Bloodin utworzono 17 sierpnia 2007 utworzono 17 sierpnia 2007 Hejka, jeszcze nie sprawdzałem nigdy moich logów, proszę pomóżcie mi to zrobić. Oto one: Logfile of HijackThis v1.99.1Scan saved at 18:34:46, on 2007-08-17Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:WINDOWSSystem32smss.exeC:WINDOWSSYSTEM32winlogon.exeC:WINDOWSsystem32services.exeC:WINDOWSsystem32lsass.exeC:WINDOWSsystem32svchost.exeC:WINDOWSSystem32svchost.exeC:Program FilesAlwil SoftwareAvast4aswUpdSv.exeC:Program FilesAlwil SoftwareAvast4ashServ.exeC:WINDOWSsystem32spoolsv.exeC:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXEC:Program FilesNorton AntiVirusAdvToolsNPROTECT.EXEC:WINDOWSsystem32nvsvc32.exeC:Program FilesAlwil SoftwareAvast4ashMaiSv.exeC:Program FilesAlwil SoftwareAvast4ashWebSv.exeC:WINDOWSExplorer.EXEC:Program FilesCommon FilesRealUpdate_OBrealsched.exeC:PROGRA~1ALWILS~1Avast4ashDisp.exeC:Program FilesJavajre1.6.0_02binjusched.exeC:WINDOWSsystem32ctfmon.exeC:Program FilesCommon FilesAheadLibNMBgMonitor.exeC:Program FilesCommon FilesAheadLibNMIndexStoreSvr.exeC:Program FilesCommon FilesAheadLibNMIndexingService.exeC:Documents and SettingskahPulpitHijackThis.exeR0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.tlen.pl/R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = ŁączaF2 - REG:system.ini: UserInit=C:WINDOWSsystem32userinit.exeO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dllO2 - BHO: (no name) - {19F83402-EC14-09ED-8752-12550B827C31} - (no file)O2 - BHO: (no name) - {1FFD6007-BC16-5CBB-8752-12550B827C31} - (no file)O2 - BHO: Microsoft Configuration - {40205287-E793-41AC-B95C-D8D064BA33CA} - (no file)O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_02binssv.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:program filesgooglegoogletoolbar1.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogletoolbar1.dllO4 - HKLM..Run: [NeroCheck] C:WINDOWSSystem32NeroCheck.exeO4 - HKLM..Run: [TkBellExe] "C:Program FilesCommon FilesRealUpdate_OBrealsched.exe" -osbootO4 - HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exeO4 - HKLM..Run: [nwiz] nwiz.exe /installO4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartupO4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInitO4 - HKLM..Run: [sunJavaUpdateSched] "C:Program FilesJavajre1.6.0_02binjusched.exe"O4 - HKLM..Run: [NeroFilterCheck] C:Program FilesCommon FilesAheadLibNeroCheck.exeO4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exeO4 - HKCU..Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:Program FilesCommon FilesAheadLibNMBgMonitor.exe"O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exeO8 - Extra context menu item: &Google Search - res://C:Program FilesGoogleGoogleToolbar1.dll/cmsearch.htmlO8 - Extra context menu item: Backward &Links - res://C:Program FilesGoogleGoogleToolbar1.dll/cmbacklinks.htmlO8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:Program FilesGoogleGoogleToolbar1.dll/cmcache.htmlO8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000O8 - Extra context menu item: Si&milar Pages - res://C:Program FilesGoogleGoogleToolbar1.dll/cmsimilar.htmlO8 - Extra context menu item: Translate into English - res://C:Program FilesGoogleGoogleToolbar1.dll/cmtrans.htmlO8 - Extra context menu item: Web Rebates - file://C:Program FilesWeb_RebatesSy1150Tp1150scri1150a.htmO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_02binnpjpi160_02.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_02binnpjpi160_02.dllO9 - Extra button: Wyslij SMS'a - {215940F1-E7E0-4801-BEE3-44D045534106} - C:Program FilesCommon Filesmoje.jsO9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLLO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1100023211113O16 - DPF: {738704AD-0A3B-1E07-95EC-7A7A0E3742A8} - http://66.117.37.5/1/rdgPL298.exeO18 - Filter: text/html - (no CLSID) - (no file)O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:Program FilesAlwil SoftwareAvast4aswUpdSv.exeO23 - Service: avast! Antivirus - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashServ.exeO23 - Service: avast! Mail Scanner - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe" /service (file missing)O23 - Service: avast! Web Scanner - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashWebSv.exe" /service (file missing)O23 - Service: hpdj - Unknown owner - C:DOCUME~1kahUSTAWI~1Temphpdj.exe (file missing)O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exeO23 - Service: NBService - Nero AG - C:Program FilesNeroNero 7Nero BackItUpNBService.exeO23 - Service: NMIndexingService - Nero AG - C:Program FilesCommon FilesAheadLibNMIndexingService.exeO23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:Program FilesNorton AntiVirusAdvToolsNPROTECT.EXEO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exe ComboFix 07-08-14.4 - "kah" 2007-08-17 18:36:56.1 - [b]FAT32[/b]x86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.231 [GMT 2:00] * Created a new restore point((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))C:WINDOWShostsC:WINDOWSsystem32wnscpsu.exe((((((((((((((((((((((((( Files Created from 2007-07-17 to 2007-08-17 )))))))))))))))))))))))))))))))2007-08-17 18:34 51,200 --a------ C:WINDOWSnircmd.exe2007-08-17 18:30 <DIR> d-------- C:Program Files7-Zip(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))2007-07-28 00:07 783224 --a------ C:WINDOWSsystem32aswBoot.exe2007-07-28 00:02 94416 --a------ C:WINDOWSsystem32driversaswmon2.sys2007-07-28 00:02 92848 --a------ C:WINDOWSsystem32driversaswmon.sys2007-07-28 00:00 23152 --a------ C:WINDOWSsystem32driversaswRdr.sys2007-07-27 23:59 42912 --a------ C:WINDOWSsystem32driversaswTdi.sys2007-07-27 23:58 26624 --a------ C:WINDOWSsystem32driversaavmker4.sys2007-07-27 23:57 95608 --a------ C:WINDOWSsystem32AVASTSS.scr2007-07-09 21:46 --------- d-------- C:Program FilesMozilla ActiveX Control v1.7.12007-07-09 20:29 --------- d-------- C:DOCUME~1kahDANEAP~1Google2007-07-04 15:15 --------- d-------- C:DOCUME~1kahDANEAP~1Ahead2007-07-04 15:13 --------- d-------- C:Program FilesNero2007-07-04 15:13 --------- d-------- C:Program FilesCommon FilesAhead2007-06-26 16:15 661504 --------- C:WINDOWSsystem32dllcachewininet.dll2007-06-26 15:57 851968 --------- C:WINDOWSsystem32dllcachevgx.dll2007-06-26 08:10 1104896 --a------ C:WINDOWSsystem32msxml3.dll2007-06-26 08:10 1104896 --------- C:WINDOWSsystem32dllcachemsxml3.dll2007-06-19 15:32 282112 --a------ C:WINDOWSsystem32gdi32.dll2007-06-19 15:32 282112 --------- C:WINDOWSsystem32dllcachegdi32.dll2007-06-14 20:11 96768 --------- C:WINDOWSsystem32dllcacheinseng.dll2007-06-14 20:11 616448 --------- C:WINDOWSsystem32dllcacheurlmon.dll2007-06-14 20:11 55808 --------- C:WINDOWSsystem32dllcacheextmgr.dll2007-06-14 20:11 532480 --------- C:WINDOWSsystem32dllcachemstime.dll2007-06-14 20:11 474112 --------- C:WINDOWSsystem32dllcacheshlwapi.dll2007-06-14 20:11 449024 --------- C:WINDOWSsystem32dllcachemshtmled.dll2007-06-14 20:11 39424 --------- C:WINDOWSsystem32dllcachepngfilt.dll2007-06-14 20:11 357888 --------- C:WINDOWSsystem32dllcachedxtmsft.dll2007-06-14 20:11 3079680 --------- C:WINDOWSsystem32dllcachemshtml.dll2007-06-14 20:11 251392 --------- C:WINDOWSsystem32dllcacheiepeers.dll2007-06-14 20:11 205312 --------- C:WINDOWSsystem32dllcachedxtrans.dll2007-06-14 20:11 16384 --------- C:WINDOWSsystem32dllcachejsproxy.dll2007-06-14 20:11 151552 --------- C:WINDOWSsystem32dllcachecdfview.dll2007-06-14 20:11 1494528 --------- C:WINDOWSsystem32dllcacheshdocvw.dll2007-06-14 20:11 146432 --------- C:WINDOWSsystem32dllcachemsrating.dll2007-06-14 20:11 1055744 --------- C:WINDOWSsystem32dllcachedanim.dll2007-06-14 20:11 1023488 --------- C:WINDOWSsystem32dllcachebrowseui.dll2007-06-14 16:07 18432 --------- C:WINDOWSsystem32dllcacheiedw.exe2007-06-13 15:23 1034752 --a------ C:WINDOWSexplorer.exe2007-06-13 15:23 1034752 --------- C:WINDOWSsystem32dllcacheexplorer.exe2007-05-25 22:25 43520 --a------ C:WINDOWSsystem32CmdLineExt03.dll2007-05-17 13:30 549376 --a------ C:WINDOWSsystem32oleaut32.dll2007-05-17 13:30 549376 --------- C:WINDOWSsystem32dllcacheoleaut32.dll2005-11-27 11:10 2351 --ah----- C:Program FilesINSTALL.LOG2005-06-14 17:30 766 --a------ C:Program FilesCommon Filessms.ico2005-06-14 17:30 70 --a------ C:Program FilesCommon Filesmoje.js1998-04-30 14:56 129024 --ah----- C:Program FilesUNWISE.EXE2005-04-16 10:47:16 56 --sh--r C:WINDOWSsystem32F37C598B34.sys((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))*Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE~Browser Helper Objects{19F83402-EC14-09ED-8752-12550B827C31}][HKEY_LOCAL_MACHINE~Browser Helper Objects{1FFD6007-BC16-5CBB-8752-12550B827C31}][HKEY_LOCAL_MACHINE~Browser Helper Objects{40205287-E793-41AC-B95C-D8D064BA33CA}][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]"NeroCheck"="C:WINDOWSSystem32NeroCheck.exe" [2001-07-09 11:50]"TkBellExe"="C:Program FilesCommon FilesRealUpdate_OBrealsched.exe" [2005-07-10 21:17]"avast!"="C:PROGRA~1ALWILS~1Avast4ashDisp.exe" [2007-07-28 00:03]"nwiz"="nwiz.exe" [2006-10-22 12:22 C:WINDOWSsystem32nwiz.exe]"NvCplDaemon"="C:WINDOWSsystem32NvCpl.dll" [2006-10-22 12:22]"NvMediaCenter"="C:WINDOWSsystem32NvMcTray.dll" [2006-10-22 12:22]"SunJavaUpdateSched"="C:Program FilesJavajre1.6.0_02binjusched.exe" [2007-07-12 04:00]"NeroFilterCheck"="C:Program FilesCommon FilesAheadLibNeroCheck.exe" [2006-01-12 15:40][HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]"ctfmon.exe"="C:WINDOWSsystem32ctfmon.exe" [2004-08-04 00:44]"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:Program FilesCommon FilesAheadLibNMBgMonitor.exe" [2006-12-23 18:05][HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionrunonce]"Sysino"=lsess.exe[HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionrun]"Sysino"=lsess.exeC:Documents and SettingsAll UsersMenu StartProgramyAutostartAdobe Reader Speed Launch.lnk - C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe [2005-09-24 07:05:26][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Digimax Viewer 2.1.lnk]path=C:Documents and SettingsAll UsersMenu StartProgramyAutostartDigimax Viewer 2.1.lnkbackup=C:WINDOWSpssDigimax Viewer 2.1.lnkCommon Startup[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupreg.mscdsr]C:WINDOWSsystemlsvchost.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregCloneCDElbyCDFL]"C:Program FilesElaborate BytesCloneCDElbyCheck.exe" /L ElbyCDFL[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregCloneCDTray]"C:Program FilesElaborate BytesCloneCDCloneCDTray.exe"[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregconscorr]C:WINDOWSconscorr.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregDemonStarter]C:Program FilesPWNDefinicjeBinStarter.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregDeviceDiscovery]C:Program FilesHewlett-PackardDigital Imagingbinhpotdd01.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregEitd]C:Documents and SettingskahDane aplikacjidpcc.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregGadu-Gadu]"C:Program FilesGadu-Gadugg.exe" /tray[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregHP Software Update]C:Program FilesHewlett-PackardHP Software UpdateHPWuSchd.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregHPDJ Taskbar Utility]C:WINDOWSSystem32spooldriversw32x863hpztsb08.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregiTunesHelper]"C:Program FilesiTunesiTunesHelper.exe"[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregMSMSGS]"C:Program FilesMessengermsmsgs.exe" /background[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNvMediaCenter]RUNDLL32.EXE C:WINDOWSSystem32NvMcTray.dll,NvTaskbarInit[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregnwiz]nwiz.exe /install[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregobwj]C:WINDOWSobwj.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregornebxvqvxu]C:WINDOWSSystem32gwzmfy.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregQuickTime Task]"C:Program FilesQuickTimeqttask.exe" -atboottime[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregsalm]c:tempsalm.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSoundMan]SOUNDMAN.EXE[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSysino]lsess.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregTkBellExe]"C:Program FilesCommon FilesRealUpdate_OBrealsched.exe" -osboot[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregWebRebates0]"C:Program FilesWeb_RebatesWebRebates0.exe"[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregWinampAgent]C:Program FilesWinampwinampa.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregWindows AdTools]C:Program FilesWindows AdToolsWinAdTools.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregWindows Automatic Updates]dvldr.exeR0 a347bus;a347bus;C:WINDOWSsystem32DRIVERSa347bus.sysR0 a347scsi;a347scsi;C:WINDOWSsystem32Driversa347scsi.sysR3 irsir;Sterownik portu szeregowego podczerwieni Microsoft;C:WINDOWSsystem32DRIVERSirsir.sysS3 ASPI;Advanced SCSI Programming Interface Driver;??C:WINDOWSSystem32DRIVERSASPI32.sysS3 AvFlt;Antivirus Filter Driver;C:WINDOWSsystem32driversav5flt.sysS3 k600bus;Sony Ericsson 600i driver (WDM);C:WINDOWSsystem32DRIVERSk600bus.sysS3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;C:WINDOWSsystem32DRIVERSk600mdfl.sysS3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;C:WINDOWSsystem32DRIVERSk600mdm.sysS3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;C:WINDOWSsystem32DRIVERSk600mgmt.sysS3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;C:WINDOWSsystem32DRIVERSk600obex.sysS3 NPDriver;Norton Unerase Protection Driver;??C:WINDOWSSystem32DriversNPDRIVER.SYSS3 pnicml;pnicml;??C:DOCUME~1kahUSTAWI~1Temppnicml.sys**************************************************************************catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2007-08-17 18:38:04Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPIscanning hidden processes ...scanning hidden autostart entries ...scanning hidden files ...scan completed successfullyhidden files: 0**************************************************************************Completion time: 2007-08-17 18:38:35C:ComboFix-quarantined-files.txt ... 2007-08-17 18:38 --- E O F ---
CatchMe komentarz 17 sierpnia 2007 komentarz 17 sierpnia 2007 Malware: F2 - REG:system.ini: UserInit=C:WINDOWSsystem32userinit.exe O2 - BHO: (no name) - {19F83402-EC14-09ED-8752-12550B827C31} - (no file) O2 - BHO: (no name) - {1FFD6007-BC16-5CBB-8752-12550B827C31} - (no file) O2 - BHO: Microsoft Configuration - {40205287-E793-41AC-B95C-D8D064BA33CA} - (no file) O8 - Extra context menu item: Web Rebates - file://C:Program FilesWeb_RebatesSy1150Tp1150scri1150a.htm O16 - DPF: {738704AD-0A3B-1E07-95EC-7A7A0E3742A8} - http://66.117.37.5/1/rdgPL298.exe O18 - Filter: text/html - (no CLSID) - (no file) [HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionrunonce] "Sysino"=lsess.exe [HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionrun] "Sysino"=lsess.exe [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupreg.mscdsr] C:WINDOWSsystemlsvchost.exe [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregconscorr] C:WINDOWSconscorr.exe [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregobwj] C:WINDOWSobwj.exe [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregornebxvqvxu] C:WINDOWSSystem32gwzmfy.exe [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSysino] lsess.exe Zablokuj porty programami WWDC i Seconfig XP Użyj: SDFix. Po zabiegach wklejasz logi z ComboFix i HijackThis.
Bloodin komentarz 17 sierpnia 2007 Autor komentarz 17 sierpnia 2007 Wszystko zrobione , oto logi: Logfile of HijackThis v1.99.1Scan saved at 20:13:37, on 2007-08-17Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:WINDOWSSystem32smss.exeC:WINDOWSsystem32winlogon.exeC:WINDOWSsystem32services.exeC:WINDOWSsystem32lsass.exeC:WINDOWSsystem32svchost.exeC:WINDOWSSystem32svchost.exeC:Program FilesAlwil SoftwareAvast4aswUpdSv.exeC:Program FilesAlwil SoftwareAvast4ashServ.exeC:WINDOWSExplorer.EXEC:WINDOWSsystem32spoolsv.exeC:Program FilesCommon FilesRealUpdate_OBrealsched.exeC:PROGRA~1ALWILS~1Avast4ashDisp.exeC:Program FilesJavajre1.6.0_02binjusched.exeC:WINDOWSsystem32ctfmon.exeC:Program FilesCommon FilesAheadLibNMBgMonitor.exeC:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXEC:Program FilesNorton AntiVirusAdvToolsNPROTECT.EXEC:WINDOWSsystem32nvsvc32.exeC:Program FilesCommon FilesAheadLibNMIndexStoreSvr.exeC:Program FilesAlwil SoftwareAvast4ashMaiSv.exeC:Program FilesAlwil SoftwareAvast4ashWebSv.exeC:Program FilesCommon FilesAheadLibNMIndexingService.exeC:Documents and SettingskahPulpitHijackThis.exeR0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.tlen.pl/R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = ŁączaO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dllO2 - BHO: (no name) - {19F83402-EC14-09ED-8752-12550B827C31} - (no file)O2 - BHO: (no name) - {1FFD6007-BC16-5CBB-8752-12550B827C31} - (no file)O2 - BHO: Microsoft Configuration - {40205287-E793-41AC-B95C-D8D064BA33CA} - (no file)O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_02binssv.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:program filesgooglegoogletoolbar1.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogletoolbar1.dllO4 - HKLM..Run: [NeroCheck] C:WINDOWSSystem32NeroCheck.exeO4 - HKLM..Run: [TkBellExe] "C:Program FilesCommon FilesRealUpdate_OBrealsched.exe" -osbootO4 - HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exeO4 - HKLM..Run: [nwiz] nwiz.exe /installO4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartupO4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInitO4 - HKLM..Run: [sunJavaUpdateSched] "C:Program FilesJavajre1.6.0_02binjusched.exe"O4 - HKLM..Run: [NeroFilterCheck] C:Program FilesCommon FilesAheadLibNeroCheck.exeO4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exeO4 - HKCU..Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:Program FilesCommon FilesAheadLibNMBgMonitor.exe"O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exeO8 - Extra context menu item: &Google Search - res://C:Program FilesGoogleGoogleToolbar1.dll/cmsearch.htmlO8 - Extra context menu item: Backward &Links - res://C:Program FilesGoogleGoogleToolbar1.dll/cmbacklinks.htmlO8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:Program FilesGoogleGoogleToolbar1.dll/cmcache.htmlO8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000O8 - Extra context menu item: Si&milar Pages - res://C:Program FilesGoogleGoogleToolbar1.dll/cmsimilar.htmlO8 - Extra context menu item: Translate into English - res://C:Program FilesGoogleGoogleToolbar1.dll/cmtrans.htmlO8 - Extra context menu item: Web Rebates - file://C:Program FilesWeb_RebatesSy1150Tp1150scri1150a.htmO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_02binnpjpi160_02.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_02binnpjpi160_02.dllO9 - Extra button: Wyslij SMS'a - {215940F1-E7E0-4801-BEE3-44D045534106} - C:Program FilesCommon Filesmoje.jsO9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLLO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1100023211113O16 - DPF: {738704AD-0A3B-1E07-95EC-7A7A0E3742A8} - http://66.117.37.5/1/rdgPL298.exeO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:Program FilesAlwil SoftwareAvast4aswUpdSv.exeO23 - Service: avast! Antivirus - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashServ.exeO23 - Service: avast! Mail Scanner - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe" /service (file missing)O23 - Service: avast! Web Scanner - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashWebSv.exe" /service (file missing)O23 - Service: hpdj - Unknown owner - C:DOCUME~1kahUSTAWI~1Temphpdj.exe (file missing)O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exeO23 - Service: NBService - Nero AG - C:Program FilesNeroNero 7Nero BackItUpNBService.exeO23 - Service: NMIndexingService - Nero AG - C:Program FilesCommon FilesAheadLibNMIndexingService.exeO23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:Program FilesNorton AntiVirusAdvToolsNPROTECT.EXEO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exe ComboFix 07-08-14.4 - "kah" 2007-08-17 20:14:09.2 - [b]FAT32[/b]x86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.288 [GMT 2:00]((((((((((((((((((((((((( Files Created from 2007-07-17 to 2007-08-17 )))))))))))))))))))))))))))))))2007-08-17 19:54 <DIR> d-------- C:WINDOWSERUNT2007-08-17 18:34 51,200 --a------ C:WINDOWSnircmd.exe2007-08-17 18:30 <DIR> d-------- C:Program Files7-Zip(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))2007-07-28 00:07 783224 --a------ C:WINDOWSsystem32aswBoot.exe2007-07-28 00:02 94416 --a------ C:WINDOWSsystem32driversaswmon2.sys2007-07-28 00:02 92848 --a------ C:WINDOWSsystem32driversaswmon.sys2007-07-28 00:00 23152 --a------ C:WINDOWSsystem32driversaswRdr.sys2007-07-27 23:59 42912 --a------ C:WINDOWSsystem32driversaswTdi.sys2007-07-27 23:58 26624 --a------ C:WINDOWSsystem32driversaavmker4.sys2007-07-27 23:57 95608 --a------ C:WINDOWSsystem32AVASTSS.scr2007-07-09 21:46 --------- d-------- C:Program FilesMozilla ActiveX Control v1.7.12007-07-09 20:29 --------- d-------- C:DOCUME~1kahDANEAP~1Google2007-07-04 15:15 --------- d-------- C:DOCUME~1kahDANEAP~1Ahead2007-07-04 15:13 --------- d-------- C:Program FilesNero2007-07-04 15:13 --------- d-------- C:Program FilesCommon FilesAhead2007-06-26 16:15 661504 --------- C:WINDOWSsystem32dllcachewininet.dll2007-06-26 15:57 851968 --------- C:WINDOWSsystem32dllcachevgx.dll2007-06-26 08:10 1104896 --a------ C:WINDOWSsystem32msxml3.dll2007-06-26 08:10 1104896 --------- C:WINDOWSsystem32dllcachemsxml3.dll2007-06-19 15:32 282112 --a------ C:WINDOWSsystem32gdi32.dll2007-06-19 15:32 282112 --------- C:WINDOWSsystem32dllcachegdi32.dll2007-06-14 20:11 96768 --------- C:WINDOWSsystem32dllcacheinseng.dll2007-06-14 20:11 616448 --------- C:WINDOWSsystem32dllcacheurlmon.dll2007-06-14 20:11 55808 --------- C:WINDOWSsystem32dllcacheextmgr.dll2007-06-14 20:11 532480 --------- C:WINDOWSsystem32dllcachemstime.dll2007-06-14 20:11 474112 --------- C:WINDOWSsystem32dllcacheshlwapi.dll2007-06-14 20:11 449024 --------- C:WINDOWSsystem32dllcachemshtmled.dll2007-06-14 20:11 39424 --------- C:WINDOWSsystem32dllcachepngfilt.dll2007-06-14 20:11 357888 --------- C:WINDOWSsystem32dllcachedxtmsft.dll2007-06-14 20:11 3079680 --------- C:WINDOWSsystem32dllcachemshtml.dll2007-06-14 20:11 251392 --------- C:WINDOWSsystem32dllcacheiepeers.dll2007-06-14 20:11 205312 --------- C:WINDOWSsystem32dllcachedxtrans.dll2007-06-14 20:11 16384 --------- C:WINDOWSsystem32dllcachejsproxy.dll2007-06-14 20:11 151552 --------- C:WINDOWSsystem32dllcachecdfview.dll2007-06-14 20:11 1494528 --------- C:WINDOWSsystem32dllcacheshdocvw.dll2007-06-14 20:11 146432 --------- C:WINDOWSsystem32dllcachemsrating.dll2007-06-14 20:11 1055744 --------- C:WINDOWSsystem32dllcachedanim.dll2007-06-14 20:11 1023488 --------- C:WINDOWSsystem32dllcachebrowseui.dll2007-06-14 16:07 18432 --------- C:WINDOWSsystem32dllcacheiedw.exe2007-06-13 15:23 1034752 --a------ C:WINDOWSexplorer.exe2007-06-13 15:23 1034752 --------- C:WINDOWSsystem32dllcacheexplorer.exe2007-05-25 22:25 43520 --a------ C:WINDOWSsystem32CmdLineExt03.dll2007-05-17 13:30 549376 --a------ C:WINDOWSsystem32oleaut32.dll2007-05-17 13:30 549376 --------- C:WINDOWSsystem32dllcacheoleaut32.dll2005-11-27 11:10 2351 --ah----- C:Program FilesINSTALL.LOG2005-06-14 17:30 766 --a------ C:Program FilesCommon Filessms.ico2005-06-14 17:30 70 --a------ C:Program FilesCommon Filesmoje.js1998-04-30 14:56 129024 --ah----- C:Program FilesUNWISE.EXE2005-04-16 10:47:16 56 --sh--r C:WINDOWSsystem32F37C598B34.sys((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))*Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE~Browser Helper Objects{19F83402-EC14-09ED-8752-12550B827C31}][HKEY_LOCAL_MACHINE~Browser Helper Objects{1FFD6007-BC16-5CBB-8752-12550B827C31}][HKEY_LOCAL_MACHINE~Browser Helper Objects{40205287-E793-41AC-B95C-D8D064BA33CA}][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]"NeroCheck"="C:WINDOWSSystem32NeroCheck.exe" [2001-07-09 11:50]"TkBellExe"="C:Program FilesCommon FilesRealUpdate_OBrealsched.exe" [2005-07-10 21:17]"avast!"="C:PROGRA~1ALWILS~1Avast4ashDisp.exe" [2007-07-28 00:03]"nwiz"="nwiz.exe" [2006-10-22 12:22 C:WINDOWSsystem32nwiz.exe]"NvCplDaemon"="C:WINDOWSsystem32NvCpl.dll" [2006-10-22 12:22]"NvMediaCenter"="C:WINDOWSsystem32NvMcTray.dll" [2006-10-22 12:22]"SunJavaUpdateSched"="C:Program FilesJavajre1.6.0_02binjusched.exe" [2007-07-12 04:00]"NeroFilterCheck"="C:Program FilesCommon FilesAheadLibNeroCheck.exe" [2006-01-12 15:40][HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]"ctfmon.exe"="C:WINDOWSsystem32ctfmon.exe" [2004-08-04 00:44]"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:Program FilesCommon FilesAheadLibNMBgMonitor.exe" [2006-12-23 18:05][HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionrunonce]"Sysino"=lsess.exe[HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionrun]"Sysino"=lsess.exeC:Documents and SettingsAll UsersMenu StartProgramyAutostartAdobe Reader Speed Launch.lnk - C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe [2005-09-24 07:05:26][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Digimax Viewer 2.1.lnk]path=C:Documents and SettingsAll UsersMenu StartProgramyAutostartDigimax Viewer 2.1.lnkbackup=C:WINDOWSpssDigimax Viewer 2.1.lnkCommon Startup[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupreg.mscdsr]C:WINDOWSsystemlsvchost.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregCloneCDElbyCDFL]"C:Program FilesElaborate BytesCloneCDElbyCheck.exe" /L ElbyCDFL[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregCloneCDTray]"C:Program FilesElaborate BytesCloneCDCloneCDTray.exe"[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregconscorr]C:WINDOWSconscorr.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregDemonStarter]C:Program FilesPWNDefinicjeBinStarter.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregDeviceDiscovery]C:Program FilesHewlett-PackardDigital Imagingbinhpotdd01.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregEitd]C:Documents and SettingskahDane aplikacjidpcc.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregGadu-Gadu]"C:Program FilesGadu-Gadugg.exe" /tray[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregHP Software Update]C:Program FilesHewlett-PackardHP Software UpdateHPWuSchd.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregHPDJ Taskbar Utility]C:WINDOWSSystem32spooldriversw32x863hpztsb08.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregiTunesHelper]"C:Program FilesiTunesiTunesHelper.exe"[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregMSMSGS]"C:Program FilesMessengermsmsgs.exe" /background[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNvMediaCenter]RUNDLL32.EXE C:WINDOWSSystem32NvMcTray.dll,NvTaskbarInit[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregnwiz]nwiz.exe /install[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregobwj]C:WINDOWSobwj.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregornebxvqvxu]C:WINDOWSSystem32gwzmfy.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregQuickTime Task]"C:Program FilesQuickTimeqttask.exe" -atboottime[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregsalm]c:tempsalm.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSoundMan]SOUNDMAN.EXE[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSysino]lsess.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregTkBellExe]"C:Program FilesCommon FilesRealUpdate_OBrealsched.exe" -osboot[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregWebRebates0]"C:Program FilesWeb_RebatesWebRebates0.exe"[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregWinampAgent]C:Program FilesWinampwinampa.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregWindows AdTools]C:Program FilesWindows AdToolsWinAdTools.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregWindows Automatic Updates]dvldr.exeR0 a347bus;a347bus;C:WINDOWSsystem32DRIVERSa347bus.sysR0 a347scsi;a347scsi;C:WINDOWSsystem32Driversa347scsi.sysR3 irsir;Sterownik portu szeregowego podczerwieni Microsoft;C:WINDOWSsystem32DRIVERSirsir.sysS3 ASPI;Advanced SCSI Programming Interface Driver;??C:WINDOWSSystem32DRIVERSASPI32.sysS3 AvFlt;Antivirus Filter Driver;C:WINDOWSsystem32driversav5flt.sysS3 k600bus;Sony Ericsson 600i driver (WDM);C:WINDOWSsystem32DRIVERSk600bus.sysS3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;C:WINDOWSsystem32DRIVERSk600mdfl.sysS3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;C:WINDOWSsystem32DRIVERSk600mdm.sysS3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;C:WINDOWSsystem32DRIVERSk600mgmt.sysS3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;C:WINDOWSsystem32DRIVERSk600obex.sysS3 NPDriver;Norton Unerase Protection Driver;??C:WINDOWSSystem32DriversNPDRIVER.SYSS3 pnicml;pnicml;??C:DOCUME~1kahUSTAWI~1Temppnicml.sys**************************************************************************catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2007-08-17 20:15:16Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPIscanning hidden processes ...scanning hidden autostart entries ...scanning hidden files ...scan completed successfullyhidden files: 0**************************************************************************Completion time: 2007-08-17 20:15:47C:ComboFix-quarantined-files.txt ... 2007-08-17 20:15 --- E O F --- SDFix: Version 1.98Run by kah on 2007-08-17 at 19:55Microsoft Windows XP [Wersja 5.1.2600]Running From: C:SDFixSafe Mode:Checking Services: Restoring Windows Registry ValuesRestoring Windows Default Hosts FileRebooting...Normal Mode:Checking Files: No Trojan Files FoundRemoving Temp Files...ADS Check:C:WINDOWSNo streams found. C:WINDOWSsystem32No streams found. C:WINDOWSsystem32svchost.exeNo streams found.C:WINDOWSsystem32ntoskrnl.exeNo streams found. Final Check:Remaining Services:------------------Authorized Application Key Export:[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewllpolicystandardprofileauthorizedapplicationslist][HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewllpolicydomainprofileauthorizedapplicationslist]Remaining Files:---------------Files with Hidden Attributes:C:Program FilesUNWISE.EXEC:System Volume Information_restore{4087BFA7-B6F9-4BE7-A8DC-3B6AE60D85B8}RP1314A0165679.exeC:WINDOWSsystem32F37C598B34.sysC:Documents and SettingskahMoje dokumentyMarzenaDyskietkaKopia~WRL0003.tmpC:Documents and SettingskahMoje dokumentyMarzenaDyskietkaKopia~WRL0002.tmpC:Documents and SettingskahPulpit~WRL0002.tmp Finished Miejmy nadzieję że wszystko gra , ogromne dzięki za pomoc! [ Dodano: 2007-08-17, 20:37 ] I jeszcze takie pytanie, czy TEN Firewall jest dobry?
CatchMe komentarz 17 sierpnia 2007 komentarz 17 sierpnia 2007 Jutro luknę bo teraz muszą uciekać. Poczekaj na mnie cierpliwie do jutra.
Bloodin komentarz 22 sierpnia 2007 Autor komentarz 22 sierpnia 2007 Nie no luzzz zdarza się a możesz mi powiedzieć czy te drugie logi są dobre ? i co z tym firewallem ?
CatchMe komentarz 22 sierpnia 2007 komentarz 22 sierpnia 2007 Teraz tak - wygeneruj nowe logi koniecznie. I jeszcze takie pytanie, czy TEN Firewall jest dobry? - ten firewall nie jest dobry. Jest fatalny, nie radzę go instalować.
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.