Syrj utworzono 16 grudnia 2008 utworzono 16 grudnia 2008 Cześć. Czuję, że coś jest nie tak, więc proszę was o sprawdzenie logów. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 20:55:37, on 2008-12-16Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\VDOTool\TBPanel.exeC:\PROGRA~1\NEOSTR~1\CnxMon.exeC:\Program Files\Neostrada TP\taskbaricon.exeC:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exeC:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exeC:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\DU Meter\DUMeter.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\system32\CTsvcCDA.exeC:\Program Files\DU Meter\DUMeterSvc.exeC:\Program Files\DAEMON Tools Lite\daemon.exeC:\Program Files\Creative\Shared Files\CTSched.exeC:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exeC:\Program Files\Logitech\SetPoint\SetPoint.exeC:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXEC:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exeC:\Program Files\NetLimiter 2 Monitor\nlsvc.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\System32\HPZipm12.exeC:\WINDOWS\system32\PnkBstrA.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\NetLimiter 2 Monitor\NLClient.exeC:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\PnkBstrB.exeC:\Program Files\foobar2000\foobar2000.exeC:\WINDOWS\system32\notepad.exeC:\WINDOWS\system32\imapi.exeC:\WINDOWS\explorer.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeC:\Program Files\Xfire\xfire.exeC:\Program Files\Gadu-Gadu\gg.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.plR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ŁączaR3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLLO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dllO4 - HKLM\..\Run: [Gainward] C:\Program Files\VDOTool\TBPanel.exe /AO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exeO4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exeO4 - HKLM\..\Run: [WOOTASKBARICON] C:\Program Files\Neostrada TP\taskbaricon.exeO4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNCO4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNCO4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMENameO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXEO4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exeO4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /rO4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17HelperO4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXEO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /trayO4 - HKCU\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exeO4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorunO4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorunO4 - HKCU\..\Run: [CreativeTaskScheduler] "C:\Program Files\Creative\Shared Files\CTSched.exe" /logonO4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifworkO4 - HKCU\..\Run: [Creative MediaSource Go] "C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe" /SCBO4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exeO4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exeO8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htmO8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htmO8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htmO8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htmO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virusscanner/kavwebscan_unicode.cabO16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cabO16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cabO16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cabO16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cabO16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15106/CTPID.cabO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exeO23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd - C:\Program Files\DU Meter\DUMeterSvc.exeO23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exeO23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exeO23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exeO23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exeO23 - Service: MySql - Unknown owner - c:\usr/MYSQL/bin/mysqld.exe (file missing)O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Monitor\nlsvc.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exeO23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exeO23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe--End of file - 9513 bytes ComboFix 08-12-15.08 - Admin 2008-12-16 20:46:51.1 - NTFSx86Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.2046.1409 [GMT 1:00]Uruchomiony z: c:\documents and settings\Admin\Pulpit\ComboFix.exe.((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))).c:\documents and settings\Admin\Menu Start\Programy\Autostart\lsass.exec:\windows\system32\mpg4c32.dll.((((((((((((((((((((((((( Pliki utworzone od 2008-11-16 do 2008-12-16 ))))))))))))))))))))))))))))))).2008-12-14 10:17 . 2008-12-14 10:24 <DIR> d-------- c:\program files\Thoosje Vista Sidebar2008-12-13 14:57 . 2008-12-13 14:57 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\id Software2008-12-11 21:37 . 2008-12-11 21:37 42,320 --a------ c:\windows\system32\xfcodec.dll2008-12-11 19:40 . 2008-12-11 19:40 <DIR> d-------- c:\documents and settings\Filmy\Dane aplikacji\teamspeak22008-12-08 14:01 . 2008-12-08 14:01 <DIR> d-------- c:\program files\Ubisoft2008-12-07 19:33 . 2008-12-07 19:33 <DIR> d-------- c:\program files\CCleaner2008-12-07 18:38 . 2008-12-07 18:38 <DIR> d-------- c:\program files\VentriloMIX2008-12-07 12:21 . 2008-12-07 12:21 <DIR> d-------- c:\program files\Ventrilo2008-12-01 15:38 . 2008-10-10 04:52 4,379,984 --a------ c:\windows\system32\D3DX9_40.dll2008-12-01 15:38 . 2008-10-10 04:52 2,036,576 --a------ c:\windows\system32\D3DCompiler_40.dll2008-12-01 15:38 . 2008-10-27 10:04 514,384 --a------ c:\windows\system32\XAudio2_3.dll2008-12-01 15:38 . 2008-10-10 04:52 452,440 --a------ c:\windows\system32\d3dx10_40.dll2008-12-01 15:38 . 2008-10-27 10:04 235,856 --a------ c:\windows\system32\xactengine3_3.dll2008-12-01 15:38 . 2008-10-27 10:04 70,992 --a------ c:\windows\system32\XAPOFX1_2.dll2008-12-01 15:37 . 2008-10-27 10:04 23,376 --a------ c:\windows\system32\X3DAudio1_5.dll2008-11-26 08:11 . 2008-11-26 08:12 <DIR> d-------- c:\program files\Nowe Gadu-Gadu2008-11-25 12:59 . 2008-11-25 12:59 <DIR> d-------- c:\documents and settings\Admin\Dane aplikacji\Apple Computer2008-11-22 13:45 . 2008-11-22 13:45 <DIR> d-------- c:\program files\Common Files\AVSMedia2008-11-22 13:45 . 2008-11-22 13:45 <DIR> d-------- c:\program files\AVS4YOU2008-11-22 13:45 . 2008-11-22 13:45 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\AVS4YOU2008-11-22 13:45 . 2002-01-05 16:48 974,848 --a------ c:\windows\system32\mfc70.dll2008-11-22 13:45 . 2002-01-05 15:40 487,424 --a------ c:\windows\system32\msvcp70.dll2008-11-22 13:45 . 2007-09-27 15:22 261,632 --a------ c:\windows\system32\mcdvd_32.dll2008-11-22 13:45 . 2003-05-22 00:50 156,910 --a------ c:\windows\WMSysPr8.prx2008-11-22 13:45 . 2003-05-22 00:50 82,944 --a------ c:\windows\system32\vct3216.acm2008-11-22 13:45 . 2004-09-06 17:06 53,248 --a------ c:\windows\system32\xvid.ax2008-11-22 13:45 . 2003-05-22 00:50 38,912 --a------ c:\windows\system32\alf2cd.acm2008-11-22 13:45 . 2000-03-14 21:55 13,239 --a------ c:\windows\system32\Scg726.acm2008-11-20 18:01 . 2008-11-20 18:07 <DIR> d-------- c:\documents and settings\Admin\Dane aplikacji\Dev-Cpp2008-11-20 18:00 . 2008-11-20 18:01 <DIR> d-------- C:\Dev-Cpp2008-11-18 17:24 . 2008-11-18 17:24 <DIR> d-------- c:\program files\krolnet.pl2008-11-17 20:34 . 2008-11-17 20:34 77 --a------ c:\windows\SHED.INI2008-11-17 14:44 . 2008-11-22 11:02 67 --a------ c:\windows\bpw.ini.(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-12-16 19:50 --------- d-----w c:\documents and settings\Admin\Dane aplikacji\Free Download Manager2008-12-16 19:49 --------- d-----w c:\documents and settings\Admin\Dane aplikacji\Xfire2008-12-16 19:12 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\TrackMania2008-12-16 18:53 202,040 ----a-w c:\windows\system32\PnkBstrB.exe2008-12-16 18:53 137,688 ----a-w c:\windows\system32\drivers\PnkBstrK.sys2008-12-16 17:28 --------- d-----w c:\documents and settings\Admin\Dane aplikacji\foobar20002008-12-16 12:49 --------- d-----w c:\program files\Xfire2008-12-14 19:21 --------- d-----w c:\program files\Neostrada TP2008-12-14 12:11 --------- d--h--w c:\program files\InstallShield Installation Information2008-12-13 13:58 --------- d-----w c:\documents and settings\Admin\Dane aplikacji\id Software2008-12-13 13:57 22,328 ----a-w c:\documents and settings\Admin\Dane aplikacji\PnkBstrK.sys2008-12-13 13:57 2,246,144 ----a-w c:\windows\system32\pbsvc.exe2008-12-13 10:50 --------- d-----w c:\documents and settings\Admin\Dane aplikacji\GanymedeNet2008-12-12 20:06 --------- d-----w c:\program files\Ganymede2008-12-11 16:43 --------- d-----w c:\program files\Steam2008-12-07 11:21 --------- d-----w c:\program files\Common Files\Wise Installation Wizard2008-12-05 07:23 --------- d-----w c:\documents and settings\Admin\Dane aplikacji\teamspeak22008-12-03 14:02 --------- d-----w c:\program files\Gadu-Gadu2008-11-28 15:30 --------- d-----w c:\program files\Teamspeak2_RC22008-11-28 06:52 66,872 ----a-w c:\windows\system32\PnkBstrA.exe2008-11-26 12:54 --------- d-----w c:\documents and settings\Admin\Dane aplikacji\Nowe Gadu-Gadu2008-11-20 15:29 --------- d-----w c:\program files\CoD RconTool2008-11-19 20:10 --------- d-----w c:\program files\The All-Seeing Eye2008-11-15 15:40 --------- d-----w c:\documents and settings\Admin\Dane aplikacji\Hamachi2008-11-13 18:03 --------- d-----w c:\documents and settings\Admin\Dane aplikacji\Microsoft Games2008-11-08 08:02 --------- d-----w c:\program files\DivX2008-11-07 07:22 --------- d-----w c:\documents and settings\Admin\Dane aplikacji\Smart Recorder2008-11-03 18:20 --------- d-----w c:\documents and settings\Aga\Dane aplikacji\Skype2008-11-03 18:13 --------- d-----w c:\program files\Calenz2008-11-03 18:13 --------- d-----w c:\documents and settings\Aga\Dane aplikacji\skypePM2008-11-02 13:35 --------- d-----w c:\program files\Common Files\Logishrd2008-11-02 12:44 --------- d-----w c:\program files\Logitech2008-11-02 12:44 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Logitech2008-11-02 12:44 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\LogiShrd2008-10-31 18:26 86,016 ----a-w c:\windows\system32\OpenAL32.dll2008-10-31 18:23 --------- d-----w c:\program files\Futuremark2008-10-28 15:12 --------- d-----w c:\documents and settings\Admin\Dane aplikacji\IGN_DLM2008-10-28 12:42 --------- d-----w c:\program files\Download Manager2008-10-27 14:46 --------- d-----w c:\documents and settings\Admin\Dane aplikacji\uTorrent2008-10-25 18:25 --------- d-----w c:\program files\ICCup2008-10-21 15:32 --------- d-----w c:\program files\Mplayer2008-10-21 09:54 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\TechSmith2008-10-21 09:53 --------- d-----w c:\program files\TechSmith2008-10-21 09:53 --------- d-----w c:\program files\Common Files\TechSmith Shared2008-10-19 12:38 --------- d-----w c:\program files\AGEIA Technologies2008-10-16 20:16 --------- d-----w c:\documents and settings\Admin\Dane aplikacji\Locktime2008-10-16 20:13 --------- d-----w c:\program files\NetLimiter 2 Monitor2008-10-16 20:13 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Locktime2008-10-02 08:07 453,152 ----a-w c:\windows\system32\NVUNINST.EXE2008-09-27 18:16 666 ----a-w c:\windows\Fonts\BnetLog.txt2008-09-19 21:55 200,704 ----a-w c:\windows\system32\ssldivx.dll2008-09-19 21:55 1,044,480 ----a-w c:\windows\system32\libdivx.dll2008-07-25 09:17 0 ----a-w c:\program files\temp012008-02-26 10:29 784 ----a-w c:\documents and settings\Admin\Dane aplikacji\mpauth.dat.((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2007-11-14 2131392]"DU Meter"="c:\program files\DU Meter\DUMeter.exe" [2007-10-15 2582288]"Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2008-02-13 2453551]"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]"CreativeTaskScheduler"="c:\program files\Creative\Shared Files\CTSched.exe" [2006-11-17 53341]"igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2008-08-01 1103216]"Creative MediaSource Go"="c:\program files\Creative\MediaSource5\Go\CTCMSGoU.exe" [2006-11-09 204800][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Gainward"="c:\program files\VDOTool\TBPanel.exe" [2007-10-02 2165272]"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]"WooCnxMon"="c:\progra~1\NEOSTR~1\CnxMon.exe" [2003-10-16 24576]"WOOWATCH"="c:\progra~1\NEOSTR~1\Watch.exe" [2003-10-16 20480]"WOOTASKBARICON"="c:\program files\Neostrada TP\taskbaricon.exe" [2003-10-16 53248]"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-13 208952]"MSPY2002"="c:\windows\System32\IME\PINTLGNT\ImScInst.exe" [2002-08-28 59392]"PHIME2002ASync"="c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-28 455168]"PHIME2002A"="c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-28 455168]"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]"iKeyWorks"="c:\progra~1\A4Tech\Keyboard\Ikeymain.exe" [2005-04-14 73728]"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 563984]"nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe]"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]"P17Helper"="P17.dll" [2005-05-03 c:\windows\system32\P17.dll][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]c:\documents and settings\Aga\Menu Start\Programy\Autostart\Calenz Startup.lnk - c:\program files\Calenz\Calenz.exe [2008-02-13 696320]c:\documents and settings\Admin\Menu Start\Programy\Autostart\Xfire.lnk - c:\program files\Xfire\xfire.exe [2008-12-11 2990416]c:\documents and settings\All Users\Menu Start\Programy\Autostart\Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-07-31 805392][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]2008-05-02 01:42 72208 c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"VIDC.XFR1"= xfcodec.dll"MSVideo1"= CSvidcap.dll[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]@=""[HKLM\~\startupfolder\C:^Documents and Settings^Admin^Menu Start^Programy^Autostart^Adobe Gamma.lnk]path=c:\documents and settings\Admin\Menu Start\Programy\Autostart\Adobe Gamma.lnkbackup=c:\windows\pss\Adobe Gamma.lnkStartup[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^DSLMON.lnk]path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\DSLMON.lnkbackup=c:\windows\pss\DSLMON.lnkCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk]path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnkbackup=c:\windows\pss\Microsoft Office.lnkCommon Startup[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]--a------ 2007-07-25 16:06 2027792 c:\program files\Logitech\QuickCam\Quickcam.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Minimizor]--a------ 2007-07-19 00:48 565248 c:\program files\Minimizor\Minimizor.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]--a------ 2007-10-18 10:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]--a------ 2008-09-28 20:56 413696 c:\program files\QuickTime\qttask.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]--a------ 2008-10-08 06:48 1410296 c:\program files\Steam\steam.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]--a------ 2008-02-22 04:25 144784 c:\program files\Java\jre1.6.0_05\bin\jusched.exe[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"c:\\Program Files\\xchat\\xchat.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\system32\\sessmgr.exe"="c:\\WINDOWS\\system32\\PnkBstrA.exe"="c:\\WINDOWS\\system32\\PnkBstrB.exe"="c:\\Program Files\\Bonjour\\mDNSResponder.exe"="c:\\Program Files\\uTorrent\\uTorrent.exe"="c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="c:\\Program Files\\Skype\\Phone\\Skype.exe"="d:\\gry\\Call of Duty - World at War\\CoDWaW.exe"="d:\\gry\\Call of Duty - World at War\\CoDWaWmp.exe"=*Newly Created Service* - PNKBSTRB*Newly Created Service* - PROCEXP90.Zawartość folderu 'Zaplanowane zadania'2008-12-15 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34].- - - - USUNIĘTO PUSTE WPISY - - - -HKLM-Run-LogitechVideo[inspector] - c:\program files\Logitech\Video\InstallHelper.exeMSConfigStartUp-HEXelon MAX - c:\docume~1\Admin\USTAWI~1\Temp\Rar$EX00.000\HEXelonMAX6\hexelon.exeMSConfigStartUp-LogitechSetup - c:\docume~1\Admin\USTAWI~1\Temp\QuickCam_11.1.0\setup.exeMSConfigStartUp-RTHDCPL - RTHDCPL.EXE.------- Skan uzupełniający -------.uStart Page = hxxp://www.neostrada.pluInternet Connection Wizard,ShellNext = iexploreuInternet Settings,ProxyOverride = *.localIE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htmIE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htmIE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htmIE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htmO16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cabc:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osdc:\windows\System32\SkanerOnlineUninstall.exe - c:\windows\System32\SkanerOnline.dllO16 -: {68282C51-9459-467B-95BF-3C0E89627E55}hxxp://www.mks.com.pl/skaner/SkanerOnline.cabc:\windows\Downloaded Program Files\SkanerOnline.infFF - ProfilePath - c:\documents and settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\i7265npf.default\FF - prefs.js: browser.search.selectedEngine - Wikipedia (pl)FF - plugin: c:\documents and settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\i7265npf.default\extensions\NPDyyno@dyyno.com\plugins\npDyyno.dllFF - plugin: c:\documents and settings\All Users\Dane aplikacji\id Software\QuakeLive\npquakezero.dllFF - plugin: c:\program files\Download Manager\npfpdlm.dllFF - plugin: c:\program files\Dyyno\Dyyno Player\npvlc.dllFF - plugin: c:\program files\Mozilla Firefox\plugins\npganymedenet.dllFF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dllFF - plugin: c:\program files\Mozilla Firefox\plugins\NPSignPlugin.dllFF - plugin: c:\program files\Mozilla Firefox\plugins\NPSUDOKU.dllFF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll.**************************************************************************catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-12-16 20:51:22Windows 5.1.2600 Dodatek Service Pack 3 NTFSskanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ...skanowanie ukrytych plików ... **************************************************************************[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DUMeterSvc]"ImagePath"="c:\program files\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService"[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MySql]"ImagePath"="c:\usr/MYSQL/bin/mysqld.exe".--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------- - - - - - - > 'winlogon.exe'(796)c:\program files\common files\logitech\bluetooth\LBTWlgn.dllc:\program files\common files\logitech\bluetooth\LBTServ.dll.Czas ukończenia: 2008-12-16 20:54:22ComboFix-quarantined-files.txt 2008-12-16 19:53:02Przed: 10,838,376,448 bajtów wolnychPo: 10,900,123,648 bajtów wolnych248 --- E O F --- 2008-08-14 20:18:02
Mateusz J. komentarz 17 grudnia 2008 komentarz 17 grudnia 2008 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) Fix. Ogólnie logi czyste, ComboFix pozbył się automatycznie wirusa. Przeskanuj dodatkowo komputer malwarebytes.
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.