Bardzo proszę o sprawdzenie logów
Witam,
Od kilku dni mam ogromne problemy z komputerem i aplikacjami. Częściowo poczyściłem go Kasperskym i Avastem ale czuję, że mimo to coś nie jest tak jak potrzeba.
[b]HijackThis[/b]
[code]Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:27:18, on 2008-06-22
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ASWLSVC.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\ASWL2K.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\Logitech\Video\AlbumDB2.exe
C:\PROGRA~1\Logitech\Video\FxSvr2.exe
C:\HiJack\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = w3cache.icm.edu.pl:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: ChrisTV Add-on Toolbar - {1192a62b-4dbc-4d1f-b54e-d820a1be76be} - C:\Program Files\ChrisTV_Add-on\tbChr1.dll
O2 - BHO: (no name) - p?Ą49E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: ChrisTV Add-on Toolbar - {1192a62b-4dbc-4d1f-b54e-d820a1be76be} - C:\Program Files\ChrisTV_Add-on\tbChr1.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: (no name) - ?Ą8ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - đ?Ą3E430-B101-42AD-A544-FADC6B084872} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: ChrisTV Add-on Toolbar - {1192a62b-4dbc-4d1f-b54e-d820a1be76be} - C:\Program Files\ChrisTV_Add-on\tbChr1.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Microsoft Windows Update] C:\WINDOWS\ServicePackFiles\i386\wuauclt.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: ATI CATALYST – pasek zadań.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O8 - Extra context menu item: Dodaj do blokowanych banerów - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Locate Spot on Map by GPS - C:\Program Files\Opanda\IExif 2.25\IExifMap.htm
O8 - Extra context menu item: View Exif/GPS/IPTC with IExif - C:\Program Files\Opanda\IExif 2.25\IExifCom.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Statystyki dla ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Utwórz Ulubione dla urządzenia przenośnego... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mks.com.pl
O15 - Trusted Zone: http://skaner.mks.com.pl
O15 - Trusted Zone: http://www.fotofan.net
O15 - Trusted Zone: http://www.istock.com
O16 - DPF: {5A09E43F-A0A7-4ABF-AF80-11367CF1DC8F} (MainControl Class) - http://mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://submit.shutterstock.com/ImageUploader4.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://submit.shutterstock.com/ImageUploader3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FC11A119-C2F7-46F4-9E32-937ABA26816E} (AMI DicomDir TreeView Control 2.1) - file://C:\Tomografia\CDVIEWER\CdViewer.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ASWLSVC - Unknown owner - C:\WINDOWS\system32\ASWLSVC.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Kaspersky Internet Security Home Edition 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
--
End of file - 10609 bytes
[/code]
[b]DRUGI z COMBOfixa[/b]
[code]ComboFix 08-06-20.4 - Jastrząb 2008-06-22 20:29:48.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.2489 [GMT 2:00]
Running from: C:\ComboFix.exe
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((( Files Created from 2008-05-22 to 2008-06-22 )))))))))))))))))))))))))))))))
.
2008-06-22 20:26 . 2008-06-22 20:26 3,647,463 --a------ C:\setup_christv_5_20_pro.exe
2008-06-22 19:05 . 2008-06-22 18:54 2,037,114 --a------ C:\ComboFix.exe
2008-06-22 19:04 . 2008-06-22 20:27 d-------- C:\HiJack
2008-06-22 18:43 . 2008-06-22 18:43 1,003,051 --a------ C:\wincs3clean.zip
2008-06-21 08:51 . 2008-06-21 08:51 3,367,049 --a------ C:\setup_christv_5_20_lite.exe
2008-06-21 08:35 . 2008-06-21 08:35 d-------- C:\Program Files\Bonjour
2008-06-21 08:25 . 2008-06-21 08:25 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-06-20 22:40 . 2008-06-20 22:46 96,966 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-06-20 22:40 . 2008-06-20 22:46 88,774 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-06-20 22:39 . 2008-06-20 22:39 d-------- C:\Program Files\Kaspersky Lab
2008-06-20 22:39 . 2008-06-22 20:21 d-------- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2008-06-20 22:39 . 2008-06-22 20:35 10,531,616 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-20 22:39 . 2008-06-22 20:35 238,368 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-06-20 22:39 . 2008-06-22 20:12 149,228 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-06-20 22:39 . 2008-06-22 20:12 25,172 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-06-20 17:26 . 2008-06-20 17:26 d-------- C:\Program Files\Alwil Software
2008-06-20 16:11 . 2008-06-20 16:11 24,345,968 --a------ C:\setuppol.exe
2008-06-20 12:32 . 2008-06-20 13:01 d-------- C:\WinCS3Clean
2008-06-20 08:18 . 2008-06-20 08:18 7,413,768 --a------ C:\skanuj0001.tif
2008-06-20 07:55 . 2008-06-20 07:56 d-------- C:\AAAAAAAAAAAAAAAA
2008-06-20 07:36 . 2008-06-20 07:36 20,112 --a------ C:\Default Actions.atn
2008-06-20 07:36 . 2008-06-20 07:36 6,965 --a------ C:\DH BENCH.atn
2008-06-20 07:35 . 2008-06-20 07:35 23,014 --a------ C:\MOJE.atn
2008-06-20 07:35 . 2008-06-20 07:35 8,892 --a------ C:\Default Actions1.atn
2008-06-17 17:44 . 2008-06-17 17:44 2,551,704 --a------ C:\DScaler4.1.17.exe
2008-06-17 17:35 . 2008-06-17 17:35 876,000 --a------ C:\DScaler4115.exe
2008-06-15 17:55 . 2008-06-15 23:04 20 ---h----- C:\Documents and Settings\All Users\Dane aplikacji\PKP_DLbz.DAT
2008-06-15 17:46 . 2008-06-21 08:24 d-------- C:\Adobe Photoshop CS3 Extended
2008-06-15 16:35 . 2008-06-15 16:35 d-------- C:\WINDOWS\system32\pl
2008-06-15 16:35 . 2008-06-15 16:35 d-------- C:\WINDOWS\system32\bits
2008-06-15 16:35 . 2008-06-15 16:35 d-------- C:\WINDOWS\l2schemas
2008-06-15 16:31 . 2008-06-15 16:36 d-------- C:\WINDOWS\ServicePackFiles
2008-06-15 13:56 . 2004-08-03 22:29 25,471 --------- C:\WINDOWS\system32\drivers\watv10nt.sys
2008-06-15 13:56 . 2004-08-03 22:29 22,271 --------- C:\WINDOWS\system32\drivers\watv06nt.sys
2008-06-15 13:56 . 2004-08-03 22:29 11,935 --------- C:\WINDOWS\system32\drivers\wadv11nt.sys
2008-06-15 13:56 . 2004-08-03 22:29 11,871 --------- C:\WINDOWS\system32\drivers\wadv09nt.sys
2008-06-15 13:56 . 2004-08-03 22:29 11,807 --------- C:\WINDOWS\system32\drivers\wadv07nt.sys
2008-06-15 13:56 . 2004-08-03 22:29 11,295 --------- C:\WINDOWS\system32\drivers\wadv08nt.sys
2008-06-15 13:54 . 2004-08-04 00:35 327,040 --------- C:\WINDOWS\system32\drivers\ati2mtaa.sys
2008-06-15 13:45 . 2008-06-15 16:39 d-------- C:\WINDOWS\system32\CatRoot_bak
2008-06-11 15:08 . 2008-06-14 19:36 273,024 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 15:08 . 2008-06-14 19:36 273,024 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-11 15:08 . 2008-05-08 16:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-22 22:19 . 2008-05-22 22:19 d-------- C:\Documents and Settings\Jastrząb\Dane aplikacji\Palettes
2008-05-22 22:19 . 2008-05-22 22:19 d-------- C:\Documents and Settings\Jastrząb\Dane aplikacji\CorelDRAW 11
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-22 18:26 --------- d-----w C:\Program Files\ChrisTV Lite
2008-06-21 06:35 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-20 20:47 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-06-20 19:23 --------- d-----w C:\Program Files\Norton SystemWorks
2008-06-20 19:23 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-20 19:21 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Symantec
2008-06-20 19:10 --------- d-----w C:\Program Files\Symantec
2008-06-20 19:08 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\FLEXnet
2008-06-15 20:48 --------- d-----w C:\Program Files\Tweak-XP Pro 4
2008-06-15 15:55 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Ultima_T15
2008-06-15 15:55 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\EnterNHelp
2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:12 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-06 06:37 --------- d-----w C:\Program Files\Torrent Master
2008-05-05 18:27 20 ---h--w C:\Documents and Settings\All Users\Dane aplikacji\PKP_DLea.DAT
2008-04-23 07:20 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-14 20:51 11,264 ----a-w C:\WINDOWS\system32\spnpinst.exe
2008-04-14 20:50 997,888 ----a-w C:\WINDOWS\system32\setupapi.dll
2008-04-14 20:50 424,960 ----a-w C:\WINDOWS\system32\licdll.dll
2008-04-14 18:11 3,061,518 ----a-w C:\Setup_MagicISO.exe
2008-04-14 17:46 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 17:26 332,288 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 17:22 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll
2008-04-14 17:22 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 17:22 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll
2008-04-14 17:20 999,936 ----a-w C:\WINDOWS\system32\syssetup.dll
2008-04-14 17:19 98,304 ----a-w C:\WINDOWS\system32\actxprxy.dll
2008-04-14 17:18 5,632 ----a-w C:\WINDOWS\system32\wmi.dll
2008-04-14 17:18 1,449,472 ----a-w C:\WINDOWS\system32\winntbbu.dll
2008-04-14 17:17 57,375 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-04-14 17:17 103,424 ----a-w C:\WINDOWS\system32\dpcdll.dll
2008-04-14 17:13 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll
2008-04-14 17:12 3,584 ----a-w C:\WINDOWS\system32\msafd.dll
2008-04-14 17:06 3,584 ----a-w C:\WINDOWS\system32\icmp.dll
2008-04-14 17:05 9,344 ----a-w C:\WINDOWS\system32\framebuf.dll
2008-04-14 17:05 569,856 ----a-w C:\WINDOWS\system32\gpedit.dll
2008-04-14 17:03 3,072 ----a-w C:\WINDOWS\system32\dpnlobby.dll
2008-04-14 17:03 3,072 ----a-w C:\WINDOWS\system32\dpnaddr.dll
2008-04-14 17:03 24,064 ----a-w C:\WINDOWS\system32\pidgen.dll
2008-04-14 17:01 16,896 ----a-w C:\WINDOWS\system32\cfgmgr32.dll
2008-04-14 17:00 285,696 ----a-w C:\WINDOWS\system32\atmfd.dll
2008-04-14 16:29 2,146,816 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-14 16:29 2,025,472 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-14 16:25 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll
2008-04-14 16:22 89,600 ------w C:\WINDOWS\system32\msxml6r.dll
2008-04-14 16:20 80,896 ------w C:\WINDOWS\system32\msshavmsg.dll
2008-04-14 16:15 49,664 ----a-w C:\WINDOWS\system32\inetres.dll
2008-04-14 16:13 563,200 ----a-w C:\WINDOWS\system32\shdoclc.dll
2008-04-14 16:07 10,240 ----a-w C:\WINDOWS\system32\gpkrsrc.dll
2008-04-14 16:05 67,584 ----a-w C:\WINDOWS\system32\browselc.dll
2008-04-14 16:05 1,845,888 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-14 15:59 8,192 ----a-w C:\WINDOWS\system32\asferror.dll
2008-04-13 18:44 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys
2008-04-13 18:43 9,728 ------w C:\WINDOWS\system32\comsdupd.exe
2008-04-13 18:43 12,800 ----a-w C:\WINDOWS\system32\spiisupd.exe
2008-04-13 18:40 427,008 ----a-w C:\WINDOWS\system32\xpob2res.dll
2008-04-13 18:37 2,953,216 ----a-w C:\WINDOWS\system32\xpsp2res.dll
2008-04-13 18:35 194,560 ----a-w C:\WINDOWS\system32\xpsp1res.dll
2008-04-13 18:31 7,424 ----a-w C:\WINDOWS\system32\kd1394.dll
2008-04-13 18:30 61,440 ----a-w C:\WINDOWS\system32\msvcrt40.dll
2008-04-13 17:37 208,384 ----a-w C:\WINDOWS\system32\rsaenh.dll
2008-04-13 17:37 138,752 ----a-w C:\WINDOWS\system32\dssenh.dll
2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\odbcp32r.dll
2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\mscpx32r.dll
2008-04-13 17:21 733,696 ----a-w C:\WINDOWS\system32\qedwipes.dll
2008-04-13 16:48 1,647,616 ----a-w C:\WINDOWS\system32\winbrand.dll
2008-04-13 16:45 216,064 ----a-w C:\WINDOWS\system32\moricons.dll
2008-04-13 16:23 48,128 ----a-w C:\WINDOWS\system32\msprivs.dll
2008-04-13 15:39 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll
2008-04-07 17:47 26,941,224 ----a-w C:\hp_72_enu_nonet.exe
2008-03-25 04:52 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:52 178,976 ----a-w C:\WINDOWS\system32\msjint40.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1192a62b-4dbc-4d1f-b54e-d820a1be76be}]
2007-12-18 00:29 1502232 --a------ C:\Program Files\ChrisTV_Add-on\tbChr1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1192A62B-4DBC-4D1F-B54E-D820A1BE76BE}"= "C:\Program Files\ChrisTV_Add-on\tbChr1.dll" [2007-12-18 00:29 1502232]
[HKEY_CLASSES_ROOT\clsid\{1192a62b-4dbc-4d1f-b54e-d820a1be76be}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{1192A62B-4DBC-4D1F-B54E-D820A1BE76BE}"= C:\Program Files\ChrisTV_Add-on\tbChr1.dll [2007-12-18 00:29 1502232]
[HKEY_CLASSES_ROOT\clsid\{1192a62b-4dbc-4d1f-b54e-d820a1be76be}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2005-09-15 15:43 1712128]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 15:57 1289000]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-22 07:56 68856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 19:21 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2005-05-25 23:37 14477312 C:\WINDOWS\RTHDCPL.EXE]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 10:50 19968 C:\WINDOWS\LOGI_MWX.EXE]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-28 22:05 344064]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-06-29 02:09 32768]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 16:46 172032]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-03 18:35 282624]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 19:21 15360]
C:\Documents and Settings\All Users\Menu Start\Programy\AutostartATI CATALYST - pasek zadaä.lnk - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe [2005-06-29 02:09:28 32768]
TabUserW.exe.lnk - C:\WINDOWS\system32\WTablet\TabUserW.exe [2006-10-23 22:54:48 114688]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"SENTINEL"= snti386.dll
"msacm.enc"= ITIG726.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 PenClass;Pen Class;C:\WINDOWS\system32\Drivers\PenClass.sys [2005-11-30 06:50]
R1 LUMDriver;LUMDriver;C:\WINDOWS\system32\drivers\LUMDriver.sys [2003-07-11 15:22]
R2 P1C1394;Phase One 1394 Camera Driver;C:\WINDOWS\system32\Drivers\p1c1394.sys [2005-10-27 16:27]
R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2005-04-08 12:25]
R3 ASNDIS5;ASNDIS5 Protocol Driver;C:\WINDOWS\system32\ASNDIS5.SYS [2002-09-09 19:54]
R3 CB55N51;Marvell Libertas 802.11a/b/g Driver for Windows XP (CB55);C:\WINDOWS\system32\DRIVERS\CB55N51.sys [2005-04-16 17:26]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]
S3 MosIrUsb;MosIrUsb.sys;C:\WINDOWS\system32\DRIVERS\MosIrUsb.sys [2004-04-14 15:52]
S3 NAL;Nal Service ;C:\WINDOWS\system32\Drivers\iqvw32.sys [2005-03-16 10:43]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\N]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(&0)\command - N:\Recycled\ctfmon.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\O]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(&0)\command - O:\Recycled\ctfmon.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\P]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(&0)\command - P:\Recycled\ctfmon.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\Q]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(&0)\command - Q:\Recycled\ctfmon.exe
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2007-07-27 18:29:44 C:\WINDOWS\Tasks\command.job"
- C:\Program Files\Tweak-XP Pro 4\command.ex
- C:\Program Files\Tweak-XP Pro 4
"2007-07-19 08:37:44 C:\WINDOWS\Tasks\Run VNC Server.job"
- C:\Program Files\RealVNC\VNC4\winvnc4.exe
"2008-06-22 16:46:29 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-22 20:35:21
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-06-22 20:37:15
ComboFix-quarantined-files.txt 2008-06-22 18:36:56
Pre-Run: 8,625,397,760 bajtów wolnych
Post-Run: 26,513,743,872 bajtów wolnych
231 --- E O F --- 2008-06-20 05:06:20
[/code]
Będę wdzięczny za sprawdzenie i ewentualne rady co dalej.
Z góry dziękuję
Sławek
Odpowiedzi: 0
Strona 0 / 0