kac222 utworzono 29 lipca 2007 utworzono 29 lipca 2007 Witam wszystkich,to mój pierwszy post,proszę o sprawdzenie logów Logfile of HijackThis v1.99.1 Scan saved at 17:14:31, on 2007-07-29 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:WINDOWSSystem32smss.exe C:WINDOWSsystem32winlogon.exe C:WINDOWSsystem32services.exe C:WINDOWSsystem32lsass.exe C:WINDOWSsystem32svchost.exe C:WINDOWSSystem32svchost.exe C:WINDOWSsystem32spoolsv.exe C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe C:Program FilesAlwil SoftwareAvast4ashServ.exe C:Program FilesavmwlanstickWlanNetService.exe C:Program FilesIVT CorporationBlueSoleilBTNtService.exe C:Program FilesCommon FilesLightScribeLSSrvc.exe C:WINDOWSExplorer.EXE C:WINDOWSSystem32svchost.exe C:WINDOWSsystem32MsPMSPSv.exe C:WINDOWSAGRSMMSG.exe C:Program FilesSynapticsSynTPSynTPLpr.exe C:Program FilesSynapticsSynTPSynTPEnh.exe C:PROGRA~1ALWILS~1Avast4ashDisp.exe C:WINDOWSsystem32BtUsrBdg.exe C:Program Filesavmwlanstickwlangui.exe C:Program FilesRestore DesktopRestoreDesktop.exe C:Program FilesGadu-Gadugg.exe C:Program FileseMuleemule.exe C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe C:Program FilesAlwil SoftwareAvast4ashWebSv.exe D:noweWitajWit2000.exe C:Program FilesMozilla Firefoxfirefox.exe C:Program FilesWinRARWinRAR.exe C:DOCUME~1KacperUSTAWI~1TempRar$EX00.063HijackThis.exe R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.pl/ R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = Neostrada TP R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:PROGRA~1NEOSTR~1SEARCH~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_01binssv.dll O4 - HKLM..Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM..Run: [synTPLpr] C:Program FilesSynapticsSynTPSynTPLpr.exe O4 - HKLM..Run: [synTPEnh] C:Program FilesSynapticsSynTPSynTPEnh.exe O4 - HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe O4 - HKLM..Run: [Resume copy] copyfstq.exe /startup O4 - HKLM..Run: [bTUSRBDG] BtUsrBdg.exe O4 - HKLM..Run: [AVMWlanClient] C:Program Filesavmwlanstickwlangui.exe O4 - HKCU..Run: [RestoreDesktop] C:Program FilesRestore DesktopRestoreDesktop.exe O4 - HKCU..Run: [Gadu-Gadu] "C:Program FilesGadu-Gadugg.exe" /tray O4 - HKCU..Run: [WITaj!] D:noweWitajWit2000.exe /ikona O4 - HKCU..Run: [eMuleAutoStart] C:Program FileseMuleemule.exe -AutoStart O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_01binssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_01binssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virussca...can_unicode.cab O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {5A09E43F-A0A7-4ABF-AF80-11367CF1DC8F} (MainControl Class) - http://mks.com.pl/skaner/SkanerOnline.cab O16 - DPF: {5F4D3335-3194-4167-85AE-E7325F2695EF} - http://es6-scripts.dlv4.com/binaries/egacc..._1068_em_XP.cab O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MainControl Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashWebSv.exe" /service (file missing) O23 - Service: AVM WLAN Connection Service - AVM Berlin - C:Program FilesavmwlanstickWlanNetService.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:Program FilesIVT CorporationBlueSoleilBTNtService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:Program FilesCommon FilesLightScribeLSSrvc.exe "Silent Runners.vbs", revision R50, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCUSoftwareMicrosoftWindowsCurrentVersionRun {++} "RestoreDesktop" = "C:Program FilesRestore DesktopRestoreDesktop.exe" ["Kanex Group, Inc."] "Gadu-Gadu" = ""C:Program FilesGadu-Gadugg.exe" /tray" ["Gadu-Gadu S.A."] "WITaj!" = "D:noweWitajWit2000.exe /ikona" ["Haudek"] "eMuleAutoStart" = "C:Program FileseMuleemule.exe -AutoStart" ["http://www.emule-project.net] HKLMSoftwareMicrosoftWindowsCurrentVersionRun {++} "AGRSMMSG" = "AGRSMMSG.exe" ["Agere Systems"] "SynTPLpr" = "C:Program FilesSynapticsSynTPSynTPLpr.exe" ["Synaptics, Inc."] "SynTPEnh" = "C:Program FilesSynapticsSynTPSynTPEnh.exe" ["Synaptics, Inc."] "avast!" = "C:PROGRA~1ALWILS~1Avast4ashDisp.exe" [null data] "Resume copy" = "copyfstq.exe /startup" [null data] "BTUSRBDG" = "BtUsrBdg.exe" ["Extended Systems, Inc."] "AVMWlanClient" = "C:Program Filesavmwlanstickwlangui.exe" ["AVM Berlin"] HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided) -> {HKLM...CLSID} = "SSVHelper Class" InProcServer32(Default) = "C:Program FilesJavajre1.6.0_01binssv.dll" ["Sun Microsystems, Inc."] HKLMSoftwareMicrosoftWindowsCurrentVersionShell ExtensionsApproved "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania" -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania" InProcServer32(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" InProcServer32(Default) = "C:WINDOWSSystem32hticons.dll" ["Hilgraeve, Inc."] "{2F603045-309F-11CF-9774-0020AFD0CFF6}" = "Synaptics Control Panel" -> {HKLM...CLSID} = (no title provided) InProcServer32(Default) = "C:Program FilesSynapticsSynTPSynTPCpl.dll" ["Synaptics, Inc."] "{472083B0-C522-11CF-8763-00608CC02F24}" = "avast" -> {HKLM...CLSID} = "avast" InProcServer32(Default) = "C:Program FilesAlwil SoftwareAvast4ashShell.dll" ["ALWIL Software"] "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu" -> {HKLM...CLSID} = "Portable Media Devices Menu" InProcServer32(Default) = "C:WINDOWSSystem32Audiodev.dll" [MS] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" InProcServer32(Default) = "C:Program FilesWinRARrarext.dll" [null data] "{A4D78B20-6E05-1069-8758-4E73FD83DEAD}" = "QCopy" -> {HKLM...CLSID} = "QCopy" InProcServer32(Default) = "dropcpyr.dll" [null data] "{EF14A54A-4901-4481-8391-3F43FD056479}" = "Restore Desktop Context Menu" -> {HKLM...CLSID} = "RDShellMenu Class" InProcServer32(Default) = "C:Program FilesRestore DesktopRestoreDesktop.dll" ["Ganex Group, Inc."] "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player" -> {HKLM...CLSID} = "RealOne Player Context Menu Class" InProcServer32(Default) = "C:Program FilesRealRealPlayerrpshell.dll" ["RealNetworks, Inc."] HKLMSoftwareClassesFoldershellexColumnHandlers {F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" InProcServer32(Default) = "C:Program FilesAdobeAcrobat 7.0ActiveXPDFShell.dll" ["Adobe Systems, Inc."] HKLMSoftwareClasses*shellexContextMenuHandlers avast(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}" -> {HKLM...CLSID} = "avast" InProcServer32(Default) = "C:Program FilesAlwil SoftwareAvast4ashShell.dll" ["ALWIL Software"] WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" InProcServer32(Default) = "C:Program FilesWinRARrarext.dll" [null data] HKLMSoftwareClassesDirectoryshellexContextMenuHandlers RestoreDesktop(Default) = "{EF14A54A-4901-4481-8391-3F43FD056479}" -> {HKLM...CLSID} = "RDShellMenu Class" InProcServer32(Default) = "C:Program FilesRestore DesktopRestoreDesktop.dll" ["Ganex Group, Inc."] WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" InProcServer32(Default) = "C:Program FilesWinRARrarext.dll" [null data] HKLMSoftwareClassesFoldershellexContextMenuHandlers avast(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}" -> {HKLM...CLSID} = "avast" InProcServer32(Default) = "C:Program FilesAlwil SoftwareAvast4ashShell.dll" ["ALWIL Software"] WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" InProcServer32(Default) = "C:Program FilesWinRARrarext.dll" [null data] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer "NoRecentDocsHistory" = (REG_DWORD) hex:0x00000001 {unrecognized setting} "NoCDBurning" = (REG_DWORD) hex:0x00000001 {unrecognized setting} HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem "DisableRegistryTools" = (REG_DWORD) hex:0x00000000 {User Configuration|Administrative Templates|System| Prevent access to registry editing tools} HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem "shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCUSoftwareMicrosoftInternet ExplorerDesktopGeneral "Wallpaper" = "%APPDATA%IrfanViewIrfanView_Wallpaper.bmp" Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCUControl PanelDesktop "Wallpaper" = "C:Documents and SettingsKacperDane aplikacjiIrfanViewIrfanView_Wallpaper.bmp" Enabled Screen Saver: --------------------- HKCUControl PanelDesktop "SCRNSAVE.EXE" = "C:WINDOWSSystem32ssmypics.scr" [MS] Enabled Scheduled Tasks: ------------------------ "AE2353DA9288C746" -> launches: "c:docume~1kacperdaneap~1atomdo~1Data Inside Obj.exe" [file not found] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLMSystemCurrentControlSetServicesWinsock2ParametersNameSpace_Catalog5Catalog_E tries {++} 000000000001LibraryPath = "%SystemRoot%System32mswsock.dll" [MS] 000000000002LibraryPath = "%SystemRoot%System32winrnr.dll" [MS] 000000000003LibraryPath = "%SystemRoot%System32mswsock.dll" [MS] 000000000004LibraryPath = "%SystemRoot%system32wshbth.dll" [MS] Transport Service Providers HKLMSystemCurrentControlSetServicesWinsock2ParametersProtocol_Catalog9Catalog_En ries {++} 0000000000##PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%system32mswsock.dll [MS], 01 - 03, 06 - 25 %SystemRoot%system32rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Explorer Bars HKLMSoftwareMicrosoftInternet ExplorerExplorer Bars HKLMSoftwareClassesCLSID{01002DB2-8170-4D9B-A8B1-DDC9DD114E03}(Default) = "Volet Wanadoo" Implemented Categories{00021494-0000-0000-C000-000000000046} [horizontal bar] InProcServer32(Default) = "C:PROGRA~1NEOSTR~1audienceaudience.dll" [empty string] HKLMSoftwareClassesCLSID{3BAF4A27-C764-4E1A-A6F4-62F7A7E5E51C}(Default) = "ToolBand Class" Implemented Categories{00021494-0000-0000-C000-000000000046} [horizontal bar] InProcServer32(Default) = "C:PROGRA~1NEOSTR~1audienceaudience.dll" [empty string] HKLMSoftwareClassesCLSID{5BF498C0-931E-4A4F-B33F-456D07137EAA}(Default) = "Volet Wanadoo" Implemented Categories{00021494-0000-0000-C000-000000000046} [horizontal bar] InProcServer32(Default) = "C:PROGRA~1NEOSTR~1audienceaudience.dll" [empty string] Extensions (Tools menu items, main toolbar menu buttons) HKLMSoftwareMicrosoftInternet ExplorerExtensions {08B0E5C0-4FCB-11CF-AAA5-00401C608501} "MenuText" = "Sun Java Console" "CLSIDExtension" = "{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}" -> {HKCU...CLSID} = "Java Plug-in 1.6.0_01" InProcServer32(Default) = "C:Program FilesJavajre1.6.0_01binssv.dll" ["Sun Microsystems, Inc."] -> {HKLM...CLSID} = "Java Plug-in 1.6.0_01" InProcServer32(Default) = "C:Program FilesJavajre1.6.0_01binnpjpi160_01.dll" ["Sun Microsystems, Inc."] {FB5F1910-F110-11D2-BB9E-00C04F795683} "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "C:Program FilesMessengermsmsgs.exe" [MS] Miscellaneous IE Hijack Points ------------------------------ HKCUSoftwareMicrosoftInternet ExplorerURLSearchHooks <<H>> "{08C06D61-F1F3-4799-86F8-BE1A89362C85}" = (no title provided) -> {HKLM...CLSID} = "Search Class" InProcServer32(Default) = "C:PROGRA~1NEOSTR~1SEARCH~1.DLL" [empty string] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ avast! Antivirus, avast! Antivirus, ""C:Program FilesAlwil SoftwareAvast4ashServ.exe"" [null data] avast! iAVS4 Control Service, aswUpdSv, ""C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe"" [null data] avast! Mail Scanner, avast! Mail Scanner, ""C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe" /service" ["ALWIL Software"] avast! Web Scanner, avast! Web Scanner, ""C:Program FilesAlwil SoftwareAvast4ashWebSv.exe" /service" ["ALWIL Software"] AVM WLAN Connection Service, AVM WLAN Connection Service, "C:Program FilesavmwlanstickWlanNetService.exe" ["AVM Berlin"] BlueSoleil Hid Service, BlueSoleil Hid Service, "C:Program FilesIVT CorporationBlueSoleilBTNtService.exe" [null data] Bluetooth Support Service, BthServ, "C:WINDOWSsystem32svchost.exe -k bthsvcs" {"C:WINDOWSSystem32bthserv.dll" [MS]} LightScribeService Direct Disc Labeling Service, LightScribeService, ""C:Program FilesCommon FilesLightScribeLSSrvc.exe"" ["Hewlett-Packard Company"] Windows User Mode Driver Framework, UMWdf, "C:WINDOWSSystem32wdfmgr.exe" [MS] WMDM PMSP Service, WMDM PMSP Service, "C:WINDOWSsystem32MsPMSPSv.exe" [MS] ---------- <<H>>: Suspicious data at a browser hijack point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer "No" at the first message box and "Yes" at the second message box. ---------- (total run time: 45 seconds, including 2 seconds for message boxes) Z góry dziękuję za wszelkie sugestie
CatchMe komentarz 29 lipca 2007 komentarz 29 lipca 2007 Znasz tą aplikację i kontrolkę? C:WINDOWSsystem32BtUsrBdg.exe O16 - DPF: {5F4D3335-3194-4167-85AE-E7325F2695EF} - http://es6-scripts.dlv4.c..._1068_em_XP.cab Wklej log z ComboFix.
kac222 komentarz 29 lipca 2007 Autor komentarz 29 lipca 2007 tą aplikację znam a nie wiem czy dobry log wkleiłem z tego Combo Fix 2006-11-24 00:00 11516 --a------ C:QooboxQuarantineCProgram FilesInstant AccessDialer237338673www.bestofmp3.bizpdvpv01imagesa4.gif.vir2006-11-24 00:00 1152 --a------ C:QooboxQuarantineCProgram FilesInstant AccessDialer237338673es6-scripts.dlv4.comcustom4239ENbutton1.gif.vir2006-11-24 00:00 11958 --a------ C:QooboxQuarantineCProgram FilesInstant AccessDialer237338673es6-external-api.dlv4.comjs14e4490a1eb84644e91eadc62ccb1a01.vir2006-11-24 00:00 1368 --a------ C:QooboxQuarantineCProgram FilesInstant AccessDialer237338673es6-scripts.dlv4.comcustom4239ENbutton4.gif.vir2006-11-24 00:00 1371 --a------ C:QooboxQuarantineCProgram FilesInstant AccessDialer237338673www.bestofmp3.bizpdvpv01images07.jpg.vir2006-11-24 00:00 1513 --a------ C:QooboxQuarantineCProgram FilesInstant AccessDialer237338673www.bestofmp3.bizpdvpv01images14.jpg.vir2006-11-24 00:00 2104 --a------ C:QooboxQuarantineCProgram FilesInstant AccessDialer237338673www.bestofmp3.bizpdvpv01images05.jpg.vir2006-11-24 00:00 2238 --a------ C:QooboxQuarantineCProgram FilesInstant AccessDialer237338673es6-scripts.dlv4.comcustom42394239_dialer.ico.vir2006-11-24 00:00 2339 --a------ C:QooboxQuarantineCProgram FilesInstant AccessDialer237338673www.bestofmp3.bizpdvpv01images16.jpg.vir2006-11-24 00:00 2757 --a------ C:QooboxQuarantineCProgram FilesInstant AccessDialer237338673www.bestofmp3.bizpdvpv01images04.jpg.vir2006-11-24 00:00 3283 --a------ C:QooboxQuarantineCProgram FilesInstant AccessDialer237338673www.bestofmp3.bizpdvpv01images11.jpg.vir2006-11-24 00:00 3306 --a------ C:QooboxQuarantineCProgram FilesInstant AccessDialer237338673www.bestofmp3.bizpdvpv01imagesa3.gif.vir2006-11-24 00:00 3380 --a------ C:QooboxQuarantineCProgram FilesInstant AccessDialer237338673www.bestofmp3.bizpdvpv01images08.jpg.vir2006-11-24 00:00 3503 --a------ C:QooboxQuarantineCProgram FilesInstant AccessDialer237338673www.bestofmp3.bizpdvpv01images10.jpg.vir2006-11-24 00:00 3598 --a------ C:QooboxQuarantineCProgram FilesInstant AccessDialer237338673www.bestofmp3.bizpdvpv01images09.jpg.vir2006-11-24 00:00 42 --a------ C:QooboxQuarantineCProgram FilesInstant AccessDialer237338673www.rapid-pass.nete0e045a14502bfb09f7c22938703e7ca.vir2006-11-24 00:00 4229 --a------ C:QooboxQuarantineCProgram FilesInstant AccessDialer237338673www.bestofmp3.bizpdvpv01images13.jpg.vir2006-11-24 00:00 42449 --a------ C:QooboxQuarantineCProgram FilesInstant AccessDialer237338673www.bestofmp3.bizpdvpv01imagesa1.gif.vir2006-11-24 00:00 4891 --a------ C:QooboxQuarantineCProgram FilesInstant AccessDialer237338673www.bestofmp3.bizpdvpv01images17.jpg.vir2006-11-24 00:00 5370 --a------ C:QooboxQuarantineCProgram FilesInstant AccessDialer237338673www.bestofmp3.bizpdvpv01images01.jpg.vir2006-11-24 00:00 598 --a------ C:QooboxQuarantineCProgram FilesInstant AccessCenterSevenline.upd.vir2006-11-24 00:00 6590 --a------ C:QooboxQuarantineCProgram FilesInstant AccessDialer237338673www.bestofmp3.bizpdvpv01images03.jpg.vir2006-11-24 00:00 667 --a------ C:QooboxQuarantineCProgram FilesInstant AccessDialer237338673es6-scripts.dlv4.comcustom4239ENbutton2.gif.vir2006-11-24 00:00 703 --a------ C:QooboxQuarantineCProgram FilesInstant AccessDialer237338673www.bestofmp3.bizpdvpv01images15.jpg.vir2006-11-24 00:00 711 --a------ C:QooboxQuarantineCProgram FilesInstant AccessDialer237338673www.bestofmp3.bizpdvpv01images02.jpg.vir2006-11-24 00:00 796 --a------ C:QooboxQuarantineCProgram FilesInstant AccessDialer237338673es6-scripts.dlv4.comcustom4239ENbutton3.gif.vir2006-11-24 00:00 8214 --a------ C:QooboxQuarantineCProgram FilesInstant AccessDialer237338673www.bestofmp3.bizpdvpv01imagesa2.gif.vir2006-11-24 00:00 879 --a------ C:QooboxQuarantineCProgram FilesInstant AccessDialer237338673www.bestofmp3.bizpdvpv01images06.jpg.vir2006-11-24 00:00 9043 --a------ C:QooboxQuarantineCProgram FilesInstant AccessDialer237338673www.bestofmp3.bizpdvpv01images12.jpg.vir2006-11-24 00:01 19298 --a------ C:QooboxQuarantineCProgram FilesInstant AccessDialer237338673es6-scripts.dlv4.comCommon949ae5636a4a4d8e483ec5c380b6541c.html.vir2006-11-24 00:01 1987 --a------ C:QooboxQuarantineCProgram FilesInstant AccessCenterIconsSevenline.lnk.vir2006-11-24 00:01 5481 --a------ C:QooboxQuarantineCProgram FilesInstant AccessDialer237338673www.bestofmp3.biz7ba7bdeba4058b9d204ebc9bdc8ee39f.html.vir2006-12-18 09:32 1078 --a------ C:QooboxQuarantineCProgram FilesInstant AccessCentertray1.ico.vir2006-12-18 22:57 1152 --a------ C:QooboxQuarantineCProgram FilesInstant AccessMulti20061123231120mediasbutton1.gif.vir2006-12-18 22:57 11954 --a------ C:QooboxQuarantineCProgram FilesInstant AccessMulti20061123231120jsjs_api_dialer.php.vir2006-12-18 22:57 1368 --a------ C:QooboxQuarantineCProgram FilesInstant AccessMulti20061123231120mediasbutton4.gif.vir2006-12-18 22:57 155947 --a------ C:QooboxQuarantineCProgram FilesInstant AccessMulti20061123231120instant access.exe.vir2006-12-18 22:57 18319 --a------ C:QooboxQuarantineCProgram FilesInstant AccessMulti20061123231120Commonmodule.php.vir2006-12-18 22:57 1895 --a------ C:QooboxQuarantineCProgram FilesInstant AccessDesktopIconsSevenline.lnk.vir2006-12-18 22:57 1965 --a------ C:QooboxQuarantineCProgram FilesInstant AccessCenterSevenline.lnk.vir2006-12-18 22:57 2238 --a------ C:QooboxQuarantineCProgram FilesInstant AccessMulti20061123231120medias4239_dialer.ico.vir2006-12-18 22:57 667 --a------ C:QooboxQuarantineCProgram FilesInstant AccessMulti20061123231120mediasbutton2.gif.vir2006-12-18 22:57 776 --a------ C:QooboxQuarantineCProgram FilesInstant AccessMulti20061123231120dialerexe.ini.vir2006-12-18 22:57 776 --a------ C:QooboxQuarantineCWINDOWSdialerexe.ini.vir2006-12-18 22:57 796 --a------ C:QooboxQuarantineCProgram FilesInstant AccessMulti20061123231120mediasbutton3.gif.vir2006-12-23 20:22 0 --a------ C:QooboxQuarantineCWINDOWSsystem32.exe.vir2007-01-12 22:00 18031 --a------ C:QooboxQuarantineCProgram FilesOuterinfoTerms.rtf.vir2007-03-06 17:59 34494 --a------ C:QooboxQuarantineCProgram FilesOuterinfoouterinfo.ico.vir2007-05-16 21:53 141064 --a------ C:QooboxQuarantineCProgram FilesOuterinfoOiUninstaller.exe.vir2007-07-09 21:44 66824 --a------ C:QooboxQuarantineCProgram FilesOuterinfoOinUninstall.exe.virZmienna PATH folderuNumer seryjny woluminu: 5842-1F60C:QOOBOX---Quarantine +---C | +---Program Files | | +---Instant Access | | | +---Center | | | | | Sevenline.lnk.vir | | | | | Sevenline.upd.vir | | | | | tray1.ico.vir | | | | | | | | | ---Icons | | | | Sevenline.lnk.vir | | | | | | | +---DesktopIcons | | | | Sevenline.lnk.vir | | | | | | | +---Dialer | | | | ---237338673 | | | | +---es6-external-api.dlv4.com | | | | | ---js | | | | | 14e4490a1eb84644e91eadc62ccb1a01.vir | | | | | | | | | +---es6-scripts.dlv4.com | | | | | +---Common | | | | | | 949ae5636a4a4d8e483ec5c380b6541c.html.vir | | | | | | | | | | | ---custom | | | | | ---4239 | | | | | | 4239_dialer.ico.vir | | | | | | | | | | | ---EN | | | | | button1.gif.vir | | | | | button2.gif.vir | | | | | button3.gif.vir | | | | | button4.gif.vir | | | | | | | | | +---www.bestofmp3.biz | | | | | | 7ba7bdeba4058b9d204ebc9bdc8ee39f.html.vir | | | | | | | | | | | ---pdv | | | | | ---pv01 | | | | | ---images | | | | | 01.jpg.vir | | | | | 02.jpg.vir | | | | | 03.jpg.vir | | | | | 04.jpg.vir | | | | | 05.jpg.vir | | | | | 06.jpg.vir | | | | | 07.jpg.vir | | | | | 08.jpg.vir | | | | | 09.jpg.vir | | | | | 10.jpg.vir | | | | | 11.jpg.vir | | | | | 12.jpg.vir | | | | | 13.jpg.vir | | | | | 14.jpg.vir | | | | | 15.jpg.vir | | | | | 16.jpg.vir | | | | | 17.jpg.vir | | | | | a1.gif.vir | | | | | a2.gif.vir | | | | | a3.gif.vir | | | | | a4.gif.vir | | | | | | | | | ---www.rapid-pass.net | | | | e0e045a14502bfb09f7c22938703e7ca.vir | | | | | | | ---Multi | | | ---20061123231120 | | | | dialerexe.ini.vir | | | | instant access.exe.vir | | | | | | | +---Common | | | | module.php.vir | | | | | | | +---js | | | | js_api_dialer.php.vir | | | | | | | ---medias | | | 4239_dialer.ico.vir | | | button1.gif.vir | | | button2.gif.vir | | | button3.gif.vir | | | button4.gif.vir | | | | | ---Outerinfo | | OinUninstall.exe.vir | | OiUninstaller.exe.vir | | outerinfo.ico.vir | | Terms.rtf.vir | | | ---WINDOWS | | dialerexe.ini.vir | | | ---system32 | .exe.vir | ---Registry_backups [ Dodano: 2007-07-29, 22:05 ] chyba to będzie ten log,sorry za pomyłkę ale nie używałem jeszcze tego programu "Kacper" - 2007-07-29 21:59:33 - ComboFix 07-07-23.6 - Dodatek Service Pack 2 NTFS ((((((((((((((((((((((((( Files Created from 2007-06-28 to 2007-07-29 ))))))))))))))))))))))))))))))) 2007-07-29 21:41 51,200 --a------ C:WINDOWSnircmd.exe 2007-07-28 17:14 <DIR> d-------- C:Program Filesilliminable 2007-07-20 20:26 <DIR> d-------- C:Program FilesPlayer Tool 2007-07-20 20:26 <DIR> d-------- C:Program FilesAtomDogSettings 2007-07-20 20:26 <DIR> d-------- C:DOCUME~1ALLUSE~1DANEAP~1soft chic meet great 2007-07-20 20:26 <DIR> d-------- C:DOCUME~1ALLUSE~1DANEAP~1soap thunk lies soft 2007-07-19 18:23 <DIR> d-------- C:Program FilesSony Handheld 2007-07-18 20:47 <DIR> d-------- C:Program FilesSony 2007-07-09 22:21 <DIR> d-------- C:Program FilesAVM_update 2007-07-09 06:05 <DIR> d-------- C:WINDOWSAVM_Driver 2007-07-09 06:05 <DIR> d-------- C:DOCUME~1KacperAVM_Driver 2007-07-08 18:45 <DIR> d-------- C:Program Filesavmwlanstick 2007-07-08 18:44 97,360 --a------ C:WINDOWSsystem32driversFwusb1b.bin 2007-07-08 18:44 74,240 --a------ C:WINDOWSsystem32fwlanci.dll 2007-07-08 18:44 265,088 --a------ C:WINDOWSsystem32driversfwlanusb.sys (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-07-29 19:50:33 -------- d-----w C:Program FileseMule 2007-07-25 15:20:50 -------- d-----w C:DOCUME~1KacperDANEAP~1Skype 2007-07-24 18:10:07 -------- d-----w C:Program FilesSkanerOnline 2007-07-20 18:52:09 -------- d-----w C:Program FilesReal 2007-07-19 20:43:54 -------- d-----w C:Program FilesCommon FilesLightScribe 2007-07-18 19:31:05 -------- d-----w C:Program FilesMozilla Thunderbird 2007-07-18 18:50:19 -------- d-----w C:Program FilesMicrosoft ActiveSync 2007-07-18 18:47:28 -------- d--h--w C:Program FilesInstallShield Installation Information 2007-07-10 12:28:53 65,056 ----a-w C:WINDOWSsystem32perfc015.dat 2007-07-10 12:28:53 383,476 ----a-w C:WINDOWSsystem32perfh015.dat 2007-06-27 17:39:36 -------- d-----w C:DOCUME~1KacperDANEAP~1MSN6 2007-06-22 14:01:16 -------- d-----w C:DOCUME~1KacperDANEAP~1DivX 2007-06-21 20:24:40 8,864 ----a-w C:WINDOWSsystem32driversCDAC15BA.SYS 2007-06-21 20:22:47 -------- d-----w C:Program FilesGrundig 2007-06-20 20:07:07 -------- d-----w C:Program FilesGadu-Gadu 2007-06-20 18:35:34 -------- d-----w C:Program FilesRegCleaner 2007-06-13 18:51:30 -------- d-----w C:Program FilesDivX 2007-06-13 18:41:06 -------- d-----w C:Program FilesIrfanView 2007-06-12 18:23:00 -------- d-----w C:Program FilesNeostrada TP 2007-06-10 18:44:45 -------- d-----w C:Program FilesVAG-COM-PL 2007-05-31 13:55:12 716 ----a-w C:BOWLDA.DAT 2007-05-31 06:45:07 524,288 ----a-w C:WINDOWSsystem32DivXsm.exe 2007-05-31 06:44:55 823,296 ----a-w C:WINDOWSsystem32divx_xx07.dll 2007-05-31 06:44:54 823,296 ----a-w C:WINDOWSsystem32divx_xx0c.dll 2007-05-31 06:44:54 802,816 ----a-w C:WINDOWSsystem32divx_xx11.dll 2007-05-31 06:44:54 740,442 ----a-w C:WINDOWSsystem32DivX.dll 1999-03-11 19:11:06 18,135 ------w C:Program FilesErrcode4.cs_ 1999-03-11 15:50:52 45,227 ------w C:Program FilesVwtool.ex_ 1999-03-11 11:52:02 9,239 ------w C:Program FilesDataview.ex_ 1999-02-02 12:51:52 15,520 ------w C:Program FilesLabels.cs_ 1997-08-08 08:38:54 14,801 ------w C:Program FilesSetup1.ex_ 1997-08-08 08:37:04 51 ------w C:Program FilesSetup.lst 1997-06-25 18:21:30 3,356 ------w C:Program FilesConfigvw.ex_ 1997-05-09 09:56:36 882 ------w C:Program FilesCapture.da_ 1997-05-09 09:04:52 874 ------w C:Program FilesSample.da_ 1997-05-09 08:48:06 65 ------w C:Program FilesVwtool.in_ 1995-04-25 07:37:56 5,885 ------w C:Program FilesHitime1.vb_ 1993-11-01 01:11:00 9,696 ------w C:Program FilesVer.dl_ 1993-11-01 01:11:00 54,547 ------w C:Program FilesCommdlg.dl_ 1993-11-01 01:11:00 23,670 ------w C:Program FilesDdeml.dl_ 1993-05-12 10:21:50 14,788 ------w C:Program FilesMscomm.vb_ 1993-05-11 22:00:00 276,684 ------w C:Program FilesVbrun300.dl_ 1993-04-27 22:00:00 33,649 ------w C:Program FilesThreed.vb_ 1993-04-27 22:00:00 3,657 ------w C:Program FilesSetupkit.dl_ 1993-04-27 22:00:00 10,978 ------w C:Program FilesSpin.vb_ 1993-04-27 22:00:00 10,865 ------w C:Program FilesCmdialog.vb_ 1991-11-29 15:31:00 73,950 ------w C:Program FilesQpro.dl_ ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] "AGRSMMSG"="AGRSMMSG.exe" [2003-11-20 01:41 C:WINDOWSAGRSMMSG.exe] "SynTPLpr"="C:Program FilesSynapticsSynTPSynTPLpr.exe" [2004-10-08 08:44] "SynTPEnh"="C:Program FilesSynapticsSynTPSynTPEnh.exe" [2004-10-08 08:43] "avast!"="C:PROGRA~1ALWILS~1Avast4ashDisp.exe" [2006-09-25 18:42] "Resume copy"="copyfstq.exe" [2006-11-11 22:27 C:WINDOWScopyfstq.exe] "BTUSRBDG"="BtUsrBdg.exe" [2003-11-05 23:21 C:WINDOWSsystem32BtUsrBdg.exe] "AVMWlanClient"="C:Program Filesavmwlanstickwlangui.exe" [2006-12-28 01:02] [HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun] "RestoreDesktop"="C:Program FilesRestore DesktopRestoreDesktop.exe" [2003-03-11 10:52] "Gadu-Gadu"="C:Program FilesGadu-Gadugg.exe" [2006-10-10 17:51] "WITaj!"="D:noweWitajWit2000.exe" [2002-12-30 00:09] "eMuleAutoStart"="C:Program FileseMuleemule.exe" [2007-05-13 16:57] [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem] "SynchronousMachineGroupPolicy"=1 (0x1) "SynchronousUserGroupPolicy"=1 (0x1) [HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer] "NoRecentDocsHistory"=1 (0x1) [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk] path=C:Documents and SettingsAll UsersMenu StartProgramyAutostartAdobe Reader Speed Launch.lnk backup=C:WINDOWSpssAdobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Utility Tray.lnk] path=C:Documents and SettingsAll UsersMenu StartProgramyAutostartUtility Tray.lnk backup=C:WINDOWSpssUtility Tray.lnkCommon Startup [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregRestore Desktop] "C:Program FilesRestore DesktopRestore Desktop.exe" [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSoundMan] SOUNDMAN.EXE [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSpybotSD TeaTimer] C:Program FilesSpybot - Search & DestroyTeaTimer.exe [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregTomTomHOME.exe] "C:Program FilesTomTom HOMETomTomHOME.exe" -s R0 BTHidMgr;Bluetooth HID Manager Service;C:WINDOWSsystem32DriversBTHidMgr.sys R1 NetBT;NetBios przez TCP/IP;C:WINDOWSsystem32DRIVERSnetbt.sys R2 BlueSoleil Hid Service;BlueSoleil Hid Service;C:Program FilesIVT CorporationBlueSoleilBTNtService.exe R2 BthServ;Bluetooth Support Service;C:WINDOWSsystem32svchost.exe -k bthsvcs R2 XPROTECTOR;XPROTECTOR;??C:WINDOWSsystem32driversXPROTECTOR.SYS R3 BlueletAudio;Bluetooth Audio Service;C:WINDOWSsystem32DRIVERSblueletaudio.sys R3 BTCOMM;BTCOMM;C:WINDOWSsystem32driversBtcomm.sys R3 BTHidEnum;Bluetooth HID Enumerator;C:WINDOWSsystem32DRIVERSvbtenum.sys R3 BTKRNBDG;Bluetooth COM Bridge;C:WINDOWSsystem32DRIVERSbtkrnbdg.sys R3 dtscsi;dtscsi;C:WINDOWSsystem32Driversdtscsi.sys R3 FWLANUSB;AVM FRITZ!WLAN;C:WINDOWSsystem32DRIVERSfwlanusb.sys R3 hidusb;Sterownik Microsoft klasy HID;C:WINDOWSsystem32DRIVERShidusb.sys R3 ltck000c;Xircom MPCI Modem 56 Driver;C:WINDOWSsystem32DRIVERSltck000c.sys R3 ROOTMODEM;Microsoft Legacy Modem Driver;C:WINDOWSsystem32DriversRootMdm.sys R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver;C:WINDOWSsystem32DRIVERSRtnicxp.sys R3 SynTP;Synaptics TouchPad Driver;C:WINDOWSsystem32DRIVERSSynTP.sys R3 usbehci;Sterownik Miniport rozszerzonego kontrolera hosta USB 2.0 Microsoft;C:WINDOWSsystem32DRIVERSusbehci.sys R3 usbhub;Koncentrator z obsugĄ USB2;C:WINDOWSsystem32DRIVERSusbhub.sys R3 usbohci;Sterownik Miniport otwartego kontrolera hosta USB Microsoft;C:WINDOWSsystem32DRIVERSusbohci.sys R3 vad_multi;Windigo Virtual Audio Device (WDM);C:WINDOWSsystem32driversvadmulti.sys R3 VComm;Virtual Serial port driver;C:WINDOWSsystem32DRIVERSVComm.sys R3 VcommMgr;Bluetooth VComm Manager Service;C:WINDOWSsystem32DriversVcommMgr.sys S3 alcan5wn;SpeedTouch USB ADSL PPP Networking Driver (NDISWAN);C:WINDOWSsystem32DRIVERSalcan5wn.sys S3 alcaudsl;SpeedTouch ADSL Modem ATM Transport;C:WINDOWSsystem32DRIVERSalcaudsl.sys S3 ASFWHide;ASFWHide;??C:DOCUME~1KacperUSTAWI~1TempASFWHide S3 avmeject;AVM Eject;C:WINDOWSsystem32driversavmeject.sys S3 BT;Bluetooth PAN Network Adapter;C:WINDOWSsystem32DRIVERSbtnetdrv.sys S3 Btcsrusb;Bluetooth USB For Bluetooth Service;C:WINDOWSsystem32Driversbtcusb.sys S3 BthEnum;Sterownik Bluetooth Request Block;C:WINDOWSsystem32DRIVERSBthEnum.sys S3 BTHMODEM;Sterownik Bluetooth Serial Communications;C:WINDOWSsystem32DRIVERSbthmodem.sys S3 BthPan;Bluetooth Device (Personal Area Network);C:WINDOWSsystem32DRIVERSbthpan.sys S3 BTHPORT;Sterownik portu Bluetooth;C:WINDOWSsystem32DriversBTHport.sys S3 BTHUSB;Sterownik USB odbiornika radiowego Bluetooth;C:WINDOWSsystem32DriversBTHUSB.sys S3 BTNetFilter;Bluetooth Network Filter;??C:WINDOWSsystem32driversBTNetFilter.sys S3 CdaC15BA;CdaC15BA;??C:WINDOWSsystem32driversCDAC15BA.SYS S3 CSRBC01;%CSRBC01.SvcDesc%;C:WINDOWSsystem32Driverscsrbc01.sys S3 MSIRCOMM;Microsoft IR Communications Driver;C:WINDOWSsystem32DRIVERSMSIRCOMM.sys S3 NABTSFEC;NABTS/FEC VBI Codec;C:WINDOWSsystem32DRIVERSNABTSFEC.sys S3 PEEK5;PEEK5 Protocol Driver;??C:DOCUME~1KacperUSTAWI~1TempRar$EX05.922LINKSY~1PEEK5.SYS S3 RFCOMM;UrzĄdzenie Bluetooth (Protok˘ TDI RFCOMM);C:WINDOWSsystem32DRIVERSrfcomm.sys S3 SF-620;Kingsun SF-620 USB Infrared Adapter;C:WINDOWSsystem32DRIVERSSF-620.sys S3 SNPSTD3;USB PC Camera (SNPSTD3);C:WINDOWSsystem32DRIVERSsnpstd3.sys S3 TVICHW32;TVICHW32;??C:WINDOWSSystem32DRIVERSTVICHW32.SYS S3 usb2vcom;USB Data Cable;C:WINDOWSsystem32DRIVERSusb2vcom.sys S3 usbaudio;Sterownik audio USB (WDM);C:WINDOWSsystem32driversusbaudio.sys S3 usbccgp;Rodzajowy sterownik nadrz©dny USB Microsoft;C:WINDOWSsystem32DRIVERSusbccgp.sys S3 usbstor;Sterownik magazynu masowego USB;C:WINDOWSsystem32DRIVERSUSBSTOR.SYS S3 wceusbsh;Windows CE USB Serial Host Driver;C:WINDOWSsystem32DRIVERSwceusbsh.sys [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionsvchost] bthsvcs BthServ [HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{fa3 8860-71ce-11db-9338-00115bed1c05}] AutoRuncommand- K:InstallTomTomHOME.exe Contents of the 'Scheduled Tasks' folder 2007-07-29 20:00:00 C:WINDOWStasksAE2353DA9288C746.job ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-07-29 22:00:50 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden registry entries ... [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerMenuOrderFavorit sA151c] "Order"=hex:08,00,00,00,02,00,00,00,b8,01,00,00,01,00,00,00,04,00,00,00,8c,.. [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionShell ExtensionsApproved{D4855B8C-41A1-9C43-BC1C-F40E25A790DB}] "abkneojnliehombaiddjjphgmainccfjik"=hex:61,61,00,00 "bbkneojnliehombaidiimokhjbjgcfpoinmi"=hex:61,61,00,00 scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-07-29 22:01:54 C:ComboFix-quarantined-files.txt ... 2007-07-29 22:01 --- E O F ---
CatchMe komentarz 30 lipca 2007 komentarz 30 lipca 2007 Użyj: http://stopwirusom.pl/index.php?option=com...47&Itemid=4 i zablokuj porty programami WWDC i Seconfig XP. Następnie wklej nowe logi.
kac222 komentarz 30 lipca 2007 Autor komentarz 30 lipca 2007 zablokowałem te porty oto nowe logi Logfile of HijackThis v1.99.1 Scan saved at 22:34:09, on 2007-07-30 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:WINDOWSSystem32smss.exe C:WINDOWSsystem32winlogon.exe C:WINDOWSsystem32services.exe C:WINDOWSsystem32lsass.exe C:WINDOWSsystem32svchost.exe C:WINDOWSSystem32svchost.exe C:WINDOWSsystem32spoolsv.exe C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe C:Program FilesAlwil SoftwareAvast4ashServ.exe C:Program FilesavmwlanstickWlanNetService.exe C:Program FilesIVT CorporationBlueSoleilBTNtService.exe C:WINDOWSExplorer.EXE C:Program FilesCommon FilesLightScribeLSSrvc.exe C:WINDOWSSystem32svchost.exe C:WINDOWSsystem32MsPMSPSv.exe C:WINDOWSAGRSMMSG.exe C:Program FilesSynapticsSynTPSynTPLpr.exe C:Program FilesSynapticsSynTPSynTPEnh.exe C:PROGRA~1ALWILS~1Avast4ashDisp.exe C:WINDOWSsystem32BtUsrBdg.exe C:Program Filesavmwlanstickwlangui.exe C:Program FilesRestore DesktopRestoreDesktop.exe C:Program FilesGadu-Gadugg.exe D:noweWitajWit2000.exe C:Program FileseMuleemule.exe C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe C:Program FilesAlwil SoftwareAvast4ashWebSv.exe C:Program FilesWinRARWinRAR.exe C:DOCUME~1KacperUSTAWI~1TempRar$EX00.016HijackThis.exe R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.pl/ R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:PROGRA~1NEOSTR~1SEARCH~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_01binssv.dll O4 - HKLM..Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM..Run: [synTPLpr] C:Program FilesSynapticsSynTPSynTPLpr.exe O4 - HKLM..Run: [synTPEnh] C:Program FilesSynapticsSynTPSynTPEnh.exe O4 - HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe O4 - HKLM..Run: [Resume copy] copyfstq.exe /startup O4 - HKLM..Run: [bTUSRBDG] BtUsrBdg.exe O4 - HKLM..Run: [AVMWlanClient] C:Program Filesavmwlanstickwlangui.exe O4 - HKCU..Run: [RestoreDesktop] C:Program FilesRestore DesktopRestoreDesktop.exe O4 - HKCU..Run: [Gadu-Gadu] "C:Program FilesGadu-Gadugg.exe" /tray O4 - HKCU..Run: [WITaj!] D:noweWitajWit2000.exe /ikona O4 - HKCU..Run: [eMuleAutoStart] C:Program FileseMuleemule.exe -AutoStart O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_01binssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_01binssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe (file missing) O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virussca...can_unicode.cab O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {5A09E43F-A0A7-4ABF-AF80-11367CF1DC8F} (MainControl Class) - http://mks.com.pl/skaner/SkanerOnline.cab O16 - DPF: {5F4D3335-3194-4167-85AE-E7325F2695EF} - http://es6-scripts.dlv4.com/binaries/egacc..._1068_em_XP.cab O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MainControl Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashWebSv.exe" /service (file missing) O23 - Service: AVM WLAN Connection Service - AVM Berlin - C:Program FilesavmwlanstickWlanNetService.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:Program FilesIVT CorporationBlueSoleilBTNtService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:Program FilesCommon FilesLightScribeLSSrvc.exe "Silent Runners.vbs", revision R50, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCUSoftwareMicrosoftWindowsCurrentVersionRun {++} "RestoreDesktop" = "C:Program FilesRestore DesktopRestoreDesktop.exe" ["Kanex Group, Inc."] "Gadu-Gadu" = ""C:Program FilesGadu-Gadugg.exe" /tray" ["Gadu-Gadu S.A."] "WITaj!" = "D:noweWitajWit2000.exe /ikona" ["Haudek"] "eMuleAutoStart" = "C:Program FileseMuleemule.exe -AutoStart" ["http://www.emule-project.net] HKLMSoftwareMicrosoftWindowsCurrentVersionRun {++} "AGRSMMSG" = "AGRSMMSG.exe" ["Agere Systems"] "SynTPLpr" = "C:Program FilesSynapticsSynTPSynTPLpr.exe" ["Synaptics, Inc."] "SynTPEnh" = "C:Program FilesSynapticsSynTPSynTPEnh.exe" ["Synaptics, Inc."] "avast!" = "C:PROGRA~1ALWILS~1Avast4ashDisp.exe" [null data] "Resume copy" = "copyfstq.exe /startup" [null data] "BTUSRBDG" = "BtUsrBdg.exe" ["Extended Systems, Inc."] "AVMWlanClient" = "C:Program Filesavmwlanstickwlangui.exe" ["AVM Berlin"] HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided) -> {HKLM...CLSID} = "SSVHelper Class" InProcServer32(Default) = "C:Program FilesJavajre1.6.0_01binssv.dll" ["Sun Microsystems, Inc."] HKLMSoftwareMicrosoftWindowsCurrentVersionShell ExtensionsApproved "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania" -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania" InProcServer32(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" InProcServer32(Default) = "C:WINDOWSSystem32hticons.dll" ["Hilgraeve, Inc."] "{2F603045-309F-11CF-9774-0020AFD0CFF6}" = "Synaptics Control Panel" -> {HKLM...CLSID} = (no title provided) InProcServer32(Default) = "C:Program FilesSynapticsSynTPSynTPCpl.dll" ["Synaptics, Inc."] "{472083B0-C522-11CF-8763-00608CC02F24}" = "avast" -> {HKLM...CLSID} = "avast" InProcServer32(Default) = "C:Program FilesAlwil SoftwareAvast4ashShell.dll" ["ALWIL Software"] "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu" -> {HKLM...CLSID} = "Portable Media Devices Menu" InProcServer32(Default) = "C:WINDOWSSystem32Audiodev.dll" [MS] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" InProcServer32(Default) = "C:Program FilesWinRARrarext.dll" [null data] "{A4D78B20-6E05-1069-8758-4E73FD83DEAD}" = "QCopy" -> {HKLM...CLSID} = "QCopy" InProcServer32(Default) = "dropcpyr.dll" [null data] "{EF14A54A-4901-4481-8391-3F43FD056479}" = "Restore Desktop Context Menu" -> {HKLM...CLSID} = "RDShellMenu Class" InProcServer32(Default) = "C:Program FilesRestore DesktopRestoreDesktop.dll" ["Ganex Group, Inc."] "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player" -> {HKLM...CLSID} = "RealOne Player Context Menu Class" InProcServer32(Default) = "C:Program FilesRealRealPlayerrpshell.dll" ["RealNetworks, Inc."] HKLMSoftwareClassesFoldershellexColumnHandlers {F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" InProcServer32(Default) = "C:Program FilesAdobeAcrobat 7.0ActiveXPDFShell.dll" ["Adobe Systems, Inc."] HKLMSoftwareClasses*shellexContextMenuHandlers avast(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}" -> {HKLM...CLSID} = "avast" InProcServer32(Default) = "C:Program FilesAlwil SoftwareAvast4ashShell.dll" ["ALWIL Software"] WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" InProcServer32(Default) = "C:Program FilesWinRARrarext.dll" [null data] HKLMSoftwareClassesDirectoryshellexContextMenuHandlers RestoreDesktop(Default) = "{EF14A54A-4901-4481-8391-3F43FD056479}" -> {HKLM...CLSID} = "RDShellMenu Class" InProcServer32(Default) = "C:Program FilesRestore DesktopRestoreDesktop.dll" ["Ganex Group, Inc."] WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" InProcServer32(Default) = "C:Program FilesWinRARrarext.dll" [null data] HKLMSoftwareClassesFoldershellexContextMenuHandlers avast(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}" -> {HKLM...CLSID} = "avast" InProcServer32(Default) = "C:Program FilesAlwil SoftwareAvast4ashShell.dll" ["ALWIL Software"] WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" InProcServer32(Default) = "C:Program FilesWinRARrarext.dll" [null data] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer "NoRecentDocsHistory" = (REG_DWORD) hex:0x00000001 {unrecognized setting} "NoCDBurning" = (REG_DWORD) hex:0x00000001 {unrecognized setting} HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem "shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} "SynchronousMachineGroupPolicy" = (REG_DWORD) hex:0x00000001 {unrecognized setting} "SynchronousUserGroupPolicy" = (REG_DWORD) hex:0x00000001 {unrecognized setting} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCUSoftwareMicrosoftInternet ExplorerDesktopGeneral "Wallpaper" = "%APPDATA%IrfanViewIrfanView_Wallpaper.bmp" Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCUControl PanelDesktop "Wallpaper" = "C:Documents and SettingsKacperDane aplikacjiIrfanViewIrfanView_Wallpaper.bmp" Enabled Scheduled Tasks: ------------------------ "AE2353DA9288C746" -> launches: "c:docume~1kacperdaneap~1atomdo~1Data Inside Obj.exe" [file not found] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLMSystemCurrentControlSetServicesWinsock2ParametersNameSpace_Catalog5Catalog_E tries {++} 000000000001LibraryPath = "%SystemRoot%System32mswsock.dll" [MS] 000000000002LibraryPath = "%SystemRoot%System32winrnr.dll" [MS] 000000000003LibraryPath = "%SystemRoot%System32mswsock.dll" [MS] 000000000004LibraryPath = "%SystemRoot%system32wshbth.dll" [MS] Transport Service Providers HKLMSystemCurrentControlSetServicesWinsock2ParametersProtocol_Catalog9Catalog_En ries {++} 0000000000##PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%system32mswsock.dll [MS], 01 - 03, 06 - 25 %SystemRoot%system32rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Explorer Bars HKLMSoftwareMicrosoftInternet ExplorerExplorer Bars HKLMSoftwareClassesCLSID{01002DB2-8170-4D9B-A8B1-DDC9DD114E03}(Default) = "Volet Wanadoo" Implemented Categories{00021494-0000-0000-C000-000000000046} [horizontal bar] InProcServer32(Default) = "C:PROGRA~1NEOSTR~1audienceaudience.dll" [empty string] HKLMSoftwareClassesCLSID{3BAF4A27-C764-4E1A-A6F4-62F7A7E5E51C}(Default) = "ToolBand Class" Implemented Categories{00021494-0000-0000-C000-000000000046} [horizontal bar] InProcServer32(Default) = "C:PROGRA~1NEOSTR~1audienceaudience.dll" [empty string] HKLMSoftwareClassesCLSID{5BF498C0-931E-4A4F-B33F-456D07137EAA}(Default) = "Volet Wanadoo" Implemented Categories{00021494-0000-0000-C000-000000000046} [horizontal bar] InProcServer32(Default) = "C:PROGRA~1NEOSTR~1audienceaudience.dll" [empty string] Extensions (Tools menu items, main toolbar menu buttons) HKLMSoftwareMicrosoftInternet ExplorerExtensions {08B0E5C0-4FCB-11CF-AAA5-00401C608501} "MenuText" = "Sun Java Console" "CLSIDExtension" = "{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}" -> {HKCU...CLSID} = "Java Plug-in 1.6.0_01" InProcServer32(Default) = "C:Program FilesJavajre1.6.0_01binssv.dll" ["Sun Microsystems, Inc."] -> {HKLM...CLSID} = "Java Plug-in 1.6.0_01" InProcServer32(Default) = "C:Program FilesJavajre1.6.0_01binnpjpi160_01.dll" ["Sun Microsystems, Inc."] {FB5F1910-F110-11D2-BB9E-00C04F795683} "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "C:Program FilesMessengermsmsgs.exe" [file not found] Miscellaneous IE Hijack Points ------------------------------ HKCUSoftwareMicrosoftInternet ExplorerURLSearchHooks <<H>> "{08C06D61-F1F3-4799-86F8-BE1A89362C85}" = (no title provided) -> {HKLM...CLSID} = "Search Class" InProcServer32(Default) = "C:PROGRA~1NEOSTR~1SEARCH~1.DLL" [empty string] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ avast! Antivirus, avast! Antivirus, ""C:Program FilesAlwil SoftwareAvast4ashServ.exe"" [null data] avast! iAVS4 Control Service, aswUpdSv, ""C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe"" [null data] avast! Mail Scanner, avast! Mail Scanner, ""C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe" /service" ["ALWIL Software"] avast! Web Scanner, avast! Web Scanner, ""C:Program FilesAlwil SoftwareAvast4ashWebSv.exe" /service" ["ALWIL Software"] AVM WLAN Connection Service, AVM WLAN Connection Service, "C:Program FilesavmwlanstickWlanNetService.exe" ["AVM Berlin"] BlueSoleil Hid Service, BlueSoleil Hid Service, "C:Program FilesIVT CorporationBlueSoleilBTNtService.exe" [null data] Bluetooth Support Service, BthServ, "C:WINDOWSsystem32svchost.exe -k bthsvcs" {"C:WINDOWSSystem32bthserv.dll" [MS]} LightScribeService Direct Disc Labeling Service, LightScribeService, ""C:Program FilesCommon FilesLightScribeLSSrvc.exe"" ["Hewlett-Packard Company"] Windows User Mode Driver Framework, UMWdf, "C:WINDOWSSystem32wdfmgr.exe" [MS] WMDM PMSP Service, WMDM PMSP Service, "C:WINDOWSsystem32MsPMSPSv.exe" [MS] ---------- <<H>>: Suspicious data at a browser hijack point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer "No" at the first message box and "Yes" at the second message box. ---------- (total run time: 43 seconds, including 2 seconds for message boxes) "Kacper" - 2007-07-30 22:40:21 - ComboFix 07-07-23.6 - Dodatek Service Pack 2 NTFS ((((((((((((((((((((((((( Files Created from 2007-06-28 to 2007-07-30 ))))))))))))))))))))))))))))))) 2007-07-30 18:15 49,152 --------- C:WINDOWSsystem32INETWH32.dll 2007-07-29 21:41 51,200 --a------ C:WINDOWSnircmd.exe 2007-07-20 20:26 <DIR> d-------- C:Program FilesPlayer Tool 2007-07-20 20:26 <DIR> d-------- C:DOCUME~1ALLUSE~1DANEAP~1soft chic meet great 2007-07-20 20:26 <DIR> d-------- C:DOCUME~1ALLUSE~1DANEAP~1soap thunk lies soft 2007-07-19 18:23 <DIR> d-------- C:Program FilesSony Handheld 2007-07-18 20:47 <DIR> d-------- C:Program FilesSony 2007-07-09 22:21 <DIR> d-------- C:Program FilesAVM_update 2007-07-09 06:05 <DIR> d-------- C:WINDOWSAVM_Driver 2007-07-09 06:05 <DIR> d-------- C:DOCUME~1KacperAVM_Driver 2007-07-08 18:45 <DIR> d-------- C:Program Filesavmwlanstick 2007-07-08 18:44 97,360 --a------ C:WINDOWSsystem32driversFwusb1b.bin 2007-07-08 18:44 74,240 --a------ C:WINDOWSsystem32fwlanci.dll 2007-07-08 18:44 265,088 --a------ C:WINDOWSsystem32driversfwlanusb.sys 2007-06-27 19:39 <DIR> d-------- C:DOCUME~1KacperDANEAP~1MSN6 2007-06-27 19:39 <DIR> d-------- C:DOCUME~1ALLUSE~1DANEAP~1MSN6 2007-06-21 22:24 8,864 --a------ C:WINDOWSsystem32driversCDAC15BA.SYS 2007-06-21 22:24 <DIR> d-------- C:My Music 2007-06-21 22:23 98,304 --a------ C:WINDOWSsystem32spSP4101.dll 2007-06-21 22:23 40,960 --a------ C:WINDOWSsystem32mpwma.dll 2007-06-21 22:23 40,960 --a------ C:WINDOWSsystem32MDMIMDM.dll 2007-06-21 22:23 36,864 --a------ C:WINDOWSsystem32MDBridge.dll 2007-06-21 22:23 32,768 --a------ C:WINDOWSsystem32MDMUser.dll 2007-06-21 22:23 270,848 --a------ C:UNWISE.EXE 2007-06-21 22:23 176,128 --a------ C:WINDOWSsystem32MDCore.dll 2007-06-21 22:23 163,840 --a------ C:WINDOWSsystem32sp4101.dll 2007-06-21 22:23 10,326 --a------ C:WINDOWSsystem32driverssp4101.sys 2007-06-21 22:22 <DIR> d-------- C:Program FilesGrundig 2007-06-21 20:17 <DIR> d--h----- C:WINDOWSPIF 2007-06-20 20:28 <DIR> d-------- C:Program FilesRegCleaner 2007-06-20 18:48 <DIR> d-------- C:Program FilesGadu-Gadu 2007-06-13 20:52 <DIR> d-------- C:DOCUME~1KacperDANEAP~1DivX 2007-06-13 20:51 116,472 --------- C:WINDOWSsystem32pxcpyi64.exe 2007-06-13 20:51 <DIR> d-------- C:Program FilesDivX 2007-06-10 20:28 <DIR> d-------- C:Program FilesVAG-COM-PL (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-07-30 20:28:15 -------- d-----w C:Program FileseMule 2007-07-30 16:15:02 -------- d--h--w C:Program FilesInstallShield Installation Information 2007-07-25 15:20:50 -------- d-----w C:DOCUME~1KacperDANEAP~1Skype 2007-07-24 18:10:07 -------- d-----w C:Program FilesSkanerOnline 2007-07-20 18:52:09 -------- d-----w C:Program FilesReal 2007-07-19 20:43:54 -------- d-----w C:Program FilesCommon FilesLightScribe 2007-07-10 12:28:53 65,056 ----a-w C:WINDOWSsystem32perfc015.dat 2007-07-10 12:28:53 383,476 ----a-w C:WINDOWSsystem32perfh015.dat 2007-06-13 18:41:06 -------- d-----w C:Program FilesIrfanView 2007-06-12 18:23:00 -------- d-----w C:Program FilesNeostrada TP 2007-05-31 13:55:12 716 ----a-w C:BOWLDA.DAT 2007-05-31 06:45:07 524,288 ----a-w C:WINDOWSsystem32DivXsm.exe 2007-05-31 06:44:55 823,296 ----a-w C:WINDOWSsystem32divx_xx07.dll 2007-05-31 06:44:54 823,296 ----a-w C:WINDOWSsystem32divx_xx0c.dll 2007-05-31 06:44:54 802,816 ----a-w C:WINDOWSsystem32divx_xx11.dll 2007-05-31 06:44:54 740,442 ----a-w C:WINDOWSsystem32DivX.dll 1999-03-11 19:11:06 18,135 ------w C:Program FilesErrcode4.cs_ 1999-03-11 11:52:02 9,239 ------w C:Program FilesDataview.ex_ 1999-02-02 12:51:52 15,520 ------w C:Program FilesLabels.cs_ 1997-08-08 08:38:54 14,801 ------w C:Program FilesSetup1.ex_ 1997-08-08 08:37:04 51 ------w C:Program FilesSetup.lst 1997-06-25 18:21:30 3,356 ------w C:Program FilesConfigvw.ex_ 1997-05-09 09:56:36 882 ------w C:Program FilesCapture.da_ 1997-05-09 09:04:52 874 ------w C:Program FilesSample.da_ 1995-04-25 07:37:56 5,885 ------w C:Program FilesHitime1.vb_ 1993-11-01 01:11:00 9,696 ------w C:Program FilesVer.dl_ 1993-11-01 01:11:00 54,547 ------w C:Program FilesCommdlg.dl_ 1993-11-01 01:11:00 23,670 ------w C:Program FilesDdeml.dl_ 1993-05-12 10:21:50 14,788 ------w C:Program FilesMscomm.vb_ 1993-05-11 22:00:00 276,684 ------w C:Program FilesVbrun300.dl_ 1993-04-27 22:00:00 33,649 ------w C:Program FilesThreed.vb_ 1993-04-27 22:00:00 3,657 ------w C:Program FilesSetupkit.dl_ 1993-04-27 22:00:00 10,978 ------w C:Program FilesSpin.vb_ 1993-04-27 22:00:00 10,865 ------w C:Program FilesCmdialog.vb_ 1991-11-29 15:31:00 73,950 ------w C:Program FilesQpro.dl_ ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] "AGRSMMSG"="AGRSMMSG.exe" [2003-11-20 01:41 C:WINDOWSAGRSMMSG.exe] "SynTPLpr"="C:Program FilesSynapticsSynTPSynTPLpr.exe" [2004-10-08 08:44] "SynTPEnh"="C:Program FilesSynapticsSynTPSynTPEnh.exe" [2004-10-08 08:43] "avast!"="C:PROGRA~1ALWILS~1Avast4ashDisp.exe" [2006-09-25 18:42] "Resume copy"="copyfstq.exe" [2006-11-11 22:27 C:WINDOWScopyfstq.exe] "BTUSRBDG"="BtUsrBdg.exe" [2003-11-05 23:21 C:WINDOWSsystem32BtUsrBdg.exe] "AVMWlanClient"="C:Program Filesavmwlanstickwlangui.exe" [2006-12-28 01:02] [HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun] "RestoreDesktop"="C:Program FilesRestore DesktopRestoreDesktop.exe" [2003-03-11 10:52] "Gadu-Gadu"="C:Program FilesGadu-Gadugg.exe" [2006-10-10 17:51] "WITaj!"="D:noweWitajWit2000.exe" [2002-12-30 00:09] "eMuleAutoStart"="C:Program FileseMuleemule.exe" [2007-05-13 16:57] [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem] "SynchronousMachineGroupPolicy"=1 (0x1) "SynchronousUserGroupPolicy"=1 (0x1) [HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer] "NoRecentDocsHistory"=1 (0x1) [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk] path=C:Documents and SettingsAll UsersMenu StartProgramyAutostartAdobe Reader Speed Launch.lnk backup=C:WINDOWSpssAdobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Utility Tray.lnk] path=C:Documents and SettingsAll UsersMenu StartProgramyAutostartUtility Tray.lnk backup=C:WINDOWSpssUtility Tray.lnkCommon Startup [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregRestore Desktop] "C:Program FilesRestore DesktopRestore Desktop.exe" [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSoundMan] SOUNDMAN.EXE [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSpybotSD TeaTimer] C:Program FilesSpybot - Search & DestroyTeaTimer.exe [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregTomTomHOME.exe] "C:Program FilesTomTom HOMETomTomHOME.exe" -s R0 BTHidMgr;Bluetooth HID Manager Service;C:WINDOWSsystem32DriversBTHidMgr.sys R1 NetBT;NetBios przez TCP/IP;C:WINDOWSsystem32DRIVERSnetbt.sys R2 BlueSoleil Hid Service;BlueSoleil Hid Service;C:Program FilesIVT CorporationBlueSoleilBTNtService.exe R2 BthServ;Bluetooth Support Service;C:WINDOWSsystem32svchost.exe -k bthsvcs R2 XPROTECTOR;XPROTECTOR;??C:WINDOWSsystem32driversXPROTECTOR.SYS R3 BlueletAudio;Bluetooth Audio Service;C:WINDOWSsystem32DRIVERSblueletaudio.sys R3 BTCOMM;BTCOMM;C:WINDOWSsystem32driversBtcomm.sys R3 BTHidEnum;Bluetooth HID Enumerator;C:WINDOWSsystem32DRIVERSvbtenum.sys R3 BTKRNBDG;Bluetooth COM Bridge;C:WINDOWSsystem32DRIVERSbtkrnbdg.sys R3 dtscsi;dtscsi;C:WINDOWSsystem32Driversdtscsi.sys R3 FWLANUSB;AVM FRITZ!WLAN;C:WINDOWSsystem32DRIVERSfwlanusb.sys R3 hidusb;Sterownik Microsoft klasy HID;C:WINDOWSsystem32DRIVERShidusb.sys R3 ltck000c;Xircom MPCI Modem 56 Driver;C:WINDOWSsystem32DRIVERSltck000c.sys R3 ROOTMODEM;Microsoft Legacy Modem Driver;C:WINDOWSsystem32DriversRootMdm.sys R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver;C:WINDOWSsystem32DRIVERSRtnicxp.sys R3 SynTP;Synaptics TouchPad Driver;C:WINDOWSsystem32DRIVERSSynTP.sys R3 usbehci;Sterownik Miniport rozszerzonego kontrolera hosta USB 2.0 Microsoft;C:WINDOWSsystem32DRIVERSusbehci.sys R3 usbhub;Koncentrator z obsugĄ USB2;C:WINDOWSsystem32DRIVERSusbhub.sys R3 usbohci;Sterownik Miniport otwartego kontrolera hosta USB Microsoft;C:WINDOWSsystem32DRIVERSusbohci.sys R3 vad_multi;Windigo Virtual Audio Device (WDM);C:WINDOWSsystem32driversvadmulti.sys R3 VComm;Virtual Serial port driver;C:WINDOWSsystem32DRIVERSVComm.sys R3 VcommMgr;Bluetooth VComm Manager Service;C:WINDOWSsystem32DriversVcommMgr.sys S3 alcan5wn;SpeedTouch USB ADSL PPP Networking Driver (NDISWAN);C:WINDOWSsystem32DRIVERSalcan5wn.sys S3 alcaudsl;SpeedTouch ADSL Modem ATM Transport;C:WINDOWSsystem32DRIVERSalcaudsl.sys S3 ASFWHide;ASFWHide;??C:DOCUME~1KacperUSTAWI~1TempASFWHide S3 avmeject;AVM Eject;C:WINDOWSsystem32driversavmeject.sys S3 BT;Bluetooth PAN Network Adapter;C:WINDOWSsystem32DRIVERSbtnetdrv.sys S3 Btcsrusb;Bluetooth USB For Bluetooth Service;C:WINDOWSsystem32Driversbtcusb.sys S3 BthEnum;Sterownik Bluetooth Request Block;C:WINDOWSsystem32DRIVERSBthEnum.sys S3 BTHMODEM;Sterownik Bluetooth Serial Communications;C:WINDOWSsystem32DRIVERSbthmodem.sys S3 BthPan;Bluetooth Device (Personal Area Network);C:WINDOWSsystem32DRIVERSbthpan.sys S3 BTHPORT;Sterownik portu Bluetooth;C:WINDOWSsystem32DriversBTHport.sys S3 BTHUSB;Sterownik USB odbiornika radiowego Bluetooth;C:WINDOWSsystem32DriversBTHUSB.sys S3 BTNetFilter;Bluetooth Network Filter;??C:WINDOWSsystem32driversBTNetFilter.sys S3 CdaC15BA;CdaC15BA;??C:WINDOWSsystem32driversCDAC15BA.SYS S3 CSRBC01;%CSRBC01.SvcDesc%;C:WINDOWSsystem32Driverscsrbc01.sys S3 MSIRCOMM;Microsoft IR Communications Driver;C:WINDOWSsystem32DRIVERSMSIRCOMM.sys S3 NABTSFEC;NABTS/FEC VBI Codec;C:WINDOWSsystem32DRIVERSNABTSFEC.sys S3 PEEK5;PEEK5 Protocol Driver;??C:DOCUME~1KacperUSTAWI~1TempRar$EX05.922LINKSY~1PEEK5.SYS S3 RFCOMM;UrzĄdzenie Bluetooth (Protok˘ TDI RFCOMM);C:WINDOWSsystem32DRIVERSrfcomm.sys S3 SF-620;Kingsun SF-620 USB Infrared Adapter;C:WINDOWSsystem32DRIVERSSF-620.sys S3 SNPSTD3;USB PC Camera (SNPSTD3);C:WINDOWSsystem32DRIVERSsnpstd3.sys S3 TVICHW32;TVICHW32;??C:WINDOWSSystem32DRIVERSTVICHW32.SYS S3 usb2vcom;USB Data Cable;C:WINDOWSsystem32DRIVERSusb2vcom.sys S3 usbaudio;Sterownik audio USB (WDM);C:WINDOWSsystem32driversusbaudio.sys S3 usbccgp;Rodzajowy sterownik nadrz©dny USB Microsoft;C:WINDOWSsystem32DRIVERSusbccgp.sys S3 usbstor;Sterownik magazynu masowego USB;C:WINDOWSsystem32DRIVERSUSBSTOR.SYS S3 wceusbsh;Windows CE USB Serial Host Driver;C:WINDOWSsystem32DRIVERSwceusbsh.sys [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionsvchost] bthsvcs BthServ [HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{fa3 8860-71ce-11db-9338-00115bed1c05}] AutoRuncommand- K:InstallTomTomHOME.exe Contents of the 'Scheduled Tasks' folder 2007-07-30 20:00:00 C:WINDOWStasksAE2353DA9288C746.job ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-07-30 22:41:51 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden registry entries ... [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerMenuOrderFavorit sA151c] "Order"=hex:08,00,00,00,02,00,00,00,b8,01,00,00,01,00,00,00,04,00,00,00,8c,.. [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionShell ExtensionsApproved{D4855B8C-41A1-9C43-BC1C-F40E25A790DB}] "abkneojnliehombaiddjjphgmainccfjik"=hex:61,61,00,00 "bbkneojnliehombaidiimokhjbjgcfpoinmi"=hex:61,61,00,00 scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-07-30 22:42:54 C:ComboFix-quarantined-files.txt ... 2007-07-30 22:42 C:ComboFix2.txt ... 2007-07-29 22:01 --- E O F ---
CatchMe komentarz 1 sierpnia 2007 komentarz 1 sierpnia 2007 Panel sterowania >>> Harmonogram zadań >>> skasować te "zadania". 2007-07-30 20:00:00 C:WINDOWStasksAE2353DA9288C746.job Jest Adware Lop: "AE2353DA9288C746" -> launches: "c:docume~1kacperdaneap~1atomdo~1Data Inside Obj.exe" [file not found] 2007-07-20 20:26 <DIR> d-------- C:DOCUME~1ALLUSE~1DANEAP~1soft chic meet great 2007-07-20 20:26 <DIR> d-------- C:DOCUME~1ALLUSE~1DANEAP~1soap thunk lies soft Zastosuj instrukcję usuwania z tego artykułu: http://es6-scripts.dlv4.c..._1068_em_XP.cab Użyj: http://stopwirusom.pl/index.php?option=com...7&Itemid=26 Pobierz i uruchom narzędzie: http://www.gdata.pl/kmdownload/download.ph...getit&id=60 C:Program FilesErrcode4.cs_1999-03-11 11:52:02 9,239 ------w C:Program FilesDataview.ex_ 1999-02-02 12:51:52 15,520 ------w C:Program FilesLabels.cs_ 1997-08-08 08:38:54 14,801 ------w C:Program FilesSetup1.ex_ 1997-08-08 08:37:04 51 ------w C:Program FilesSetup.lst 1997-06-25 18:21:30 3,356 ------w C:Program FilesConfigvw.ex_ 1997-05-09 09:56:36 882 ------w C:Program FilesCapture.da_ 1997-05-09 09:04:52 874 ------w C:Program FilesSample.da_ 1995-04-25 07:37:56 5,885 ------w C:Program FilesHitime1.vb_ 1993-11-01 01:11:00 9,696 ------w C:Program FilesVer.dl_ 1993-11-01 01:11:00 54,547 ------w C:Program FilesCommdlg.dl_ 1993-11-01 01:11:00 23,670 ------w C:Program FilesDdeml.dl_ 1993-05-12 10:21:50 14,788 ------w C:Program FilesMscomm.vb_ 1993-05-11 22:00:00 276,684 ------w C:Program FilesVbrun300.dl_ 1993-04-27 22:00:00 33,649 ------w C:Program FilesThreed.vb_ 1993-04-27 22:00:00 3,657 ------w C:Program FilesSetupkit.dl_ 1993-04-27 22:00:00 10,978 ------w C:Program FilesSpin.vb_ 1993-04-27 22:00:00 10,865 ------w C:Program FilesCmdialog.vb_ 1991-11-29 15:31:00 73,950 ------w C:Program FilesQpro.dl_ Pliki skanujesz na www.virustotal.com i wklejasz raporty: C:WINDOWSsystem32INETWH32.dll C:UNWISE.EXE - Następnie wklejasz nowe logi z HijackThis i ComboFix.
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.