Net mi się od paru dni muli

Denetrus · 14 Listopad 2007 15:52

proszę o sprawdzenie logów bo net się bardzo muli. Administrator mówi że u niego wszystko jest w porządku:/

Logfile of HijackThis v1.99.1 Scan saved at 16:45:35, on 2007-11-14 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe E:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe E:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe E:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe E:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe E:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\WINDOWS\RTHDCPL.EXE E:\Program Files\Winamp\winampa.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\WINDOWS\system32\kxmixer.exe C:\WINDOWS\system32\ctfmon.exe E:\Program Files\Gadu-Gadu\gg.exe E:\Program Files\Winamp\winamp.exe D:\muza\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - E:\Program Files\FlashGet\jccatch.dll O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O2 - BHO: Alcohol Toolbar Helper - {52D06F97-5511-43FA-8FDA-C481864FD26E} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - E:\Program Files\FlashGet\getflash.dll O3 - Toolbar: Alcohol Toolbar - {4C4E7CDB-5BFC-4D74-83E2-8AE659B7EDA2} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O3 - Toolbar: &Tłumaczenie - {0D704FAD-66E9-4F0A-BFED-4F665770DDB3} - C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll O4 - HKLM…\Run: [AVG7_CC] E:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM…\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM…\Run: [WinampAgent] e:\Program Files\Winamp\winampa.exe O4 - HKLM…\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKLM…\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe” O4 - HKLM…\Run: [kX Mixer] C:\WINDOWS\system32\kxmixer.exe --startup O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [Gadu-Gadu] “E:\Program Files\Gadu-Gadu\gg.exe” /tray O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet’a - E:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet’a - E:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {B46B0919-62BA-4D99-A5C4-916B57A6805C} - C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll O9 - Extra ‘Tools’ menuitem: @C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll,-103 - {B46B0919-62BA-4D99-A5C4-916B57A6805C} - C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\Program Files\FlashGet\FlashGet.exe O9 - Extra ‘Tools’ menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\Program Files\FlashGet\FlashGet.exe O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra ‘Tools’ menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll O17 - HKLM\System\CCS\Services\Tcpip…{4570AD34-0329-4A10-BA33-94B55B40570C}: NameServer = 1.1.1.1,1.1.1.2 O17 - HKLM\System\CCS\Services\Tcpip…{56B31D7E-7274-4794-BBA1-26A157A85AF8}: NameServer = 192.168.2.1,192.168.2.2 O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MSSQL$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe" -sPINNACLESYS (file missing) O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe O23 - Service: SQLAgent$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE" -i PINNACLESYS (file missing) O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - E:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

Gutek · 14 Listopad 2007 17:37

usuń wpis HJT

Daj log z ComboFix

Denetrus · 14 Listopad 2007 18:05

ComboFix 07-11-08.1 - Ula 2007-11-14 19:01:27.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.386 [GMT 1:00] Running from: C:\Documents and Settings\Ula\Moje dokumenty\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2007-10-14 to 2007-11-14 ))))))))))))))))))))))))))))))) . 2007-11-14 18:58 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-11-13 07:04 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2007-11-12 19:35 420,240 --a------ C:\WINDOWS\system32\mpg4c32.dll 2007-11-12 19:35 309,616 --a------ C:\WINDOWS\system32\wmv8dmod.dll 2007-11-12 16:29 2007-11-10 13:14 2007-11-10 10:58 2007-11-04 17:42 45,568 --a------ C:\WINDOWS\UniFish3.exe 2007-11-04 17:36 2007-11-04 16:11 108,144 --a------ C:\WINDOWS\system32\CmdLineExt.dll 2007-11-04 16:10 2007-11-04 15:40 2007-10-30 21:31 2007-10-30 21:29 2007-10-30 21:29 2007-10-30 21:29 197,120 --a------ C:\WINDOWS\patchw32.dll 2007-10-28 19:03 2007-10-21 18:21 2007-10-21 18:19 2007-10-21 18:18 2007-10-21 18:18 149,504 --------- C:\WINDOWS\system32\MFCANS32.DLL 2007-10-21 18:18 108,032 --------- C:\WINDOWS\system32\MFCUIA32.DLL 2007-10-21 18:17 2007-10-21 18:17 270,336 --a------ C:\WINDOWS\system32\sfms32.dll 2007-10-21 18:17 49,152 --a–c— C:\WINDOWS\system32\dllcache\a3d.dll 2007-10-21 18:17 49,152 --a------ C:\WINDOWS\system32\a3d.dll 2007-10-21 18:17 40,960 --a------ C:\WINDOWS\system32\AC3API.DLL 2007-10-21 18:16 2007-10-18 18:49 2007-10-16 16:38 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-14 17:47 --------- d-----w C:\Documents and Settings\Ula\Dane aplikacji\MEGAUPLOADTOOLBAR 2007-11-14 14:36 --------- d-----w C:\Documents and Settings\Denetrus\Dane aplikacji\AVG7 2007-11-14 13:11 --------- d-----w C:\Documents and Settings\Ula\Dane aplikacji\AVG7 2007-11-12 18:27 --------- d–h--w C:\Program Files\InstallShield Installation Information 2007-11-11 17:50 --------- d-----w C:\Documents and Settings\Ula\Dane aplikacji\OpenOffice.ux.pl2 2007-11-10 12:58 --------- d-----w C:\Documents and Settings\Denetrus\Dane aplikacji\MegauploadToolbar 2007-11-02 11:35 --------- d-----w C:\Documents and Settings\Denetrus\Dane aplikacji\Hamachi 2007-10-30 20:30 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll 2007-10-28 18:03 --------- d-----w C:\Program Files\Common Files\InstallShield 2007-10-27 12:01 --------- d-----w C:\Program Files\Steam 2007-10-21 12:33 --------- d-----w C:\Documents and Settings\Denetrus\Dane aplikacji\OpenOffice.ux.pl2 2007-10-11 13:55 --------- d-----w C:\Program Files\Google 2007-10-06 09:56 --------- d-----w C:\Program Files\MegauploadToolbar 2007-09-30 10:35 --------- d-----w C:\Documents and Settings\Denetrus\Dane aplikacji\Azureus 2007-09-30 10:29 --------- d-----w C:\Program Files\Common Files\Adobe 2007-09-29 11:19 --------- d-----w C:\Documents and Settings\Denetrus\Dane aplikacji\AdobeUM 2007-09-17 19:05 --------- d—a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP 2007-09-15 21:21 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-09-14 19:29 --------- d-----w C:\Documents and Settings\Denetrus\Dane aplikacji\SopCast 2007-07-19 23:19 855,886 ----a-w C:\Program Files\AUG2007_d3dx10_35_x64.cab 2007-07-19 23:19 800,467 ----a-w C:\Program Files\AUG2007_d3dx10_35_x86.cab 2007-07-19 23:19 1,803,760 ----a-w C:\Program Files\AUG2007_d3dx9_35_x64.cab 2007-07-19 23:18 44,684 ----a-w C:\Program Files\dxdllreg_x86.cab 2007-07-19 23:18 201,696 ----a-w C:\Program Files\AUG2007_XACT_x64.cab 2007-07-19 23:18 156,612 ----a-w C:\Program Files\AUG2007_XACT_x86.cab 2007-07-19 23:18 1,711,752 ----a-w C:\Program Files\AUG2007_d3dx9_35_x86.cab 2007-07-19 22:48 976,020 ------w C:\Program Files\BDAXP.cab 2007-07-19 22:48 917,318 ------w C:\Program Files\Apr2006_MDX1_x86.cab 2007-07-19 22:48 88,102 ------w C:\Program Files\AUG2006_xinput_x64.cab 2007-07-19 22:48 87,989 ------w C:\Program Files\Apr2006_xinput_x64.cab 2007-07-19 22:48 86,925 ------w C:\Program Files\Oct2005_xinput_x64.cab 2007-07-19 22:48 86,709 ----a-w C:\Program Files\dxupdate.cab 2007-07-19 22:48 77,160 ----a-w C:\Program Files\DSETUP.dll 2007-07-19 22:48 702,644 ------w C:\Program Files\JUN2007_d3dx10_34_x64.cab 2007-07-19 22:48 702,212 ------w C:\Program Files\APR2007_d3dx10_33_x64.cab 2007-07-19 22:48 702,072 ------w C:\Program Files\JUN2007_d3dx10_34_x86.cab 2007-07-19 22:48 699,465 ------w C:\Program Files\APR2007_d3dx10_33_x86.cab 2007-07-19 22:48 56,902 ------w C:\Program Files\APR2007_xinput_x86.cab 2007-07-19 22:48 503,144 ----a-w C:\Program Files\DXSETUP.exe 2007-07-19 22:48 47,018 ------w C:\Program Files\AUG2006_xinput_x86.cab 2007-07-19 22:48 46,898 ------w C:\Program Files\Apr2006_xinput_x86.cab 2007-07-19 22:48 46,247 ------w C:\Program Files\Oct2005_xinput_x86.cab 2007-07-19 22:48 4,163,518 ------w C:\Program Files\Apr2006_MDX1_x86_Archive.cab 2007-07-19 22:48 213,767 ------w C:\Program Files\DEC2006_d3dx10_00_x64.cab 2007-07-19 22:48 200,722 ------w C:\Program Files\JUN2007_XACT_x64.cab 2007-07-19 22:48 199,366 ------w C:\Program Files\APR2007_XACT_x64.cab 2007-07-19 22:48 198,275 ------w C:\Program Files\FEB2007_XACT_x64.cab 2007-07-19 22:48 193,435 ------w C:\Program Files\DEC2006_XACT_x64.cab 2007-07-19 22:48 192,680 ------w C:\Program Files\DEC2006_d3dx10_00_x86.cab 2007-07-19 22:48 183,863 ------w C:\Program Files\AUG2006_XACT_x64.cab 2007-07-19 22:48 183,321 ------w C:\Program Files\OCT2006_XACT_x64.cab 2007-07-19 22:48 181,745 ------w C:\Program Files\JUN2006_XACT_x64.cab 2007-07-19 22:48 180,021 ------w C:\Program Files\Apr2006_XACT_x64.cab 2007-07-19 22:48 179,247 ------w C:\Program Files\Feb2006_XACT_x64.cab 2007-07-19 22:48 156,509 ------w C:\Program Files\JUN2007_XACT_x86.cab 2007-07-19 22:48 154,825 ------w C:\Program Files\APR2007_XACT_x86.cab 2007-07-19 22:48 151,583 ------w C:\Program Files\FEB2007_XACT_x86.cab 2007-07-19 22:48 146,559 ------w C:\Program Files\DEC2006_XACT_x86.cab 2007-07-19 22:48 138,977 ------w C:\Program Files\OCT2006_XACT_x86.cab 2007-07-19 22:48 138,195 ------w C:\Program Files\AUG2006_XACT_x86.cab 2007-07-19 22:48 134,631 ------w C:\Program Files\JUN2006_XACT_x86.cab 2007-07-19 22:48 133,991 ------w C:\Program Files\Apr2006_XACT_x86.cab 2007-07-19 22:48 133,297 ------w C:\Program Files\Feb2006_XACT_x86.cab 2007-07-19 22:48 13,265,040 ------w C:\Program Files\dxnt.cab 2007-07-19 22:48 100,417 ------w C:\Program Files\APR2007_xinput_x64.cab 2007-07-19 22:48 1,673,576 ----a-w C:\Program Files\dsetup32.dll 2007-07-19 22:48 1,611,374 ------w C:\Program Files\JUN2007_d3dx9_34_x64.cab 2007-07-19 22:48 1,610,958 ------w C:\Program Files\APR2007_d3dx9_33_x64.cab 2007-07-19 22:48 1,610,886 ------w C:\Program Files\JUN2007_d3dx9_34_x86.cab 2007-07-19 22:48 1,609,639 ------w C:\Program Files\APR2007_d3dx9_33_x86.cab 2007-07-19 22:48 1,575,336 ------w C:\Program Files\DEC2006_d3dx9_32_x86.cab 2007-07-19 22:48 1,572,114 ------w C:\Program Files\DEC2006_d3dx9_32_x64.cab 2007-07-19 22:48 1,413,862 ------w C:\Program Files\OCT2006_d3dx9_31_x64.cab 2007-07-19 22:48 1,398,718 ------w C:\Program Files\Apr2006_d3dx9_30_x64.cab 2007-07-19 22:48 1,363,684 ------w C:\Program Files\Feb2006_d3dx9_29_x64.cab 2007-07-19 22:48 1,358,864 ------w C:\Program Files\Dec2005_d3dx9_28_x64.cab 2007-07-19 22:48 1,351,430 ------w C:\Program Files\Aug2005_d3dx9_27_x64.cab 2007-07-19 22:48 1,348,242 ------w C:\Program Files\Apr2005_d3dx9_25_x64.cab 2007-07-19 22:48 1,336,890 ------w C:\Program Files\Jun2005_d3dx9_26_x64.cab 2007-07-19 22:48 1,248,387 ------w C:\Program Files\Feb2005_d3dx9_24_x64.cab 2007-07-19 22:48 1,156,363 ------w C:\Program Files\BDANT.cab 2007-07-19 22:48 1,128,177 ------w C:\Program Files\OCT2006_d3dx9_31_x86.cab 2007-07-19 22:48 1,116,109 ------w C:\Program Files\Apr2006_d3dx9_30_x86.cab 2007-07-19 22:48 1,085,608 ------w C:\Program Files\Feb2006_d3dx9_29_x86.cab 2007-07-19 22:48 1,080,344 ------w C:\Program Files\Dec2005_d3dx9_28_x86.cab 2007-07-19 22:48 1,079,850 ------w C:\Program Files\Apr2005_d3dx9_25_x86.cab 2007-07-19 22:48 1,078,532 ------w C:\Program Files\Aug2005_d3dx9_27_x86.cab 2007-07-19 22:48 1,065,813 ------w C:\Program Files\Jun2005_d3dx9_26_x86.cab 2007-07-19 22:48 1,014,113 ------w C:\Program Files\Feb2005_d3dx9_24_x86.cab . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “AVG7_CC”=“E:\PROGRA~1\Grisoft\AVG7\avgcc.exe” [2007-10-25 07:25] “RTHDCPL”=“RTHDCPL.EXE” [2006-12-19 10:12 C:\WINDOWS\RTHDCPL.exe] “WinampAgent”=“e:\Program Files\Winamp\winampa.exe” [2007-05-14 23:22] “StartCCC”=“C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe” [2006-11-10 11:35] “PinnacleDriverCheck”=“C:\WINDOWS\system32\PSDrvCheck.exe” [2004-03-11 00:26] “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe” [2007-07-12 03:00] “kX Mixer”=“C:\WINDOWS\system32\kxmixer.exe” [2003-08-18 23:27] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 00:44] “Gadu-Gadu”=“E:\Program Files\Gadu-Gadu\gg.exe” [2007-07-09 08:39] “MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2004-08-03 23:55] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] @= [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Gamma Loader.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Gamma Loader.lnk backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Denetrus^Menu Start^Programy^Autostart^Adobe Gamma.lnk] path=C:\Documents and Settings\Denetrus\Menu Start\Programy\Autostart\Adobe Gamma.lnk backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Denetrus^Menu Start^Programy^Autostart^hamachi.lnk] path=C:\Documents and Settings\Denetrus\Menu Start\Programy\Autostart\hamachi.lnk backup=C:\WINDOWS\pss\hamachi.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Denetrus^Menu Start^Programy^Autostart^Xfire.lnk] path=C:\Documents and Settings\Denetrus\Menu Start\Programy\Autostart\Xfire.lnk backup=C:\WINDOWS\pss\Xfire.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount] “E:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe” /automount [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare] “E:\Program Files\BearShare\BearShare.exe” /pause [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Komunikator] E:\Program Files\Tlen.pl\tlen.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector] E:\Program Files\Picasa2\PicasaMediaDetector.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel] SkyTel.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] e:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] “C:\Program Files\Steam\Steam.exe” -silent R3 kxwdmdrv;kX WDM Driver Service;C:\WINDOWS\system32\drivers\kx.sys *Newly Created Service* - CATCHME . ************************************************************************** catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-14 19:02:37 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-11-14 19:03:24 . — E O F —

Złączono Posta : 14.11.2007 (Sro) 19:05

ComboFix 07-11-08.1 - Ula 2007-11-14 19:01:27.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.386 [GMT 1:00] Running from: C:\Documents and Settings\Ula\Moje dokumenty\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2007-10-14 to 2007-11-14 ))))))))))))))))))))))))))))))) . 2007-11-14 18:58 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-11-13 07:04 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2007-11-12 19:35 420,240 --a------ C:\WINDOWS\system32\mpg4c32.dll 2007-11-12 19:35 309,616 --a------ C:\WINDOWS\system32\wmv8dmod.dll 2007-11-12 16:29 2007-11-10 13:14 2007-11-10 10:58 2007-11-04 17:42 45,568 --a------ C:\WINDOWS\UniFish3.exe 2007-11-04 17:36 2007-11-04 16:11 108,144 --a------ C:\WINDOWS\system32\CmdLineExt.dll 2007-11-04 16:10 2007-11-04 15:40 2007-10-30 21:31 2007-10-30 21:29 2007-10-30 21:29 2007-10-30 21:29 197,120 --a------ C:\WINDOWS\patchw32.dll 2007-10-28 19:03 2007-10-21 18:21 2007-10-21 18:19 2007-10-21 18:18 2007-10-21 18:18 149,504 --------- C:\WINDOWS\system32\MFCANS32.DLL 2007-10-21 18:18 108,032 --------- C:\WINDOWS\system32\MFCUIA32.DLL 2007-10-21 18:17 2007-10-21 18:17 270,336 --a------ C:\WINDOWS\system32\sfms32.dll 2007-10-21 18:17 49,152 --a–c— C:\WINDOWS\system32\dllcache\a3d.dll 2007-10-21 18:17 49,152 --a------ C:\WINDOWS\system32\a3d.dll 2007-10-21 18:17 40,960 --a------ C:\WINDOWS\system32\AC3API.DLL 2007-10-21 18:16 2007-10-18 18:49 2007-10-16 16:38 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-14 17:47 --------- d-----w C:\Documents and Settings\Ula\Dane aplikacji\MEGAUPLOADTOOLBAR 2007-11-14 14:36 --------- d-----w C:\Documents and Settings\Denetrus\Dane aplikacji\AVG7 2007-11-14 13:11 --------- d-----w C:\Documents and Settings\Ula\Dane aplikacji\AVG7 2007-11-12 18:27 --------- d–h--w C:\Program Files\InstallShield Installation Information 2007-11-11 17:50 --------- d-----w C:\Documents and Settings\Ula\Dane aplikacji\OpenOffice.ux.pl2 2007-11-10 12:58 --------- d-----w C:\Documents and Settings\Denetrus\Dane aplikacji\MegauploadToolbar 2007-11-02 11:35 --------- d-----w C:\Documents and Settings\Denetrus\Dane aplikacji\Hamachi 2007-10-30 20:30 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll 2007-10-28 18:03 --------- d-----w C:\Program Files\Common Files\InstallShield 2007-10-27 12:01 --------- d-----w C:\Program Files\Steam 2007-10-21 12:33 --------- d-----w C:\Documents and Settings\Denetrus\Dane aplikacji\OpenOffice.ux.pl2 2007-10-11 13:55 --------- d-----w C:\Program Files\Google 2007-10-06 09:56 --------- d-----w C:\Program Files\MegauploadToolbar 2007-09-30 10:35 --------- d-----w C:\Documents and Settings\Denetrus\Dane aplikacji\Azureus 2007-09-30 10:29 --------- d-----w C:\Program Files\Common Files\Adobe 2007-09-29 11:19 --------- d-----w C:\Documents and Settings\Denetrus\Dane aplikacji\AdobeUM 2007-09-17 19:05 --------- d—a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP 2007-09-15 21:21 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-09-14 19:29 --------- d-----w C:\Documents and Settings\Denetrus\Dane aplikacji\SopCast 2007-07-19 23:19 855,886 ----a-w C:\Program Files\AUG2007_d3dx10_35_x64.cab 2007-07-19 23:19 800,467 ----a-w C:\Program Files\AUG2007_d3dx10_35_x86.cab 2007-07-19 23:19 1,803,760 ----a-w C:\Program Files\AUG2007_d3dx9_35_x64.cab 2007-07-19 23:18 44,684 ----a-w C:\Program Files\dxdllreg_x86.cab 2007-07-19 23:18 201,696 ----a-w C:\Program Files\AUG2007_XACT_x64.cab 2007-07-19 23:18 156,612 ----a-w C:\Program Files\AUG2007_XACT_x86.cab 2007-07-19 23:18 1,711,752 ----a-w C:\Program Files\AUG2007_d3dx9_35_x86.cab 2007-07-19 22:48 976,020 ------w C:\Program Files\BDAXP.cab 2007-07-19 22:48 917,318 ------w C:\Program Files\Apr2006_MDX1_x86.cab 2007-07-19 22:48 88,102 ------w C:\Program Files\AUG2006_xinput_x64.cab 2007-07-19 22:48 87,989 ------w C:\Program Files\Apr2006_xinput_x64.cab 2007-07-19 22:48 86,925 ------w C:\Program Files\Oct2005_xinput_x64.cab 2007-07-19 22:48 86,709 ----a-w C:\Program Files\dxupdate.cab 2007-07-19 22:48 77,160 ----a-w C:\Program Files\DSETUP.dll 2007-07-19 22:48 702,644 ------w C:\Program Files\JUN2007_d3dx10_34_x64.cab 2007-07-19 22:48 702,212 ------w C:\Program Files\APR2007_d3dx10_33_x64.cab 2007-07-19 22:48 702,072 ------w C:\Program Files\JUN2007_d3dx10_34_x86.cab 2007-07-19 22:48 699,465 ------w C:\Program Files\APR2007_d3dx10_33_x86.cab 2007-07-19 22:48 56,902 ------w C:\Program Files\APR2007_xinput_x86.cab 2007-07-19 22:48 503,144 ----a-w C:\Program Files\DXSETUP.exe 2007-07-19 22:48 47,018 ------w C:\Program Files\AUG2006_xinput_x86.cab 2007-07-19 22:48 46,898 ------w C:\Program Files\Apr2006_xinput_x86.cab 2007-07-19 22:48 46,247 ------w C:\Program Files\Oct2005_xinput_x86.cab 2007-07-19 22:48 4,163,518 ------w C:\Program Files\Apr2006_MDX1_x86_Archive.cab 2007-07-19 22:48 213,767 ------w C:\Program Files\DEC2006_d3dx10_00_x64.cab 2007-07-19 22:48 200,722 ------w C:\Program Files\JUN2007_XACT_x64.cab 2007-07-19 22:48 199,366 ------w C:\Program Files\APR2007_XACT_x64.cab 2007-07-19 22:48 198,275 ------w C:\Program Files\FEB2007_XACT_x64.cab 2007-07-19 22:48 193,435 ------w C:\Program Files\DEC2006_XACT_x64.cab 2007-07-19 22:48 192,680 ------w C:\Program Files\DEC2006_d3dx10_00_x86.cab 2007-07-19 22:48 183,863 ------w C:\Program Files\AUG2006_XACT_x64.cab 2007-07-19 22:48 183,321 ------w C:\Program Files\OCT2006_XACT_x64.cab 2007-07-19 22:48 181,745 ------w C:\Program Files\JUN2006_XACT_x64.cab 2007-07-19 22:48 180,021 ------w C:\Program Files\Apr2006_XACT_x64.cab 2007-07-19 22:48 179,247 ------w C:\Program Files\Feb2006_XACT_x64.cab 2007-07-19 22:48 156,509 ------w C:\Program Files\JUN2007_XACT_x86.cab 2007-07-19 22:48 154,825 ------w C:\Program Files\APR2007_XACT_x86.cab 2007-07-19 22:48 151,583 ------w C:\Program Files\FEB2007_XACT_x86.cab 2007-07-19 22:48 146,559 ------w C:\Program Files\DEC2006_XACT_x86.cab 2007-07-19 22:48 138,977 ------w C:\Program Files\OCT2006_XACT_x86.cab 2007-07-19 22:48 138,195 ------w C:\Program Files\AUG2006_XACT_x86.cab 2007-07-19 22:48 134,631 ------w C:\Program Files\JUN2006_XACT_x86.cab 2007-07-19 22:48 133,991 ------w C:\Program Files\Apr2006_XACT_x86.cab 2007-07-19 22:48 133,297 ------w C:\Program Files\Feb2006_XACT_x86.cab 2007-07-19 22:48 13,265,040 ------w C:\Program Files\dxnt.cab 2007-07-19 22:48 100,417 ------w C:\Program Files\APR2007_xinput_x64.cab 2007-07-19 22:48 1,673,576 ----a-w C:\Program Files\dsetup32.dll 2007-07-19 22:48 1,611,374 ------w C:\Program Files\JUN2007_d3dx9_34_x64.cab 2007-07-19 22:48 1,610,958 ------w C:\Program Files\APR2007_d3dx9_33_x64.cab 2007-07-19 22:48 1,610,886 ------w C:\Program Files\JUN2007_d3dx9_34_x86.cab 2007-07-19 22:48 1,609,639 ------w C:\Program Files\APR2007_d3dx9_33_x86.cab 2007-07-19 22:48 1,575,336 ------w C:\Program Files\DEC2006_d3dx9_32_x86.cab 2007-07-19 22:48 1,572,114 ------w C:\Program Files\DEC2006_d3dx9_32_x64.cab 2007-07-19 22:48 1,413,862 ------w C:\Program Files\OCT2006_d3dx9_31_x64.cab 2007-07-19 22:48 1,398,718 ------w C:\Program Files\Apr2006_d3dx9_30_x64.cab 2007-07-19 22:48 1,363,684 ------w C:\Program Files\Feb2006_d3dx9_29_x64.cab 2007-07-19 22:48 1,358,864 ------w C:\Program Files\Dec2005_d3dx9_28_x64.cab 2007-07-19 22:48 1,351,430 ------w C:\Program Files\Aug2005_d3dx9_27_x64.cab 2007-07-19 22:48 1,348,242 ------w C:\Program Files\Apr2005_d3dx9_25_x64.cab 2007-07-19 22:48 1,336,890 ------w C:\Program Files\Jun2005_d3dx9_26_x64.cab 2007-07-19 22:48 1,248,387 ------w C:\Program Files\Feb2005_d3dx9_24_x64.cab 2007-07-19 22:48 1,156,363 ------w C:\Program Files\BDANT.cab 2007-07-19 22:48 1,128,177 ------w C:\Program Files\OCT2006_d3dx9_31_x86.cab 2007-07-19 22:48 1,116,109 ------w C:\Program Files\Apr2006_d3dx9_30_x86.cab 2007-07-19 22:48 1,085,608 ------w C:\Program Files\Feb2006_d3dx9_29_x86.cab 2007-07-19 22:48 1,080,344 ------w C:\Program Files\Dec2005_d3dx9_28_x86.cab 2007-07-19 22:48 1,079,850 ------w C:\Program Files\Apr2005_d3dx9_25_x86.cab 2007-07-19 22:48 1,078,532 ------w C:\Program Files\Aug2005_d3dx9_27_x86.cab 2007-07-19 22:48 1,065,813 ------w C:\Program Files\Jun2005_d3dx9_26_x86.cab 2007-07-19 22:48 1,014,113 ------w C:\Program Files\Feb2005_d3dx9_24_x86.cab . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “AVG7_CC”=“E:\PROGRA~1\Grisoft\AVG7\avgcc.exe” [2007-10-25 07:25] “RTHDCPL”=“RTHDCPL.EXE” [2006-12-19 10:12 C:\WINDOWS\RTHDCPL.exe] “WinampAgent”=“e:\Program Files\Winamp\winampa.exe” [2007-05-14 23:22] “StartCCC”=“C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe” [2006-11-10 11:35] “PinnacleDriverCheck”=“C:\WINDOWS\system32\PSDrvCheck.exe” [2004-03-11 00:26] “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe” [2007-07-12 03:00] “kX Mixer”=“C:\WINDOWS\system32\kxmixer.exe” [2003-08-18 23:27] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 00:44] “Gadu-Gadu”=“E:\Program Files\Gadu-Gadu\gg.exe” [2007-07-09 08:39] “MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2004-08-03 23:55] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] @= [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Gamma Loader.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Gamma Loader.lnk backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Denetrus^Menu Start^Programy^Autostart^Adobe Gamma.lnk] path=C:\Documents and Settings\Denetrus\Menu Start\Programy\Autostart\Adobe Gamma.lnk backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Denetrus^Menu Start^Programy^Autostart^hamachi.lnk] path=C:\Documents and Settings\Denetrus\Menu Start\Programy\Autostart\hamachi.lnk backup=C:\WINDOWS\pss\hamachi.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Denetrus^Menu Start^Programy^Autostart^Xfire.lnk] path=C:\Documents and Settings\Denetrus\Menu Start\Programy\Autostart\Xfire.lnk backup=C:\WINDOWS\pss\Xfire.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount] “E:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe” /automount [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare] “E:\Program Files\BearShare\BearShare.exe” /pause [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Komunikator] E:\Program Files\Tlen.pl\tlen.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector] E:\Program Files\Picasa2\PicasaMediaDetector.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel] SkyTel.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] e:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] “C:\Program Files\Steam\Steam.exe” -silent R3 kxwdmdrv;kX WDM Driver Service;C:\WINDOWS\system32\drivers\kx.sys *Newly Created Service* - CATCHME . ************************************************************************** catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-14 19:02:37 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-11-14 19:03:24 . — E O F —

Gutek · 14 Listopad 2007 18:19

To nie wina syfu