x-kom hosting

logi

jaskowski
utworzono
utworzono
Logfile of Trend Micro HijackThis v2.0.2Scan saved at 17:15:14, on 2009-05-21Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\Raxco\PerfectDisk10\PDAgent.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\RealVNC\VNC4\WinVNC4.exeC:\WINDOWS\system32\wbem\wmiapsrv.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Google\Update\GoogleUpdate.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\RTHDCPL.EXEC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\Google\Gmail Notifier\gnotify.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\WINDOWS\system32\Rundll32.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\Program Files\Konnekt\konnekt.exeC:\Program Files\DAEMON Tools Lite\daemon.exeC:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exeC:\Documents and Settings\janek\Pulpit\CORE\Core Temp.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\Skype\Phone\Skype.exeC:\Program Files\IObit\Advanced SystemCare 3\AWC.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\PROGRA~1\MI3AA1~1\rapimgr.exeC:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exeC:\Program Files\Skype\Plugin Manager\skypePM.exeC:\WINDOWS\explorer.exeC:\Program Files\Microsoft ActiveSync\wcescomm.exeC:\Program Files\foobar2000\foobar2000.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ŁączaO2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dllO2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dllO2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllO3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dllO4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXEO4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXEO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exeO4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exeO4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -kO4 - HKLM\..\Run: [P17Helper] Rundll32 SPIRun.dll,RunDLLEntryO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"O4 - HKCU\..\Run: [Konnekt] "C:\Program Files\Konnekt\konnekt.exe" /autostartO4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorunO4 - HKCU\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologonO4 - HKCU\..\Run: [Core Temp] "C:\Documents and Settings\janek\Pulpit\CORE\Core Temp.exe"O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimizedO4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startupO4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeO4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"O4 - HKCU\..\Run: [cdoosoft] C:\WINDOWS\system32\olhrwef.exeO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeO8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dllO9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dllO9 - Extra 'Tools' menuitem: Utwórz Ulubione dla urządzenia przenośnego... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dllO9 - Extra button: Kolekcja wycinków HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dllO9 - Extra button: Zaznaczanie HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO23 - Service: ABBYY FineReader 9.0 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exeO23 - Service: Usługa Google Update (gupdate1c9d25c9d4afcb2) (gupdate1c9d25c9d4afcb2) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exeO23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDAgent.exeO23 - Service: PDEngine - Unknown owner - C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe (file missing)O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe--End of file - 8212 bytes

combo

ComboFix 08-12-12.03 - janek 2009-05-21 19:26:53.1 - NTFSx86Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.2046.1303 [GMT 2:00]Uruchomiony z: c:\documents and settings\janek\Pulpit\ComboFix.exe* Utworzono nowy punkt przywracania* Resident AV is active[b]UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !![/b].- TRYB ZREDUKOWANEJ FUNKCJONALNOŚCI -.(((((((((((((((((((((((((((((((((((((((   Usunięto   ))))))))))))))))))))))))))))))))))))))))))))))))).c:\windows\system32\AutoRun.inf.(((((((((((((((((((((((((   Pliki utworzone od 2009-04-21 do 2009-05-21  ))))))))))))))))))))))))))))))).2009-05-21 16:33 . 2009-05-21 16:33	105,850	-r-hs----	C:\xh319r9b.bat2009-05-21 16:33 . 2009-05-21 16:33	92,672	-r-hs----	c:\windows\system32\nmdfgds1.dll2009-05-21 16:32 . 2009-05-21 16:33	105,850	-r-hs----	c:\windows\system32\olhrwef.exe2009-05-21 16:32 . 2009-05-21 16:32	92,672	---------	c:\windows\system32\nmdfgds0.dll2009-05-18 17:19 . 2009-05-18 17:19	<DIR>	d--------	c:\program files\Ventrilo2009-05-18 17:15 . 2009-05-18 17:15	<DIR>	d--------	c:\documents and settings\janek\Dane aplikacji\Ventrilo2009-05-18 17:11 . 2009-05-18 17:11	<DIR>	d--------	c:\program files\Teamspeak2_RC22009-05-18 17:11 . 2009-05-18 17:11	<DIR>	d--------	c:\documents and settings\janek\Dane aplikacji\teamspeak22009-05-18 17:11 . 2009-05-18 17:11	34,064	--a------	c:\windows\system32\lhacm.acm2009-05-16 19:31 . 2009-05-16 19:32	<DIR>	d--------	c:\program files\MP3Gain2009-05-13 18:13 . 2005-10-21 03:47	30,592	-----c---	c:\windows\system32\dllcache\SET1C93.tmp2009-05-13 18:13 . 2005-10-21 03:47	12,800	-----c---	c:\windows\system32\dllcache\SET1C92.tmp2009-05-13 18:09 . 2009-05-13 18:14	<DIR>	d--------	c:\windows\LastGood2009-05-13 18:09 . 2009-05-13 18:09	<DIR>	d--------	c:\windows\Downloaded Installations2009-05-13 18:09 . 2009-05-13 18:13	<DIR>	d--------	c:\program files\Microsoft ActiveSync2009-05-13 18:09 . 2005-10-21 03:47	30,592	---------	c:\windows\system32\drivers\rndismpx.sys2009-05-13 18:09 . 2005-10-21 03:47	12,800	---------	c:\windows\system32\drivers\usb8023x.sys2009-05-12 17:03 . 2009-05-16 18:50	<DIR>	d--------	c:\program files\World of Warcraft2009-05-12 17:03 . 2009-05-12 18:21	<DIR>	d--------	c:\program files\Common Files\Blizzard Entertainment2009-05-12 17:01 . 2009-05-12 17:01	<DIR>	d--------	c:\documents and settings\All Users\Dane aplikacji\Blizzard2009-05-12 08:40 . 2009-05-12 08:40	<DIR>	d--------	C:\Mp3 Output2009-05-11 19:18 . 2009-05-21 05:28	<DIR>	d--------	c:\documents and settings\All Users\Dane aplikacji\Google Updater2009-05-11 17:08 . 2009-05-11 17:08	<DIR>	d--------	c:\program files\SoulseekNS2009-05-11 17:08 . 2009-05-11 17:08	<DIR>	d--------	c:\documents and settings\All Users\Dane aplikacji\Soulseek2009-05-03 13:10 . 2009-05-03 13:10	<DIR>	d--------	c:\documents and settings\All Users\Dane aplikacji\BVRP Software2009-04-28 17:06 . 2009-04-28 17:06	<DIR>	d--------	c:\documents and settings\janek\Dane aplikacji\ABBYY2009-04-28 17:03 . 2009-04-28 17:03	<DIR>	d--------	c:\program files\Common Files\ABBYY2009-04-28 17:01 . 2009-04-28 17:06	<DIR>	d--------	c:\program files\ABBYY FineReader 9.02009-04-28 17:01 . 2009-04-28 17:07	<DIR>	d--------	c:\documents and settings\All Users\Dane aplikacji\ABBYY2009-04-22 18:01 . 2004-08-04 00:44	21,504	--a------	c:\windows\system32\hidserv.dll2009-04-22 18:01 . 2004-08-04 00:44	21,504	--a--c---	c:\windows\system32\dllcache\hidserv.dll2009-04-22 18:01 . 2004-08-04 00:38	14,848	--a------	c:\windows\system32\drivers\kbdhid.sys2009-04-22 18:01 . 2004-08-04 00:38	14,848	--a--c---	c:\windows\system32\dllcache\kbdhid.sys.((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-05-21 17:26	---------	d-----w	c:\documents and settings\janek\Dane aplikacji\foobar20002009-05-21 16:42	---------	d-----w	c:\documents and settings\janek\Dane aplikacji\Skype2009-05-21 14:13	---------	d-----w	c:\documents and settings\janek\Dane aplikacji\uTorrent2009-05-21 14:02	---------	d-----w	c:\documents and settings\janek\Dane aplikacji\skypePM2009-05-20 18:08	---------	d-----w	c:\documents and settings\janek\Dane aplikacji\HLSW2009-05-18 15:19	---------	d-----w	c:\program files\Common Files\Wise Installation Wizard2009-05-17 14:27	---------	d-----w	c:\program files\Mozilla Thunderbird2009-05-12 16:28	---------	d--h--w	c:\program files\InstallShield Installation Information2009-05-11 17:19	---------	d-----w	c:\program files\Google2009-04-28 15:06	---------	d-----w	c:\program files\Common Files\Adobe2009-04-10 19:23	---------	d-----w	c:\program files\Raxco2009-04-04 08:05	---------	d-----w	c:\program files\Java2009-04-03 14:05	---------	d-----w	c:\program files\EAGLE-5.4.02009-04-03 14:05	---------	d-----w	c:\documents and settings\janek\Dane aplikacji\CadSoft2009-04-02 14:33	---------	d-----w	c:\program files\Aspyr2009-04-01 12:34	231,176	----a-w	c:\windows\system32\PDBoot.exe2009-03-29 13:37	---------	d-----w	c:\documents and settings\janek\Dane aplikacji\PlaneShift2009-03-28 17:32	---------	d-----w	c:\documents and settings\janek\Dane aplikacji\CrystalSpace2009-03-25 19:57	---------	d-----w	c:\documents and settings\janek\Dane aplikacji\mIRC2009-03-23 18:58	---------	d-----w	c:\program files\Perfect World Entertainment2009-03-23 18:32	---------	d-----w	c:\documents and settings\janek\Dane aplikacji\GetRightToGo2009-03-22 12:26	---------	d-----w	c:\documents and settings\janek\Dane aplikacji\FOG Downloader2009-03-22 07:16	107,888	----a-w	c:\windows\system32\CmdLineExt.dll2009-03-09 03:19	410,984	----a-w	c:\windows\system32\deploytk.dll2008-12-20 09:20	22,328	----a-w	c:\documents and settings\janek\Dane aplikacji\PnkBstrK.sys.(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazaneREGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Konnekt"="c:\program files\Konnekt\konnekt.exe" [2005-05-24 503808]"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-07-02 393216]"Core Temp"="c:\documents and settings\janek\Pulpit\CORE\Core Temp.exe" [2008-08-22 277008]"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584]"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-02-04 23975720]"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2009-02-22 2272592]"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-11 39408]"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]"cdoosoft"="c:\windows\system32\olhrwef.exe" [2009-05-21 105850][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]"RTHDCPL"="RTHDCPL.EXE" [2008-02-13 c:\windows\RTHDCPL.exe]"nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe]"P17Helper"="SPIRun.dll" [2006-07-03 c:\windows\system32\SPIRun.dll][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]c:\documents and settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"VIDC.FFDS"= c:\progra~1\COMBIN~1\Filters\ff_vfw.dll"vidc.wmv3"= c:\progra~1\COMBIN~1\Filters\wmv9vcm.dll[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]@="Driver"[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\uTorrent\\uTorrent.exe"="c:\\Program Files\\Konnekt\\konnekt.exe"="c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"c:\\Program Files\\Skype\\Phone\\Skype.exe"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync ServiceR1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2008-02-20 33800]R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;"c:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe" -service [2007-12-06 660768]R3 ALSysIO;ALSysIO;\??\c:\docume~1\janek\USTAWI~1\Temp\ALSysIO.sys []S2 gupdate1c9d25c9d4afcb2;Usługa Google Update (gupdate1c9d25c9d4afcb2);"c:\program files\Google\Update\GoogleUpdate.exe" /svc [2009-05-11 133104]S3 AVPsys;AVPsys;\??\c:\windows\system32\drivers\cdaudio.sys [2001-08-17 18688]S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2009-01-23 10976]S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [2008-12-19 89256]S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [2008-12-19 15016]S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [2008-12-19 120744]S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [2008-12-19 114216]S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys [2008-12-19 25512]S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [2008-12-19 110632]S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys [2008-12-19 115752][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]HPZ12	REG_MULTI_SZ	   Pml Driver HPZ12 Net Driver HPZ12hpdevmgmt	REG_MULTI_SZ	   hpqcxs08 hpqddsvc[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0649961e-e319-11dd-9b75-001fd0876c55}]\Shell\AutoRun\command - g:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\xop32.exe\Shell\open\command - g:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\xop32.exe[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5977d468-d504-11dd-acb8-001fd0876c55}]\Shell\AutoRun\command - G:\xh319r9b.bat\Shell\open\Command - G:\xh319r9b.bat[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a4def56f-cd6d-11dd-b3c3-806d6172696f}]\Shell\AutoRun\command - C:\xh319r9b.bat\Shell\open\Command - C:\xh319r9b.bat*Newly Created Service* - ALSYSIO*Newly Created Service* - CATCHME*Newly Created Service* - GUPDATE1C9D25C9D4AFCB2*Newly Created Service* - GUSVC.Zawartość folderu 'Zaplanowane zadania'2009-05-21 c:\windows\Tasks\Google Software Updater.job- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-11 19:18]2009-05-21 c:\windows\Tasks\GoogleUpdateTaskMachine.job- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-11 19:19].- - - - USUNIĘTO PUSTE WPISY - - - -WebBrowser-{4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - (no file).------- Skan uzupełniający -------.IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000FF - ProfilePath - c:\documents and settings\janek\Dane aplikacji\Mozilla\Firefox\Profiles\a5acsuz7.default\FF - prefs.js: browser.startup.homepage - hxxp://google.plFF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dllFF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dllFF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dllFF - plugin: c:\program files\Java\jre6\bin\new_plugin\npjp2.dllFF - plugin: c:\program files\Mozilla Firefox\plugins\np_gp.dllFF - plugin: c:\program files\Mozilla Firefox\plugins\npdeploytk.dll.**************************************************************************catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-05-21 19:27:04Windows 5.1.2600 Dodatek Service Pack 2 NTFSskanowanie ukrytych procesów ...? [9912]skanowanie ukrytych wpisów autostartu ...HKLM\Software\Microsoft\Windows\CurrentVersion\Run  P17Helper = Rundll32 SPIRun.dll,RunDLLEntry?skanowanie ukrytych plików ...skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************.Czas ukończenia: 2009-05-21 19:27:43ComboFix-quarantined-files.txt  2009-05-21 17:27:25Przed: 4 864 167 936 bajtów wolnychPo: 4,986,609,664 bajtów wolnych196

// Dostajesz warna.

//Usunąłeś linijkę i myślisz, że ja jestem taki głupi??

// djdresik

Gość
komentarz
komentarz
- TRYB ZREDUKOWANEJ FUNKCJONALNOŚCI

Usuń tego ComboFixa i ściągnij 'świeżego'.:

---> ComboFixa.

.

jaskowski
komentarz
komentarz (edytowane)
ComboFix 09-05-20.A1 - janek 2009-05-21 21:55.2 - NTFSx86Microsoft Windows XP Professional  5.1.2600.2.1250.48.1045.18.2046.1268 [GMT 2:00]Uruchomiony z: c:\documents and settings\janek\Pulpit\ComboFix.exeUWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!.(((((((((((((((((((((((((((((((((((((((   Usunięto   ))))))))))))))))))))))))))))))))))))))))))))))))).c:\windows\system32\nmdfgds0.dllc:\windows\system32\nmdfgds1.dllc:\windows\system32\olhrwef.exeC:\xh319r9b.batD:\xh319r9b.batE:\xh319r9b.bat.(((((((((((((((((((((((((   Pliki utworzone od 2009-04-21 do 2009-05-21  ))))))))))))))))))))))))))))))).2009-05-21 19:01 . 2009-05-21 19:01	--------	d-----w	c:\documents and settings\janek\Dane aplikacji\Ashampoo2009-05-21 19:01 . 2009-05-21 19:01	--------	d-----w	c:\documents and settings\janek\Ustawienia lokalne\Dane aplikacji\ashampoo2009-05-21 19:01 . 2009-05-21 19:01	--------	d-----w	c:\documents and settings\All Users\Dane aplikacji\ashampoo2009-05-21 19:01 . 2009-05-21 19:01	--------	d-----w	c:\program files\Ashampoo2009-05-18 15:19 . 2009-05-18 15:19	--------	d-----w	c:\program files\Ventrilo2009-05-18 15:15 . 2009-05-18 15:15	--------	d-----w	c:\documents and settings\janek\Dane aplikacji\Ventrilo2009-05-18 15:11 . 2009-05-18 15:11	--------	d-----w	c:\documents and settings\janek\Dane aplikacji\teamspeak22009-05-18 15:11 . 2009-05-18 15:11	--------	d-----w	c:\program files\Teamspeak2_RC22009-05-16 17:31 . 2009-05-16 17:32	--------	d-----w	c:\program files\MP3Gain2009-05-13 16:09 . 2009-05-13 16:14	--------	d-----w	c:\windows\LastGood2009-05-13 16:09 . 2005-10-21 01:47	12800	------w	c:\windows\system32\drivers\usb8023x.sys2009-05-13 16:09 . 2005-10-21 01:47	30592	------w	c:\windows\system32\drivers\rndismpx.sys2009-05-13 16:09 . 2009-05-13 16:13	--------	d-----w	c:\program files\Microsoft ActiveSync2009-05-13 16:09 . 2009-05-13 16:09	--------	d-----w	c:\windows\Downloaded Installations2009-05-12 15:03 . 2009-05-16 16:50	--------	d-----w	c:\program files\World of Warcraft2009-05-12 15:03 . 2009-05-12 16:21	--------	d-----w	c:\program files\Common Files\Blizzard Entertainment2009-05-12 15:01 . 2009-05-12 15:01	--------	d-----w	c:\documents and settings\All Users\Dane aplikacji\Blizzard2009-05-12 06:40 . 2009-05-12 06:40	--------	d-----w	C:\Mp3 Output2009-05-11 17:19 . 2009-05-11 17:19	--------	d-----w	c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\Google2009-05-11 17:19 . 2009-05-11 17:32	--------	d-----w	c:\documents and settings\janek\Ustawienia lokalne\Dane aplikacji\Google2009-05-11 17:18 . 2009-05-21 03:28	--------	d-----w	c:\documents and settings\All Users\Dane aplikacji\Google Updater2009-05-11 15:08 . 2009-05-11 15:08	--------	d-----w	c:\documents and settings\All Users\Dane aplikacji\Soulseek2009-05-11 15:08 . 2009-05-11 15:08	--------	d-----w	c:\program files\SoulseekNS2009-05-03 11:10 . 2009-05-03 11:10	--------	d-----w	c:\documents and settings\All Users\Dane aplikacji\BVRP Software2009-04-28 15:06 . 2009-04-28 15:06	--------	d-----w	c:\documents and settings\janek\Dane aplikacji\ABBYY2009-04-28 15:03 . 2009-04-28 15:03	--------	d-----w	c:\program files\Common Files\ABBYY2009-04-28 15:01 . 2009-04-28 15:07	--------	d-----w	c:\documents and settings\janek\Ustawienia lokalne\Dane aplikacji\ABBYY2009-04-28 15:01 . 2009-04-28 15:07	--------	d-----w	c:\documents and settings\All Users\Dane aplikacji\ABBYY2009-04-28 15:01 . 2009-04-28 15:06	--------	d-----w	c:\program files\ABBYY FineReader 9.02009-04-22 16:01 . 2004-08-03 22:44	21504	----a-w	c:\windows\system32\hidserv.dll2009-04-22 16:01 . 2004-08-03 22:44	21504	-c--a-w	c:\windows\system32\dllcache\hidserv.dll2009-04-22 16:01 . 2004-08-03 22:38	14848	-c--a-w	c:\windows\system32\dllcache\kbdhid.sys2009-04-22 16:01 . 2004-08-03 22:38	14848	----a-w	c:\windows\system32\drivers\kbdhid.sys.((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-05-18 15:19 . 2008-12-18 18:30	--------	d-----w	c:\program files\Common Files\Wise Installation Wizard2009-05-17 14:27 . 2009-02-14 10:43	--------	d-----w	c:\program files\Mozilla Thunderbird2009-05-12 16:28 . 2008-12-19 01:06	--------	d--h--w	c:\program files\InstallShield Installation Information2009-05-11 17:19 . 2008-12-18 19:23	--------	d-----w	c:\program files\Google2009-05-03 11:12 . 2009-02-26 18:51	56	---ha-w	c:\windows\system32\ezsidmv.dat2009-04-28 15:06 . 2009-01-31 18:15	--------	d-----w	c:\program files\Common Files\Adobe2009-04-10 19:23 . 2009-03-02 16:09	--------	d-----w	c:\program files\Raxco2009-04-04 08:05 . 2009-01-15 18:26	--------	d-----w	c:\program files\Java2009-04-04 08:05 . 2001-10-26 16:15	82182	----a-w	c:\windows\system32\perfc015.dat2009-04-04 08:05 . 2001-10-26 16:15 484986	----a-w	c:\windows\system32\perfh015.dat2009-04-03 14:05 . 2009-04-03 14:05	--------	d-----w	c:\program files\EAGLE-5.4.02009-04-02 14:33 . 2009-04-02 14:33	--------	d-----w	c:\program files\Aspyr2009-04-01 12:34 . 2009-04-01 12:34 231176	----a-w	c:\windows\system32\PDBoot.exe2009-03-23 18:58 . 2009-03-23 18:36	--------	d-----w	c:\program files\Perfect World Entertainment2009-03-22 07:16 . 2008-12-20 09:23 107888	----a-w	c:\windows\system32\CmdLineExt.dll2009-03-09 03:19 . 2009-01-15 18:26	410984	----a-w	c:\windows\system32\deploytk.dll2009-03-08 15:04 . 2008-12-19 01:13	43752	----a-w	c:\documents and settings\janek\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT.(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Konnekt"="c:\program files\Konnekt\konnekt.exe" [2005-05-24 503808]"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-07-02 393216]"Core Temp"="c:\documents and settings\janek\Pulpit\CORE\Core Temp.exe" [2008-08-22 277008]"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-03 1667584]"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-02-04 23975720]"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2009-02-22 2272592]"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-11 39408]"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-02-13 16857600]"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-10-07 1630208]"P17Helper"="SPIRun.dll" - c:\windows\system32\SPIRun.dll [2006-07-03 10752][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]c:\documents and settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520][HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]BootExecute	REG_MULTI_SZ   	PDBoot.exe\[u]0[/u]autocheck autochk *[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]@="Driver"[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\uTorrent\\uTorrent.exe"="c:\\Program Files\\Konnekt\\konnekt.exe"="c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"c:\\Program Files\\Skype\\Phone\\Skype.exe"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync ServiceR1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-02-20 33800]R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [2007-12-06 660768]R3 ALSysIO;ALSysIO;\??\c:\docume~1\janek\USTAWI~1\Temp\ALSysIO.sys --> c:\docume~1\janek\USTAWI~1\Temp\ALSysIO.sys [?]S2 gupdate1c9d25c9d4afcb2;Usługa Google Update (gupdate1c9d25c9d4afcb2);c:\program files\Google\Update\GoogleUpdate.exe [2009-05-11 133104]S3 AVPsys;AVPsys;c:\windows\system32\drivers\cdaudio.sys [2001-08-17 18688]S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2009-01-23 10976]S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [2008-12-19 89256]S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [2008-12-19 15016]S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [2008-12-19 120744]S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [2008-12-19 114216]S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [2008-12-19 25512]S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [2008-12-19 110632]S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [2008-12-19 115752]--- Inne Usługi/Sterowniki w Pamięci ---*NewlyCreated* - ALSYSIO*NewlyCreated* - GUPDATE1C9D25C9D4AFCB2*NewlyCreated* - GUSVC[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc.Zawartość folderu 'Zaplanowane zadania'2009-05-21 c:\windows\Tasks\Google Software Updater.job- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-11 17:18]2009-05-21 c:\windows\Tasks\GoogleUpdateTaskMachine.job- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-11 17:19]..------- Skan uzupełniający -------.IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000FF - ProfilePath - c:\documents and settings\janek\Dane aplikacji\Mozilla\Firefox\Profiles\a5acsuz7.default\FF - prefs.js: browser.startup.homepage - hxxp://google.plFF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dllFF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dllFF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dll.**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-05-21 21:55Windows 5.1.2600 Dodatek Service Pack 2 NTFSskanowanie ukrytych procesów ...  ? [3644]skanowanie ukrytych wpisów autostartu ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run  P17Helper = Rundll32 SPIRun.dll,RunDLLEntry? skanowanie ukrytych plików ...  skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************.--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------[HKEY_USERS\S-1-5-21-515967899-492894223-1417001333-1003\Software\SecuROM\License information*]"datasecu"=hex:50,d3,38,31,72,de,c1,09,8b,16,65,c6,74,88,74,61,3c,b4,49,5a,f0,   4a,8a,fb,57,33,c4,61,25,92,c1,5a,1b,59,73,8f,8c,c2,a2,c6,88,4b,e2,6b,df,df,\"rkeysecu"=hex:4a,44,5a,3d,91,4d,e2,f3,c5,f4,65,47,75,1c,85,5f.Czas ukończenia: 2009-05-21 21:56ComboFix-quarantined-files.txt  2009-05-21 19:56ComboFix2.txt  2009-05-21 17:27Przed: 4 358 324 224 bajtów wolnychPo: 4 342 562 816 bajtów wolnych181

p.s:

przepraszam za problemy :P

Gość
komentarz
komentarz

Log jest czysty.

1. Posprzątaj po ComboFixie i różnych narzędziach >>> OTCleanIt.

2. Proszę zainstalaować i przeskanować tym --> MBAM, (pełne skanowanie, po znalezieniu proszę zaznaczyć "Usuń zaznaczone".)

3. Wykonaj optymalizację systemu.

4. Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum.

.

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.