZARZąDZANIE NT\ntuser.dat
2008-07-22 20:36 . 262,144 C:\Documents and Settings\NetworkService.ZARZąDZANIE NT\ntuser.dat
2008-07-22 20:36 . 262,144 C:\Documents and Settings\LocalService.ZARZąDZANIE NT\ntuser.dat
2008-07-22 20:36 . 262,144 C:\Documents and Settings\LocalService.ZARZąDZANIE NT\ntuser.dat
2008-07-22 18:13 . 2008-07-22 18:13 <DIR> d-------- C:\Program Files\Foteria
2008-07-22 17:55 . 2008-03-06 21:32 23,904 --a------ C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-07-22 17:55 . 2008-03-06 21:32 10,537 --a------ C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-07-22 17:55 . 2008-03-06 21:32 706 --a------ C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-07-22 16:34 . 2008-07-22 16:34 <DIR> d-------- C:\Program Files\Lavasoft
2008-07-22 16:33 . 2008-07-22 16:33 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-22 16:31 . 2008-07-22 16:33 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft
2008-07-22 11:40 . 2008-07-22 11:42 10,671 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-07-22 11:40 . 2008-07-22 11:42 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-07-22 10:40 . 2008-07-22 22:32 <DIR> d-------- C:\Program Files\Norton Internet Security
2008-07-22 10:38 . 2008-07-22 11:42 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-07-22 10:38 . 2008-07-22 11:42 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-07-22 00:10 . 2008-07-22 12:54 43,701 ---hs---- C:\WINDOWS\system32\yqxnwpli.ini
2008-07-22 00:08 . 2008-07-23 08:33 110,482 --a------ C:\WINDOWS\BM6b6f3bed.xml
2008-07-22 00:06 . 2008-07-22 00:06 245,760 --a------ C:\WINDOWS\system32\ljJDUonn.dll
2008-07-21 23:27 . 2008-07-22 14:56 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-07-21 23:27 . 2008-07-21 23:29 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-07-21 23:27 . 2008-07-21 23:35 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-07-21 23:22 . 2008-07-21 23:22 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-07-21 23:06 . 2008-07-22 06:06 <DIR> d-------- C:\[PC] The Witcher [ENG-OnLY] [dopeman]
2008-07-21 16:34 . 2008-07-21 23:00 <DIR> d-------- C:\Need.For.Speed.Pro.Street-RELOADED
2008-07-20 19:59 . 2008-07-20 19:59 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\PlayFirst
2008-07-20 19:55 . 2008-07-20 19:55 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-07-19 23:59 . 2008-07-19 23:59 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-07-19 15:40 . 2008-07-19 15:40 <DIR> d--h----- C:\WINDOWS\PIF
2008-07-19 15:40 . 2008-07-22 10:50 16 --a------ C:\WINDOWS\system32\coh.cache
2008-07-18 00:02 . 2008-07-02 18:52 107,370 --------- C:\WINDOWS\hpqins13.dat.temp
2008-07-13 22:16 . 2008-07-13 22:16 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-07-13 22:03 . 2008-07-13 22:03 <DIR> d-------- C:\Program Files\Skype
2008-07-13 22:03 . 2008-07-13 22:14 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-07-11 17:31 . 2008-07-11 17:31 <DIR> d-------- C:\Program Files\IrfanView
2008-07-09 08:29 . 2007-10-09 01:57 100,352 --------- C:\WINDOWS\system32\dllcache\6to4svc.dll
2008-07-04 08:15 . 2008-07-04 08:15 221 --a------ C:\WINDOWS\NCLogConfig.ini
2008-07-02 18:50 . 2008-07-18 00:02 107,013 --a------ C:\WINDOWS\hpqins13.dat
2008-06-30 12:23 . 2006-10-04 16:06 1,197,294 --------- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-06-30 12:23 . 2006-10-04 16:06 764,868 --------- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-06-30 12:23 . 2004-08-04 04:44 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-06-30 12:23 . 2006-10-04 16:06 217,118 --------- C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-06-30 12:22 . 2006-09-25 17:58 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-06-27 01:19 . 2008-06-27 01:19 <DIR> d-------- C:\Program Files\MarBit

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-23 06:09 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-07-22 15:55 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Symantec
2008-07-22 09:42 --------- d-----w C:\Program Files\Symantec
2008-07-20 21:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-13 20:03 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Skype
2008-07-11 19:35 --------- d-----w C:\Program Files\Gadu-Gadu
2008-06-20 19:08 278,984 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys
2008-06-20 17:37 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:37 246,784 ------w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:37 147,968 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 16:57 25,416 ----a-w C:\WINDOWS\system32\drivers\lirsgt.sys
2008-06-20 16:44 --------- d-----w C:\Program Files\PowerISO
2008-06-20 16:34 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-06-20 16:32 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-06-20 10:44 360,960 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 360,960 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 10:44 138,368 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 09:32 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 09:32 225,920 ------w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-17 19:21 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Go Go Gourmet
2008-06-17 01:00 --------- d-----w C:\Program Files\MSXML 4.0
2008-06-16 13:28 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\HP
2008-06-16 13:26 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2008-06-16 13:26 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Sonic
2008-06-16 13:25 --------- d-----w C:\Program Files\Common Files\HP
2008-06-16 13:21 --------- d-----w C:\Program Files\HP
2008-06-16 13:21 --------- d-----w C:\Program Files\Hewlett-Packard
2008-06-16 13:21 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard
2008-06-15 19:33 32 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
2008-06-14 18:01 273,024 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-14 18:01 273,024 ------w C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-14 15:27 --------- d-----w C:\Program Files\NAPI-PROJEKT
2008-06-12 06:28 56,108 ----a-w C:\WINDOWS\system32\drivers\scdemu.sys
2008-06-11 20:52 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-11 18:00 --------- d-----w C:\Program Files\DivX
2008-06-04 21:47 --------- d-----w C:\Program Files\Ahead
2008-06-04 21:46 --------- d-----w C:\Program Files\Common Files\Ahead
2008-06-03 08:47 --------- d-----w C:\Program Files\Common Files\G DATA
2008-06-03 08:45 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\G DATA
2008-06-01 08:14 --------- d-----w C:\Program Files\BitComet
2008-05-31 19:55 2,560 ----a-w C:\WINDOWS\system32\bitcometres.dll
2008-05-31 18:29 --------- d-----w C:\Program Files\FLV Player
2008-05-31 00:43 --------- d-----w C:\Program Files\Java
2008-05-31 00:41 --------- d-----w C:\Program Files\Common Files\Java
2008-05-31 00:02 46,536 ----a-w C:\WINDOWS\system32\drivers\MiniIcpt.sys
2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-05-30 23:22 815,104 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-05-30 23:22 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-05-30 23:22 683,520 ----a-w C:\WINDOWS\system32\DivX.dll
2008-05-30 23:22 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-05-30 23:22 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-05-30 23:22 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-05-30 23:22 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-05-30 21:37 --------- d-----w C:\Program Files\MSXML 6.0
2008-05-22 22:22 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-05-22 22:22 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-05-22 22:20 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-05-22 22:20 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-05-22 22:19 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-05-22 22:19 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-05-22 22:19 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-05-22 22:18 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-16 09:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-05-08 12:14 203,008 ------w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 05:03 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:03 1,291,776 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2002-01-02 00:47 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
2002-01-02 00:48 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat
2002-01-02 00:48 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\MSHist012002010220020103\index.dat
2002-01-02 00:47 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat
.

------- Sigcheck -------

2007-07-10 15:06 642560 ce594e18fe0d0af804f1f3694921ce62 C:\WINDOWS\system32\user32.dll

2007-10-19 00:19 2145280 6c264e21d3bd7082b43fc016d760c1d1 C:\WINDOWS\system32\ntoskrnl.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{48685A1A-A843-4E3C-9208-C1C990BC1938}]
2008-07-22 00:06 245760 --a------ C:\WINDOWS\system32\ljJDUonn.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:44 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch Ai Booster"="C:\Program Files\ASUS\Ai Booster\OverClk.exe" [2006-06-23 18:26 3706368]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-01 11:22 7618560]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-06-16 10:52 167936]
"hpqSRMon"="C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-03-13 09:34 81920]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-09-03 01:04 84640]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-09-05 19:22 26248]
"RTHDCPL"="RTHDCPL.EXE" [2007-10-17 20:20 16844800 C:\WINDOWS\RTHDCPL.EXE]
"nwiz"="nwiz.exe" [2006-06-01 11:22 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 11:22 86016 C:\WINDOWS\system32\nvmctray.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 04:44 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22 288472]
HP Photosmart Premier - Szybkie uruchomienie.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2006-02-10 07:56:20 73728]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMHelp"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"D:\\gry\\settlers\\base\\bin\\Settlers6.exe"=
"D:\\gry\\settlers\\extra1\\bin\\Settlers6.exe"=
"D:\\Sof\\sof3.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"23042:TCP"= 23042:TCP:BitComet 23042 TCP
"23042:UDP"= 23042:UDP:BitComet 23042 UDP

R2 Harmonogram automatycznej usługi LiveUpdate;Harmonogram automatycznej usługi LiveUpdate;C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-09-13 14:54]
S3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-07-22 08:47:29 C:\WINDOWS\Tasks\Norton Internet Security - Uruchom pełne skanowanie systemu - krzysiek.job"


Tutaj z hijacka:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:51, on 2008-07-23
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20815)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Launch Ai Booster] "C:\Program Files\ASUS\Ai Booster\OverClk.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [685c0871] rundll32.exe "C:\WINDOWS\system32\rkcnpaxg.dll",b
O4 - HKLM\..\Run: [BM6b6f3bed] Rundll32.exe "C:\WINDOWS\system32\ixfkmmis.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier - Szybkie uruchomienie.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Harmonogram automatycznej usługi LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 7415 bytes


Prosze o pomoc bo jestem na razie zielony w tematach logow :)
gus
~user
 
Posty: 36
Dołączenie: 23 Lip 2008, 08:53



Postprzez Okocza 23 Lip 2008, 10:25

Napisz swój temat, w tym nikt Ci nie pomoże.
eMachines E730G - Core i5-430M, 2GiB RAM, ATI Mobility Radeon HD5470, WD 320GiB; Cort Z-44,DR 0.09-0.42, Peavey Backstage
Mac OS X 10.7.4 Lion // Windows 7 Professional x64 // NIE POMAGAM NA PW/GG/E-MAIL
Image
"Moje Ego i Anima spotykają się i wymieniają przepisami na ciasteczka" - Maynard James Keenan
Awatar użytkownika
Okocza
~user
 
Posty: 7993
Dołączenie: 19 Mar 2006, 11:53
Pochwały: 406



Postprzez Magik 23 Lip 2008, 13:02

Zastosuj SDFix . Po pobraniu uruchom go a rozpakuje się do C:\SDFix. Uruchom komputer w trybie awaryjnym (F8 przy stracie systemu). Będąc w awaryjnym uruchom plik RunThis.bat z folderu SDFixa. Zatwierdź czyszczenie przez Y. Poczekaj aż ukończy i komputer zresetuje

Potem wejdz do folderu C:\SDFix wrzuc zawartość pliku Report.txt + log z combofixa oraz daj loga z hijacka
Image Image
Awatar użytkownika
Magik
~user
 
Posty: 7956
Dołączenie: 08 Maj 2004, 09:17
Miejscowość: Głogów
Pochwały: 885



Postprzez gus 23 Lip 2008, 15:35

Oto report z SD Fixa:


SDFix: Version 1.207
Run by krzysiek on 2008-07-23 at 15:23

Microsoft Windows XP [Wersja 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-23 15:30:00
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:03,7f,f4,9c,17,bf,39,c1,54,be,ae,d7,0b,30,fd,68,a7,3f,13,71,35,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,35,42,74,90,03,68,7a,aa,b5,da,e1,86,13,4f,b6,fc,cb,..
"khjeh"=hex:e7,0f,7a,d4,0b,fc,c3,75,84,3c,cf,69,67,52,da,08,5a,0a,58,a3,4e,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:1f,57,d1,3d,c6,30,cd,6f,8a,d1,87,8d,c5,a6,db,d9,04,e0,ad,3f,13,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:03,7f,f4,9c,17,bf,39,c1,54,be,ae,d7,0b,30,fd,68,a7,3f,13,71,35,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,35,42,74,90,03,68,7a,aa,b5,da,e1,86,13,4f,b6,fc,cb,..
"khjeh"=hex:e7,0f,7a,d4,0b,fc,c3,75,84,3c,cf,69,67,52,da,08,5a,0a,58,a3,4e,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:f7,de,a7,92,93,25,fa,15,03,9d,01,cf,aa,0c,78,5a,4a,1f,92,d3,4d,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:03,7f,f4,9c,17,bf,39,c1,54,be,ae,d7,0b,30,fd,68,a7,3f,13,71,35,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,35,42,74,90,03,68,7a,aa,b5,da,e1,86,13,4f,b6,fc,cb,..
"khjeh"=hex:e7,0f,7a,d4,0b,fc,c3,75,84,3c,cf,69,67,52,da,08,5a,0a,58,a3,4e,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:f7,de,a7,92,93,25,fa,15,03,9d,01,cf,aa,0c,78,5a,4a,1f,92,d3,4d,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:00000000
"TracesSuccessful"=dword:00000000
"LastTraceFailure"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Mozilla Firefox"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"D:\\gry\\settlers\\base\\bin\\Settlers6.exe"="D:\\gry\\settlers\\base\\bin\\Settlers6.exe:*:Enabled:THE SETTLERS - Rise of an Empire"
"D:\\gry\\settlers\\extra1\\bin\\Settlers6.exe"="D:\\gry\\settlers\\extra1\\bin\\Settlers6.exe:*:Enabled:THE SETTLERS - Rise of an Empire - The Eastern Realm"
"D:\\Sof\\sof3.exe"="D:\\Sof\\sof3.exe:*:Enabled:sof3"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files :



Files with Hidden Attributes :

Tue 22 Apr 2008 625,664 A.SH. --- "C:\Program Files\Internet Explorer\iexplore.exe"
Wed 17 Oct 2007 224,256 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe"
Wed 4 Aug 2004 4,639 A.SH. --- "C:\Program Files\Windows Media Player\mplayer2.exe"
Fri 1 Dec 2006 64,000 A.SH. --- "C:\Program Files\Windows Media Player\wmplayer.exe"
Mon 30 Jun 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Wed 16 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\8a7603e7cf792509c9ebbd8c74c82553\BIT42.tmp"

Finished!


To z combofixa:

ComboFix 08-07-21.2 - krzysiek 2008-07-23 8:35:00.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.540 [GMT 2:00]
Running from: C:\Documents and Settings\krzysiek.PRIVATE-28C405B\Pulpit\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\acjbivrf.dll
C:\WINDOWS\system32\afcgfoyx.dll
C:\WINDOWS\system32\frvibjca.ini
C:\WINDOWS\system32\nnoUDJjl.ini
C:\WINDOWS\system32\nnoUDJjl.ini2
C:\WINDOWS\system32\qoMfcddd.dll
C:\WINDOWS\system32\tptkwkur.dll
C:\WINDOWS\system32\tuvVPHAQ.dll

.
((((((((((((((((((((((((( Files Created from 2008-06-23 to 2008-07-23 )))))))))))))))))))))))))))))))
.

2008-07-23 08:38 . 2008-07-23 08:38 <DIR> d-------- C:\WINDOWS\system32\xircom
2008-07-23 08:38 . 2008-07-23 08:38 <DIR> d-------- C:\WINDOWS\srchasst
2008-07-23 08:38 . 2008-07-23 08:38 <DIR> d-------- C:\Program Files\microsoft frontpage
2008-07-22 22:32 . 2008-07-22 22:32 <DIR> d--h----- C:\ErdUndoCache
2008-07-22 21:57 . 2008-07-22 21:57 <DIR> d-------- C:\Documents and Settings\krzysiek.PRIVATE-28C405B\Dane aplikacji\DivX
2008-07-22 21:16 . 2008-07-22 21:16 <DIR> d-------- C:\Documents and Settings\krzysiek.PRIVATE-28C405B\Dane aplikacji\HP
2008-07-22 20:36 . 2008-07-22 20:36 <DIR> d--hs---- C:\Documents and Settings\NetworkService.ZARZ¤DZANIE NT
2008-07-22 20:36 . <DIR> C:\Documents and Settings\NetworkService.ZARZąDZANIE NT\Ustawienia lokalne
2008-07-22 20:36 . <DIR> C:\Documents and Settings\NetworkService.ZARZąDZANIE NT\Ustawienia lokalne
2008-07-22 20:36 . <DIR> C:\Documents and Settings\NetworkService.ZARZąDZANIE NT\Ulubione
2008-07-22 20:36 . <DIR> C:\Documents and Settings\NetworkService.ZARZąDZANIE NT\Ulubione
2008-07-22 20:36 . <DIR> C:\Documents and Settings\NetworkService.ZARZąDZANIE NT\Szablony
2008-07-22 20:36 . <DIR> C:\Documents and Settings\NetworkService.ZARZąDZANIE NT\Szablony
2008-07-22 20:36 . <DIR> C:\Documents and Settings\NetworkService.ZARZąDZANIE NT\SendTo
2008-07-22 20:36 . <DIR> C:\Documents and Settings\NetworkService.ZARZąDZANIE NT\SendTo
2008-07-22 20:36 . <DIR> C:\Documents and Settings\NetworkService.ZARZąDZANIE NT\Recent
2008-07-22 20:36 . <DIR> C:\Documents and Settings\NetworkService.ZARZąDZANIE NT\Recent
2008-07-22 20:36 . <DIR> C:\Documents and Settings\NetworkService.ZARZąDZANIE NT\Pulpit
2008-07-22 20:36 . <DIR> C:\Documents and Settings\NetworkService.ZARZąDZANIE NT\Pulpit
2008-07-22 20:36 . <DIR> C:\Documents and Settings\NetworkService.ZARZąDZANIE NT\PrintHood
2008-07-22 20:36 . <DIR> C:\Documents and Settings\NetworkService.ZARZąDZANIE NT\PrintHood
2008-07-22 20:36 . <DIR> C:\Documents and Settings\NetworkService.ZARZąDZANIE NT\NetHood
2008-07-22 20:36 . <DIR> C:\Documents and Settings\NetworkService.ZARZąDZANIE NT\NetHood
2008-07-22 20:36 . <DIR> C:\Documents and Settings\NetworkService.ZARZąDZANIE NT\Moje dokumenty
2008-07-22 20:36 . <DIR> C:\Documents and Settings\NetworkService.ZARZąDZANIE NT\Moje dokumenty
2008-07-22 20:36 . <DIR> C:\Documents and Settings\NetworkService.ZARZąDZANIE NT\Menu Start
2008-07-22 20:36 . <DIR> C:\Documents and Settings\NetworkService.ZARZąDZANIE NT\Menu Start
2008-07-22 20:36 . <DIR> C:\Documents and Settings\NetworkService.ZARZąDZANIE NT\Dane aplikacji
2008-07-22 20:36 . <DIR> C:\Documents and Settings\NetworkService.ZARZąDZANIE NT\Dane aplikacji
2008-07-22 20:36 . <DIR> C:\Documents and Settings\NetworkService.ZARZąDZANIE NT\Cookies
2008-07-22 20:36 . <DIR> C:\Documents and Settings\NetworkService.ZARZąDZANIE NT\Cookies
2008-07-22 20:36 . 2008-07-22 20:36 <DIR> d--hs---- C:\Documents and Settings\LocalService.ZARZ¤DZANIE NT
2008-07-22 20:36 . <DIR> C:\Documents and Settings\LocalService.ZARZąDZANIE NT\Ustawienia lokalne
2008-07-22 20:36 . <DIR> C:\Documents and Settings\LocalService.ZARZąDZANIE NT\Ustawienia lokalne
2008-07-22 20:36 . <DIR> C:\Documents and Settings\LocalService.ZARZąDZANIE NT\Ulubione
2008-07-22 20:36 . <DIR> C:\Documents and Settings\LocalService.ZARZąDZANIE NT\Ulubione
2008-07-22 20:36 . <DIR> C:\Documents and Settings\LocalService.ZARZąDZANIE NT\Szablony
2008-07-22 20:36 . <DIR> C:\Documents and Settings\LocalService.ZARZąDZANIE NT\Szablony
2008-07-22 20:36 . <DIR> C:\Documents and Settings\LocalService.ZARZąDZANIE NT\SendTo
2008-07-22 20:36 . <DIR> C:\Documents and Settings\LocalService.ZARZąDZANIE NT\SendTo
2008-07-22 20:36 . <DIR> C:\Documents and Settings\LocalService.ZARZąDZANIE NT\Recent
2008-07-22 20:36 . <DIR> C:\Documents and Settings\LocalService.ZARZąDZANIE NT\Recent
2008-07-22 20:36 . <DIR> C:\Documents and Settings\LocalService.ZARZąDZANIE NT\Pulpit
2008-07-22 20:36 . <DIR> C:\Documents and Settings\LocalService.ZARZąDZANIE NT\Pulpit
2008-07-22 20:36 . <DIR> C:\Documents and Settings\LocalService.ZARZąDZANIE NT\PrintHood
2008-07-22 20:36 . <DIR> C:\Documents and Settings\LocalService.ZARZąDZANIE NT\PrintHood
2008-07-22 20:36 . <DIR> C:\Documents and Settings\LocalService.ZARZąDZANIE NT\NetHood
2008-07-22 20:36 . <DIR> C:\Documents and Settings\LocalService.ZARZąDZANIE NT\NetHood
2008-07-22 20:36 . <DIR> C:\Documents and Settings\LocalService.ZARZąDZANIE NT\Moje dokumenty
2008-07-22 20:36 . <DIR> C:\Documents and Settings\LocalService.ZARZąDZANIE NT\Moje dokumenty
2008-07-22 20:36 . <DIR> C:\Documents and Settings\LocalService.ZARZąDZANIE NT\Menu Start
2008-07-22 20:36 . <DIR> C:\Documents and Settings\LocalService.ZARZąDZANIE NT\Menu Start
2008-07-22 20:36 . <DIR> C:\Documents and Settings\LocalService.ZARZąDZANIE NT\Dane aplikacji\Microsoft
2008-07-22 20:36 . <DIR> C:\Documents and Settings\LocalService.ZARZąDZANIE NT\Dane aplikacji
2008-07-22 20:36 . <DIR> C:\Documents and Settings\LocalService.ZARZąDZANIE NT\Dane aplikacji
2008-07-22 20:36 . <DIR> C:\Documents and Settings\LocalService.ZARZąDZANIE NT\Cookies
2008-07-22 20:36 . <DIR> C:\Documents and Settings\LocalService.ZARZąDZANIE NT\Cookies
2008-07-22 20:36 . 2002-01-02 03:34 <DIR> d--h----- C:\Documents and Settings\krzysiek.PRIVATE-28C405B\Ustawienia lokalne
2008-07-22 20:36 . 2008-07-22 20:37 <DIR> dr------- C:\Documents and Settings\krzysiek.PRIVATE-28C405B\Ulubione
2008-07-22 20:36 . 2008-07-22 20:36 <DIR> d--h----- C:\Documents and Settings\krzysiek.PRIVATE-28C405B\Szablony
2008-07-22 20:36 . 2008-07-23 08:30 <DIR> d-------- C:\Documents and Settings\krzysiek.PRIVATE-28C405B\Pulpit
2008-07-22 20:36 . 2008-07-22 22:57 <DIR> dr------- C:\Documents and Settings\krzysiek.PRIVATE-28C405B\Moje dokumenty
2008-07-22 20:36 . 2002-01-02 03:34 <DIR> d-------- C:\Documents and Settings\krzysiek.PRIVATE-28C405B\Menu Start
2008-07-22 20:36 . 2008-07-22 22:01 <DIR> d--h----- C:\Documents and Settings\krzysiek.PRIVATE-28C405B\Dane aplikacji
2008-07-22 20:36 . 2008-07-23 02:05 <DIR> d-------- C:\Documents and Settings\krzysiek.PRIVATE-28C405B
2008-07-22 20:36 . 262,144 C:\Documents and Settings\NetworkService.ZARZąDZANIE NT\ntuser.dat
2008-07-22 20:36 . 262,144 C:\Documents and Settings\NetworkService.ZARZąDZANIE NT\ntuser.dat
2008-07-22 20:36 . 262,144 C:\Documents and Settings\LocalService.ZARZąDZANIE NT\ntuser.dat
2008-07-22 20:36 . 262,144 C:\Documents and Settings\LocalService.ZARZąDZANIE NT\ntuser.dat
2008-07-22 18:13 . 2008-07-22 18:13 <DIR> d-------- C:\Program Files\Foteria
2008-07-22 17:55 . 2008-03-06 21:32 23,904 --a------ C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-07-22 17:55 . 2008-03-06 21:32 10,537 --a------ C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-07-22 17:55 . 2008-03-06 21:32 706 --a------ C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-07-22 16:34 . 2008-07-22 16:34 <DIR> d-------- C:\Program Files\Lavasoft
2008-07-22 16:33 . 2008-07-22 16:33 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-22 16:31 . 2008-07-22 16:33 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft
2008-07-22 11:40 . 2008-07-22 11:42 10,671 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-07-22 11:40 . 2008-07-22 11:42 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-07-22 10:40 . 2008-07-22 22:32 <DIR> d-------- C:\Program Files\Norton Internet Security
2008-07-22 10:38 . 2008-07-22 11:42 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-07-22 10:38 . 2008-07-22 11:42 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-07-22 00:10 . 2008-07-22 12:54 43,701 ---hs---- C:\WINDOWS\system32\yqxnwpli.ini
2008-07-22 00:08 . 2008-07-23 08:33 110,482 --a------ C:\WINDOWS\BM6b6f3bed.xml
2008-07-22 00:06 . 2008-07-22 00:06 245,760 --a------ C:\WINDOWS\system32\ljJDUonn.dll
2008-07-21 23:27 . 2008-07-22 14:56 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-07-21 23:27 . 2008-07-21 23:29 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-07-21 23:27 . 2008-07-21 23:35 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-07-21 23:22 . 2008-07-21 23:22 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-07-21 23:06 . 2008-07-22 06:06 <DIR> d-------- C:\[PC] The Witcher [ENG-OnLY] [dopeman]
2008-07-21 16:34 . 2008-07-21 23:00 <DIR> d-------- C:\Need.For.Speed.Pro.Street-RELOADED
2008-07-20 19:59 . 2008-07-20 19:59 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\PlayFirst
2008-07-20 19:55 . 2008-07-20 19:55 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-07-19 23:59 . 2008-07-19 23:59 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-07-19 15:40 . 2008-07-19 15:40 <DIR> d--h----- C:\WINDOWS\PIF
2008-07-19 15:40 . 2008-07-22 10:50 16 --a------ C:\WINDOWS\system32\coh.cache
2008-07-18 00:02 . 2008-07-02 18:52 107,370 --------- C:\WINDOWS\hpqins13.dat.temp
2008-07-13 22:16 . 2008-07-13 22:16 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-07-13 22:03 . 2008-07-13 22:03 <DIR> d-------- C:\Program Files\Skype
2008-07-13 22:03 . 2008-07-13 22:14 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-07-11 17:31 . 2008-07-11 17:31 <DIR> d-------- C:\Program Files\IrfanView
2008-07-09 08:29 . 2007-10-09 01:57 100,352 --------- C:\WINDOWS\system32\dllcache\6to4svc.dll
2008-07-04 08:15 . 2008-07-04 08:15 221 --a------ C:\WINDOWS\NCLogConfig.ini
2008-07-02 18:50 . 2008-07-18 00:02 107,013 --a------ C:\WINDOWS\hpqins13.dat
2008-06-30 12:23 . 2006-10-04 16:06 1,197,294 --------- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-06-30 12:23 . 2006-10-04 16:06 764,868 --------- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-06-30 12:23 . 2004-08-04 04:44 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-06-30 12:23 . 2006-10-04 16:06 217,118 --------- C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-06-30 12:22 . 2006-09-25 17:58 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-06-27 01:19 . 2008-06-27 01:19 <DIR> d-------- C:\Program Files\MarBit

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-23 06:09 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-07-22 15:55 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Symantec
2008-07-22 09:42 --------- d-----w C:\Program Files\Symantec
2008-07-20 21:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-13 20:03 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Skype
2008-07-11 19:35 --------- d-----w C:\Program Files\Gadu-Gadu
2008-06-20 19:08 278,984 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys
2008-06-20 17:37 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:37 246,784 ------w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:37 147,968 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 16:57 25,416 ----a-w C:\WINDOWS\system32\drivers\lirsgt.sys
2008-06-20 16:44 --------- d-----w C:\Program Files\PowerISO
2008-06-20 16:34 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-06-20 16:32 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-06-20 10:44 360,960 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 360,960 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 10:44 138,368 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 09:32 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 09:32 225,920 ------w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-17 19:21 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Go Go Gourmet
2008-06-17 01:00 --------- d-----w C:\Program Files\MSXML 4.0
2008-06-16 13:28 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\HP
2008-06-16 13:26 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2008-06-16 13:26 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Sonic
2008-06-16 13:25 --------- d-----w C:\Program Files\Common Files\HP
2008-06-16 13:21 --------- d-----w C:\Program Files\HP
2008-06-16 13:21 --------- d-----w C:\Program Files\Hewlett-Packard
2008-06-16 13:21 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard
2008-06-15 19:33 32 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
2008-06-14 18:01 273,024 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-14 18:01 273,024 ------w C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-14 15:27 --------- d-----w C:\Program Files\NAPI-PROJEKT
2008-06-12 06:28 56,108 ----a-w C:\WINDOWS\system32\drivers\scdemu.sys
2008-06-11 20:52 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-11 18:00 --------- d-----w C:\Program Files\DivX
2008-06-04 21:47 --------- d-----w C:\Program Files\Ahead
2008-06-04 21:46 --------- d-----w C:\Program Files\Common Files\Ahead
2008-06-03 08:47 --------- d-----w C:\Program Files\Common Files\G DATA
2008-06-03 08:45 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\G DATA
2008-06-01 08:14 --------- d-----w C:\Program Files\BitComet
2008-05-31 19:55 2,560 ----a-w C:\WINDOWS\system32\bitcometres.dll
2008-05-31 18:29 --------- d-----w C:\Program Files\FLV Player
2008-05-31 00:43 --------- d-----w C:\Program Files\Java
2008-05-31 00:41 --------- d-----w C:\Program Files\Common Files\Java
2008-05-31 00:02 46,536 ----a-w C:\WINDOWS\system32\drivers\MiniIcpt.sys
2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-05-30 23:22 815,104 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-05-30 23:22 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-05-30 23:22 683,520 ----a-w C:\WINDOWS\system32\DivX.dll
2008-05-30 23:22 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-05-30 23:22 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-05-30 23:22 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-05-30 23:22 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-05-30 21:37 --------- d-----w C:\Program Files\MSXML 6.0
2008-05-22 22:22 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-05-22 22:22 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-05-22 22:20 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-05-22 22:20 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-05-22 22:19 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-05-22 22:19 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-05-22 22:19 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-05-22 22:18 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-16 09:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-05-08 12:14 203,008 ------w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 05:03 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:03 1,291,776 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2002-01-02 00:47 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
2002-01-02 00:48 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat
2002-01-02 00:48 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\MSHist012002010220020103\index.dat
2002-01-02 00:47 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat
.

------- Sigcheck -------

2007-07-10 15:06 642560 ce594e18fe0d0af804f1f3694921ce62 C:\WINDOWS\system32\user32.dll

2007-10-19 00:19 2145280 6c264e21d3bd7082b43fc016d760c1d1 C:\WINDOWS\system32\ntoskrnl.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.


To z hijacka:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:51, on 2008-07-23
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20815)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Launch Ai Booster] "C:\Program Files\ASUS\Ai Booster\OverClk.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [685c0871] rundll32.exe "C:\WINDOWS\system32\rkcnpaxg.dll",b
O4 - HKLM\..\Run: [BM6b6f3bed] Rundll32.exe "C:\WINDOWS\system32\ixfkmmis.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier - Szybkie uruchomienie.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Harmonogram automatycznej usługi LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 7415 bytes


Co pominalem, ze zostalem wyzej zbesztany?
gus
~user
 
Posty: 36
Dołączenie: 23 Lip 2008, 08:53



Postprzez Magik 23 Lip 2008, 15:42

na fix w trybie awaryjnym w HJT
Kod: Zaznacz wszystko
O4 - HKLM\..\Run: [685c0871] rundll32.exe "C:\WINDOWS\system32\rkcnpaxg.dll",b

O4 - HKLM\..\Run: [BM6b6f3bed] Rundll32.exe "C:\WINDOWS\system32\ixfkmmis.dll",s
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
   O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
Image Image
Awatar użytkownika
Magik
~user
 
Posty: 7956
Dołączenie: 08 Maj 2004, 09:17
Miejscowość: Głogów
Pochwały: 885



Postprzez gus 23 Lip 2008, 18:07

Dziękuję Panu. :) Rady podziałały
gus
~user
 
Posty: 36
Dołączenie: 23 Lip 2008, 08:53



Postprzez Okocza 23 Lip 2008, 18:27

wstaw log z combofixa - bo tamten jest urwany
eMachines E730G - Core i5-430M, 2GiB RAM, ATI Mobility Radeon HD5470, WD 320GiB; Cort Z-44,DR 0.09-0.42, Peavey Backstage
Mac OS X 10.7.4 Lion // Windows 7 Professional x64 // NIE POMAGAM NA PW/GG/E-MAIL
Image
"Moje Ego i Anima spotykają się i wymieniają przepisami na ciasteczka" - Maynard James Keenan
Awatar użytkownika
Okocza
~user
 
Posty: 7993
Dołączenie: 19 Mar 2006, 11:53
Pochwały: 406



Postprzez gus 24 Lip 2008, 15:46

Pomimo wcześniejszej, nieocenionej pomocy nadal pojawiają sie te same błędy - niektóre strony sie nie wczytują, a google i youtube nie wyszukują. Przeczyściłem kompa wszystkimi programami, które tu polecacie, ale po kilkudziesięciu minutach lub kilku godzinach sytuacja wraca do normy. Mam zainstalowanego Avasta home edition. Nie chodzę po żadnych podejrzanych stronach. Co jeszcze powinienem zrobić lub zainstalować?

Załączam logi

Hijack:

Cytat:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:48, on 2008-07-24
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20815)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {B865F8F5-8E63-4A56-B5A2-141156A7667C} - C:\WINDOWS\system32\ljJDUonn.dll (file missing)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Launch Ai Booster] "C:\Program Files\ASUS\Ai Booster\OverClk.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [BM6b6f3bed] Rundll32.exe "C:\WINDOWS\system32\ysmwxgjs.dll",s
O4 - HKLM\..\Run: [685c0871] rundll32.exe "C:\WINDOWS\system32\pysfwlqh.dll",b
O4 - HKLM\..\RunOnce: [KB926239] rundll32.exe apphelp.dll,ShimFlushCache
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier - Szybkie uruchomienie.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Harmonogram automatycznej usługi LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 8168 bytes




Combofix:



Cytat:
ComboFix 08-07-21.2 - krzysiek 2008-07-24 12:53:00.3 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.822 [GMT 2:00]
Running from: D:\Programy\Problemy z kompem\Rejestr\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\hqlwfsyp.ini
C:\WINDOWS\system32\nnoUDJjl.ini
C:\WINDOWS\system32\nnoUDJjl.ini2
C:\WINDOWS\system32\pysfwlqh.dll
C:\WINDOWS\system32\ysmwxgjs.dll
.
---- Previous Run -------
.
C:\WINDOWS\BM6b6f3bed.txt
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\acjbivrf.dll
C:\WINDOWS\system32\afcgfoyx.dll
C:\WINDOWS\system32\ckeephhm.dll
C:\WINDOWS\system32\eqtwmlfw.dll
C:\WINDOWS\system32\frvibjca.ini
C:\WINDOWS\system32\gxapnckr.ini
C:\WINDOWS\system32\ixfkmmis.dll
C:\WINDOWS\system32\mhhpeekc.ini
C:\WINDOWS\system32\nnoUDJjl.ini
C:\WINDOWS\system32\nnoUDJjl.ini2
C:\WINDOWS\system32\qoMfcddd.dll
C:\WINDOWS\system32\rkcnpaxg.dll
C:\WINDOWS\system32\tptkwkur.dll
C:\WINDOWS\system32\tuvVPHAQ.dll

.
((((((((((((((((((((((((( Files Created from 2008-06-24 to 2008-07-24 )))))))))))))))))))))))))))))))
.

2008-07-24 11:55 . 2008-07-24 11:55 1,320 --a------ C:\WINDOWS\system32\spupdsvc.inf
2008-07-24 10:35 . 2008-07-24 10:35 <DIR> d-------- C:\Program Files\Alwil Software
2008-07-23 18:57 . 2008-07-23 22:35 384 --a------ C:\WINDOWS\SIERRA.INI
2008-07-23 18:31 . 2008-07-23 18:31 <DIR> d-------- C:\Documents and Settings\krzysiek.PRIVATE-28C405B\Dane aplikacji\DAEMON Tools
2008-07-23 18:30 . 2008-07-23 18:30 <DIR> d-------- C:\Documents and Settings\krzysiek.PRIVATE-28C405B\Dane aplikacji\Gadu-Gadu
2008-07-23 15:20 . 2008-07-23 15:20 <DIR> d-------- C:\WINDOWS\ERUNT
2008-07-23 15:05 . 2008-07-23 15:30 <DIR> d-------- C:\SDFix
2008-07-23 09:32 . 2008-07-23 09:32 <DIR> d-------- C:\Documents and Settings\krzysiek.PRIVATE-28C405B\Dane aplikacji\AdobeUM
2008-07-23 08:51 . 2008-07-23 08:51 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-23 08:38 . 2008-07-23 08:38 <DIR> d-------- C:\WINDOWS\system32\xircom
2008-07-23 08:38 . 2008-07-23 08:38 <DIR> d-------- C:\WINDOWS\srchasst
2008-07-23 08:38 . 2008-07-23 08:38 <DIR> d-------- C:\Program Files\microsoft frontpage
2008-07-22 22:32 . 2008-07-22 22:32 <DIR> d--h----- C:\ErdUndoCache
2008-07-22 21:57 . 2008-07-22 21:57 <DIR> d-------- C:\Documents and Settings\krzysiek.PRIVATE-28C405B\Dane aplikacji\DivX
2008-07-22 21:16 . 2008-07-22 21:16 <DIR> d-------- C:\Documents and Settings\krzysiek.PRIVATE-28C405B\Dane aplikacji\HP
2008-07-22 20:36 . 2008-07-22 20:36 <DIR> d--hs---- C:\Documents and Settings\NetworkService.ZARZ¤DZANIE NT
2008-07-22 20:36 . <DIR> C:\Documents and Settings\NetworkService.ZARZąDZANIE NT\Ustawienia lokalne
2008-07-22 20:36 . <DIR> C:\Documents and Settings\NetworkService.ZARZąDZANIE NT\Ustawienia lokalne
2008-07-22 20:36 . <DIR> C:\Documents and Settings\NetworkService.ZARZąDZANIE NT\Ulubione
2008-07-22 20:36 . <DIR> C:\Documents and Settings\NetworkService.ZARZąDZANIE NT\Ulubione
2008-07-22 20:36 . <DIR> C:\Documents and Settings\NetworkService.ZARZąDZANIE NT\Szablony
2008-07-22 20:36 . <DIR> C:\Documents and Settings\NetworkService.ZARZąDZANIE NT\Szablony
2008-07-22 20:36 . <DIR> C:\Documents and Settings\NetworkService.ZARZąDZANIE NT\SendTo
2008-07-22 20:36 . <DIR> C:\Documents and Settings\NetworkService.ZARZąDZANIE NT\SendTo
2008-07-22 20:36 . <DIR> C:\Documents and Settings\NetworkService.ZARZąDZANIE NT\Recent
2008-07-22 20:36 . <DIR> C:\Documents and Settings\NetworkService.ZARZąDZANIE NT\Recent
2008-07-22 20:36 . <DIR> C:\Documents and Settings\NetworkService.ZARZąDZANIE NT\Pulpit
2008-07-22 20:36 . <DIR> C:\Documents and Settings\NetworkService.ZARZąDZANIE NT\Pulpit
2008-07-22 20:36 . <DIR> C:\Documents and Settings\NetworkService.ZARZąDZANIE NT\PrintHood
2008-07-22 20:36 . <DIR> C:\Documents and Settings\NetworkService.ZARZąDZANIE NT\PrintHood
2008-07-22 20:36 . <DIR> C:\Documents and Settings\NetworkService.ZARZąDZANIE NT\NetHood
2008-07-22 20:36 . <DIR> C:\Documents and Settings\NetworkService.ZARZąDZANIE NT\NetHood
2008-07-22 20:36 . <DIR> C:\Documents and Settings\NetworkService.ZARZąDZANIE NT\Moje dokumenty
2008-07-22 20:36 . <DIR> C:\Documents and Settings\NetworkService.ZARZąDZANIE NT\Moje dokumenty
2008-07-22 20:36 . <DIR> C:\Documents and Settings\NetworkService.ZARZąDZANIE NT\Menu Start
2008-07-22 20:36 . <DIR> C:\Documents and Settings\NetworkService.ZARZąDZANIE NT\Menu Start
2008-07-22 20:36 . <DIR> C:\Documents and Settings\NetworkService.ZARZąDZANIE NT\Dane aplikacji
2008-07-22 20:36 . <DIR> C:\Documents and Settings\NetworkService.ZARZąDZANIE NT\Dane aplikacji
2008-07-22 20:36 . <DIR> C:\Documents and Settings\NetworkService.ZARZąDZANIE NT\Cookies
2008-07-22 20:36 . <DIR> C:\Documents and Settings\NetworkService.ZARZąDZANIE NT\Cookies
2008-07-22 20:36 . 2008-07-22 20:36 <DIR> d--hs---- C:\Documents and Settings\LocalService.ZARZ¤DZANIE NT
2008-07-22 20:36 . <DIR> C:\Documents and Settings\LocalService.ZARZąDZANIE NT\Ustawienia lokalne
2008-07-22 20:36 . <DIR> C:\Documents and Settings\LocalService.ZARZąDZANIE NT\Ustawienia lokalne
2008-07-22 20:36 . <DIR> C:\Documents and Settings\LocalService.ZARZąDZANIE NT\Ulubione
2008-07-22 20:36 . <DIR> C:\Documents and Settings\LocalService.ZARZąDZANIE NT\Ulubione
2008-07-22 20:36 . <DIR> C:\Documents and Settings\LocalService.ZARZąDZANIE NT\Szablony
2008-07-22 20:36 . <DIR> C:\Documents and Settings\LocalService.ZARZąDZANIE NT\Szablony
2008-07-22 20:36 . <DIR> C:\Documents and Settings\LocalService.ZARZąDZANIE NT\SendTo
2008-07-22 20:36 . <DIR> C:\Documents and Settings\LocalService.ZARZąDZANIE NT\SendTo
2008-07-22 20:36 . <DIR> C:\Documents and Settings\LocalService.ZARZąDZANIE NT\Recent
2008-07-22 20:36 . <DIR> C:\Documents and Settings\LocalService.ZARZąDZANIE NT\Recent
2008-07-22 20:36 . <DIR> C:\Documents and Settings\LocalService.ZARZąDZANIE NT\Pulpit
2008-07-22 20:36 . <DIR> C:\Documents and Settings\LocalService.ZARZąDZANIE NT\Pulpit
2008-07-22 20:36 . <DIR> C:\Documents and Settings\LocalService.ZARZąDZANIE NT\PrintHood
2008-07-22 20:36 . <DIR> C:\Documents and Settings\LocalService.ZARZąDZANIE NT\PrintHood
2008-07-22 20:36 . <DIR> C:\Documents and Settings\LocalService.ZARZąDZANIE NT\NetHood
2008-07-22 20:36 . <DIR> C:\Documents and Settings\LocalService.ZARZąDZANIE NT\NetHood
2008-07-22 20:36 . <DIR> C:\Documents and Settings\LocalService.ZARZąDZANIE NT\Moje dokumenty
2008-07-22 20:36 . <DIR> C:\Documents and Settings\LocalService.ZARZąDZANIE NT\Moje dokumenty
2008-07-22 20:36 . <DIR> C:\Documents and Settings\LocalService.ZARZąDZANIE NT\Menu Start
2008-07-22 20:36 . <DIR> C:\Documents and Settings\LocalService.ZARZąDZANIE NT\Menu Start
2008-07-22 20:36 . <DIR> C:\Documents and Settings\LocalService.ZARZąDZANIE NT\Dane aplikacji\Microsoft
2008-07-22 20:36 . <DIR> C:\Documents and Settings\LocalService.ZARZąDZANIE NT\Dane aplikacji
2008-07-22 20:36 . <DIR> C:\Documents and Settings\LocalService.ZARZąDZANIE NT\Dane aplikacji
2008-07-22 20:36 . <DIR> C:\Documents and Settings\LocalService.ZARZąDZANIE NT\Cookies
2008-07-22 20:36 . <DIR> C:\Documents and Settings\LocalService.ZARZąDZANIE NT\Cookies
2008-07-22 20:36 . 2002-01-02 03:34 <DIR> d--h----- C:\Documents and Settings\krzysiek.PRIVATE-28C405B\Ustawienia lokalne
2008-07-22 20:36 . 2008-07-22 20:37 <DIR> dr------- C:\Documents and Settings\krzysiek.PRIVATE-28C405B\Ulubione
2008-07-22 20:36 . 2008-07-22 20:36 <DIR> d--h----- C:\Documents and Settings\krzysiek.PRIVATE-28C405B\Szablony
2008-07-22 20:36 . 2008-07-24 12:48 <DIR> d-------- C:\Documents and Settings\krzysiek.PRIVATE-28C405B\Pulpit
2008-07-22 20:36 . 2008-07-23 22:42 <DIR> dr------- C:\Documents and Settings\krzysiek.PRIVATE-28C405B\Moje dokumenty
2008-07-22 20:36 . 2002-01-02 03:34 <DIR> d-------- C:\Documents and Settings\krzysiek.PRIVATE-28C405B\Menu Start
2008-07-22 20:36 . 2008-07-23 18:31 <DIR> d--h----- C:\Documents and Settings\krzysiek.PRIVATE-28C405B\Dane aplikacji
2008-07-22 20:36 . 2008-07-24 01:17 <DIR> d-------- C:\Documents and Settings\krzysiek.PRIVATE-28C405B
2008-07-22 20:36 . 262,144 C:\Documents and Settings\NetworkService.ZARZąDZANIE NT\ntuser.dat
2008-07-22 20:36 . 262,144 C:\Documents and Settings\NetworkService.ZARZąDZANIE NT\ntuser.dat
2008-07-22 20:36 . 262,144 C:\Documents and Settings\LocalService.ZARZąDZANIE NT\ntuser.dat
2008-07-22 20:36 . 262,144 C:\Documents and Settings\LocalService.ZARZąDZANIE NT\ntuser.dat
2008-07-22 18:13 . 2008-07-22 18:13 <DIR> d-------- C:\Program Files\Foteria
2008-07-22 16:34 . 2008-07-22 16:34 <DIR> d-------- C:\Program Files\Lavasoft
2008-07-22 16:33 . 2008-07-22 16:33 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-22 16:31 . 2008-07-22 16:33 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft
2008-07-22 00:10 . 2008-07-22 12:54 43,701 ---hs---- C:\WINDOWS\system32\yqxnwpli.ini
2008-07-22 00:08 . 2008-07-24 12:41 110,428 --a------ C:\WINDOWS\BM6b6f3bed.xml
2008-07-21 23:27 . 2008-07-23 19:28 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-07-21 23:27 . 2008-07-21 23:29 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-07-21 23:27 . 2008-07-23 19:28 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-07-21 23:22 . 2008-07-21 23:22 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-07-21 23:06 . 2008-07-22 06:06 <DIR> d-------- C:\[PC] The Witcher [ENG-OnLY] [dopeman]
2008-07-21 16:34 . 2008-07-21 23:00 <DIR> d-------- C:\Need.For.Speed.Pro.Street-RELOADED
2008-07-20 19:59 . 2008-07-20 19:59 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\PlayFirst
2008-07-20 19:55 . 2008-07-20 19:55 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-07-19 23:59 . 2008-07-19 23:59 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-07-19 15:40 . 2008-07-19 15:40 <DIR> d--h----- C:\WINDOWS\PIF
2008-07-18 00:02 . 2008-07-02 18:52 107,370 --------- C:\WINDOWS\hpqins13.dat.temp
2008-07-13 22:16 . 2008-07-13 22:16 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-07-13 22:03 . 2008-07-13 22:03 <DIR> d-------- C:\Program Files\Skype
2008-07-13 22:03 . 2008-07-13 22:14 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-07-11 17:31 . 2008-07-11 17:31 <DIR> d-------- C:\Program Files\IrfanView
2008-07-09 08:29 . 2007-10-09 01:57 100,352 --------- C:\WINDOWS\system32\dllcache\6to4svc.dll
2008-07-04 08:15 . 2008-07-04 08:15 221 --a------ C:\WINDOWS\NCLogConfig.ini
2008-07-02 18:50 . 2008-07-18 00:02 107,013 --a------ C:\WINDOWS\hpqins13.dat
2008-06-30 12:23 . 2006-10-04 16:06 1,197,294 --------- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-06-30 12:23 . 2006-10-04 16:06 764,868 --------- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-06-30 12:23 . 2004-08-04 04:44 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-06-30 12:23 . 2006-10-04 16:06 217,118 --------- C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-06-30 12:22 . 2006-09-25 17:58 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-06-27 01:19 . 2008-06-27 01:19 <DIR> d-------- C:\Program Files\MarBit

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-24 09:24 --------- d-----w C:\Program Files\Gadu-Gadu
2008-07-24 08:33 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-07-24 08:29 --------- d-----w C:\Program Files\Symantec
2008-07-24 08:29 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Symantec
2008-07-23 16:21 --------- d-----w C:\Program Files\NAPI-PROJEKT
2008-07-20 21:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-13 20:03 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Skype
2008-06-20 19:08 278,984 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys
2008-06-20 17:37 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:37 246,784 ------w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:37 147,968 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 16:57 25,416 ----a-w C:\WINDOWS\system32\drivers\lirsgt.sys
2008-06-20 16:34 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-06-20 16:32 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-06-20 10:44 360,960 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 360,960 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 10:44 138,368 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 09:32 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 09:32 225,920 ------w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-17 19:21 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Go Go Gourmet
2008-06-17 01:00 --------- d-----w C:\Program Files\MSXML 4.0
2008-06-16 13:28 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\HP
2008-06-16 13:26 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2008-06-16 13:26 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Sonic
2008-06-16 13:25 --------- d-----w C:\Program Files\Common Files\HP
2008-06-16 13:21 --------- d-----w C:\Program Files\HP
2008-06-16 13:21 --------- d-----w C:\Program Files\Hewlett-Packard
2008-06-16 13:21 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard
2008-06-15 19:33 32 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
2008-06-14 18:01 273,024 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-14 18:01 273,024 ------w C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-11 20:52 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-11 18:00 --------- d-----w C:\Program Files\DivX
2008-06-04 21:47 --------- d-----w C:\Program Files\Ahead
2008-06-04 21:46 --------- d-----w C:\Program Files\Common Files\Ahead
2008-06-03 08:47 --------- d-----w C:\Program Files\Common Files\G DATA
2008-06-03 08:45 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\G DATA
2008-06-01 08:14 --------- d-----w C:\Program Files\BitComet
2008-05-31 19:55 2,560 ----a-w C:\WINDOWS\system32\bitcometres.dll
2008-05-31 18:29 --------- d-----w C:\Program Files\FLV Player
2008-05-31 00:43 --------- d-----w C:\Program Files\Java
2008-05-31 00:41 --------- d-----w C:\Program Files\Common Files\Java
2008-05-31 00:02 46,536 ----a-w C:\WINDOWS\system32\drivers\MiniIcpt.sys
2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-05-30 23:22 815,104 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-05-30 23:22 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-05-30 23:22 683,520 ----a-w C:\WINDOWS\system32\DivX.dll
2008-05-30 23:22 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-05-30 23:22 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-05-30 23:22 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-05-30 23:22 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-05-30 21:37 --------- d-----w C:\Program Files\MSXML 6.0
2008-05-22 22:22 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-05-22 22:22 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-05-22 22:20 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-05-22 22:20 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-05-22 22:19 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-05-22 22:19 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-05-22 22:19 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-05-22 22:18 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-16 09:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-05-08 12:14 203,008 ------w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 05:03 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:03 1,291,776 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2002-01-02 00:47 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
2002-01-02 00:48 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat
2002-01-02 00:48 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\MSHist012002010220020103\index.dat
2002-01-02 00:47 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat
.

------- Sigcheck -------

2007-07-10 15:06 642560 ce594e18fe0d0af804f1f3694921ce62 C:\WINDOWS\system32\user32.dll

2007-10-19 00:19 2145280 6c264e21d3bd7082b43fc016d760c1d1 C:\WINDOWS\system32\ntoskrnl.exe
.
((((((((((((((((((((((((((((( snapshot_2008-07-24_10.19.58.21 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-19 14:43:08 1,163,960 ----a-w C:\WINDOWS\system32\aswBoot.exe
+ 2008-07-19 14:30:53 94,392 ----a-w C:\WINDOWS\system32\AvastSS.scr
+ 2008-07-24 10:49:28 262,144 ---ha-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat
+ 2007-10-08 23:34:59 2,450,944 ----a-w C:\WINDOWS\system32\dllcache\wmvcore.dll
+ 2008-07-19 14:32:15 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
+ 2008-07-19 14:37:42 20,560 ----a-w C:\WINDOWS\system32\drivers\aswFsBlk.sys
+ 2008-01-17 16:34:01 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
+ 2008-07-19 14:37:21 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
+ 2008-07-19 14:33:42 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
+ 2008-07-19 14:35:18 78,416 ----a-w C:\WINDOWS\system32\drivers\aswSP.sys
+ 2008-07-19 14:32:36 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
- 2007-11-30 12:40:46 19,320 ------w C:\WINDOWS\system32\spmsg.dll
+ 2006-09-25 15:58:48 14,640 ------w C:\WINDOWS\system32\spmsg.dll
+ 2008-07-24 10:56:55 16,384 ----atw C:\WINDOWS\temp\Perflib_Perfdata_6f0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:44 15360]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2008-03-20 12:04 2127296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch Ai Booster"="C:\Program Files\ASUS\Ai Booster\OverClk.exe" [2006-06-23 18:26 3706368]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-01 11:22 7618560]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152]
"hpqSRMon"="C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-03-13 09:34 81920]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 16:38 78008]
"BM6b6f3bed"="C:\WINDOWS\system32\ysmwxgjs.dll" [BU]
"685c0871"="C:\WINDOWS\system32\pysfwlqh.dll" [BU]
"RTHDCPL"="RTHDCPL.EXE" [2007-10-17 20:20 16844800 C:\WINDOWS\RTHDCPL.EXE]
"nwiz"="nwiz.exe" [2006-06-01 11:22 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 11:22 86016 C:\WINDOWS\system32\nvmctray.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 04:44 15360]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22 288472]
HP Photosmart Premier - Szybkie uruchomienie.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2006-02-10 07:56:20 73728]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMHelp"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"D:\\gry\\settlers\\base\\bin\\Settlers6.exe"=
"D:\\gry\\settlers\\extra1\\bin\\Settlers6.exe"=
"D:\\Sof\\sof3.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"23042:TCP"= 23042:TCP:BitComet 23042 TCP
"23042:UDP"= 23042:UDP:BitComet 23042 UDP

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 16:35]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]
R2 Harmonogram automatycznej usługi LiveUpdate;Harmonogram automatycznej usługi LiveUpdate;C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-09-13 14:54]
S3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]
.
- - - - ORPHANS REMOVED - - - -

BHO-{B865F8F5-8E63-4A56-B5A2-141156A7667C} - C:\WINDOWS\system32\ljJDUonn.dll


.
------- Supplementary Scan -------
.
O8 -: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 -: &D&ownload all video with BitComet - C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 -: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 -: E&ksport do programu Microsoft Excel - C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 -: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-24 12:57:05
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
.
**************************************************************************
.
Completion time: 2008-07-24 12:59:07 - machine was rebooted [krzysiek]
ComboFix-quarantined-files.txt 2008-07-24 10:59:04

Pre-Run: 16,404,836,352 bajtów wolnych
Post-Run: 16,397,422,592 bajt˘w wolnych

347 --- E O F --- 2008-07-10 07:06:41



SDfix:



Cytat:
SDFix: Version 1.207
Run by krzysiek on 2008-07-24 at 13:06

Microsoft Windows XP [Wersja 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-24 13:24:34
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:03,7f,f4,9c,17,bf,39,c1,54,be,ae,d7,0b,30,fd,68,a7,3f,13,71,35,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,35,42,74,90,03,68,7a,aa,b5,da,e1,86,13,4f,b6,fc,cb,..
"khjeh"=hex:e7,0f,7a,d4,0b,fc,c3,75,84,3c,cf,69,67,52,da,08,5a,0a,58,a3,4e,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:1f,57,d1,3d,c6,30,cd,6f,8a,d1,87,8d,c5,a6,db,d9,04,e0,ad,3f,13,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:03,7f,f4,9c,17,bf,39,c1,54,be,ae,d7,0b,30,fd,68,a7,3f,13,71,35,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,35,42,74,90,03,68,7a,aa,b5,da,e1,86,13,4f,b6,fc,cb,..
"khjeh"=hex:e7,0f,7a,d4,0b,fc,c3,75,84,3c,cf,69,67,52,da,08,5a,0a,58,a3,4e,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:88,a9,6d,ed,b9,e3,11,4e,fe,35,9a,4e,29,70,42,9e,ea,ef,bf,da,22,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:03,7f,f4,9c,17,bf,39,c1,54,be,ae,d7,0b,30,fd,68,a7,3f,13,71,35,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,35,42,74,90,03,68,7a,aa,b5,da,e1,86,13,4f,b6,fc,cb,..
"khjeh"=hex:e7,0f,7a,d4,0b,fc,c3,75,84,3c,cf,69,67,52,da,08,5a,0a,58,a3,4e,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:88,a9,6d,ed,b9,e3,11,4e,fe,35,9a,4e,29,70,42,9e,ea,ef,bf,da,22,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:00000000
"TracesSuccessful"=dword:00000000
"LastTraceFailure"=dword:00000000

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Mozilla Firefox"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"D:\\gry\\settlers\\base\\bin\\Settlers6.exe"="D:\\gry\\settlers\\base\\bin\\Settlers6.exe:*:Enabled:THE SETTLERS - Rise of an Empire"
"D:\\gry\\settlers\\extra1\\bin\\Settlers6.exe"="D:\\gry\\settlers\\extra1\\bin\\Settlers6.exe:*:Enabled:THE SETTLERS - Rise of an Empire - The Eastern Realm"
"D:\\Sof\\sof3.exe"="D:\\Sof\\sof3.exe:*:Enabled:sof3"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files :



Files with Hidden Attributes :

Tue 22 Apr 2008 625,664 A.SH. --- "C:\Program Files\Internet Explorer\iexplore.exe"
Wed 17 Oct 2007 224,256 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe"
Wed 4 Aug 2004 4,639 A.SH. --- "C:\Program Files\Windows Media Player\mplayer2.exe"
Fri 1 Dec 2006 64,000 A.SH. --- "C:\Program Files\Windows Media Player\wmplayer.exe"
Mon 30 Jun 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Wed 16 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\8a7603e7cf792509c9ebbd8c74c82553\BIT42.tmp"

Finished!
gus
~user
 
Posty: 36
Dołączenie: 23 Lip 2008, 08:53



Postprzez Magik 24 Lip 2008, 16:04

gus napisał(a):Mam zainstalowanego Avasta home edition


zrob cos zeby go nie miec zainstalwoanego--->wyrzuc ten badziew w cholere


poza tym zainstaluj jakiegos firewalla--->Jetico lub Kerio

i wstawiaj te logi w tagi :!: :!: :!:

Image


w trybie awaryjnym daj na fix w HJT

Kod: Zaznacz wszystko
O4 - HKLM\..\Run: [BM6b6f3bed] Rundll32.exe "C:\WINDOWS\system32\ysmwxgjs.dll",s
O4 - HKLM\..\Run: [685c0871] rundll32.exe "C:\WINDOWS\system32\pysfwlqh.dll",b
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O2 - BHO: (no name) - {B865F8F5-8E63-4A56-B5A2-141156A7667C} - C:\WINDOWS\system32\ljJDUonn.dll (file missing)



nastepnie przeskanuj kompa tym
http://www.programosy.pl/program,avg-anti-spyware.html
Image Image
Awatar użytkownika
Magik
~user
 
Posty: 7956
Dołączenie: 08 Maj 2004, 09:17
Miejscowość: Głogów
Pochwały: 885




Powróć do Bezpieczeństwo

Kto jest na forum

Użytkownicy przeglądający to forum: Brak zarejestrowanych użytkowników oraz 2 gości