Problem z services.exe

18 lipca 2007

Witam to mój 1 post więc jeżeli coś źle

zrobiłem to przepraszam.

Mam problem tego typu:

często to mi wyskakuje i po

1 min resetuje mi sie komp,

nie wiem co teraz mam zrobić??

proszę o jakieś rozwiązanie problemu

pozdr.

krasny !!

18 lipca 2007

Wchodzisz w start >>> uruchom >>> wpisujesz: shutdown -a

(pomiędzy shutdown <spacja> -a)

Następnie wygeneruj logi z HijackThis i ComboFix.

18 lipca 2007

Wchodzisz w start >>> uruchom >>> wpisujesz: shutdown -a
(pomiędzy shutdown <spacja> -a)

dzięki za szybką odp.

więc gdy zrobiłem to co mówiłeś na początku odtworzyło

mi sie okienko i zaraz sie zamkneło, ale nie wiem oco

Ci chodziło w :

Następnie wygeneruj logi z HijackThis i ComboFix.

mógłbyć napisać

pozdrawiam

18 lipca 2007

http://www.forumpc.pl/viewtopic.php?t=11018

http://www.forumpc.pl/viewtopic.php?t=11017

18 lipca 2007

Logfile of HijackThis v1.99.1

Scan saved at 11:28, on 2007-07-18

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:WINDOWSSystem32smss.exe

C:WINDOWSsystem32winlogon.exe

C:WINDOWSsystem32services.exe

C:WINDOWSsystem32lsass.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSSystem32svchost.exe

C:WINDOWSsystem32spoolsv.exe

C:WINDOWSExplorer.EXE

C:Program FilesVDOToolTBPanel.exe

C:Program FilesEsetnod32kui.exe

C:WINDOWSRTHDCPL.EXE

C:WINDOWSsystem32RUNDLL32.EXE

C:programyGadu-Gadugg.exe

C:WINDOWSsystem32ctfmon.exe

C:programyAutoConnectAutoConnect.exe

C:Program FilesSAGEMSAGEM F@st 800-840dslmon.exe

C:programyAd-Aware 2007aawservice.exe

C:Program FilesBonjourmDNSResponder.exe

C:Program FilesEsetnod32krn.exe

C:WINDOWSsystem32nvsvc32.exe

C:WINDOWSsystem32HPZipm12.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSSystem32svchost.exe

C:WINDOWSsystem32wuauclt.exe

C:Program FilesMozilla Firefoxfirefox.exe

C:Documents and SettingsCzarek KraśniewskiPulpitUSDownloader_SK.FullDir.26.6USDownloader_SK.FullDir.26.6USDownl

ader.exe

C:Documents and SettingsCzarek KraśniewskiPulpitHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.neostrada.pl

R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = L1cza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:PROGRA~1MICROS~2Office12GRA8E1~1.DLL

O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:programymuMegaIEMn.dll

O4 - HKLM..Run: [Gainward] C:Program FilesVDOToolTBPanel.exe /A

O4 - HKLM..Run: [skyTel] SkyTel.EXE

O4 - HKLM..Run: [nwiz] nwiz.exe /install

O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup

O4 - HKLM..Run: [nod32kui] "C:Program FilesEsetnod32kui.exe" /WAITSERVICE

O4 - HKLM..Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM..Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit

O4 - HKCU..Run: [Gadu-Gadu] "C:programyGadu-Gadugg.exe" /tray

O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe

O4 - HKCU..Run: [AutoConnect] C:programyAutoConnectAutoConnect.exe

O4 - HKCU..Run: [updateMgr] "C:Program FilesAdobeAcrobat 7.0ReaderAdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1

O4 - Global Startup: DSLMON.lnk = C:Program FilesSAGEMSAGEM F@st 800-840dslmon.exe

O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:PROGRA~1MICROS~2Office12EXCEL.EXE/3000

O9 - Extra button: Wyolij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~2Office12ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Wyolij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~2Office12ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2Office12REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe

O10 - Unknown file in Winsock LSP: c:program filesbonjourmdnsnsp.dll

O17 - HKLMSystemCCSServicesTcpip..{7257240D-FADC-43EE-865B-7148475ABE0E}: NameServer = 194.204.152.34 217.98.63.164

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:PROGRA~1MICROS~2Office12GR99D3~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:Program FilesCommon FilesMicrosoft SharedHelphxds.dll

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:PROGRA~1COMMON~1MICROS~1OFFICE12MSOXMLMF.DLL

O20 - Winlogon Notify: wineak32 - C:WINDOWSSYSTEM32wineak32.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:WINDOWSsystem32WPDShServiceObj.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:programyAd-Aware 2007aawservice.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:Program FilesBonjourmDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe

O23 - Service: NBService - Nero AG - C:Program FilesNeroNero 7Nero BackItUpNBService.exe

O23 - Service: NMIndexingService - Nero AG - C:Program FilesCommon FilesAheadLibNMIndexingService.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:Program FilesEsetnod32krn.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:WINDOWSsystem32HPZipm12.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:Program FilesCommon FilesSureThing Sharedstllssvr.exe

2007-07-06 11:00	  22016	--a------	C:QooboxQuarantineCWINDOWSsystem32wineak32.dll.vir2007-07-06 11:00	  40183	--a------	C:QooboxQuarantineCProgram FilesCommon FilesYazzle1162OinUninstaller.exe.vir2007-07-06 11:03	  705	--a------	C:QooboxQuarantineCd.exe.vir2007-07-06 22:57	  61114	--a------	C:QooboxQuarantineCWINDOWSsystem32xpdx.sys.vir2007-07-18 11:30	  1074	--a------	C:QooboxQuarantineRegistry_backupsLEGACY_NTIO256.reg.cf2007-07-18 11:30	  2592	--a------	C:QooboxQuarantineRegistry_backupsservices_ntio256.reg.cf2007-07-18 11:30	  294	--a------	C:QooboxQuarantinecatchme.log2007-07-18 11:30	  74	--a------	C:QooboxQuarantineRegistry_backupsservices_xpdx.reg.cfZmienna PATH folderuNumer seryjny woluminu: 10D6-9A4BC:QOOBOX---Quarantine	|   catchme.log	|   	+---C	|   |   d.exe.vir	|   |   	|   +---Program Files	|   |   ---Common Files	|   |		   Yazzle1162OinUninstaller.exe.vir	|   |		   	|   ---WINDOWS	|	   +---SSTEM3~1	|	   ---system32	|			   wineak32.dll.vir	|			   xpdx.sys.vir	|			   	---Registry_backups			LEGACY_NTIO256.reg.cf			services_ntio256.reg.cf			services_xpdx.reg.cf

nie wiem czy oto dokładnie chodziło

18 lipca 2007

Zablokuj porty programami WWDC i Seconfig XP

- Log z HijackThis ma być w najnowszej wersji: http://stopwirusom.pl/index.php?option=com...11&Itemid=4

- Log z ComboFix znajduje się C:ComboFix.txt. Ten, który wkleiłeś jest nie prawidłowy.

18 lipca 2007

"Czarek Kra˜niewski" - 2007-07-18 11:29:48 - ComboFix 07-07-14.6 - Dodatek Service Pack 2 NTFS

(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))

C:WINDOWSsystem32wineak32.dll

* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:d.exe

C:Program FilesCommon FilesYazzle1162OinAdmin.exe

C:Program FilesCommon FilesYazzle1162OinUninstaller.exe

C:WINDOWSsstem3~1

C:WINDOWSsstem3~1spoolsv.exe~

C:WINDOWSsystem32ntio256.sys

C:WINDOWSsystem32protector.exe

C:WINDOWSsystem32xpdx.sys

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

-------LEGACY_NTIO256

-------ntio256

-------xpdx

((((((((((((((((((((((((( Files Created from 2007-06-18 to 2007-07-18 )))))))))))))))))))))))))))))))

2007-07-18 11:21 51,200 --a------ C:WINDOWSnircmd.exe

2007-07-17 19:50 356,352 --a------ C:WINDOWSsystem32nvudisp.exe

2007-07-17 19:50 <DIR> d-------- C:WINDOWSNV38883892.TMP

2007-07-17 19:48 <DIR> d-------- C:NVIDIA

2007-07-17 19:46 12,325 --a------ C:WINDOWScddcf.dll

2007-07-16 01:10 <DIR> d-------- C:DOCUME~1ALLUSE~1DANEAP~1TrackMania United

2007-07-13 17:14 <DIR> d-------- C:Program FilesReal Alternative

2007-07-13 17:14 <DIR> d-------- C:Program FilesMedia Player Classic

2007-07-13 17:14 <DIR> d-------- C:DOCUME~1CZAREK~1DANEAP~1Real

2007-07-13 17:14 <DIR> d-------- C:DOCUME~1ALLUSE~1DANEAP~1Real

2007-07-13 10:52 129,784 --------- C:WINDOWSsystem32pxafs.dll

2007-07-13 10:52 115,880 --------- C:WINDOWSsystem32pxinsi64.exe

2007-07-13 10:52 <DIR> d-------- C:Program FilesWinamp

2007-07-13 10:32 <DIR> d-------- C:Program FilesSave

2007-07-13 10:31 <DIR> d-------- C:My Downloads

2007-07-13 10:27 <DIR> d-------- C:Program FilesBearShare applications

2007-07-12 08:24 409,600 --a------ C:WINDOWSsystem32wrap_oal.dll

2007-07-12 08:24 114,688 --a------ C:WINDOWSsystem32OpenAL32.dll

2007-07-12 08:24 <DIR> d-------- C:Program FilesOpenAL

2007-07-12 00:46 271,224 --a------ C:WINDOWSsystem32mucltui.dll

2007-07-12 00:46 208,248 --a------ C:WINDOWSsystem32muweb.dll

2007-07-11 21:56 <DIR> d-------- C:DOCUME~1CZAREK~1DANEAP~1Gearbox Software

2007-07-11 12:11 29,704 --a------ C:WINDOWSsystem32uxtuneup.dll

2007-07-11 12:11 <DIR> d-------- C:DOCUME~1CZAREK~1DANEAP~1TuneUp Software

2007-07-11 12:11 <DIR> d-------- C:DOCUME~1ALLUSE~1DANEAP~1TuneUp Software

2007-07-10 23:08 <DIR> d-------- C:DOCUME~1CZAREK~1WINDOWS

2007-07-10 11:49 64,000 --a------ C:WINDOWSsystem32driverse4ldr.sys

2007-07-10 11:49 50,007 --a------ C:WINDOWSsystem32driversadildr.sys

2007-07-10 11:49 46,892 --a------ C:WINDOWSsystem32ADADIX16.DLL

2007-07-10 11:49 4,981 --a------ C:WINDOWSsystem32ADADIX2K.DLL

2007-07-10 11:49 24,576 --a------ C:WINDOWSenddisk32.exe

2007-07-10 11:49 22,395 --a------ C:WINDOWSsystem32driversfpga.bin

2007-07-10 11:49 155,648 --a------ C:WINDOWSsystem32adadix32.dll

2007-07-10 11:49 152,220 --a------ C:WINDOWSsystem32driversL1E4I2.BIN

2007-07-10 11:49 152,220 --a------ C:WINDOWSsystem32driversL1E4I1.BIN

2007-07-10 11:49 152,220 --a------ C:WINDOWSsystem32driversL1E4I0.BIN

2007-07-10 11:49 152,132 --a------ C:WINDOWSsystem32driversL1E4P2.BIN

2007-07-10 11:49 152,132 --a------ C:WINDOWSsystem32driversL1E4P1.BIN

2007-07-10 11:49 152,132 --a------ C:WINDOWSsystem32driversL1E4P0.BIN

2007-07-10 11:49 152,126 --a------ C:WINDOWSsystem32driversL1E9P2.BIN

2007-07-10 11:49 152,126 --a------ C:WINDOWSsystem32driversL1E9P1.BIN

2007-07-10 11:49 152,126 --a------ C:WINDOWSsystem32driversL1E9P0.BIN

2007-07-10 11:49 152,126 --a------ C:WINDOWSsystem32driversL1E9I2.BIN

2007-07-10 11:49 152,126 --a------ C:WINDOWSsystem32driversL1E9I1.BIN

2007-07-10 11:49 152,126 --a------ C:WINDOWSsystem32driversL1E9I0.BIN

2007-07-10 11:49 152,036 --a------ C:WINDOWSsystem32driversL1E4D2.BIN

2007-07-10 11:49 152,034 --a------ C:WINDOWSsystem32driversL1E4D1.BIN

2007-07-10 11:49 152,034 --a------ C:WINDOWSsystem32driversL1E4D0.BIN

2007-07-10 11:49 135,168 --a------ C:WINDOWSsystem32unaddrv.exe

2007-07-10 11:49 127,456 --a------ C:WINDOWSsystem32IPDETECT.EXE

2007-07-10 11:49 126,976 --a------ C:WINDOWSsystem32coclassfast.dll

2007-07-10 11:49 126,489 --a------ C:WINDOWSsystem32driversadiusbaw.sys

2007-07-10 11:49 116,992 --a------ C:WINDOWSsystem32driverse4usbaw.sys

2007-07-10 11:20 <DIR> d-------- C:WINDOWSLastGood

2007-07-10 00:02 69,632 --a------ C:WINDOWSALCMTR.EXE

2007-07-09 23:38 <DIR> d-------- C:DOCUME~1ALLUSE~1DANEAP~1NVIDIA

2007-07-09 15:21 <DIR> d-------- C:bin

2007-07-08 10:55 28,672 -ra------ C:WINDOWSsystem32adinst32.dll

2007-07-08 10:37 <DIR> d--hs---- C:WINDOWSftpcache

2007-07-07 10:16 512,096 --a------ C:WINDOWSsystem32driversamon.sys

2007-07-07 10:16 298,104 --a------ C:WINDOWSsystem32imon.dll

2007-07-07 10:16 15,424 --a------ C:WINDOWSsystem32driversnod32drv.sys

2007-07-06 17:24 <DIR> d-------- C:WINDOWSsystem32wins

2007-07-06 17:24 <DIR> d-------- C:WINDOWSsystem32ShellExt

2007-07-06 17:24 <DIR> d-------- C:WINDOWSsystem32export

2007-07-06 17:24 <DIR> d-------- C:WINDOWSsystem32dhcp

2007-07-06 17:24 <DIR> d-------- C:WINDOWSsystem323com_dmi

2007-07-06 17:24 <DIR> d-------- C:WINDOWSsystem323076

2007-07-06 17:24 <DIR> d-------- C:WINDOWSsystem322052

2007-07-06 17:24 <DIR> d-------- C:WINDOWSsystem321054

2007-07-06 17:24 <DIR> d-------- C:WINDOWSsystem321042

2007-07-06 17:24 <DIR> d-------- C:WINDOWSsystem321041

2007-07-06 17:24 <DIR> d-------- C:WINDOWSsystem321037

2007-07-06 17:24 <DIR> d-------- C:WINDOWSsystem321031

2007-07-06 17:24 <DIR> d-------- C:WINDOWSsystem321028

2007-07-06 17:24 <DIR> d-------- C:WINDOWSsystem321025

2007-07-06 17:24 <DIR> d-------- C:WINDOWSmui

2007-07-06 17:24 <DIR> d-------- C:WINDOWSConnection Wizard

2007-07-06 17:24 <DIR> d-------- C:WINDOWSConfig

2007-07-06 17:24 <DIR> d-------- C:WINDOWSaddins

2007-07-06 15:54 2,829 --a------ C:WINDOWSWar3Unin.pif

2007-07-06 15:54 16,895 --a------ C:WINDOWSWar3Unin.dat

2007-07-06 15:54 126,976 --a------ C:WINDOWSWar3Unin.exe

2007-07-06 15:52 <DIR> d-------- C:Program FilesWarcraft III

2007-07-06 15:45 <DIR> d-------- C:WINDOWSPrefetch

2007-07-06 15:41 0 -rahs---- C:MSDOS.SYS

2007-07-06 15:41 0 -rahs---- C:IO.SYS

2007-07-06 15:41 0 --a------ C:CONFIG.SYS

2007-07-06 15:41 0 --a------ C:AUTOEXEC.BAT

2007-07-06 15:40 <DIR> d--h----- C:Program FilesWindowsUpdate

2007-07-06 15:37 20,992 --a------ C:WINDOWSsystem32driversRTL8139.sys

2007-07-06 15:36 <DIR> d-------- C:WINDOWSNV808896.TMP

2007-07-06 15:32 24,661 --a------ C:WINDOWSsystem32spxcoins.dll

2007-07-06 15:32 13,312 --a------ C:WINDOWSsystem32irclass.dll

2007-07-06 15:32 <DIR> d--h----- C:DOCUME~1ALLUSE~1Szablony

2007-07-06 15:32 <DIR> d-------- C:DOCUME~1DEFAUL~1Pulpit

2007-07-06 15:32 <DIR> d-------- C:DOCUME~1DEFAUL~1Moje dokumenty

2007-07-06 15:32 <DIR> d-------- C:DOCUME~1ALLUSE~1Ulubione

2007-07-06 15:06 <DIR> dr------- C:DOCUME~1ADMINI~1Moje dokumenty

2007-07-06 15:06 <DIR> d-a------ C:DOCUME~1ALLUSE~1DANEAP~1TEMP

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-17 17:05:49 68,554 ----a-w C:WINDOWSsystem32perfc015.dat

2007-07-17 17:05:49 439,670 ----a-w C:WINDOWSsystem32perfh015.dat

2007-07-10 09:49:32 33 ----a-w C:WINDOWSsystem32driversadidsl.cfg

2007-06-28 22:43:00 81,920 ----a-w C:WINDOWSsystem32nvmctray.dll

2007-06-28 22:43:00 8,466,432 ----a-w C:WINDOWSsystem32nvcpl.dll

2007-06-28 22:43:00 753,664 ----a-w C:WINDOWSsystem32nvcplui.exe

2007-06-28 22:43:00 6,234,112 ----a-w C:WINDOWSsystem32nvdisps.dll

2007-06-28 22:43:00 5,690,624 ----a-w C:WINDOWSsystem32nv4_disp.dll

2007-06-28 22:43:00 5,455,872 ----a-w C:WINDOWSsystem32nvdispsr.dll

2007-06-28 22:43:00 458,752 ----a-w C:WINDOWSsystem32nvmccssr.dll

2007-06-28 22:43:00 45,056 ----a-w C:WINDOWSsystem32nvmccsrs.dll

2007-06-28 22:43:00 360,448 ----a-w C:WINDOWSsystem32nvapi.dll

2007-06-28 22:43:00 307,200 ----a-w C:WINDOWSsystem32nvexpbar.dll

2007-06-28 22:43:00 3,600,384 ----a-w C:WINDOWSsystem32nvvitvsr.dll

2007-06-28 22:43:00 3,518,464 ----a-w C:WINDOWSsystem32nvvitvs.dll

2007-06-28 22:43:00 3,321,856 ----a-w C:WINDOWSsystem32nvgames.dll

2007-06-28 22:43:00 3,072,000 ----a-w C:WINDOWSsystem32nvgamesr.dll

2007-06-28 22:43:00 253,952 ----a-w C:WINDOWSsystem32nvrspl.dll

2007-06-28 22:43:00 229,376 ----a-w C:WINDOWSsystem32nvmccs.dll

2007-06-28 22:43:00 2,854,912 ----a-w C:WINDOWSsystem32nvmoblsr.dll

2007-06-28 22:43:00 2,416,640 ----a-w C:WINDOWSsystem32nvwssr.dll

2007-06-28 22:43:00 2,330,624 ----a-w C:WINDOWSsystem32nvwss.dll

2007-06-28 22:43:00 188,416 ----a-w C:WINDOWSsystem32nvmccss.dll

2007-06-28 22:43:00 155,716 ----a-w C:WINDOWSsystem32nvsvc32.exe

2007-06-28 22:43:00 147,456 ----a-w C:WINDOWSsystem32nvcolor.exe

2007-06-28 22:43:00 1,339,392 ----a-w C:WINDOWSsystem32nvdspsch.exe

2007-06-28 22:43:00 1,142,784 ----a-w C:WINDOWSsystem32nvmobls.dll

2007-06-28 22:43:00 1,073,152 ----a-w C:WINDOWSsystem32nvcpluir.dll

2007-06-28 22:43:00 1,019,904 ----a-w C:WINDOWSsystem32nvwimg.dll

2007-06-26 13:37:39 -------- d-----w C:Program FilesUsługi online

2007-06-04 13:18:48 9,344 ----a-w C:WINDOWSsystem32driversNSDriver.sys

2007-06-04 13:17:02 8,320 ----a-w C:WINDOWSsystem32driversAWRTRD.sys

2007-06-04 13:14:56 6,272 ----a-w C:WINDOWSsystem32driversAWRTPD.sys

2007-05-16 07:42:22 972,336 ----a-w C:WINDOWSUNNeroMediaHome.exe

2007-05-15 07:45:14 972,336 ----a-w C:WINDOWSUNNeroVision.exe

2007-04-23 14:42:50 972,336 ----a-w C:WINDOWSUNRecode.exe

2007-04-19 11:26:00 581,632 ----a-w C:WINDOWSsystem32nvhwvid.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE~Browser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

2006-01-12 20:38 63128 --a------ C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll

[HKEY_LOCAL_MACHINE~Browser Helper Objects{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]

2006-10-27 00:48 2210608 --a------ C:PROGRA~1MICROS~2Office12GRA8E1~1.DLL

[HKEY_LOCAL_MACHINE~Browser Helper Objects{bf00e119-21a3-4fd1-b178-3b8537e75c92}]

2007-06-19 17:08 110592 --a------ C:programymuMegaIEMn.dll

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]

"Gainward"="C:Program FilesVDOToolTBPanel.exe" [2006-09-13 09:58]

"SkyTel"="SkyTel.EXE" [2006-05-16 12:04 C:WINDOWSSkyTel.exe]

"nwiz"="nwiz.exe" [2007-06-29 00:43 C:WINDOWSsystem32nwiz.exe]

"nod32kui"="C:Program FilesEsetnod32kui.exe" [2007-07-07 10:16]

"RTHDCPL"="RTHDCPL.EXE" [2006-06-13 14:05 C:WINDOWSRTHDCPL.EXE]

"Alcmtr"="ALCMTR.EXE" [2005-05-03 12:43 C:WINDOWSALCMTR.EXE]

"NvCplDaemon"="C:WINDOWSsystem32NvCpl.dll" [2007-06-29 00:43]

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]

"Gadu-Gadu"="C:programyGadu-Gadugg.exe" [2007-05-10 16:36]

"ctfmon.exe"="C:WINDOWSsystem32ctfmon.exe" [2006-03-02 14:00]

"AutoConnect"="C:programyAutoConnectAutoConnect.exe" [2006-12-03 01:14]

"updateMgr"="C:Program FilesAdobeAcrobat 7.0ReaderAdobeUpdateManager.exe" [2005-10-24 15:53]

[HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionrunonce]

"^SetupICWDesktop"=

"tscuninstall"=%systemroot%system32tscupgrd.exe

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellExecuteHoo

s]

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="C:PROGRA~1MICROS~2Office12GRA8E1~1.DLL" [2006-10-27 00:48]

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsafebootminimalaawservice]

HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionSvchost - netsvcs

UxTuneUp

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2G]

AutoRuncommand- G:autoplay.exe

Contents of the 'Scheduled Tasks' folder

2007-07-13 15:16:09 C:WINDOWStasks1-Click Maintenance.job

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-07-18 11:32:52

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

Completion time: 2007-07-18 11:33:37 - machine was rebooted

C:ComboFix-quarantined-files.txt ... 2007-07-18 11:33

--- E O F ---

[ Dodano: 2007-07-18, 11:41 ]

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:42:21, on 2007-07-18

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:WINDOWSSystem32smss.exe

C:WINDOWSsystem32winlogon.exe

C:WINDOWSsystem32services.exe

C:WINDOWSsystem32lsass.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSSystem32svchost.exe

C:WINDOWSsystem32spoolsv.exe

C:WINDOWSExplorer.EXE

C:programyAd-Aware 2007aawservice.exe

C:Program FilesBonjourmDNSResponder.exe

C:Program FilesEsetnod32krn.exe

C:WINDOWSsystem32nvsvc32.exe

C:WINDOWSsystem32HPZipm12.exe

C:WINDOWSsystem32svchost.exe

C:Program FilesVDOToolTBPanel.exe

C:Program FilesEsetnod32kui.exe

C:WINDOWSRTHDCPL.EXE

C:programyGadu-Gadugg.exe

C:WINDOWSsystem32ctfmon.exe

C:programyAutoConnectAutoConnect.exe

C:Program FilesSAGEMSAGEM F@st 800-840dslmon.exe

C:WINDOWSSystem32svchost.exe

C:Program FilesMozilla Firefoxfirefox.exe

C:WINDOWSsystem32wuauclt.exe

C:WINDOWSsystem32NOTEPAD.EXE

C:Documents and SettingsCzarek KraśniewskiPulpitHiJackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.neostrada.pl

R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = about:blank

R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:PROGRA~1MICROS~2Office12GRA8E1~1.DLL

O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:programymuMegaIEMn.dll

O4 - HKLM..Run: [Gainward] C:Program FilesVDOToolTBPanel.exe /A

O4 - HKLM..Run: [skyTel] SkyTel.EXE

O4 - HKLM..Run: [nwiz] nwiz.exe /install

O4 - HKLM..Run: [nod32kui] "C:Program FilesEsetnod32kui.exe" /WAITSERVICE

O4 - HKLM..Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM..Run: [Alcmtr] ALCMTR.EXE

O4 - HKCU..Run: [Gadu-Gadu] "C:programyGadu-Gadugg.exe" /tray

O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe

O4 - HKCU..Run: [AutoConnect] C:programyAutoConnectAutoConnect.exe

O4 - HKCU..Run: [updateMgr] "C:Program FilesAdobeAcrobat 7.0ReaderAdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1

O4 - HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'USŁUGA LOKALNA')

O4 - HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'USŁUGA SIECIOWA')

O4 - HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'SYSTEM')

O4 - HKUSS-1-5-18..RunOnce: [^SetupICWDesktop] (User 'SYSTEM')

O4 - HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'Default user')

O4 - HKUS.DEFAULT..RunOnce: [^SetupICWDesktop] (User 'Default user')

O4 - Global Startup: DSLMON.lnk = C:Program FilesSAGEMSAGEM F@st 800-840dslmon.exe

O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:PROGRA~1MICROS~2Office12EXCEL.EXE/3000

O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~2Office12ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~2Office12ONBttnIE.dll