Seba1990 utworzono 16 czerwca 2009 utworzono 16 czerwca 2009 (edytowane) HIJACK THIS: Logfile of Trend Micro HijackThis v2.0.2Scan saved at 02:26:12, on 2009-06-16Platform: Windows XP Dodatek SP3MSIE: Internet Explorer v6.00 SP3Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exeC:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exeC:\WINDOWS\RTHDCPL.EXEC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\System32\wbem\wmiapsrv.exeC:\Program Files\PC Connectivity Solution\ServiceLayer.exeC:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exeC:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.google.pl/R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ŁączaO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllO3 - Toolbar: &Tłumaczenie - {0D704FAD-66E9-4F0A-BFED-4F665770DDB3} - C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dllO4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /minO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytrayO4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /trayO4 - HKCU\..\Run: [Realtek HD Audio Control Panel] C:\WINDOWS\RTHDCPL.EXEO4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: (no name) - {B46B0919-62BA-4D99-A5C4-916B57A6805C} - C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dllO9 - Extra 'Tools' menuitem: @C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll,-103 - {B46B0919-62BA-4D99-A5C4-916B57A6805C} - C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dllO23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exeO23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exeO23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exeO23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe ComboFix: ComboFix 09-06-15.04 - Seba 2009-06-16 2:34.8 - NTFSx86Microsoft Windows XP ProfessionalUruchomiony z: c:\documents and settings\Seba\Pulpit\ComboFix.exeAV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}((((((((((((((((((((((((( Pliki utworzone od 2009-05-16 do 2009-06-16 ))))))))))))))))))))))))))))))).2009-06-02 11:45 . 2009-06-02 11:46 -------- d-----w- c:\documents and settings\Seba\Microsoft Flight Simulator 2004.(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-06-16 00:20 . 2008-11-23 15:59 -------- d-----w- c:\documents and settings\Seba\Dane aplikacji\uTorrent2009-06-15 23:53 . 2008-10-14 18:51 -------- d-----w- c:\documents and settings\Seba\Dane aplikacji\Hamachi2009-06-10 17:12 . 2007-12-23 18:56 -------- d-----w- c:\program files\XMoto2009-05-27 21:37 . 2007-12-08 19:35 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys2009-05-27 21:37 . 2007-12-08 19:35 75096 ----a-w- c:\windows\system32\drivers\avipbb.sys2009-05-27 21:37 . 2007-12-08 19:35 45400 ----a-w- c:\windows\system32\drivers\avgntdd.sys2009-05-20 23:10 . 2007-12-08 22:40 -------- d-----w- c:\documents and settings\Seba\Dane aplikacji\Skype2009-05-15 23:04 . 2009-05-15 23:04 -------- d-----w- c:\program files\Gadu-Gadu2009-05-15 23:01 . 2009-05-15 22:44 -------- d-----w- c:\documents and settings\Seba\Dane aplikacji\Nowe Gadu-Gadu2009-05-15 22:48 . 2009-05-15 22:48 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\OpenFM2009-05-15 22:48 . 2009-05-15 22:48 -------- d-----w- c:\documents and settings\Seba\Dane aplikacji\OpenFM2009-05-08 23:20 . 2008-10-24 22:46 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard2009-05-07 00:44 . 2009-03-17 13:40 -------- d-----w- c:\program files\VirtualBus2009-04-30 22:30 . 2009-04-30 22:30 1194528 ----a-w- c:\windows\system32\nvcplui.exe2009-04-30 20:02 . 2009-05-08 23:20 457248 ----a-w- c:\windows\system32\nvudisp.exe2009-04-30 20:02 . 2009-04-30 20:02 9994240 ----a-w- c:\windows\system32\nvoglnt.dll2009-04-30 20:02 . 2009-04-30 20:02 806912 ----a-w- c:\windows\system32\nvapi.dll2009-04-30 20:02 . 2009-04-30 20:02 663552 ----a-w- c:\windows\system32\nvcuvid.dll2009-04-30 20:02 . 2009-04-30 20:02 1720320 ----a-w- c:\windows\system32\nvcuda.dll2009-04-30 20:02 . 2009-04-30 20:02 1579630 ----a-w- c:\windows\system32\nvdata.bin2009-04-30 20:02 . 2009-04-30 20:02 143360 ----a-w- c:\windows\system32\nvcodins.dll2009-04-30 20:02 . 2009-04-30 20:02 143360 ----a-w- c:\windows\system32\nvcod.dll2009-04-30 20:02 . 2009-04-30 20:02 1314816 ----a-w- c:\windows\system32\nvcuvenc.dll2009-04-30 20:02 . 2009-01-15 07:19 8055584 ----a-w- c:\windows\system32\drivers\nv4_mini.sys2009-04-30 20:02 . 2009-01-15 07:19 5896320 ----a-w- c:\windows\system32\nv4_disp.dll2009-04-30 16:34 . 2007-12-23 19:40 72944 ----a-w- c:\documents and settings\Marek\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT2009-04-26 22:42 . 2009-05-08 23:20 457248 ----a-w- c:\windows\system32\NVUNINST.EXE2009-04-25 23:35 . 2007-12-14 12:48 -------- d-----w- c:\documents and settings\Marek\Dane aplikacji\Skype2009-04-25 23:34 . 2009-04-25 23:34 -------- d-----w- c:\documents and settings\Marek\Dane aplikacji\Nokia2009-04-16 17:06 . 2001-10-26 16:15 488326 ----a-w- c:\windows\system32\perfh015.dat2009-04-16 17:06 . 2001-10-26 16:15 83486 ----a-w- c:\windows\system32\perfc015.dat.((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760]"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2008-03-20 2127296]"Realtek HD Audio Control Panel"="c:\windows\RTHDCPL.EXE" [2007-01-30 16116224][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-17 266497]"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-04-30 86016]"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-30 13750272]"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-04-30 1657376][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]@="Driver"[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\PES 2009\\pes2009.exe"="c:\\Program Files\\uTorrent\\uTorrent.exe"="c:\\Program Files\\PES 2009\\GCP2009.exe"="c:\\Program Files\\Skype\\Phone\\Skype.exe"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"16832:TCP"= 16832:TCP:BitComet 16832 TCP"16832:UDP"= 16832:UDP:BitComet 16832 UDP"14922:TCP"= 14922:TCP:BitComet 14922 TCP"14922:UDP"= 14922:UDP:BitComet 14922 UDP"9350:TCP"= 9350:TCP:BitComet 9350 TCP"9350:UDP"= 9350:UDP:BitComet 9350 UDPR0 avgntmgr;avgntmgr;c:\windows\system32\drivers\avgntmgr.sys [2007-12-08 22360]R1 avgntdd;avgntdd;c:\windows\system32\drivers\avgntdd.sys [2007-12-08 45400]R3 KS-959;Kingsun KS-959 USB Infrared Adapter;c:\windows\system32\drivers\KS-959.sys [2007-12-08 19034]R3 vmfilter323;323 filter service, Normal;c:\windows\system32\drivers\vmfilter323.sys [2008-02-02 476672]R3 ZSMC326;Vimicro USB2.0 PC Camera(VC0323);c:\windows\system32\drivers\usbvm323.sys [2008-02-02 260224]S2 nkvioreipkr;nkvioreipkr;c:\windows\System32\svchost.exe -k netsvcs [2008-09-02 14336]S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-02-25 138112]S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2009-02-25 8320]S3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [2006-10-01 26624]HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcsUxTuneUpnkvioreipkr.Zawartość folderu 'Zaplanowane zadania'2009-06-16 c:\windows\Tasks\1-Click Maintenance.job- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-08-27 11:09]..------- Skan uzupełniający -------.uStart Page = hxxp://www.google.pl/mLocal Page = hxxp://www.google.pl/mStart Page = hxxp://www.google.pl/uInternet Connection Wizard,ShellNext = iexploreIE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000IE: {{B46B0919-62BA-4D99-A5C4-916B57A6805C} - {B46B0919-62BA-4D99-A5C4-916B57A6805C} - c:\program files\Techland\Common\InternetTranslator\InternetTranslator.dllDPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cabDPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cabFF - ProfilePath - .**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-06-16 02:36Windows 5.1.2600 Dodatek Service Pack 3 NTFSskanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************.--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------[HKEY_USERS\S-1-5-21-725345543-1645522239-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{79F85D8D-6B68-26EE-D268-0AFACEF8F771}*]@Allowed: (Read) (RestrictedCode)@Allowed: (Read) (RestrictedCode)[HKEY_USERS\S-1-5-21-725345543-1645522239-839522115-1003\Software\SecuROM\License information*]"datasecu"=hex:83,54,fd,43,6d,32,eb,93,70,88,0a,2e,32,a5,c3,7f,3b,de,c5,5a,eb, b1,4f,91,dd,ab,23,fd,46,06,ad,c2,1a,70,1a,9f,a5,4d,8a,03,31,e1,ed,ac,bb,c0,\"rkeysecu"=hex:09,67,6b,b5,ca,e0,12,cd,96,82,53,ce,84,1c,9a,04.--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------- - - - - - - > 'explorer.exe'(2000)c:\windows\system32\WPDShServiceObj.dllc:\windows\system32\PortableDeviceTypes.dllc:\windows\system32\PortableDeviceApi.dll.Czas ukończenia: 2009-06-16 2:37ComboFix-quarantined-files.txt 2009-06-16 00:37Przed: 201 836 711 936 bajtów wolnychPo: 201 853 542 400 bajtów wolnych
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.