sm utworzono 23 lipca 2007 utworzono 23 lipca 2007 Trojan.W32.looksky nie umie go usunąć :/ Kasperkskim, SpyBotem, Adwarem Wklejam loga z HiJackThis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:57:10, on 2007-07-20 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:WINDOWSSystem32smss.exe C:WINDOWSsystem32winlogon.exe C:WINDOWSsystem32services.exe C:WINDOWSsystem32lsass.exe C:WINDOWSsystem32svchost.exe C:WINDOWSSystem32svchost.exe C:WINDOWSsystem32spoolsv.exe C:WINDOWSExplorer.EXE C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0avp.exe C:WINDOWSsystem32nvsvc32.exe C:WINDOWSsystem32svchost.exe C:WINDOWSsystem32ctfmon.exe C:WINDOWSsystem32wuauclt.exe C:Program FilesGadu-Gadugg.exe C:Program FilesWinampwinamp.exe C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0avp.exe C:Program FilesInternet Exploreriexplore.exe D:HiJackThis.exe R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2 R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = Neostrada TP R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:PROGRA~1NEOSTR~1SEARCH~1.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:PROGRA~1SPYBOT~1SDHelper.dll O2 - BHO: MSVPS System - {85E659D3-E110-4CE7-9D99-416FD61A1720} - C:WINDOWSsoundplugin.dll O4 - HKLM..Run: [WooCnxMon] C:PROGRA~1NEOSTR~1CnxMon.exe O4 - HKLM..Run: [speedTouch USB Diagnostics] "C:Program FilesThomsonSpeedTouch USBDragdiag.exe" /icon O4 - HKLM..Run: [WOOWATCH] C:PROGRA~1NEOSTR~1Watch.exe O4 - HKLM..Run: [WOOTASKBARICON] C:PROGRA~1NEOSTR~1TaskbarIcon.exe O4 - HKLM..Run: [AVP] "C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0avp.exe" O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup O4 - HKLM..Run: [nwiz] nwiz.exe /install O4 - HKLM..Run: [NI.UGA6P_0001_N111M1707] "C:Documents and SettingsLeipeltPulpitinstall_en.exe" -nag O4 - HKLM..Run: [AVSystemCare] C:Program FilesAVSystemCarepgs.exe O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe O4 - HKCU..Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:Program FilesCommon FilesAheadLibNMBgMonitor.exe" O4 - HKCU..Run: [ccleaner] "C:Program FilesCCleanerccleaner.exe" /AUTO O4 - HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'SYSTEM') O4 - HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk = C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe O9 - Extra button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0scieplugin.dll O16 - DPF: {5D2CF9D0-113A-476B-986F-288B54571614} - http://www.devalvr.com/instalacion/plugin/devalocx.cab O17 - HKLMSystemCCSServicesTcpip..{40A2A403-C3C1-479B-88CD-44F300A4D64C}: NameServer = 194.204.159.1 217.98.63.164 O21 - SSODL: xvideo - {DBAE2CB5-A04F-4D3D-9280-5111C37A2EC3} - C:WINDOWSxvideo.dll O21 - SSODL: sounddrv - {B1747853-872C-4934-BD52-76C23D8A918F} - C:WINDOWSsounddrv.dll O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0avp.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exe O24 - Desktop Component 0: Privacy Protection - file:///C:WINDOWSprivacy_dangerindex.htm -- End of file - 4112 bytes Pomóżcie ...
CatchMe komentarz 23 lipca 2007 komentarz 23 lipca 2007 Zablokuj porty programami WWDC i Seconfig XP Wejdź w tryb awaryjny. Pogrubione pliki kasujesz z dysku a wpisy usuwasz w HijackThis: O2 - BHO: MSVPS System - {85E659D3-E110-4CE7-9D99-416FD61A1720} - C:WINDOWSsoundplugin.dll O16 - DPF: {5D2CF9D0-113A-476B-986F-288B54571614} - http://www.devalvr.com/in...in/devalocx.cab O21 - SSODL: xvideo - {DBAE2CB5-A04F-4D3D-9280-5111C37A2EC3} - C:WINDOWSxvideo.dll O21 - SSODL: sounddrv - {B1747853-872C-4934-BD52-76C23D8A918F} - C:WINDOWSsounddrv.dll O24 - Desktop Component 0: Privacy Protection - file:///C:WINDOWSprivacy_dangerindex.htm - Następnie wklejasz logi z HijackThis i ComboFix.
sm komentarz 23 lipca 2007 Autor komentarz 23 lipca 2007 Ok, dzięki. Trojana już nie ma Wklejam poniżej logi: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:07:25, on 2007-07-23 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Safe mode Running processes: C:WINDOWSSystem32smss.exe C:WINDOWSsystem32winlogon.exe C:WINDOWSsystem32services.exe C:WINDOWSsystem32lsass.exe C:WINDOWSsystem32svchost.exe C:WINDOWSsystem32svchost.exe C:WINDOWSExplorer.EXE C:Program FilesTrend MicroHijackThisHijackThis.exe R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2 R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = Neostrada TP R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:PROGRA~1NEOSTR~1SEARCH~1.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:PROGRA~1SPYBOT~1SDHelper.dll O4 - HKLM..Run: [WooCnxMon] C:PROGRA~1NEOSTR~1CnxMon.exe O4 - HKLM..Run: [speedTouch USB Diagnostics] "C:Program FilesThomsonSpeedTouch USBDragdiag.exe" /icon O4 - HKLM..Run: [WOOWATCH] C:PROGRA~1NEOSTR~1Watch.exe O4 - HKLM..Run: [WOOTASKBARICON] C:PROGRA~1NEOSTR~1TaskbarIcon.exe O4 - HKLM..Run: [AVP] "C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0avp.exe" O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup O4 - HKLM..Run: [nwiz] nwiz.exe /install O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe O4 - HKCU..Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:Program FilesCommon FilesAheadLibNMBgMonitor.exe" O4 - HKCU..Run: [ccleaner] "C:Program FilesCCleanerccleaner.exe" /AUTO O4 - HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'SYSTEM') O4 - HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk = C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe O9 - Extra button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0scieplugin.dll O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0avp.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exe -- End of file - 2868 bytes - 2007-07-23 13:13:37 - ComboFix 07-07-23.6 - Dodatek Service Pack 2 NTFS ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) c:autorun.inf C:DOCUME~1LeipeltUlubione.Error Cleaner.url C:DOCUME~1LeipeltUlubione.Privacy Protector.url C:DOCUME~1LeipeltUlubione.Spyware&Malware Protection.url C:Program FilesAVSystemCare C:Program FilesAVSystemCareDatpv.dat C:Program Filesmyglobalsearch C:Program FilesmyglobalsearchbarHistorysearch C:Program FilesUltimate Cleaner C:WINDOWSautorun.inf C:WINDOWSdat.txt C:WINDOWSrs.txt d:autorun.inf e:autorun.inf f:autorun.inf g:autorun.inf ((((((((((((((((((((((((( Files Created from 2007-06-23 to 2007-07-23 ))))))))))))))))))))))))))))))) 2007-07-23 13:12 51,200 --a------ C:WINDOWSnircmd.exe 2007-07-20 18:02 <DIR> d-------- C:Program FilesTrend Micro 2007-07-20 14:08 <DIR> d-------- C:Program FilesSecurePCCleaner 2007-07-20 13:57 89,088 --a------ C:WINDOWSsystem32atl71.dll 2007-07-20 13:57 24,064 --a------ C:WINDOWSsystem32msxml3a.dll 2007-07-13 17:17 <DIR> d-------- C:Program FilesMP3 Player Utilities 3.74 2007-07-13 17:14 <DIR> d-------- C:Program FilesMP3 Player Utilities 2007-07-12 16:29 <DIR> d-------- C:DOCUME~1ALLUSE~1DANEAP~1Urban FreeStyle Soccer 2007-07-12 00:02 98,304 --a------ C:WINDOWSsystem32CmdLineExt.dll 2007-07-11 13:06 5,248 --a------ C:WINDOWSsystem32driversa347scsi.sys 2007-07-11 13:06 160,640 --a------ C:WINDOWSsystem32driversa347bus.sys 2007-07-11 13:06 <DIR> d-------- C:Program FilesAlcohol Soft 2007-07-10 12:09 <DIR> d-------- C:DOCUME~1LeipeltDANEAP~1uTorrent 2007-07-10 11:49 <DIR> d-------- C:Program FilesTorrent Search 2007-07-08 22:19 86,016 -ra------ C:WINDOWSsystem32nvwrszht.dll 2007-07-08 22:19 86,016 -ra------ C:WINDOWSsystem32nvwrszhc.dll 2007-07-08 22:19 3,383,296 -ra------ C:WINDOWSsystem32nvrsko.dll 2007-07-08 22:19 3,383,296 -ra------ C:WINDOWSsystem32nvrsja.dll 2007-07-08 22:19 262,144 -ra------ C:WINDOWSsystem32nvrsru.dll 2007-07-08 22:19 262,144 -ra------ C:WINDOWSsystem32nvrsptb.dll 2007-07-08 22:19 262,144 -ra------ C:WINDOWSsystem32nvrsnl.dll 2007-07-08 22:19 258,048 -ra------ C:WINDOWSsystem32nvrstr.dll 2007-07-08 22:19 258,048 -ra------ C:WINDOWSsystem32nvrssv.dll 2007-07-08 22:19 253,952 -ra------ C:WINDOWSsystem32nvrssl.dll 2007-07-08 22:19 253,952 -ra------ C:WINDOWSsystem32nvrsno.dll 2007-07-08 22:19 249,856 -ra------ C:WINDOWSsystem32nvrspt.dll 2007-07-08 22:19 245,760 -ra------ C:WINDOWSsystem32nvrssk.dll 2007-07-08 22:19 245,760 -ra------ C:WINDOWSsystem32nvrspl.dll 2007-07-08 22:19 217,088 -ra------ C:WINDOWSsystem32nvrszht.dll 2007-07-08 22:19 217,088 -ra------ C:WINDOWSsystem32nvrszhc.dll 2007-07-08 22:19 176,128 -ra------ C:WINDOWSsystem32nvwrsru.dll 2007-07-08 22:19 176,128 -ra------ C:WINDOWSsystem32nvwrspt.dll 2007-07-08 22:19 172,032 -ra------ C:WINDOWSsystem32nvwrsptb.dll 2007-07-08 22:19 172,032 -ra------ C:WINDOWSsystem32nvwrsit.dll 2007-07-08 22:19 167,936 -ra------ C:WINDOWSsystem32nvwrssk.dll 2007-07-08 22:19 167,936 -ra------ C:WINDOWSsystem32nvwrsnl.dll 2007-07-08 22:19 163,840 -ra------ C:WINDOWSsystem32nvwrstr.dll 2007-07-08 22:19 163,840 -ra------ C:WINDOWSsystem32nvwrspl.dll 2007-07-08 22:19 159,744 -ra------ C:WINDOWSsystem32nvwrssv.dll 2007-07-08 22:19 159,744 -ra------ C:WINDOWSsystem32nvwrsno.dll 2007-07-08 22:19 155,648 -ra------ C:WINDOWSsystem32nvwrssl.dll 2007-07-08 22:19 106,496 -ra------ C:WINDOWSsystem32nvwrsja.dll 2007-07-08 22:19 102,400 -ra------ C:WINDOWSsystem32nvwrsko.dll 2007-07-08 22:18 831,557 -ra------ C:WINDOWSsystem32nview.dll 2007-07-08 22:18 69,632 -ra------ C:WINDOWSsystem32nvsvc32.exe 2007-07-08 22:18 512,000 -ra------ C:WINDOWSsystem32nviewimg.dll 2007-07-08 22:18 49,152 -ra------ C:WINDOWSsystem32nvmctray.dll 2007-07-08 22:18 462,919 -ra------ C:WINDOWSsystem32nvshell.dll 2007-07-08 22:18 4,616,192 -ra------ C:WINDOWSsystem32nvcpl.dll 2007-07-08 22:18 323,584 -ra------ C:WINDOWSsystem32nwiz.exe 2007-07-08 22:18 3,743,744 -ra------ C:WINDOWSsystem32nvoglnt.dll 2007-07-08 22:18 3,399,680 -ra------ C:WINDOWSsystem32nvrsar.dll 2007-07-08 22:18 3,387,392 -ra------ C:WINDOWSsystem32nvrshe.dll 2007-07-08 22:18 286,805 -ra------ C:WINDOWSsystem32keystone.exe 2007-07-08 22:18 282,624 -ra------ C:WINDOWSsystem32nvrsesm.dll 2007-07-08 22:18 266,240 -ra------ C:WINDOWSsystem32nvrsit.dll 2007-07-08 22:18 266,240 -ra------ C:WINDOWSsystem32nvrsfr.dll 2007-07-08 22:18 266,240 -ra------ C:WINDOWSsystem32nvrsde.dll 2007-07-08 22:18 258,048 -ra------ C:WINDOWSsystem32nvrses.dll 2007-07-08 22:18 258,048 -ra------ C:WINDOWSsystem32nvrseng.dll 2007-07-08 22:18 258,048 -ra------ C:WINDOWSsystem32nvrsda.dll 2007-07-08 22:18 249,856 -ra------ C:WINDOWSsystem32nvrsfi.dll 2007-07-08 22:18 249,856 -ra------ C:WINDOWSsystem32nvrsel.dll 2007-07-08 22:18 249,856 -ra------ C:WINDOWSsystem32nvrscs.dll 2007-07-08 22:18 245,760 -ra------ C:WINDOWSsystem32nvrshu.dll 2007-07-08 22:18 184,320 -ra------ C:WINDOWSsystem32nvwrsel.dll 2007-07-08 22:18 176,128 -ra------ C:WINDOWSsystem32nvwrses.dll 2007-07-08 22:18 176,128 -ra------ C:WINDOWSsystem32nvwrsde.dll 2007-07-08 22:18 172,032 -ra------ C:WINDOWSsystem32nvwrsfr.dll 2007-07-08 22:18 167,936 -ra------ C:WINDOWSsystem32nvwrshu.dll 2007-07-08 22:18 163,840 -ra------ C:WINDOWSsystem32nvwrsfi.dll 2007-07-08 22:18 159,744 -ra------ C:WINDOWSsystem32nvwrsda.dll 2007-07-08 22:18 159,744 -ra------ C:WINDOWSsystem32nvwrscs.dll 2007-07-08 22:18 147,456 -ra------ C:WINDOWSsystem32nvwrsesm.dll 2007-07-08 22:18 147,456 -ra------ C:WINDOWSsystem32nvwrseng.dll 2007-07-08 22:18 143,360 -ra------ C:WINDOWSsystem32nvwrsar.dll 2007-07-08 22:18 139,264 -ra------ C:WINDOWSsystem32nvwrshe.dll 2007-07-08 22:18 126,976 -ra------ C:WINDOWSsystem32nvinstnt.dll 2007-07-08 22:18 1,323,008 -ra------ C:WINDOWSsystem32dmcpl.exe 2007-07-08 22:18 <DIR> d-------- C:WINDOWSnview 2007-07-05 13:39 22,016 --a------ C:WINDOWSsystem32driversMSIRCOMM.sys 2007-07-05 13:37 87,424 --a------ C:WINDOWSsystem32driversirda.sys 2007-07-05 13:37 8,192 --a------ C:WINDOWSsystem32wshirda.dll 2007-07-05 13:37 27,648 --a------ C:WINDOWSsystem32irmon.dll 2007-07-05 13:37 27,136 -ra------ C:WINDOWSsystem32driversMA-620.sys 2007-07-05 13:37 19,584 --a------ C:WINDOWSsystem32driversrasirda.sys 2007-07-05 13:37 153,088 --a------ C:WINDOWSsystem32irftp.exe 2007-07-04 18:39 306,688 --a------ C:WINDOWSIsUninst.exe 2007-07-04 14:27 <DIR> d-------- C:Program FilesDevalVR 2007-06-24 14:34 85,376 --a------ C:WINDOWSsystem32driversNABTSFEC.sys 2007-06-24 14:34 5,504 --a------ C:WINDOWSsystem32driversMSTEE.sys 2007-06-24 14:34 19,328 --a------ C:WINDOWSsystem32driversWSTCODEC.SYS 2007-06-24 14:34 17,024 --a------ C:WINDOWSsystem32driversCCDECODE.sys 2007-06-24 14:34 15,360 --a------ C:WINDOWSsystem32driversStreamIP.sys 2007-06-24 14:34 11,136 --a------ C:WINDOWSsystem32driversSLIP.sys 2007-06-24 14:34 10,880 --a------ C:WINDOWSsystem32driversNdisIP.sys 2007-06-24 14:32 54,784 --a------ C:WINDOWSsystem32vfwwdm32.dll 2007-06-24 14:24 <DIR> d-------- C:WINDOWSsystem32ReinstallBackups 2007-06-24 14:01 208,896 --a------ C:WINDOWSsystem32NVUNINST.EXE 2007-06-24 14:01 <DIR> d-------- C:NVIDIA (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-07-23 11:26:50 11,972,384 --sha-w C:WINDOWSsystem32driversfidbox.dat 2007-07-23 11:25:26 298,528 --sha-w C:WINDOWSsystem32driversfidbox2.dat 2007-07-23 11:13:36 49,712 ----a-w C:WINDOWSsystem32perfc015.dat 2007-07-23 11:13:36 355,830 ----a-w C:WINDOWSsystem32perfh015.dat 2007-07-23 11:01:08 34,088 --sha-w C:WINDOWSsystem32driversfidbox2.idx 2007-07-23 11:01:08 177,356 --sha-w C:WINDOWSsystem32driversfidbox.idx 2007-07-22 16:51:43 -------- d-----w C:Program FilesWinamp 2007-07-21 20:36:07 -------- d--h--w C:Program FilesInstallShield Installation Information 2007-07-20 13:16:02 -------- d-----w C:DOCUME~1LeipeltDANEAP~1Skype 2007-07-20 10:46:09 -------- d-----w C:Program Filesivo 2007-07-19 18:11:40 -------- d-----w C:Program FilesGadu-Gadu 2007-06-29 16:55:32 -------- d-----w C:DOCUME~1LeipeltDANEAP~1Ahead 2007-06-26 12:29:42 -------- d-----w C:Program FilesGoogle 2007-06-23 23:04:01 163,644 ----a-w C:WINDOWSsystem32driverssecdrv.sys 2007-06-23 12:07:34 -------- d-----w C:Program FilesCommon FilesInstallShield 2007-06-22 16:54:56 -------- d-----w C:Program FilesMarBit 2007-06-21 05:01:00 545 ----a-w C:WINDOWSUC.PIF 2007-06-21 05:01:00 545 ----a-w C:WINDOWSRAR.PIF 2007-06-21 05:01:00 545 ----a-w C:WINDOWSPKZIP.PIF 2007-06-21 05:01:00 545 ----a-w C:WINDOWSPKUNZIP.PIF 2007-06-21 05:01:00 545 ----a-w C:WINDOWSNOCLOSE.PIF 2007-06-21 05:01:00 545 ----a-w C:WINDOWSLHA.PIF 2007-06-21 05:01:00 545 ----a-w C:WINDOWSARJ.PIF 2007-06-17 22:46:40 -------- d-----w C:DOCUME~1LeipeltDANEAP~1Google 2007-06-16 22:22:25 -------- d-----w C:Program FilesDivX 2007-06-15 12:08:51 -------- d-----w C:DOCUME~1LeipeltDANEAP~1Microsoft Web Folders 2007-06-15 12:07:21 -------- d-----w C:Program Filesmicrosoft frontpage 2007-06-12 10:44:16 -------- d-----w C:Program FilesMessenger 2007-06-11 19:58:31 82,258 ----a-w C:WINDOWSsystem32driversklin.dat 2007-06-11 19:58:31 82,258 ----a-w C:WINDOWSsystem32driversklick.dat 2007-06-11 19:54:57 -------- d-----w C:Program FilesKaspersky Lab 2007-06-11 19:28:11 -------- d-----w C:Program FilesCCleaner 2007-06-11 19:27:40 -------- d-----w C:Program FilesLavasoft 2007-06-11 19:12:01 -------- d-----w C:Program FilesSkype 2007-06-11 17:43:42 -------- d-----w C:Program FilesCommon FilesODBC 2007-06-11 17:43:38 -------- d-----w C:Program FilesCommon FilesSpeechEngines 2007-06-11 17:16:19 -------- d-----w C:Program FilesNeostrada TP 2007-06-11 16:58:22 -------- d-----w C:DOCUME~1LeipeltDANEAP~1Gadu-Gadu 2007-06-11 16:49:50 -------- d-----w C:Program FilesCommon FilesAhead 2007-06-11 16:44:34 -------- d-----w C:Program FilesNero 2007-06-11 16:29:20 -------- d-----w C:Program FilesAlwil Software 2007-06-11 16:26:02 -------- d-----w C:DOCUME~1LeipeltDANEAP~1Help 2007-06-11 16:19:44 -------- d-----w C:Program FilesThomson 2007-06-11 16:11:46 -------- d-----w C:Program FilesCreative 2007-06-11 16:02:42 0 --sha-r C:MSDOS.SYS 2007-06-11 16:02:42 0 --sha-r C:IO.SYS 2007-06-11 16:02:42 0 ----a-w C:CONFIG.SYS 2007-06-11 16:02:42 0 ----a-w C:AUTOEXEC.BAT 2007-06-11 16:00:55 -------- d--h--w C:Program FilesWindowsUpdate 2007-06-11 16:00:51 -------- d-----w C:Program FilesUsługi online 2007-06-11 15:59:42 -------- d-----w C:Program FilesCommon FilesMSSoap 2007-06-11 15:59:30 -------- d-----w C:Program FilesMovie Maker 2007-06-11 15:58:52 21,856 ----a-w C:WINDOWSsystem32emptyregdb.dat 2007-06-11 15:57:27 -------- d-----w C:Program FilesMSN Gaming Zone 2007-06-11 15:57:13 -------- d-----w C:Program FilesWindows NT 2007-05-16 15:18:58 683,520 ----a-w C:WINDOWSsystem32inetcomm.dll 2007-04-25 14:23:30 144,896 ----a-w C:WINDOWSsystem32schannel.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] "WooCnxMon"="C:PROGRA~1NEOSTR~1CnxMon.exe" [2003-10-16 19:07] "SpeedTouch USB Diagnostics"="C:Program FilesThomsonSpeedTouch USBDragdiag.exe" [2004-01-26 11:38] "WOOWATCH"="C:PROGRA~1NEOSTR~1Watch.exe" [2003-10-16 19:07] "WOOTASKBARICON"="C:PROGRA~1NEOSTR~1TaskbarIcon.exe" [2003-10-16 19:07] "AVP"="C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0avp.exe" [2007-03-09 20:50] "nwiz"="nwiz.exe" [2003-05-06 11:03 C:WINDOWSsystem32nwiz.exe] [HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun] "CTFMON.EXE"="C:WINDOWSsystem32ctfmon.exe" [2006-03-02 14:00] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:Program FilesCommon FilesAheadLibNMBgMonitor.exe" [2006-06-01 13:32] "ccleaner"="C:Program FilesCCleanerccleaner.exe" [2006-03-20 15:31] C:Documents and SettingsAll UsersMenu StartProgramyAutostart Adobe Gamma Loader.lnk - C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe [2007-06-23 14:22:35] [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk] path=C:Documents and SettingsAll UsersMenu StartProgramyAutostartMicrosoft Office.lnk backup=C:WINDOWSpssMicrosoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregBearShare] "C:Program FilesBearShareBearShare.exe" /pause [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNeroFilterCheck] C:Program FilesCommon FilesAheadLibNeroCheck.exe R0 a347bus;a347bus;C:WINDOWSsystem32DRIVERSa347bus.sys R0 a347scsi;a347scsi;C:WINDOWSsystem32Driversa347scsi.sys R3 alcan5wn;SpeedTouch USB ADSL PPP Networking Driver (NDISWAN);C:WINDOWSsystem32DRIVERSalcan5wn.sys R3 alcaudsl;SpeedTouch ADSL Modem ATM Transport;C:WINDOWSsystem32DRIVERSalcaudsl.sys S1 ensqio;ensqio;C:WINDOWSsystem32DRIVERSensqio.sys S1 sbpcint4;SB AudioPCI 128;C:WINDOWSsystem32DRIVERSsbpcint4.sys S2 nvtvSND;nVidia WDM TVAudio Crossbar;C:WINDOWSsystem32DRIVERSnvtvsnd.sys S3 MA-620;Mobile Action MA-620 USB Infrared Adapter;C:WINDOWSsystem32DRIVERSMA-620.sys S3 MSIRCOMM;Microsoft IR Communications Driver;C:WINDOWSsystem32DRIVERSMSIRCOMM.sys [HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2C] AutoRuncommand- C:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe [HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2D] AutoRuncommand- C:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe [HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2E] AutoRuncommand- C:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe [HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2F] AutoRuncommand- C:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe [HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2G] AutoRuncommand- C:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe [HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2H] AutoRuncommand- H:MFSetup.exe [HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2M] AutoRuncommand- M:Autorun.EXE ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-07-23 13:26:03 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ...
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.