Gość utworzono 18 lipca 2009 utworzono 18 lipca 2009 C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Avira\AntiVir Desktop\sched.exeC:\Program Files\Avira\AntiVir Desktop\avguard.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\system32\svchost.exeC:\PROGRA~1\NEOSTR~1\CnxMon.exeC:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exeC:\PROGRA~1\NEOSTR~1\TaskbarIcon.exeC:\WINDOWS\system32\RunDll32.exeC:\Program Files\Avira\AntiVir Desktop\avgnt.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\WINDOWS\system32\ctfmon.exeD:\Programy\AutoConnect\AutoConnect.exeC:\WINDOWS\system32\wuauclt.exeC:\WINDOWS\explorer.exeD:\Programy\Gadu-Gadu\gg.exeD:\Programy\Winamp\winamp.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.plR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirec...amp;gc=1&q=R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirec...amp;gc=1&q=R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirec...p;gc=1&q=%sR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ŁączaR3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLLR3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dllO2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dllO2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllO3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dllO4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exeO4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /iconO4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exeO4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exeO4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWndO4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /minO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Programy\adobereader\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /bootO4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [AutoConnect] D:\Programy\AutoConnect\AutoConnect.exeO4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exeO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] cmd.exe /c md "%USERPROFILE%\Ustawienia lokalne\Temp" (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_03] cmd.exe /c md "%SystemRoot%\System32\dllcache" (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_04] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_05] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_06] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] cmd.exe /c md "%USERPROFILE%\Ustawienia lokalne\Temp" (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\Programy\Office\OFFICE11\EXCEL.EXE/3000O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Programy\Office\OFFICE11\REFIEBAR.DLLO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO17 - HKLM\System\CCS\Services\Tcpip\..\{3DDA924B-7CA8-4226-B1CF-500AF7B4978F}: NameServer = 194.204.159.1 217.98.63.164O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exeO23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exeO23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exeO23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe (file missing) dziwne wirusy mi sie ostatnio pojawiaja i wrzucam logz hijackthis
MarekM25 komentarz 18 lipca 2009 komentarz 18 lipca 2009 hijackthis to za mało pokaż loga z otl lub RSIT;)
Gość komentarz 18 lipca 2009 komentarz 18 lipca 2009 Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Avira\AntiVir Desktop\sched.exeC:\Program Files\Avira\AntiVir Desktop\avguard.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\system32\svchost.exeC:\PROGRA~1\NEOSTR~1\CnxMon.exeC:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exeC:\PROGRA~1\NEOSTR~1\TaskbarIcon.exeC:\WINDOWS\system32\RunDll32.exeC:\Program Files\Avira\AntiVir Desktop\avgnt.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\WINDOWS\system32\ctfmon.exeD:\Programy\AutoConnect\AutoConnect.exeC:\WINDOWS\system32\wuauclt.exeC:\WINDOWS\explorer.exeD:\Programy\Gadu-Gadu\gg.exeD:\Programy\Winamp\winamp.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeC:\Documents and Settings\kali\Pulpit\RSIT.exeC:\Program Files\Trend Micro\HijackThis\kali.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.plR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirec...amp;gc=1&q=R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirec...amp;gc=1&q=R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirec...p;gc=1&q=%sR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ŁączaR3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLLR3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dllO2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dllO2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllO3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dllO4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exeO4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /iconO4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exeO4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exeO4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWndO4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /minO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Programy\adobereader\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /bootO4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [AutoConnect] D:\Programy\AutoConnect\AutoConnect.exeO4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exeO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] cmd.exe /c md "%USERPROFILE%\Ustawienia lokalne\Temp" (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_03] cmd.exe /c md "%SystemRoot%\System32\dllcache" (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_04] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_05] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_06] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] cmd.exe /c md "%USERPROFILE%\Ustawienia lokalne\Temp" (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\Programy\Office\OFFICE11\EXCEL.EXE/3000O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Programy\Office\OFFICE11\REFIEBAR.DLLO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO17 - HKLM\System\CCS\Services\Tcpip\..\{3DDA924B-7CA8-4226-B1CF-500AF7B4978F}: NameServer = 194.204.159.1 217.98.63.164O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exeO23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exeO23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exeO23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe (file missing)--End of file - 6577 bytes======Scheduled tasks folder======C:\WINDOWS\tasks\Norton Security Scan for kali.job======Registry dump======[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]AskBar BHO - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-07-14 279944][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-05-04 35840][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-05-04 73728][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]{3041d03e-fd4b-44e0-b742-2d9b88305f98} - Ask Toolbar - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-07-14 279944][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]"WooCnxMon"=C:\PROGRA~1\NEOSTR~1\CnxMon.exe [2003-10-16 24576]"SpeedTouch USB Diagnostics"=C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe [2004-01-26 866816]"WOOWATCH"=C:\PROGRA~1\NEOSTR~1\Watch.exe [2003-10-16 20480]"WOOTASKBARICON"=C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe [2003-10-16 53248]"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd []"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]"Adobe Reader Speed Launcher"=D:\Programy\adobereader\Reader\Reader_sl.exe []"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe []"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-05-04 148888]"TrojanScanner"=C:\Program Files\Trojan Remover\Trjscan.exe [2009-05-10 1059208][HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]"AutoConnect"=D:\Programy\AutoConnect\AutoConnect.exe [2006-12-03 310784]"uTorrent"=C:\Program Files\uTorrent\uTorrent.exe [2009-07-09 288048]"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]"dontdisplaylastusername"=0"legalnoticecaption"="legalnoticetext"="shutdownwithoutlogon"=1"undockwithoutlogon"=1"EnableLUA"=0[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]"NoDriveTypeAutoRun"=36"NoDriveAutoRun"=FFFFFFFF[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019""C:\Program Files\SopCast\adv\SopAdver.exe"="C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver""C:\Program Files\SopCast\SopCast.exe"="C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application""C:\Documents and Settings\kali\Ustawienia lokalne\Temp\RarSFX0\hl.exe"="C:\Documents and Settings\kali\Ustawienia lokalne\Temp\RarSFX0\hl.exe:*:Enabled:Half-Life Launcher""D:\gry\cs\hl.exe"="D:\gry\cs\hl.exe:*:Enabled:Half-Life Launcher""D:\Programy\Gadu-Gadu\gg.exe"="D:\Programy\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program główny""D:\gry\cs\hltv.exe"="D:\gry\cs\hltv.exe:*:Enabled:HLTV Launcher""C:\Program Files\RadLight Company\RadLight 4.0\rlkernel.exe"="C:\Program Files\RadLight Company\RadLight 4.0\rlkernel.exe:*:Enabled:Kernel Executable""C:\Program Files\Ares\Ares.exe"="C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows""C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:?Torrent""F:\jxsrk.exe"="F:\jxsrk.exe:*:Enabled:ipsec"[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{91dbd7c1-4b90-11de-a8c3-000e50d5e8e3}]shell\AutoRun\command - H:\setup.exe[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bb9b8e08-2bd9-11de-a844-000e50d5e8e3}]shell\auToPlAY\command - nqrrh.exeshell\AutoRun\command - nqrrh.exeshell\EXpLoRE\command - nqrrh.exeshell\OpEn\command - nqrrh.exe[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f01a2822-2bea-11de-a846-000e50d5e8e3}]shell\AutoRun\command - setup.exe======List of files/folders created in the last 1 months======2009-07-18 23:30:12 ----D---- C:\rsit2009-07-18 23:15:38 ----D---- C:\Program Files\Trend Micro2009-07-18 23:13:01 ----D---- C:\d2009-07-18 22:41:32 ----D---- C:\Program Files\Spybot - Search & Destroy2009-07-18 22:41:32 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy2009-07-18 17:00:12 ----HD---- C:\WINDOWS\PIF2009-07-17 22:36:17 ----RASHD---- C:\autorun.inf2009-07-15 18:03:27 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Norton2009-07-15 18:03:04 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Symantec2009-07-15 18:03:01 ----D---- C:\Program Files\NortonInstaller2009-07-15 18:03:01 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\NortonInstaller2009-07-12 11:35:39 ----D---- C:\Documents and Settings\kali\Dane aplikacji\AutoCAD DWG to PDF Converter2009-07-12 11:35:33 ----A---- C:\WINDOWS\system32\DWGTOPDFX.dll2009-07-12 11:35:32 ----D---- C:\Program Files\AutoCAD DWG to PDF Converter2009-07-12 11:35:32 ----A---- C:\WINDOWS\system32\gsdll32.dll2009-07-12 11:35:32 ----A---- C:\WINDOWS\system32\gdiplus.dll2009-07-12 11:30:42 ----D---- C:\Program Files\cad2cad2009-07-10 10:37:51 ----D---- C:\Program Files\NAPI-PROJEKT2009-07-09 22:47:25 ----D---- C:\Program Files\uTorrent2009-07-09 22:46:49 ----D---- C:\Documents and Settings\kali\Dane aplikacji\uTorrent2009-07-09 22:14:10 ----D---- C:\Program Files\Ares2009-06-20 22:18:20 ----D---- C:\Program Files\Common Files\Symantec Shared2009-06-20 22:18:05 ----D---- C:\Program Files\Norton Security Scan2009-06-20 19:16:30 ----D---- C:\WINDOWS\system32\Adobe2009-06-20 19:13:12 ----A---- C:\WINDOWS\system32\d3dx9_35.dll2009-06-20 19:13:11 ----A---- C:\WINDOWS\system32\d3dx9_31.dll2009-06-20 19:13:08 ----D---- C:\WINDOWS\Logs2009-06-20 19:13:04 ----D---- C:\Program Files\Virtools======List of files/folders modified in the last 1 months======2009-07-18 23:30:19 ----D---- C:\WINDOWS\Prefetch2009-07-18 23:15:38 ----RD---- C:\Program Files2009-07-18 23:11:38 ----D---- C:\Program Files\CCleaner2009-07-18 22:56:05 ----D---- C:\Program Files\Mozilla Firefox2009-07-18 22:55:05 ----D---- C:\Program Files\NetMeeting2009-07-18 22:55:02 ----D---- C:\Program Files\Neostrada TP2009-07-18 22:36:48 ----SD---- C:\Documents and Settings\kali\Dane aplikacji\Microsoft2009-07-18 22:00:51 ----D---- C:\Program Files\Outlook Express2009-07-18 21:02:46 ----D---- C:\Program Files\Messenger2009-07-18 20:38:56 ----D---- C:\WINDOWS\system32\CatRoot22009-07-18 18:44:29 ----A---- C:\WINDOWS\SchedLgU.Txt2009-07-18 17:42:04 ----D---- C:\WINDOWS\system32\drivers2009-07-18 17:42:04 ----D---- C:\WINDOWS\system322009-07-18 17:41:59 ----D---- C:\Program Files\Trojan Remover2009-07-18 17:41:45 ----D---- C:\Program Files\Internet Explorer2009-07-18 17:00:12 ----D---- C:\WINDOWS2009-07-18 16:56:13 ----A---- C:\WINDOWS\system.ini2009-07-17 22:28:54 ----A---- C:\WINDOWS\NeroDigital.ini2009-07-16 21:42:05 ----D---- C:\Mp3 Output2009-07-16 00:45:51 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI2009-07-15 18:03:30 ----SD---- C:\WINDOWS\Tasks2009-07-15 18:03:16 ----SHD---- C:\WINDOWS\Installer2009-06-20 22:18:20 ----D---- C:\Program Files\Common Files2009-06-20 19:41:55 ----D---- C:\WINDOWS\system32\Macromed2009-06-20 19:17:25 ----D---- C:\Documents and Settings\kali\Dane aplikacji\Adobe2009-06-20 19:13:15 ----HD---- C:\WINDOWS\inf2009-06-20 19:13:15 ----D---- C:\WINDOWS\system32\DirectX======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-04-27 96104]R1 intelppm;Sterownik procesora Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 40320]R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-06-09 28520]R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-04-27 55640]R3 alcan5wn;SpeedTouch USB ADSL PPP Networking Driver (NDISWAN); C:\WINDOWS\system32\DRIVERS\alcan5wn.sys [2003-12-08 53600]R3 alcaudsl;SpeedTouch ADSL Modem ATM Transport; C:\WINDOWS\system32\DRIVERS\alcaudsl.sys [2003-12-08 70688]R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-09-13 701440]R3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2003-11-06 755392]R3 FETNDIS;Sterownik NT karty VIA PCI 10/100Mb Fast Ethernet; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2006-09-13 27165]R3 usbehci;Sterownik Miniport rozszerzonego kontrolera hosta USB 2.0 Microsoft; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-09-13 30080]R3 usbhub;Koncentrator z obsługą USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]R3 USBSTOR;Sterownik magazynu masowego USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2006-09-13 26496]R3 usbuhci;Sterownik Miniport uniwersalnego kontrolera hosta USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2006-09-13 20608]S3 ATE_PROCMON;ATE_PROCMON; \??\C:\Program Files\Anti Trojan Elite\ATEPMon.sys []S3 usbccgp;Rodzajowy sterownik nadrzędny USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2006-09-13 31616]S3 usbprint;Klasa PRINTER USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2006-09-13 25856]S3 usbscan;Sterownik skanera USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2006-09-13 15104]S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-06-09 108289]R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-06-09 185089]R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-05-04 152984]R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]S3 Macromedia Licensing Service;Macromedia Licensing Service; C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe []S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]-----------------EOF-----------------
Gość komentarz 19 lipca 2009 komentarz 19 lipca 2009 W logu widać tylko szkodliwe podklucze "mountpoints2". 1. Do Notatnika wklej: Windows Registry Editor Version 5.00[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2] Z menu Notatnika >>> Plik >>> Zapisz jako >>> Ustaw rozszerzenie na: "Wszystkie pliki" >>> Zapisz jako FIX.REG>>> plik uruchom (dwuklik i OK- zgódź się na dodanie do Rejestru). Zrestartuj komputer. 2. Posprzątaj po RSIcie >>> OTCleanIt. 3. Użyj programu Malwarebytes. Wciskamy Skanuj, wybieramy dyski do skanowania i Rozpoczynamy skanowanie, na końcu wciskamy Usuń zaznaczone jak będą i Ok. Wrzuć wygenerowany raport po usuwaniu MBAMem. EDIT: 2009-07-17 22:36:17 ----RASHD---- C:\autorun.inf Pouusuwaj te autorunki z partycji. .
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.