Kamyl utworzono 14 czerwca 2008 utworzono 14 czerwca 2008 Proszę o sprawdzenie loga z Hijack. Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\RunDLL32.exeC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exeC:\Program Files\CyberLink\PowerDVD\PDVDServ.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\WINDOWS\RTHDCPL.EXEC:\Program Files\Gadu-Gadu\gg.exeF:\UberIcon\UberIcon Manager.exeC:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exeC:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exeF:\DAEMON Tools Lite\daemon.exeC:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\WINDOWS\system32\RaConfig.exeC:\Program Files\OpenOffice.ux.pl 2.0.2\program\soffice.exeC:\Program Files\OpenOffice.ux.pl 2.0.2\program\soffice.BINC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\System32\svchost.exeD:\Program Files\Alcohol 52\StarWind\StarWindServiceAE.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exeC:\Program Files\Alwil Software\Avast4\ashMaiSv.exeC:\Program Files\Alwil Software\Avast4\ashWebSv.exeC:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exeC:\Program Files\Winamp\winamp.exeC:\Documents and Settings\K@mil\Pulpit\HiJackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1048306R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ŁączaR3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dllR3 - URLSearchHook: Foxit Toolbar - {73c7d5b0-7b03-444a-84c7-ce1ba03b5573} - C:\Program Files\Foxit\tbFoxi.dllO2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLLO2 - BHO: Foxit Toolbar - {73c7d5b0-7b03-444a-84c7-ce1ba03b5573} - C:\Program Files\Foxit\tbFoxi.dllO2 - BHO: HP Smart Web Printing 1.0 - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - C:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dllO2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dllO3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dllO3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLLO3 - Toolbar: Foxit Toolbar - {73c7d5b0-7b03-444a-84c7-ce1ba03b5573} - C:\Program Files\Foxit\tbFoxi.dllO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [sW20] C:\WINDOWS\system32\sw20.exeO4 - HKLM\..\Run: [sW24] C:\WINDOWS\system32\sw24.exeO4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [Ashampoo FireWall] "C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe" -TRAYO4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exeO4 - HKLM\..\Run: [bootSkin Startup Jobs] "D:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobsO4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exeO4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXEO4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXEO4 - HKLM\..\Run: [bearShare] "C:\Program Files\BearShare\BearShare.exe" /pauseO4 - HKLM\..\Run: [amd_dc_opt] "C:\Program Files\AMD\amd_dc_opt\amd_dc_opt.exe"O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /trayO4 - HKCU\..\Run: [Dzieńdobry!] C:\Program Files\VSD Software\Dzieńdobry!\dziendobry.exe /autoO4 - HKCU\..\Run: [uberIcon] "F:\UberIcon\UberIcon Manager.exe"O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hiddenO4 - HKCU\..\Run: [DAEMON Tools Lite] "F:\DAEMON Tools Lite\daemon.exe" -autorunO4 - HKCU\..\Run: [AlcoholAutomount] "D:\Program Files\Alcohol 52\axcmd.exe" /automountO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [eMuleAutoStart] F:\eMule\emule.exe -AutoStartO4 - HKCU\..\Run: [spyEmergency] "F:\Spy Emergency 2008\SpyEmergency.exe"O4 - HKCU\..\Run: [AQQ] C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exeO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Startup: OpenOffice.ux.pl 2.0.2.lnk = C:\Program Files\OpenOffice.ux.pl 2.0.2\program\quickstart.exeO4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeO4 - Global Startup: RaConfig.lnk = C:\WINDOWS\system32\RaConfig.exeO8 - Extra context menu item: Analizuj za pomocą LeechGet - file://C:\Program Files\LeechGet 2007\\Parser.htmlO8 - Extra context menu item: Pobierz używając kreatora LeechGet - file://C:\Program Files\LeechGet 2007\\Wizard.htmlO8 - Extra context menu item: Pobierz używając LeechGet - file://C:\Program Files\LeechGet 2007\\AddUrl.htmlO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO17 - HKLM\System\CCS\Services\Tcpip\..\{BE9B4D1F-0CCC-4512-B5B9-DC21CFB7575E}: NameServer = 194.204.152.1,194.204.159.1O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exeO23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exeO23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exeO23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: Spy Emergency Engine Service (SpyEmrgSrv) - NETGATE Technologies s.r.o. - F:\Spy Emergency 2008\SpyEmergencySrv.exeO23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - D:\Program Files\Alcohol 52\StarWind\StarWindServiceAE.exe //logi wstawiamy w tagi code a nie quote! //vocativus
Mateusz J. komentarz 14 czerwca 2008 komentarz 14 czerwca 2008 O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLLO2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dllO3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dllO3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL Fix. Foldery do usunięcia: C:\Program Files\MyGlobalSearch C:\Program Files\free-downloads.net Poproszę o loga z ComboFix.
Kamyl komentarz 14 czerwca 2008 Autor komentarz 14 czerwca 2008 [b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b].((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).C:\Program Files\myglobalsearchC:\Program Files\myglobalsearch\bar\1.bin\M9FFXTBR.JARC:\Program Files\myglobalsearch\bar\1.bin\M9FFXTBR.MANIFESTC:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.JARC:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.MANIFESTC:\Program Files\myglobalsearch\bar\1.bin\M9PLUGIN.DLLC:\Program Files\myglobalsearch\bar\1.bin\MGSBAR.DLLC:\Program Files\myglobalsearch\bar\1.bin\NPMYGLSH.DLLC:\Program Files\myglobalsearch\bar\Cache\[u]0[/u]001FE21C:\Program Files\myglobalsearch\bar\Cache\[u]0[/u]005C829.binC:\Program Files\myglobalsearch\bar\Cache\[u]0[/u]005CB94.binC:\Program Files\myglobalsearch\bar\Cache\[u]0[/u]005CCBD.binC:\Program Files\myglobalsearch\bar\Cache\files.iniC:\Program Files\myglobalsearch\bar\History\searchC:\Program Files\myglobalsearch\bar\Settings\prevcfg.htmC:\WINDOWS\system32\winsys.exe.((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))).-------\Legacy_NPF-------\Service_NPF((((((((((((((((((((((((( Files Created from 2008-05-14 to 2008-06-14 ))))))))))))))))))))))))))))))).2008-06-14 14:52 . 2008-06-14 14:52 <DIR> d-------- C:\Program Files\IconTweaker2008-06-14 14:14 . 2008-06-14 14:52 <DIR> d-------- C:\Documents and Settings\K@mil\Dane aplikacji\IconTweaker2008-06-14 14:14 . 2008-06-14 14:52 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\IconTweaker2008-06-14 11:57 . 2008-06-14 11:57 <DIR> d-------- C:\toolbar2008-06-14 11:57 . 2008-06-14 11:57 <DIR> d-------- C:\rssnews2008-06-14 11:57 . 2008-06-14 11:57 <DIR> d-------- C:\radio2008-06-14 11:50 . 2008-06-14 11:57 <DIR> d-------- C:\Documents and Settings\K@mil\pitbull2008-06-14 11:43 . 2006-05-11 13:13 <DIR> d-------- C:\Documents and Settings\K@mil\xboxorange2008-06-11 09:53 . 2008-04-14 17:53 273,024 --------- C:\WINDOWS\system32\drivers\bthport.sys2008-06-11 09:53 . 2008-04-14 17:53 273,024 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys2008-06-08 09:23 . 2008-06-08 09:23 <DIR> d-------- C:\Documents and Settings\K@mil\Logs2008-06-06 17:55 . 2008-06-06 18:07 <DIR> d-------- C:\Documents and Settings\K@mil\Dane aplikacji\Ashampoo Photo Commander 52008-06-06 17:55 . 2008-06-06 17:55 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\ashampoo2008-06-04 21:18 . 2008-06-09 16:50 144,449 --a------ C:\sound.lst2008-06-04 21:12 . 2008-06-04 21:18 <DIR> d-------- C:\Program Files\New York Race2008-06-04 21:06 . 2008-06-04 21:06 <DIR> d-------- C:\Program Files\BeachSoccer2008-06-04 21:03 . 2008-06-04 21:03 <DIR> d-------- C:\Program Files\3DO2008-06-04 13:45 . 2008-06-04 13:45 <DIR> d-------- C:\Program Files\Foxit Software2008-06-04 13:45 . 2008-06-04 13:45 <DIR> d-------- C:\Program Files\Foxit2008-06-04 13:40 . 2008-06-14 19:06 <DIR> d-------- C:\Documents and Settings\K@mil\Dane aplikacji\Spy Emergency2008-06-04 13:40 . 2008-06-04 13:40 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\NETGATE2008-06-04 13:40 . 2008-03-01 17:09 23,096 --a------ C:\WINDOWS\system32\sremcon.exe2008-06-04 13:40 . 2008-02-05 12:10 14,392 --a------ C:\WINDOWS\system32\drivers\spyemrg_guard.sys2008-06-04 13:40 . 2008-02-05 12:10 12,344 --a------ C:\WINDOWS\system32\drivers\spyemrg.sys2008-06-03 21:03 . 2008-06-03 21:03 <DIR> d-------- C:\spoolerlogs2008-06-03 20:51 . 2008-06-03 20:51 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\HPSSUPPLY2008-06-03 20:36 . 2008-06-03 20:37 155,769 --------- C:\WINDOWS\hpoins12.dat.temp2008-06-03 20:36 . 2007-01-22 18:05 1,470 --------- C:\WINDOWS\hpomdl12.dat.temp2008-06-02 15:12 . 2008-06-03 13:51 <DIR> d-------- C:\Documents and Settings\K@mil\WoWPlanet-MaNGOS Pack-Rev 1.02008-05-31 23:22 . 2008-05-31 23:22 <DIR> d-------- C:\Logs2008-05-31 20:23 . 2008-05-31 20:23 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment2008-05-31 15:03 . 2008-06-03 19:34 <DIR> d-------- C:\Program Files\PopTray2008-05-31 13:50 . 2008-05-31 13:50 <DIR> d-------- C:\Program Files\The Return of the King2008-05-31 13:48 . 2008-06-04 13:38 <DIR> d-------- C:\Program Files\ToonCar2008-05-31 13:45 . 2008-05-31 13:45 <DIR> d-------- C:\Program Files\Nebula Entertainment2008-05-27 10:10 . 2008-05-27 10:13 <DIR> d-------- C:\Program Files\SmartBarXP BETA4.42008-05-25 12:34 . 2008-05-25 12:34 <DIR> d-------- C:\Program Files\TouchStoneSoftware2008-05-23 17:38 . 2008-05-23 17:38 <DIR> d-------- C:\Program Files\AMD2008-05-23 17:37 . 2008-05-23 17:37 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard2008-05-23 17:37 . 2006-06-27 14:24 31,744 --a------ C:\WINDOWS\system32\drivers\AmdTools.sys2008-05-23 13:41 . 2008-06-04 20:03 151 --a------ C:\WINDOWS\PhotoSnapViewer.INI2008-05-23 09:50 . 2008-05-23 09:50 <DIR> d-------- C:\Program Files\OneStepSearch2008-05-23 09:48 . 2008-05-23 09:48 124,688 --a------ C:\WINDOWS\system32\mswinsck.ocx2008-05-23 09:48 . 2008-05-23 09:48 111,104 --a------ C:\WINDOWS\system32\uha.exe2008-05-20 12:01 . 2008-06-14 14:07 <DIR> d-------- C:\Program Files\Space Strike2008-05-19 21:24 . 2008-05-19 21:24 4,096 --a------ C:\WINDOWS\d3dx.dat2008-05-19 14:46 . 2008-05-27 12:50 <DIR> d-------- C:\Program Files\Gothic II2008-05-17 16:01 . 2008-05-17 16:01 <DIR> d-------- C:\Program Files\LeechGet 20072008-05-17 15:28 . 2008-05-21 14:38 <DIR> d-------- C:\Program Files\BearShare2008-05-17 11:47 . 2008-05-17 11:47 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\phenomedia2008-05-15 18:32 . 2005-05-03 12:43 69,632 -r------- C:\WINDOWS\Alcmtr.exe2008-05-14 19:08 . 2008-05-14 19:08 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\NVIDIA2008-05-14 13:02 . 2008-05-14 13:02 <DIR> d-------- C:\WINDOWS\UbiSoft2008-05-14 10:13 . 2008-05-14 10:13 754 --a------ C:\WINDOWS\WORDPAD.INI.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-06-14 17:06 --------- d-----w C:\Documents and Settings\K@mil\Dane aplikacji\OpenOffice.ux.pl22008-06-14 16:12 --------- d-----w C:\Program Files\SwitchSniffer2008-06-07 09:01 2,829 ----a-w C:\WINDOWS\War3Unin.pif2008-06-07 09:01 139,264 ----a-w C:\WINDOWS\War3Unin.exe2008-06-04 19:12 --------- d--h--w C:\Program Files\InstallShield Installation Information2008-06-04 11:23 --------- d-----w C:\Program Files\Valve2008-06-03 18:51 --------- d-----w C:\Program Files\HP2008-05-27 10:59 --------- d-----w C:\Documents and Settings\K@mil\Dane aplikacji\DAEMON Tools2008-05-18 19:08 --------- d-----w C:\Program Files\The Dark Legions2008-05-15 16:32 --------- d-----w C:\Program Files\Realtek2008-05-14 12:10 --------- d-----w C:\Program Files\Wiedźmin2008-05-13 14:04 --------- d-----w C:\Program Files\Conduit2008-05-13 13:47 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys2008-05-13 13:19 --------- d-----w C:\Documents and Settings\K@mil\Dane aplikacji\Ahead2008-05-13 13:19 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\LightScribe2008-05-13 13:16 --------- d-----w C:\Program Files\Common Files\LightScribe2008-05-13 13:16 --------- d-----w C:\Program Files\Common Files\Ahead2008-05-13 13:13 --------- d-----w C:\Program Files\Nero2008-05-13 13:13 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Nero2008-05-13 10:46 --------- d-----w C:\Documents and Settings\K@mil\Dane aplikacji\HP2008-05-13 10:43 278,984 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys2008-05-13 10:43 25,416 ----a-w C:\WINDOWS\system32\drivers\lirsgt.sys2008-05-12 10:11 --------- d-----w C:\Program Files\Warcraft III2008-05-11 15:31 --------- d-----w C:\Program Files\Gadu-Gadu2008-05-11 15:20 --------- d-----w C:\Program Files\MSXML 4.02008-05-11 14:51 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\MumboJumbo2008-05-11 14:49 --------- d-----w C:\Program Files\ReflexiveArcade2008-05-11 14:44 --------- d-----w C:\Program Files\Warlords II2008-05-11 13:39 46,327 ----a-w C:\WINDOWS\BricoPackUninst.cmd2008-05-11 13:39 2,514 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd2008-05-11 12:24 163,712 ----a-w C:\WINDOWS\system32\drivers\vidstub.sys2008-05-11 12:11 --------- d-----w C:\Program Files\Common Files\Stardock2008-05-11 11:01 --------- d-----w C:\Program Files\VSD Software2008-05-11 09:14 --------- d-----w C:\Program Files\OpenOffice.ux.pl 2.0.22008-05-11 09:09 --------- d-----w C:\Program Files\Common Files\HP2008-05-11 09:09 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\WEBREG2008-05-11 09:08 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\HP2008-05-11 09:06 --------- d-----w C:\Program Files\Hewlett-Packard2008-05-11 09:06 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard2008-05-11 09:05 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Hewlett-Packard2008-05-10 18:16 --------- d-----w C:\Documents and Settings\K@mil\Dane aplikacji\Media Player Classic2008-05-10 18:15 --------- d-----w C:\Program Files\K-Lite Codec Pack2008-05-10 17:52 --------- d-----w C:\Program Files\MarBit2008-05-10 17:34 --------- d-----w C:\Documents and Settings\K@mil\Dane aplikacji\CyberLink2008-05-10 17:32 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\CyberLink2008-05-10 17:31 --------- d-----w C:\Program Files\CyberLink2008-05-10 17:31 --------- d-----w C:\Program Files\Common Files\InstallShield2008-05-10 17:23 --------- d-----w C:\Documents and Settings\K@mil\Dane aplikacji\ENet2008-05-10 17:23 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\E-Net2008-05-10 17:09 --------- d-----w C:\Documents and Settings\K@mil\Dane aplikacji\Sahmon Games2008-05-10 16:08 --------- d-----w C:\Program Files\E-Net2008-05-10 14:54 --------- d-----w C:\Program Files\Ashampoo2008-05-10 14:43 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared2008-05-10 14:43 --------- d-----w C:\Program Files\Common Files\Adobe2008-05-10 14:43 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Adobe Systems2008-05-10 12:32 --------- d-----w C:\Documents and Settings\K@mil\Dane aplikacji\Winamp2008-05-10 12:21 410 ----a-w C:\Documents and Settings\K@mil\Mac.dat2008-05-10 12:18 --------- d-----w C:\Program Files\Winamp2008-05-10 11:20 --------- d-----w C:\Program Files\Alwil Software2008-05-10 08:28 --------- d-----w C:\Documents and Settings\K@mil\Dane aplikacji\Gadu-Gadu2008-05-10 07:13 --------- d-----w C:\Program Files\RALINK2008-05-10 07:07 0 ----a-w C:\WINDOWS\system32\drivers\SET53.tmp2008-05-10 06:55 --------- d-----w C:\Program Files\microsoft frontpage2008-05-10 06:54 --------- d-----w C:\Program Files\Usługi online2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{73c7d5b0-7b03-444a-84c7-ce1ba03b5573}]2008-04-09 13:03 1524248 --a------ C:\Program Files\Foxit\tbFoxi.dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]"{73C7D5B0-7B03-444A-84C7-CE1BA03B5573}"= "C:\Program Files\Foxit\tbFoxi.dll" [2008-04-09 13:03 1524248][HKEY_CLASSES_ROOT\clsid\{73c7d5b0-7b03-444a-84c7-ce1ba03b5573}][HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]"{73C7D5B0-7B03-444A-84C7-CE1BA03B5573}"= C:\Program Files\Foxit\tbFoxi.dll [2008-04-09 13:03 1524248][HKEY_CLASSES_ROOT\clsid\{73c7d5b0-7b03-444a-84c7-ce1ba03b5573}][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2008-03-20 12:04 2127296]"Dzieńdobry!"="C:\Program Files\VSD Software\Dzieńdobry!\dziendobry.exe" [ ]"UberIcon"="F:\UberIcon\UberIcon Manager.exe" [2007-08-17 19:10 159744]"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-04 10:39 149040]"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-04-19 13:26 484904]"DAEMON Tools Lite"="F:\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856]"AlcoholAutomount"="D:\Program Files\Alcohol 52\axcmd.exe" [2008-03-20 18:39 216520]"LeechGet"="" []"eMuleAutoStart"="F:\eMule\emule.exe" [ ]"SpyEmergency"="F:\Spy Emergency 2008\SpyEmergency.exe" [2008-03-31 11:13 2071096]"AQQ"="C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe" [ ][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-01 11:22 7618560]"nwiz"="nwiz.exe" [2006-06-01 11:22 1519616 C:\WINDOWS\system32\nwiz.exe]"SW20"="C:\WINDOWS\system32\sw20.exe" [2006-05-18 03:15 208896]"SW24"="C:\WINDOWS\system32\sw24.exe" [2006-05-17 04:37 69632]"NvMediaCenter"="NvMCTray.dll" [2006-06-01 11:22 86016 C:\WINDOWS\system32\nvmctray.dll]"Ashampoo FireWall"="C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe" [2007-04-05 14:57 3251800]"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 03:01 32768]"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 21:52 49152]"BootSkin Startup Jobs"="D:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" [2004-04-26 16:21 270336]"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-05-04 10:59 161328]"RTHDCPL"="RTHDCPL.EXE" [2006-04-04 11:44 16120832 C:\WINDOWS\RTHDCPL.exe]"BearShare"="C:\Program Files\BearShare\BearShare.exe" [ ]"amd_dc_opt"="C:\Program Files\AMD\amd_dc_opt\amd_dc_opt.exe" [2006-06-28 15:42 106496][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 14:00 15360]C:\Documents and Settings\K@mil\Menu Start\Programy\Autostart\Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]OpenOffice.ux.pl 2.0.2.lnk - C:\Program Files\OpenOffice.ux.pl 2.0.2\program\quickstart.exe [2006-03-20 16:22:50 61440]C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 21:40:10 210520]RaConfig.lnk - C:\WINDOWS\system32\RaConfig.exe [2008-05-10 09:13:25 397312][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"VIDC.YV12"= yv12vfw.dll[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="C:\\Program Files\\Valve\\hl.exe"="C:\\Documents and Settings\\K@mil\\Dane aplikacji\\ENet\\Apache\\Apache.exe"="E:\\Warcraft III\\ftinst.tmp\\Warcraft III.exe"="E:\\World of Warcraft\\Repair.exe"="C:\\Documents and Settings\\K@mil\\WoWPlanet-MaNGOS Pack-Rev 1.0\\diskw\\usr\\local\\Apache2\\bin\\Apache.exe"="C:\\Documents and Settings\\K@mil\\WoWPlanet-MaNGOS Pack-Rev 1.0\\diskw\\usr\\local\\mysql\\bin\\mysqld-nt.exe"="C:\\Documents and Settings\\K@mil\\WoWPlanet-MaNGOS Pack-Rev 1.0\\realmd.exe"="C:\\Documents and Settings\\K@mil\\WoWPlanet-MaNGOS Pack-Rev 1.0\\mangosd.exe"="C:\\Program Files\\New York Race\\NYR.exe"="F:\\Warcraft III\\Warcraft III.exe"="C:\\Program Files\\Gadu-Gadu\\gg.exe"=R0 m5288;m5288;C:\WINDOWS\system32\DRIVERS\m5288.sys [2005-12-23 22:54]R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]R1 SpyEmrg;Spy Emergency Driver;C:\WINDOWS\system32\Drivers\spyemrg.sys [2008-02-05 12:10]R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]R3 AmdTools;AMD Special Tools Driver;C:\WINDOWS\system32\DRIVERS\AmdTools.sys [2006-06-27 14:24]R3 RT2400;RT2400 Wireless Driver;C:\WINDOWS\system32\DRIVERS\RT2400.sys [2004-03-01 18:31]R3 SpyEmrgGuard;Spy Emergency Real-Time Shield Driver;C:\WINDOWS\system32\Drivers\spyemrg_guard.sys [2008-02-05 12:10]R3 ULI5261XP;ULi M526X Ethernet NT Driver;C:\WINDOWS\system32\DRIVERS\ULILAN51.SYS [2005-03-22 14:36]S3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe".Contents of the 'Scheduled Tasks' folder"2008-06-14 14:32:09 C:\WINDOWS\Tasks\WebReg Deskjet F2100 series.job"- C:\Program Files\HP\Digital Imaging\bin\hpqwrg.exe.**************************************************************************catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-06-14 19:06:45Windows 5.1.2600 Dodatek Service Pack 2 NTFSscanning hidden processes ... scanning hidden autostart entries ...scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASFWHide]"ImagePath"="\??\C:\DOCUME~1\K@mil\USTAWI~1\Temp\ASFWHide".--------------------- DLLs Loaded Under Running Processes ---------------------PROCESS: C:\WINDOWS\system32\lsass.exe-> C:\Program Files\Ashampoo\Ashampoo FireWall\spi.dll.------------------------ Other Running Processes ------------------------.C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\WINDOWS\system32\nvsvc32.exeF:\Spy Emergency 2008\SpyEmergencySrv.exeD:\Program Files\Alcohol 52\StarWind\StarWindServiceAE.exeC:\WINDOWS\system32\wdfmgr.exeC:\Program Files\Alwil Software\Avast4\ashMaiSv.exeC:\Program Files\Alwil Software\Avast4\ashWebSv.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exeC:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exeC:\Program Files\OpenOffice.ux.pl 2.0.2\program\soffice.exeC:\Program Files\OpenOffice.ux.pl 2.0.2\program\soffice.binC:\Program Files\HP\Digital Imaging\bin\hpqste08.exe.**************************************************************************.Completion time: 2008-06-14 19:08:23 - machine was rebooted [K@mil]ComboFix-quarantined-files.txt 2008-06-14 17:08:20Pre-Run: 34,694,017,024 bajtów wolnychPost-Run: 35,074,514,944 bajt˘w wolnych276 --- E O F --- 2008-06-11 10:05:34 //logi wstawiamy w tagi code a nie quote! //vocativus
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.