androlo utworzono 18 lipca 2007 utworzono 18 lipca 2007 Logfile of HijackThis v1.99.1Scan saved at 22:56:21, on 2007-07-18 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:WINDOWSSystem32smss.exe C:WINDOWSsystem32winlogon.exe C:WINDOWSsystem32services.exe C:WINDOWSsystem32lsass.exe C:WINDOWSsystem32svchost.exe C:WINDOWSSystem32svchost.exe C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe C:Program FilesAlwil SoftwareAvast4ashServ.exe C:WINDOWSsystem32spoolsv.exe C:WINDOWSsystem32nvsvc32.exe C:Program FilesCyberLinkShared FilesRichVideo.exe C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe C:Program FilesAlwil SoftwareAvast4ashWebSv.exe C:WINDOWSsystem32RunDLL32.exe C:Program FilesVIARAIDraid_tool.exe C:PROGRA~1ALWILS~1Avast4ashDisp.exe C:Program FilesWinampwinampa.exe C:WINDOWSRTHDCPL.EXE C:Program FilesCyberLinkPowerDVDPDVDServ.exe C:Program FilesJavajre1.6.0_01binjusched.exe C:Program FilesAGLOCO ViewbarViewbar.exe C:WINDOWSsystem32ctfmon.exe C:Program FilesMessengermsmsgs.exe C:Program FilesRALINKRT2500 Wireless LAN CardInstallerWINXPRaConfig2500.exe C:WINDOWSsystem32wuauclt.exe C:WINDOWSsystem32wscntfy.exe C:WINDOWSexplorer.exe C:Program FilesGadu-Gadugg.exe C:Program FilesWinampwinamp.exe C:Program Filesinternet exploreriexplore.exe C:Program Filesinternet exploreriexplore.exe C:DOCUME~1ADMINI~1USTAWI~1TempKatalog tymczasowy 1 dla hijackthis_199.zipHijackThis.exe R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.onet.pl/ R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_01binssv.dll O4 - HKLM..Run: [nwiz] nwiz.exe /install O4 - HKLM..Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM..Run: [RaidTool] C:Program FilesVIARAIDraid_tool.exe O4 - HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe O4 - HKLM..Run: [WinampAgent] C:Program FilesWinampwinampa.exe O4 - HKLM..Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM..Run: [RemoteControl] "C:Program FilesCyberLinkPowerDVDPDVDServ.exe" O4 - HKLM..Run: [LanguageShortcut] "C:Program FilesCyberLinkPowerDVDLanguageLanguage.exe" O4 - HKLM..Run: [sunJavaUpdateSched] "C:Program FilesJavajre1.6.0_01binjusched.exe" O4 - HKLM..Run: [Viewbar] C:Program FilesAGLOCO ViewbarViewbar.exe O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe O4 - HKCU..Run: [MsnMsgr] "C:Program FilesMSN MessengerMsnMsgr.Exe" /background O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background O4 - HKCU..Run: [Gadu-Gadu] "C:Program FilesGadu-Gadugg.exe" /tray O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:Program FilesAdobeReader 8.0Readerreader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:Program FilesAdobeReader 8.0ReaderAdobeCollabSync.exe O4 - Global Startup: RaConfig2500.lnk = C:Program FilesRALINKRT2500 Wireless LAN CardInstallerWINXPRaConfig2500.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_01binssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_01binssv.dll O9 - Extra button: BetOnBet Poker - {2B936D2B-EDD7-405f-9057-3685BE897E62} - C:Program FilesbetonbetMPPMPPoker.exe (file missing) O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:PokerTitan Pokercasino.exe O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:PokerTitan Pokercasino.exe O9 - Extra button: Golden Riviera Poker - {85BFB6E0-96F9-4424-8819-1D67E9F78D33} - C:Program FilesgoldenrivieraMPPMPPoker.exe O9 - Extra button: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:PokerCDPokercasino.exe O9 - Extra 'Tools' menuitem: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:PokerCDPokercasino.exe O9 - Extra button: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:Program FilesPartyGamingPartyCasinoRunCasino.exe (file missing) O9 - Extra 'Tools' menuitem: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:Program FilesPartyGamingPartyCasinoRunCasino.exe (file missing) O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:Program FilesPartyGamingPartyPokerRunApp.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:Program FilesPartyGamingPartyPokerRunApp.exe O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:Program FilesBodog PokerBPGame.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe O9 - Extra button: CarbonPoker - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:Program FilesCarbonPokerPoker.exe (HKCU) O16 - DPF: {360E40AA-EE8B-4101-BA67-0CAD3F7A48DD} (Nyoko Downloader Class) - http://www.gamingclubpoker.com/download_helper/Nyoko.cab O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (Download Helper Class) - http://activex.microgaming.com/dlhelper/ve...n7/dlhelper.cab O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://goldenriviera.microgaming.com/golde...era/FlashAX.cab O17 - HKLMSystemCCSServicesTcpip..{56F0396A-359E-4F60-8BF4-D3229567672A}: NameServer = 212.244.133.213,85.219.244.253 O17 - HKLMSystemCCSServicesTcpip..{9B0FECF4-73C3-41E0-A9DF-20B03E23BE53}: NameServer = 212.244.133.213,85.219.244.253 O17 - HKLMSystemCS1ServicesTcpip..{56F0396A-359E-4F60-8BF4-D3229567672A}: NameServer = 212.244.133.213,85.219.244.253 O17 - HKLMSystemCS2ServicesTcpip..{56F0396A-359E-4F60-8BF4-D3229567672A}: NameServer = 212.244.133.213,85.219.244.253 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashWebSv.exe" /service (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:Program FilesCyberLinkShared FilesRichVideo.exe
CatchMe komentarz 19 lipca 2007 komentarz 19 lipca 2007 W logu nic nie ma. Skasuj resztki wpisów: O9 - Extra button: BetOnBet Poker - {2B936D2B-EDD7-405f-9057-3685BE897E62} - C:Program FilesbetonbetMPPMPPoker.exe (file missing) O9 - Extra button: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:Program FilesPartyGamingPartyCasinoRunCasino.exe (file missing) O9 - Extra 'Tools' menuitem: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:Program FilesPartyGamingPartyCasinoRunCasino.exe (file missing) O16 - DPF: {360E40AA-EE8B-4101-BA67-0CAD3F7A48DD} (Nyoko Downloader Class) - http://www.gamingclubpoke...elper/Nyoko.cab O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (Download Helper Class) - http://activex.microgamin...n7/dlhelper.cab O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://goldenriviera.microgaming.com/golde...era/FlashAX.cab - Wklej log z ComboFix.
androlo komentarz 19 lipca 2007 Autor komentarz 19 lipca 2007 [/code]"Administrator" - 2007-07-19 20:12:05 - ComboFix 07-07-14.6 - Dodatek Service Pack 2 NTFS ((((((((((((((((((((((((( Files Created from 2007-06-19 to 2007-07-19 )))))))))))))))))))))))))))))))2007-07-17 21:59 <DIR> d-------- C:WINDOWSsystem32FlashAX2007-07-10 20:12 51,200 --a------ C:WINDOWSnircmd.exe2007-07-09 22:27 <DIR> d-------- C:Program FilesTrend Micro2007-07-08 17:13 3,426,072 --a------ C:WINDOWSsystem32d3dx9_32.dll2007-07-05 21:41 <DIR> d--hs---- C:WINDOWSftpcache2007-06-28 21:32 <DIR> d-------- C:Program FilesEverest Poker2007-06-26 20:57 1,024 --a------ C:test.bin2007-06-21 02:42 <DIR> d-------- C:DOCUME~1ADMINI~1DANEAP~1Gadu-Gadu(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))2007-07-19 16:41:15 0 ----a-w C:WINDOWSsystem32dummy.dat2007-07-19 15:12:43 -------- d-----w C:Program FilesUnibetpokerMPP2007-07-19 06:10:09 -------- d-----w C:Program FilesB2BPOKER2007-07-19 06:07:19 -------- d-----w C:DOCUME~1ADMINI~1DANEAP~1Betfair2007-07-19 05:29:35 -------- d-----w C:Program FilesBodog Poker2007-07-19 05:23:57 -------- d-----w C:Program FilesPokerStars2007-07-19 05:21:28 -------- d-----w C:Program FilesBugsysClub Software2007-07-19 04:51:48 -------- d-----w C:DOCUME~1ADMINI~1DANEAP~1Microgaming2007-07-19 04:47:16 -------- d-----w C:Program FilesUSDbetCom2007-07-18 14:38:35 -------- d-----w C:Program FilesAbsolute Poker2007-07-17 17:36:14 -------- d-----w C:Program FilesRed Kings Poker2007-07-11 19:35:24 -------- d-----w C:Program FilesPOKER4EVER2007-07-10 20:14:06 -------- d-----w C:Program FilesTheNutz2007-07-10 13:20:35 -------- d-----w C:Program FilesGadu-Gadu2007-07-05 20:24:18 -------- d-----w C:Program FilesHeyPoker2007-06-27 14:58:49 -------- d-----w C:Program FilesBetsson Poker2007-06-27 14:44:56 -------- d-----w C:Program FilesInterwetten2007-06-27 14:06:52 -------- d-----w C:Program FilesSunPoker.com2007-06-27 14:04:51 -------- d-----w C:Program FilesParadisePoker2007-06-21 15:26:43 -------- d-----w C:Program FilesPartyGaming2007-06-17 06:41:21 -------- d-----w C:Program FilesAGLOCO Viewbar2007-06-07 12:36:40 -------- d--h--w C:Program FilesZero G Registry2007-06-02 11:24:30 -------- d-----w C:Program FilesTowerGaming2007-06-02 11:23:30 -------- d--h--w C:Program FilesInstallShield Installation Information2007-06-02 11:23:29 -------- d-----w C:Program FilesEmpire Interactive2007-05-30 19:18:37 -------- d-----w C:Program FilesVS Online2007-05-29 20:05:14 12,464 ----a-w C:WINDOWSsystem32driversCdaD10BA.SYS2007-04-30 15:46:10 745,600 ----a-w C:WINDOWSsystem32aswBoot.exe2007-04-30 15:35:28 95,872 -c--a-w C:WINDOWSsystem32AVASTSS.scr2006-12-25 10:26:49 56 -csh--r C:WINDOWSsystem3290F1C62B54.sys2006-12-25 10:26:49 10,022 -csha-w C:WINDOWSsystem32KGyGaAvL.sys((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))*Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE~Browser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]2006-10-22 23:08 62080 --a------ C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll[HKEY_LOCAL_MACHINE~Browser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]2007-03-14 03:43 501400 --a------ C:Program FilesJavajre1.6.0_01binssv.dll[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]"nwiz"="nwiz.exe" [2006-06-01 11:22 C:WINDOWSsystem32nwiz.exe]"NvMediaCenter"="NvMCTray.dll" [2006-06-01 11:22 C:WINDOWSsystem32nvmctray.dll]"RaidTool"="C:Program FilesVIARAIDraid_tool.exe" [2005-11-23 04:12]"avast!"="C:PROGRA~1ALWILS~1Avast4ashDisp.exe" [2007-04-30 17:42]"WinampAgent"="C:Program FilesWinampwinampa.exe" [2006-11-21 19:38]"RTHDCPL"="RTHDCPL.EXE" [2006-04-17 09:34 C:WINDOWSRTHDCPL.exe]"RemoteControl"="C:Program FilesCyberLinkPowerDVDPDVDServ.exe" [2006-09-18 12:08]"LanguageShortcut"="C:Program FilesCyberLinkPowerDVDLanguageLanguage.exe" [2006-09-29 22:58]"SunJavaUpdateSched"="C:Program FilesJavajre1.6.0_01binjusched.exe" [2007-03-14 03:43]"Viewbar"="C:Program FilesAGLOCO ViewbarViewbar.exe" [2007-06-13 11:04][HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]"CTFMON.EXE"="C:WINDOWSsystem32ctfmon.exe" [2004-08-04 00:44]"MsnMsgr"="C:Program FilesMSN MessengerMsnMsgr.exe" []"MSMSGS"="C:Program FilesMessengermsmsgs.exe" [2004-08-04 01:55]"Gadu-Gadu"="C:Program FilesGadu-Gadugg.exe" [2007-05-10 16:36]**************************************************************************catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.netRootkit scan 2007-07-19 20:13:14Windows 5.1.2600 Dodatek Service Pack 2 NTFSscanning hidden processes ...scanning hidden autostart entries ...scanning hidden files ...scan completed successfullyhidden files: 0**************************************************************************Completion time: 2007-07-19 20:13:41C:ComboFix-Do.txt ... 2007-07-18 22:22C:ComboFix2.txt ... 2007-07-18 22:28C:ComboFix3.txt ... 2007-07-18 22:18 --- E O F ---[code]
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.