prosze o pomoc, nie bede przesadzal i mowil, ze "jestem" powaznie zainfekowany, po prostu mam kilka drobnych problemow z komputerem, przez ktore czuje sie dyskomfort w pracy na nim.
Probowalem walczyc sam (antivirus, Spybot S&D, rejestr + Hijackthis), troche pomoglo, ale nadal (od 2 tygodni), cos nie tak dzieje sie z komputerem.
Pomijajac troche wolne wlaczanie sie systemu (wylaczylem zbedne uslugi przy starcie) i czeste "zamułki" moim glownym porblemem sa pop-upy i neostrada...
Uzywam Opery kilka ladnych lat i nigdy nie mialem problemow z popami (zawsze byla opcja blokuj niechciane okienka), ale od pewnego czasu gdy klikne na stronie w link, obrazek badz wolne pole pojawia sie pop-up o zawsze podbnym adresie, podejrzewam ze to jakis malo szkodliwy reklamiarz aczkolwiek uciazliwy...
Z neostrada natomiast jest tak, ze czesto przy uruchomieniu czy restarcie doslownie staje w miejscu a wraz z nia caly system czasem trwa to minute, czasem 2 czasem kilka kolejnych restartow systemu i dopiero pomaga...probowalem ja przeinstalowac niestety wyswietla mi sie --->
;
Skonfigurowalem lacze recznie w "Panleu sterowania" noi jakos dziala, ale wolalbym dawny spsob logowania (przywyczajenie ) - i tu tez moje pytanie to moze byc wina jakiegos robaka czy cus ?, ja podejrzewam, ze to cos w rejestrze ?
Oto logi:
ComboFix
- Kod: Zaznacz wszystko
ComboFix 08-12-26.03 - Sobcik 2008-12-28 3:03:46.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.2039.1611 [GMT 1:00]
Uruchomiony z: c:\documents and settings\Sobcik\Pulpit\ComboFix.exe
AV: avast! antivirus 4.8.1296 [VPS 081227-0] *On-access scanning disabled* (Outdated)
[COLOR=RED][B]UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !![/B][/COLOR]
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Sobcik\Dane aplikacji\BITS
c:\documents and settings\Sobcik\Dane aplikacji\BITS\BITS.ini
c:\documents and settings\Sobcik\Dane aplikacji\BITS\DHTTable.dat
c:\documents and settings\Sobcik\Dane aplikacji\BITS\ProxyList.ini
c:\documents and settings\Sobcik\Dane aplikacji\BITS\Torrent\20081215015646.torrent
c:\documents and settings\Sobcik\Dane aplikacji\BITS\Torrent\20081215015646.torrent.bits
c:\documents and settings\Sobcik\Dane aplikacji\BITS\Torrent\20081215015646.torrent.filelist
c:\documents and settings\Sobcik\Dane aplikacji\BITS\Torrent\20081215015646.torrent.hybridlist
c:\documents and settings\Sobcik\Dane aplikacji\BITS\Torrent\20081215015646.torrent.seeds
c:\documents and settings\Sobcik\Dane aplikacji\BITS\UPnP.ini
.
((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ISODRIVE
-------\Service_ISODrive
((((((((((((((((((((((((( Pliki utworzone od 2008-11-28 do 2008-12-28 )))))))))))))))))))))))))))))))
.
2008-12-28 02:32 . 2008-12-28 02:56 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2008-12-28 01:50 . 2008-12-28 01:50 <DIR> d-------- c:\program files\Thomson
2008-12-28 01:45 . 2008-12-28 01:45 <DIR> d-------- C:\!KillBox
2008-12-28 01:40 . 2008-12-09 22:17 <DIR> d--h----- c:\documents and settings\Administrator\Ustawienia lokalne
2008-12-28 01:40 . 2008-12-09 22:17 <DIR> d-------- c:\documents and settings\Administrator\Ulubione
2008-12-28 01:40 . 2008-12-09 21:21 <DIR> d--h----- c:\documents and settings\Administrator\Szablony
2008-12-28 01:40 . 2008-12-09 22:17 <DIR> d-------- c:\documents and settings\Administrator\Pulpit
2008-12-28 01:40 . 2008-12-09 22:17 <DIR> d-------- c:\documents and settings\Administrator\Moje dokumenty
2008-12-28 01:40 . 2008-12-09 22:17 <DIR> dr------- c:\documents and settings\Administrator\Menu Start
2008-12-28 01:40 . 2008-12-09 22:17 <DIR> dr-h----- c:\documents and settings\Administrator\Dane aplikacji
2008-12-28 01:40 . 2008-12-28 01:40 <DIR> d-------- c:\documents and settings\Administrator
2008-12-28 01:38 . 2008-12-28 03:06 <DIR> d-------- c:\program files\Neostrada TP
2008-12-28 00:40 . 2008-12-28 00:40 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\temp
2008-12-28 00:40 . 2008-12-28 00:40 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\playfirst
2008-12-28 00:39 . 2008-12-28 00:39 <DIR> d-------- c:\program files\Common Files\inca shared
2008-12-28 00:39 . 2008-12-28 00:39 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\simcity societies
2008-12-28 00:39 . 2008-12-28 00:39 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\nview_profiles
2008-12-28 00:14 . 2008-12-28 00:14 632 --a------ c:\windows\CoD.INI
2008-12-27 23:31 . 2008-12-13 07:39 3,593,216 --a------ c:\windows\system32\sete.tmp
2008-12-27 23:31 . 2008-12-13 07:39 3,593,216 --a------ c:\windows\system32\set5.tmp
2008-12-27 23:31 . 2008-12-13 07:39 3,593,216 --a------ c:\windows\system32\set242.tmp
2008-12-27 23:31 . 2008-12-27 23:31 1,409 --a------ c:\windows\system32\tmp3152F.FOT
2008-12-27 23:31 . 2008-12-27 16:26 1,393 --a------ c:\windows\imsins.bak
2008-12-27 23:14 . 2008-12-27 23:14 <DIR> d--h----- c:\windows\$hf_mig$
2008-12-27 07:25 . 2008-12-27 17:13 766 --a------ c:\windows\eReg.dat
2008-12-23 14:34 . 2008-12-23 14:34 664 --a------ c:\windows\system32\d3d9caps.dat
2008-12-23 09:20 . 2008-12-24 12:09 <DIR> d-------- c:\documents and settings\Sobcik\Dane aplikacji\gtk-2.0
2008-12-23 09:20 . 2008-12-23 09:20 <DIR> d-------- c:\documents and settings\Sobcik\.thumbnails
2008-12-23 09:19 . 2008-12-24 12:12 <DIR> d-------- c:\documents and settings\Sobcik\.gimp-2.6
2008-12-23 09:19 . 2008-12-23 09:19 <DIR> d-------- c:\documents and settings\Sobcik\.gegl-0.0
2008-12-20 02:45 . 2008-12-20 02:57 921,624 --a------ C:\img2-001.raw
2008-12-20 02:41 . 2008-12-20 02:41 <DIR> d-------- c:\windows\system32\drivers\umdf
2008-12-20 02:39 . 2007-04-10 22:46 1,966,696 -ra------ c:\windows\system32\drivers\VX3000.sys
2008-12-20 02:39 . 2007-04-10 22:46 185,704 -ra------ c:\windows\system32\cVX3000.dll
2008-12-20 02:39 . 2008-04-14 22:51 91,648 --a------ c:\windows\system32\kswdmcap.ax
2008-12-20 02:39 . 2008-04-14 22:51 91,648 --a--c--- c:\windows\system32\dllcache\kswdmcap.ax
2008-12-20 02:39 . 2008-04-14 22:51 61,952 --a------ c:\windows\system32\kstvtune.ax
2008-12-20 02:39 . 2008-04-14 22:51 61,952 --a--c--- c:\windows\system32\dllcache\kstvtune.ax
2008-12-20 02:39 . 2008-04-14 22:50 54,784 --a------ c:\windows\system32\vfwwdm32.dll
2008-12-20 02:39 . 2008-04-14 22:50 54,784 --a--c--- c:\windows\system32\dllcache\vfwwdm32.dll
2008-12-20 02:39 . 2008-04-14 22:51 43,008 --a------ c:\windows\system32\ksxbar.ax
2008-12-20 02:39 . 2008-04-14 22:51 43,008 --a--c--- c:\windows\system32\dllcache\ksxbar.ax
2008-12-20 00:09 . 2008-12-20 00:09 <DIR> d--hs---- c:\windows\ftpcache
2008-12-20 00:08 . 2008-12-20 00:08 <DIR> d-------- c:\windows\system32\LogFiles
2008-12-20 00:08 . 2008-12-20 21:16 137,688 --a------ c:\windows\system32\drivers\PnkBstrK.sys
2008-12-20 00:08 . 2008-12-20 00:08 22,328 --a------ c:\documents and settings\Sobcik\Dane aplikacji\PnkBstrK.sys
2008-12-20 00:08 . 2008-12-20 00:08 281 --a------ c:\windows\game.ini
2008-12-19 23:01 . 2007-03-16 10:19 5,174 -ra------ c:\windows\system32\nppt9x.vxd
2008-12-19 23:01 . 2007-03-16 10:19 4,682 -ra------ c:\windows\system32\npptNT2.sys
2008-12-19 02:23 . 2008-12-19 02:23 <DIR> d-------- c:\windows\Diner Dash Flo Through Time
2008-12-19 02:23 . 2008-12-19 02:27 <DIR> d-------- c:\documents and settings\Sobcik\Dane aplikacji\PlayFirst
2008-12-15 03:47 . 2008-12-27 21:43 <DIR> d-------- c:\documents and settings\Sobcik\Dane aplikacji\uTorrent
2008-12-14 19:21 . 2008-12-14 19:21 2,570 --a------ c:\windows\Opera.INI
2008-12-14 15:20 . 2008-12-14 15:20 <DIR> d-------- c:\documents and settings\Sobcik\Dane aplikacji\Media Player Classic
2008-12-14 15:13 . 2005-11-28 06:56 143,360 -ra------ c:\windows\system32\igfxres.dll
2008-12-14 13:51 . 2006-11-24 14:47 40,136 --a------ c:\windows\system32\drivers\ET5Drv.sys
2008-12-14 13:36 . 2008-12-14 13:37 <DIR> d-------- c:\program files\Gigabyte
2008-12-14 13:36 . 1998-10-02 19:00 327,168 --a------ c:\windows\IsUninst.exe
2008-12-13 23:45 . 2008-12-13 23:45 <DIR> d-------- c:\documents and settings\Sobcik\Dane aplikacji\Logitech
2008-12-13 23:45 . 2008-12-13 23:45 127,034 -r------- c:\windows\bwUnin-8.1.1.50-8876480SL.exe
2008-12-13 23:45 . 2008-12-28 00:31 1,846 --a------ c:\windows\unins000.dat
2008-12-13 23:44 . 2008-12-13 23:44 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-12-13 23:44 . 2008-12-13 23:44 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
2008-12-13 23:44 . 2008-12-13 23:44 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2008-12-13 23:43 . 2008-12-20 02:43 <DIR> d----c--- c:\windows\system32\DRVSTORE
2008-12-13 23:43 . 2008-12-13 23:43 <DIR> d-------- c:\program files\Common Files\Logitech
2008-12-13 23:43 . 2008-12-13 23:43 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Logitech
2008-12-13 23:43 . 2007-01-23 15:45 1,419,024 --a------ c:\windows\system32\WdfCoInstaller01005.dll
2008-12-13 23:43 . 2007-02-14 12:22 163,840 --a------ c:\windows\system32\kemutb.dll
2008-12-13 23:43 . 2007-02-14 12:21 135,168 --a------ c:\windows\system32\KemUtil.dll
2008-12-13 23:43 . 2007-02-14 12:21 110,592 --a------ c:\windows\system32\KemWnd.dll
2008-12-13 23:43 . 2007-02-14 12:22 69,632 --a------ c:\windows\system32\KemXML.dll
2008-12-13 23:43 . 2007-01-23 15:45 34,576 --a------ c:\windows\system32\drivers\LHidFilt.Sys
2008-12-13 23:43 . 2007-01-23 15:45 28,176 --a------ c:\windows\system32\drivers\LUsbFilt.sys
2008-12-13 23:32 . 2003-06-19 01:31 17,920 --a------ c:\windows\system32\mdimon.dll
2008-12-13 23:32 . 2008-12-13 23:32 421 --a------ c:\windows\ODBC.INI
2008-12-13 23:30 . 2008-12-13 23:30 <DIR> d-------- c:\documents and settings\Sobcik\Dane aplikacji\Foxit
2008-12-13 23:29 . 2008-12-13 23:30 <DIR> d-------- c:\windows\SHELLNEW
2008-12-13 23:28 . 2008-12-13 23:28 <DIR> d-------- c:\program files\Microsoft.NET
2008-12-13 21:53 . 2006-10-05 03:42 2,560 --------- c:\windows\system32\drivers\cdralw2k.sys
2008-12-13 21:53 . 2006-10-05 03:42 2,432 --------- c:\windows\system32\drivers\cdr4_xp.sys
2008-12-13 20:55 . 2008-12-17 03:49 <DIR> d-------- c:\documents and settings\Sobcik\.netbeans-derby
2008-12-13 18:33 . 2008-12-13 18:34 56 --a------ c:\windows\Kulki.ini
2008-12-13 18:09 . 2008-12-13 18:09 <DIR> d-------- c:\documents and settings\Sobcik\.netbeans-registration
2008-12-13 18:09 . 2008-12-13 20:54 <DIR> d-------- c:\documents and settings\Sobcik\.netbeans
2008-12-13 18:04 . 2008-12-17 03:49 <DIR> d-------- c:\program files\glassfish-v2ur2
2008-12-13 18:01 . 2008-12-13 18:07 <DIR> d-------- c:\program files\Common Files\Adobe
2008-12-13 17:06 . 2008-12-13 17:06 <DIR> d-------- c:\documents and settings\Sobcik\Dane aplikacji\DAEMON Tools
2008-12-11 23:34 . 2008-10-16 21:33 6,066,176 -----c--- c:\windows\system32\dllcache\ieframe.dll
2008-12-11 23:34 . 2007-04-17 10:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat
2008-12-11 23:34 . 2007-03-08 06:11 1,036,288 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui
2008-12-11 23:34 . 2008-10-16 21:33 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll
2008-12-11 23:34 . 2008-10-16 21:33 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll
2008-12-11 23:34 . 2008-10-16 21:33 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll
2008-12-11 23:34 . 2008-10-16 21:33 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll
2008-12-11 23:34 . 2008-10-16 21:33 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll
2008-12-11 23:34 . 2008-10-16 14:11 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe
2008-12-11 14:26 . 2008-04-14 22:51 221,184 --a------ c:\windows\system32\wmpns.dll
2008-12-11 12:25 . 2008-12-11 12:27 <DIR> d-------- c:\windows\ServicePackFiles
2008-12-11 12:25 . 2008-04-14 22:51 294,912 -----c--- c:\windows\system32\dllcache\dlimport.exe
2008-12-11 02:02 . 2008-12-11 02:02 <DIR> d-------- c:\windows\system32\XPSViewer
2008-12-11 02:02 . 2008-12-11 02:02 <DIR> d-------- c:\program files\Reference Assemblies
2008-12-11 02:02 . 2008-12-11 02:02 <DIR> d-------- c:\program files\MSBuild
2008-12-11 02:02 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll
2008-12-11 01:56 . 2008-12-11 01:56 <DIR> d-------- c:\documents and settings\Sobcik\Dane aplikacji\Shareaza
2008-12-11 01:43 . 2008-12-13 17:06 717,296 --a------ c:\windows\system32\drivers\sptd.sys
2008-12-11 01:30 . 2008-06-14 18:36 273,024 -----c--- c:\windows\system32\dllcache\bthport.sys
2008-12-11 01:29 . 2008-08-14 11:04 138,496 -----c--- c:\windows\system32\dllcache\afd.sys
2008-12-11 01:27 . 2008-12-13 07:39 3,593,216 -----c--- c:\windows\system32\dllcache\mshtml.dll
2008-12-11 01:27 . 2008-10-16 02:02 1,499,136 -----c--- c:\windows\system32\dllcache\shdocvw.dll
2008-12-11 01:27 . 2008-10-16 21:33 1,160,192 -----c--- c:\windows\system32\dllcache\urlmon.dll
2008-12-11 01:27 . 2008-10-16 21:33 826,368 -----c--- c:\windows\system32\dllcache\wininet.dll
2008-12-11 01:27 . 2008-09-08 11:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
2008-12-11 01:26 . 2008-08-14 14:26 2,190,464 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-12-11 01:26 . 2008-08-14 14:26 2,146,816 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-12-11 01:26 . 2008-08-14 14:26 2,067,328 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-12-11 01:26 . 2008-08-14 14:26 2,025,472 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-12-11 01:26 . 2008-09-15 16:27 1,846,656 -----c--- c:\windows\system32\dllcache\win32k.sys
2008-12-11 01:25 . 2008-09-04 18:17 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-12-11 01:25 . 2008-04-11 20:06 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll
2008-12-11 01:25 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-12-11 01:25 . 2008-10-15 17:36 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-12-11 01:25 . 2008-05-01 15:37 331,776 -----c--- c:\windows\system32\dllcache\msadce.dll
2008-12-11 01:25 . 2008-05-08 15:02 203,136 -----c--- c:\windows\system32\dllcache\rmcast.sys
2008-12-10 02:54 . 2008-12-10 02:54 <DIR> d-------- c:\documents and settings\Sobcik\English Translator 3
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-28 00:50 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-27 22:39 --------- d-----w c:\program files\Common Files\InstallShield
2008-12-09 20:44 --------- d-----w c:\program files\Realtek
2008-12-09 20:44 --------- d-----w c:\documents and settings\Sobcik\Dane aplikacji\InstallShield
2008-12-09 20:41 --------- d-----w c:\program files\Intel
2008-12-09 20:25 --------- d-----w c:\program files\microsoft frontpage
2008-12-09 20:23 --------- d-----w c:\program files\Usługi online
2008-11-02 14:02 7,680 ----a-w c:\windows\system32\ff_vfw.dll
2008-10-28 22:35 684,032 ----a-w c:\windows\system32\divx.dll
2008-10-27 09:04 235,856 ----a-w c:\windows\system32\xactengine3_3.dll
2008-10-27 09:04 23,376 ----a-w c:\windows\system32\X3DAudio1_5.dll
2008-10-23 12:42 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 20:33 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-03 10:04 247,326 ----a-w c:\windows\system32\strmdll.dll
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="d:\programy\Avast\ashDisp.exe" [2008-11-26 81000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"DeathAdder"="d:\programy\Razer\razerhid.exe" [2007-09-07 159744]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]
"SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]
"WooCnxMon"="c:\progra~1\NEOSTR~1\CnxMon.exe" [2003-10-16 24576]
"WOOWATCH"="c:\progra~1\NEOSTR~1\Watch.exe" [2003-10-16 20480]
"WOOTASKBARICON"="c:\progra~1\NEOSTR~1\TaskbarIcon.exe" [2003-10-16 53248]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]
"nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Natter.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Natter.lnk
backup=c:\windows\pss\Natter.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a--c--- 2008-08-08 13:11 490952 d:\programy\DAEMON Tools Lite\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyTuneV]
--a------ 2006-12-15 14:13 31552 c:\program files\Gigabyte\ET5\ETcall.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Odkurzacz-MCD]
--a--c--- 2008-08-16 16:01 264704 d:\programy\Odkurzacz\odk_mcd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
--a--c--- 2008-08-21 02:18 443968 d:\programy\Picasa2\PicasaMediaDetector.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-12-10 01:24 140672 c:\program files\Java\jre1.7.0\bin\jusched.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Java\\jre1.7.0\\bin\\java.exe"=
"e:\\GRY\\FlatOut\\flatout.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Java\\jdk1.6.0_11\\bin\\java.exe"=
"d:\\PROGRAMY\\Shareaza\\Shareaza.exe"=
"d:\\PROGRAMY\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"e:\\GRY\\Valve\\SteamApps\\sobcik\\counter-strike\\hl.exe"=
"c:\\Program Files\\Gigabyte\\@BIOS\\gwflash.exe"=
"d:\\PROGRAMY\\Opera\\opera.exe"=
"d:\\PROGRAMY\\uTorrent\\uTorrent.exe"=
"d:\\PROGRAMY\\Gadu-Gadu\\gg.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-09 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-12-09 20560]
R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [2008-12-10 22784]
S3 cpuz131;cpuz131;\??\c:\docume~1\Sobcik\USTAWI~1\Temp\cpuz131\cpuz_x32.sys []
S3 CyUsb;Cypress Generic USB Driver;c:\windows\system32\Drivers\CyUsb.sys [2008-12-10 31104]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\start.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\start.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c0bd09c0-c63a-11dd-8b1e-000e507096c9}]
\Shell\AutoRun\command - L:\o1.com
\Shell\explore\Command - L:\o1.com
\Shell\open\Command - L:\o1.com
.
- - - - USUNIĘTO PUSTE WPISY - - - -
MSConfigStartUp-VX3000 - c:\windows\vVX3000.exe
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.neostrada.pl
uInternet Connection Wizard,ShellNext = iexplore
IE: &Pobierz wszystko przez FlashGet - d:\programy\FlashGet\ComDlls\Bhoall.htm
IE: &Pobrane przez FlashGet - d:\programy\FlashGet\ComDlls\Bholink.htm
IE: E&ksport do programu Microsoft Excel - d:\programy\Office\OFFICE11\EXCEL.EXE/3000
IE: { - c:\program files\Messenger\msmsgs.exe
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - d:\programy\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Sobcik\Dane aplikacji\Mozilla\Firefox\Profiles\uyey3txx.default\
FF - prefs.js: browser.search.selectedEngine - Allegro
FF - component: d:\programy\FireFox\components\flashgetXpi.dll
FF - component: d:\programy\FireFox\components\iamfamous.dll
FF - plugin: c:\program files\Java\jre1.7.0\bin\npjava11.dll
FF - plugin: c:\program files\Java\jre1.7.0\bin\npjava12.dll
FF - plugin: c:\program files\Java\jre1.7.0\bin\npjava13.dll
FF - plugin: c:\program files\Java\jre1.7.0\bin\npjava14.dll
FF - plugin: c:\program files\Java\jre1.7.0\bin\npjava32.dll
FF - plugin: c:\program files\Java\jre1.7.0\bin\npjpi170.dll
FF - plugin: c:\program files\Java\jre1.7.0\bin\npoji610.dll
FF - plugin: d:\programy\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: d:\programy\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: d:\programy\Opera\program\plugins\npdsplay.dll
FF - plugin: d:\programy\Opera\program\plugins\NPFgc1.dll
FF - plugin: d:\programy\Opera\program\plugins\NPFgc2.dll
FF - plugin: d:\programy\Opera\program\plugins\NPFgc3.dll
FF - plugin: d:\programy\Opera\program\plugins\NPOFFICE.DLL
FF - plugin: d:\programy\Opera\program\plugins\nppl3260.dll
FF - plugin: d:\programy\Opera\program\plugins\nprpjplug.dll
FF - plugin: d:\programy\Opera\program\plugins\NPSWF32.dll
FF - plugin: d:\programy\Opera\program\plugins\npwmsdrm.dll
FF - plugin: d:\programy\Picasa2\npPicasa2.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-28 03:07:08
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki:
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\msqpdxserv.sys]
"imagepath"="\systemroot\system32\drivers\msqpdxpaxtoexh.sys"
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
d:\programy\Avast\aswUpdSv.exe
d:\programy\Avast\ashServ.exe
c:\windows\system32\nvsvc32.exe
d:\programy\Avast\ashMaiSv.exe
d:\programy\Avast\ashWebSv.exe
c:\windows\system32\rundll32.exe
d:\programy\Razer\razertra.exe
d:\programy\Razer\razerofa.exe
.
**************************************************************************
.
Czas ukończenia: 2008-12-28 3:07:58 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2008-12-28 02:07:55
Przed: 17 999 269 888 bajtów wolnych
Po: 17,914,998,784 bajtów wolnych
315 --- E O F --- 2008-12-27 22:14:22
HijackThis
- Kod: Zaznacz wszystko
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:27:58, on 2008-12-28
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\PROGRAMY\Avast\aswUpdSv.exe
D:\PROGRAMY\Avast\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
D:\PROGRAMY\Avast\ashMaiSv.exe
D:\PROGRAMY\Avast\ashWebSv.exe
C:\WINDOWS\RTHDCPL.EXE
D:\PROGRAMY\Avast\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
D:\PROGRAMY\Razer\razerhid.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
D:\PROGRAMY\Razer\razertra.exe
D:\PROGRAMY\Razer\razerofa.exe
C:\WINDOWS\explorer.exe
D:\PROGRAMY\Opera\opera.exe
F:\NeostradaTP\Neostrada.exe
C:\PROGRA~1\NEOSTR~1\Barriere.exe
D:\Multimedia\Duperele\De bello Troiano\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.7.0\bin\ssv.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [avast!] D:\PROGRAMY\Avast\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DeathAdder] D:\PROGRAMY\Razer\razerhid.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\RunOnce: [Fail] C:\PROGRA~1\NEOSTR~1\Fail.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Pobierz wszystko przez FlashGet - D:\PROGRAMY\FlashGet\ComDlls\Bhoall.htm
O8 - Extra context menu item: &Pobrane przez FlashGet - D:\PROGRAMY\FlashGet\ComDlls\Bholink.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\PROGRAMY\Office\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.7.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.7.0\bin\ssv.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRAMY\Office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{8F67494A-DB3F-4B5F-8EA2-97BBEC773D9C}: NameServer = 85.255.115.50,85.255.112.154
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.50 85.255.112.154
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.114.43;85.255.112.165
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.50 85.255.112.154
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - D:\PROGRAMY\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\PROGRAMY\Avast\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\PROGRAMY\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\PROGRAMY\Avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\PROGRAMY\Avast\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe (file missing)
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe (file missing)
--
End of file - 5821 bytes
Pozdrawiam i dziekuje za pomoc.
PS. W logu z Hijacka nie pasuja mi tez linie 017, usuwalem to juz kilka razy i nic ciagle wraca.