x-kom hosting

Proszę o sprawdzenie loga

#john
utworzono
utworzono (edytowane)

ComboFix:

ComboFix 09-05-13.02 - Gwóźdź 2009-05-14 17:02.1 - [b]FAT32[/b]x86Microsoft Windows XP Professional  5.1.2600.3.1250.48.1045.18.2046.1649 [GMT 2:00]Uruchomiony z: c:\documents and settings\Gwóźdź\Pulpit\ComboFix.exeUWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!.(((((((((((((((((((((((((   Pliki utworzone od 2009-04-14 do 2009-05-14  ))))))))))))))))))))))))))))))).2009-05-14 14:55 . 2009-05-14 14:55	--------	d-sh--w	C:\FOUND.0112009-05-14 07:23 . 2009-05-14 07:23	--------	d-sh--w	C:\FOUND.0102009-05-13 21:56 . 2009-05-13 21:56	--------	d-----w	c:\program files\WLAN2009-05-13 19:26 . 2009-05-13 19:26	--------	d-----w	c:\program files\MSXML 4.02009-05-13 07:48 . 2009-05-13 07:48	--------	d-----w	c:\program files\NAPI-PROJEKT2009-05-13 07:47 . 2009-05-13 07:47	--------	d-----w	c:\program files\ffdshow2009-05-13 07:23 . 2009-05-13 07:23	--------	d-sh--w	C:\FOUND.0092009-05-12 21:11 . 2009-05-12 21:11	--------	d-----w	c:\program files\Common Files\HP2009-05-12 21:11 . 2009-05-12 21:11	--------	d-----w	c:\program files\Hewlett-Packard2009-05-12 21:10 . 2009-05-12 21:10	--------	d-----w	c:\windows\system32\URTTEMP2009-05-12 21:08 . 2009-05-12 21:09	--------	d-----w	c:\program files\HP2009-05-12 21:08 . 2009-05-12 21:13	47883	----a-w	c:\windows\hpiins01.dat2009-05-12 21:08 . 2005-04-26 10:36	0	------w	c:\windows\hpimdl01.dat2009-05-12 19:37 . 2009-05-12 19:37	--------	d-sh--w	C:\FOUND.0082009-05-12 16:52 . 2009-05-12 16:52	--------	d-----w	c:\windows\Sun2009-05-12 16:50 . 2009-05-12 16:50	--------	d-----w	c:\program files\Java2009-05-12 16:50 . 2009-05-12 16:50	--------	d-----w	c:\program files\Common Files\Java2009-05-12 16:38 . 2009-05-12 16:38	--------	d-----w	c:\program files\cFosSpeed2009-05-12 14:09 . 2009-05-12 14:09	--------	d-----w	c:\program files\xp-AntiSpy2009-05-12 13:27 . 2009-05-12 13:27	--------	d-sh--w	C:\FOUND.0072009-05-12 13:26 . 2007-01-18 12:00	3968	----a-w	c:\windows\system32\drivers\AvgArCln.sys2009-05-12 12:44 . 2009-05-12 12:44	--------	d-sh--w	C:\FOUND.0062009-05-12 11:03 . 2009-05-12 11:03	--------	d-sh--w	C:\FOUND.0052009-05-12 10:14 . 2009-05-12 10:14	--------	d-----w	c:\program files\Lavalys2009-05-12 09:10 . 2009-05-12 09:10	--------	d-sh--w	C:\FOUND.0042009-05-11 18:19 . 2009-05-11 18:19	--------	d-sh--w	C:\FOUND.0032009-05-11 16:11 . 2008-04-13 22:15	26368	----a-w	c:\windows\system32\dllcache\usbstor.sys2009-05-11 15:15 . 2009-05-11 15:15	--------	d-sh--w	C:\FOUND.0022009-05-11 15:11 . 2009-05-11 15:11	--------	d-sh--w	C:\FOUND.0012009-05-11 12:14 . 2009-05-11 12:14	--------	d-sh--w	C:\FOUND.0002009-05-11 12:12 . 2009-05-11 12:12	--------	d-----w	c:\program files\Common Files\Adobe2009-05-11 08:17 . 2008-06-14 17:36	273024	------w	c:\windows\system32\dllcache\bthport.sys2009-05-11 08:05 . 2008-05-08 14:02	203136	------w	c:\windows\system32\dllcache\rmcast.sys2009-05-11 08:04 . 2008-10-24 11:21	455296	------w	c:\windows\system32\dllcache\mrxsmb.sys2009-05-11 08:04 . 2008-12-11 10:57	333952	------w	c:\windows\system32\dllcache\srv.sys2009-05-11 08:04 . 2008-05-01 14:37	331776	------w	c:\windows\system32\dllcache\msadce.dll2009-05-11 08:03 . 2008-04-11 19:06	691712	------w	c:\windows\system32\dllcache\inetcomm.dll2009-05-11 07:55 . 2008-10-15 16:36	337408	------w	c:\windows\system32\dllcache\netapi32.dll2009-05-11 07:55 . 2008-09-04 17:17	1106944	------w	c:\windows\system32\dllcache\msxml3.dll2009-05-11 07:54 . 2008-04-21 21:16	218112	------w	c:\windows\system32\dllcache\wordpad.exe2009-05-11 07:53 . 2009-02-06 10:10	227840	------w	c:\windows\system32\dllcache\wmiprvse.exe2009-05-11 07:53 . 2009-02-09 11:26	2190336	------w	c:\windows\system32\dllcache\ntoskrnl.exe2009-05-11 07:53 . 2009-03-06 14:22	285696	------w	c:\windows\system32\dllcache\pdh.dll2009-05-11 07:53 . 2009-02-09 11:25	111104	------w	c:\windows\system32\dllcache\services.exe2009-05-11 07:53 . 2009-02-09 10:53	401408	------w	c:\windows\system32\dllcache\rpcss.dll2009-05-11 07:53 . 2009-02-09 10:53	473600	------w	c:\windows\system32\dllcache\fastprox.dll2009-05-11 07:53 . 2009-02-09 10:53	686592	------w	c:\windows\system32\dllcache\advapi32.dll2009-05-11 07:53 . 2009-02-09 10:53	731136	------w	c:\windows\system32\dllcache\lsasrv.dll2009-05-11 07:53 . 2009-02-09 10:53	453120	------w	c:\windows\system32\dllcache\wmiprvsd.dll2009-05-11 07:53 . 2009-02-09 10:53	722944	------w	c:\windows\system32\dllcache\ntdll.dll2009-05-11 07:53 . 2009-02-09 11:26	2146816	------w	c:\windows\system32\dllcache\ntkrnlmp.exe2009-05-11 07:53 . 2009-02-09 11:26	2025472	------w	c:\windows\system32\dllcache\ntkrpamp.exe2009-05-10 21:49 . 2009-05-10 21:49	--------	d--h--w	c:\windows\$hf_mig$2009-05-10 21:40 . 2009-05-10 21:40	0	----a-w	c:\windows\nsreg.dat2009-05-09 22:20 . 2009-05-09 22:20	--------	d-----w	C:\Downloads2009-05-09 21:11 . 2009-05-09 21:11	--------	d-----w	c:\program files\Nowe Gadu-Gadu2009-05-09 21:08 . 2003-03-18 18:14	499712	----a-w	c:\windows\system32\MSVCP71.dll2009-05-09 21:08 . 2003-02-21 02:42	348160	----a-w	c:\windows\system32\MSVCR71.dll2009-05-09 21:08 . 2003-03-18 19:20	1060864	----a-w	c:\windows\system32\MFC71.dll2009-05-09 21:08 . 2009-05-09 21:08	--------	d-----w	c:\program files\Alwil Software2009-05-09 21:02 . 2003-10-31 07:47	61056	----a-w	c:\windows\system32\drivers\rt2400.sys2009-05-09 21:02 . 2003-09-03 08:12	86016	----a-w	c:\windows\system32\install.dll2009-05-09 21:02 . 2003-08-29 13:55	28672	----a-w	c:\windows\system32\CCS24.exe2009-05-09 21:02 . 2002-05-24 07:44	36864	----a-w	c:\windows\system32\WRLSetup.exe2009-05-09 21:02 . 2003-06-24 09:22	32768	----a-w	c:\windows\system32\SmartInstallCfg2.dll2009-05-09 21:02 . 2003-05-21 08:17	45056	----a-w	c:\windows\system32\DEDriverDLL.dll2009-05-09 21:02 . 2004-03-18 13:07	397312	----a-w	c:\windows\system32\RaConfig.exe2009-05-09 21:02 . 2009-05-09 21:02	--------	d-----w	c:\program files\RALINK2009-05-09 21:01 . 2009-05-09 21:01	--------	d-----w	c:\documents and settings\All Users\Dane aplikacji\ATI2009-05-09 21:01 . 2007-10-11 09:10	30008	----a-w	c:\windows\system32\drivers\ET5Drv.sys2009-05-09 21:01 . 2009-05-09 21:01	0	----a-w	c:\windows\ativpsrm.bin.((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-05-14 15:03 . 2009-05-09 20:43	16608	----a-w	c:\windows\gdrv.sys2009-05-13 19:26 . 2001-10-26 16:15	79386	----a-w	c:\windows\system32\perfc015.dat2009-05-13 19:26 . 2001-10-26 16:15	457230	----a-w	c:\windows\system32\perfh015.dat2009-05-12 14:51 . 2004-08-03 21:14	361600	----a-w	c:\windows\system32\drivers\tcpip.sys2009-05-09 20:56 . 2009-05-09 20:56	--------	d-----w	c:\program files\Common Files\ATI Technologies2009-05-09 20:53 . 2009-05-09 20:53	--------	d-----w	c:\program files\ATI Technologies2009-05-09 20:49 . 2009-05-09 20:49	--------	d-----w	c:\program files\Realtek2009-05-09 20:49 . 2009-05-09 20:49	315392	----a-w	c:\windows\HideWin.exe2009-05-09 20:46 . 2009-05-09 20:46	--------	d-----w	c:\program files\Intel2009-05-09 20:45 . 2009-05-09 20:45	--------	d--h--w	c:\program files\InstallShield Installation Information2009-05-09 20:45 . 2009-05-09 20:45	--------	d-----w	c:\program files\GIGABYTE2009-05-09 20:45 . 2009-05-09 20:45	--------	d-----w	c:\program files\Common Files\InstallShield2009-05-09 20:36 . 2009-05-09 20:14	86327	----a-w	c:\windows\pchealth\helpctr\OfflineCache\index.dat2009-05-09 20:14 . 2009-05-09 20:14	--------	d-----w	c:\program files\microsoft frontpage2009-05-09 20:14 . 2001-07-21 22:36	67	--sha-w	c:\windows\Fonts\desktop.ini2009-05-09 20:13 . 2009-05-09 20:13	--------	d-----w	c:\program files\Usługi online2009-05-09 20:12 . 2009-05-09 20:11	21856	----a-w	c:\windows\system32\emptyregdb.dat2009-03-06 14:22 . 2004-08-03 22:44	285696	----a-w	c:\windows\system32\pdh.dll2009-02-20 08:12 . 2004-08-03 22:44	668672	----a-w	c:\windows\system32\wininet.dll2009-02-20 08:12 . 2004-08-03 22:44	81920	----a-w	c:\windows\system32\ieencode.dll.(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]"Nowe Gadu-Gadu"="c:\program files\Nowe Gadu-Gadu\gg.exe" [2009-02-06 9302632][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"GEST"="c:\program files\GIGABYTE\GEST\RUN.exe" [2007-12-14 236040]"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]"WinampAgent"="f:\progam files 2\Winamp\winampa.exe" [2007-10-10 36352]"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-02-13 16857600][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]c:\documents and settings\All Users\Menu Start\Programy\Autostart\HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-4 53248]HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]WConfig.lnk - c:\program files\WLAN\WConfig\WConfig.exe [2009-5-13 385024][HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusOverride"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="f:\\Progam Files 2\\BitComet\\BitComet.exe"="d:\\Program Files\\Counter-Strike 1.6\\hl.exe"="c:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"13969:TCP"= 13969:TCP:BitComet 13969 TCP"13969:UDP"= 13969:UDP:BitComet 13969 UDP"3128:TCP"= 3128:TCP:BitComet 3128 TCP"3128:UDP"= 3128:UDP:BitComet 3128 UDPR3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2009-05-09 89600]R3 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\GEST\GSvr.exe [2009-05-09 47624]S3 RT2400;RT2400 Wireless Driver;c:\windows\system32\drivers\rt2400.sys [2009-05-09 61056][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9fc609cc-3f22-11de-b832-000df3034a83}]\Shell\AutoRun\command - I:\w.com\Shell\open\Command - I:\w.com..------- Skan uzupełniający -------.uStart Page = hxxp://onet.pl/uInternet Settings,ProxyServer = 10.58.23:3128IE: Pobierz wszystkie VIdeo za pomocą BitComet - f:\progam files 2\BitComet\BitComet.exe/AddVideo.htmIE: Pobierz wszystko za pomocą BitComet - f:\progam files 2\BitComet\BitComet.exe/AddAllLink.htmIE: Pobierz za pomocą BitComet - f:\progam files 2\BitComet\BitComet.exe/AddLink.htmTCP: {D69D6A14-A04A-4052-9BFB-44312902DB84} = 194.204.159.1FF - ProfilePath - c:\documents and settings\Gwóźdź\Dane aplikacji\Mozilla\Firefox\Profiles\atd63xtz.default\FF - prefs.js: browser.startup.homepage - hxxp://www.onet.pl/.**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-05-14 17:03Windows 5.1.2600 Dodatek Service Pack 3 FAT NTAPIskanowanie ukrytych procesów ...  skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ...  skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************.--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------- - - - - - - > 'winlogon.exe'(576)c:\windows\system32\Ati2evxx.dll.Czas ukończenia: 2009-05-14 17:03ComboFix-quarantined-files.txt  2009-05-14 15:03Przed: 11 356 569 600 bajtów wolnychPo: 11 366 678 528 bajtów wolnych175	--- E O F ---	2009-05-13 19:27

Hijack:

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 17:07:18, on 2009-05-14Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\GIGABYTE\GEST\GSvr.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\RTHDCPL.EXEF:\Progam Files 2\Winamp\winampa.exeC:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exeC:\Program Files\Java\jre1.6.0_07\bin\jusched.exeC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files\WLAN\WConfig\WConfig.exeC:\Program Files\GIGABYTE\GEST\gest.exeC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exeC:\Program Files\HP\Digital Imaging\bin\hpqgalry.exeC:\WINDOWS\system32\wuauclt.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://onet.pl/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.58.23:3128R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ŁączaO2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - F:\Progam Files 2\BitComet\tools\BitCometBHO_1.3.3.2.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO4 - HKLM\..\Run: [GEST] C:\Program Files\GIGABYTE\GEST\RUN.exeO4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXEO4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRunO4 - HKLM\..\Run: [WinampAgent] "F:\Progam Files 2\Winamp\winampa.exe"O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [Nowe Gadu-Gadu] "C:\Program Files\Nowe Gadu-Gadu\gg.exe"O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - Startup: BLUE NETSOFT Połączenie z internetem.lnk = ?O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exeO4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeO4 - Global Startup: WConfig.lnk = ?O8 - Extra context menu item: Pobierz wszystkie VIdeo za pomocą BitComet - res://F:\Progam Files 2\BitComet\BitComet.exe/AddVideo.htmO8 - Extra context menu item: Pobierz wszystko za pomocą BitComet - res://F:\Progam Files 2\BitComet\BitComet.exe/AddAllLink.htmO8 - Extra context menu item: Pobierz za pomocą BitComet - res://F:\Progam Files 2\BitComet\BitComet.exe/AddLink.htmO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://F:\Progam Files 2\BitComet\tools\BitCometBHO_1.3.3.2.dll/206 (file missing)O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO17 - HKLM\System\CCS\Services\Tcpip\..\{D69D6A14-A04A-4052-9BFB-44312902DB84}: NameServer = 194.204.159.1O17 - HKLM\System\CCS\Services\Tcpip\..\{ECDF6BE5-860F-484F-8507-70B8F23B30F4}: NameServer = 10.0.0.1 10.0.0.1O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exeO23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\GEST\GSvr.exe--End of file - 5331 bytes

Silent Runners:

"Silent Runners.vbs", revision 59, http://www.silentrunners.org/Operating System: Windows XPOutput limited to non-default values, except where indicated by "{++}"Startup items buried in registry:---------------------------------HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]"Nowe Gadu-Gadu" = ""C:\Program Files\Nowe Gadu-Gadu\gg.exe"" ["GG Network S.A."]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}"GEST" = "C:\Program Files\GIGABYTE\GEST\RUN.exe" [empty string]"RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."]"StartCCC" = ""C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun" ["Advanced Micro Devices, Inc."]"WinampAgent" = ""F:\Progam Files 2\Winamp\winampa.exe"" [null data]"Adobe Reader Speed Launcher" = ""C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"" ["Adobe Systems Incorporated"]"SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"" ["Sun Microsystems, Inc."]"HP Software Update" = ""C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"" ["Hewlett-Packard Company"]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\(Default) = "AcroIEHelperStub"  -> {HKLM...CLSID} = "Adobe PDF Link Helper"				   \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll" ["Adobe Systems Incorporated"]{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}\(Default) = "BitComet ClickCapture"  -> {HKLM...CLSID} = "BitComet Helper"				   \InProcServer32\(Default) = "F:\Progam Files 2\BitComet\tools\BitCometBHO_1.3.3.2.dll" ["BitComet"]{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)  -> {HKLM...CLSID} = "SSVHelper Class"				   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll" ["Sun Microsystems, Inc."]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"  -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"				   \InProcServer32\(Default) = "deskpan.dll" [file not found]"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"				   \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"  -> {HKLM...CLSID} = "WinRAR"				   \InProcServer32\(Default) = "F:\Progam Files 2\WinRar\rarext.dll" [null data]HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\<<!>> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"  -> {HKLM...CLSID} = "PDF Shell Extension"				   \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"  -> {HKLM...CLSID} = "WinRAR"				   \InProcServer32\(Default) = "F:\Progam Files 2\WinRar\rarext.dll" [null data]HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"  -> {HKLM...CLSID} = "WinRAR"				   \InProcServer32\(Default) = "F:\Progam Files 2\WinRar\rarext.dll" [null data]HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"  -> {HKLM...CLSID} = "WinRAR"				   \InProcServer32\(Default) = "F:\Progam Files 2\WinRar\rarext.dll" [null data]Default executables:--------------------<<!>> HKLM\SOFTWARE\Classes\.com\(Default) = "ComFile"Group Policies {GPedit.msc branch and setting}:-----------------------------------------------Note: detected settings may not have any effect.HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\"NoDrives" = (REG_DWORD) dword:0x00000000{unrecognized setting}HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\"HonorAutoRunSetting" = (REG_DWORD) dword:0x00000001{unrecognized setting}"NoDrives" = (REG_DWORD) dword:0x00000000{unrecognized setting}HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|Shutdown: Allow system to be shut down without having to log on}"undockwithoutlogon" = (REG_DWORD) dword:0x00000001{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|Devices: Allow undock without having to log on}"DisableRegistryTools" = (REG_DWORD) dword:0x00000000{unrecognized setting}Active Desktop and Wallpaper:-----------------------------Active Desktop may be disabled at this entry:HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellStateDisplayed if Active Desktop enabled and wallpaper not set by Group Policy:HKCU\Software\Microsoft\Internet Explorer\Desktop\General\"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"Displayed if Active Desktop disabled and wallpaper not set by Group Policy:HKCU\Control Panel\Desktop\"Wallpaper" = "C:\Documents and Settings\Gwóźdź\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"Windows Portable Device AutoPlay Handlers-----------------------------------------HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\HPUnloadAutoplay\"Provider" = "HP Image Zone""InvokeProgID" = "HpqUnApl.Autoplay""InvokeVerb" = "Play"HKLM\SOFTWARE\Classes\HpqUnApl.Autoplay\shell\Play\DropTarget\CLSID = "{E1A1C814-FD09-4c9d-BB4A-0394B836A1F0}"  -> {HKLM...CLSID} = (no title provided)				   \LocalServer32\(Default) = "C:\Program Files\HP\Digital Imaging\Unload\HpqUnApl.exe" ["Hewlett-Packard"]Startup items in "Gwóźdź" & "All Users" startup folders:--------------------------------------------------------C:\Documents and Settings\Gwóźdź\Menu Start\Programy\Autostart"BLUE NETSOFT Połączenie z internetem" -> shortcut to: "" [file not found]C:\Documents and Settings\All Users\Menu Start\Programy\Autostart"HP Image Zone Fast Start" -> shortcut to: "C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe -s" [null data]"HP Digital Imaging Monitor" -> shortcut to: "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" ["Hewlett-Packard Co."]"WConfig" -> shortcut to: "C:\Program Files\WLAN\WConfig\WConfig.exe" ["WirelessLan Technology, Corp."]Winsock2 Service Provider DLLs:-------------------------------Namespace Service ProvidersHKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]Transport Service ProvidersHKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 17%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05Toolbars, Explorer Bars, Extensions:------------------------------------Extensions (Tools menu items, main toolbar menu buttons)HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\"MenuText" = "Sun Java Console""CLSIDExtension" = "{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}"  -> {HKCU...CLSID} = "Java Plug-in 1.6.0_07"				   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll" ["Sun Microsystems, Inc."]  -> {HKLM...CLSID} = "Java Plug-in 1.6.0_07"				   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll" ["Sun Microsystems, Inc."]{D18A0B52-D63C-4ED0-AFC6-C1E3DC1AF43A}\"ButtonText" = "BitComet""Script" = "res://F:\Progam Files 2\BitComet\tools\BitCometBHO_1.3.3.2.dll/206" ["BitComet"]{E2E2DD38-D088-4134-82B7-F2BA38496583}\"MenuText" = "@xpsp3res.dll,-20001""Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]{FB5F1910-F110-11D2-BB9E-00C04F795683}\"ButtonText" = "Messenger""MenuText" = "Windows Messenger""Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]Running Services (Display Name, Service Name, Path {Service DLL}):------------------------------------------------------------------Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]GEST Service for program management., GEST Service, ""C:\Program Files\GIGABYTE\GEST\GSvr.exe"" [null data]---------- (launch time: 2009-05-14 17:18:59)<<!>>: Suspicious data at a malware launch point.+ This report excludes default entries except where indicated.+ To see *everywhere* the script checks and *everything* it finds,  launch it from a command prompt or a shortcut with the -all parameter.+ The search for DESKTOP.INI DLL launch points on all local fixed drives  took 34 seconds.---------- (total run time: 51 seconds)

Gość
komentarz
komentarz

1.

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://F:\Progam Files 2\BitComet\tools\BitCometBHO_1.3.3.2.dll/206 (file missing)

>>Hijack>>scan(Do a system scan only)>>zaznacz>>Fix checked.

2. Ściągnij >>> OTListIt2.

Uruchom OTListIt2 i w oknie Custom Scans/Fixes wklej następujący skrypt:

:OTLIPRC - C:\WINDOWS\explorer.exe (Microsoft Corporation):FilesC:\FOUND.011C:\FOUND.010C:\FOUND.009C:\FOUND.008C:\FOUND.007C:\FOUND.006C:\FOUND.005C:\FOUND.004C:\FOUND.003C:\FOUND.002C:\FOUND.001C:\FOUND.000:Reg[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9fc609cc-3f22-11de-b832-000df3034a83}]:Commands[emptytemp][start explorer][Reboot]

Kliknij w Run Fix. Zatwierdź restart komputera.

.

#john
komentarz
komentarz

Komputer nadal się wiesza ;/ Link do mojego tematu w którym opisałem problem znajduje się tu:

http://www.forumpc.pl/index.php?showtopic=106452

byłbym bardzo wdzięczny za pomoc :)

Gość
komentarz
komentarz

Daj log z ComboFixa + Hijacka.

.

#john
komentarz
komentarz

Combofix:

ComboFix 09-05-13.02 - Gwóźdź 2009-05-15 15:44.3 - [b]FAT32[/b]x86Microsoft Windows XP Professional  5.1.2600.3.1250.48.1045.18.2046.1639 [GMT 2:00]Uruchomiony z: c:\documents and settings\Gwóźdź\Pulpit\ComboFix.exeUWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!.(((((((((((((((((((((((((   Pliki utworzone od 2009-04-15 do 2009-05-15  ))))))))))))))))))))))))))))))).2009-05-15 09:50 . 2009-05-15 09:50	--------	d-sh--w	C:\FOUND.0022009-05-14 19:25 . 2009-05-14 19:25	--------	d-sh--w	C:\FOUND.0012009-05-14 19:18 . 2009-05-14 19:18	--------	d-----w	c:\program files\uTorrent2009-05-14 19:11 . 2009-05-14 19:11	--------	d-----w	c:\program files\epson2009-05-14 19:11 . 2009-05-14 19:11	--------	d-----w	c:\documents and settings\All Users\Dane aplikacji\EPSON2009-05-14 19:11 . 2007-04-10 01:06	8192	----a-w	c:\windows\system32\E_DCINST.DLL2009-05-14 19:11 . 2007-12-07 02:01	78848	----a-w	c:\windows\system32\E_FD4BEGE.DLL2009-05-14 19:11 . 2007-12-07 02:08	86528	----a-w	c:\windows\system32\E_FLBEGE.DLL2009-05-14 19:10 . 2008-04-13 22:17	25856	----a-w	c:\windows\system32\dllcache\usbprint.sys2009-05-14 19:10 . 2008-04-13 22:17	25856	----a-w	c:\windows\system32\drivers\usbprint.sys2009-05-14 19:10 . 2007-07-12 22:00	71680	----a-w	c:\windows\system32\escwiad.dll2009-05-14 19:10 . 2008-04-13 22:15	15104	----a-w	c:\windows\system32\dllcache\usbscan.sys2009-05-14 19:10 . 2008-04-13 22:15	15104	----a-w	c:\windows\system32\drivers\usbscan.sys2009-05-14 19:09 . 2008-04-13 22:15	32128	----a-w	c:\windows\system32\dllcache\usbccgp.sys2009-05-14 19:09 . 2008-04-13 22:15	32128	----a-w	c:\windows\system32\drivers\usbccgp.sys2009-05-14 19:06 . 2009-05-14 19:06	--------	d-sh--w	C:\FOUND.0002009-05-14 15:23 . 2009-05-14 15:23	--------	d-----w	C:\_OTListIt2009-05-14 15:07 . 2009-05-14 15:07	--------	d-----w	c:\program files\Trend Micro2009-05-13 19:26 . 2009-05-13 19:26	--------	d-----w	c:\program files\MSXML 4.02009-05-13 07:48 . 2009-05-13 07:48	--------	d-----w	c:\program files\NAPI-PROJEKT2009-05-13 07:47 . 2009-05-13 07:47	--------	d-----w	c:\program files\ffdshow2009-05-12 21:11 . 2009-05-12 21:11	--------	d-----w	c:\program files\Common Files\HP2009-05-12 21:11 . 2009-05-12 21:11	--------	d-----w	c:\program files\Hewlett-Packard2009-05-12 21:10 . 2009-05-12 21:10	--------	d-----w	c:\windows\system32\URTTEMP2009-05-12 21:08 . 2009-05-12 21:09	--------	d-----w	c:\program files\HP2009-05-12 21:08 . 2009-05-12 21:13	47883	----a-w	c:\windows\hpiins01.dat2009-05-12 21:08 . 2005-04-26 10:36	0	------w	c:\windows\hpimdl01.dat2009-05-12 16:52 . 2009-05-12 16:52	--------	d-----w	c:\windows\Sun2009-05-12 16:50 . 2009-05-12 16:50	--------	d-----w	c:\program files\Java2009-05-12 16:50 . 2009-05-12 16:50	--------	d-----w	c:\program files\Common Files\Java2009-05-12 16:38 . 2009-05-12 16:38	--------	d-----w	c:\program files\cFosSpeed2009-05-12 14:09 . 2009-05-12 14:09	--------	d-----w	c:\program files\xp-AntiSpy2009-05-12 13:26 . 2007-01-18 12:00	3968	----a-w	c:\windows\system32\drivers\AvgArCln.sys2009-05-12 10:14 . 2009-05-12 10:14	--------	d-----w	c:\program files\Lavalys2009-05-11 16:11 . 2008-04-13 22:15	26368	----a-w	c:\windows\system32\dllcache\usbstor.sys2009-05-11 12:12 . 2009-05-11 12:12	--------	d-----w	c:\program files\Common Files\Adobe2009-05-11 08:17 . 2008-06-14 17:36	273024	------w	c:\windows\system32\dllcache\bthport.sys2009-05-11 08:05 . 2008-05-08 14:02	203136	------w	c:\windows\system32\dllcache\rmcast.sys2009-05-11 08:04 . 2008-10-24 11:21	455296	------w	c:\windows\system32\dllcache\mrxsmb.sys2009-05-11 08:04 . 2008-12-11 10:57	333952	------w	c:\windows\system32\dllcache\srv.sys2009-05-11 08:04 . 2008-05-01 14:37	331776	------w	c:\windows\system32\dllcache\msadce.dll2009-05-11 08:03 . 2008-04-11 19:06	691712	------w	c:\windows\system32\dllcache\inetcomm.dll2009-05-11 07:55 . 2008-10-15 16:36	337408	------w	c:\windows\system32\dllcache\netapi32.dll2009-05-11 07:55 . 2008-09-04 17:17	1106944	------w	c:\windows\system32\dllcache\msxml3.dll2009-05-11 07:54 . 2008-04-21 21:16	218112	------w	c:\windows\system32\dllcache\wordpad.exe2009-05-11 07:53 . 2009-02-06 10:10	227840	------w	c:\windows\system32\dllcache\wmiprvse.exe2009-05-11 07:53 . 2009-02-09 11:26	2190336	------w	c:\windows\system32\dllcache\ntoskrnl.exe2009-05-11 07:53 . 2009-03-06 14:22	285696	------w	c:\windows\system32\dllcache\pdh.dll2009-05-11 07:53 . 2009-02-09 11:25	111104	------w	c:\windows\system32\dllcache\services.exe2009-05-11 07:53 . 2009-02-09 10:53	401408	------w	c:\windows\system32\dllcache\rpcss.dll2009-05-11 07:53 . 2009-02-09 10:53	473600	------w	c:\windows\system32\dllcache\fastprox.dll2009-05-11 07:53 . 2009-02-09 10:53	686592	------w	c:\windows\system32\dllcache\advapi32.dll2009-05-11 07:53 . 2009-02-09 10:53	731136	------w	c:\windows\system32\dllcache\lsasrv.dll2009-05-11 07:53 . 2009-02-09 10:53	453120	------w	c:\windows\system32\dllcache\wmiprvsd.dll2009-05-11 07:53 . 2009-02-09 10:53	722944	------w	c:\windows\system32\dllcache\ntdll.dll2009-05-11 07:53 . 2009-02-09 11:26	2146816	------w	c:\windows\system32\dllcache\ntkrnlmp.exe2009-05-11 07:53 . 2009-02-09 11:26	2025472	------w	c:\windows\system32\dllcache\ntkrpamp.exe2009-05-10 21:49 . 2009-05-10 21:49	--------	d--h--w	c:\windows\$hf_mig$2009-05-10 21:40 . 2009-05-10 21:40	0	----a-w	c:\windows\nsreg.dat2009-05-09 22:20 . 2009-05-09 22:20	--------	d-----w	C:\Downloads2009-05-09 21:11 . 2009-05-09 21:11	--------	d-----w	c:\program files\Nowe Gadu-Gadu2009-05-09 21:08 . 2003-03-18 18:14	499712	----a-w	c:\windows\system32\MSVCP71.dll2009-05-09 21:08 . 2003-02-21 02:42	348160	----a-w	c:\windows\system32\MSVCR71.dll2009-05-09 21:08 . 2003-03-18 19:20	1060864	----a-w	c:\windows\system32\MFC71.dll2009-05-09 21:08 . 2009-05-09 21:08	--------	d-----w	c:\program files\Alwil Software2009-05-09 21:02 . 2004-03-01 16:31	62848	----a-w	c:\windows\system32\drivers\RT2400.sys2009-05-09 21:02 . 2003-09-03 08:12	86016	----a-w	c:\windows\system32\install.dll2009-05-09 21:02 . 2003-08-29 13:55	28672	----a-w	c:\windows\system32\CCS24.exe2009-05-09 21:02 . 2002-05-24 07:44	36864	----a-w	c:\windows\system32\WRLSetup.exe2009-05-09 21:02 . 2003-06-24 09:22	32768	----a-w	c:\windows\system32\SmartInstallCfg2.dll2009-05-09 21:02 . 2003-05-21 08:17	45056	----a-w	c:\windows\system32\DEDriverDLL.dll2009-05-09 21:02 . 2004-03-18 13:07	397312	----a-w	c:\windows\system32\RaConfig.exe2009-05-09 21:02 . 2009-05-09 21:02	--------	d-----w	c:\program files\RALINK2009-05-09 21:01 . 2009-05-09 21:01	--------	d-----w	c:\documents and settings\All Users\Dane aplikacji\ATI2009-05-09 21:01 . 2007-10-11 09:10	30008	----a-w	c:\windows\system32\drivers\ET5Drv.sys2009-05-09 21:01 . 2009-05-09 21:01	0	----a-w	c:\windows\ativpsrm.bin.((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-05-15 13:45 . 2009-05-09 20:43	16608	----a-w	c:\windows\gdrv.sys2009-05-13 19:26 . 2001-10-26 16:15	79386	----a-w	c:\windows\system32\perfc015.dat2009-05-13 19:26 . 2001-10-26 16:15	457230	----a-w	c:\windows\system32\perfh015.dat2009-05-12 14:51 . 2004-08-03 21:14	361600	----a-w	c:\windows\system32\drivers\tcpip.sys2009-05-09 20:56 . 2009-05-09 20:56	--------	d-----w	c:\program files\Common Files\ATI Technologies2009-05-09 20:53 . 2009-05-09 20:53	--------	d-----w	c:\program files\ATI Technologies2009-05-09 20:49 . 2009-05-09 20:49	--------	d-----w	c:\program files\Realtek2009-05-09 20:49 . 2009-05-09 20:49	315392	----a-w	c:\windows\HideWin.exe2009-05-09 20:46 . 2009-05-09 20:46	--------	d-----w	c:\program files\Intel2009-05-09 20:45 . 2009-05-09 20:45	--------	d--h--w	c:\program files\InstallShield Installation Information2009-05-09 20:45 . 2009-05-09 20:45	--------	d-----w	c:\program files\GIGABYTE2009-05-09 20:45 . 2009-05-09 20:45	--------	d-----w	c:\program files\Common Files\InstallShield2009-05-09 20:36 . 2009-05-09 20:14	86327	----a-w	c:\windows\pchealth\helpctr\OfflineCache\index.dat2009-05-09 20:14 . 2009-05-09 20:14	--------	d-----w	c:\program files\microsoft frontpage2009-05-09 20:14 . 2001-07-21 22:36	67	--sha-w	c:\windows\Fonts\desktop.ini2009-05-09 20:13 . 2009-05-09 20:13	--------	d-----w	c:\program files\Usługi online2009-05-09 20:12 . 2009-05-09 20:11	21856	----a-w	c:\windows\system32\emptyregdb.dat2009-03-06 14:22 . 2004-08-03 22:44	285696	----a-w	c:\windows\system32\pdh.dll2009-02-20 08:12 . 2004-08-03 22:44	668672	----a-w	c:\windows\system32\wininet.dll2009-02-20 08:12 . 2004-08-03 22:44	81920	----a-w	c:\windows\system32\ieencode.dll.(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]"Nowe Gadu-Gadu"="c:\program files\Nowe Gadu-Gadu\gg.exe" [2009-02-06 9302632]"EPSON Stylus SX400 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIEGE.EXE" [2007-12-17 188928]"EPSON Stylus SX400 Series (Kopia 1)"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIEGE.EXE" [2007-12-17 188928][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"GEST"="c:\program files\GIGABYTE\GEST\RUN.exe" [2007-12-14 236040]"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]"WinampAgent"="f:\progam files 2\Winamp\winampa.exe" [2007-10-10 36352]"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-02-13 16857600][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]c:\documents and settings\All Users\Menu Start\Programy\Autostart\HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-4 53248]HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]RaConfig.lnk - c:\windows\system32\RaConfig.exe [2009-5-9 397312][HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusOverride"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="f:\\Progam Files 2\\BitComet\\BitComet.exe"="d:\\Program Files\\Counter-Strike 1.6\\hl.exe"="c:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"="c:\\Program Files\\uTorrent\\uTorrent.exe"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"13969:TCP"= 13969:TCP:BitComet 13969 TCP"13969:UDP"= 13969:UDP:BitComet 13969 UDP"3128:TCP"= 3128:TCP:BitComet 3128 TCP"3128:UDP"= 3128:UDP:BitComet 3128 UDPR3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2009-05-09 89600]R3 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\GEST\GSvr.exe [2009-05-09 47624]R3 RT2400;RT2400 Wireless Driver;c:\windows\system32\drivers\RT2400.sys [2009-05-09 62848]..------- Skan uzupełniający -------.uStart Page = hxxp://onet.pl/IE: Pobierz wszystkie VIdeo za pomocą BitComet - f:\progam files 2\BitComet\BitComet.exe/AddVideo.htmIE: Pobierz wszystko za pomocą BitComet - f:\progam files 2\BitComet\BitComet.exe/AddAllLink.htmIE: Pobierz za pomocą BitComet - f:\progam files 2\BitComet\BitComet.exe/AddLink.htmTCP: {4D2AF52E-3CAB-409E-94D1-037B86E8862E} = 194.204.159.1FF - ProfilePath - c:\documents and settings\Gwóźdź\Dane aplikacji\Mozilla\Firefox\Profiles\atd63xtz.default\FF - prefs.js: browser.startup.homepage - hxxp://www.onet.pl/.**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-05-15 15:45Windows 5.1.2600 Dodatek Service Pack 3 FAT NTAPIskanowanie ukrytych procesów ...  skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ...  skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************.--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------- - - - - - - > 'winlogon.exe'(736)c:\windows\system32\Ati2evxx.dll.Czas ukończenia: 2009-05-15 15:45ComboFix-quarantined-files.txt  2009-05-15 13:45Przed: 11 121 082 368 bajtów wolnychPo: 11 108 761 600 bajtów wolnych179

Hijack:

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 15:46:28, on 2009-05-15Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\RTHDCPL.EXEC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exeF:\Progam Files 2\Winamp\winampa.exeC:\Program Files\Java\jre1.6.0_07\bin\jusched.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEGE.EXEC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEGE.EXEC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exeC:\Program Files\HP\Digital Imaging\bin\hpqgalry.exeC:\Program Files\GIGABYTE\GEST\GSvr.exeC:\WINDOWS\explorer.exeC:\WINDOWS\system32\NOTEPAD.EXEC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://onet.pl/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ŁączaO2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - F:\Progam Files 2\BitComet\tools\BitCometBHO_1.3.3.2.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO4 - HKLM\..\Run: [GEST] C:\Program Files\GIGABYTE\GEST\RUN.exeO4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXEO4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRunO4 - HKLM\..\Run: [WinampAgent] "F:\Progam Files 2\Winamp\winampa.exe"O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [Nowe Gadu-Gadu] "C:\Program Files\Nowe Gadu-Gadu\gg.exe"O4 - HKCU\..\Run: [EPSON Stylus SX400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEGE.EXE /FU "C:\WINDOWS\TEMP\E_SB9.tmp" /EF "HKCU"O4 - HKCU\..\Run: [EPSON Stylus SX400 Series (Kopia 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEGE.EXE /FU "C:\WINDOWS\TEMP\E_S2.tmp" /EF "HKCU"O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - Startup: BLUE NETSOFT Połączenie z internetem.lnk = ?O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exeO4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeO4 - Global Startup: RaConfig.lnk = C:\WINDOWS\system32\RaConfig.exeO8 - Extra context menu item: Pobierz wszystkie VIdeo za pomocą BitComet - res://F:\Progam Files 2\BitComet\BitComet.exe/AddVideo.htmO8 - Extra context menu item: Pobierz wszystko za pomocą BitComet - res://F:\Progam Files 2\BitComet\BitComet.exe/AddAllLink.htmO8 - Extra context menu item: Pobierz za pomocą BitComet - res://F:\Progam Files 2\BitComet\BitComet.exe/AddLink.htmO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO17 - HKLM\System\CCS\Services\Tcpip\..\{4D2AF52E-3CAB-409E-94D1-037B86E8862E}: NameServer = 194.204.159.1O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exeO23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\GEST\GSvr.exe--End of file - 5277 bytes
Gość
komentarz
komentarz

Log jest czysty.

C:\FOUND.002C:\FOUND.001C:\FOUND.000

Usuń te foldery.

Uwaga! Mogą być ukryte.

1. Posprzątaj po ComboFixie i różnych narzędziach >>> OTCleanIt.

2. Z folderu "System Volume Information" usuniesz poprzez chwilowe wyłączenie "Przywracania Systemu":

>Panel Sterowania>System>Przywracanie Systemu>>zaznacz w okienku przy "Wyłącz przywracanie na wszystkich dyskach">Zastosuj>OK.

Potem możesz powrócić do poprzedniego ustawienia (czyli usunąć zaznaczenie z okienka).

3. Wykonaj optymalizację systemu

4.Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum.

.

#john
komentarz
komentarz (edytowane)

Zrobiłem wszystko jak napisałeś i już miałem nadzieje że wszystko ok a tu lipa ;/ Kaspersy nic nie wykrył, zadnego podejrzanego ani zainfekowanego pliku...

26478508.th.jpg

Komputer cały czas się wiesza po odpaleniu Bitcometa badz uTorrenta ;/ Podejrzewam ze wadliwych programów nie mam, tylko jest to wynik tej konfiguracji którą wysłał mi administrator... Teraz mam internet szerokopasmowy a przedtem we własciwościach moich miejsc sieciowych pisało tylko sieć LAN lub szybki Internet...

Dodam ze kiedy zrobiłem formata (myślałem ze pomoże z tymi zawiechami) byłem na starej konfiguracji, zainstalowałem Bitcometa i wszystko ładnie się sciągało, jednak kiedy dokonałem konfiguracji (otworzylem plik wysłany przez adimnistratora i wpisałem jedynie login i hasło podane przez niego, utworzyło się nowe połaczenie i zmieniły się adresy). Po tym, Bitcomet cały czas zawiesza kompa ;/

Gość
komentarz
komentarz

Może lepiej, żebyś nie ściągał przez te programy? ;)

Powiedz mi, co przez nie ściągasz?

.

#john
komentarz
komentarz

Ostatnio tylko filmy [zmierzch] i [siedem dusz] teraz próbuje ściagnąć... No i komputer czasami zawiesza się tez przy przeglądaniu stron ;/

// Nie legalnie ściągasz filmy.

// Idź sobie wypożycz, a nie ściągasz Piracie...

// Temat zamykam.

// djdresik

Gość
Ten temat został zamknięty. Brak możliwości dodania odpowiedzi.
Zarejestruj się lub zaloguj, aby dodać nowy temat albo zadaj pytanie bez logowania
×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.