Zmulony net .prosze o pomoc

hiwatha · 7 Lipiec 2008 20:09

Witam .Prosze o sprawdzenie loga.od mniej wiecej 2-3 dni net chodzi mi po prostu żałosnie! mam 2 kompy w domu jeden świerzak ,tzn ma 5 dni i drugi starszy i na obu tak jest.mam neo 1 mega.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:01:08, on 2008-07-07

Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\PROGRA~1\NEOSTR~1\CnxMon.exe

C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe

C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe

C:\Program Files\Softwin\BitDefender10\bdmcon.exe

C:\Program Files\Softwin\BitDefender10\bdagent.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Neostrada TP\NeostradaTP.exe

C:\Program Files\Neostrada TP\ComComp.exe

C:\Program Files\Neostrada TP\Watch.exe

C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe

C:\Program Files\Softwin\BitDefender10\vsserv.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll

O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll

O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM…\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM…\Run: [nwiz] nwiz.exe /install

O4 - HKLM…\Run: [RemoteControl] “C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe”

O4 - HKLM…\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM…\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe

O4 - HKLM…\Run: [speedTouch USB Diagnostics] “C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon

O4 - HKLM…\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe

O4 - HKLM…\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe

O4 - HKLM…\Run: [bDMCon] “C:\Program Files\Softwin\BitDefender10\bdmcon.exe” /reg

O4 - HKLM…\Run: [bDAgent] “C:\Program Files\Softwin\BitDefender10\bdagent.exe”

O4 - HKCU…\Run: [WITaj!] C:\Program Files\WITaj!\Wit2000.exe

O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA LOKALNA’)

O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’)

O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)

O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://D:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O17 - HKLM\System\CCS\Services\Tcpip…{F62125C3-73C8-4EC7-81B5-4626E1EDE595}: NameServer = 194.204.159.1 217.98.63.164

O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe

O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

–

End of file - 6151 bytes

ComboFix 08-07-05.1 - Admin 2008-07-07 22:53:19.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.1624 [GMT 2:00]

Running from: C:\Documents and Settings\Admin\Pulpit\ComboFix.exe

* Created a new restore point

* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED

.

((((((((((((((((((((((((( Files Created from 2008-06-07 to 2008-07-07 )))))))))))))))))))))))))))))))

.

2008-07-07 22:00 . 2008-07-07 22:00

2008-07-07 10:20 . 2008-07-07 10:20

2008-07-07 10:20 . 2008-07-07 10:20 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll

2008-07-05 10:14 . 2008-07-05 10:15 5,760,054 --a------ C:\WINDOWS\IrfanView_Wallpaper.bmp

2008-07-04 20:59 . 2008-07-04 21:00

2008-07-04 20:58 . 2008-07-04 20:58

2008-07-04 19:34 . 2008-07-04 19:34

2008-07-02 22:35 . 2008-07-02 22:35

2008-07-02 22:32 . 2008-07-07 22:11 81,984 --a------ C:\WINDOWS\system32\bdod.bin

2008-07-02 22:22 . 2008-07-02 22:22

2008-07-02 22:08 . 2008-07-02 22:08

2008-07-02 22:08 . 2003-12-08 11:53 70,688 --a------ C:\WINDOWS\system32\drivers\alcaudsl.sys

2008-07-02 22:08 . 2003-12-08 11:53 53,600 --a------ C:\WINDOWS\system32\drivers\alcan5wn.sys

2008-07-02 22:08 . 2003-10-16 19:07 32,768 --a------ C:\WINDOWS\system32\WooDial2000.dll

2008-07-02 22:08 . 2003-12-08 11:53 5,606 --a------ C:\WINDOWS\system32\stci.dll

2008-07-02 22:08 . 2003-12-08 11:53 5,280 --a------ C:\WINDOWS\system32\drivers\alcawh.sys

2008-07-02 22:08 . 2003-12-08 11:53 3,968 --a------ C:\WINDOWS\system32\drivers\alcacr.sys

2008-07-02 22:07 . 2008-07-07 22:52

2008-07-02 22:06 . 2008-07-02 22:06 1,409 --a------ C:\WINDOWS\system32\tmpE0902.FOT

2008-07-02 19:01 . 2008-07-06 10:51 69 --a------ C:\WINDOWS\NeroDigital.ini

2008-07-02 19:00 . 2008-04-14 00:15 26,368 --a–c— C:\WINDOWS\system32\dllcache\usbstor.sys

2008-07-02 18:42 . 2008-01-08 19:53 159,956 --a------ C:\WINDOWS\system32\nvapps.nvb

2008-06-29 08:08 . 2008-06-29 08:09

2008-06-28 22:35 . 2008-06-28 22:35

2008-06-28 22:35 . 2008-06-28 22:35 1,160 --a------ C:\WINDOWS\mozver.dat

2008-06-28 22:33 . 2008-06-28 22:33

2008-06-28 22:33 . 2008-06-28 22:35

2008-06-28 22:33 . 2008-06-28 22:33

2008-06-28 22:31 . 2008-06-28 22:31

2008-06-28 22:31 . 2008-07-02 19:02 262,144 --a------ C:\WINDOWS\system32\wrap_oal.dll

2008-06-28 22:31 . 2008-07-02 19:02 86,016 --a------ C:\WINDOWS\system32\OpenAL32.dll

2008-06-28 22:31 . 2004-10-25 20:02 21,664 --a------ C:\WINDOWS\system32\drivers\Entech.sys

2008-06-28 22:31 . 1999-11-02 10:01 6,173 --a------ C:\WINDOWS\system32\drivers\Entech.vxd

2008-06-28 22:31 . 2004-06-22 15:44 5,632 --a------ C:\WINDOWS\system32\drivers\Entech64.sys

2008-06-28 22:31 . 2001-11-19 19:05 3,972 --a------ C:\WINDOWS\system32\drivers\PciBus.sys

2008-06-28 22:30 . 2008-06-28 22:30

2008-06-28 22:28 . 2008-06-28 22:28

2008-06-28 22:28 . 1998-02-06 21:37 299,520 --a------ C:\WINDOWS\uninst.exe

2008-06-28 22:27 . 2008-07-02 22:53

2008-06-28 22:25 . 2008-06-28 22:25

2008-06-28 22:24 . 2008-07-04 19:46

2008-06-28 22:24 . 2008-06-28 22:24

2008-06-28 22:23 . 2008-06-28 22:23

2008-06-28 22:22 . 2008-06-28 22:23

2008-06-28 22:22 . 2008-06-28 22:22

2008-06-28 22:22 . 2008-06-28 22:22 0 --a------ C:\WINDOWS\nsreg.dat

2008-06-28 22:13 . 2008-06-28 22:13

2008-06-28 22:11 . 2006-12-29 00:31 19,569 --a------ C:\WINDOWS\002502_.tmp

2008-06-28 22:07 . 2008-03-05 15:56 3,786,760 --a------ C:\WINDOWS\system32\D3DX9_37.dll

2008-06-28 22:07 . 2008-03-05 15:56 1,420,824 --a------ C:\WINDOWS\system32\D3DCompiler_37.dll

2008-06-28 22:07 . 2008-03-05 16:03 479,752 --a------ C:\WINDOWS\system32\XAudio2_0.dll

2008-06-28 22:07 . 2008-02-05 23:07 462,864 --a------ C:\WINDOWS\system32\d3dx10_37.dll

2008-06-28 22:07 . 2008-03-05 16:03 238,088 --a------ C:\WINDOWS\system32\xactengine3_0.dll

2008-06-28 22:07 . 2008-03-05 16:00 25,608 --a------ C:\WINDOWS\system32\X3DAudio1_3.dll

2008-06-28 21:36 . 2008-06-28 21:36

2008-06-28 21:34 . 2008-06-28 21:34

2008-06-28 21:27 . 2008-06-28 21:27 0 --a------ C:\WINDOWS\winpm.INI

2008-06-28 21:26 . 2008-06-28 21:26

2008-06-28 21:26 . 2004-09-03 10:53 3,870,720 --a------ C:\WINDOWS\system32\qt-mt323.dll

2008-06-28 21:25 . 2008-06-28 21:25

2008-06-28 21:24 . 2008-06-28 21:25

2008-06-28 21:24 . 2008-06-28 21:24

2008-06-28 21:24 . 2008-01-10 15:27 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx

2008-06-28 21:24 . 2007-04-24 17:30 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll

2008-06-28 21:24 . 2008-01-10 15:27 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts

2008-06-28 21:24 . 2008-03-28 19:41 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll

2008-06-28 21:24 . 2007-07-10 18:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest

2008-06-28 21:20 . 2008-07-02 18:45

2008-06-28 21:20 . 2008-01-09 03:11 360,448 --a------ C:\WINDOWS\system32\NVUNINST.EXE

2008-06-28 21:20 . 2008-01-08 19:53 360,448 --a------ C:\WINDOWS\system32\nvudisp.exe

2008-06-28 21:20 . 2008-07-04 19:32 164,579 --a------ C:\WINDOWS\system32\nvapps.xml

2008-06-28 21:20 . 2008-01-08 19:53 17,737 --a------ C:\WINDOWS\system32\nvdisp.nvu

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-04 17:34 --------- d–h--w C:\Program Files\InstallShield Installation Information

2008-06-28 19:25 --------- d-----w C:\Program Files\Common Files\InstallShield

2008-06-28 18:37 16,376 ----a-w C:\WINDOWS\gdrv.sys

2008-06-28 18:37 --------- d-----w C:\Program Files\Realtek

2008-06-28 18:37 --------- d-----w C:\Documents and Settings\Admin\Dane aplikacji\InstallShield

2008-06-28 18:36 315,392 ----a-w C:\WINDOWS\HideWin.exe

2008-06-28 18:33 --------- d-----w C:\Program Files\Yahoo!

2008-06-28 18:33 --------- d-----w C:\Program Files\Intel

2008-06-28 18:29 --------- d-----w C:\Program Files\microsoft frontpage

2008-06-28 18:28 --------- d-----w C:\Program Files\Usługi online

2008-04-14 21:16 1,804 ----a-w C:\WINDOWS\system32\dcache.bin

2008-04-14 20:56 332,288 ----a-w C:\WINDOWS\system32\netsetup.exe

2008-04-14 20:52 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll

2008-04-14 20:52 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll

2008-04-14 20:52 299,520 ----a-w C:\WINDOWS\system32\drmclien.dll

2008-04-14 20:52 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll

2008-04-14 20:50 999,936 ----a-w C:\WINDOWS\system32\syssetup.dll

2008-04-14 20:49 98,304 ----a-w C:\WINDOWS\system32\actxprxy.dll

2008-04-14 20:48 5,632 ----a-w C:\WINDOWS\system32\wmi.dll

2008-04-14 20:48 1,449,472 ----a-w C:\WINDOWS\system32\winntbbu.dll

2008-04-14 20:47 57,375 ----a-w C:\WINDOWS\system32\odbcji32.dll

2008-04-14 20:47 103,424 ----a-w C:\WINDOWS\system32\dpcdll.dll

2008-04-14 20:43 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll

2008-04-14 20:42 3,584 ----a-w C:\WINDOWS\system32\msafd.dll

2008-04-14 20:36 3,584 ----a-w C:\WINDOWS\system32\icmp.dll

2008-04-14 20:35 9,344 ----a-w C:\WINDOWS\system32\framebuf.dll

2008-04-14 20:35 569,856 ----a-w C:\WINDOWS\system32\gpedit.dll

2008-04-14 20:33 3,072 ----a-w C:\WINDOWS\system32\dpnlobby.dll

2008-04-14 20:33 3,072 ----a-w C:\WINDOWS\system32\dpnaddr.dll

2008-04-14 20:33 24,064 ----a-w C:\WINDOWS\system32\pidgen.dll

2008-04-14 20:31 16,896 ----a-w C:\WINDOWS\system32\cfgmgr32.dll

2008-04-14 20:30 285,696 ----a-w C:\WINDOWS\system32\atmfd.dll

2008-04-14 19:59 2,146,816 ----a-w C:\WINDOWS\system32\ntoskrnl.exe

2008-04-14 19:59 2,025,472 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe

2008-04-14 19:55 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll

2008-04-14 19:52 89,600 ------w C:\WINDOWS\system32\msxml6r.dll

2008-04-14 19:50 80,896 ------w C:\WINDOWS\system32\msshavmsg.dll

2008-04-14 19:45 49,664 ----a-w C:\WINDOWS\system32\inetres.dll

2008-04-14 19:43 563,200 ----a-w C:\WINDOWS\system32\shdoclc.dll

2008-04-14 19:37 10,240 ----a-w C:\WINDOWS\system32\gpkrsrc.dll

2008-04-14 19:35 67,584 ----a-w C:\WINDOWS\system32\browselc.dll

2008-04-14 19:35 1,845,888 ----a-w C:\WINDOWS\system32\win32k.sys

2008-04-14 19:32 57,344 ----a-w C:\WINDOWS\system32\mshtmler.dll

2008-04-13 22:15 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys

2008-04-13 22:13 9,728 ------w C:\WINDOWS\system32\comsdupd.exe

2008-04-13 22:13 12,800 ----a-w C:\WINDOWS\system32\spiisupd.exe

2008-04-13 22:10 427,008 ----a-w C:\WINDOWS\system32\xpob2res.dll

2008-04-13 22:08 2,953,216 ----a-w C:\WINDOWS\system32\xpsp2res.dll

2008-04-13 22:05 194,560 ----a-w C:\WINDOWS\system32\xpsp1res.dll

2008-04-13 22:01 7,424 ----a-w C:\WINDOWS\system32\kd1394.dll

2008-04-13 22:00 61,440 ----a-w C:\WINDOWS\system32\msvcrt40.dll

2008-04-13 21:07 208,384 ----a-w C:\WINDOWS\system32\rsaenh.dll

2008-04-13 21:07 138,752 ----a-w C:\WINDOWS\system32\dssenh.dll

2008-04-13 20:56 12,288 ----a-w C:\WINDOWS\system32\odbcp32r.dll

2008-04-13 20:56 12,288 ----a-w C:\WINDOWS\system32\mscpx32r.dll

2008-04-13 20:51 733,696 ----a-w C:\WINDOWS\system32\qedwipes.dll

2008-04-13 20:18 1,647,616 ----a-w C:\WINDOWS\system32\winbrand.dll

2008-04-13 20:15 216,064 ----a-w C:\WINDOWS\system32\moricons.dll

2008-04-13 19:53 48,128 ----a-w C:\WINDOWS\system32\msprivs.dll

2008-04-13 19:09 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2008-01-08 19:53 8523776]

“RemoteControl”=“C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” [2003-10-31 19:42 32768]

“NeroFilterCheck”=“C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe” [2007-03-01 15:57 153136]

“NvMediaCenter”=“C:\WINDOWS\system32\NvMcTray.dll” [2008-01-08 19:53 81920]

“WooCnxMon”=“C:\PROGRA~1\NEOSTR~1\CnxMon.exe” [2003-10-16 19:07 24576]

“SpeedTouch USB Diagnostics”=“C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” [2004-01-26 11:38 866816]

“WOOWATCH”=“C:\PROGRA~1\NEOSTR~1\Watch.exe” [2003-10-16 19:07 20480]

“WOOTASKBARICON”=“C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe” [2003-10-16 19:07 53248]

“BDMCon”=“C:\Program Files\Softwin\BitDefender10\bdmcon.exe” [2006-11-21 15:58 286720]

“BDAgent”=“C:\Program Files\Softwin\BitDefender10\bdagent.exe” [2006-10-11 17:22 49152]

“RTHDCPL”=“RTHDCPL.EXE” [2007-09-19 12:14 16844800 C:\WINDOWS\RTHDCPL.exe]

“nwiz”=“nwiz.exe” [2008-01-08 19:53 1626112 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2008-04-14 22:51 15360]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\

Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 02:48:00 40048]

Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 01:01:00 734872]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

“AppInit_DLLs”=sockspy.dll

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

“%windir%\system32\sessmgr.exe”=

“%windir%\Network Diagnostic\xpnetdiag.exe”=

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

“21343:TCP”= 21343:TCP:BitComet 21343 TCP

“21343:UDP”= 21343:UDP:BitComet 21343 UDP

R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2007-02-02 16:40]

*Newly Created Service* - CATCHME

.

- - - ORPHANS REMOVED - - - -

HKCU-Run-WITaj! - C:\Program Files\WITaj!\Wit2000.exe

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-07 22:54:47

Windows 5.1.2600 Dodatek Service Pack 3 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully

hidden files: 0

Gutek · 7 Lipiec 2008 20:12

Zastosuj się do tego Tematu i zmień tytuł tematu na konkretny inaczej KOSZ

Pozdrawiam Gutek2222

Zmiana zasad wklejania logów na forum - viewtopic.php?f=16&t=253052

W HJT nic nie widać - Daj log z ComboFix