x-kom hosting

Your privacy is in danger - jak to wywalić?

wito1
utworzono
utworzono

Wiem że był taki temat i to na nie jednym forum ale zauważyłem że tam gdzie pomagali ludzie komu innemu w tym samym problemie to mi to nie bardzo pomagało. Mianowicie moje logi się różniły od tamtych i np nie miałem takich wpisów jak inni które trzeba było usunąć. Dlatego pisze nowy temat. Zamieszczam tu logi z HJthis, Combofix.

HJTHISLogfile of Trend Micro HijackThis v2.0.2Scan saved at 11:31:56, on 2008-02-07Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5730.0011)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\Program Files\Java\jre1.5.0_02\bin\jusched.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\DAEMON Tools\daemon.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\SOUNDMAN.EXEC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Gadu-Gadu\gg.exeC:\Program Files\Skype\Phone\Skype.exeC:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exeC:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exeC:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exeC:\Program Files\Skype\Plugin Manager\skypePM.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Alwil Software\Avast4\ashMaiSv.exeC:\Program Files\Alwil Software\Avast4\ashWebSv.exeC:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exeC:\WINDOWS\system32\wscntfy.exeC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\Program Files\Opera\Opera.exeC:\Program Files\MoorHunt\MoorHunt.exeC:\Documents and Settings\Wito\Pulpit\HijackThis.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ŁączaO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLLO2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dllO3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLLO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dllO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exeO4 - HKLM\..\Run: [Nulware] C:\WINDOWS\System32\nulware.exeO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXEO4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -kO4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /trayO4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimizedO4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exeO4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exeO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: hp psc 1000 series.lnk = ?O4 - Global Startup: hpoddt01.exe.lnk = ?O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htmO8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htmO8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htmO8 - Extra context menu item: Pobierz z &BitSpirit - C:\Program Files\BitSpirit\bsurl.htmO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dllO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO21 - SSODL: afxlspw - {ACAA283B-802F-4E25-BDF4-52BC8DAA3915} - C:\WINDOWS\afxlspw.dllO23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exeO23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm--End of file - 7153 bytes
CombofixComboFix 08-02.05.3 - Wito 2008-02-07 11:49:12.3 - NTFSx86Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.1408 [GMT 1:00]Running from: C:\Documents and Settings\Wito\Moje dokumenty\My Completed Downloads\ComboFix.exe[b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b].(((((((((((((((((((((((((((((((((((((((   Other Deletions   ))))))))))))))))))))))))))))))))))))))))))))))))).C:\Documents and Settings\All Users\Dane aplikacji\Microsoft\Network\Downloader\qmgr0.datC:\Documents and Settings\All Users\Dane aplikacji\Microsoft\Network\Downloader\qmgr1.datC:\WINDOWS\privacy_dangerC:\WINDOWS\privacy_danger\images\capt.gifC:\WINDOWS\privacy_danger\images\danger.jpgC:\WINDOWS\privacy_danger\images\down.gifC:\WINDOWS\privacy_danger\images\spacer.gifC:\WINDOWS\privacy_danger\index.htm----- BITS: Possible infected sites -----hxxp://softworldnetwork.com.(((((((((((((((((((((((((   Files Created from 2008-01-07 to 2008-02-07  ))))))))))))))))))))))))))))))).2008-02-06 10:47 . 2008-02-06 10:47	<DIR>	d--------	C:\Program Files\Spybot - Search & Destroy2008-02-06 10:47 . 2008-02-06 11:48	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy2008-02-05 22:29 . 2004-08-04 00:44	395,776	--a------	C:\kmd.exe2008-02-05 15:52 . 2008-02-05 15:52	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\nView_Profiles2008-02-05 14:09 . 2008-02-05 14:09	<DIR>	d--h-----	C:\WINDOWS\system32\GroupPolicy2008-02-05 14:02 . 2008-02-05 14:02	54,156	--ah-----	C:\WINDOWS\QTFont.qfn2008-02-05 14:02 . 2008-02-05 14:02	1,409	--a------	C:\WINDOWS\QTFont.for2008-02-04 23:51 . 2008-02-04 17:39	217,088	--a------	C:\WINDOWS\afxlspw.dll2008-02-04 23:51 . 2008-02-04 17:39	98,304	--a------	C:\WINDOWS\frplprg.exe2008-02-02 14:34 . 2008-02-07 09:14	<DIR>	d-a------	C:\Documents and Settings\All Users\Dane aplikacji\TEMP2008-02-02 14:33 . 2008-02-02 14:34	<DIR>	d--------	C:\Program Files\Google2008-02-02 14:33 . 2008-02-02 14:36	<DIR>	d--------	C:\Program Files\DAP2008-02-02 14:33 . 2008-02-02 14:33	479,298	--a------	C:\WINDOWS\system32\wbocx.ocx2008-02-02 14:33 . 2008-02-02 14:33	172,032	--a------	C:\WINDOWS\system32\AniGIF.ocx2008-02-02 14:33 . 2008-02-02 14:33	50,688	--a------	C:\WINDOWS\system32\wbhelp2.dll2008-02-01 22:23 . 2008-02-01 22:23	<DIR>	d--------	C:\Program Files\Common Files\Blizzard Entertainment2008-01-27 19:28 . 2008-01-27 19:28	<DIR>	d--------	C:\WINDOWS\system32\XPSViewer2008-01-27 19:28 . 2008-01-27 19:28	<DIR>	d--------	C:\Program Files\Reference Assemblies2008-01-27 19:28 . 2008-01-27 19:28	<DIR>	d--------	C:\Program Files\MSBuild2008-01-27 19:27 . 2006-06-29 13:07	14,048	---------	C:\WINDOWS\system32\spmsg2.dll2008-01-27 19:25 . 2008-01-27 19:25	<DIR>	d--------	C:\Program Files\MSXML 6.02008-01-27 18:22 . 2008-01-27 18:23	<DIR>	d--------	C:\Program Files\MoorHunt2008-01-24 17:29 . 2008-01-25 18:03	<DIR>	d--------	C:\Documents and Settings\Wito\dwhelper2008-01-24 13:46 . 2004-08-04 00:44	159,232	--a------	C:\WINDOWS\system32\ptpusd.dll2008-01-24 13:46 . 2001-10-26 17:29	5,632	--a------	C:\WINDOWS\system32\ptpusb.dll2008-01-20 21:26 . 2008-01-29 18:36	<DIR>	d--------	C:\WINDOWS\avs2008-01-18 18:02 . 2008-01-18 18:11	<DIR>	d--------	C:\Program Files\aws2008-01-17 21:58 . 2008-01-18 17:48	<DIR>	d--------	C:\Program Files\Mayoko2008-01-16 09:33 . 2007-11-14 16:46	7,677,746	--a------	C:\WINDOWS\system\xlive.dll2008-01-12 16:19 . 2008-01-12 16:19	<DIR>	d--------	C:\WINDOWS\system32\Lang2008-01-12 16:19 . 2008-01-12 16:19	940,794	--a------	C:\WINDOWS\system32\LoopyMusic.wav2008-01-12 16:19 . 2008-01-12 16:19	146,650	--a------	C:\WINDOWS\system32\BuzzingBee.wav2008-01-12 16:19 . 2008-01-19 22:13	60,416	--a------	C:\WINDOWS\ALCFDRTM.VER2008-01-12 16:19 . 2008-01-12 16:19	60,416	--a------	C:\WINDOWS\ALCFDRTM.EXE2008-01-12 16:18 . 2008-01-12 16:18	<DIR>	d--------	C:\Program Files\Realtek AC972008-01-12 16:18 . 2005-07-15 09:48	40,960	-r-------	C:\WINDOWS\system32\ChCfg.exe2008-01-12 14:14 . 2008-01-12 14:14	<DIR>	d--------	C:\Documents and Settings\Wito\Dane aplikacji\InstallShield Installation Information2008-01-12 14:06 . 2008-01-12 14:06	<DIR>	d--------	C:\WINDOWS\system32\AGEIA2008-01-12 14:06 . 2008-01-12 14:06	<DIR>	d--------	C:\Program Files\AGEIA Technologies2008-01-11 20:59 . 2008-02-07 09:14	<DIR>	d--------	C:\Documents and Settings\Wito\Dane aplikacji\skypePM2008-01-11 20:59 . 2008-01-11 20:59	32	--a------	C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat2008-01-11 20:58 . 2008-01-11 20:58	<DIR>	d--------	C:\Program Files\Skype2008-01-11 20:58 . 2008-01-11 20:58	<DIR>	d--------	C:\Program Files\Common Files\Skype2008-01-11 20:58 . 2008-02-07 11:50	<DIR>	d--------	C:\Documents and Settings\Wito\Dane aplikacji\Skype2008-01-11 20:58 . 2008-01-11 20:58	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Skype2008-01-11 12:49 . 2008-01-11 12:49	<DIR>	d--------	C:\Program Files\MegauploadToolbar2008-01-11 12:49 . 2008-02-07 11:14	<DIR>	d--------	C:\Documents and Settings\Wito\Dane aplikacji\MegauploadToolbar2008-01-10 19:24 . 2008-01-10 19:24	<DIR>	d--------	C:\Program Files\VirtualDubMod2008-01-09 22:04 . 2008-01-09 22:04	262,144	--a------	C:\WINDOWS\system32\wrap_oal.dll2008-01-09 22:04 . 2008-01-09 22:04	86,016	--a------	C:\WINDOWS\system32\OpenAL32.dll2008-01-09 22:00 . 2008-01-09 22:00	<DIR>	d--------	C:\Program Files\MainConcept.((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-02-05 07:33	---------	d-----w	C:\Program Files\DAEMON Tools Pro2008-02-01 19:11	---------	d-----w	C:\Documents and Settings\Wito\Dane aplikacji\Hamachi2008-01-25 17:01	---------	d-----w	C:\Program Files\Gadu-Gadu2008-01-16 07:44	---------	d-----w	C:\Program Files\Qtracker2008-01-16 07:42	---------	d-----w	C:\Program Files\Common Files\Wise Installation Wizard2008-01-12 15:18	---------	d-----w	C:\Program Files\AvRack2008-01-07 20:17	---------	d-----w	C:\Program Files\QuickTime Alternative2008-01-07 20:17	---------	d-----w	C:\Program Files\Media Player Classic2008-01-05 17:11	---------	d-----w	C:\Documents and Settings\All Users\Dane aplikacji\Adobe Systems2008-01-05 17:07	---------	d-----w	C:\Program Files\Common Files\Adobe2008-01-05 17:06	82,432	----a-w	C:\WINDOWS\system32\msxml4r.dll2008-01-05 17:06	1,233,920	----a-w	C:\WINDOWS\system32\msxml4.dll2008-01-05 17:06	---------	d-----w	C:\Program Files\Common Files\Adobe Systems Shared2008-01-04 18:41	---------	d-----w	C:\Program Files\Vplayer2008-01-03 20:26	---------	d--h--w	C:\Program Files\InstallShield Installation Information2008-01-03 20:26	---------	d-----w	C:\Program Files\Realtek Sound Manager2008-01-02 18:46	---------	d-----w	C:\Program Files\ZTekWare2008-01-02 18:07	---------	d-----w	C:\Program Files\DaemonTools_WhenUSave_Installer2008-01-02 18:07	---------	d-----w	C:\Program Files\DAEMON Tools2008-01-02 14:51	---------	d-----w	C:\Program Files\Windows Media Connect 22008-01-02 14:51	---------	d-----w	C:\Program Files\Real Alternative2007-12-31 18:27	---------	d-----w	C:\Program Files\BitSpirit2007-12-31 18:25	---------	d-----w	C:\Program Files\Xara2007-12-31 18:25	---------	d-----w	C:\Program Files\Common Files\Xara2007-12-31 13:15	---------	d-----w	C:\Documents and Settings\Wito\Dane aplikacji\Moje pliki Bitwy o ĹšrĂłdziemie™ II2007-12-31 10:27	---------	d-----w	C:\Program Files\XnView2007-12-31 10:27	---------	d-----w	C:\Documents and Settings\Wito\Dane aplikacji\XnView2007-12-29 21:06	---------	d-----w	C:\Program Files\K-Lite Codec Pack2007-12-29 13:21	---------	d-----w	C:\Documents and Settings\Wito\Dane aplikacji\BitSpirit2007-12-29 10:25	---------	d-----w	C:\Program Files\DIFX2007-12-28 12:51	---------	d-----w	C:\Program Files\Ahead2007-12-25 14:53	---------	d-----w	C:\Documents and Settings\Wito\Dane aplikacji\Hewlett-Packard2007-12-25 14:34	82,380	----a-w	C:\WINDOWS\system32\drivers\AFS2K.SYS2007-12-25 14:34	---------	d-----w	C:\Program Files\Hewlett-Packard2007-12-25 14:33	---------	d-----w	C:\Program Files\Common Files\Hewlett-Packard2007-12-24 13:55	---------	d-----w	C:\Program Files\The All-Seeing Eye2007-12-24 13:51	---------	d-----w	C:\Documents and Settings\Wito\Dane aplikacji\Qtracker2007-12-23 21:12	---------	d-----w	C:\Documents and Settings\Wito\Dane aplikacji\AdobeUM2007-12-23 15:58	278,984	----a-w	C:\WINDOWS\system32\drivers\atksgt.sys2007-12-23 15:58	25,416	----a-w	C:\WINDOWS\system32\drivers\lirsgt.sys2007-12-23 15:19	---------	d-----w	C:\Documents and Settings\Wito\Dane aplikacji\DAEMON Tools Pro2007-12-23 15:13	685,816	----a-w	C:\WINDOWS\system32\drivers\sptd.sys2007-12-22 20:45	---------	d-----w	C:\Documents and Settings\Wito\Dane aplikacji\Media Player Classic2007-12-22 20:37	---------	d-----w	C:\Program Files\AviSynth 2.52007-12-22 20:36	---------	d-----w	C:\Program Files\Light Alloy2007-12-22 18:03	---------	d-----w	C:\Documents and Settings\Wito\Dane aplikacji\Gadu-Gadu2007-12-22 14:13	25,280	----a-w	C:\WINDOWS\system32\drivers\hamachi.sys2007-12-22 14:13	---------	d-----w	C:\Program Files\Hamachi2007-12-22 13:18	7,770	--sh--r	C:\WINDOWS\system32\nulware.exe2007-12-22 13:12	---------	d-----w	C:\Program Files\MultiRes2007-12-22 13:11	737,280	----a-w	C:\WINDOWS\iun6002.exe2007-12-22 13:11	---------	d-----w	C:\Program Files\Nvidia Omega Drivers2007-12-22 13:09	---------	d-----w	C:\Program Files\Nero2007-12-22 13:09	---------	d-----w	C:\Program Files\Common Files\Ahead2007-12-22 13:05	---------	d-----w	C:\Program Files\Winamp2007-12-22 13:05	---------	d-----w	C:\Program Files\Smart Projects2007-12-22 12:55	---------	d-----w	C:\Program Files\eRightSoft2007-12-22 12:45	---------	d-----w	C:\Program Files\Java2007-12-22 12:44	---------	d-----w	C:\Program Files\Common Files\Java2007-12-22 12:42	---------	d-----w	C:\Program Files\Opera2007-12-22 12:41	---------	d-----w	C:\Program Files\DVD Decrypter2007-12-22 12:41	---------	d-----w	C:\Program Files\Alcohol Soft2007-12-22 07:56	---------	d-----w	C:\Program Files\Lavalys2007-12-22 07:44	---------	d-----w	C:\Program Files\Common Files\InstallShield2007-12-21 20:25	22,328	----a-w	C:\Documents and Settings\Wito\Dane aplikacji\PnkBstrK.sys2007-12-21 19:46	---------	d-----w	C:\Program Files\Alwil Software2007-12-21 19:28	558,142	----a-w	C:\WINDOWS\java\Packages\GBLVLBNP.ZIP2007-12-21 19:28	155,995	----a-w	C:\WINDOWS\java\Packages\4RF3HB7D.ZIP2007-12-21 19:28	---------	d-----w	C:\Program Files\microsoft frontpage2007-12-21 19:25	---------	d-----w	C:\Program Files\Usługi online2007-12-05 01:53	356,352	----a-w	C:\WINDOWS\system32\NVUNINST.EXE2007-12-05 00:41	81,920	----a-w	C:\WINDOWS\system32\nvwddi.dll2007-12-05 00:41	81,920	----a-w	C:\WINDOWS\system32\nvmctray.dll2007-12-05 00:41	8,523,776	----a-w	C:\WINDOWS\system32\nvcpl.dll2007-12-05 00:41	753,664	----a-w	C:\WINDOWS\system32\nvcplui.exe2007-12-05 00:41	6,901,760	----a-w	C:\WINDOWS\system32\nvoglnt.dll2007-12-05 00:41	6,549,504	----a-w	C:\WINDOWS\system32\nvdisps.dll2007-12-05 00:41	5,773,568	----a-w	C:\WINDOWS\system32\nv4_disp.dll2007-12-05 00:41	5,611,520	----a-w	C:\WINDOWS\system32\nvdispsr.dll2007-12-05 00:41	466,944	----a-w	C:\WINDOWS\system32\nvshell.dll2007-12-05 00:41	458,752	----a-w	C:\WINDOWS\system32\nvmccssr.dll2007-12-05 00:41	45,056	----a-w	C:\WINDOWS\system32\nvmccsrs.dll2007-12-05 00:41	442,368	----a-w	C:\WINDOWS\system32\nvappbar.exe2007-12-05 00:41	425,984	----a-w	C:\WINDOWS\system32\keystone.exe2007-12-05 00:41	385,024	----a-w	C:\WINDOWS\system32\nvapi.dll2007-12-05 00:41	356,352	----a-w	C:\WINDOWS\system32\nvudisp.exe2007-12-05 00:41	35,328	----a-w	C:\WINDOWS\system32\nvcodins.dll2007-12-05 00:41	35,328	----a-w	C:\WINDOWS\system32\nvcod.dll2007-12-05 00:41	335,872	----a-w	C:\WINDOWS\system32\nvwrses.dll2007-12-05 00:41	335,872	----a-w	C:\WINDOWS\system32\nvwrsel.dll2007-12-05 00:41	327,680	----a-w	C:\WINDOWS\system32\nvwrsfr.dll2007-12-05 00:41	327,680	----a-w	C:\WINDOWS\system32\nvwrsesm.dll2007-12-05 00:41	327,680	----a-w	C:\WINDOWS\system32\nvrshe.dll2007-12-05 00:41	327,680	----a-w	C:\WINDOWS\system32\nvrsar.dll2007-12-05 00:41	323,584	----a-w	C:\WINDOWS\system32\nvwrspt.dll2007-12-05 00:41	323,584	----a-w	C:\WINDOWS\system32\nvwrsit.dll2007-12-05 00:41	319,488	----a-w	C:\WINDOWS\system32\nvwrsptb.dll2007-12-05 00:41	319,488	----a-w	C:\WINDOWS\system32\nvwrsnl.dll2007-12-05 00:41	315,392	----a-w	C:\WINDOWS\system32\nvwrsru.dll2007-12-05 00:41	315,392	----a-w	C:\WINDOWS\system32\nvwrshu.dll2006-05-03 09:06	163,328	--sh--r	C:\WINDOWS\system32\flvDX.dll2007-02-21 10:47	31,232	--sh--r	C:\WINDOWS\system32\msfDX.dll.(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360]"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-04-19 16:43 2101248]"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-12-12 15:23 21686568]"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-02-02 14:34 171448]"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe" [2005-03-04 03:36 36975]"Nulware"="C:\WINDOWS\System32\nulware.exe" [2007-12-22 14:18 7770]"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 11:48 157592]"SoundMan"="SOUNDMAN.EXE" [2005-10-24 07:45 90112 C:\WINDOWS\soundman.exe][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:44 15360]C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-06 01:17:18 147456]hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 01:06:58 28672]Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360][HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\[u]0[/u]]Source= file:///C:\WINDOWS\privacy_danger\index.htmFriendlyName= Privacy Protection[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]"afxlspw"= {ACAA283B-802F-4E25-BDF4-52BC8DAA3915} - C:\WINDOWS\afxlspw.dll [2008-02-04 17:39 217088]R3 rtl8180;PLANET WL-8303 Wireless PCI Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\RTL8180.SYS [2004-02-04 06:17]S0 OCDE;ZTekWare Original CD Emulator Service;C:\WINDOWS\system32\Drivers\OCDE.sys []S3 autorun;autorun;c:\huadio.tmp [2008-01-03 21:26][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]\Shell\AutoRun\command - I:\Setup.exe.Contents of the 'Scheduled Tasks' folder"2008-01-26 14:53:02 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1198594363.job"- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I "2008-01-29 17:56:21 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1201629358.job"- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I .**************************************************************************catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-02-07 11:50:50Windows 5.1.2600 Dodatek Service Pack 2 NTFSscanning hidden processes ... scanning hidden autostart entries ...scanning hidden files ... scan completed successfully hidden files: 0 **************************************************************************.Completion time: 2008-02-07 11:51:16ComboFix-quarantined-files.txt  2008-02-07 10:51:02ComboFix2.txt  2008-02-05 21:31:28ComboFix3.txt  2008-02-05 14:50:02

Prosze o pomoc które syfy usunąć ewentualnie co jeszcze zrobić.

GoBi
komentarz
komentarz

Kasuj wpisy a pliki/foldery zaznaczone skasuj ręcznie z dysku, to wszystko rób w trybie awaryjnym i przy wylączonym przywracaniu systemu:

O4 - HKLM\..\Run: [Nulware] C:\WINDOWS\System32\nulware.exe

O21 - SSODL: afxlspw - {ACAA283B-802F-4E25-BDF4-52BC8DAA3915} - C:\WINDOWS\afxlspw.dll

O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

Po operacji wklej nowy log.

wito1
komentarz
komentarz

nowy log z hjthis

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:40:22, on 2008-02-07Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5730.0011)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\Program Files\Java\jre1.5.0_02\bin\jusched.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\DAEMON Tools\daemon.exeC:\WINDOWS\SOUNDMAN.EXEC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Gadu-Gadu\gg.exeC:\Program Files\Skype\Phone\Skype.exeC:\Program Files\Spybot - Search & Destroy\TeaTimer.exeC:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeC:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exeC:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exeC:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exeC:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exeC:\Program Files\Skype\Plugin Manager\skypePM.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Alwil Software\Avast4\ashMaiSv.exeC:\Program Files\Alwil Software\Avast4\ashWebSv.exeC:\WINDOWS\system32\wscntfy.exeC:\Program Files\Opera\Opera.exeC:\Documents and Settings\Wito\Pulpit\HijackThis.exeC:\WINDOWS\system32\wuauclt.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ŁączaO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLLO2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dllO3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLLO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dllO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exeO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXEO4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /trayO4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimizedO4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exeO4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exeO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: hp psc 1000 series.lnk = ?O4 - Global Startup: hpoddt01.exe.lnk = ?O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htmO8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htmO8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htmO8 - Extra context menu item: Pobierz z &BitSpirit - C:\Program Files\BitSpirit\bsurl.htmO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dllO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exeO23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe--End of file - 6862 bytes

Combofix

ComboFix 08-02.05.3 - Wito 2008-02-07 12:42:19.4 - NTFSx86Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.1568 [GMT 1:00]Running from: C:\Documents and Settings\Wito\Moje dokumenty\My Completed Downloads\ComboFix.exe[b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b].(((((((((((((((((((((((((((((((((((((((   Other Deletions   ))))))))))))))))))))))))))))))))))))))))))))))))).C:\Documents and Settings\All Users\Dane aplikacji\Microsoft\Network\Downloader\qmgr0.datC:\Documents and Settings\All Users\Dane aplikacji\Microsoft\Network\Downloader\qmgr1.dat----- BITS: Possible infected sites -----hxxp://softworldnetwork.com.(((((((((((((((((((((((((   Files Created from 2008-01-07 to 2008-02-07  ))))))))))))))))))))))))))))))).2008-02-07 12:28 . 2008-02-07 11:51	<DIR>	d--h-----	C:\Documents and Settings\Administrator\Ustawienia lokalne2008-02-07 12:28 . 2007-01-01 02:17	<DIR>	d--------	C:\Documents and Settings\Administrator\Ulubione2008-02-07 12:28 . 2007-12-21 20:25	<DIR>	d--h-----	C:\Documents and Settings\Administrator\Szablony2008-02-07 12:28 . 2007-01-01 02:17	<DIR>	d--------	C:\Documents and Settings\Administrator\Pulpit2008-02-07 12:28 . 2007-01-01 02:17	<DIR>	d--------	C:\Documents and Settings\Administrator\Moje dokumenty2008-02-07 12:28 . 2007-01-01 02:17	<DIR>	dr-------	C:\Documents and Settings\Administrator\Menu Start2008-02-07 12:28 . 2007-01-01 02:17	<DIR>	dr-h-----	C:\Documents and Settings\Administrator\Dane aplikacji2008-02-07 11:48 . 2004-08-04 00:44	395,776	--a------	C:\kmd.exe2008-02-06 10:47 . 2008-02-06 10:47	<DIR>	d--------	C:\Program Files\Spybot - Search & Destroy2008-02-06 10:47 . 2008-02-06 11:48	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy2008-02-05 15:52 . 2008-02-05 15:52	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\nView_Profiles2008-02-05 14:09 . 2008-02-05 14:09	<DIR>	d--h-----	C:\WINDOWS\system32\GroupPolicy2008-02-05 14:02 . 2008-02-05 14:02	54,156	--ah-----	C:\WINDOWS\QTFont.qfn2008-02-05 14:02 . 2008-02-05 14:02	1,409	--a------	C:\WINDOWS\QTFont.for2008-02-04 23:51 . 2008-02-04 17:39	98,304	--a------	C:\WINDOWS\frplprg.exe2008-02-02 14:34 . 2008-02-07 09:14	<DIR>	d-a------	C:\Documents and Settings\All Users\Dane aplikacji\TEMP2008-02-02 14:33 . 2008-02-02 14:34	<DIR>	d--------	C:\Program Files\Google2008-02-02 14:33 . 2008-02-02 14:36	<DIR>	d--------	C:\Program Files\DAP2008-02-02 14:33 . 2008-02-02 14:33	479,298	--a------	C:\WINDOWS\system32\wbocx.ocx2008-02-02 14:33 . 2008-02-02 14:33	172,032	--a------	C:\WINDOWS\system32\AniGIF.ocx2008-02-02 14:33 . 2008-02-02 14:33	50,688	--a------	C:\WINDOWS\system32\wbhelp2.dll2008-02-01 22:23 . 2008-02-01 22:23	<DIR>	d--------	C:\Program Files\Common Files\Blizzard Entertainment2008-01-27 19:28 . 2008-01-27 19:28	<DIR>	d--------	C:\WINDOWS\system32\XPSViewer2008-01-27 19:28 . 2008-01-27 19:28	<DIR>	d--------	C:\Program Files\Reference Assemblies2008-01-27 19:28 . 2008-01-27 19:28	<DIR>	d--------	C:\Program Files\MSBuild2008-01-27 19:27 . 2006-06-29 13:07	14,048	---------	C:\WINDOWS\system32\spmsg2.dll2008-01-27 19:25 . 2008-01-27 19:25	<DIR>	d--------	C:\Program Files\MSXML 6.02008-01-27 18:22 . 2008-01-27 18:23	<DIR>	d--------	C:\Program Files\MoorHunt2008-01-24 17:29 . 2008-01-25 18:03	<DIR>	d--------	C:\Documents and Settings\Wito\dwhelper2008-01-24 13:46 . 2004-08-04 00:44	159,232	--a------	C:\WINDOWS\system32\ptpusd.dll2008-01-24 13:46 . 2001-10-26 17:29	5,632	--a------	C:\WINDOWS\system32\ptpusb.dll2008-01-20 21:26 . 2008-01-29 18:36	<DIR>	d--------	C:\WINDOWS\avs2008-01-18 18:02 . 2008-01-18 18:11	<DIR>	d--------	C:\Program Files\aws2008-01-17 21:58 . 2008-01-18 17:48	<DIR>	d--------	C:\Program Files\Mayoko2008-01-16 09:33 . 2007-11-14 16:46	7,677,746	--a------	C:\WINDOWS\system\xlive.dll2008-01-12 16:19 . 2008-01-12 16:19	<DIR>	d--------	C:\WINDOWS\system32\Lang2008-01-12 16:19 . 2008-01-12 16:19	940,794	--a------	C:\WINDOWS\system32\LoopyMusic.wav2008-01-12 16:19 . 2008-01-12 16:19	146,650	--a------	C:\WINDOWS\system32\BuzzingBee.wav2008-01-12 16:19 . 2008-01-19 22:13	60,416	--a------	C:\WINDOWS\ALCFDRTM.VER2008-01-12 16:19 . 2008-01-12 16:19	60,416	--a------	C:\WINDOWS\ALCFDRTM.EXE2008-01-12 16:18 . 2008-01-12 16:18	<DIR>	d--------	C:\Program Files\Realtek AC972008-01-12 16:18 . 2005-07-15 09:48	40,960	-r-------	C:\WINDOWS\system32\ChCfg.exe2008-01-12 14:14 . 2008-01-12 14:14	<DIR>	d--------	C:\Documents and Settings\Wito\Dane aplikacji\InstallShield Installation Information2008-01-12 14:06 . 2008-01-12 14:06	<DIR>	d--------	C:\WINDOWS\system32\AGEIA2008-01-12 14:06 . 2008-01-12 14:06	<DIR>	d--------	C:\Program Files\AGEIA Technologies2008-01-11 20:59 . 2008-02-07 09:14	<DIR>	d--------	C:\Documents and Settings\Wito\Dane aplikacji\skypePM2008-01-11 20:59 . 2008-01-11 20:59	32	--a------	C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat2008-01-11 20:58 . 2008-01-11 20:58	<DIR>	d--------	C:\Program Files\Skype2008-01-11 20:58 . 2008-01-11 20:58	<DIR>	d--------	C:\Program Files\Common Files\Skype2008-01-11 20:58 . 2008-02-07 12:38	<DIR>	d--------	C:\Documents and Settings\Wito\Dane aplikacji\Skype2008-01-11 20:58 . 2008-01-11 20:58	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Skype2008-01-11 12:49 . 2008-01-11 12:49	<DIR>	d--------	C:\Program Files\MegauploadToolbar2008-01-11 12:49 . 2008-02-07 11:14	<DIR>	d--------	C:\Documents and Settings\Wito\Dane aplikacji\MegauploadToolbar2008-01-10 19:24 . 2008-01-10 19:24	<DIR>	d--------	C:\Program Files\VirtualDubMod2008-01-09 22:04 . 2008-01-09 22:04	262,144	--a------	C:\WINDOWS\system32\wrap_oal.dll2008-01-09 22:04 . 2008-01-09 22:04	86,016	--a------	C:\WINDOWS\system32\OpenAL32.dll2008-01-09 22:00 . 2008-01-09 22:00	<DIR>	d--------	C:\Program Files\MainConcept.((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-02-05 07:33	---------	d-----w	C:\Program Files\DAEMON Tools Pro2008-02-01 19:11	---------	d-----w	C:\Documents and Settings\Wito\Dane aplikacji\Hamachi2008-01-25 17:01	---------	d-----w	C:\Program Files\Gadu-Gadu2008-01-16 07:44	---------	d-----w	C:\Program Files\Qtracker2008-01-16 07:42	---------	d-----w	C:\Program Files\Common Files\Wise Installation Wizard2008-01-12 15:18	---------	d-----w	C:\Program Files\AvRack2008-01-07 20:17	---------	d-----w	C:\Program Files\QuickTime Alternative2008-01-07 20:17	---------	d-----w	C:\Program Files\Media Player Classic2008-01-05 17:11	---------	d-----w	C:\Documents and Settings\All Users\Dane aplikacji\Adobe Systems2008-01-05 17:07	---------	d-----w	C:\Program Files\Common Files\Adobe2008-01-05 17:06	82,432	----a-w	C:\WINDOWS\system32\msxml4r.dll2008-01-05 17:06	1,233,920	----a-w	C:\WINDOWS\system32\msxml4.dll2008-01-05 17:06	---------	d-----w	C:\Program Files\Common Files\Adobe Systems Shared2008-01-04 18:41	---------	d-----w	C:\Program Files\Vplayer2008-01-03 20:26	---------	d--h--w	C:\Program Files\InstallShield Installation Information2008-01-03 20:26	---------	d-----w	C:\Program Files\Realtek Sound Manager2008-01-02 18:46	---------	d-----w	C:\Program Files\ZTekWare2008-01-02 18:07	---------	d-----w	C:\Program Files\DaemonTools_WhenUSave_Installer2008-01-02 18:07	---------	d-----w	C:\Program Files\DAEMON Tools2008-01-02 14:51	---------	d-----w	C:\Program Files\Windows Media Connect 22008-01-02 14:51	---------	d-----w	C:\Program Files\Real Alternative2007-12-31 18:27	---------	d-----w	C:\Program Files\BitSpirit2007-12-31 18:25	---------	d-----w	C:\Program Files\Xara2007-12-31 18:25	---------	d-----w	C:\Program Files\Common Files\Xara2007-12-31 13:15	---------	d-----w	C:\Documents and Settings\Wito\Dane aplikacji\Moje pliki Bitwy o ĹšrĂłdziemie™ II2007-12-31 10:27	---------	d-----w	C:\Program Files\XnView2007-12-31 10:27	---------	d-----w	C:\Documents and Settings\Wito\Dane aplikacji\XnView2007-12-29 21:06	---------	d-----w	C:\Program Files\K-Lite Codec Pack2007-12-29 13:21	---------	d-----w	C:\Documents and Settings\Wito\Dane aplikacji\BitSpirit2007-12-29 10:25	---------	d-----w	C:\Program Files\DIFX2007-12-28 12:51	---------	d-----w	C:\Program Files\Ahead2007-12-25 14:53	---------	d-----w	C:\Documents and Settings\Wito\Dane aplikacji\Hewlett-Packard2007-12-25 14:34	82,380	----a-w	C:\WINDOWS\system32\drivers\AFS2K.SYS2007-12-25 14:34	---------	d-----w	C:\Program Files\Hewlett-Packard2007-12-25 14:33	---------	d-----w	C:\Program Files\Common Files\Hewlett-Packard2007-12-24 13:55	---------	d-----w	C:\Program Files\The All-Seeing Eye2007-12-24 13:51	---------	d-----w	C:\Documents and Settings\Wito\Dane aplikacji\Qtracker2007-12-23 21:12	---------	d-----w	C:\Documents and Settings\Wito\Dane aplikacji\AdobeUM2007-12-23 15:58	278,984	----a-w	C:\WINDOWS\system32\drivers\atksgt.sys2007-12-23 15:58	25,416	----a-w	C:\WINDOWS\system32\drivers\lirsgt.sys2007-12-23 15:19	---------	d-----w	C:\Documents and Settings\Wito\Dane aplikacji\DAEMON Tools Pro2007-12-23 15:13	685,816	----a-w	C:\WINDOWS\system32\drivers\sptd.sys2007-12-22 20:45	---------	d-----w	C:\Documents and Settings\Wito\Dane aplikacji\Media Player Classic2007-12-22 20:37	---------	d-----w	C:\Program Files\AviSynth 2.52007-12-22 20:36	---------	d-----w	C:\Program Files\Light Alloy2007-12-22 18:03	---------	d-----w	C:\Documents and Settings\Wito\Dane aplikacji\Gadu-Gadu2007-12-22 14:13	25,280	----a-w	C:\WINDOWS\system32\drivers\hamachi.sys2007-12-22 14:13	---------	d-----w	C:\Program Files\Hamachi2007-12-22 13:18	7,770	--sh--r	C:\WINDOWS\system32\nulware.exe2007-12-22 13:12	---------	d-----w	C:\Program Files\MultiRes2007-12-22 13:11	737,280	----a-w	C:\WINDOWS\iun6002.exe2007-12-22 13:11	---------	d-----w	C:\Program Files\Nvidia Omega Drivers2007-12-22 13:09	---------	d-----w	C:\Program Files\Nero2007-12-22 13:09	---------	d-----w	C:\Program Files\Common Files\Ahead2007-12-22 13:05	---------	d-----w	C:\Program Files\Winamp2007-12-22 13:05	---------	d-----w	C:\Program Files\Smart Projects2007-12-22 12:55	---------	d-----w	C:\Program Files\eRightSoft2007-12-22 12:45	---------	d-----w	C:\Program Files\Java2007-12-22 12:44	---------	d-----w	C:\Program Files\Common Files\Java2007-12-22 12:42	---------	d-----w	C:\Program Files\Opera2007-12-22 12:41	---------	d-----w	C:\Program Files\DVD Decrypter2007-12-22 12:41	---------	d-----w	C:\Program Files\Alcohol Soft2007-12-22 07:56	---------	d-----w	C:\Program Files\Lavalys2007-12-22 07:44	---------	d-----w	C:\Program Files\Common Files\InstallShield2007-12-21 20:25	22,328	----a-w	C:\Documents and Settings\Wito\Dane aplikacji\PnkBstrK.sys2007-12-21 19:46	---------	d-----w	C:\Program Files\Alwil Software2007-12-21 19:28	558,142	----a-w	C:\WINDOWS\java\Packages\GBLVLBNP.ZIP2007-12-21 19:28	155,995	----a-w	C:\WINDOWS\java\Packages\4RF3HB7D.ZIP2007-12-21 19:28	---------	d-----w	C:\Program Files\microsoft frontpage2007-12-21 19:25	---------	d-----w	C:\Program Files\Usługi online2007-12-05 01:53	356,352	----a-w	C:\WINDOWS\system32\NVUNINST.EXE2007-12-05 00:41	81,920	----a-w	C:\WINDOWS\system32\nvwddi.dll2007-12-05 00:41	81,920	----a-w	C:\WINDOWS\system32\nvmctray.dll2007-12-05 00:41	8,523,776	----a-w	C:\WINDOWS\system32\nvcpl.dll2007-12-05 00:41	753,664	----a-w	C:\WINDOWS\system32\nvcplui.exe2007-12-05 00:41	6,901,760	----a-w	C:\WINDOWS\system32\nvoglnt.dll2007-12-05 00:41	6,549,504	----a-w	C:\WINDOWS\system32\nvdisps.dll2007-12-05 00:41	5,773,568	----a-w	C:\WINDOWS\system32\nv4_disp.dll2007-12-05 00:41	5,611,520	----a-w	C:\WINDOWS\system32\nvdispsr.dll2007-12-05 00:41	466,944	----a-w	C:\WINDOWS\system32\nvshell.dll2007-12-05 00:41	458,752	----a-w	C:\WINDOWS\system32\nvmccssr.dll2007-12-05 00:41	45,056	----a-w	C:\WINDOWS\system32\nvmccsrs.dll2007-12-05 00:41	442,368	----a-w	C:\WINDOWS\system32\nvappbar.exe2007-12-05 00:41	425,984	----a-w	C:\WINDOWS\system32\keystone.exe2007-12-05 00:41	385,024	----a-w	C:\WINDOWS\system32\nvapi.dll2007-12-05 00:41	356,352	----a-w	C:\WINDOWS\system32\nvudisp.exe2007-12-05 00:41	35,328	----a-w	C:\WINDOWS\system32\nvcodins.dll2007-12-05 00:41	35,328	----a-w	C:\WINDOWS\system32\nvcod.dll2007-12-05 00:41	335,872	----a-w	C:\WINDOWS\system32\nvwrses.dll2007-12-05 00:41	335,872	----a-w	C:\WINDOWS\system32\nvwrsel.dll2007-12-05 00:41	327,680	----a-w	C:\WINDOWS\system32\nvwrsfr.dll2007-12-05 00:41	327,680	----a-w	C:\WINDOWS\system32\nvwrsesm.dll2007-12-05 00:41	327,680	----a-w	C:\WINDOWS\system32\nvrshe.dll2007-12-05 00:41	327,680	----a-w	C:\WINDOWS\system32\nvrsar.dll2007-12-05 00:41	323,584	----a-w	C:\WINDOWS\system32\nvwrspt.dll2007-12-05 00:41	323,584	----a-w	C:\WINDOWS\system32\nvwrsit.dll2007-12-05 00:41	319,488	----a-w	C:\WINDOWS\system32\nvwrsptb.dll2007-12-05 00:41	319,488	----a-w	C:\WINDOWS\system32\nvwrsnl.dll2007-12-05 00:41	315,392	----a-w	C:\WINDOWS\system32\nvwrsru.dll2007-12-05 00:41	315,392	----a-w	C:\WINDOWS\system32\nvwrshu.dll2006-05-03 09:06	163,328	--sh--r	C:\WINDOWS\system32\flvDX.dll2007-02-21 10:47	31,232	--sh--r	C:\WINDOWS\system32\msfDX.dll.(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360]"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-04-19 16:43 2101248]"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-12-12 15:23 21686568]"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-02-02 14:34 171448]"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe" [2005-03-04 03:36 36975]"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 11:48 157592]"SoundMan"="SOUNDMAN.EXE" [2005-10-24 07:45 90112 C:\WINDOWS\soundman.exe][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:44 15360]C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-06 01:17:18 147456]hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 01:06:58 28672]Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360]R3 rtl8180;PLANET WL-8303 Wireless PCI Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\RTL8180.SYS [2004-02-04 06:17]S0 OCDE;ZTekWare Original CD Emulator Service;C:\WINDOWS\system32\Drivers\OCDE.sys []S3 autorun;autorun;c:\huadio.tmp [2008-01-03 21:26][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]\Shell\AutoRun\command - I:\Setup.exe.Contents of the 'Scheduled Tasks' folder"2008-01-26 14:53:02 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1198594363.job"- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I "2008-01-29 17:56:21 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1201629358.job"- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I .**************************************************************************catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-02-07 12:44:18Windows 5.1.2600 Dodatek Service Pack 2 NTFSscanning hidden processes ... scanning hidden autostart entries ...scanning hidden files ... scan completed successfully hidden files: 0 **************************************************************************.Completion time: 2008-02-07 12:44:38ComboFix-quarantined-files.txt  2008-02-07 11:44:31ComboFix2.txt  2008-02-07 10:51:17ComboFix3.txt  2008-02-05 21:31:28ComboFix4.txt  2008-02-05 14:50:02
GoBi
komentarz
komentarz

Teraz już jest ok. :)

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.