Aktualizacje na programosy.pl: ChromiumKaspersky Rescue DiskVimK7 UltimateSecurityHeliumUCheckdnGrepBootIt Bare MetalHWiNFO32 Portable  

  • Ogłoszenie:

temp2.exe

Bezpieczeństwo systemów, usuwanie wirusów, dobieranie programów antywirusowych. Obowiązkowe logi w tym dziale: trzy z FRST + Gmer.
Wyślij odpowiedź

temp2.exe

Postprzez ^Wulf 12 Lip 2008, 14:58

reklama
Zrobiłem formata i problem nie zniknal ^^, . Po kazdym uruchomieniu pojawia sie blad temp.2exe. Niby nic, ale zaczyna mnie juz to troche draznic i przy kazdym wlaczeniu kompa klikac na "Nie wysyłaj" ;)

HJT
Kod: Zaznacz wszystko
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:49:38, on 2008-07-12
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\temp1.exe
C:\Program Files\AutoConnect\AutoConnect.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Safari\Safari.exe
C:\Documents and Settings\user_\Pulpit\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
F3 - REG:win.ini: load=C:\WINDOWS\svchost.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B3DBF451-7EC4-4304-8893-37B9DA3A1F77}: NameServer = 194.204.159.1 217.98.63.164
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Usługa iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 5527 bytes


ComboFIx
Kod: Zaznacz wszystko
ComboFix 08-07-11.1 - user_ 2008-07-12 14:54:51.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.3.1250.1.1045.18.1574 [GMT 2:00]
Running from: C:\Documents and Settings\user_\Pulpit\ComboFix.exe
* Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
C:\copy.exe
C:\host.exe
C:\WINDOWS\autorun.inf
C:\WINDOWS\svchost.exe
C:\WINDOWS\system32\temp1.exe
C:\WINDOWS\system32\temp2.exe
C:\WINDOWS\xcopy.exe
D:\Autorun.inf
D:\copy.exe
D:\host.exe
E:\Autorun.inf
E:\copy.exe
E:\host.exe

.
(((((((((((((((((((((((((   Files Created from 2008-06-12 to 2008-07-12  )))))))))))))))))))))))))))))))
.

2008-07-11 20:50 . 2008-07-11 20:50   49   --a------   C:\WINDOWS\NeroDigital.ini
2008-07-11 10:27 . 2008-07-11 10:27   9,084   --ah-----   C:\WINDOWS\system32\mlfcache.dat
2008-07-11 10:24 . 2008-07-11 10:24   <DIR>   d--------   C:\WINDOWS\Sun
2008-07-11 10:22 . 2008-07-12 12:06   <DIR>   d--------   C:\Program Files\Safari
2008-07-10 19:58 . 2008-07-10 19:58   <DIR>   d--------   C:\Program Files\WinSCP
2008-07-10 12:54 . 2008-07-10 12:54   <DIR>   d--------   C:\Program Files\iPod
2008-07-10 12:44 . 2008-07-10 12:44   <DIR>   d--------   C:\Program Files\Bonjour
2008-07-10 11:43 . 2008-07-10 11:43   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Last.fm
2008-07-10 11:38 . 2008-07-10 11:38   <DIR>   d--------   C:\Program Files\Winamp
2008-07-10 11:38 . 2008-07-10 11:39   <DIR>   d--------   C:\Documents and Settings\user_\Dane aplikacji\Winamp
2008-07-10 11:37 . 2008-07-10 11:37   <DIR>   d--------   C:\Program Files\Last.fm
2008-07-09 20:10 . 2008-07-09 20:17   <DIR>   d--------   C:\Documents and Settings\user_\Dane aplikacji\Ahead
2008-07-09 20:09 . 2008-07-09 20:09   <DIR>   d--------   C:\Program Files\Nero
2008-07-09 20:09 . 2008-07-09 20:10   <DIR>   d--------   C:\Program Files\Common Files\Ahead
2008-07-09 20:09 . 2008-07-09 20:09   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Nero
2008-07-09 10:28 . 2008-07-12 14:42   <DIR>   d--------   C:\Program Files\AutoConnect
2008-07-08 20:39 . 2008-07-08 20:39   <DIR>   d--------   C:\Program Files\Mp3tag
2008-07-08 20:39 . 2008-07-08 20:39   <DIR>   d--------   C:\Documents and Settings\user_\Dane aplikacji\Mp3tag
2008-07-08 16:58 . 2008-07-08 18:24   <DIR>   d--------   C:\Program Files\iLiberty
2008-07-08 16:31 . 2008-07-08 16:31   <DIR>   d--------   C:\Documents and Settings\user_\Dane aplikacji\AdobeUM
2008-07-08 10:36 . 2008-07-08 10:36   <DIR>   d--------   C:\Program Files\QuickTime
2008-07-08 10:36 . 2008-07-10 12:55   <DIR>   d--------   C:\Program Files\iTunes
2008-07-08 10:15 . 2008-07-08 10:15   <DIR>   d--------   C:\Program Files\Apple Software Update
2008-07-06 13:43 . 2008-07-06 13:43   <DIR>   d--------   C:\WINDOWS\system32\XPSViewer
2008-07-06 13:43 . 2008-07-06 13:43   <DIR>   d--------   C:\Program Files\Reference Assemblies
2008-07-06 13:43 . 2008-07-06 13:43   <DIR>   d--------   C:\Program Files\MSBuild
2008-07-06 13:43 . 2006-06-29 13:07   14,048   ---------   C:\WINDOWS\system32\spmsg2.dll
2008-07-06 12:01 . 2008-04-23 09:20   6,066,176   -----c---   C:\WINDOWS\system32\dllcache\ieframe.dll
2008-07-06 12:01 . 2007-04-17 11:32   2,455,488   -----c---   C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-07-06 12:01 . 2007-03-08 07:11   1,036,288   -----c---   C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-07-06 12:01 . 2008-04-23 09:20   459,264   -----c---   C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-07-06 12:01 . 2008-04-23 09:20   383,488   -----c---   C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-07-06 12:01 . 2008-04-23 09:20   267,776   -----c---   C:\WINDOWS\system32\dllcache\iertutil.dll
2008-07-06 12:01 . 2008-04-23 09:20   63,488   -----c---   C:\WINDOWS\system32\dllcache\icardie.dll
2008-07-06 12:01 . 2008-04-23 09:20   52,224   -----c---   C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-07-06 12:01 . 2008-04-22 09:39   13,824   -----c---   C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-07-06 02:31 . 2008-06-14 19:36   273,024   -----c---   C:\WINDOWS\system32\dllcache\bthport.sys
2008-07-06 02:23 . 2008-05-08 16:02   203,136   -----c---   C:\WINDOWS\system32\dllcache\rmcast.sys
2008-07-06 02:21 . 2008-07-06 02:21   <DIR>   d---s----   C:\Documents and Settings\user_\UserData
2008-07-05 20:40 . 2008-07-10 12:44   <DIR>   d----c---   C:\WINDOWS\system32\DRVSTORE
2008-07-05 20:40 . 2008-07-05 20:40   <DIR>   d--------   C:\Program Files\Common Files\Apple
2008-07-05 20:40 . 2008-07-05 20:41   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer
2008-07-05 20:40 . 2008-04-14 22:50   159,232   --a------   C:\WINDOWS\system32\ptpusd.dll
2008-07-05 20:40 . 2008-07-03 02:12   32,000   --a------   C:\WINDOWS\system32\drivers\usbaapl.sys
2008-07-05 20:40 . 2008-04-14 00:15   15,104   --a------   C:\WINDOWS\system32\drivers\usbscan.sys
2008-07-05 20:40 . 2008-04-14 00:15   15,104   --a--c---   C:\WINDOWS\system32\dllcache\usbscan.sys
2008-07-05 20:40 . 2001-10-26 17:29   5,632   --a------   C:\WINDOWS\system32\ptpusb.dll
2008-07-05 17:26 . 2008-04-14 22:51   221,184   --a------   C:\WINDOWS\system32\wmpns.dll
2008-07-05 16:07 . 2008-07-05 16:07   <DIR>   d--------   C:\WINDOWS\ServicePackFiles
2008-07-05 16:07 . 2008-04-14 22:51   294,912   -----c---   C:\WINDOWS\system32\dllcache\dlimport.exe
2008-07-05 16:05 . 2008-04-13 23:53   1,309,184   ---------   C:\WINDOWS\system32\drivers\mtlstrm.sys
2008-07-05 16:04 . 2008-07-05 16:04   <DIR>   d--------   C:\WINDOWS\EHome
2008-07-05 13:37 . 2008-07-06 15:08   <DIR>   d--------   C:\totalcmd
2008-07-05 13:37 . 2008-07-12 14:02   1,936   --a------   C:\WINDOWS\wincmd.ini
2008-07-05 13:37 . 2007-09-14 07:02   545   --a------   C:\WINDOWS\UC.PIF
2008-07-05 13:37 . 2007-09-14 07:02   545   --a------   C:\WINDOWS\RAR.PIF
2008-07-05 13:37 . 2007-09-14 07:02   545   --a------   C:\WINDOWS\PKZIP.PIF
2008-07-05 13:37 . 2007-09-14 07:02   545   --a------   C:\WINDOWS\PKUNZIP.PIF
2008-07-05 13:37 . 2007-09-14 07:02   545   --a------   C:\WINDOWS\NOCLOSE.PIF
2008-07-05 13:37 . 2007-09-14 07:02   545   --a------   C:\WINDOWS\LHA.PIF
2008-07-05 13:37 . 2007-09-14 07:02   545   --a------   C:\WINDOWS\ARJ.PIF
2008-07-05 13:28 . 2008-07-05 13:28   <DIR>   d--------   C:\Documents and Settings\NetworkService\Dane aplikacji\Xfire
2008-07-05 13:26 . 2008-07-10 22:24   <DIR>   d--------   C:\Program Files\Xfire
2008-07-05 13:26 . 2008-07-11 23:45   <DIR>   d--------   C:\Documents and Settings\user_\Dane aplikacji\Xfire
2008-07-05 13:22 . 2008-07-08 16:33   <DIR>   d--------   C:\Documents and Settings\user_\Dane aplikacji\Apple Computer
2008-07-05 13:22 . 2008-07-05 13:22   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Apple
2008-07-05 13:21 . 2008-07-05 13:21   <DIR>   d--------   C:\Program Files\Opera
2008-07-05 13:21 . 2008-07-05 13:21   <DIR>   d--------   C:\Program Files\Common Files\Java
2008-07-05 13:21 . 2008-02-22 02:33   69,632   --a------   C:\WINDOWS\system32\javacpl.cpl
2008-07-05 13:19 . 2008-07-05 13:19   <DIR>   d--------   C:\Documents and Settings\user_\Dane aplikacji\Gadu-Gadu
2008-07-05 13:18 . 2008-07-05 13:18   <DIR>   d--------   C:\Program Files\Gadu-Gadu
2008-07-05 13:18 . 2008-07-12 02:08   <DIR>   d--------   C:\Documents and Settings\user_\Gadu-Gadu
2008-07-05 13:17 . 2008-07-05 13:17   <DIR>   d--------   C:\Program Files\CCleaner
2008-07-05 13:17 . 2008-07-05 13:17   0   --a------   C:\WINDOWS\nsreg.dat
2008-07-05 13:16 . 2008-07-05 13:16   <DIR>   d--------   C:\Program Files\MarBit
2008-07-05 13:16 . 2008-07-05 13:16   <DIR>   d--------   C:\Program Files\Common Files\Adobe
2008-07-05 13:14 . 2008-07-05 13:14   13,646   --a------   C:\WINDOWS\system32\wpa.bak
2008-07-05 13:11 . 2008-07-05 13:11   <DIR>   d--------   C:\WINDOWS\system32\Lang
2008-07-05 13:11 . 2008-07-05 13:11   940,794   --a------   C:\WINDOWS\system32\LoopyMusic.wav
2008-07-05 13:11 . 2008-07-05 13:11   146,650   --a------   C:\WINDOWS\system32\BuzzingBee.wav
2008-07-05 13:09 . 2003-10-16 18:07   32,768   --a------   C:\WINDOWS\system32\WooDial2000.dll
2008-07-05 13:08 . 2008-07-05 13:08   <DIR>   d--------   C:\Program Files\Thomson
2008-07-05 13:08 . 2008-07-05 17:40   <DIR>   d--------   C:\Program Files\Java
2008-07-05 13:08 . 2003-12-08 11:53   70,688   --a------   C:\WINDOWS\system32\drivers\alcaudsl.sys
2008-07-05 13:08 . 2003-12-08 11:53   53,600   --a------   C:\WINDOWS\system32\drivers\alcan5wn.sys
2008-07-05 13:08 . 2002-11-01 20:15   45,175   ---------   C:\WINDOWS\system32\plugincpl140_03.cpl
2008-07-05 13:08 . 2002-11-01 20:15   41,068   ---------   C:\WINDOWS\system32\ActPanel.dll
2008-07-05 13:08 . 2003-12-08 11:53   5,606   --a------   C:\WINDOWS\system32\stci.dll
2008-07-05 13:08 . 2003-12-08 11:53   5,280   --a------   C:\WINDOWS\system32\drivers\alcawh.sys
2008-07-05 13:08 . 2003-12-08 11:53   3,968   --a------   C:\WINDOWS\system32\drivers\alcacr.sys
2008-07-05 13:07 . 2008-07-05 13:07   <DIR>   d--hs----   C:\WINDOWS\ftpcache
2008-07-05 13:07 . 2008-07-10 08:57   <DIR>   d--------   C:\Program Files\Neostrada TP
2008-07-05 13:05 . 2008-07-05 13:05   <DIR>   d--------   C:\WINDOWS\nview
2008-07-05 13:05 . 2007-12-05 01:41   356,352   --a------   C:\WINDOWS\system32\nvudisp.exe
2008-07-05 13:05 . 2008-07-05 13:05   163,353   --a------   C:\WINDOWS\system32\nvapps.xml
2008-07-05 13:05 . 2007-12-05 01:41   17,737   --a------   C:\WINDOWS\system32\nvdisp.nvu
2008-07-05 13:04 . 2008-07-05 13:04   <DIR>   d--------   C:\NVIDIA
2008-06-26 22:10 . 2008-06-26 22:10   42,320   --a------   C:\WINDOWS\system32\xfcodec.dll
2008-06-20 19:48 . 2008-06-20 19:48   246,784   -----c---   C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 19:48 . 2008-06-20 19:48   147,968   -----c---   C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 13:51 . 2008-06-20 13:51   361,600   -----c---   C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 13:40 . 2008-06-20 13:40   138,496   -----c---   C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 13:08 . 2008-06-20 13:08   225,856   -----c---   C:\WINDOWS\system32\dllcache\tcpip6.sys

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-05 11:08   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-07-05 11:08   ---------   d-----w   C:\Program Files\Common Files\InstallShield
2008-07-05 10:59   315,392   ----a-w   C:\WINDOWS\HideWin.exe
2008-07-05 10:59   ---------   d-----w   C:\Program Files\Realtek
2008-07-05 10:56   ---------   d-----w   C:\Documents and Settings\user_\Dane aplikacji\InstallShield
2008-07-05 10:46   ---------   d-----w   C:\Program Files\microsoft frontpage
2008-07-05 10:45   ---------   d-----w   C:\Program Files\Usługi online
2008-06-20 17:48   246,784   ----a-w   C:\WINDOWS\system32\mswsock.dll
2008-06-20 11:51   361,600   ----a-w   C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40   138,496   ----a-w   C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08   225,856   ----a-w   C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-14 17:36   273,024   ------w   C:\WINDOWS\system32\drivers\bthport.sys
2008-05-09 10:56   90,112   ----a-w   C:\WINDOWS\system32\wshext.dll
2008-05-09 10:56   430,080   ----a-w   C:\WINDOWS\system32\vbscript.dll
2008-05-09 10:56   180,224   ----a-w   C:\WINDOWS\system32\scrobj.dll
2008-05-09 10:56   172,032   ----a-w   C:\WINDOWS\system32\scrrun.dll
2008-05-08 11:24   155,648   ----a-w   C:\WINDOWS\system32\wscript.exe
2008-05-07 09:07   135,168   ----a-w   C:\WINDOWS\system32\cscript.exe
2008-05-07 05:12   1,291,776   ----a-w   C:\WINDOWS\system32\quartz.dll
2008-04-23 07:20   826,368   ----a-w   C:\WINDOWS\system32\wininet.dll
2008-04-14 21:16   1,804   ----a-w   C:\WINDOWS\system32\dcache.bin
2008-04-14 20:56   332,288   ----a-w   C:\WINDOWS\system32\netsetup.exe
2008-04-14 20:52   92,424   ----a-w   C:\WINDOWS\system32\rdpdd.dll
2008-04-14 20:52   87,176   ----a-w   C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 20:52   12,168   ----a-w   C:\WINDOWS\system32\tsddd.dll
2008-04-14 20:50   999,936   ----a-w   C:\WINDOWS\system32\syssetup.dll
2008-04-14 20:49   98,304   ----a-w   C:\WINDOWS\system32\actxprxy.dll
2008-04-14 20:48   5,632   ----a-w   C:\WINDOWS\system32\wmi.dll
2008-04-14 20:48   1,449,472   ----a-w   C:\WINDOWS\system32\winntbbu.dll
2008-04-14 20:47   57,375   ----a-w   C:\WINDOWS\system32\odbcji32.dll
2008-04-14 20:43   4,126   ----a-w   C:\WINDOWS\system32\msdxmlc.dll
2008-04-14 20:42   3,584   ----a-w   C:\WINDOWS\system32\msafd.dll
2008-04-14 20:36   3,584   ----a-w   C:\WINDOWS\system32\icmp.dll
2008-04-14 20:35   9,344   ----a-w   C:\WINDOWS\system32\framebuf.dll
2008-04-14 20:33   3,072   ----a-w   C:\WINDOWS\system32\dpnlobby.dll
2008-04-14 20:33   3,072   ----a-w   C:\WINDOWS\system32\dpnaddr.dll
2008-04-14 20:31   16,896   ----a-w   C:\WINDOWS\system32\cfgmgr32.dll
2008-04-14 20:30   285,696   ----a-w   C:\WINDOWS\system32\atmfd.dll
2008-04-14 19:59   2,146,816   ----a-w   C:\WINDOWS\system32\ntoskrnl.exe
2008-04-14 19:59   2,025,472   ----a-w   C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-14 19:55   4,096   ----a-w   C:\WINDOWS\system32\dsprpres.dll
2008-04-14 19:52   89,600   ------w   C:\WINDOWS\system32\msxml6r.dll
2008-04-14 19:50   80,896   ------w   C:\WINDOWS\system32\msshavmsg.dll
2008-04-14 19:45   49,664   ----a-w   C:\WINDOWS\system32\inetres.dll
2008-04-14 19:45   2,977,792   ----a-w   C:\WINDOWS\system32\wmploc.dll
2008-04-14 19:43   563,200   ----a-w   C:\WINDOWS\system32\shdoclc.dll
2008-04-14 19:39   190,976   ----a-w   C:\WINDOWS\system32\wmerror.dll
2008-04-14 19:37   10,240   ----a-w   C:\WINDOWS\system32\gpkrsrc.dll
2008-04-14 19:35   67,584   ----a-w   C:\WINDOWS\system32\browselc.dll
2008-04-14 19:35   1,845,888   ----a-w   C:\WINDOWS\system32\win32k.sys
2008-04-14 19:29   8,192   ----a-w   C:\WINDOWS\system32\asferror.dll
2008-04-14 19:29   103,936   ----a-w   C:\WINDOWS\system32\dpcdll.dll
2008-04-13 22:15   17,664   ----a-w   C:\WINDOWS\system32\watchdog.sys
2008-04-13 22:10   427,008   ----a-w   C:\WINDOWS\system32\xpob2res.dll
2008-04-13 22:08   2,953,216   ----a-w   C:\WINDOWS\system32\xpsp2res.dll
2008-04-13 22:05   24,064   ----a-w   C:\WINDOWS\system32\pidgen.dll
2008-04-13 22:05   194,560   ----a-w   C:\WINDOWS\system32\xpsp1res.dll
2008-04-13 22:01   7,424   ----a-w   C:\WINDOWS\system32\kd1394.dll
2008-04-13 22:00   61,440   ----a-w   C:\WINDOWS\system32\msvcrt40.dll
2008-04-13 21:07   208,384   ----a-w   C:\WINDOWS\system32\rsaenh.dll
2008-04-13 21:07   138,752   ----a-w   C:\WINDOWS\system32\dssenh.dll
2008-04-13 20:56   12,288   ----a-w   C:\WINDOWS\system32\odbcp32r.dll
2008-04-13 20:56   12,288   ----a-w   C:\WINDOWS\system32\mscpx32r.dll
2008-04-13 20:51   733,696   ----a-w   C:\WINDOWS\system32\qedwipes.dll
2008-04-13 20:18   1,647,616   ----a-w   C:\WINDOWS\system32\winbrand.dll
2008-04-13 20:15   216,064   ----a-w   C:\WINDOWS\system32\moricons.dll
2008-04-13 19:53   48,128   ----a-w   C:\WINDOWS\system32\msprivs.dll
2008-04-13 19:09   884,736   ----a-w   C:\WINDOWS\system32\msimsg.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 22:51 15360]
"AutoConnect"="C:\Program Files\AutoConnect\AutoConnect.exe" [2004-08-28 20:27 295424]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 16:14 147456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"WooCnxMon"="C:\PROGRA~1\NEOSTR~1\CnxMon.exe" [2003-10-16 18:07 24576]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 11:38 866816]
"WOOWATCH"="C:\PROGRA~1\NEOSTR~1\Watch.exe" [2003-10-16 18:07 20480]
"RTHDCPL"="RTHDCPL.EXE" [2007-02-26 15:03 16125440 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 18:04 2879488 C:\WINDOWS\SkyTel.exe]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 22:51 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-07-09 13:30 289064 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 15:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"D:\\Gry\\Call of Duty 2\\CoD2MP_s.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=


*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-07-12 09:59:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-12 14:55:51
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-12 14:56:19
ComboFix-quarantined-files.txt  2008-07-12 12:56:16

Pre-Run: 24,024,834,048 bajtów wolnych
Post-Run: 24,691,007,488 bajtów wolnych

257   --- E O F ---   2008-07-10 07:21:33
^Wulf
~user
 
Posty: 250
Dołączenie: 06 Lip 2007, 18:22
Miejscowość: Mieszkowice
Pochwały: 15

Góra

Postprzez Magik 12 Lip 2008, 15:01

W HJT dajesz na fix:

Kod: Zaznacz wszystko
F3 - REG:win.ini: load=C:\WINDOWS\svchost.exe


polec z

Zastosuj SDFix . Po pobraniu uruchom go a rozpakuje się do C:\SDFix. Uruchom komputer w trybie awaryjnym (F8 przy stracie systemu). Będąc w awaryjnym uruchom plik RunThis.bat z folderu SDFixa. Zatwierdź czyszczenie przez Y. Poczekaj aż ukończy i komputer zresetuje

Potem wejdz do folderu C:\SDFix wrzuc zawartość pliku Report.txt + log z combofixa oraz daj loga z hijacka


i powinno juz byc dobrze :arrow:
Image Image
Awatar użytkownika
Magik
~user
 
Posty: 7956
Dołączenie: 08 Maj 2004, 09:17
Miejscowość: Głogów
Pochwały: 886

Góra

Postprzez ^Wulf 12 Lip 2008, 15:17

Report.txt
Kod: Zaznacz wszystko
[b]SDFix: Version 1.204 [/b]
Run by user_ on 2008-07-12 at 15:08

Microsoft Windows XP [Wersja 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


[b]Checking Files [/b]:

No Trojan Files Found






Removing Temp Files

[b]ADS Check [/b]:



                                 [b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-12 15:11:06
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Gadu-Gadu\\gg.exe"="C:\\Program Files\\Gadu-Gadu\\gg.exe:*:Enabled:Gadu-Gadu - program gˆ˘wny"
"C:\\Program Files\\Xfire\\xfire.exe"="C:\\Program Files\\Xfire\\xfire.exe:*:Enabled:Xfire"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\\Gry\\Call of Duty 2\\CoD2MP_s.exe"="D:\\Gry\\Call of Duty 2\\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[b]Remaining Files [/b]:



[b]Files with Hidden Attributes [/b]:


[b]Finished![/b]


ComboFix
Kod: Zaznacz wszystko
ComboFix 08-07-11.1 - user_ 2008-07-12 15:14:35.2 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.3.1250.1.1045.18.1628 [GMT 2:00]
Running from: C:\Documents and Settings\user_\Pulpit\ComboFix.exe

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((   Files Created from 2008-06-12 to 2008-07-12  )))))))))))))))))))))))))))))))
.

2008-07-12 15:06 . 2008-07-12 15:06   <DIR>   d--------   C:\WINDOWS\ERUNT
2008-07-12 15:04 . 2008-07-12 15:12   <DIR>   d--------   C:\SDFix
2008-07-11 20:50 . 2008-07-11 20:50   49   --a------   C:\WINDOWS\NeroDigital.ini
2008-07-11 10:27 . 2008-07-11 10:27   9,084   --ah-----   C:\WINDOWS\system32\mlfcache.dat
2008-07-11 10:24 . 2008-07-11 10:24   <DIR>   d--------   C:\WINDOWS\Sun
2008-07-11 10:22 . 2008-07-12 12:06   <DIR>   d--------   C:\Program Files\Safari
2008-07-10 19:58 . 2008-07-10 19:58   <DIR>   d--------   C:\Program Files\WinSCP
2008-07-10 12:54 . 2008-07-10 12:54   <DIR>   d--------   C:\Program Files\iPod
2008-07-10 12:44 . 2008-07-10 12:44   <DIR>   d--------   C:\Program Files\Bonjour
2008-07-10 11:43 . 2008-07-10 11:43   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Last.fm
2008-07-10 11:38 . 2008-07-10 11:38   <DIR>   d--------   C:\Program Files\Winamp
2008-07-10 11:38 . 2008-07-10 11:39   <DIR>   d--------   C:\Documents and Settings\user_\Dane aplikacji\Winamp
2008-07-10 11:37 . 2008-07-10 11:37   <DIR>   d--------   C:\Program Files\Last.fm
2008-07-09 20:10 . 2008-07-09 20:17   <DIR>   d--------   C:\Documents and Settings\user_\Dane aplikacji\Ahead
2008-07-09 20:09 . 2008-07-09 20:09   <DIR>   d--------   C:\Program Files\Nero
2008-07-09 20:09 . 2008-07-09 20:10   <DIR>   d--------   C:\Program Files\Common Files\Ahead
2008-07-09 20:09 . 2008-07-09 20:09   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Nero
2008-07-09 10:28 . 2008-07-12 15:12   <DIR>   d--------   C:\Program Files\AutoConnect
2008-07-08 20:39 . 2008-07-08 20:39   <DIR>   d--------   C:\Program Files\Mp3tag
2008-07-08 20:39 . 2008-07-08 20:39   <DIR>   d--------   C:\Documents and Settings\user_\Dane aplikacji\Mp3tag
2008-07-08 16:58 . 2008-07-08 18:24   <DIR>   d--------   C:\Program Files\iLiberty
2008-07-08 16:31 . 2008-07-08 16:31   <DIR>   d--------   C:\Documents and Settings\user_\Dane aplikacji\AdobeUM
2008-07-08 10:36 . 2008-07-08 10:36   <DIR>   d--------   C:\Program Files\QuickTime
2008-07-08 10:36 . 2008-07-10 12:55   <DIR>   d--------   C:\Program Files\iTunes
2008-07-08 10:15 . 2008-07-08 10:15   <DIR>   d--------   C:\Program Files\Apple Software Update
2008-07-06 13:43 . 2008-07-06 13:43   <DIR>   d--------   C:\WINDOWS\system32\XPSViewer
2008-07-06 13:43 . 2008-07-06 13:43   <DIR>   d--------   C:\Program Files\Reference Assemblies
2008-07-06 13:43 . 2008-07-06 13:43   <DIR>   d--------   C:\Program Files\MSBuild
2008-07-06 13:43 . 2006-06-29 13:07   14,048   ---------   C:\WINDOWS\system32\spmsg2.dll
2008-07-06 12:01 . 2008-04-23 09:20   6,066,176   -----c---   C:\WINDOWS\system32\dllcache\ieframe.dll
2008-07-06 12:01 . 2007-04-17 11:32   2,455,488   -----c---   C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-07-06 12:01 . 2007-03-08 07:11   1,036,288   -----c---   C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-07-06 12:01 . 2008-04-23 09:20   459,264   -----c---   C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-07-06 12:01 . 2008-04-23 09:20   383,488   -----c---   C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-07-06 12:01 . 2008-04-23 09:20   267,776   -----c---   C:\WINDOWS\system32\dllcache\iertutil.dll
2008-07-06 12:01 . 2008-04-23 09:20   63,488   -----c---   C:\WINDOWS\system32\dllcache\icardie.dll
2008-07-06 12:01 . 2008-04-23 09:20   52,224   -----c---   C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-07-06 12:01 . 2008-04-22 09:39   13,824   -----c---   C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-07-06 02:31 . 2008-06-14 19:36   273,024   -----c---   C:\WINDOWS\system32\dllcache\bthport.sys
2008-07-06 02:23 . 2008-05-08 16:02   203,136   -----c---   C:\WINDOWS\system32\dllcache\rmcast.sys
2008-07-06 02:21 . 2008-07-06 02:21   <DIR>   d---s----   C:\Documents and Settings\user_\UserData
2008-07-05 20:40 . 2008-07-10 12:44   <DIR>   d----c---   C:\WINDOWS\system32\DRVSTORE
2008-07-05 20:40 . 2008-07-05 20:40   <DIR>   d--------   C:\Program Files\Common Files\Apple
2008-07-05 20:40 . 2008-07-05 20:41   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer
2008-07-05 20:40 . 2008-04-14 22:50   159,232   --a------   C:\WINDOWS\system32\ptpusd.dll
2008-07-05 20:40 . 2008-07-03 02:12   32,000   --a------   C:\WINDOWS\system32\drivers\usbaapl.sys
2008-07-05 20:40 . 2008-04-14 00:15   15,104   --a------   C:\WINDOWS\system32\drivers\usbscan.sys
2008-07-05 20:40 . 2008-04-14 00:15   15,104   --a--c---   C:\WINDOWS\system32\dllcache\usbscan.sys
2008-07-05 20:40 . 2001-10-26 17:29   5,632   --a------   C:\WINDOWS\system32\ptpusb.dll
2008-07-05 17:26 . 2008-04-14 22:51   221,184   --a------   C:\WINDOWS\system32\wmpns.dll
2008-07-05 16:07 . 2008-07-05 16:07   <DIR>   d--------   C:\WINDOWS\ServicePackFiles
2008-07-05 16:07 . 2008-04-14 22:51   294,912   -----c---   C:\WINDOWS\system32\dllcache\dlimport.exe
2008-07-05 16:05 . 2008-04-13 23:53   1,309,184   ---------   C:\WINDOWS\system32\drivers\mtlstrm.sys
2008-07-05 16:04 . 2008-07-05 16:04   <DIR>   d--------   C:\WINDOWS\EHome
2008-07-05 13:37 . 2008-07-06 15:08   <DIR>   d--------   C:\totalcmd
2008-07-05 13:37 . 2008-07-12 14:02   1,936   --a------   C:\WINDOWS\wincmd.ini
2008-07-05 13:37 . 2007-09-14 07:02   545   --a------   C:\WINDOWS\UC.PIF
2008-07-05 13:37 . 2007-09-14 07:02   545   --a------   C:\WINDOWS\RAR.PIF
2008-07-05 13:37 . 2007-09-14 07:02   545   --a------   C:\WINDOWS\PKZIP.PIF
2008-07-05 13:37 . 2007-09-14 07:02   545   --a------   C:\WINDOWS\PKUNZIP.PIF
2008-07-05 13:37 . 2007-09-14 07:02   545   --a------   C:\WINDOWS\NOCLOSE.PIF
2008-07-05 13:37 . 2007-09-14 07:02   545   --a------   C:\WINDOWS\LHA.PIF
2008-07-05 13:37 . 2007-09-14 07:02   545   --a------   C:\WINDOWS\ARJ.PIF
2008-07-05 13:28 . 2008-07-05 13:28   <DIR>   d--------   C:\Documents and Settings\NetworkService\Dane aplikacji\Xfire
2008-07-05 13:26 . 2008-07-10 22:24   <DIR>   d--------   C:\Program Files\Xfire
2008-07-05 13:26 . 2008-07-11 23:45   <DIR>   d--------   C:\Documents and Settings\user_\Dane aplikacji\Xfire
2008-07-05 13:22 . 2008-07-08 16:33   <DIR>   d--------   C:\Documents and Settings\user_\Dane aplikacji\Apple Computer
2008-07-05 13:22 . 2008-07-05 13:22   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Apple
2008-07-05 13:21 . 2008-07-05 13:21   <DIR>   d--------   C:\Program Files\Opera
2008-07-05 13:21 . 2008-07-05 13:21   <DIR>   d--------   C:\Program Files\Common Files\Java
2008-07-05 13:21 . 2008-02-22 02:33   69,632   --a------   C:\WINDOWS\system32\javacpl.cpl
2008-07-05 13:19 . 2008-07-05 13:19   <DIR>   d--------   C:\Documents and Settings\user_\Dane aplikacji\Gadu-Gadu
2008-07-05 13:18 . 2008-07-05 13:18   <DIR>   d--------   C:\Program Files\Gadu-Gadu
2008-07-05 13:18 . 2008-07-12 02:08   <DIR>   d--------   C:\Documents and Settings\user_\Gadu-Gadu
2008-07-05 13:17 . 2008-07-05 13:17   <DIR>   d--------   C:\Program Files\CCleaner
2008-07-05 13:17 . 2008-07-05 13:17   0   --a------   C:\WINDOWS\nsreg.dat
2008-07-05 13:16 . 2008-07-05 13:16   <DIR>   d--------   C:\Program Files\MarBit
2008-07-05 13:16 . 2008-07-05 13:16   <DIR>   d--------   C:\Program Files\Common Files\Adobe
2008-07-05 13:14 . 2008-07-05 13:14   13,646   --a------   C:\WINDOWS\system32\wpa.bak
2008-07-05 13:11 . 2008-07-05 13:11   <DIR>   d--------   C:\WINDOWS\system32\Lang
2008-07-05 13:11 . 2008-07-05 13:11   940,794   --a------   C:\WINDOWS\system32\LoopyMusic.wav
2008-07-05 13:11 . 2008-07-05 13:11   146,650   --a------   C:\WINDOWS\system32\BuzzingBee.wav
2008-07-05 13:09 . 2003-10-16 18:07   32,768   --a------   C:\WINDOWS\system32\WooDial2000.dll
2008-07-05 13:08 . 2008-07-05 13:08   <DIR>   d--------   C:\Program Files\Thomson
2008-07-05 13:08 . 2008-07-05 17:40   <DIR>   d--------   C:\Program Files\Java
2008-07-05 13:08 . 2003-12-08 11:53   70,688   --a------   C:\WINDOWS\system32\drivers\alcaudsl.sys
2008-07-05 13:08 . 2003-12-08 11:53   53,600   --a------   C:\WINDOWS\system32\drivers\alcan5wn.sys
2008-07-05 13:08 . 2002-11-01 20:15   45,175   ---------   C:\WINDOWS\system32\plugincpl140_03.cpl
2008-07-05 13:08 . 2002-11-01 20:15   41,068   ---------   C:\WINDOWS\system32\ActPanel.dll
2008-07-05 13:08 . 2003-12-08 11:53   5,606   --a------   C:\WINDOWS\system32\stci.dll
2008-07-05 13:08 . 2003-12-08 11:53   5,280   --a------   C:\WINDOWS\system32\drivers\alcawh.sys
2008-07-05 13:08 . 2003-12-08 11:53   3,968   --a------   C:\WINDOWS\system32\drivers\alcacr.sys
2008-07-05 13:07 . 2008-07-05 13:07   <DIR>   d--hs----   C:\WINDOWS\ftpcache
2008-07-05 13:07 . 2008-07-10 08:57   <DIR>   d--------   C:\Program Files\Neostrada TP
2008-07-05 13:05 . 2008-07-05 13:05   <DIR>   d--------   C:\WINDOWS\nview
2008-07-05 13:05 . 2007-12-05 01:41   356,352   --a------   C:\WINDOWS\system32\nvudisp.exe
2008-07-05 13:05 . 2008-07-05 13:05   163,353   --a------   C:\WINDOWS\system32\nvapps.xml
2008-07-05 13:05 . 2007-12-05 01:41   17,737   --a------   C:\WINDOWS\system32\nvdisp.nvu
2008-07-05 13:04 . 2008-07-05 13:04   <DIR>   d--------   C:\NVIDIA
2008-06-26 22:10 . 2008-06-26 22:10   42,320   --a------   C:\WINDOWS\system32\xfcodec.dll
2008-06-20 19:48 . 2008-06-20 19:48   246,784   -----c---   C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 19:48 . 2008-06-20 19:48   147,968   -----c---   C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 13:51 . 2008-06-20 13:51   361,600   -----c---   C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 13:40 . 2008-06-20 13:40   138,496   -----c---   C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 13:08 . 2008-06-20 13:08   225,856   -----c---   C:\WINDOWS\system32\dllcache\tcpip6.sys

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-05 11:08   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-07-05 11:08   ---------   d-----w   C:\Program Files\Common Files\InstallShield
2008-07-05 10:59   315,392   ----a-w   C:\WINDOWS\HideWin.exe
2008-07-05 10:59   ---------   d-----w   C:\Program Files\Realtek
2008-07-05 10:56   ---------   d-----w   C:\Documents and Settings\user_\Dane aplikacji\InstallShield
2008-07-05 10:46   ---------   d-----w   C:\Program Files\microsoft frontpage
2008-07-05 10:45   ---------   d-----w   C:\Program Files\Usługi online
2008-06-20 17:48   246,784   ----a-w   C:\WINDOWS\system32\mswsock.dll
2008-06-20 11:51   361,600   ----a-w   C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40   138,496   ----a-w   C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08   225,856   ----a-w   C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-14 17:36   273,024   ------w   C:\WINDOWS\system32\drivers\bthport.sys
2008-05-09 10:56   90,112   ----a-w   C:\WINDOWS\system32\wshext.dll
2008-05-09 10:56   430,080   ----a-w   C:\WINDOWS\system32\vbscript.dll
2008-05-09 10:56   180,224   ----a-w   C:\WINDOWS\system32\scrobj.dll
2008-05-09 10:56   172,032   ----a-w   C:\WINDOWS\system32\scrrun.dll
2008-05-08 11:24   155,648   ----a-w   C:\WINDOWS\system32\wscript.exe
2008-05-07 09:07   135,168   ----a-w   C:\WINDOWS\system32\cscript.exe
2008-05-07 05:12   1,291,776   ----a-w   C:\WINDOWS\system32\quartz.dll
2008-04-23 07:20   826,368   ----a-w   C:\WINDOWS\system32\wininet.dll
2008-04-14 21:16   1,804   ----a-w   C:\WINDOWS\system32\dcache.bin
2008-04-14 20:56   332,288   ----a-w   C:\WINDOWS\system32\netsetup.exe
2008-04-14 20:52   92,424   ----a-w   C:\WINDOWS\system32\rdpdd.dll
2008-04-14 20:52   87,176   ----a-w   C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 20:52   12,168   ----a-w   C:\WINDOWS\system32\tsddd.dll
2008-04-14 20:50   999,936   ----a-w   C:\WINDOWS\system32\syssetup.dll
2008-04-14 20:49   98,304   ----a-w   C:\WINDOWS\system32\actxprxy.dll
2008-04-14 20:48   5,632   ----a-w   C:\WINDOWS\system32\wmi.dll
2008-04-14 20:48   1,449,472   ----a-w   C:\WINDOWS\system32\winntbbu.dll
2008-04-14 20:47   57,375   ----a-w   C:\WINDOWS\system32\odbcji32.dll
2008-04-14 20:43   4,126   ----a-w   C:\WINDOWS\system32\msdxmlc.dll
2008-04-14 20:42   3,584   ----a-w   C:\WINDOWS\system32\msafd.dll
2008-04-14 20:36   3,584   ----a-w   C:\WINDOWS\system32\icmp.dll
2008-04-14 20:35   9,344   ----a-w   C:\WINDOWS\system32\framebuf.dll
2008-04-14 20:33   3,072   ----a-w   C:\WINDOWS\system32\dpnlobby.dll
2008-04-14 20:33   3,072   ----a-w   C:\WINDOWS\system32\dpnaddr.dll
2008-04-14 20:31   16,896   ----a-w   C:\WINDOWS\system32\cfgmgr32.dll
2008-04-14 20:30   285,696   ----a-w   C:\WINDOWS\system32\atmfd.dll
2008-04-14 19:59   2,146,816   ----a-w   C:\WINDOWS\system32\ntoskrnl.exe
2008-04-14 19:59   2,025,472   ----a-w   C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-14 19:55   4,096   ----a-w   C:\WINDOWS\system32\dsprpres.dll
2008-04-14 19:52   89,600   ------w   C:\WINDOWS\system32\msxml6r.dll
2008-04-14 19:50   80,896   ------w   C:\WINDOWS\system32\msshavmsg.dll
2008-04-14 19:45   49,664   ----a-w   C:\WINDOWS\system32\inetres.dll
2008-04-14 19:45   2,977,792   ----a-w   C:\WINDOWS\system32\wmploc.dll
2008-04-14 19:43   563,200   ----a-w   C:\WINDOWS\system32\shdoclc.dll
2008-04-14 19:39   190,976   ----a-w   C:\WINDOWS\system32\wmerror.dll
2008-04-14 19:37   10,240   ----a-w   C:\WINDOWS\system32\gpkrsrc.dll
2008-04-14 19:35   67,584   ----a-w   C:\WINDOWS\system32\browselc.dll
2008-04-14 19:35   1,845,888   ----a-w   C:\WINDOWS\system32\win32k.sys
2008-04-14 19:29   8,192   ----a-w   C:\WINDOWS\system32\asferror.dll
2008-04-14 19:29   103,936   ----a-w   C:\WINDOWS\system32\dpcdll.dll
2008-04-13 22:15   17,664   ----a-w   C:\WINDOWS\system32\watchdog.sys
2008-04-13 22:10   427,008   ----a-w   C:\WINDOWS\system32\xpob2res.dll
2008-04-13 22:08   2,953,216   ----a-w   C:\WINDOWS\system32\xpsp2res.dll
2008-04-13 22:05   24,064   ----a-w   C:\WINDOWS\system32\pidgen.dll
2008-04-13 22:05   194,560   ----a-w   C:\WINDOWS\system32\xpsp1res.dll
2008-04-13 22:01   7,424   ----a-w   C:\WINDOWS\system32\kd1394.dll
2008-04-13 22:00   61,440   ----a-w   C:\WINDOWS\system32\msvcrt40.dll
2008-04-13 21:07   208,384   ----a-w   C:\WINDOWS\system32\rsaenh.dll
2008-04-13 21:07   138,752   ----a-w   C:\WINDOWS\system32\dssenh.dll
2008-04-13 20:56   12,288   ----a-w   C:\WINDOWS\system32\odbcp32r.dll
2008-04-13 20:56   12,288   ----a-w   C:\WINDOWS\system32\mscpx32r.dll
2008-04-13 20:51   733,696   ----a-w   C:\WINDOWS\system32\qedwipes.dll
2008-04-13 20:18   1,647,616   ----a-w   C:\WINDOWS\system32\winbrand.dll
2008-04-13 20:15   216,064   ----a-w   C:\WINDOWS\system32\moricons.dll
2008-04-13 19:53   48,128   ----a-w   C:\WINDOWS\system32\msprivs.dll
2008-04-13 19:09   884,736   ----a-w   C:\WINDOWS\system32\msimsg.dll
.

(((((((((((((((((((((((((((((   snapshot@2008-07-12_14.56.12.98   )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-12 12:42:10   2,048   --s-a-w   C:\WINDOWS\bootstat.dat
+ 2008-07-12 13:10:27   2,048   --s-a-w   C:\WINDOWS\bootstat.dat
+ 2008-07-09 09:52:07   163,328   ----a-w   C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-07-12 13:06:44   1,490,944   ----a-w   C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2008-07-12 13:06:44   155,648   ----a-w   C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat
+ 2008-07-09 09:52:07   163,328   ----a-w   C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-07-12 13:06:33   1,490,944   ----a-w   C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2008-07-12 13:06:33   155,648   ----a-w   C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000002\UsrClass.dat
- 2008-07-12 12:46:19   67,696   ----a-w   C:\WINDOWS\system32\perfc009.dat
+ 2008-07-12 13:14:47   67,696   ----a-w   C:\WINDOWS\system32\perfc009.dat
- 2008-07-12 12:46:19   84,208   ----a-w   C:\WINDOWS\system32\perfc015.dat
+ 2008-07-12 13:14:47   84,208   ----a-w   C:\WINDOWS\system32\perfc015.dat
- 2008-07-12 12:46:19   432,992   ----a-w   C:\WINDOWS\system32\perfh009.dat
+ 2008-07-12 13:14:47   432,992   ----a-w   C:\WINDOWS\system32\perfh009.dat
- 2008-07-12 12:46:19   491,152   ----a-w   C:\WINDOWS\system32\perfh015.dat
+ 2008-07-12 13:14:47   491,152   ----a-w   C:\WINDOWS\system32\perfh015.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 22:51 15360]
"AutoConnect"="C:\Program Files\AutoConnect\AutoConnect.exe" [2004-08-28 20:27 295424]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 16:14 147456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"WooCnxMon"="C:\PROGRA~1\NEOSTR~1\CnxMon.exe" [2003-10-16 18:07 24576]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 11:38 866816]
"WOOWATCH"="C:\PROGRA~1\NEOSTR~1\Watch.exe" [2003-10-16 18:07 20480]
"RTHDCPL"="RTHDCPL.EXE" [2007-02-26 15:03 16125440 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 18:04 2879488 C:\WINDOWS\SkyTel.exe]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 22:51 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-07-09 13:30 289064 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 15:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"D:\\Gry\\Call of Duty 2\\CoD2MP_s.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=


.
Contents of the 'Scheduled Tasks' folder
"2008-07-12 09:59:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-12 15:15:13
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-12 15:15:58
ComboFix-quarantined-files.txt  2008-07-12 13:15:45
ComboFix2.txt  2008-07-12 12:56:19

Pre-Run: 24,638,787,584 bajtów wolnych
Post-Run: 24,627,224,576 bajtów wolnych

260   --- E O F ---   2008-07-10 07:21:33


HJT
Kod: Zaznacz wszystko
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:17:25, on 2008-07-12
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AutoConnect\AutoConnect.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Safari\Safari.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\user_\Pulpit\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B3DBF451-7EC4-4304-8893-37B9DA3A1F77}: NameServer = 194.204.159.1 217.98.63.164
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Usługa iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 5329 bytes
^Wulf
~user
 
Posty: 250
Dołączenie: 06 Lip 2007, 18:22
Miejscowość: Mieszkowice
Pochwały: 15

Góra

Postprzez Magik 12 Lip 2008, 15:20

Coz, zycze milego dnia :wink:

Autor postu otrzymał pochwałę
Image Image
Awatar użytkownika
Magik
~user
 
Posty: 7956
Dołączenie: 08 Maj 2004, 09:17
Miejscowość: Głogów
Pochwały: 886

Góra

Postprzez Okocza 12 Lip 2008, 15:20

Wykonaj to co jest podane w tym temacie

1. Ściągnij OTMoveIt i go włacz i odpal go z opcji CleanUp :)
2. wykonaj optymalizację windowsa
3.sciagnij ATF_Cleaner
zaznacz
Windows Temp
All users Temp
Temporary internet files
Recycle Bin
i wcisnij EMPTY SELECTED
4.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem
5. Przeskanuj komputer pod względem Trojanów tym programem


czysto jest :)

Autor postu otrzymał pochwałę
eMachines E730G - Core i5-430M, 2GiB RAM, ATI Mobility Radeon HD5470, WD 320GiB; Cort Z-44,DR 0.09-0.42, Peavey Backstage
Mac OS X 10.7.4 Lion // Windows 7 Professional x64 // NIE POMAGAM NA PW/GG/E-MAIL
Image
"Moje Ego i Anima spotykają się i wymieniają przepisami na ciasteczka" - Maynard James Keenan
Awatar użytkownika
Okocza
~user
 
Posty: 8001
Dołączenie: 19 Mar 2006, 11:53
Pochwały: 406

Góra

Postprzez ^Wulf 12 Lip 2008, 15:22

okocza to juz zrobilem bo szukalem na juz tego problemu na forum, jednak same te czynnosci nie przyniosly efektu, tak wiec napisalem owy temat ;)

Dzieki wielkie ;)
^Wulf
~user
 
Posty: 250
Dołączenie: 06 Lip 2007, 18:22
Miejscowość: Mieszkowice
Pochwały: 15

Góra

Postprzez Precel 12 Lip 2008, 16:20

^Wulf slyszales o takim czyms jak antywirus i firewall ?
Dołączenie:
29.04.2005 02:14:25
Ostatni post:
04.08.2008 15:22:24
dziękuje za wspaniałe chwile... ale trzeba wiedzieć kiedy z sceny zejść niepokonanym
to by było na tyle....
verba volant, scripta manent !
Awatar użytkownika
Precel
^zasłużony
 
Posty: 10223
Dołączenie: 29 Kwi 2005, 02:14
Pochwały: 639

Góra

Postprzez ^Wulf 12 Lip 2008, 21:02

Precel napisał(a):^Wulf slyszales o takim czyms jak antywirus i firewall ?


Coś tam słyszałem ^^, .
Nie wiem czemu, ale jakos nie instaluje tego typu rzeczy.
Może to sie zmieni ;)
^Wulf
~user
 
Posty: 250
Dołączenie: 06 Lip 2007, 18:22
Miejscowość: Mieszkowice
Pochwały: 15

Góra

Postprzez Precel 12 Lip 2008, 21:36

^Wulf napisał(a):Nie wiem czemu, ale jakos nie instaluje tego typu rzeczy.


wiem wolisz wirusy
ale od razu ostrzegam jak znow cos zlapiesz a w logu nie zobacze wpisu z jakims antiwirusem to zamkne temat.
Dołączenie:
29.04.2005 02:14:25
Ostatni post:
04.08.2008 15:22:24
dziękuje za wspaniałe chwile... ale trzeba wiedzieć kiedy z sceny zejść niepokonanym
to by było na tyle....
verba volant, scripta manent !
Awatar użytkownika
Precel
^zasłużony
 
Posty: 10223
Dołączenie: 29 Kwi 2005, 02:14
Pochwały: 639

Góra

Postprzez ^Wulf 12 Lip 2008, 22:40

Precel tyle ze ten komunikat zaraz po formacie sie pokazywal... Świerzutko (jeszcze nawet sterow nie poinstalowalem, a to juz sie pojawialo ;d).
No, ale oki, zastosuje sie do Twoich sugestii ;)
To w takim razie z innej beczki... Jakiego Antywira plecasz? ;>
^Wulf
~user
 
Posty: 250
Dołączenie: 06 Lip 2007, 18:22
Miejscowość: Mieszkowice
Pochwały: 15

Góra

Postprzez Precel 12 Lip 2008, 22:56

z bezplatnych
http://www.programosy.pl/program,antivir-personal-edition.html
z platnych to nod32

ogolnie pamietaj zeby po formacie pzrez włożeniem kabelka z neta zainstalowac antywirusa

Autor postu otrzymał pochwałę
Dołączenie:
29.04.2005 02:14:25
Ostatni post:
04.08.2008 15:22:24
dziękuje za wspaniałe chwile... ale trzeba wiedzieć kiedy z sceny zejść niepokonanym
to by było na tyle....
verba volant, scripta manent !
Awatar użytkownika
Precel
^zasłużony
 
Posty: 10223
Dołączenie: 29 Kwi 2005, 02:14
Pochwały: 639

Góra

Postprzez ^Wulf 12 Lip 2008, 23:00

Oki dzieki. Na pewno ktorys wybiore ;)
Mozna zamknac
^Wulf
~user
 
Posty: 250
Dołączenie: 06 Lip 2007, 18:22
Miejscowość: Mieszkowice
Pochwały: 15

Góra
Wyślij odpowiedź

Powróć do Bezpieczeństwo

Kto jest na forum

Użytkownicy przeglądający to forum: Brak zarejestrowanych użytkowników oraz 12 gości

Powered by phpBB © Group
Forum Programosy.pl